matlock.ca // THREAT INTELLIGENCE — 2024-01-12

81Articles

9Categories

2024-01-12Date

🚨

CISA adds patched MS SharePoint server vulnerability to KEV catalogA patched privilege escalation vulnerability impacting Microsoft SharePoint servers has been added to the known exploited vulnerabilities (KEV) catalog of the US Cybersecurity and Infrastructure Security Agency (CISA). Citing evidence of active exploitation, CISA has tagged the c…

KEVCSOONLINE.COM — 12 Jan 2024

🚨

Known Indicators of Compromise Associated with Androxgh0st MalwareSUMMARY The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated w…

KEVCISA.GOV — 12 Jan 2024

🐛

Hackers Actively Exploited 2 Ivanti Zero-Day to Execute Arbitrary Commands

KEVGBHACKERS.COM — 12 Jan 2024

🐛

Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability

KEVTHEHACKERNEWS.COM — 12 Jan 2024

🐛

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

TRENDMICRO.COM — 12 Jan 2024

🐛

Urgent: GitLab Releases Patch for Critical Vulnerabilities - Update ASAP

THEHACKERNEWS.COM — 12 Jan 2024

🐛

CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability

THEHACKERNEWS.COM — 12 Jan 2024

🐛

DreamBus Unleashes Metabase Mayhem With New Exploit Module

ZSCALER.COM — 12 Jan 2024

🐛

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

TRENDMICRO.COM — 12 Jan 2024

🐛

GitLab Releases Patch for Critical Vulnerabilities

THEHACKERNEWS.COM — 12 Jan 2024

⚠️

Android’s January 2024 Security Update Patches 58 Vulnerabilities

SOURCE.ANDROID.COM — 12 Jan 2024

⚠️

Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks

THEHACKERNEWS.COM — 12 Jan 2024

⚠️

Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over

INFOSECURITY-MAGAZINE.COM — 12 Jan 2024

⚠️

Over 150k WordPress Sites at Takeover Risk via Vulnerable Plugin

BLEEPINGCOMPUTER.COM — 12 Jan 2024

⚠️

Update: New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

THEHACKERNEWS.COM — 12 Jan 2024

⚠️

Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks

THEHACKERNEWS.COM — 12 Jan 2024

⚠️

Apple Patches Keystroke Injection Vulnerability in Magic Keyboard

SECURITYWEEK.COM — 12 Jan 2024

⚠️

Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout

SECURITYWEEK.COM — 12 Jan 2024

⚠️

On IoT Devices and Software Liability

SCHNEIER.COM — 2024-01-12

⚠️

Further Analysis of Denmark Attacks Leads to Warning About Unpatched Network Gear

THERECORD.MEDIA — 12 Jan 2024

⚠️

WordPress Plugin Flaw Exposes 300,000+ to Hack Attacks

GBHACKERS.COM — 12 Jan 2024

⚠️

Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families

THEHACKERNEWS.COM — 12 Jan 2024

⚠️

Apple Patches Keystroke Injection Vulnerability In Magic Keyboard

PACKETSTORMSECURITY.COM — 12 Jan 2024

⚠️

Recovery From Cyberattack ‘On the Horizon,’ Kansas Supreme Court Chief Justice Says

THERECORD.MEDIA — 12 Jan 2024

⚠️

Ivanti Connect Secure zero-days exploited to deploy custom malware

BLEEPINGCOMPUTER.COM — 12 Jan 2024

⚠️

Brad Arkin is New Chief Trust Officer at Salesforce

SECURITYWEEK.COM — 12 Jan 2024

⚠️

Juniper warns of critical RCE bug in its firewalls and switches

BLEEPINGCOMPUTER.COM — 12 Jan 2024

⚠️

CISA: Critical Microsoft SharePoint bug now actively exploited

KEVBLEEPINGCOMPUTER.COM — 12 Jan 2024

⚠️

GitLab warns of critical zero-click account hijacking vulnerability

BLEEPINGCOMPUTER.COM — 12 Jan 2024

⚠️

Researchers demo new CI/CD attack techniques in PyTorch supply-chain

CSOONLINE.COM — 12 Jan 2024

⚠️

Fertility Test Lab Will Pay $1.25M to Settle Breach Lawsuit

DATABREACHTODAY.CO.UK — 2024-01-12

⚠️

Chinese Nation-State Hacker Is Exploiting Cisco Routers

DATABREACHTODAY.CO.UK — 2024-01-12

⚠️

Amazon Appeals Privacy Fine of 746 Million Euros

DATABREACHTODAY.CO.UK — 2024-01-12

⚠️

Medusa group steps up ransomware activities

CSOONLINE.COM — 12 Jan 2024

📢

AgentTesla Malware Attacking Windows Machine to Steal Sensitive Data

GBHACKERS.COM — 12 Jan 2024

📢

EU Enhances Cybersecurity Requirements for Agencies

BANKINFOSECURITY.COM — 12 Jan 2024

📢

GitLab security advisory (AV24-025)

CYBER.GC.CA — 2024-01-12

📢

Microsoft Edge security advisory (AV24-026)

CYBER.GC.CA — 2024-01-12

📢

US CISA Must Improve Water Sector Assistance, Says Watchdog

DATABREACHTODAY.CO.UK — 2024-01-12

🔥

Cyber Security Today, Jan. 12, 2024 - A Chinese hacking group's reach may be bigger than we thought

