🚨 CISA KEV 1[−]
3 Jan KEVCISA warns of actively exploited bugs in Chrome and Excel parsing libraryThe U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreads…BLEEPINGCOMPUTER.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
3 JanQualcomm Chip Vulnerability Enables Remote Attack by Voice CallQualcomm has announced a critical vulnerability that could lead to remote attacks on devices using their chipsets. The flaw, tracked as CVE-2023-33025, involves a buffer overflow during VoLTE calls, allowing attackers to execute code remotely.SCMAGAZINE.COM
3 JanMicrosoft disables online Windows App Installer after attackers abuse itMicrosoft has disabled the App Installer functionality that allowed Windows 10 apps to be installed directly from a web page by clicking on a link that used the ms-appinstaller URI scheme. This functionality has been heavily abused in recent months by different threat actors to d…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 22[−]
3 JanUkraine says Russia hacked web cameras to spy on targets in Kyivsubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/ukraine-says-russia-hacked-web-cameras-to-spy-on-kyiv-targets Ukraine’s security officers said they took down two online surveillance cameras that were allegedly hacked by Russia to spy on air defense f…THERECORD.MEDIA
3 JanGoogle password resets not enough to stop this malwaresubmitted by c0mmando to netsec 2 points | 1 comments https://www.theregister.com/2024/01/02/infostealer_google_account_exploit/ Security researchers say info-stealing malware can still access victims’ compromised Google accounts even after passwords have been changed. A zero-day…THEREGISTER.COM
3 JanKorean National Police Agency investigating $81 million crypto theft from Orbit Chainsubmitted by c0mmando to netsec 2 points | 0 comments https://therecord.media/korean-police-investigating-cryptocurrency-theft-orbit-chain Crypto platform Orbit Chain said it is working with the Korean National Police Agency and Korea Internet & Security Agency (KISA) to addr…THERECORD.MEDIA
3 JanHow Russia’s NoName057(16) could be a new model for hacking groupsAs Ukraine and its allies find themselves in the crosshairs of Russian hacking groups, the cyber realm has become a virtual battlefield of strategic warfare. Among them, a series of politically motivated distributed denial-of-service (DDoS) attacks by the pro-Russian hacktivist g…CSOONLINE.COM
3 JanFacts and Misconceptions About Cybersecurity BudgetsDespite increased cybersecurity budgets, there is a need for a further rise in spending to effectively mitigate security risks. Economic volatility, a growing distributed workforce, and supply chain issues are key factors influencing spending.HELPNETSECURITY.COM
3 JanHacker Group Claims to Steal 3TB Data From Iranian Food Delivery Giant SnappfoodThe hacker group, known as "irleaks," publicly disclosed the breach and claimed to have acquired a vast amount of data, including customer details, vendor records, payment information, device data, product orders, and more.HACKREAD.COM
3 JanSMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof EmailsA new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. "Threat actors could abuse vulnerable SMTP servers worldwide to send maliciou…THEHACKERNEWS.COM
3 JanMalware Using Google MultiLogin Exploit to Maintain Access Despite Password ResetInformation stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitat…THEHACKERNEWS.COM
3 Jan KEVCISA Warns of Actively Exploited Bugs in Chrome and Excel Parsing LibraryThe CISA has identified two recently patched vulnerabilities, one in Google Chrome and another in the open-source Perl library Spreadsheet::ParseExcel, that have been actively exploited and require immediate mitigation.BLEEPINGCOMPUTER.COM
3 JanSentinelOne to Bolster Cloud Security With PingSafe BuySentinelOne to Add CNAP Capabilities for 'Best of Breed' Security Platform Endpoint security firm SentinelOne is set to acquire PingSafe for an undisclosed sum of cash and stock. The move will integrate PingSafe's cloud-native application protection platform into SentinelOne's Si…DATABREACHTODAY.CO.UK
3 JanSonicWall Acquires Banyan to Boost Zero-Trust, SSE OfferingsWith its second acquisition in two months, SonicWall aims to help enterprises with growing remote workforces through zero-trust network and security service edge offerings.TECHTARGET.COM
