Below I’ve curated cyber security news from the world-wide-web – the lefthand column is from “The Hacker News” website and on the right is news from “Security Week”. Both are top cyber security news sites. In the very least this shows that threats are daily and they are very real.
Hacker News
- GitHub, Telegram Bots, and QR Codes Abused in New...by info@thehackernews.com (The Hacker News) on October 11, 2024 at 5:13 pm
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In this campaign, […]
- How Hybrid Password Attacks Work and How to...by info@thehackernews.com (The Hacker News) on October 11, 2024 at 11:00 am
Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, […]
- CISA Warns of Threat Actors Exploiting F5 BIG-IP...by info@thehackernews.com (The Hacker News) on October 11, 2024 at 8:34 am
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to […]
- New Critical GitLab Vulnerability Could Allow...by info@thehackernews.com (The Hacker News) on October 11, 2024 at 6:29 am
GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the […]
- Bohemia and Cannabia Dark Web Markets Taken Down...by info@thehackernews.com (The Hacker News) on October 11, 2024 at 6:01 am
The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, […]
- OpenAI Blocks 20 Global Malicious Campaigns Using...by info@thehackernews.com (The Hacker News) on October 10, 2024 at 1:27 pm
OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for […]
- Experts Warn of Critical Unpatched Vulnerability...by info@thehackernews.com (The Hacker News) on October 10, 2024 at 12:10 pm
Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum […]
- 6 Simple Steps to Eliminate SOC Analyst Burnoutby info@thehackernews.com (The Hacker News) on October 10, 2024 at 11:00 am
The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and […]
- Cybercriminals Use Unicode to Hide Mongolian...by info@thehackernews.com (The Hacker News) on October 10, 2024 at 7:18 am
Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented […]
- CISA Warns of Critical Fortinet Flaw as Palo Alto...by info@thehackernews.com (The Hacker News) on October 10, 2024 at 5:44 am
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), […]
Security Week
- Zero-Day Breach at Rackspace Sparks Vendor Blame...by Ryan Naraine on October 2, 2024 at 5:29 pm
A breach at Rackspace exposes the fragility of the software supply chain, triggering a blame game among vendors over an exploited zero-day. The post Zero-Day Breach at Rackspace Sparks Vendor Blame Game appeared first on SecurityWeek.
- MITRE Adds Mitigations to EMB3D Threat Modelby Ionut Arghire on October 2, 2024 at 1:01 pm
MITRE has expanded the EMB3D Threat Model with essential mitigations to help organizations address threats to embedded devices. The post MITRE Adds Mitigations to EMB3D Threat Model appeared first on SecurityWeek.
- US, Allies Release Guidance on Securing OT...by Ionut Arghire on October 2, 2024 at 12:47 pm
New guidance provides information on how to create and maintain a secure operational technology (OT) environment. The post US, Allies Release Guidance on Securing OT Environments appeared first on SecurityWeek.
- Cryptocurrency Wallets Targeted via Python...by Ionut Arghire on October 2, 2024 at 12:17 pm
Multiple Python packages referencing dependencies containing cryptocurrency-stealing code were published to PyPI. The post Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI appeared first on SecurityWeek.
- Harmonic Raises $17.5M to Defend Against AI Data...by Ryan Naraine on October 2, 2024 at 12:00 pm
Harmonic has raised a total of $26 million to develop a new approach to data protection using pre-trained, specialized language models. The post Harmonic Raises $17.5M to Defend Against AI Data Harvesting appeared first on SecurityWeek.
- Record-Breaking DDoS Attack Peaked at 3.8 Tbps,...by Eduard Kovacs on October 2, 2024 at 11:27 am
Cloudflare recently mitigated another record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion Pps. The post Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps appeared first on SecurityWeek.
- After Code Execution, Researchers Show How CUPS...by Eduard Kovacs on October 2, 2024 at 10:37 am
Over 58,000 internet-exposed CUPS hosts can be abused for significant DDoS attacks, according to Akamai. The post After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks appeared first on SecurityWeek.
