121Articles
9Categories
2024-12-03Date
🚨 CISA KEV 1[−]
3 Dec KEVCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-45727  North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability CVE-2024-11680  Project…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
3 DecTP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious CommandsA significant vulnerability has been identified in TP-Link’s HomeShield function, affecting a range of their devices, including the Archer, Deco, and Tapo series routers. This vulnerability, labeled CVE-2024-53375, allows attackers to exploit a flaw in the device firmware, …GBHACKERS.COM
3 Dec KEVCisco Warns of Attacks Exploiting Decade-Old ASA VulnerabilityCisco has updated an advisory for CVE-2014-2120 to warn customers that the vulnerability has been exploited in the wild. The post Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecSmokeLoader picks up ancient MS Office bugs to pack fresh credential stealerThreat actors are using a well-known modular malware loader, SmokeLoader, to exploit known Microsoft Office vulnerabilities and steal sensitive browser credentials. The loader which runs a framework to deploy multiple malware modules, was observed by Fortinet’s FortiGuard Labs in…CSOONLINE.COM
3 DecCisco Warns of Exploitation of Decade-Old ASA WebVPN VulnerabilityCisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's Web…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 37[−]
3 DecWhy identity security is your best companion for uncharted compliance challengesIn today’s rapidly evolving global regulatory landscape, new technologies, environments, and threats are heightening cybersecurity and data privacy concerns. In the last year, governing bodies have taken significant steps to enact stricter compliance measures—and more than ever, …CSOONLINE.COM
3 DecIntelligent Privilege Controls™: A quick guide to secure every identitySecurity used to be simpler. Employees, servers, and applications were on site. IT admins were the only privileged identities you had to secure, and a strong security perimeter helped to keep all the bad guys out. Times have changed. Attackers targeting identities is not new. Wha…CSOONLINE.COM
3 Dec KEVCIO POV: Building trust in cyberspaceTrust lies at the heart of every relationship, transaction, and encounter. Yet in cyberspace—where we work, live, learn, and play—trust can become elusive. Since the dawn of the internet nearly 50 years ago, we’ve witnessed incredible digital transformations paired with increasin…CSOONLINE.COM
3 DecDer Weg zum nachhaltigen CyberschutzWenn im Ernstfall Unternehmen stillstehen, sind die Sorgen groß. Mit Cyberresilienz tragen CISOs dazu bei, dass der Geschäftsbetrieb weitergehen kann. Kjetil Kolbjornsrud Die deutschen Ergebnisse der globalen Cyberstudie „Digital Trust Insight 2025“ der Unternehmensberatung PwC s…CSOONLINE.COM
3 DecWant to be a cybersecurity pro? Use generative AI to get some simulated trainingI often get approached by young, ambitious people looking to start a cybersecurity career. Some are studying cybersecurity in college, some are looking to jump from IT, and some believe that the field is synergistic with past experiences in law enforcement or the military. Regard…CSOONLINE.COM
3 Dec152: Stacc AttackJarett Dunn, AKA StaccOverflow, stole millions of dollars from a website called Pump Fun, and he wanted to do it in the most dramatic and theatrical way he could. His big heist is known as the “Stacc Attack”. https://x.com/STACCoverflow He has a merch store now freestacc.io . Spo…DARKNETDIARIES.COM
3 DecGafgyt Malware Targeting Docker Remote API ServersOur researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior.TRENDMICRO.COM
3 DecSalesforce Applications Vulnerability Could Allow Full Account TakeoverA critical vulnerability has been discovered in Salesforce applications that could potentially allow a full account takeover. The vulnerability, uncovered during a penetration testing exercise, hinges on misconfigurations within Salesforce Communities, particularly exploiting the…GBHACKERS.COM