3 JanHighly exploited Chromium bug traced to a Google OAuth endpointAn undocumented Google OAuth endpoint has been identified to be the root of the notorious info stealing exploit that is being widely implemented by various threat actors in their codes since it appeared in October 2023. The critical exploit, which allows the generation of persist…CSOONLINE.COM
3 JanNew Google Cookies Exploit Allows Access After Password ResetA Critical Google Cookies exploit involves manipulating or stealing user cookies, which store authentication information, to gain unauthorized access to accounts. Hackers exploit this illicit mechanism to:- A developer, PRISMA, discovered a major Google cookie exploit in Oc…GBHACKERS.COM
3 JanSeveral Infostealers Using Persistent Cookies to Hijack Google AccountsA vulnerability in Google’s authentication process allows malware to restore cookies and hijack user sessions. The post Several Infostealers Using Persistent Cookies to Hijack Google Accounts appeared first on SecurityWeek .SECURITYWEEK.COM
3 JanWhat the cybersecurity workforce can expect in 2024For cybersecurity professionals, 2023 was a mixed bag of opportunities and concerns. The good news is that the number of people in cybersecurity jobs has reached its highest number ever: 5.5 million, according to the 2023 ISC2 Global Workforce Study. However, the same study repor…SECURITYINTELLIGENCE.COM
3 JanGuarding against DDoS attacks during high-traffic periodsDistributed denial-of-service (DDoS) attacks are a year-round threat. However, as many security practitioners can attest, DDoS attacks are particularly prolific during high-traffic times like the holiday season . The holidays are typically a time when organizations have reduced r…CSOONLINE.COM
3 JanWindows Syslog Receiversubmitted by stevedidwhat_infosec to cybersecurity 1 points | 0 comments Hey all, got a quick question! I want to receive, parse and store syslogs from various devices on my home network on my windows box. I know, I know, its a bit backwards but I’d like to proceed with this sort…INFOSEC.PUB
3 JanHacker Heroes - Casey Ellis - PSW VaultUnleashing the Power of Crowdsourced Cybersecurity: A Conversation with Casey Ellis, Founder of Bugcrowd ️Meet Casey Ellis, the visionary entrepreneur who has redefined the landscape of cybersecurity through the groundbreaking platform he built – Bugcrowd. As the Founder and Chie…YOUTUBE.COM
3 JanFirmware prank causes LED curtain in Russia to display ‘Slava Ukraini’ — police arrest apartment ownersubmitted by c0mmando to netsec 2 points | 0 comments https://therecord.media/russia-ukraine-firmware-prank-led-curtain-arrest The owner of an apartment in Veliky Novgorod in Russia has been arrested for discrediting the country’s armed forces after a neighbor alerted the police …THERECORD.MEDIA
3 JanGoogle security firm Mandiant working to resolve X account takeoversubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/mandiant-resolving-x-account-takeover The Google-owned cybersecurity firm Mandiant said it is looking into an incident where its X account was taken over by someone sharing links to a cryptocurrency pla…THERECORD.MEDIA
3 JanPredicting GenAI Threats in 2024 | Building a Security Business Around Open Source | News - ESW345This week, we kick things off with an interview with Greg Notch, Chief Information Security Officer at Expel, about Predicting GenAI Threats and Concerns in 2024. Then, we discuss The Pros and Cons of Building a Security Business Around Open Source with Ev Kontsevoy, Co-Founder a…YOUTUBE.COM
📋 SECURITY BULLETINS 1[−]
3 JanSteam Drops Support for Windows 7 and 8.1 to Boost SecurityThe end of support for these older Windows versions is due to the reliance on an embedded version of Google Chrome that no longer functions on them, as well as the need for Windows feature and security updates only available on Windows 10 and above.BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 6[−]
3 JanFTC settles with company that facilitated billions of illegal robocallssubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/ftc-settles-with-company-that-facilitated-billions-of-robocalls A voice over internet protocol (VoIP) service provider charged with sending billions of illegal robocalls was issued a $10 million penalty…THERECORD.MEDIA
