🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
18 Dec8220 Hacker Group Attacking Windows & Linux Web ServersThe 8220 hacker group, which was first identified in 2017 by Cisco Talos, is exploiting both Windows and Linux web servers with crypto-jacking malware. One of their recent activities involved the exploitation of Oracle WebLogic vulnerability (CVE-2017-3506) and Log4Shell (CVE-202…GBHACKERS.COM
18 Dec3CX Asks Customers to Disable SQL Database Integrations to Stop hack Attacks3CX, a VoIP communications firm, has advised customers to disable SQL Database integrations due to the risks posed by a potential vulnerability. A SQL Injection vulnerability in 3CX CRM Integration has been identified as CVE-2023-49954. An attacker can manipulate an applicat…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 20[−]
18 DecWebinar | Zero-Day Threats Defeated: Learn How Palo Alto Networks Software Firewalls Achieve 99.1% Security Effectiveness in the CloudDATABREACHTODAY.CO.UK
18 DecSurviving the cyber arms race in the age of generative AIThe swift emergence of generative AI has already tipped the scales in cybersecurity, prompting action from governments, with a sweeping executive order (EO) issued in October by US President Joe Biden. The Executive Order on the Safe, Secure, and Trustworthy Development and Use o…CSOONLINE.COM
18 DecCISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber ThreatsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging manufacturers to get rid of default passwords on internet-exposed systems altogether, citing severe risks that could be exploited by malicious actors to gain initial access to, and move laterally…THEHACKERNEWS.COM
18 DecHow ABM Industries leveraged facial recognition to securely authenticate workersSeasoned CISOs understand that supporting business objectives securely and effectively is a top priority — a close second is to do so without frustrating users. That was the case when Stephanie Franklin-Thomas was asked to enable a shifting host of more than 100,000 frontline cle…CSOONLINE.COM
18 Dec3CX Urges Customers to Disable Integration Due to Potential Vulnerability3CX tells customers to temporarily disable SQL Database integration to mitigate a potential vulnerability. The post 3CX Urges Customers to Disable Integration Due to Potential Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
18 DecQakBot Malware Resurfaces with New Tactics, Targeting the Hospitality IndustryA new wave of phishing messages distributing the QakBot malware has been observed, more than three months after a law enforcement effort saw its infrastructure dismantled by infiltrating its command-and-control (C2) network. Microsoft, which made the discovery, describe…THEHACKERNEWS.COM
18 DecHunters International Ransomware Gang Claims to Have Hacked the Fred Hutch Cancer CenterPatients have received email threats, stating that their personal information has been compromised. The center has taken impacted systems offline, notified law enforcement, and launched an investigation.SECURITYAFFAIRS.COM
18 DecCloudflare report: Log4j remains top target for attacks in 2023Log4j remained a top attack vector for threat actors in 2023, while a new vulnerability, HTTP/2 Rapid Reset is emerging as a significant threat to organizations, according to Cloudflare’s annual “Year in Review” report. The report is based on data from Cloudflare’s network, which…CSOONLINE.COM
18 Dec2024 US NDAA boosts nuclear cybersecurity, highlights artificial intelligenceBy a 310-118 vote, the US House of Representatives passed the $886 billion National Defense Authorization Act for Fiscal Year 2024 (NDAA), which passed the Senate one day later. The annual must-pass legislation for US military funding is now headed to President Biden for his sign…CSOONLINE.COM
18 DecNY Engineer Pleads Guilty to Stealing Millions From Two Crypto ExchangesA former security engineer has pleaded guilty to hacking two decentralized cryptocurrency exchanges, resulting in the theft of over $12 million. The hacker exploited vulnerabilities in the smart contracts of the exchanges.THERECORD.MEDIA
18 DecInfectedSlurs Botnet Targets QNAP VioStor NVR VulnerabilityDefault admin credentials and outdated, unsupported networked systems are being exploited as routes for botnet infections, highlighting the importance of updating and securing legacy systems.SECURITYAFFAIRS.COM
