🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
28 NovCritical Jenkins Vulnerability Let Attackers Trigger DoS & Inject ScriptsA series of vulnerabilities have been identified, posing significant risks to the system’s security. These vulnerabilities could allow attackers to trigger denial of service (DoS) attacks and execute script injections, as highlighted in recent advisories. Denial of Service …GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 19[−]
28 NovCloudflare says it lost 55% of logs pushed to customers for 3.5 hourssubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cloudflare-says-it-lost-55-percent-of-logs-pushed-to-customers-for-35-hours/ Internet security giant Cloudflare announced that it lost 55% of all logs pushed to customers ove…SH.ITJUST.WORKS
28 NovHackers abuse popular Godot game engine to infect thousands of PCssubmitted by BrikoX to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/new-godloader-malware-infects-thousands-of-gamers-using-godot-scripts/ Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engi…SH.ITJUST.WORKS
28 NovEuropol Dismantled Major Illegal IPTV Streaming Network ProvidersIn a major crackdown on illegal streaming, law enforcement authorities across Europe, supported by Europol and Eurojust, have successfully dismantled one of the largest illegal streaming networks operating both within and outside the EU. The extensive operation targeted a network…GBHACKERS.COM
28 NovInteger Overflow vulnerability - Windows operating system.submitted by Joker to cybersecurity 2 points | 0 comments https://ssd-disclosure.com/ssd-advisory-ksthunk-sys-integer-overflow-pe/INFOSEC.PUB
28 NovDie gefährlichsten Software-Schwachstellen 2024MITRE hat die 25 häufigsten und schwerwiegendsten Software-Schwachstellen des Jahres 2024 ermittelt. solarseven/shutterstock.com Die US-Cybersicherheitsbehörde CISA und die Non-Profit-Organisation MITRE haben ein Ranking veröffentlicht, das Auskunft über die 25 gefährlichsten Sof…CSOONLINE.COM
28 NovNew Windows 11 Vulnerability Lets Attackers Elevate PrivilegesA new vulnerability has been discovered in Windows 11, specifically affecting the 23H2 version. This vulnerability is identified in the ksthunk.sys driver, allows attackers to exploit an integer overflow in the CKSAutomationThunk::ThunkEnableEventIrp function to escalate their pr…GBHACKERS.COM
28 NovCybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform MalwareA popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers m…THEHACKERNEWS.COM
28 NovMicrosoft Patches Exploited Vulnerability in Partner Network WebsiteMicrosoft informed customers that vulnerabilities affecting cloud, AI and other services have been patched, including an exploited flaw. The post Microsoft Patches Exploited Vulnerability in Partner Network Website appeared first on SecurityWeek .SECURITYWEEK.COM
28 NovResearchers Detailed New Exfiltration Techniques Used By Ransomware GroupsRansomware groups and state-sponsored actors increasingly exploit data exfiltration to maximize extortion and intelligence gains by leveraging a mix of custom and legitimate tools to steal sensitive data, including financial, personal, and classified information. To mitigat…GBHACKERS.COM
28 NovNew Skimmer Malware Steals Credit Card Data From Checkout PagesA JavaScript-based malware targeting Magento eCommerce websites has been identified, which is designed to skim payment card details and activates exclusively on checkout pages. The malware dynamically generates a fraudulent credit card form or directly extracts sensitive pa…GBHACKERS.COM
28 NovSMOKEDHAM Backdoor Mimic As Legitimate Tools Leveraging Google Drive & DropboxUNC2465, a financially motivated threat actor, leverages the SMOKEDHAM backdoor to gain initial access to target networks, which are often delivered via phishing emails, trojanized software, or supply chain attacks, enabling persistence and lateral movement. Once in the network, …GBHACKERS.COM