3 JanDOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall OperationThe U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January 2018, in contravention of the Telemarketing Sales Rule (TSR). In addition to p…THEHACKERNEWS.COM
3 JanHack on Defunct Ambulance Firm Affects 912,000 PeopleArchived Data Stolen 2 Months After Sale of Business Affects Patients, Employees A defunct ambulance company is notifying nearly 912,000 patients and employees that their archived records were compromised in an early 2023 data theft hack. The firm previously provided emergency ca…DATABREACHTODAY.CO.UK
3 JanJobs | QNAP | NIST | Spectral Blur | Stuxnet | Swatting | Volkswagen | Jason Wood & More! – SWN352This week Doug talks: Jobs, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood, and more are on this edition of the Security Weekly News. →Full Show Notes: https://securityweekly.com/swn352 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Vi…YOUTUBE.COM
🔥 INCIDENT REPORTING 25[−]
3 JanUpdate: After Ransomware Claims, Xerox Says Subsidiary Hit With CyberattackXerox stated that the incident had no impact on its corporate systems, operations, or data, but limited personal information in the XBS environment may have been affected.THERECORD.MEDIA
3 JanOrbit Chain Loses $86 Million in the Last Fintech Hack of 2023The stolen funds are believed to be linked to North Korean hacking groups, such as Lazarus, who use cryptocurrency cyberattacks to bypass international sanctions and finance their weapons development program.BLEEPINGCOMPUTER.COM
3 JanXerox Confirms Data Breach at US Subsidiary Following Ransomware AttackXerox says personal information was stolen in a cyberattack at US subsidiary Xerox Business Solutions. The post Xerox Confirms Data Breach at US Subsidiary Following Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
3 Jan5 Ways to Reduce SaaS Security RisksAs technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of…THEHACKERNEWS.COM
3 JanEuropean Central Bank to Put Banks Through Cyber Stress TestThe European Central Bank will conduct cyber stress tests on 109 banks in Europe to assess their resilience against cyberattacks. The tests will simulate disruptive cyberattacks and evaluate how the banks respond and recover.BANKINFOSECURITY.COM
3 JanDefunct Ambulance Service Data Breach Impacts Nearly One Million PeopleFallon Ambulance Services, a subsidiary of Transformative Healthcare, was targeted in a ransomware attack that exposed the personal information of nearly a million people. The attack occurred in February 2023 and was discovered in April 2023.HACKREAD.COM
3 JanBan on Ransomware Payments? The Alternative Isn’t WorkingRansomware attacks in the US reached record levels in 2023, targeting hospitals, schools, government organizations, and private-sector businesses, costing victims an average of $1.5 million to rectify.THEREGISTER.COM
3 JanOnline Museum Collections Down After Ransomware Attack on Service ProviderGallery Systems, a museum software provider, has revealed that it experienced a ransomware attack last week, leading to ongoing IT outages. The attack caused the company to take systems offline to prevent further encryption.BLEEPINGCOMPUTER.COM
3 JanHacktivists Shut Down Top State-Owned Belarusian News AgencyBelarusian hacktivist group, the Cyber-Partisans, launched a cyberattack on the country's leading state-owned media outlet, wiping the main website servers and backups, as a retaliatory measure against President Lukashenko's propaganda campaign.BANKINFOSECURITY.COM
3 JanThreat Actor Leaks 3.6 Million Records Allegedly Stolen From Cross SwitchThe data breach, carried out by a threat actor named IntelBroker, has allegedly exposed sensitive details such as full names, emails, phone numbers, banking information, and more.THECYBEREXPRESS.COM
3 JanOver 900k Impacted by Data Breach at Defunct Boston Ambulance ServiceThe personal information of more than 900,000 individuals was stolen in a data breach at Fallon Ambulance Service. The post Over 900k Impacted by Data Breach at Defunct Boston Ambulance Service appeared first on SecurityWeek .SECURITYWEEK.COM
