🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
2 DecMediaTek Processor Vulnerabilities Let Attackers Escalate PrivilegesSeveral vulnerabilities affecting MediaTek processors have been identified, potentially allowing attackers to escalate privileges on affected devices. These vulnerabilities span multiple components, including video decoding, telephony, power management, and modem functionalities,…GBHACKERS.COM
2 Dec KEVApple Safari JavaScriptCore Remote Code Execution Flaw Exploited in the WildA critical vulnerability identified as CVE-2024-44308 has been actively exploited in the wild, affecting multiple versions of Apple Safari across iOS, visionOS, and macOS platforms. This flaw, located within WebKit’s DFG JIT compiler, poses a significant threat by allowing …GBHACKERS.COM
2 DecHPE IceWall Flaw Let Attackers cause Unauthorized Data ModificationHewlett Packard Enterprise (HPE) has issued an urgent security bulletin addressing a critical vulnerability in its IceWall product line. Identified as CVE-2024-11856, this flaw could allow attackers to remotely modify data without authorization. This flaw is capable of enabling u…GBHACKERS.COM
2 DecBootKitty UEFI malware exploits LogoFAIL to infect Linux systemsThe recently uncovered 'Bootkitty' UEFI bootkit, the first malware of its kind targeting Linux systems, exploits CVE-2023-40238, aka 'LogoFAIL,' to infect computers running on a vulnerable UEFI firmware. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 15[−]
2 DecWas ist ein Keylogger?Keylogger sind Malware der alten Schule. Lesen Sie, wie die Tools zur Tastaturüberwachung funktionieren und warum sie nicht nur etwas für Cyberkriminelle sind. IM_photo | shutterstock.com Auch wenn Keylogger schon etliche Jahre auf dem Buckel haben: Sie sind immer noch beliebt un…CSOONLINE.COM
2 DecWorking in critical infrastructure? Boost your effectiveness with these cybersecurity certificationsHybrid warfare between nation-states is imperilling critical infrastructure around the world, both physically and electronically. Since the start of the Ukraine-Russia conflict, hybrid cyber/physical attacks on satellite and communications, energy, transportation, water, and othe…CSOONLINE.COM
2 DecWindows Server 2012 0-day Vulnerability Exposes Critical Security FlawCybersecurity researchers have identified a critical 0-day vulnerability in Windows Server 2012 and Server 2012 R2. This previously unknown security flaw allows attackers to bypass the Mark of the Web (MoTW) verification on certain files, posing a significant threat to affected s…GBHACKERS.COM
2 DecINTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 MillionA global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies. The coordinated exercise saw the participation of authorities from 40 co…THEHACKERNEWS.COM
2 Dec KEVApple Safari JavaScriptCore Remote Code Execution Flaw Exploited in the Wildsubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/apple-safari-javascriptcore-remote-code-execution-flaw/SH.ITJUST.WORKS
2 DecNew Windows Server 2012 zero-day gets free, unofficial patchessubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/new-windows-server-2012-zero-day-gets-free-unofficial-patches/SH.ITJUST.WORKS
2 DecAWS launches tools to tackle evolving cloud security threatsThe increasing sophistication and scale of cyber threats pose a growing challenge for enterprises managing complex cloud environments. Security teams often face overwhelming volumes of alerts, fragmented workflows, and limited tools to identify and respond to attack patterns span…CSOONLINE.COM
2 DecDetails about the iOS Inactivity Reboot FeatureI recently wrote about the new iOS feature that forces an iPhone to reboot after it’s been inactive for a longish period of time. Here are the technical details , discovered through reverse engineering. The feature triggers after seventy-two hours of inactivity, even it is …SCHNEIER.COM
2 DecCritical Vulnerability Found in Zabbix Network Monitoring ToolA critical-severity vulnerability in open source enterprise network monitoring tool Zabbix could lead to full system compromise. The post Critical Vulnerability Found in Zabbix Network Monitoring Tool appeared first on SecurityWeek .SECURITYWEEK.COM
2 DecPhishing mit Word-Dokumenten und QR-CodeCyberkriminelle nutzen defekte Word-Dateien, um Sicherheitssoftware zu umgehen und ihre Opfer zu täuschen. JLStock/shutterstock.com Phishing ist kein neues Problem, einzig die Art und Weise wie es durchgeführt wird, verändert sich. Mal ist es Social-Engineering , mal wird auf die…CSOONLINE.COM
