matlock.ca // THREAT INTELLIGENCE

121Articles

9Categories

2024-12-03Date

🚨

CISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-45727 North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability CVE-2024-11680 Project…

KEVCISA.GOV — Tue, 03 Dec 24 1

🐛

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

GBHACKERS.COM — 03 Dec 2024

🐛

Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability

KEVSECURITYWEEK.COM — 03 Dec 2024

🐛

SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer

CSOONLINE.COM — 03 Dec 2024

🐛

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

THEHACKERNEWS.COM — 03 Dec 2024

⚠️

Why identity security is your best companion for uncharted compliance challenges

CSOONLINE.COM — 03 Dec 2024

⚠️

Intelligent Privilege Controls™: A quick guide to secure every identity

CSOONLINE.COM — 03 Dec 2024

⚠️

CIO POV: Building trust in cyberspace

KEVCSOONLINE.COM — 03 Dec 2024

⚠️

Der Weg zum nachhaltigen Cyberschutz

CSOONLINE.COM — 03 Dec 2024

⚠️

Want to be a cybersecurity pro? Use generative AI to get some simulated training

CSOONLINE.COM — 03 Dec 2024

⚠️

152: Stacc Attack

DARKNETDIARIES.COM — 03 Dec 2024

⚠️

Gafgyt Malware Targeting Docker Remote API Servers

TRENDMICRO.COM — 03 Dec 2024

⚠️

Salesforce Applications Vulnerability Could Allow Full Account Takeover

GBHACKERS.COM — 03 Dec 2024

⚠️

No guarantees of payday for ransomware gang that claims to have hacked children’s hospital

BITDEFENDER.COM — 03 Dec 2024

⚠️

EU enacts new laws to strengthen cybersecurity defenses and coordination

CSOONLINE.COM — 03 Dec 2024

⚠️

NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise

THEHACKERNEWS.COM — 03 Dec 2024

⚠️

Salesforce Applications Vulnerability Could Allow Full Account Takeover

SH.ITJUST.WORKS — 3 Dec 2024

⚠️

Cisco Confirms Active Exploitation of Decade-Old WebVPN Vulnerability in ASA Software

SH.ITJUST.WORKS — 3 Dec 2024

⚠️

The shocking speed of AWS key exploitation - Help Net Security

SH.ITJUST.WORKS — 3 Dec 2024

⚠️

Why Phishers Love New TLDs Like .shop, .top and .xyz

KREBSONSECURITY.COM — 03 Dec 2024

⚠️

Inside Akira Ransomware's Rust Experiment

INFOSEC.PUB — 3 Dec 2024

⚠️

Möglicher Cyberangriff: IT-Ausfall bei Medion

CSOONLINE.COM — 03 Dec 2024

⚠️

Police seize Matrix encrypted chat service after spying on criminals

BLEEPINGCOMPUTER.COM — 03 Dec 2024

⚠️

CISA Releases Eight Industrial Control Systems Advisories

CISA.GOV — Tue, 03 Dec 24 1

⚠️

US Expands List of Chinese Technology Companies Under Export Controls

SECURITYWEEK.COM — 03 Dec 2024

⚠️

CISA and Partners Release Joint Guidance on PRC-Affiliated Threat Actor Compromising Networks of Global Telecommunications Providers

CISA.GOV — Tue, 03 Dec 24 1

⚠️

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

GBHACKERS.COM — 03 Dec 2024

⚠️

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

GBHACKERS.COM — 03 Dec 2024

⚠️

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

GBHACKERS.COM — 03 Dec 2024

⚠️

Adding Observability with OpenTelemetry - Adriana Villela - ASW #309

YOUTUBE.COM — 2024-12-03

⚠️

Police seize Matrix encrypted chat service after spying on criminals

SH.ITJUST.WORKS — 3 Dec 2024

⚠️

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

SH.ITJUST.WORKS — 3 Dec 2024

⚠️

Veeam warns of critical RCE bug in Service Provider Console

BLEEPINGCOMPUTER.COM — 03 Dec 2024

⚠️

Exploit released for critical WhatsUp Gold RCE flaw, patch now

BLEEPINGCOMPUTER.COM — 03 Dec 2024

⚠️

Celebrating 200 Episodes of Cloud Security Podcast by Google and Thanks for all the Listens!