3 JanLockbit 3.0 Ransomware Disrupts Emergency Care at Multiple German HospitalsHitting three hospitals within a Germany-based hospital network, the extent of the damage in this confirmed ransomware attack remains undetermined but has stopped parts of operations.KNOWBE4.COM
3 JanData breach at healthcare tech firm impacts 4.5 million patientsHealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers. [...]BLEEPINGCOMPUTER.COM
3 Jan23andMe tells victims it’s their fault that their data was breachedFacing more than 30 lawsuits from victims of its massive data breach, 23andMe is now deflecting the blame to the victims themselves in an attempt to absolve itself from any responsibility, according to a letter sent to a group of victims seen by TechCrunch. “Rather than acknowled…TECHCRUNCH.COM
3 JanRansomware: 2023 Victim Count Appears to Reach Record LevelsHealthcare, School District and University Victim Counts Increase, Research Reports The count of known U.S. organizations that fell victim to ransomware last year - whether or not they paid a ransom - surged from 220 to 321, and hospital systems, K-12 school districts and post-se…DATABREACHTODAY.CO.UK
3 Jan‘Large-Scale’ Cyberattack Hits French Township, All Local Services DownThe mayor of Pays Fouesnantais, a township in France, announced that the municipality has been hit by a large-scale cyberattack, causing all community services to be taken down.THERECORD.MEDIA
3 JanRussia Hacked Surveillance Cameras to Target Sites in KyivHackers Used the Cameras to Spy on Ukraine's Air Defenses, Critical Infrastructure The Russian military hacked into surveillance cameras to spy on Ukrainian air defenses and Kyiv's critical infrastructure during the missile and drone strikes on the capital city Tuesday. Ukraine h…DATABREACHTODAY.CO.UK
3 JanHacker hijacks Orange Spain RIPE account to cause BGP havocOrange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration. [...]BLEEPINGCOMPUTER.COM
3 JanCrypto losses declined over 50% in 2023The total amount “lost” during 2023 from security incidents was almost $2 billion. © 2023 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
3 JanPopulation Health Management Firm's Breach Affects MillionsHealthEC Hack Also Compromised More Than a Dozen US Healthcare Systems A hacking incident at a New Jersey-based vendor of artificial intelligence-enabled population health management services that involved a network server has affected more than a dozen of its healthcare clients …DATABREACHTODAY.CO.UK
3 JanRansomware Actors Steal Australian Courts' Video RecordingsHackers Lock Up Recordings of Court Hearings to Extort Victoria's Court System The court system of Victoria said it had experienced a serious cybersecurity incident in late 2023 that gave hackers access to video recordings of proceedings at multiple courts, including the Supreme …DATABREACHTODAY.CO.UK
3 JanMandiant's Twitter account hacked to push cryptocurrency scamThe Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. [...]BLEEPINGCOMPUTER.COM
3 JanMandiant’s account on X hacked to push cryptocurrency scamThe Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 22[−]
3 JanISC Stormcast For Wednesday, January 3rd, 2024 https://isc.sans.edu/podcastdetail/8794, (Wed, Jan 3rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
3 JanFacial Recognition Systems in the USA helpful summary of which US retail stores are using facial recognition, thinking about using it, or currently not planning on using it. (This, of course, can all change without notice.) Three years ago, I wrote that campaigns to ban facial recognition are too narrow. The proble…SCHNEIER.COM
3 Jan21 New Mac Malware Families Emerged in 2023A total of 21 new malware families targeting macOS systems were discovered in 2023, a 50% increase compared to 2022. The post 21 New Mac Malware Families Emerged in 2023 appeared first on SecurityWeek .SECURITYWEEK.COM
3 JanOWASP BeNeLux Day 2023 - 9 talkssubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/c0f239f4-2408-4ad5-9e19-b7fb188222d8.png Program The PlaylistINFOSEC.PUB
3 JanCISOs Take Note — Don't Let AI Adoption Outpace Due DiligenceIn 2024, the potential of AI adoption for SecOps will be tempered by tales of blind spots, self-inflicted wounds and thinned-out SOC capabilities. The post CISOs Take Note — Don't Let AI Adoption Outpace Due Diligence appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