3 DecNo guarantees of payday for ransomware gang that claims to have hacked children’s hospitalWhat is the point of INC Ransom's attack on Alder Hey? They are not likely to be paid, and the attack on a children's hospital only increases the chances that they will one day find their collars felt by law enforcement. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
3 DecEU enacts new laws to strengthen cybersecurity defenses and coordinationThe European Union has enacted two new laws to bolster its cybersecurity defenses and coordination mechanisms. The measures, part of the cybersecurity legislative package, include the Cyber Solidarity Act and amendments to the Cybersecurity Act (CSA). These steps aim to improve t…CSOONLINE.COM
3 DecNachoVPN Tool Exploits Flaws in Popular VPN Clients for System CompromiseCybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems. "By targeting the implicit trust VPN clients pl…THEHACKERNEWS.COM
3 DecSalesforce Applications Vulnerability Could Allow Full Account Takeoversubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/salesforce-applications-vulnerability/SH.ITJUST.WORKS
3 DecCisco Confirms Active Exploitation of Decade-Old WebVPN Vulnerability in ASA Softwaresubmitted by kid to cybersecurity 1 points | 0 comments https://securityonline.info/cisco-confirms-active-exploitation-of-decade-old-webvpn-vulnerability-in-asa-software/SH.ITJUST.WORKS
3 DecThe shocking speed of AWS key exploitation - Help Net Securitysubmitted by kid to cybersecurity 2 points | 0 comments https://www.helpnetsecurity.com/2024/12/02/revoke-exposed-aws-keys/SH.ITJUST.WORKS
3 DecWhy Phishers Love New TLDs Like .shop, .top and .xyzPhishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) -- such as .shop, .top, .xyz -- that attract scammers with rock-bottom prices and no meaningful registrati…KREBSONSECURITY.COM
3 DecInside Akira Ransomware's Rust Experimentsubmitted by Joker to cybersecurity 1 points | 0 comments https://research.checkpoint.com/2024/inside-akira-ransomwares-rust-experiment/ Executive Summary > - Check Point Research analyzed the construction and control flow of Akira ransomware’s Rust version that circulated in …INFOSEC.PUB
3 DecMöglicher Cyberangriff: IT-Ausfall bei MedionZunächst hat Medion einen Cyberangriff als Ursache für den IT-Ausfall genannt. Mittlerweile spricht das Unternehmen “nur” noch von einer IT-Störung. OleksandrShnuryk – Shutterstock.com Der Elektronik-Anbieter Medion hat seine Kunden kürzlich auf eine IT-Störungen hingewiesen, die…CSOONLINE.COM
3 DecPolice seize Matrix encrypted chat service after spying on criminalsAn international law enforcement operation codenamed 'Operation Passionflower' has shut down MATRIX, an encrypted messaging platform used by cybercriminals to coordinate illegal activities while evading police. [...]BLEEPINGCOMPUTER.COM
3 DecCISA Releases Eight Industrial Control Systems AdvisoriesCISA released eight Industrial Control Systems (ICS) advisories on December 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-338-01 Ruijie Reyee OS ICSA-24-338-02 Siemens RUGGEDCOM APE1808 I…CISA.GOV
3 DecUS Expands List of Chinese Technology Companies Under Export ControlsCommerce Department expanded the list of Chinese technology companies subject to export controls to include many that make equipment used to make computer chips, chipmaking tools and software. The post US Expands List of Chinese Technology Companies Under Export Controls appeared…SECURITYWEEK.COM
3 DecCISA and Partners Release Joint Guidance on PRC-Affiliated Threat Actor Compromising Networks of Global Telecommunications ProvidersToday, CISA—in partnership with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners—released joint guidance, Enhanced Visibility and Hardening Guidance for Communications Infrastructure . Partners of this guidance include: &nb…CISA.GOV
3 DecHackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping PlatformsCybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target e-commerce platforms during the holiday season, which allow attackers to craft convincing phishing emails, replicate legitimate websites, and gain unauthorized access to s…GBHACKERS.COM