2 DecPrototype UEFI Bootkit is South Korean University Project; LogoFAIL Exploit DiscoveredThe 'Bootkitty' prototype UEFI bootkit contains an exploit for LogoFAIL and was created in a South Korea university program. The post Prototype UEFI Bootkit is South Korean University Project; LogoFAIL Exploit Discovered appeared first on SecurityWeek .SECURITYWEEK.COM
2 DecJust Like Windows: Linux Targeted by First-Ever UEFI Bootkit - UPDATEDLinux-Targeting Bootkitty Appears More Proof-of-Concept Than Threat, Researchers Say Cybersecurity researchers have discovered the first-ever UEFI bootkit designed to target Linux systems and subvert their boot process for malicious purposes. The "Bootkitty" malware, first upload…DATABREACHTODAY.CO.UK
2 DecPoland arrests former spy chief in Pegasus spyware probeThe former head of Poland’s internal security agency Piotr Pogonowski was forced to appear in front of a parliamentary committee investigating the alleged abuse of Pegasus spyware in the country. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
2 DecThe Cruel Twist: When Fake Firing Leads to Real HackingCybercriminals are constantly evolving their tactics to exploit our vulnerabilities. A recent phishing campaign has taken this to a new low, preying on people's fear of job loss to trick them into compromising their own security.KNOWBE4.COM
📢 SECURITY ADVISORIES 8[−]
2 DecUbuntu security advisory (AV24-685) - Canadian Centre for Cyber Securitysubmitted by Joker to cybersecurity 1 points | 0 comments https://www.cyber.gc.ca/en/alerts-advisories/ubuntu-security-advisory-av24-685INFOSEC.PUB
2 DecHundreds of UK Ministry of Defence passwords found circulating on the dark webThe login credentials of nearly 600 employees accessing a key British Ministry of Defence (MOD) employee portal have been discovered circulating on the dark web in the last four years, it has been reported. According to the i news site , the stolen credentials were for the MOD’s …CSOONLINE.COM
🔥 INCIDENT REPORTING 14[−]
2 DecAWS launches an incident response service to combat cybersecurity threatsCompanies often struggle with how to respond to cybersecurity incidents. According to one recent poll, only three out of five organizations have an incident response plan in place, and only around a third do regular drills to ensure that their plans remain effective. The conseque…TECHCRUNCH.COM
2 DecPoison Ivy APT Launches Continuous Cyber Attack on Defense, Gov, Tech & Edu SectorsResearchers uncovered the resurgence of APT-C-01, also known as the Poison Ivy group, an advanced persistent threat organization notorious for its sustained cyber attacks. This group has been actively targeting sectors such as defense, government, technology, and education since …GBHACKERS.COM
2 DecAI ChatBot Exposes 300,000 Records: Cyber Security Today for Monday, December 1, 2024Cybersecurity Incidents in Healthcare and AI Exposures In this episode, host Jim Love discusses recent cybersecurity incidents, including a major cyber attack on Wirral University Teaching Hospital in the UK, exposing healthcare vulnerabilities. An AI chatbot startup, WotNot, exp…CYBERSECURITYTODAY.LIBSYN.COM
2 DecRussian Hacker With $10 Million Bounty on His Head Reportedly ArrestedRussian authorities have reportedly arrested Mikhail Matveev, who is wanted by the US for ransomware attacks against critical infrastructure. The post Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested appeared first on SecurityWeek .SECURITYWEEK.COM
2 DecCredential Guard and Kerberos delegation, (Mon, Dec 2nd)The vast majority of red team exercises that I (and my team, of course) have been doing lately are assumed breach scenarios. In an assumed breach scenario (and we cover this in the amazing SEC565: Red Team Operations and Adversary Emulation SANS course that I also teach!) re…ISC.SANS.EDU
2 DecTwo UK Hospitals Hit by Cyberattacks, One Postponed ProceduresAlder Hey Children’s Hospital and Wirral University Teaching Hospital have fallen victim to cyberattacks, including one involving ransomware. The post Two UK Hospitals Hit by Cyberattacks, One Postponed Procedures appeared first on SecurityWeek .SECURITYWEEK.COM
2 DecRetail outages drag into second week after Blue Yonder ransomware attackA ransomware attack on supply chain software giant Blue Yonder continues to cause disruption to the company’s customers, almost two weeks after the outage first began. In a brief update to its cybersecurity incident page on Sunday, Arizona-based Blue Yonder said it is making “goo…TECHCRUNCH.COM