3 JanBitwarden Heist - How to Break into Password Vaults Without Using Passwordssubmitted by L4s to secops 1 points | 0 comments https://blog.redteam-pentesting.de/2024/bitwarden-heist/ Bitwarden Heist - How to Break into Password Vaults Without Using Passwords::Sometimes, making particular security design decisions can have unexpected consequences. For secu…REDTEAM-PENTESTING.DE
3 JanCyberheistNews Vol 14 #01 [Heads Up] SMTP Smuggling - How It Easily Circumvents Your Email DefensesKNOWBE4.COM
3 JanInteresting large and small malspam attachments from 2023, (Wed, Jan 3rd)At the end of a year, or at the beginning of a new one, I like to go over all malicious attachments that were caught in my e-mail trap over the last 12 months, since this can provide a good overview of long-term malspam trends and may sometimes lead to other interesting discoveri…ISC.SANS.EDU
3 JanCybersecurity M&A Roundup: 25 Deals Announced in December 2023Twenty-five cybersecurity-related merger and acquisition (M&A) deals were announced in December 2023. The post Cybersecurity M&A Roundup: 25 Deals Announced in December 2023 appeared first on SecurityWeek .SECURITYWEEK.COM
3 JanPalestinian Hackers Hit 100 Israeli Organizations in Destructive AttacksA group of claimed Palestinian state cyber warriors has hit over 100 Israeli organizations with wipers and data theft. The post Palestinian Hackers Hit 100 Israeli Organizations in Destructive Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
3 JanThe Evolution of Purple Teaming | News - PSW8126:00pm ET - Jared Atkinson 7:00pm ET - Security News This week, we start things off by discussing The Evolution of Purple Teaming with Jared Atkinson, Chief Strategist at SpecterOps. Then we discuss the security news for the week. →Full Show Notes: https://securityweekly.com/psw8…YOUTUBE.COM
3 JanNew Research: Phishing Attacks Stole $295 Million In Crypto In 2023Researchers at Scam Sniffers have found that phishing attacks stole nearly $295 million worth of cryptocurrency from 324,000 victims in 2023, CryptoSlate reports. The cryptocurrency is stolen by malware delivered via phishing sites.KNOWBE4.COM
3 JanWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
3 JanHacker Conversations: Runa SandvikSecurityWeek interviews Runa Sandvik, a cybersecurity researcher focused on protecting journalists, defenders of human rights and lawyers, The post Hacker Conversations: Runa Sandvik appeared first on SecurityWeek .SECURITYWEEK.COM
3 JanElbsides light 2023 - 6 talkssubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/12271a6d-95b9-4790-9e35-1cb0622e3806.png Elbsides light 2023 Program Elbsides light 2023 playlist The computer security community from Hamburg and North Germany will meet on November 17th, 2…INFOSEC.PUB
3 JanSonicWall Buys Banyan Security For ZTNA TechnologySonicWall announces the acquisition of Banyan Security, a deal that adds zero-trust network access tooling to its product portfolio. The post SonicWall Buys Banyan Security For ZTNA Technology appeared first on SecurityWeek .SECURITYWEEK.COM
3 JanAirbus Renews Bid to Buy French Atos' Cybersecurity UnitAerospace Firm's Proposed Acquisition Valued at Up to 1.8 Billion Euros French IT firm Atos has confirmed it is in early-stage talks with Airbus to sell its cybersecurity unit for an estimated 1.8 billion euros, or 1.79 billion. The latest Airbus offer comes just six months after…DATABREACHTODAY.CO.UK
3 JanSentinelOne Snaps up Seed-Stage CNAPP Startup PingSafeSentinelOne plans to acquire PingSafe in a cash-and-stock deal that adds cloud native application protection platform (CNAPP) technologies. The post SentinelOne Snaps up Seed-Stage CNAPP Startup PingSafe appeared first on SecurityWeek .SECURITYWEEK.COM
3 JanAqua Security Scores $60M Series E FundingLate-stage player in the CNAPP space secures a $60 million extended Series E funding round at a valuation north of $1 billion. The post Aqua Security Scores $60M Series E Funding appeared first on SecurityWeek .SECURITYWEEK.COM
3 JanHow NOT to Lead: Critical Errors in Cybersecurity LeadershipZero Trust Expert Chase Cunningham on His Latest Book About Leadership Styles Chase Cunningham discusses his new book, "How NOT to Lead: Lessons Every Manager Can Learn from Dumpster Chickens, Mushroom Farmers, and Other Office Offenders,” which details critical errors that can u…DATABREACHTODAY.CO.UK