18 DecWebinar | Zero-Day Threats Defeated: Learn How Palo Alto Networks Software Firewalls Achieve 99.1% Security Effectiveness in the CloudDATABREACHTODAY.CO.UK
18 DecBeware: Experts Reveal New Details on Zero-Click Outlook RCE ExploitsTechnical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans any user interaction. "An attacker on the internet can chain the vulnerabilities toge…THEHACKERNEWS.COM
18 Dec10 essential insights from the Microsoft Digital Defense Report 2023Each year, Microsoft releases the Microsoft Digital Defense Report--a comprehensive examination of the global threat landscape and the biggest trends in cybersecurity. Cyberthreats continue to grow in sophistication, speed, and scale, compromising an ever-growing pool of services…CSOONLINE.COM
18 DecVans and North Face owner VF Corp hit by ransomware attackAmerican global apparel and footwear giant VF Corporation, the owner of brands like Supreme, Vans, Timberland, and The North Face, has disclosed a security incident that caused operational disruptions. [...]BLEEPINGCOMPUTER.COM
18 DecMicrosoft discovers critical RCE flaw in Perforce Helix Core ServerFour vulnerabilities, one of which is rated critical, have been discovered in the Perforce Helix Core Server, a source code management platform widely used by the gaming, government, military, and technology sectors. [...]BLEEPINGCOMPUTER.COM
18 DecMr. Cooper Hacking Incident Affects Data of 14.7 MillionData Stolen From Mortgage Lender Includes Bank Account Numbers A late October hacking incident at mortgage lender Mr. Cooper affected 14.7 million individuals, the Texas company disclosed Friday. The incident triggered a four-day shutdown of corporate systems and a suspension in …DATABREACHTODAY.CO.UK
18 DecUS Regulators Warn of AI Risk to Financial SystemsFinancial Stability Oversight Council Expects AI Use to Increase U.S. regulators for the first time detailed the risks artificial intelligence poses to the financial system and classified the technology as an "emerging vulnerability." The Financial Stability Oversight Council in …DATABREACHTODAY.CO.UK
18 DecXfinity discloses data breach after recent Citrix server hackComcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems. [...]BLEEPINGCOMPUTER.COM
18 DecXfinity discloses data breach affecting over 35 million peopleComcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems. [...]BLEEPINGCOMPUTER.COM
📋 SECURITY BULLETINS 1[−]
18 DecDecember's Windows 11 KB5033375 update breaks Wi-Fi connectivityThe KB5033375 cumulative update released during the December 2023 Patch Tuesday causes Wi-Fi connectivity issues on some Windows 11 devices. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 11[−]
18 DecAs the SEC’s new data breach disclosure rules take effect, here’s what you need to knowStarting from today, December 18, publicly-owned companies operating in the U.S. must comply with a new set of rules requiring them to disclose “material” cyber incidents within 96 hours. The regulation represents a significant shake-up for organizations, many of which have argue…TECHCRUNCH.COM
18 DecCISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security GuidanceThe US cybersecurity agency CISA issues cybersecurity recommendations for the healthcare and public health sector. The post CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance appeared first on SecurityWeek .SECURITYWEEK.COM
18 DecFBI, CISA, and ASD’s ACSC Release Advisory on Play RansomwareToday, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Play Ransomware , to d…CISA.GOV
18 DecCISA Urges Manufacturers to Eliminate Default Passwords After Recent ICS AttacksCISA is advising device makers to stop relying on customers to change default passwords following attacks targeting water sector ICS. The post CISA Urges Manufacturers to Eliminate Default Passwords After Recent ICS Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
18 DecUnique Malware Used in Cyber Attacks Increases by 70% in Just One QuarterAs more cybercriminal gangs continue to enter the game, the massive increase in unique types of malware means it will become increasingly difficult to identify and stop attacks.KNOWBE4.COM
18 DecEnabling Threat-Informed Cybersecurity: Evolving CISA’s Approach to Cyber Threat Information SharingCISA.GOV