2 DecCybersecurity Secrets: Fragility of Ransomware Exposed!Malware isn’t as invincible as hackers want you to believe! 💻🔒 In this short, we dive into how small tweaks in your system’s settings can completely dismantle ransomware, rendering it useless. Think your system is safe? This cybersecurity secret exposes how fragile malware really…YOUTUBE.COM
2 DecRussian government confirms rare criminal charges against ransomware hackerRussian media reports says that the accused hacker is on the FBI's most wanted list. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
2 DecAWS Launches Incident Response ServiceAWS has launched Security Incident Response, a new service for quick and efficient security event management. The post AWS Launches Incident Response Service appeared first on SecurityWeek .SECURITYWEEK.COM
2 DecIndian online ID verification firm Signzy confirms security incidentThe Indian identity verification service, used by millions of customners, has confirmed a cybersecurity incident. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
2 DecRussia Indicts Ransomware Hacker Wanted by the FBISuspected LockBit, Babuk Operator Mikhail Matveev Arrested in Russia A prolific ransomware affiliate hacker and developer is facing criminal charges in Russia, Kremlin media reported Friday. Mikhail Pavlovich Matveev has been wanted by U.S. authorities since 2023 for his role in …DATABREACHTODAY.CO.UK
2 DecCyber Incidents Hit 3 NHS Hospitals in U.K.Inc Ransom is Leaking Stolen Data in At Least 2 Attacks, Including Pediatric Info At least three United Kingdom National Health Service hospitals are responding to recent cyber incidents, including a children's hospital and a heart and chest specialty hospital are both located in…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 21[−]
2 DecISC Stormcast For Monday, December 2nd, 2024 https://isc.sans.edu/podcastdetail/9236, (Mon, Dec 2nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
2 DecLinux 6.13-rc1 Released: What’s New!In a recent announcement, Linus Torvalds, the creator of Linux, officially released the first release candidate (RC1) for Linux kernel version 6.13. This release marks the end of the merge window, and for the first time in recent memory, the release cycle timing aligns favorably …GBHACKERS.COM
2 DecAmazon GuardDuty Enhanced With AI/ML Threat Detection Capabilities for Cloud SecurityAmazon has taken a significant step forward to enhance the security of its cloud environment. The introduction of advanced AI/ML threat detection capabilities in Amazon GuardDuty marks a major milestone in securing applications, workloads, and data against modern threats. This ne…GBHACKERS.COM
2 DecBeware Of Malicious PyPI Packages That Inject infostealer MalwareRecent research uncovered a novel crypto-jacking attack targeting the Python Package Index (PyPI), where malicious actors uploaded a legitimate-seeming cryptocurrency client package, “aiocpa,” to gradually build a user base. Subsequently, a malicious update was pushed…GBHACKERS.COM
2 Dec8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Playsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2024/12/8-million-android-users-hit-by-spyloan.htmlSH.ITJUST.WORKS
2 DecNovel phising campaign uses corrupted Word documents to evade securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/novel-phising-campaign-uses-corrupted-word-documents-to-evade-security/SH.ITJUST.WORKS
2 DecMicrosoft Boosts Device Security With Windows Resiliency Initiativesubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/endpoint-security/microsoft-boosts-device-security-windows-resiliency-initiativeSH.ITJUST.WORKS
2 Dec[NEW PRODUCT]: KnowBe4’s AIDA: Revolutionizing Security Awareness Training with AI-Powered Automation and PersonalizationTechnological advances in artificial intelligence (AI) are only making the ongoing problem of social engineering worse.KNOWBE4.COM
2 DecCybersecurity M&A Roundup: 49 Deals Announced in November 2024Roundup of the forty-nine cybersecurity-related merger and acquisition (M&A) deals announced in November 2024. The post Cybersecurity M&A Roundup: 49 Deals Announced in November 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