3 JanSupply Chain Risk Management - BTS #21In this edition of Below The Surface, we discuss Supply Chain Risk Management, with David Vaughn, Director at ISSA International. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! →Full Show Notes: https://securityweekly.…YOUTUBE.COM
3 JanSmart Cars | Microsoft | Layoffs | PyTorch | Mandiant | SEC | Aaran Leyland & More! – SWN353This week, Doug Talks: Smart Cars, Microsoft, Layoffs, PyTorch, Mandiant, SEC, Aaran Leyland, and More News on the Security Weekly News. →Full Show Notes: https://securityweekly.com/swn353 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our website: ht…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
3 JanWebinar | Cyber Threats 2024 Unveiled: Predictive Insights and Defensive StrategiesDATABREACHTODAY.CO.UK
📡 INFOSEC NEWS 14[−]
3 JanBT Misses Deadline for Removing Huawei From Network CoreBT has failed to meet the extended deadline to remove Huawei equipment from its core networks, with only 2G and 3G services still being served by non-compliant infrastructure.THEREGISTER.COM
3 JanNew York State AG Hits Hospital With $300K Fine for Web Tracker UseNewYork-Presbyterian Hospital has been fined $300,000 by state regulators for privacy violations related to its use of tracking tools on its websites and patient portal. It violated HIPAA rules by sharing patient information with third parties.BANKINFOSECURITY.COM
3 JanDOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall OperationXCast transmitted billions of illegal robocalls to American consumers, using false affiliations with government agencies and misleading information to deceive victims into making purchases.THEHACKERNEWS.COM
3 JanCourts service “PWNED” in Australia, as hackers steal sensitive recordings of hearingsHackers are believed to have successfully accessed several weeks' worth of sensitive video and audio recordings of court hearings, including one made at a children's court where the identities of minors are supposed to be particularly critical to protect. Read more in my article …BITDEFENDER.COM
3 JanPalestinian Hackers Hit 100 Israeli Organizations In Destructive AttacksPACKETSTORMSECURITY.COM
3 JanNearly 11 million SSH servers vulnerable to new Terrapin attacksAlmost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. [...]BLEEPINGCOMPUTER.COM
3 JanCloud-native cybersecurity startup Aqua Security raises $60M and remains a unicornAqua Security, an Israeli cybersecurity startup that helps companies protect their cloud services, has raised $60 million in funding, extending its previously announced $135 million Series E round of funding to $195 million. Founded in 2015, Tel Aviv- and Boston-based Aqua Securi…TECHCRUNCH.COM
3 JanFake and Stolen X Gold Accounts Flood Dark WebA surge of fake or stolen Twitter Gold (now X Gold) accounts has been flooding both the surface web and the dark web over the past year, according to cybersecurity firm CloudSEK.INFOSECURITY-MAGAZINE.COM
3 JanLastPass now requires 12-character master passwords for better securityLastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. [...]BLEEPINGCOMPUTER.COM
3 JanPornHub blocks North Carolina, Montana over new age verification lawsAdult media giant Aylo has blocked access to many of its websites, including PornHub, to visitors from Montana and North Caroline as new age verifications laws go into effect. [...]BLEEPINGCOMPUTER.COM
3 JanLarge Language Models: Moving Past the Early StageAI, machine learning and large language models are not new, but they are coming to fruition with the mass adoption of generative AI. For cybersecurity professionals, these are "exciting times we live in," said Dan Grosu, CTO and CISO at Information Security Media Group.DATABREACHTODAY.CO.UK
3 JanNigerian hacker arrested for stealing $7.5M from charitiesA Nigerian national was arrested in Ghana and is facing charges related to business email compromise (BEC) attacks that caused a charitable organization in the United States to lose more than $7.5 million. [...]BLEEPINGCOMPUTER.COM
3 JanSay what you will? Your favorite speech-to-text app may be a privacy riskTyping with your voice? It should go without saying that you need to take some precautions and avoid spilling your secrets.WELIVESECURITY.COM