3 DecHackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltrationwevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By manipulating its capabilities, attackers can execute arbitrary commands, download malicious payloads, and establish persistence, all while evading traditional security measures. It is a Window…GBHACKERS.COM
3 DecPEFT-As-An-Attack, Jailbreaking Language Models For Malicious PromptsFederated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated learning (FL) to improve the efficiency and privacy of training large language models (PLMs) on specific tasks.  However, this approach intr…GBHACKERS.COM
3 DecAdding Observability with OpenTelemetry - Adriana Villela - ASW #309Observability is a lot more than just sprinkling printf statements throughout a code base. Adriana Villela explains principles behind logging, traceability, and metrics and how the OpenTelemetry project helps developers gather this useful information. She also provides suggestion…YOUTUBE.COM
3 DecPolice seize Matrix encrypted chat service after spying on criminalssubmitted by BrikoX to cybersecurity 1 points | 1 comments https://www.bleepingcomputer.com/news/security/police-seize-matrix-encrypted-chat-service-after-spying-on-criminals/ An international law enforcement operation codenamed ‘Operation Passionflower’ has shut down MATRIX, an …SH.ITJUST.WORKS
3 DecHackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltrationsubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/windows-event-log-hack/SH.ITJUST.WORKS
3 DecVeeam warns of critical RCE bug in Service Provider Console​Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing. [...]BLEEPINGCOMPUTER.COM
3 DecExploit released for critical WhatsUp Gold RCE flaw, patch nowA proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon as possible. [...]BLEEPINGCOMPUTER.COM
3 DecCelebrating 200 Episodes of Cloud Security Podcast by Google and Thanks for all the Listens!https://cloud.withgoogle.com/cloudsecurity/podcast/ A few weeks ago, our podcast turned 200 ! In this case, we are talking about episodes, not years. We (that is, Tim Peacock and myself) definitely feel like we have to say something humorous, pithy, and uniquely insightful about …MEDIUM.COM
3 DecPhishing Attacks Impersonating Big Brands Starts to Zero in on Just One BrandThe latest data on brand phishing trends shows one brand dominating quarter over quarter, but also continuing to take on a larger share of the brand impersonation.KNOWBE4.COM
3 DecUS says Chinese hackers are still lurking in American phone networksThe China-backed hackers are reportedly still inside the networks of some of America's largest phone and internet companies, weeks after the hacks were disclosed. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
3 DecPrivilege Escalation Nightmare in Zabbix!🚨 Is your Zabbix server secure? A newly discovered vulnerability could allow non-admin users to gain full control over your system! 😱 This SQL injection exploit targets API-access roles, making almost any default setup vulnerable. Learn why this is a wake-up call for every enterp…YOUTUBE.COM
3 Dec16 Zero-Days Uncovered in Fuji Electric Monitoring SoftwareFlaws in Fuji's Tellus and V-Server Software Pose Risks to Critical Infrastructure Security researchers have uncovered 16 zero-day vulnerabilities in Japanese equipment manufacturer Fuji Electric's Tellus and V-Server remote monitoring software that enable attackers to execute ma…DATABREACHTODAY.CO.UK
3 DecFirst-ever Linux UEFI bootkit turns out to be research projectBootkitty, a recently discovered boot-level UEFI rootkit for Linux, was evidently created by students participating in a cybersecurity training program at the South Korean Information Technology Research Institute (KITRI). The bootkit, found and analyzed by researchers from antiv…CSOONLINE.COM
3 DecNew era of slop security reports for open sourcesubmitted by Joker to cybersecurity 1 points | 0 comments https://sethmlarson.dev/slop-security-reportsINFOSEC.PUB
3 DecBlackBerry Highlights Rising Software Supply Chain Risks in MalaysiaIn 2024, BlackBerry unveiled new proprietary research , underscoring the vulnerability of software supply chains in Malaysia and around the world. According to the study, 79% of Malaysian organizations reported cyberattacks or vulnerabilities in their software supply chains durin…CSOONLINE.COM
