🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
27 DecCritical Zero-Day in Apache OfBiz ERP System Exposes Businesses to AttackA new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and i…THEHACKERNEWS.COM
27 DecChinese Hackers Exploited New Zero-Day in Barracuda's ESG AppliancesBarracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoors on a "limited number" of devices. Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that re…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 15[−]
27 DecCyber Security Today, Dec. 27, 2023 - A record year for ransomwareThis episode reports on the latest ransomware and vulnerability numbers for 2023CYBERSECURITYTODAY.LIBSYN.COM
27 DecOhio Lottery hit by cyberattack claimed by DragonForce ransomwareThe Ohio Lottery was forced to shut down some key systems after a cyberattack affected an undisclosed number of internal applications on Christmas Eve. [...]BLEEPINGCOMPUTER.COM
27 DecPanasonic discloses data breach after December 2022 cyberattackPanasonic Avionics Corporation, a leading supplier of in-flight communications and entertainment systems, disclosed a data breach affecting an undisclosed number of individuals after its corporate network was breached more than one year ago, in December 2022. [...]BLEEPINGCOMPUTER.COM
27 DecBarracuda fixes new ESG zero-day exploited by Chinese hackersNetwork and email security firm Barracuda says it remotely patched all active Email Security Gateway (ESG) appliances on December 21 against a zero-day bug exploited by UNC4841 Chinese hackers. [...]BLEEPINGCOMPUTER.COM
27 DecYakult Australia confirms 'cyber incident' after 95 GB data leakYakult Australia, manufacturer of a probiotic milk drink, has confirmed experiencing a "cyber incident" in a statement to BleepingComputer. Both the company's Australian and New Zealand IT systems have been affected. Cybercrime actor DragonForce which claimed responsibility for t…BLEEPINGCOMPUTER.COM
27 DecYakult Australia Confirms ‘Cyber Incident’ After 95 GB Data LeakThe cybercrime group, DragonForce, has claimed responsibility for the attack and has leaked 95 GB of data belonging to the company. Yakult Australia is currently investigating the incident with the help of cybersecurity experts.BLEEPINGCOMPUTER.COM
27 DecPolice Warn Hundreds of Online Merchants of Skimmer InfectionsLaw enforcement authorities in 17 countries discovered more than 400 online merchants infected with skimmers. The post Police Warn Hundreds of Online Merchants of Skimmer Infections appeared first on SecurityWeek .SECURITYWEEK.COM
27 DecNew Sneaky Xamalicious Android Malware Hits Over 327,000 DevicesA new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it's developed using an open-source mobile…THEHACKERNEWS.COM
27 DecRansomware Attacks Rise 85% Compared to the Previous YearWith November demonstrating multiple increases when compared to various previous time periods, new data signals that we may be in for a bumpy ride in 2024.KNOWBE4.COM
27 DecNew Nim-Based Malware Delivered via Weaponized Word DocumentHackers use weaponized Word documents to deliver malicious payloads through social engineering. By embedding malware or exploiting vulnerabilities in these documents, attackers trick users into opening them and leading to the execution of malicious code. While leverag…GBHACKERS.COM
27 DecMOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023This year, 2023, was a hell of a year for data breaches, much like the year before it (and the year before that, etc.). Over the past 12 months, we’ve seen hackers ramp up their exploitation of bugs in popular file-transfer tools to compromise thousands of organizations, ransomwa…TECHCRUNCH.COM
27 DecChinese Hackers Deliver Malware To Barracuda Email Security Appliances Via New Zero-DayPACKETSTORMSECURITY.COM
27 DecIf you don’t already have a generative AI security policy, there’s no time to loseThe boom in business adoption of generative AI as a useful tool is raising concerns in the cybersecurity community that the introduction of the technology is outpacing the introduction of guidelines governing its use, especially given the well-documented security threats and data…CSOONLINE.COM