MEDIUM.COM — 03 Dec 2024

⚠️

Phishing Attacks Impersonating Big Brands Starts to Zero in on Just One Brand

KNOWBE4.COM — 03 Dec 2024

⚠️

US says Chinese hackers are still lurking in American phone networks

TECHCRUNCH.COM — 03 Dec 2024

⚠️

Privilege Escalation Nightmare in Zabbix!

YOUTUBE.COM — 2024-12-03

⚠️

16 Zero-Days Uncovered in Fuji Electric Monitoring Software

DATABREACHTODAY.CO.UK — 2024-12-03

⚠️

First-ever Linux UEFI bootkit turns out to be research project

CSOONLINE.COM — 03 Dec 2024

⚠️

New era of slop security reports for open source

INFOSEC.PUB — 3 Dec 2024

⚠️

BlackBerry Highlights Rising Software Supply Chain Risks in Malaysia

CSOONLINE.COM — 03 Dec 2024

📢

Algorithms Are Coming for Democracy—but It’s Not All Bad

SCHNEIER.COM — 2024-12-03

📢

UK Ministry of Defense MoD passwords leaked on Dark Web - Cybersecurity Insiders

SH.ITJUST.WORKS — 3 Dec 2024

📢

CISA, NSA, FBI and International Partners Publish Guide for Protecting Communications Infrastructure

CISA.GOV — Tue, 03 Dec 24 1

📢

CISA and Partners Release Joint Guidance on PRC-Affiliated Threat Actor Compromising Networks of Global Telecommunications Providers

INFOSEC.PUB — 3 Dec 2024

📢

No more punched tape and CDs? NCSC promises progress on £2.6 billion cryptographic key overhaul

SH.ITJUST.WORKS — 3 Dec 2024

📢

Police seizes largest German online crime marketplace, arrests admin

BLEEPINGCOMPUTER.COM — 03 Dec 2024

📢

Hardware Security Failure Scenarios

INFOSEC.PUB — 3 Dec 2024

📢

New EU Regulation Establishes European ‘Cybersecurity Shield’

SECURITYWEEK.COM — 03 Dec 2024

📢

US shares tips to block hackers behind recent telecom breaches

BLEEPINGCOMPUTER.COM — 03 Dec 2024

📢

FBI Tells Telecom Firms to Boost Security Following Wide-Ranging Chinese Hacking Campaign

SECURITYWEEK.COM — 03 Dec 2024

📢

Achieving cybersecurity compliance in 5 steps

WELIVESECURITY.COM — 03 Dec 2024

🔥

US government contractor ENGlobal says operations are ‘limited’ following cyberattack

TECHCRUNCH.COM — 03 Dec 2024

🔥

Energy Sector Contractor ENGlobal Targeted in Ransomware Attack

SECURITYWEEK.COM — 03 Dec 2024

🔥

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

GBHACKERS.COM — 03 Dec 2024

🔥

Third-party access: The overlooked risk to your data protection plan

SECURITYINTELLIGENCE.COM — 03 Dec 2024

🔥

International operation takes down another encrypted messaging service used by criminals | Europol

SH.ITJUST.WORKS — 3 Dec 2024

🔥

Vodka maker Stoli files for bankruptcy in US after ransomware attack

BLEEPINGCOMPUTER.COM — 03 Dec 2024

🕵️

Humble Tech Book Bundle: Hacking 2024 by No Starch

PROGRAMMING.DEV — 3 Dec 2024

🕵️

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

GBHACKERS.COM — 03 Dec 2024

🕵️

ISC Stormcast For Tuesday, December 3rd, 2024 https://isc.sans.edu/podcastdetail/9238, (Tue, Dec 3rd)

