🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
5 Dec KEVCISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanelThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. …THEHACKERNEWS.COM
5 DecChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRFResearchers released a detailed report on a significant security vulnerability named CVE-2023-49785, affecting the ChatGPT Next Web, popularly known as NextChat. This vulnerability has raised concerns within the cybersecurity community due to its potential for exploitation throug…GBHACKERS.COM
5 Dec KEVI-O DATA Routers Command Injection Vulnerabilities Actively Exploited in AttacksI-O DATA DEVICE, INC. has announced that several critical vulnerabilities in their UD-LT1 and UD-LT1/EX routers are being actively exploited. These vulnerabilities pose significant risks to users, necessitating urgent attention and action. Below is a detailed look at each vulnera…GBHACKERS.COM
5 DecThinkware Cloud APK Vulnerability Allows Code Execution With Elevated PrivilegesA critical vulnerability identified as CVE-2024–53614 has been discovered in the Thinkware Cloud APK version 4.3.46. This vulnerability arises from the use of a hardcoded decryption key within the application. It allows malicious actors to access sensitive data and execute arbitr…GBHACKERS.COM
5 Dec KEVCISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in WildThe Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being actively exploited in the wild. The vulnerabilities affect popular software and hardware products, including Zyxel firewalls, CyberPanel, North Grid, and ProjectSen…GBHACKERS.COM
5 DecHCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tagsRecently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL Launch has emerged, allowing users to embed arbitrary HTML tags within the Web UI. This vulnerability tracked as CVE-2024-42195, poses a potential risk of sensitive information disclosur…GBHACKERS.COM
5 DecCritical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin AccessCybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The crit…THEHACKERNEWS.COM
5 DecWhere There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0daysubmitted by Joker to cybersecurity 1 points | 0 comments https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/INFOSEC.PUB
5 Dec KEVAnnouncing the launch of Vanir: Open-source Security Patch ValidationPosted by Hyunwook Baek, Duy Truong, Justin Dunlap and Lauren Stan from Android Security and Privacy, and Oliver Chang from the Google Open Source Security Team Today, we are announcing the availability of Vanir , a new open-source security patch validation tool. Introduced at An…SECURITY.GOOGLEBLOG.COM
5 DecMitel MiCollab VoIP authentication bypass opens new attack pathsSecurity researchers have discovered a new issue in the Mitel MiCollab enterprise VoIP platform that allows attackers to access administrative features without authentication. The discovery was made by researchers from security firm watchTowr back in May while trying to replicate…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 29[−]
5 DecCisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature VerificationA critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially allowing attackers to bypass image signature verification. This flaw, which affects several Cisco product lines, could enable unauthorized users to load unverified software onto af…GBHACKERS.COM
5 DecIs the tide turning on macOS security?The Apple ecosystem has been recognized for years by users and cybersecurity experts as among the most secure, offering flagship security features and a high level of user privacy protection. But macOS security may be experiencing a turning point in 2024, as experts point to a sh…CSOONLINE.COM
5 DecDear CEO: It’s time to rethink security leadership and empower your CISOAs a CISO, I’ve spent years navigating the delicate balance of responsibility and authority, accountability, and autonomy. After writing “ The CISO Paradox ,” I was struck by how deeply the article resonated with others in the cybersecurity field. Many reached out to share their …CSOONLINE.COM
5 DecMOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform AttacksTrend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.TRENDMICRO.COM
5 DecFuji Electric Indonesia Hit by Ransomware AttackFuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and raising concerns about data security and business continuity. The attack was publicly disclosed by Fuji Electric’s headquarters on December 2, 2024, through an official notice, wh…GBHACKERS.COM
5 DecZero-Day: How Attackers Use Corrupted Files to Bypass Detectionsubmitted by Joker to cybersecurity 1 points | 0 comments https://any.run/cybersecurity-blog/corrupted-files-attack/INFOSEC.PUB
5 DecChemonics International Data Breach Impacts 260,000 IndividualsDevelopment firm Chemonics International has disclosed a year-old data breach impacting over 260,000 people. The post Chemonics International Data Breach Impacts 260,000 Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecUS may plan legislation to contain Chinese cyber espionageUS senators were briefed behind closed doors this week on the scale of “Salt Typhoon,” an alleged Chinese cyber-espionage campaign targeting the nation’s telecommunications networks. The FBI, CISA, and other key agencies, who were part of the briefing, revealed that the sophistic…CSOONLINE.COM
5 DecBootloader Vulnerability Impacts Over 100 Cisco SwitchesMore than 100 Cisco products are affected by an NX-OS vulnerability that allows attackers to bypass image signature verification. The post Bootloader Vulnerability Impacts Over 100 Cisco Switches appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecWant to Grow Vulnerability Management into Exposure Management? Start Here!Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent yea…THEHACKERNEWS.COM
5 DecMOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attackssubmitted by Joker to cybersecurity 2 points | 0 comments https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.htmlINFOSEC.PUB
5 Dec83% of organizations reported insider attacks in 2024submitted by kid to cybersecurity 1 points | 0 comments https://securityintelligence.com/articles/83-percent-organizations-reported-insider-threats-2024/SH.ITJUST.WORKS
5 Dec50 Servers Linked to Cybercrime Marketplace and Phishing Sites Seized by Law EnforcementEuropol announced an operation targeting a cybercrime marketplace and phishing websites, including the arrests of two suspects. The post 50 Servers Linked to Cybercrime Marketplace and Phishing Sites Seized by Law Enforcement appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecHackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus BackdoorA previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. "Earth Minotaur uses MO…THEHACKERNEWS.COM