18 DecHealthcare Cybersecurity Proposal Stirs Industry OppositionWhat Should the US Government Do to Impove Medical Cybersecurity? Lobbyists for U.S. hospitals oppose a Biden administration proposal for mandatory cybersecurity requirements and possible financial disincentives for organizations that fail to meet those expectations. Industry exp…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 22[−]
18 DecNKAbuse Malware Attacking Linux Desktops & Use Corn Job for PersistenceThreat actors target Linux systems due to their prevalence in server environments, and cron jobs offer a discreet means of maintaining unauthorized access over an extended period. Kaspersky experts discovered “NKAbuse,” a versatile malware using NKN tech for peer data…GBHACKERS.COM
18 DecEmployee Files Compromised After Ransomware Attack on Campbell County School DistrictThe Campbell County School District announced Thursday that it was recently the target of a ransomware incident that allowed an unauthorized person to gain access to employee files.WLWT.COM
18 DecNewfound School District Still Working to Recover Data After CyberattackNewfound Area School District in Bristol, New Hampshire, is recovering from a recent cyber breach that was described as a ransomware attack. The attack locked users out of the system, but no financial demand was made.LACONIADAILYSUN.COM
18 DecFour Apprehended by Indian Authorities in ICMR Data Breach Impacting 800 Million PeopleThe suspects not only leaked data from the ICMR, but also claimed to have pilfered information from the FBI and Pakistan's CNIC, highlighting the extent of their illegal activities.THECYBEREXPRESS.COM
18 DecCyber Security Today, Dec. 18, 2023 - Customer contact info stolen from MongoDB, more stringent American cyber attack reporting rules start today, and moreThis episode reports on the new SEC cyber attack rules that come into effect today, guidance from the NSA on creating a software bill of rights, and moreCYBERSECURITYTODAY.LIBSYN.COM
18 DecChina's MIIT Introduces Color-Coded Action Plan for Data Security IncidentsThe new rules require affected companies to assess the severity of the incident and report it immediately to the local industry supervision department without omitting or concealing any facts.THEHACKERNEWS.COM
18 DecFortifying Cyber Defenses: A Proactive Approach to Ransomware ResilienceInvesting in cutting-edge cybersecurity tools not only enhances defensive capabilities but also stimulates innovation and fosters public-private partnerships to strengthen the nation's cyber defenses.HELPNETSECURITY.COM
18 DecSEC Shares Important Clarifications as New Cyber Incident Disclosure Rules Come Into EffectThe SEC has provided some important clarifications on its new cyber incident disclosure requirements, which come into effect on December 18. The post SEC Shares Important Clarifications as New Cyber Incident Disclosure Rules Come Into Effect appeared first on SecurityWeek .SECURITYWEEK.COM
18 DecDelta Dental of California Discloses Data Breach Impacting 6.9 Million PeopleDelta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack. The post Delta Dental of California Discloses Data Breach Impacting 6.9 Million People appeared first on SecurityWeek .SECURITYWEEK.COM
18 DecMongoDB Investigates Data Breach Impacting Customer Account InformationThe breach was detected on December 13, and the company is currently investigating the incident. MongoDB believes that customer data stored in their Atlas platform was not accessed, but customer account metadata and contact information were exposed.INFOSECURITY-MAGAZINE.COM
18 DecMortgage giant Mr. Cooper data breach affects 14.7 million peopleMr. Cooper is sending notices of a data breach to customers who were impacted by a cyberattack the firm suffered in November 2023. [...]BLEEPINGCOMPUTER.COM
18 DecMongoDB investigating security incident that exposed data about customer accountsDatabase management giant MongoDB says it’s investigating a security incident that has resulted in the exposure of some information about customers. The New York-based MongoDB helps more than 46,000 companies, including Adobe, eBay, Verizon, and the U.K.’s Department for Wo…TECHCRUNCH.COM
18 DecSalvador Technologies Raises $6 Million for ICS/OT Attack Recovery SolutionSalvador Technologies has raised $6 million for its operational continuity and cyberattack recovery platform for ICS and OT. The post Salvador Technologies Raises $6 Million for ICS/OT Attack Recovery Solution appeared first on SecurityWeek .SECURITYWEEK.COM