- Critical Zimbra Vulnerability Exploited One Day...by Ionut Arghire on October 2, 2024 at 8:48 am
A critical-severity vulnerability in Zimbra has been exploited in the wild to deploy a web shell on vulnerable servers. The post Critical Zimbra Vulnerability Exploited One Day After PoC Release appeared first on SecurityWeek.
- T-Mobile to Pay Millions to Settle With FCC Over...by Ionut Arghire on October 1, 2024 at 3:11 pm
T-Mobile has agreed to invest $15.75 million in cybersecurity and pay $15.75 million to settle an FCC investigation into four data breaches. The post T-Mobile to Pay Millions to Settle With FCC Over Data Breaches appeared first on SecurityWeek.
- More LockBit Hackers Arrested, Unmasked as Law...by Eduard Kovacs on October 1, 2024 at 3:06 pm
Previously seized LockBit websites have been used to announce more arrests, charges and infrastructure disruptions. The post More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers appeared first on SecurityWeek.
WordPress News
- Forking is Beautifulby Matt Mullenweg on October 10, 2024 at 9:00 pm
The right to fork the software is at the heart of open source. WordPress itself started as a fork of the b2/cafelog project. WordPress was one of several forks from b2, which included b2++ (which eventually became WordPress Multisite) and some like b2evolution which still continue today. The last […]
- Please Welcome Mary Hubbardby Matt Mullenweg on October 8, 2024 at 7:26 pm
We’re proud to announce that Mary Hubbard (@4thhubbard) has resigned as the Head of TikTok Americas, Governance and Experience, and will be starting as the next Executive Director of WordPress.org on October 21st! Mary previously worked at Automattic from 2020 to 2023, and was the Chief Product […]
- WordPress 6.7 Beta 2by David Baumwald on October 8, 2024 at 12:44 am
WordPress 6.7 Beta 2 is now ready for testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 2 on a test server and site. You […]
- WPGraphQL is Canonicalby Matt Mullenweg on October 7, 2024 at 6:44 pm
Happy to announce that WP GraphQL is becoming canonical on WordPress.org. I could say more, but I’ll let Jason tell his story.
- WordPress 6.7 Beta 1by David Baumwald on October 1, 2024 at 4:41 am
WordPress 6.7 Beta 1 is now ready for download and testing! This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 1 on a test server and […]
- WP Engine Reprieveby Matt Mullenweg on September 27, 2024 at 9:03 pm
I’ve heard from WP Engine customers that they are frustrated that WP Engine hasn’t been able to make updates, plugin directory, theme directory, and Openverse work on their sites. It saddens me that they’ve been negatively impacted by Silver Lake‘s commercial decisions. On WP Engine’s […]
- WP Engine is banned from WordPress.orgby Matt Mullenweg on September 25, 2024 at 10:50 pm
Pending their legal claims and litigation against WordPress.org, WP Engine no longer has free access to WordPress.org's resources.
- WP Engine is not WordPressby Matt Mullenweg on September 21, 2024 at 11:57 pm
It has to be said and repeated: WP Engine is not WordPress. My own mother was confused and thought WP Engine was an official thing. Their branding, marketing, advertising, and entire promise to customers is that they’re giving you WordPress, but they’re not. And they’re profiting off of the […]
- PDX + WCUS 2024: A Recapby Dan Soschin on September 21, 2024 at 7:10 am
WordCamp US (WCUS), North America's largest WordPress event, hosted over 1,500 attendees from around the world at the Oregon Convention Center in Portland, from September 17 to 20.
- WP Briefing: Episode 86: My First WordPress...by Brett McSherry on September 16, 2024 at 12:00 pm
Join us this week as Josepha takes a personal journey down memory lane to her first encounters with WordPress. In this episode, she shares the story of her very first WordPress website, the excitement of getting involved with WordCamps, and how those early discoveries shaped her rewarding path in […]