ISC.SANS.EDU — 03 Dec 2024

🕵️

Palo Alto Networks — the 2024 AWS Global Technology Partner of the Year

PALOALTONETWORKS.COM — 03 Dec 2024

🕵️

Russia Sentenced Hydra Dark Web Market Developer for Life Time

GBHACKERS.COM — 03 Dec 2024

🕵️

Feds Propose AI 'Guardrails' for Medicare Advantage Plans

DATABREACHTODAY.CO.UK — 2024-12-03

🕵️

ElizaRAT: Enhancing C2 Communication Through Google, Telegram, & Slack Services

GBHACKERS.COM — 03 Dec 2024

🕵️

Extracting Files Embedded Inside Word Documents, (Tue, Dec 3rd)

ISC.SANS.EDU — 03 Dec 2024

🕵️

The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation

INFOSEC.PUB — 3 Dec 2024

🕵️

"Oh, sh*t! I actually opened the document!": An Empirical Study of the Experiences with Suspicious Emails in Virtual Reality Headsets

INFOSEC.PUB — 3 Dec 2024

🕵️

Protect Your Secrets: Understanding and Measuring Data Exposure in VSCode Extensions

INFOSEC.PUB — 3 Dec 2024

🕵️

Exposing LLM Vulnerabilities: Adversarial Scam Detection and Performance

INFOSEC.PUB — 3 Dec 2024

🕵️

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

THEHACKERNEWS.COM — 03 Dec 2024

🕵️

Darknet Diaries: Ep 152: Stacc Attack

INFOSEC.PUB — 3 Dec 2024

🕵️

China Is Outpacing US in Critical Tech Research Investments

DATABREACHTODAY.CO.UK — 2024-12-03

🕵️

North Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secrets

BITDEFENDER.COM — 03 Dec 2024

🕵️

Hackers Stole $1.49 Billion in Cryptocurrency to Date in 2024

SECURITYWEEK.COM — 03 Dec 2024

🕵️

Korea arrests CEO for adding DDoS feature to satellite receivers

SH.ITJUST.WORKS — 3 Dec 2024

🕵️

760,000 Employee Records From Several Major Firms Leaked Online

SECURITYWEEK.COM — 03 Dec 2024

🕵️

Windows Sockets: From Registered I/O to SYSTEM Privileges

INFOSEC.PUB — 3 Dec 2024

🕵️

SmokeLoader Attack Targets Companies in Taiwan

INFOSEC.PUB — 3 Dec 2024

🕵️

CyberheistNews Vol 14 #49 [Heads Up] Bad Actor Uses Deepnude AI Image Generator to Lure And Infect Users

KNOWBE4.COM — 03 Dec 2024

🕵️

Hacker Conversations: Dan McInerney and Puzzle-Driven Hacking

SECURITYWEEK.COM — 03 Dec 2024

🕵️

Ad fraud on large online platforms

INFOSEC.PUB — 3 Dec 2024

🕵️

Cloud Security: Lessons Learned and Applied to Emerging Tech - Bertrum Carroll - CSP #203

YOUTUBE.COM — 2024-12-03

🕵️

Apple espionage on its employees iPhones and iCloud accounts

SH.ITJUST.WORKS — 3 Dec 2024

🕵️

Vendors Unveil New Cloud Security Products, Features at AWS re:Invent 2024

SECURITYWEEK.COM — 03 Dec 2024

🕵️

Fuzzing Barcodes, Fuzzing with AI, AI vs. Scammers, CWEs, Repo Swatting - ASW #309

YOUTUBE.COM — 2024-12-03

🕵️

News alert: Sweet Security releases its evolutionary Cloud Native Detection and Response platform