27 DecNetwork Device Supply Chains and Lateral Movement - Joe Hall - BTS #20In this episode, we have the privilege of sitting down with renowned security expert Joe Hall to discuss three critical facets of modern cybersecurity: network device security, supply chain threats, and lateral movement. Join us as Joe Hall shares his wealth of knowledge and expe…YOUTUBE.COM
27 DecNetwork Device Supply Chains and Lateral Movement - Joe Hall - BTS #20In this episode, we have the privilege of sitting down with renowned security expert Joe Hall to discuss three critical facets of modern cybersecurity: network device security, supply chain threats, and lateral movement. Join us as Joe Hall shares his wealth of knowledge and expe…YOUTUBE.COM
🔥 INCIDENT REPORTING 15[−]
27 DecLockbit ransomware disrupts emergency care at German hospitalsGerman hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) has confirmed that recent service disruptions were caused by a Lockbit ransomware attack where the threat actors gained access to IT systems and encrypted devices on the network. [...]BLEEPINGCOMPUTER.COM
27 DecMortgage firm LoanCare warns 1.3 million people of data breachMortgage servicing company LoanCare is warning 1,316,938 borrowers across the U.S. that their sensitive information was exposed in a data breach at its parent company, Fidelity National Financial. [...]BLEEPINGCOMPUTER.COM
27 DecIntegris Health Patients Get Extortion Emails After CyberattackIntegris Health, Oklahoma's largest healthcare network, suffered a cyberattack resulting in the theft of patient data, and now patients are receiving blackmail emails threatening to sell their data if they don't pay an extortion demand.BLEEPINGCOMPUTER.COM
27 DecCorewell Health Suffers Third-Party Data Breach Impacting Over One Million PatientsHealthEC, a population health management platform that provides services to Corewell Health, is the company involved in the breach, which may have compromised sensitive data such as names, addresses, SSNs, and medical records.CBSNEWS.COM
27 DecMallox Ransomware Found Evading AMSI Detection Using New PowerShell ScriptThe PowerShell script uses a technique developed by a researcher in 2022, which involves patching the Windows Defender registered DLL for AMSI with a shellcode to overwrite the function that scans PowerShell scripts.LABS.K7COMPUTING.COM
27 DecCyberattack Disrupts Operations of First American, SubsidiariesA cyberattack appears to have caused significant disruption to the systems and operations of title insurer First American and its subsidiaries. The post Cyberattack Disrupts Operations of First American, Subsidiaries appeared first on SecurityWeek .SECURITYWEEK.COM
27 DecRefocusing on Cybersecurity Essentials in 2024: A Critical ReviewBy supplementing traditional perimeter defense mechanisms with principles of data integrity, identity management, and risk-based prioritization, organizations can reduce their exposure to data breaches. The post Refocusing on Cybersecurity Essentials in 2024: A Critical Review ap…SECURITYWEEK.COM
27 DecRansomware Group Claims 100 Gb of Data Stolen From NissanThe Akira ransomware group has taken credit for the recent attack that impacted Nissan Australia and New Zealand. The post Ransomware Group Claims 100 Gb of Data Stolen From Nissan appeared first on SecurityWeek .SECURITYWEEK.COM
27 DecCBS Parent National Amusements Discloses Year-Old Data BreachCBS parent company National Amusements is informing 80,000 individuals of a December 2022 data breach. The post CBS Parent National Amusements Discloses Year-Old Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
27 DecIntegris Health Data Breach Could Impact MillionsIntegris Health has started informing patients of a data breach impacting their personal information. The post Integris Health Data Breach Could Impact Millions appeared first on SecurityWeek .SECURITYWEEK.COM
27 DecWarning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency MiningPoorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS)…THEHACKERNEWS.COM
27 DecCyber Scammers Beef Up the Number of Fake Delivery Websites Just in Time for ChristmasCybersecurity researchers at Group-IB have identified a single scam campaign leveraging over 1500 websites impersonating postal carriers and shippers leading up to Christmas this year.KNOWBE4.COM
