🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
29 Nov KEVZyxel Firewall Vulnerability Actively Exploited in AttacksZyxel has announced awareness of active exploitation attempts by threat actors targeting their firewall products. This follows a detailed report by cybersecurity firm Sekoia highlighting vulnerabilities previously disclosed in Zyxel’s systems. The company has responded swif…GBHACKERS.COM
29 Nov KEVMicrosoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active AttacksMicrosoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an "Exploitation Detec…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 11[−]
29 NovExternal Attack Surface Management (EASM): Mit diesen vier Schritten minimieren Sie das CyberrisikoIT-Security-Verantwortliche sollten die Angriffsfläche permanent analysieren und schützen. Dazu müssen sie stets im Blick haben, welche Assets über das Internet erreichbar sind. Foto: NicoElNino – shutterstock.com Von IoT-Devices über Cloud -basierte Infrastrukturen, Web-Applikat…CSOONLINE.COM
29 NovPhishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM AttacksCybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. "This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers…THEHACKERNEWS.COM
29 NovPopular game script spoofed to infect thousands of game developersA malware loader, now named GodLoader, has been observed to be using Godot, a free and open-source game engine, as its runtime to execute malicious codes and has dropped known malware on at least 17,000 machines. Unaware users of the engine — which helps create 2D and 3D games an…CSOONLINE.COM
29 NovAI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. ElectionsA Moscow-based company sanctioned by the U.S. earlier this year has been linked to yet another influence operation designed to turn public opinion against Ukraine and erode Western support since at least December 2023. The covert campaign undertaken by Social Design Agency (SDA),…THEHACKERNEWS.COM
29 NovWarning: Patch Advantech Industrial Wireless Access PointsResearchers Discover 20 Critical Flaws Attackers Could Exploit in a Variety of Ways Researchers identified 20 critical vulnerabilities in a type of Advantech industrial-grade wireless access point that's widely deployed across critical infrastructure environments. Attackers could…DATABREACHTODAY.CO.UK
29 NovNew Windows Server 2012 zero-day gets free, unofficial patchesFree unofficial security patches have been released through the 0patch platform to address a zero-day vulnerability introduced over two years ago in the Windows Mark of the Web (MotW) security mechanism. [...]BLEEPINGCOMPUTER.COM
29 NovRussia arrests cybercriminal Wazawaka for ties with ransomware gangsRussian law enforcement has arrested and indicted notorious ransomware affiliate Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin) for developing malware and his involvement in several hacking groups. [...]BLEEPINGCOMPUTER.COM
29 NovJust Like Windows: Linux Targeted by First-Ever UEFI BootkitLinux-Targeting Bootkitty Appears More Proof-of-Concept Than Threat, Researchers Say Cybersecurity researchers have discovered the first-ever UEFI bootkit designed to target Linux systems and subvert their boot process for malicious purposes. The "Bootkitty" malware, first upload…DATABREACHTODAY.CO.UK
29 NovLab401 black friday / cyber monday sale with hamster huntsubmitted by taaz to cybersecurity 1 points | 0 comments cross-posted from: biglemmowski.win/post/3682899 lab401.com (I guess one of the bigger supplier/e-shop of hacking tools in EU) has a sale going on. If you are interested you can check it out but I have another question, has…INFOSEC.PUB
29 NovLab401 black friday / cyber monday sale with hamster huntsubmitted by taaz to cybersecurity 1 points | 0 comments lab401.com (I guess one of the bigger supplier/e-shop of hacking tools in EU) has a sale going on. If you are interested you can check it out but I have another question, has anyone actually found the hamster? I’ve even sta…SH.ITJUST.WORKS
29 NovThis month in security with Tony Anscombe – November 2024 editionZero days under attack, a new advisory from 'Five Eyes', thousands of ICS units left exposed, and mandatory MFA for all – it's a wrap on another month filled with impactful cybersecurity newsWELIVESECURITY.COM
📢 SECURITY ADVISORIES 3[−]