📢 SECURITY ADVISORIES 11[−]
3 DecAlgorithms Are Coming for Democracy—but It’s Not All BadIn 2025, AI is poised to change every aspect of democratic politics —but it won’t necessarily be for the worse. India’s prime minister, Narendra Modi, has used AI to translate his speeches for his multilingual electorate in real time, demonstrating how AI can he…SCHNEIER.COM
3 DecUK Ministry of Defense MoD passwords leaked on Dark Web - Cybersecurity Insiderssubmitted by kid to cybersecurity 1 points | 0 comments https://www.cybersecurity-insiders.com/uk-ministry-of-defense-mod-passwords-leaked-on-dark-web/SH.ITJUST.WORKS
3 DecCISA and Partners Release Joint Guidance on PRC-Affiliated Threat Actor Compromising Networks of Global Telecommunications Providerssubmitted by Joker to cybersecurity 1 points | 0 comments https://www.cisa.gov/news-events/alerts/2024/12/03/cisa-and-partners-release-joint-guidance-prc-affiliated-threat-actor-compromising-networks-globalINFOSEC.PUB
3 DecNo more punched tape and CDs? NCSC promises progress on £2.6 billion cryptographic key overhaulsubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.thestack.technology/no-more-punched-tape-and-cds-ncsc-promises-progress-on-2-6-billion-cryptographic-key-overhaul/ Keys “were originally shipped around in plastic bags…”SH.ITJUST.WORKS
3 DecPolice seizes largest German online crime marketplace, arrests adminGermany has taken down the largest online cybercrime marketplace in the country, named "Crimenetwork," and arrested its administrator for facilitating the sale of drugs, stolen data, and illegal services. [...]BLEEPINGCOMPUTER.COM
3 DecHardware Security Failure Scenariossubmitted by Joker to cybersecurity 1 points | 0 comments https://www.nist.gov/publications/hardware-security-failure-scenariosINFOSEC.PUB
3 DecNew EU Regulation Establishes European ‘Cybersecurity Shield’The European Union has adopted new legislation to establish a cybersecurity shield and ensure adequate security standards for managed security services. The post New EU Regulation Establishes European ‘Cybersecurity Shield’ appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecUS shares tips to block hackers behind recent telecom breaches​CISA released guidance today to help network defenders harden their systems against attacks coordinated by the Salt Typhoon Chinese threat group that breached multiple major global telecommunications providers earlier this year. [...]BLEEPINGCOMPUTER.COM
3 DecFBI Tells Telecom Firms to Boost Security Following Wide-Ranging Chinese Hacking CampaignGuidance issued by the FBI and CISA is intended to help root out the hackers and prevent similar cyberespionage. The post FBI Tells Telecom Firms to Boost Security Following Wide-Ranging Chinese Hacking Campaign appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecAchieving cybersecurity compliance in 5 stepsCybersecurity compliance may feel overwhelming, but a few clear steps can make it manageable and ensure your business stays on the right side of regulatory requirementsWELIVESECURITY.COM
🔥 INCIDENT REPORTING 6[−]
3 DecUS government contractor ENGlobal says operations are ‘limited’ following cyberattackENGlobal Corporation, a provider of engineering and automation services to the U.S. energy sector and federal government, says it has restricted access to its IT systems following a cyberattack, limiting the company to essential business operations only. In an 8-K filing with the…TECHCRUNCH.COM
3 DecEnergy Sector Contractor ENGlobal Targeted in Ransomware AttackEnergy sector contractor ENGlobal Corporation has restricted access to some of its systems in response to a ransomware attack. The post Energy Sector Contractor ENGlobal Targeted in Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecThreat Actors Allegedly Claims Breach of EazyDiner Reservation PlatformReports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation platform. Alleged by a tweet from DailyDarkWeb, the breach is said to have compromised sensitive user data, including names, email addresses, phone numbers, and reservation detai…GBHACKERS.COM