27 DecUbisoft Investigates Cyber Attack: Possible Data Exfiltration by HackersUbisoft, the renowned video game developer behind iconic franchises like Assassin’s Creed and Far Cry, narrowly escaped a potentially devastating data breach. On December 20th, an unidentified threat actor infiltrated their systems, gaining access for approximately 48…GBHACKERS.COM
27 DecAre you tracking your cybersecurity implementation?From May 7 to 12, 2021, the massive Colonial Pipeline refined oil product delivery system ground to a halt. It was the victim of a DarkSide ransomware cyberattack. The Colonial Pipeline delivers about 45% of fuel for the East Coast, including gasoline, diesel fuel, heating oil, j…SECURITYINTELLIGENCE.COM
🕵️ THREAT INTELLIGENCE 9[−]
27 DecNew iPhone Security Features to Protect Stolen DevicesApple is rolling out a new “Stolen Device Protection” feature that seems well thought out: When Stolen Device Protection is turned on, Face ID or Touch ID authentication is required for additional actions, including viewing passwords or passkeys stored in iCloud Keych…SCHNEIER.COM
27 DecWe Do What We Are Trained To DoWhen I was young, I was an oceanfront lifeguard, firefighter and EMT paramedic. All disciplines involved frequent education and training. KNOWBE4.COM
27 DecCyberheistNews Vol 13 #52 [IRS Alert] Three Tips To Protect Against Tax Season Refund ScamsKNOWBE4.COM
27 DecHackers Stolen Over $58 Million in Crypto Via Malicious Google and X AdsThreat actors targeting crypto wallets for illicit transactions have been in practice for quite some time. Threat actors have been using Wallet Drainers for such cybercrime activities, which have seen great success in recent years. Several techniques were used for draining, which…GBHACKERS.COM
27 DecMY TAKE: Rising geopolitical tensions suggest a dire need for tighter cybersecurity in 2024Russia’s asymmetrical cyber-attacks have been a well-documented, rising global concern for most of the 2000s. Related: Cybersecurity takeaways of 2023 I recently visited with Mihoko Matsubara , Chief Cybersecurity Strategist at NTT to discuss why this worry has climbed stea…LASTWATCHDOG.COM
27 DecInterview with Dr. Whitfield Diffie - PSW VaultDr. Diffie is a pioneer of public-key cryptography and was VP of Information Security and Cryptography at ICANN. He is author of "Privacy on the Line: The Politics of Wiretapping and Encryption". Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: ht…YOUTUBE.COM
27 DecWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 7 points | 1 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
27 Dec44CON 2023 - 20 talkssubmitted by ashar to security_cpe 0 points | 0 comments https://infosec.pub/pictrs/image/78034a92-a984-4cc6-8758-3b334c7a9495.png 44CON 2023 Schedule 44CON 2023 Unofficial Playlist What is 44CON? 44CON is an Information Security Conference & Training event taking place in Lo…INFOSEC.PUB
27 DecActive Directory and Internal Pentest Cheatsheets - Internal All The Thingssubmitted by L4s to secops 7 points | 0 comments https://swisskyrepo.github.io/InternalAllTheThings/ Active Directory and Internal Pentest Cheatsheets - Internal All The Things::Active Directory and Internal Pentest CheatsheetsSWISSKYREPO.GITHUB.IO
🌐 CYBER THREAT LANDSCAPE 2[−]
27 DecNew Xamalicious Android malware installed 330k times on Google PlayA previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store. [...]BLEEPINGCOMPUTER.COM
27 DeciPhone Triangulation attack abused undocumented hardware featureThe Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 6[−]
27 DecCyberAv3ngers Offers 1TB of Alleged Israeli Electricity Data for 5 BTCThe hacker group CyberAv3ngers claims to have obtained and is selling 1TB of data from Israel's electricity infrastructure. They posted a message on a platform offering the data for sale. The Israel Electric Corporation (IEC) has not yet responded.THECYBEREXPRESS.COM
27 DecLogoFAIL attack via image substitution in UEFI | Kaspersky official blogResearchers have found a way to attack computers through the logo image replacement mechanism in UEFI.KASPERSKY.COM
27 DecGot a new device? 7 things to do before disposing of your old techBefore getting rid of your no-longer-needed device, make sure it doesn’t contain any of your personal documents or informationWELIVESECURITY.COM