HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution.
"In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations," cybersecurity firm Rapid7 disclosed in a

https://thehackernews.com/2023/11/hellok...iting.html

FIRST Announces CVSS 4.0 - New Vulnerability Scoring System

The Forum of Incident Response and Security Teams (FIRST) has officially announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard, more than eight years after the release of CVSS v3.0 in June 2015.
"This latest version of CVSS 4.0 seeks to provide the highest fidelity of vulnerability assessment for both industry and the public," FIRST said in a statement.

https://thehackernews.com/2023/11/first-...0-new.html

Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover

As many as 34 unique vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems.
"By exploiting the drivers, an attacker without privilege may erase/alter firmware, and/or elevate [operating system] privileges," Takahiro Haruyama, a

https://thehackernews.com/2023/11/resear...ivers.html

Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign

The Iranian nation-state actor known as MuddyWater has been linked to a new spear-phishing campaign targeting two Israeli entities to ultimately deploy a legitimate remote administration tool from N-able called Advanced Monitoring Agent.
Cybersecurity firm Deep Instinct, which disclosed details of the attacks, said the campaign "exhibits updated TTPs to previously reported MuddyWater activity,"

https://thehackernews.com/2023/11/irans-...n-new.html

SaaS Security is Now Accessible and Affordable to All

This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique “freemium” model
Securing employees' SaaS usage is becoming increasingly crucial for most cloud-based organizations. While numerous tools are available to address this need, they often employ different approaches and technologies, leading to unnecessary confusion and complexity. Enter

https://thehackernews.com/2023/11/saas-s...e-and.html

Ford Performance Debuts New Mustang For 2024 NASCAR Cup Series

Ford Performance has today unveiled the new Mustang for the 2024 NASCAR Cup Series based on the Mustang Dark Horse®.


https://media.ford.com/content/fordmedia...ries-.html

Dr. Frunkenstein: F-150 Lightning Transformed Into ‘Monster Truck’ for Halloween

Product Design Director Ryan McManus is stepping things up this year with his new F-150 Lightning.


https://media.ford.com/content/fordmedia...truck.html

[b]HELP******* need this looked at 15' whipple 5.0 gen2 tune.[/b]

2015 GT,
built built motor, pistons rods, cams part number# 243-000-90lI and 243-000-90lE, imrc delete, vvt delete, cnc ported heads, twin pumps,...


https://forum.hptuners.com/showthread.php?106611-HELP*******-need-this-looked-at-15-whipple-5-0-gen2-tune&goto=newpost

US Leads 40-Country Alliance to Cut Off Ransomware Payments

The parties within the International Counter Ransomware Initiative intend to use information-sharing tools and AI to achieve their goals of cutting off the financial resources of threat actors.

https://www.darkreading.com/endpoint/us-...k-payments

Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks

The wider availability of turnkey cyberattack kits in the criminal underground is leading to a glut of campaigns using remote access Trojans (RATs).








https://www.darkreading.com/endpoint/mal...at-attacks