28 NovHelldown Ransomware Attacking Windows And Linux Servers Evading DetectionHelldown Ransomware, a sophisticated cyber threat, actively targets critical industries worldwide by leveraging advanced cross-platform capabilities, including Windows and Linux, to encrypt files and exploit system vulnerabilities. Its modular design and anti-detection tech…GBHACKERS.COM
28 NovSMOKEDHAM Backdoor Mimic As Legitimate Tools Leveraging Google Drive And Dropboxsubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/smokedham-backdoor-exploit/SH.ITJUST.WORKS
28 NovMimic ransomware: what you need to knowWhat makes Mimic particularly unusual is that it exploits the API of a legitimate Windows file search tool ("Everything" by Voidtools) to quickly locate files for encryption. Find out more about the threat in my article on the Tripwire State of Security blog.TRIPWIRE.COM
28 NovMalicious NPM Package Exploits React Native Documentation Examplesubmitted by Joker to cybersecurity 1 points | 0 comments https://checkmarx.com/blog/malicious-npm-package-exploits-react-native-documentation-example/ A recent discovery revealed how official documentation can become an unexpected attack vector for supply chain attacks. It happe…INFOSEC.PUB
28 NovOver Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAPNearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allo…THEHACKERNEWS.COM
28 NovJust Like Windows: Linux Targeted by First-Ever BootkitLinux-Targeting Bootkitty Appears More Proof-of-Concept Than Threat, Researcher Say Cybersecurity researchers have discovered the first-ever bootkit designed to target Linux systems and subvert their boot process for malicious purposes. The "Bootkitty" malware, first uploaded to …DATABREACHTODAY.CO.UK
28 NovE-Trojans: Ransomware, Tracking, DoS, and Data Leaks on Battery-powered Embedded Systemssubmitted by Joker to cybersecurity 1 points | 0 comments https://arxiv.org/abs/2411.17184v1 (…) we present the first security and privacy assessment of e-scooters internals. We cover Xiaomi M365 (2016) and ES3 (2023) e-scooters and their interactions with Mi Home (their companio…INFOSEC.PUB
28 Nov2023 Funding and Acquisition Summary with Return on Security - Mike Privette - ESW VaultCheck out this episode from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on December 22, 2023. We're excited to give an end-of-year readout on the performance of the cybersecurity industry with Mike Privette, founder of Return on …YOUTUBE.COM
📋 SECURITY BULLETINS 2[−]
28 NovMicrosoft Patches Multiple Vulnerabilities Allow Attackers to Elevate PrivilegesMicrosoft has recently released patches addressing multiple vulnerabilities that could enable attackers to elevate privileges across various Microsoft products. The patches are part of Microsoft’s continuous efforts to enhance security and protect its users from threats. Th…GBHACKERS.COM
28 NovMicrosoft Re-Releasing Exchange Server Nov 2024 Security Update Fixing Transport RulesMicrosoft has re-released the November 2024 Security Update (SU) with enhancements to rectify problems encountered with transport rules. Originally rolled out on November 12, 2024, as part of its ongoing security update efforts, the initial SU (referred to as Nov 2024 SUv1 with a…GBHACKERS.COM
🔥 INCIDENT REPORTING 8[−]
28 NovUK hospital network postpones procedures after cyberattackMajor UK healthcare provider Wirral University Teaching Hospital (WUTH), part of the NHS Foundation Trust, has suffered a cyberattack that caused a systems outage leading to postponing appointments and scheduled procedures. [...]BLEEPINGCOMPUTER.COM
28 NovPro-Russian Hacktivists Launch Branded Ransomware Operationssubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/russian-hacktivists-branded/SH.ITJUST.WORKS
28 NovT-Mobile Shares More Information on China-Linked CyberattackT-Mobile has confirmed being targeted by hackers, likely China’s Salt Typhoon, but reiterated that the attack was blocked. The post T-Mobile Shares More Information on China-Linked Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
28 NovZello asks users to reset passwords after security incidentsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/zello-asks-users-to-reset-passwords-after-security-incident/SH.ITJUST.WORKS