LASTWATCHDOG.COM — 03 Dec 2024

🕵️

Detailing the Attack Surfaces of the WolfBox E40 EV Charger

INFOSEC.PUB — 3 Dec 2024

🕵️

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

SH.ITJUST.WORKS — 3 Dec 2024

🕵️

And the Winner of The Inside Man Biggest Fan Contest 2024 is…

KNOWBE4.COM — 03 Dec 2024

🕵️

AWS Unveils Future of Enterprise AI and Cloud at re:Invent

DATABREACHTODAY.CO.UK — 2024-12-03

🕵️

The Duality of AI: Enhancing and Securing Gen AI Models

DATABREACHTODAY.CO.UK — 2024-12-03

🕵️

No Timeline for Evicting Chinese Hackers from US Networks

DATABREACHTODAY.CO.UK — 2024-12-03

🕵️

Malicious Google Ads Target Users Seeking Solutions to Printer Problems

KNOWBE4.COM — 03 Dec 2024

🕵️

ISIS, Enron, Tor, Scams, Wintermute, Zabbix, Josh Marpet and more... - SWN #434

YOUTUBE.COM — 2024-12-03

🕵️

Repeat offenders drive bulk of tech support scams via Google Ads

INFOSEC.PUB — 3 Dec 2024

🕵️

Hunting Payroll Pirates: Silent Push Tracks HR Redirect Phishing Scam

INFOSEC.PUB — 3 Dec 2024

🕵️

Korean Firm Sold Satellite Receivers With DDoS Feature

DATABREACHTODAY.CO.UK — 2024-12-03

🕵️

Hello, this is your chatbot leaking: WotNot exposes 346K sensitive customer files

INFOSEC.PUB — 3 Dec 2024

🕵️

Cloudflare’s developer domains increasingly abused by threat actors

BLEEPINGCOMPUTER.COM — 03 Dec 2024

🕵️

European Police Disrupts Matrix Encrypted Service

DATABREACHTODAY.CO.UK — 2024-12-03

🕵️

GoodRx Agrees to Pay $25M to Settle Web Tracker Lawsuit

DATABREACHTODAY.CO.UK — 2024-12-03

🕵️

'Horns&Hooves' Malware Campaign Hits Over 1,000 Victims

DATABREACHTODAY.CO.UK — 2024-12-03

🕵️

Sixgen's Kyrus Acquisition Boosts National Cybersecurity

DATABREACHTODAY.CO.UK — 2024-12-03

🌐

Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads

THEHACKERNEWS.COM — 03 Dec 2024

🌐

FTC bans two data brokers from collecting and selling Americans’ sensitive location data

TECHCRUNCH.COM — 03 Dec 2024

🌐

FTC bans data brokers from selling Americans’ sensitive location data

BLEEPINGCOMPUTER.COM — 03 Dec 2024

🌐

The Unseen Obstacle That Almost Broke My Startup

YOUTUBE.COM — 2024-12-03

🎙️

The AI Fix #27: Why is AI full of real-life Bond villains?

GRAHAMCLULEY.COM — 03 Dec 2024

📡

US agency proposes new rule blocking data brokers from selling Americans’ sensitive personal data

TECHCRUNCH.COM — 03 Dec 2024

📡

Corrupted Microsoft Office Documents Used In Phishing Campaign

PACKETSTORMSECURITY.COM — 03 Dec 2024

📡

Meta Says It Has Taken Down 20 Covert Influence Ops In 2024

PACKETSTORMSECURITY.COM — 03 Dec 2024

📡

Russia Gives Life Sentence To Hydra Dark Web Kingpin After Seizing A Ton Of Drugs

PACKETSTORMSECURITY.COM — 03 Dec 2024

📡

Apple Illegally Surveilled and Censored Workers, Employee Lawsuit Says

PACKETSTORMSECURITY.COM — 03 Dec 2024

📡

Severity Of Risk Facing The UK Is Widely Underestimated

PACKETSTORMSECURITY.COM — 03 Dec 2024

📡

Hackers Stole $1.49 Billion In Cryptocurrency To Date In 2024

PACKETSTORMSECURITY.COM — 03 Dec 2024

📡

760k Employee Records From Major Firms Leaked Online

PACKETSTORMSECURITY.COM — 03 Dec 2024

📡

Sophos named a Gartner® Peer Insights™ Customers’ Choice for Managed Detection and Response (MDR) Services for the 2nd time

SOPHOS.COM — 03 Dec 2024

📡

Joint guidance on enhanced visibility and hardening for communications infrastructure

CYBER.GC.CA — 2024-12-03

📡

Undeclared functionality in machine learning systems

KASPERSKY.COM — 03 Dec 2024