18 DecFormer IT manager pleads guilty to attacking high school networkConor LaHiff, a former IT manager for a New Jersey public high school, has admitted to committing a cyberattack against his former employer following the termination of his employment in June 2023. [...]BLEEPINGCOMPUTER.COM
18 DecALPHV Second Most Prominent Ransomware Strain Before Reported DowntimeALPHV was the second-most leveraged ransomware strain in North America and Europe between January 2022 and October 2023, just before the reported takedown of the group’s website, according to ZeroFox research.INFOSECURITY-MAGAZINE.COM
18 DecVF Corp Disrupted by Cyberattack, Online Operations ImpactedVF Corporation (NYSE: VFC), which owns and operates some of the biggest apparel and footwear brands, has been hit by a ransomware attack that included the theft of sensitive corporate and personal data. The post VF Corp Disrupted by Cyberattack, Online Operations Impacted appeare…SECURITYWEEK.COM
18 DecFBI: Play ransomware breached 300 victims, including critical orgsThe Federal Bureau of Investigation (FBI) says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, some of them critical infrastructure entities. [...]BLEEPINGCOMPUTER.COM
18 DecWhy extortion is the new ransomware threatCybercriminals are becoming more aggressive in their effort to maximize disruption and compel the payment of ransom demands, and now there’s a new extortion tactic in play. In early November, the notorious ALPHV ransomware gang, also known as BlackCat, attempted a first-of-…TECHCRUNCH.COM
18 DecVans, Supreme owner VF Corp. says personal data stolen and orders impacted in suspected ransomware attackVF Corporation, the U.S.-based owner of apparel brands including Vans, Supreme, and The North Face, has confirmed a cyberattack has impacted the company’s ability to fulfill orders ahead of Christmas, one of the biggest retail events of the year. The Denver, Colorado-based …TECHCRUNCH.COM
18 DecIran Hit by Major Cyberattack Targeting Nation's Fuel SupplyCyber Group Dubbed Predatory Sparrow Takes Responsibility for Widespread Attack A group known as Predatory Sparrow claimed responsibility for a Monday cyberattack that shut down a majority of gas stations across Iran as officials blamed the attack on foreign powers. The group has…DATABREACHTODAY.CO.UK
18 DecA Suspected Cyberattack Paralyzes the Majority of Gas Stations Across IranNearly 70% of Iran’s nearly 33,000 gas stations went out of service on Monday following possible cyberattacks, Iranian state TV reported. The post A Suspected Cyberattack Paralyzes the Majority of Gas Stations Across Iran appeared first on SecurityWeek .SECURITYWEEK.COM
🕵️ THREAT INTELLIGENCE 16[−]
18 DecISC Stormcast For Monday, December 18th, 2023 https://isc.sans.edu/podcastdetail/8782, (Mon, Dec 18th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
18 DecMY TAKE: How decentralizing IoT could help save the planet — by driving decarbonizationThe Internet of Things ( IoT ) is on the threshold of ascending to become the Internet of Everything ( IoE .) Related: Why tech standards matter IoT is transitioning from an array of devices that we can control across … (more…)LASTWATCHDOG.COM
18 DecMalvertising Campaign by UNC2975 Found Distributing BackdoorsA threat actor known as UNC2975 has been using malicious advertisements to distribute malware since 2021. They create fake websites related to topics like unclaimed money and astrology to trick users into visiting them.MANDIANT.COM
18 DecGoogle Chrome’s New Tracking Protection Limits Website TrackingGoodbye, third-party cookies. Hello, Tracking Protection! Chrome, the world’s most popular browser, is taking a major step toward a privacy-first web with the launch of its Tracking Protection feature. Starting January 4th, this limited rollout marks a turning point i…GBHACKERS.COM
18 DecRhadamanthys Stealer Malware Evolves With More Powerful FeaturesThe malware targets email, FTP, and online banking credentials. The latest version includes a new plugin system for customization, a "Data Spy" plugin for capturing RDP login credentials, and improvements in stealing data from browsers.BLEEPINGCOMPUTER.COM