28 NovResearchers Detailed New Exfiltration Techniques Used By Ransomware Groupssubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/new-exfiltration-techniques-ransomware/SH.ITJUST.WORKS
28 NovMimic Ransomware: What You Need To Knowsubmitted by kid to cybersecurity 1 points | 0 comments https://www.tripwire.com/state-of-security/mimic-ransomware-what-you-need-knowSH.ITJUST.WORKS
28 NovOver 600,000 Records, Including Background Checks, Vehicle, and Property Records Exposed Online by an Information Service Providersubmitted by Joker to cybersecurity 1 points | 0 comments https://www.websiteplanet.com/news/propertyrecs-breach-report/INFOSEC.PUB
28 NovBreach Roundup: Microsoft Tries Again With Windows RecallAlso: Africa Busts Cybercrime Suspects; Many Smart Devices Lack Update Transparency This week, Microsoft previews its latest attempt to introduce AI-enabled Windows Recall - now with added privacy features; over 1,000 cybercrime suspects busted in Africa; regulators report "smart…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 13[−]
28 NovSalt Typhoon’s cyberstorm reaches beyond US telcossubmitted by PhilipTheBucket to cybersecurity 1 points | 0 comments https://go.theregister.com/feed/www.theregister.com/2024/11/27/salt_typhoons_us_telcos/SH.ITJUST.WORKS
28 NovMatrix, A Single Actor Orchestrate Global DDOS Attack CampaignCybersecurity researchers have uncovered a widespread Distributed Denial-of-Service (DDoS) campaign attributed to a threat actor using the alias “Matrix.” This campaign, characterized by its global scale and the actor’s low technical sophistication, highlights t…GBHACKERS.COM
28 NovWhat is with bad password requirementssubmitted by NullNet to cybersecurity 2 points | 0 comments Small rant incomming. I just went to look at applying to Walmart, and when going to make an account their password requirements were 8-11 characters. What kinda nonsense is that? Some terribly made backend I’d assume. It…INFOSEC.PUB
28 Nov“Bootkitty” – A First Ever UEFI Bootkit Attack Linux SystemsCybersecurity researchers have uncovered the first-ever UEFI bootkit designed to target Linux systems. This discovery, named ‘Bootkitty’, marks a new chapter in UEFI threats, which have predominantly targeted Windows systems until now. The UEFI (Unified Extensible Fir…GBHACKERS.COM
28 NovShut Down Phishing Attacks -Detection & Prevention ChecklistIn today’s interconnected world, where digital communication and transactions dominate, phishing attacks have become an ever-present threat. By masquerading as trustworthy entities, phishing attacks deceive users and organizations into divulging sensitive information, such …GBHACKERS.COM
28 NovAttack Group APT-C-60 Targets Japan Using Trusted Platformssubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/aptc60-targets-japan-using-trusted/SH.ITJUST.WORKS
28 NovNorth Korean hackers have stolen billions in crypto by posing as VCs, recruiters and IT workersSecurity researchers say North Korean hackers have infiltrated hundreds of organizations with the goal of taking money and stealing data to further the regime's nuclear weapons program. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
28 NovBeluga phishing campaign targets OneDrive credentialssubmitted by Joker to cybersecurity 2 points | 0 comments https://www.threatdown.com/blog/beluga-phishing-campaign-targets-onedrive-credentials/INFOSEC.PUB
28 NovInstagram-Seite der CSU im Bundestag gehacktde-nue-pic – Shutterstock.com Die Instragram-Seite der CSU-Landesgruppe im Bundestag ist gehackt worden – es wurden kurzzeitig Pro-Palästinensische Inhalte gepostet. Das bestätigte eine Sprecherin der Landesgruppe der Deutschen Presse-Agentur. Zuvor hatte das NDR-Medienmagazin ZA…CSOONLINE.COM
28 NovAPT-C-60 Attacking HR Department With Weaponized ResumesAPT-C-60 launched a phishing attack in August 2024, targeting domestic organizations with malicious emails disguised as job applications. These emails, sent to recruitment departments, contained malware designed to compromise systems and potentially steal sensitive data. Th…GBHACKERS.COM