CYBERSECURITYTODAY.LIBSYN.COM — 12 Jan 2024

🔥

Hathway - 4,670,080 breached accounts

HAVEIBEENPWNED.COM — 12 Jan 2024

🔥

Framework Computer Discloses Data Breach After Accountant Gets Phished

BLEEPINGCOMPUTER.COM — 12 Jan 2024

🔥

How the Merck Case Shapes the Future of Cyber Insurance

BANKINFOSECURITY.COM — 12 Jan 2024

🔥

Halara Probes Breach After Hacker Leaks Data for 950,000 People

BLEEPINGCOMPUTER.COM — 12 Jan 2024

🔥

Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion

THEHACKERNEWS.COM — 12 Jan 2024

🔥

Team Liquid ’s E-Sports Platform Exposes 118,000 Users' Personal Information

SECURITYAFFAIRS.COM — 12 Jan 2024

🔥

Laptop Maker Framework Says Customer Data Stolen in Third-Party Breach

SECURITYWEEK.COM — 12 Jan 2024

🔥

Ransomware Trends: Medusa and Akira Rage; Tortilla Disrupted

DATABREACHTODAY.CO.UK — 2024-01-12

🔥

Medusa Ransomware Turning Your Files into Stone

UNIT42.PALOALTONETWORKS.COM — 12 Jan 2024

🔥

The Week in Ransomware - January 12th 2024 - Targeting homeowners' data

BLEEPINGCOMPUTER.COM — 12 Jan 2024

🕵️

Funding, acquisitions, AI, CES, and dumpster fires kick off security for 2024! - ESW #345

YOUTUBE.COM — 2024-01-12

🕵️

ISC Stormcast For Friday, January 12th, 2024 https://isc.sans.edu/podcastdetail/8808, (Fri, Jan 12th)

ISC.SANS.EDU — 12 Jan 2024

🕵️

One File, Two Payloads, (Fri, Jan 12th)

ISC.SANS.EDU — 12 Jan 2024

🕵️

Threat Actors Increasingly Abusing GitHub for Malicious Purposes

THEHACKERNEWS.COM — 12 Jan 2024

🕵️

Qbot Malware Via FakeUpdates Leads the Race of Malware Attacks

GBHACKERS.COM — 12 Jan 2024

🕵️

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise

SECURITYWEEK.COM — 12 Jan 2024

🕵️

Russian Hackers Likely Not Involved in Attacks on Denmark’s Critical Infrastructure

SECURITYWEEK.COM — 12 Jan 2024

🕵️

Splunk Patched Critical Vulnerabilities in Enterprise Security

GBHACKERS.COM — 12 Jan 2024

🕵️

In Other News: WEF’s Unsurprising Cybersecurity Findings, KyberSlash Cryptography Flaw

SECURITYWEEK.COM — 12 Jan 2024

🕵️

Framework says hackers accessed customer data after phishing attack on accounting partner

TECHCRUNCH.COM — 12 Jan 2024

🕵️

News alert: Trimarc launches Active Directory security posture tool for enterprise, M&A

LASTWATCHDOG.COM — 12 Jan 2024

🕵️

Palo Alto Networks Recognized as a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP)

PALOALTONETWORKS.COM — 12 Jan 2024

🕵️

Smart Cars, Microsoft, Layoffs, PyTorch, Mandiant, SEC, Aaran Leyland, and More News - SWN #353

YOUTUBE.COM — 2024-01-12

🕵️

ISMG Editors: Will We Ever Get a Handle on API Security?

DATABREACHTODAY.CO.UK — 2024-01-12

🕵️

Friday Squid Blogging: Giant Squid from Newfoundland in the 1800s

SCHNEIER.COM — 2024-01-12

🕵️

Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

MICROSOFT.COM — 12 Jan 2024

🌐

Cyber Insecurity and Misinformation Top WEF Global Risk List

INFOSECURITY-MAGAZINE.COM — 12 Jan 2024

🌐

New Class Of CI/CD Attacks Could Have Led To PyTorch Supply Chain Compromise

PACKETSTORMSECURITY.COM — 12 Jan 2024

🌐

eBay Pays $3M Penalty For Cyber-Stalking Newsletter Critics

PACKETSTORMSECURITY.COM — 12 Jan 2024

🎙️

Cyber Security Today, Week in Review for the week ending Friday, Jan. 12, 2024

CYBERSECURITYTODAY.LIBSYN.COM — 12 Jan 2024

📡

Hyundai Motor India fixes bug that exposed customers’ personal data

TECHCRUNCH.COM — 12 Jan 2024

📡

EMEA Panel Discussion featuring Forrester Analyst | A CISO Guide to Calculating the ROI of Prisma Cloud Based on the Commissioned TEI Study

DATABREACHTODAY.CO.UK — 2024-01-12

📡

Researchers Develop Technique to Prevent Software Bugs

HELPNETSECURITY.COM — 12 Jan 2024

📡

Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO

THEHACKERNEWS.COM — 12 Jan 2024

📡

Fake Recruiters Defraud Facebook Users via Remote Work Offers

DARKREADING.COM — 12 Jan 2024

📡

Bitwarden Adds Passkey Support to Log Into Web Password Vaults

BLEEPINGCOMPUTER.COM — 12 Jan 2024

📡

Prolific ShinyHunters Hacker Jailed, Ordered To Repay $5 Million

PACKETSTORMSECURITY.COM — 12 Jan 2024

📡

UAE Faces Fresh Plague of Phishing Scams, Poisoned Searches

DARKREADING.COM — 12 Jan 2024

📡

What is the principle of least privilege? | Kaspersky official blog

KASPERSKY.COM — 12 Jan 2024

📡

Sophos named a Leader in 2023 Gartner®️ Magic Quadrant™️ for Endpoint Protection Platforms

SOPHOS.COM — 12 Jan 2024

📡

Lessons from SEC's X account hack – Week in security with Tony Anscombe

WELIVESECURITY.COM — 12 Jan 2024