29 NovU.S. Citizen Sentenced for Spying on Behalf of China's Intelligence AgencyA 59-year-old U.S. citizen who immigrated from the People's Republic of China (PRC) has been sentenced to four years in prison for conspiring to act as a spy for the country and sharing sensitive information about his employer with China's principal civilian intelligence agency. …THEHACKERNEWS.COM
29 NovCloudflare-Vorfall führt zu massivem Verlust an LogsUnzureichend getestete Systeme und falsch konfigurierte Schutzmechanismen haben zu einem massiven Datenverlust geführt. T. Schneider/shutterstock.com Am 14. November 2024 führte eine Fehlkonfiguration bei Cloudflare dazu, dass 55 Prozent der Kundenprotokolle verloren gingen. Dies…CSOONLINE.COM
🔥 INCIDENT REPORTING 7[−]
29 NovUK Healthcare Provider Hit by Cyberattack, Services AffectedWirral University Teaching Hospital in the UK has been hit by a targeted cyberattack, leading to the declaration of a major incident. The cyberattack has affected the hospital’s IT systems, necessitating a shift from digital to paper-based processes in certain areas. A spok…GBHACKERS.COM
29 NovUK hospital, hit by cyberattack, resorts to paper and postpones proceduresA British hospital is grappling with a major cyberattack that has crippled its IT systems and disrupted patient care. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
29 NovRansomware-Trend: Hacker mit ZerstörungsdrangHacker setzen bei Ransomware-Angriffen immer häufiger auf Zerstörung und nicht mehr “nur” auf Erpressung. Gearstd – Shutterstock.com Ransomware zählt nach wie vor zu den größten Cyberbedrohungen für Unternehmen. Bei einer Umfrage des Sicherheitsanbieters Cohesity ( PDF ) geben 83…CSOONLINE.COM
29 NovIn Other News: OPPC Breach Impacts 1.7M, US Soldier Suspected in Snowflake Hack, Cloudflare Loses LogsNoteworthy stories that might have slipped under the radar: OnePoint Patient Care data breach impact doubles, a US soldier may have been involved in the Snowflake hack, Cloudflare lost customer logs. The post In Other News: OPPC Breach Impacts 1.7M, US Soldier Suspected in Snowfl…SECURITYWEEK.COM
29 Nov600,000+ Sensitive Records Exposed From Background Checks Service ProviderA publicly exposed database has left the sensitive information of hundreds of thousands of individuals vulnerable to potential misuse. Not protected by passwords or encryption, the database contained 644,869 PDF files, totaling 713.1 GB, exposing a treasure trove of personal info…GBHACKERS.COM
29 NovRansomware spreading through Microsoft Teams - Cybersecurity Insiderssubmitted by kid to cybersecurity 2 points | 0 comments https://www.cybersecurity-insiders.com/ransomware-spreading-through-microsoft-teams/SH.ITJUST.WORKS
29 NovBologna FC confirms data breach after RansomHub ransomware attackBologna Football Club 1909 has confirmed it suffered a ransomware attack after its stolen data was leaked online by the RansomHub extortion group. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 13[−]
29 NovQuickie: Mass BASE64 Decoding, (Fri, Nov 29th)I was asked how one can decode a bunch of BASE64 encoded IOCs with my tools.
ISC.SANS.EDU
29 NovSecurity-FinOps collaboration can reap hidden cloud benefits: 11 tipsFor enterprises operating on the cloud, security and cost management are rising concerns. Typically, these issues are addressed in silos, with cyber teams and FinOps teams pursuing their charters and priorities separately — and with little thought given to collaboration opportuni…CIO.COM
29 NovUniswap Labs to Offer $15.5 Million Bounty for Bug HuntersUniswap Labs has launched a $15.5 million bug bounty program to ensure the security of its latest protocol, Uniswap v4. This substantial bounty is the largest ever offered in the history of the DeFi sector. Uniswap v4 represents the latest evolution of the Uniswap Protocol, marki…GBHACKERS.COM
29 NovNew Phishing Attack Targeting Corporate Internet Banking UsersA sophisticated phishing scam has surfaced in Japan, targeting corporate internet banking users. This attack, which has rapidly gained attention nationwide, involves fraudsters impersonating bank representatives to deceive victims into providing sensitive banking information. The…GBHACKERS.COM
29 NovRace Condition Attacks against LLMsThese are two attacks against the system components surrounding LLMs: We propose that LLM Flowbreaking, following jailbreaking and prompt injection, joins as the third on the growing list of LLM attack types. Flowbreaking is less about whether prompt or response guardrails can be…SCHNEIER.COM