28 NovCryptohack Roundup: Judge Strikes Down 'Dealer Rule' ChangeAlso: Python Library Update Steals Credentials; Drug Cartels Launder With Tether This week's cryptohack roundup includes a U.S. federal judge striking down the SEC's expanded "Dealer Rule," a Python crypto library update stealing credentials, why digital payment apps are being ex…DATABREACHTODAY.CO.UK
28 NovTrump's Crypto Plans Raise Alarms Over Conflicts of InterestPresident-Elect's Crypto Push Fuels Concerns Over Market Stability and Conflicts President-elect Donald Trump's strong cryptocurrency support amid market volatility is raising concerns over potential conflicts of interest, with experts warning his agenda - including potential pla…DATABREACHTODAY.CO.UK
28 NovTor in Russia: A call for more WebTunnel bridgessubmitted by twiked to cybersecurity 1 points | 0 comments https://blog.torproject.org/call-for-webtunnel-bridges/ Their gitlab seems to be down though, that slows down the documentation and install process.INFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 1[−]
28 NovXMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto MinerCybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected system…THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
28 NovSmashing Security podcast #395: Gym hacking, disappearing DNA, and a social lockoutA Kansas City man is accused of hacking into local businesses, not to steal money, but to... get a cheaper gym membership? A DNA-testing firm has vanished, leaving customers in the dark about what's happened to their sensitive genetic data. And Australia mulls a social media ban …GRAHAMCLULEY.COM
📡 INFOSEC NEWS 10[−]
28 NovU.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline ProviderU.S. telecom service provider T-Mobile said it recently detected attempts made by bad actors to infiltrate its systems in recent weeks but noted that no sensitive data was accessed. These intrusion attempts "originated from a wireline provider's network that was connected to ours…THEHACKERNEWS.COM
28 NovTelegram Premium gift subscription scam | Kaspersky official blogCybercriminals dupe users with promises of free Telegram Premium subscriptions. Here's what's really going on.KASPERSKY.COM
28 NovThe Future of Serverless Security in 2025: From Logs to Runtime ProtectionServerless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often…THEHACKERNEWS.COM
28 NovLive Webinar | AI-Powered Data Protection: Data Security Posture Management and Navigating New FrontiersDATABREACHTODAY.CO.UK
28 NovOne Serial Number Uncovered a Stash of Stolen Goods!This $7,000 stolen camera didn’t just disappear—it became the key to cracking a massive crime ring! 📸 Using the camera’s serial number, we traced it through Craigslist, eBay, and even a Facebook profile. What started as a lost piece of gear turned into a shocking discovery of sto…YOUTUBE.COM
28 NovLive Webinar | Mastering Cloud Environments: Best Practises for Managing Azure & AWS Data SecurityDATABREACHTODAY.CO.UK
28 NovFat-Free Pizza Bites? Here’s the Catch!Ever wondered how companies trick us with their branding? 🍕 From "fat-free" snacks made with lard to AI-enabled eggs, the marketing world is full of wild claims. Dive into this short to uncover how buzzwords are being used to sell everything—and why you should always read the fin…YOUTUBE.COM
28 NovTor needs 200 new WebTunnel bridges to fight censorshipThe Tor Project has put out an urgent call to the privacy community asking volunteers to help deploy 200 new WebTunnel bridges by the end of the year to fight government censorship. [...]BLEEPINGCOMPUTER.COM
28 NovExposed on the Web: Thousands of Devices, Medical RecordsThousands of unique IP addresses are potentially exposing medical devices, electronic medical records systems and other sensitive healthcare information to the internet, said security researcher Himaja Motheram of security firm Censys, which made the discovery.DATABREACHTODAY.CO.UK
28 NovScams to look out for this holiday season‘Tis the season to be wary – be on your guard and don’t let fraud ruin your shopping spreeWELIVESECURITY.COM