3 DecThird-party access: The overlooked risk to your data protection planA recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. …SECURITYINTELLIGENCE.COM
3 DecInternational operation takes down another encrypted messaging service used by criminals | Europolsubmitted by sith to cybersecurity 2 points | 0 comments https://www.europol.europa.eu/media-press/newsroom/news/international-operation-takes-down-another-encrypted-messaging-service-used-criminals What does this mean? Have they hacked a Matrix server, a client, the protocol, or…SH.ITJUST.WORKS
3 DecVodka maker Stoli files for bankruptcy in US after ransomware attackStoli Group's U.S. companies have filed for bankruptcy following an August ransomware attack and Russian authorities seizing the company's remaining distilleries in the country. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 46[−]
3 DecHumble Tech Book Bundle: Hacking 2024 by No Starchsubmitted by SmartmanApps to security 1 points | 0 comments https://www.humblebundle.com/books/hacking-2024-no-starch-booksPROGRAMMING.DEV
3 DecSweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response PlatformWith Sweet, customers can now unify detection and response for applications, workloads, and cloud infrastructure  Sweet Security today announced the release of its unified Cloud Native Detection and Response platform, designed to transform the way organizations protect their…GBHACKERS.COM
3 DecISC Stormcast For Tuesday, December 3rd, 2024 https://isc.sans.edu/podcastdetail/9238, (Tue, Dec 3rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
3 DecPalo Alto Networks — the 2024 AWS Global Technology Partner of the Year2024 AWS Global Technology Partner of the Year acknowledges our innovation in purpose-built cloud security, increasing efficiency and customer success. The post Palo Alto Networks — the 2024 AWS Global Technology Partner of the Year appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
3 DecRussia Sentenced Hydra Dark Web Market Developer for Life TimeA Russian court has sentenced Stanislav Moiseyev, believed to be the founder of the notorious Hydra darknet marketplace, to life imprisonment. The Moscow Regional Court delivered the verdict on charges related to organized crime and drug trafficking, concluding a significant chap…GBHACKERS.COM
3 DecFeds Propose AI 'Guardrails' for Medicare Advantage PlansProvision Emphasizes Existing Medicare Regs for Equitable Access to Health Services The Centers for Medicare and Medicaid Services has issued proposed "guardrails" to help ensure that the use of artificial intelligence for Medicare Advantage insurance plans does not result in ine…DATABREACHTODAY.CO.UK
3 DecElizaRAT: Enhancing C2 Communication Through Google, Telegram, & Slack ServicesAPT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated Windows RAT that, initially detected in 2023, employs advanced evasion tactics and robust C2 capabilities to target Indian government agencies, diplomatic personnel, and mil…GBHACKERS.COM
3 DecExtracting Files Embedded Inside Word Documents, (Tue, Dec 3rd)I found a sample that is a Word document with an embedded executable. I&#;x26;#;39;ll explain how to extract the embedded executable with my tools. ISC.SANS.EDU
3 DecThe Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigationsubmitted by Joker to cybersecurity 1 points | 0 comments https://arxiv.org/abs/1802.07228 This report surveys the landscape of potential security threats from malicious uses of AI, and proposes ways to better forecast, prevent, and mitigate these threats. After analyzing the way…INFOSEC.PUB
3 Dec"Oh, sh*t! I actually opened the document!": An Empirical Study of the Experiences with Suspicious Emails in Virtual Reality Headsetssubmitted by Joker to cybersecurity 1 points | 0 comments https://arxiv.org/abs/2412.01474 This paper reports on a study exploring user experiences with suspicious emails and associated warnings when accessed through virtual reality (VR) headsets in realistic settings. A group of…INFOSEC.PUB