2 DecNew CleverSoar Malware Attacking Windows Users Bypassing Security MechanismsCleverSoar, a new malware installer, targets Chinese and Vietnamese users to deploy advanced tools like Winos4.0 and Nidhogg rootkit. These tools enable keylogging, data theft, security circumvention, and stealthy system control for potential long-term espionage. It was initially…GBHACKERS.COM
2 DecFollow-up on Ignite with Ask Microsoft Anything: Microsoft Security editionAI transformation starts with security. This was a major theme across the majority of the big news and reveals from Microsoft Security at Microsoft Ignite 2024. The post Follow-up on Ignite with Ask Microsoft Anything: Microsoft Security edition appeared first on Microsoft Se…MICROSOFT.COM
2 DecChina Threat Actor Targets Individuals and Entities in Japan Via Spear Phishing CampaignResearchers at Trend Micro warn that the China-aligned threat actor Earth Kasha has launched a new spear phishing campaign targeting individuals and organizations in Japan.KNOWBE4.COM
2 DecMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
2 DecSmokeLoader Campaign Targets Taiwanese CompaniesTheat Actor Uses Trojan as Infostealer A threat actor is targeting Taiwanese companies using phishing emails and long-standing vulnerabilities to deliver SmokeLoader malware. The threat actor uses plugins for the infamous malware to directly attack systems rather than using Smoke…DATABREACHTODAY.CO.UK
2 DecSecurity Money: Of Course Okta Should Be In The Index - BSW #374This week, it's time for Security Money. Of course Okta should be in the Security Weekly 25 Index, Duh! Here are all the companies that now comprise the index: SCWX Secureworks Corp PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd. RBRK Rubrik Inc GEN Gen Di…YOUTUBE.COM
2 DecDebate: Should the CISO Role Be Split or Establish Additional Leadership Roles? - BSW #374In the leadership and communications segment, Should the CISO Role Be Split?, CISO's tips for building a culture of cybersecurity, Personal Leadership and Cyber Risk — Top 3 Traits that Deliver Enterprise Level Results, and more! Visit https://www.securityweekly.com/bsw for all t…YOUTUBE.COM
2 DecThe fascinating security model of dark web marketplacessubmitted by Joker to cybersecurity 1 points | 0 comments https://boehs.org/node/dark-web-securityINFOSEC.PUB
2 DecUpwind Raises $100M to Thwart Cloud Security VulnerabilitiesFirm Focuses on Runtime Context, AI Enhancements to Counter Evolving Cloud Threats With $100 million in Series A funding, Upwind plans to strengthen its runtime and AI-powered cloud security platform. CEO Amiram Shachar outlines the company’s investments in engineering, customer …DATABREACHTODAY.CO.UK
2 DecFeds Propose AI 'Guard Rails' for Medicare Advantage PlansProvision Emphasizes Existing Medicare Regs for Equitable Access to Health Services The Centers for Medicare and Medicaid Services has issued proposed "guard rails" to help ensure that the use of artificial intelligence for Medicare Advantage insurance plans does not result in in…DATABREACHTODAY.CO.UK
2 DecChina Beating US in Critical Technology Research InvestmentsExperts Warn China's Tech Rise Could Reshape Global Cybersecurity and Warfare China has surged past the United States in critical technology research, according to a recent report published by the Australian Strategic Policy Institute, as experts warn the shift could have profoun…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 4[−]
2 Dec8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google PlayOver a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs. "These PUP (potentially unwanted programs) applications use social eng…THEHACKERNEWS.COM
2 DecSmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in TaiwanTaiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware. "SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to p…THEHACKERNEWS.COM
2 DecWhat REALLY Happens After a Cyber Event?What REALLY happens after a cyber event? 🚨 Theresa Lanowitz reveals surprising insights from a groundbreaking report on cybersecurity. From breaking down silos in IT teams to aligning with business objectives, discover the steps to achieving true cyber resilience. Learn why secur…YOUTUBE.COM
2 DecWorld Tour Survey: IT Operations’ Hands-on DefenseTrend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of cybersecurity, from job pressures to the need for more advanced tools. Explore what IT operations teams had to say.TRENDMICRO.COM
🎙️ PODCASTS 1[−]