18 DecBSidesSLC 2023 - 11 videossubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/cc14de5f-a2be-4122-a020-83d3d464a23f.png BSidesSLC 2023 playlist Schedule from the website BSidesSLC is a non-profit, 501©(3) run, conference focused on cybersecurity. At this conference you…INFOSEC.PUB
18 DecBSides RedRocks 2023 - 9 videossubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/db556869-297e-42e9-8ef8-485c64a1d880.png BSides Redrocks playlist BSides Redrocks schedule on the website BSides Redrocks is a non-profit, 501©(3) run, conference focused on cybersecurity. A…INFOSEC.PUB
18 DecIntroducing SMTP Smuggling: A novel technique for spoofing e-mailssubmitted by L4s to secops 1 points | 0 comments https://r.sec-consult.com/smtp Introducing SMTP Smuggling: A novel technique for spoofing e-mails::undefinedR.SEC-CONSULT.COM
18 DecIssue #3 of Paged Out! zine is outsubmitted by L4s to secops 1 points | 0 comments https://pagedout.institute/download/PagedOut_003_beta1.pdf Issue #3 of Paged Out! zine is out::undefinedPAGEDOUT.INSTITUTE
18 DecNSA Issues Guidance on Incorporating SBOMs to Improve CybersecurityNSA has published guidance to help organizations incorporate SBOM to mitigate supply chain risks. The post NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity appeared first on SecurityWeek .SECURITYWEEK.COM
18 DecSMTP Smuggling Allows Spoofed Emails to Bypass Authentication ProtocolsA new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms. The post SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols appeared first on SecurityWeek .SECURITYWEEK.COM
18 DecAccelerating software development with ChatGPT - BSidesSLC 2023 - Scott Pack - 29 minutessubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/4e4e7db7-eb82-4753-afa1-ebc858202a7e.png Accelerating software development with ChatGPT - BSidesSLC 2023 - Scott Pack Using ChatGPT to Accelerate Software Development AI is a big deal. We ge…INFOSEC.PUB
18 DecMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
18 DecPolice Get Medical Records without a WarrantMore unconstrained surveillance : Lawmakers noted the pharmacies’ policies for releasing medical records in a letter dated Tuesday to the Department of Health and Human Services (HHS) Secretary Xavier Becerra. The letter—signed by Sen. Ron Wyden (D-Ore.), Rep. Pramila…SCHNEIER.COM
18 DecNews alert: Salvador Technologies raises $6M to empower cyber resilience in critical systemsRehovot, Israel Dec. 18, 2023 – Salvador Technologies , the pioneering cyber-attack recovery platform provider for critical infrastructures and industrial organizations, today announced that it has secured $6m in funding. Salvador Technologies’ investment round was led by Pico Ve…LASTWATCHDOG.COM
18 DecPikaBot Targets Enterprises Via Malicious Search AdsMalvertising Service Uses Google Ads and Decoy Pages for Malware Distribution Cybercriminals increasingly use malicious ads through search engines to deploy new malware targeting businesses, marking a rise in browser-based attacks. Researchers at Malwarebytes observed PikaBot, a …DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 5[−]
18 DecQbot Malware Returns in Campaign Targeting Hospitality IndustryThe malware is being distributed through emails pretending to be from an IRS employee, with recipients unknowingly downloading the QakBot DLL when attempting to view a PDF attachment.BLEEPINGCOMPUTER.COM
18 DecRhadamanthys Malware: Swiss Army Knife of Information Stealers EmergesThe developers of the information stealer malware known as Rhadamanthys are actively iterating on its features, broadening its information-gathering capabilities and also incorporating a plugin system to make it more customizable. This approach not only transforms it in…THEHACKERNEWS.COM
18 DecUK National Grid Pulls Chinese Equipment Over Cybersecurity ConcernsThe contract with NR Electric UK, a subsidiary of China's Nari Technology, was terminated without reason given in April, highlighting growing concerns over Chinese involvement in critical infrastructure.THEREGISTER.COM
18 DecPro-China Influence Operation Gained YouTube Following, Researchers FindThe campaign utilizes a network of at least 30 YouTube channels and employs tactics associated with both Russian and Chinese influence operations, including the use of artificially generated voices in videos.THERECORD.MEDIA
18 DecESET Research Podcast: Neanderthals, Mammoths and TelekopyeESET researchers discuss the dynamics within and between various groups of scammers who use a Telegram bot called Telekopye to scam people on online marketplacesWELIVESECURITY.COM