3 DecProtect Your Secrets: Understanding and Measuring Data Exposure in VSCode Extensionssubmitted by Joker to cybersecurity 1 points | 0 comments https://arxiv.org/abs/2412.00707 Recent years have witnessed the emerging trend of extensions in modern Integrated Development Environments (IDEs) like Visual Studio Code (VSCode) that significantly enhance developer produ…INFOSEC.PUB
3 DecExposing LLM Vulnerabilities: Adversarial Scam Detection and Performancesubmitted by Joker to cybersecurity 1 points | 0 comments https://arxiv.org/abs/2412.00621 Can we trust Large Language Models (LLMs) to accurately predict scam? This paper investigates the vulnerabilities of LLMs when facing adversarial scam messages for the task of scam detectio…INFOSEC.PUB
3 DecNorth Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft AttacksThe North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. "Phishing emails were sent mainly through email services …THEHACKERNEWS.COM
3 DecDarknet Diaries: Ep 152: Stacc Attacksubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/4fa15887-b902-4f29-bcca-9fd22940bd05.jpeg Darknet Diaries: Ep 152: Stacc Attack Jarett Dunn, AKA StaccOverflow, stole millions of dollars from a website called Pump Fun, and he wanted to do …INFOSEC.PUB
3 DecChina Is Outpacing US in Critical Tech Research InvestmentsExperts Warn China's Tech Rise Could Reshape Global Cybersecurity and Warfare China has surged past the United States in critical technology research, according to a recent report published by the Australian Strategic Policy Institute. Experts warn the shift could have profound g…DATABREACHTODAY.CO.UK
3 DecNorth Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secretsIn itslust for stealing cryptocurrency and sensitive information, North Korean hackers are disguising themselves as remote IT workers, recruiters, and even venture capitalists. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
3 DecHackers Stole $1.49 Billion in Cryptocurrency to Date in 2024Hackers have caused close to $1.49 billion in cryptocurrency losses this year, with $71 million worth of assets stolen in November. The post Hackers Stole $1.49 Billion in Cryptocurrency to Date in 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecKorea arrests CEO for adding DDoS feature to satellite receiverssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/korea-arrests-ceo-for-adding-ddos-feature-to-satellite-receivers/SH.ITJUST.WORKS
3 Dec760,000 Employee Records From Several Major Firms Leaked OnlineA hacker has posted online over 760,000 records belonging to employees of Bank of America, Koch, Nokia, JLL, Xerox, Morgan Stanley, and Bridgewater. The post 760,000 Employee Records From Several Major Firms Leaked Online appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecWindows Sockets: From Registered I/O to SYSTEM Privilegessubmitted by Joker to cybersecurity 1 points | 0 comments https://blog.exodusintel.com/2024/12/02/windows-sockets-from-registered-i-o-to-system-privileges/INFOSEC.PUB
3 DecSmokeLoader Attack Targets Companies in Taiwansubmitted by Joker to cybersecurity 1 points | 0 comments https://www.fortinet.com/blog/threat-research/sophisticated-attack-targets-taiwan-with-smokeloaderINFOSEC.PUB
3 DecHacker Conversations: Dan McInerney and Puzzle-Driven HackingMcInerney’s path to becoming a hacker is subtly different to many other hackers. He started as a 22-year old psychology graduate rather than a computer-obsessed 9-year old kid. The post Hacker Conversations: Dan McInerney and Puzzle-Driven Hacking appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecAd fraud on large online platformssubmitted by Joker to cybersecurity 3 points | 0 comments https://cert.pl/en/posts/2024/12/Ad-fraud-on-large-online-platforms/INFOSEC.PUB
3 DecCloud Security: Lessons Learned and Applied to Emerging Tech - Bertrum Carroll - CSP #203Bertrum Carroll dives into the evolution of cloud service adoption, comparing early concerns—like data storage, access, and usage—to current apprehensions about AI. We explore how leadership can empower teams with the right training to harness technology effectively. Learn why un…YOUTUBE.COM