2 DecFrom AI Expert to CEO: The Ultimate Multi-Hat Leader!Brian Carbaugh shares how Alex Thamen, their Chief Technology Officer, balances deep expertise in AI and computer vision with the many responsibilities of leading a startup. In the early stages, wearing multiple hats is key, and Alex does it all! Find out how startups rely on div…YOUTUBE.COM
📡 INFOSEC NEWS 19[−]
2 DecIndustry Moves for the week of December 2, 2024 - SecurityWeekExplore industry moves and significant changes in the industry for the week of December 2, 2024. Stay updated with the latest industry trends and shifts.SECURITYWEEK.COM
2 DecGoogle Chrome’s AI feature lets you quickly check website trustworthinessGoogle Chrome's upcoming feature uses AI to provide a summary of reviews from independent websites about the store or website you're visiting. [...]BLEEPINGCOMPUTER.COM
2 DecA Guide to Securing AI App Development: Join This Cybersecurity WebinarArtificial Intelligence (AI) is no longer a far-off dream—it’s here, changing the way we live. From ordering coffee to diagnosing diseases, it’s everywhere. But while you’re creating the next big AI-powered app, hackers are already figuring out ways to break it. Every AI app is a…THEHACKERNEWS.COM
2 DecTHN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1)Ever wonder what happens in the digital world every time you blink? Here's something wild - hackers launch about 2,200 attacks every single day, which means someone's trying to break into a system somewhere every 39 seconds. And get this - while we're all worried about regular ha…THEHACKERNEWS.COM
2 DecAttackers target sellers on message boards | Kaspersky official blogScammers on online marketplaces steal one-time codes during video calls.KASPERSKY.COM
2 DecEx-NBA athlete Omri Casspi launches $60M fund targeting cybersecurity, cloud infra and AIFormer NBA athlete Omri Casspi has raised $60 million for his latest venture fund, Swish Ventures, which will invest in early-stage cybersecurity, cloud infrastructure, and AI startups. The fund plans to back 10 companies, and will invest $5 million to $7 million per deal. Swish …TECHCRUNCH.COM
2 DecConfirmed: cloud security specialist Upwind raises $100M on a $900M valuationIn November, we broke the news on how cybersecurity startup Upwind was getting a lot of inbound interest to raise money on a big valuation. Now, we can confirm that the deal is done: Upwind has closed a Series A of $100 million. The company confirmed that the round values it at $…TECHCRUNCH.COM
2 DecMozilla really wants you to easily set Firefox as default Windows browserMozilla is testing a fresh approach that could persuade more people to switch their default browser on Windows. [...]BLEEPINGCOMPUTER.COM
2 DecDownload the Cloud Optimization Enterprise SpotlightDownload the December 2024 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World.US.RESOURCES.CSOONLINE.COM
2 DecAn Apple employee is suing the company over monitoring employee personal devicesAn Apple employee sued the tech company as part of an effort to limit the visibility employers have on personal devices used for work. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
2 DecRussia sentences Hydra dark web market leader to life in prisonRussian authorities have sentenced the leader of the criminal group behind the now-closed dark web platform Hydra Market to life in prison. [...]BLEEPINGCOMPUTER.COM
2 DecMozilla really wants you to set Firefox as default Windows browserIn an effort to turn the tide, Mozilla is testing a fresh approach that could persuade more people to switch their default browser on Windows during the installation of the browser. [...]BLEEPINGCOMPUTER.COM
2 DecKorea arrests CEO for adding DDoS feature to satellite receiversSouth Korean police have arrested a CEO and five employees for manufacturing over 240,000 satellite receivers pre-loaded or later updated to include DDoS attack functionality at a purchaser's request. [...]BLEEPINGCOMPUTER.COM
2 DecRichard Marko: Rethinking cybersecurity in the age of global challenges | Starmus HighlightsESET's CEO unpacks the complexities of cybersecurity in today’s hyper-connected world and highlights the power of innovation in stopping digital threats in their tracksWELIVESECURITY.COM
2 DecAI Configuration Best Practices to address AI Security RisksAI usage is on the rise as many companies are adopting AI for productivity gains and creation of new business opportunities which provide value to their customers.TRENDMICRO.COM