📡 INFOSEC NEWS 19[−]
18 Dec10,000 People’s Data Stolen in Genetic Testing Company Asper Biogene LeakPersonal and health data belonging to approximately 10,000 people has been illegally downloaded from Asper Biogene's database, making it the biggest data leak recorded in Estonia so far.ERR.EE
18 DecGoogle's New Tracking Protection in Chrome Blocks Third-Party CookiesGoogle will begin testing a new feature called "Tracking Protection" in January 2024 for 1% of Chrome users. The feature aims to restrict third-party cookies by default, limiting cross-site tracking.THEHACKERNEWS.COM
18 DecUK: Corringham School Apologizes After Sharing Personal Pupil DataOrtu Gable Hall School in Essex mistakenly sent an email to parents containing the personal data of 69 pupils who were being disciplined for bad behavior, leading to an apology from the school.BBC.COM
18 DecWordPress Hosting Service Kinsta Targeted by Google Phishing AdsUsers are advised to be vigilant and only access the official kinsta.com or my.kinsta.com websites, enable two-factor authentication, and disregard any suspicious emails or messages claiming to be from Kinsta.BLEEPINGCOMPUTER.COM
18 DecUnmasking the Dark Side of Low-Code/No-Code ApplicationsLow-code/no-code (LCNC) and robotic process automation (RPA) have gained immense popularity, but how secure are they? Is your security team paying enough attention in an era of rapid digital transformation, where business users are empowered to create applications swiftly using p…THEHACKERNEWS.COM
18 DecLuring with love, a network of pig butchering “mining” scams robbed millions from victims’ walletsThree threat groups using the exact same scam kit stole from 90 victims, mostly during the period of June to August, using smart contracts to hijack wallets and transfer their contents without needing to bypass device security. To date, neary $3 million has been stolen by the coo…SOPHOS.COM
18 DecFour U.S. Nationals Charged in $80 Million Pig Butchering Crypto ScamFour U.S. nationals have been charged for participating in an illicit scheme that earned them more than $80 million via cryptocurrency investment scams. The defendants – Lu Zhang, 36, of Alhambra, California; Justin Walker, 31, of Cypress, California; Joseph Wong, 32, Rosemead, C…THEHACKERNEWS.COM
18 DecScamming investors through apps from official stores | Kaspersky official blogDozens of apps from official stores scam investors by inviting them to sink money into commodities, cryptocurrency, and other imaginary assets.KASPERSKY.COM
18 DecA Top Secret Chinese Spy Satellite Just Launched On A Supersized RocketPACKETSTORMSECURITY.COM
18 DecHundreds Of Thousands Of Dollars In Crypto Stolen After Ledger Code PoisonedPACKETSTORMSECURITY.COM
18 DecUbiquiti Fixes Glitch That Exposed Private Video Streams to Other CustomersThe bug was caused by a misconfiguration during an upgrade to Ubiquiti's cloud infrastructure, resulting in 1,216 accounts being improperly associated with another group of 1,177 accounts.TECHCRUNCH.COM
18 DecMr. Cooper hackers stole personal data on 14 million customersHackers stole the sensitive personal information of more than 14.6 million Mr. Cooper customers, the mortgage and loan giant has confirmed. In a filing with Maine’s attorney general’s office, Mr. Cooper said the hackers stole customer names, addresses, dates of birth,…TECHCRUNCH.COM
18 DecMicrosoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card FraudsStorm-0539 not only targets gift card-related services for fraud but also collects sensitive information, such as emails and network configurations, for follow-on attacks against the same organizations.THEHACKERNEWS.COM
18 DecTop 7 Trends Shaping SaaS Security in 2024Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of …THEHACKERNEWS.COM
18 DecG2 Names Sophos a Leader for Endpoint Protection, EDR, XDR, Firewall, and MDRSophos is the only vendor rated a Leader across all five cybersecurity categories in G2’s Winter 2024 reports (December 2023)SOPHOS.COM
18 DecMicrosoft fixes Windows printer issues with new troubleshooterMicrosoft has released a troubleshooter tool to fix an issue where the HP Smart app would automatically install on Windows systems after renaming all printers to HP LaserJet M101-M106. [...]BLEEPINGCOMPUTER.COM