A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.

Tens of thousands of fuel storage tanks in critical infrastructure facilities remain vulnerable to zero-day attacks due to buggy Automatic Tank Gauge systems from multiple vendors, say infosec researchers.

Automatic Tank Gauges (ATGs) are used to monitor fuel levels in storage tanks and ensure that the tanks don't leak. The ten CVEs disclosed today were found in products from several different vendors: Dover Fueling Solutions (DFS), OPW Fuel Management Systems (owned by DFS), Franklin Fueling Systems, and OMNTEC.

The National Institute of Standards and Technology (NIST), the federal body that sets technology standards for governmental agencies, standards organizations, and private companies, has proposed barring some of the most vexing and nonsensical password requirements. Chief among them: mandatory resets, required or restricted use of certain characters, and the use of security questions.

China-linked threat actors compromised some U.S. internet service providers as part of a cyber espionage campaign code-named Salt Typhoon.

The state-sponsored hackers aimed at gathering intelligence from the targets or carrying out disruptive cyberattacks.

The Wall Street Journal reported that experts are investigating into the security breached to determine if the attackers gained access to Cisco Systems routers, which are core network components of the ISP infrastructures.

Many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email.

Insikt Group’s analysis of Rhadamanthys Stealer v0.7.0 reveals its growing capabilities, including AI-powered seed phrase extraction and MSI installer evasion tactics.

Emails, documents, and other untrusted content can plant malicious memories.

Google said it has been contacted by several major U.S. companies recently who discovered that they unknowingly hired North Koreans using fake identities for remote IT roles.

McAfee Labs recently observed an infection chain where fake CAPTCHA pages are being leveraged to distribute malware, specifically Lumma Stealer. We are observing a campaign targeting multiple countries. Below is a map showing the geolocation of devices accessing fake CAPTCHA URLs, highlighting the global distribution of the attack.

CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks.

Kryptina's adoption by Mallox affiliates complicates malware tracking as ransomware operators blend different codebases into new variants.

• Kryptina evolved from a free tool on public forums to being actively used in enterprise attacks, particularly under the Mallox ransomware family.
• In May 2024, a Mallox affiliate leaked staging server data, revealing that their Linux ransomware was based on a modified version of Kryptina.
• The affiliate made superficial changes to source code and documentation, stripping Kryptina branding but retaining core functionality.
• The adoption of Kryptina by Mallox affiliates exemplifies the commoditization of ransomware tools, complicating malware tracking as affiliates blend different codebases into new variants.
• This original research was presented by the author at LABScon 2024 in Scottsdale, Arizona.

The U.S. intelligence community on Monday said Russia is responsible for recent videos shared on social media that sought to denigrate Vice President Kamala Harris, including one that tried to implicate her in a hit-and-run accident.

Spy agencies also assess that Russian influence actors were responsible for altering videos of the vice president's speeches — behavior consistent with Moscow’s broader efforts to boost former President Donald Trump’s candidacy and disparage Harris and the Democratic Party, an official with the Office of the Director of National Intelligence said during a press briefing.

North Korea's IT workforce presents a persistent and escalating cyber threat.

Back in May, I started tracking Handala, a hacktivist branded group expressing pro-Palestine views:

In an update to its privacy policy, Telegram says it will now share IP addresses and phone numbers to authorities in response to valid orders. The change is a dramatic switch for the social network app, which has become a hotbed for criminals.

Legitimate emails with bad practices and an insecure website add insult to injury.

The hacking group's X account shared videos comparing Xi Jinping to an emperor and others commemorating the 1989 Tiananmen Square demonstrations.

Microsoft has officially announced that Windows Server Update Services (WSUS) is now deprecated, but plans to maintain current functionality and continue publishing updates through the channel.

Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret'

German authorities sent a loud and clear message to criminal users of the exchanges: We found their servers and have your data — see you soon.