29 NovISMG Editors: Major Crypto Mixer Decision Redefines RulesAlso: Gen AI's Impact on Privacy; Cybersecurity Reasons To Be Thankful In the latest weekly update, ISMG editors discussed Tornado Cash's landmark legal victory and what it means for crypto mixers, the impact of artificial intelligence on data privacy, and advancements in cyberse…DATABREACHTODAY.CO.UK
29 NovPrivacy Vendor Market Moves From Point to Platform SolutionsPwC's Anirban Sengupta Details Privacy Landscape, Growing Awareness in India Market The privacy vendor market in India is evolving rapidly, as many vendors move from offering point solutions to embracing more integrated, platform solutions that can handle a broader range of priva…DATABREACHTODAY.CO.UK
29 NovBlack Friday Bug Bounty Edition: Microsoft's $4M Bug Bounty Challenge!This Black Friday, the biggest deal isn’t on gadgets—it’s in tech security! 💻 Companies have set aside a massive $4M bug bounty pool for hackers to find vulnerabilities in AI and cloud systems. 🕵️♂️ With just 2 months to go, the clock is ticking for ethical hackers to cash in! T…YOUTUBE.COM
29 NovEU Nations That Missed NIS2 Deadline Put On NoticeEuropean Commission Opens Infringement Procedures Against 23 EU Member States The European Commission on Thursday opened infringement procedures against 23 EU member states that missed a mid-October deadline for implementing the NIS2 Directive, as well 24 EU members that missed a…DATABREACHTODAY.CO.UK
29 NovPhishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attackssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2024/11/phishing-as-service-rockstar-2fa.htmlSH.ITJUST.WORKS
29 NovTerms & Acronyms pt.2 - SWN VaultCheck out this episode from the SWN vault, originally published on February 21, 2019! This Secure Digital Life episode was hand-picked by main host Doug White. Doug is at Vale and Russ is in charge of the show this week! Russ talks about his terms and acronyms. Russ talks about: …YOUTUBE.COM
29 NovZabbix urges upgrades after SQL injection bug disclosure • The Registersubmitted by kid to cybersecurity 1 points | 0 comments https://go.theregister.com/feed/www.theregister.com/2024/11/29/zabbix_urges_upgrades_after_critical/SH.ITJUST.WORKS
29 NovFriday Squid Blogging: Squid-Inspired Needle TechnologyInteresting research : Using jet propulsion inspired by squid, researchers demonstrate a microjet system that delivers medications directly into tissues, matching the effectiveness of traditional needles. Blog moderation policy.SCHNEIER.COM
🎙️ PODCASTS 1[−]
29 NovHow NOT Selling at RSA Led to Better Results! 🧠At RSA, we took a bold approach: no selling, just listening! Instead of pushing our product, we invited industry experts into a private suite to give us raw, unfiltered feedback. Here's why that decision turned out to be our best move yet. Watch how market feedback—especially the…YOUTUBE.COM
📡 INFOSEC NEWS 6[−]
29 NovThe Growing Quantum Threat to Enterprise Data: What Next?Key Steps for Navigating the Cybersecurity Transition to Quantum-Safe Cryptography As quantum computing continues to evolve, cybersecurity professionals and enterprise leaders must grapple with a future where current encryption technologies - on which our entire digital infrastru…DATABREACHTODAY.CO.UK
29 NovUS Thanksgiving Holiday: Cyber Security TodayA quick not to say that in our tradition of observing Holidays in both the US and Canada, we'll be taking the weekend off. We'll be back on Monday morning, bright and early with the Cyber Security News,CYBERSECURITYTODAY.LIBSYN.COM
29 NovProtecting Tomorrow's World: Shaping the Cyber-Physical FutureThe lines between digital and physical realms increasingly blur. While this opens countless opportunities for businesses, it also brings numerous challenges. In our recent webinar, Shaping the Cyber-Physical Future: Trends, Challenges, and Opportunities for 2025, we explored the …THEHACKERNEWS.COM
29 NovOvercoming Identity and Access Challenges in HealthcareThird-party access management poses significant cybersecurity risks in healthcare, but continuous identity management and monitoring can help mitigate those risks, said Jim Routh, chief trust officer at Saviynt.DATABREACHTODAY.CO.UK
29 NovNew Rockstar 2FA phishing service targets Microsoft 365 accountsA new phishing-as-a-service (PhaaS) platform named 'Rockstar 2FA' has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials. [...]BLEEPINGCOMPUTER.COM