3 DecApple espionage on its employees iPhones and iCloud accountssubmitted by kid to cybersecurity 1 points | 0 comments https://www.cybersecurity-insiders.com/apple-espionage-on-its-employees-iphones-and-icloud-accounts/SH.ITJUST.WORKS
3 DecVendors Unveil New Cloud Security Products, Features at AWS re:Invent 2024AWS and other vendors have announced new cloud security products and features at the cloud giant’s re:Invent 2024 conference. The post Vendors Unveil New Cloud Security Products, Features at AWS re:Invent 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecFuzzing Barcodes, Fuzzing with AI, AI vs. Scammers, CWEs, Repo Swatting - ASW #309Fuzzing barcodes and getting projects onboarded with fuzzers, using AI to guide fuzzers, using AI to combat scammers, using CWEs for something, using malicious comments to ban repos, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https…YOUTUBE.COM
3 DecNews alert: Sweet Security releases its evolutionary Cloud Native Detection and Response platformTel Aviv, Israel, Dec. 3, 2024, CyberNewswire — With Sweet, customers can now unify detection and response for applications, workloads, and cloud infrastructure Sweet Security today announced the release of its unified Cloud Native Detection and Response platform, designed …LASTWATCHDOG.COM
3 DecDetailing the Attack Surfaces of the WolfBox E40 EV Chargersubmitted by Joker to cybersecurity 1 points | 0 comments https://www.thezdi.com/blog/2024/12/2/detailing-the-attack-surfaces-of-the-wolfbox-e40-ev-chargerINFOSEC.PUB
3 DecNorth Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attackssubmitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2024/12/north-korean-kimsuky-hackers-use.htmlSH.ITJUST.WORKS
3 DecAnd the Winner of The Inside Man Biggest Fan Contest 2024 is…It’s been several weeks since the exciting premiere of The Inside Man - Season 6 in St. Petersburg, Fl. If you missed my post , I talked about this magical night where we released the latest blockbuster season of this award winning security awareness series.KNOWBE4.COM
3 DecAWS Unveils Future of Enterprise AI and Cloud at re:InventCEO Matt Garman Envisions New Era of Compute, Storage and Generative AI innovation Amazon Web Services hopes to redefine enterprise innovation in the cloud with a slew of announcements made during CEO Matt Garman's keynote speech at re:Invent 2024 in Las Vegas about advancements …DATABREACHTODAY.CO.UK
3 DecThe Duality of AI: Enhancing and Securing Gen AI ModelsUnleash the power of AI. Not the risks. Unlock the power of generative AI while safeguarding your sensitive data with expert insights and strategies shared in this must-watch webinar.DATABREACHTODAY.CO.UK
3 DecNo Timeline for Evicting Chinese Hackers from US NetworksBeijing Threat Actor Shifts Tactics in Response to Public Disclosure Chinese hackers who penetrated U.S. telecoms likely haven't been fully evicted partially due to shifting tactics made in response to public disclosures, federal officials said Tuesday. Industry and government in…DATABREACHTODAY.CO.UK
3 DecMalicious Google Ads Target Users Seeking Solutions to Printer ProblemsScammers are abusing Google ads to target users searching for help with printer problems, according to researchers at Malwarebytes.KNOWBE4.COM
3 DecISIS, Enron, Tor, Scams, Wintermute, Zabbix, Josh Marpet and more... - SWN #434ISIS, Enron, Tor, Scams, Wintermute, Zabbix, Josh Marpet and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-434YOUTUBE.COM
3 DecRepeat offenders drive bulk of tech support scams via Google Adssubmitted by Joker to cybersecurity 1 points | 0 comments https://www.malwarebytes.com/blog/scams/2024/12/repeat-offenders-drive-bulk-of-tech-support-scams-via-google-adsINFOSEC.PUB
3 DecHunting Payroll Pirates: Silent Push Tracks HR Redirect Phishing Scamsubmitted by Joker to cybersecurity 1 points | 0 comments https://www.silentpush.com/blog/payroll-pirates/INFOSEC.PUB
3 DecKorean Firm Sold Satellite Receivers With DDoS FeatureFirm Allegedly Embedded DDoS at the Request of a Foreign Client A South Korean company exported 240,000 satellite receivers with distributed denial-of-service attack capabilities, leading to the arrest of its CEO by the Korean National Police Agency. The company and its employees…DATABREACHTODAY.CO.UK
3 DecHello, this is your chatbot leaking: WotNot exposes 346K sensitive customer filessubmitted by Joker to cybersecurity 2 points | 0 comments https://cybernews.com/security/wotnot-exposes-346k-sensitive-customer-files/INFOSEC.PUB
3 DecCloudflare’s developer domains increasingly abused by threat actorsCloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities. [...]BLEEPINGCOMPUTER.COM
3 DecEuropean Police Disrupts Matrix Encrypted ServicePlatform Used for Drugs, Arms trafficking, and Money Laundering French and Dutch police led the takedown of an encrypted messaging platform used in international drug and arms trafficking. Dutch police discovered the app, named Matrix, on the phone of a criminal convicted in 2021…DATABREACHTODAY.CO.UK
3 DecGoodRx Agrees to Pay $25M to Settle Web Tracker LawsuitTelehealth Firm Previously Paid $1.5M Fine to FTC for Similar Privacy Issues GoodRx has reached a $25 million preliminary settlement of proposed class action litigation alleging the telehealth company violated privacy and an assortment other laws and statues when it previously co…DATABREACHTODAY.CO.UK
3 Dec'Horns&Hooves' Malware Campaign Hits Over 1,000 VictimsRussian Threat Actor Delivers NetSupport RAT, BurnsRAT via Fake Requests A malware campaign targeting Russian retailers and service businesses aims to deploy remote access tools and install infostealer malware. Kaspersky dubbed the campaign "Horns&Hooves," after a fake organi…DATABREACHTODAY.CO.UK
3 DecSixgen's Kyrus Acquisition Boosts National CybersecurityBuy of Washington D.C.-Area Firm Adds Reverse Engineering, Data Analytics Expertise Sixgen will enhance its cybersecurity operations through the purchase of Washington D.C.-area Kyrus. The move introduces reverse engineering and analytics expertise to Sixgen's portfolio, aligning…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 4[−]
3 DecHorns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript PayloadsA newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around…THEHACKERNEWS.COM
3 DecFTC bans two data brokers from collecting and selling Americans’ sensitive location dataUS-based Gravy Analytics and Mobilewalla must also delete historic data collected on millions of Americans. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
3 DecFTC bans data brokers from selling Americans’ sensitive location dataToday, the FTC banned data brokers Mobilewalla and Gravy Analytics from harvesting and selling Americans' location tracking data linked to sensitive locations, like churches, healthcare facilities, military installations, and schools. [...]BLEEPINGCOMPUTER.COM
3 DecThe Unseen Obstacle That Almost Broke My StartupBuilding a startup comes with challenges you expect – like raising money and selling your product. But what happens when an obstacle you never saw coming throws everything off track? In this short, we dive into the unexpected hurdle that nearly derailed UK's business: optics. As …YOUTUBE.COM
🎙️ PODCASTS 1[−]
3 DecThe AI Fix #27: Why is AI full of real-life Bond villains?In episode 27 of The AI Fix, robots catch a ball, lead a revolt, and enjoy a juicy steak. Or do they? Graham struggles with a Micro USB cable, a student struggles with a school’s anti-AI rules, and OpenAI’s Sora video generation AI is leaked by hacktivists. Graham circles back in…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 11[−]
3 DecUS agency proposes new rule blocking data brokers from selling Americans’ sensitive personal dataThe U.S. consumer protection agency said it's closing the loophole to block the "widespread evasion" of federal law by data brokers. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
3 DecSophos named a Gartner® Peer Insights™ Customers’ Choice for Managed Detection and Response (MDR) Services for the 2nd timeSophos is the only vendor named a Customers’ Choice across Endpoint Protection Platforms, Network Firewalls, and Managed Detection and ResponseSOPHOS.COM
3 DecUndeclared functionality in machine learning systemsHidden logic, data poisoning, and other targeted attack methods using AI systems.KASPERSKY.COM