5 DecASD’s ACSC, CISA, and US and International Partners Release Guidance on Choosing Secure and Verifiable TechnologiesToday, CISA—in partnership with the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), and other international partners—released updates to a Secure by Design Alert, Choosing Secure and Verifiable Technologies . Partners that provided recommendations in t…CISA.GOV
5 DecCISA Releases Two Industrial Control Systems AdvisoriesCISA released two Industrial Control Systems (ICS) advisories on December 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-340-01 AutomationDirect C-More EA9 Programming Software ICSA-24-340…CISA.GOV
5 DecRomanian elections targeted with cyberattacks by foreign state-sponsored actorsRomania, an EU and NATO member state, faced tens of thousands of intrusion attempts — some successful — that targeted its election IT infrastructure before and during the first round of its presidential elections, according to a report from the country’s main intelligence service…CSOONLINE.COM
5 DecLatrodectus malware and how to defend against it with WazuhLatrodectus is a versatile malware family that infiltrate systems, steal sensitive data, and evades detection. Learn more from Wazuh about Latrodectus malware and how to defend against it using the open-source XDR. [...]BLEEPINGCOMPUTER.COM
5 DecMitel MiCollab zero-day flaw gets proof-of-concept exploitResearchers have uncovered an arbitrary file read zero-day in the Mitel MiCollab collaboration platform, allowing attackers to access files on a server's filesystem. [...]BLEEPINGCOMPUTER.COM
5 DecCisco Releases Security Updates for NX-OS SoftwareCisco released security updates to address a vulnerability in Cisco NX-OS software. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following advisory and apply the necessary…CISA.GOV
5 DecSolving networking and security challenges in the modern branchAs organizations embrace digital transformation, branch offices have become critical hubs for innovation and operations. They host diverse devices, users, and cloud-enabled applications that drive business agility and customer engagement. However, the rapid expansion of branch in…CSOONLINE.COM
5 DecRussian money-laundering network linked to drugs and ransomware disrupted, 84 arrestsThe UK's National Crime Agency (NCA) has revealed details of Operation Destabilise, a years-long international law enforcement investigation into a giant Russian money laundering enterprise that handled billions of dollars for drug traffickers and ransomware gangs worldwide. Read…TRIPWIRE.COM
5 Dec'Earth Minotaur' Exploits WeChat, Sends Spyware to Uyghurssubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/earth-minotaur-exploits-wechat-bugs-spyware-uyghurs The emerging threat actor, potentially a Chinese state-sponsored APT, is using the known exploit kit Moonshine in …SH.ITJUST.WORKS
5 DecI-O Data Confirms Zero-Day Attacks on Routers, Full Patches PendingJapanese device maker confirms zero-day router exploitation and warn that full patches won’t be available for a few weeks. The post I-O Data Confirms Zero-Day Attacks on Routers, Full Patches Pending appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecPolice shuts down Manson cybercrime market, arrests key suspectsGerman law enforcement has seized over 50 servers that hosted the Manson Market cybercrime marketplace and fake online shops used in phishing operations. [...]BLEEPINGCOMPUTER.COM
5 DecMitel MiCollab VoIP Software: Zero-Day Vulnerability AlertNo Patch Yet Available for Second Zero Day To Be Recently Found in VoIP Software Security researchers warn of a newly discovered zero-day vulnerability in widely used VoIP telephony software, a discovery that comes as the United States struggles to evict Chinese nation-state hack…DATABREACHTODAY.CO.UK
5 DecSecuring cloud-native applications: Why a comprehensive API security strategy is essentialDespite their capabilities and benefits, cloud-native applications also present several security challenges. Application programming interfaces (APIs) are among the top areas of risk for these applications. This isn’t surprising. As organizations look to enhance connections betwe…CSOONLINE.COM
5 DecCEO's Murder Sparks Outcry Over UHC's Coverage DenialsShell Casing Inscription 'Deny' Points to Potential Motive in CEO's Killing Law enforcement investigating murder of Brian Thompson, CEO of UnitedHealthCare are examining potential motives. But shell casings reportedly found at the crime scene spotlight one of the top motives spec…DATABREACHTODAY.CO.UK
5 DecRussian Forces Accused of Secretly Planting Spyware on PhoneRussian Activist for Ukraine Claims Spyware Was Installed While in Custody by FSB A Russian activist says security forces covertly installed spyware on his cellphone while he was detained in Moscow for aiding Ukraine. A report published Thursday shows the spyware received a broad…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 3[−]
5 DecNato befürchtet neue schwere Sabotageakte und CyberangriffeDie Anzahl der Angriffe auf das Bündnisgebiet der Nato steigen kontinuierlich weiter an. PX Media – Shutterstock.com Die Nato befürchtet neue schwere Sabotageakte und Cyberangriffe auf das Bündnisgebiet und hat deswegen weitere Abwehrmaßnahmen beschlossen. “Wir beobachten, dass i…CSOONLINE.COM
5 DecData Pipeline Challenges of Privacy-Preserving Federated LearningThis post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government’s Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts …NIST.GOV
🔥 INCIDENT REPORTING 11[−]
5 DecHackSynth : Autonomous Pentesting Framework For Simulating CyberattacksHackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to solve Capture The Flag (CTF) challenges without human intervention. It utilizes a two-module architecture: a planner to create commands and a summarizer to understand the hacking p…GBHACKERS.COM
5 DecBT Investigating Hack After Ransomware Group Claims Theft of Sensitive DataUK telecoms company BT has launched an investigation after the Black Basta ransomware group claimed the theft of 500 Gb of data. The post BT Investigating Hack After Ransomware Group Claims Theft of Sensitive Data appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecSolana SDK backdoored to steal secrets, private keysThe JavaScript-based software development kit (SDK) that allows developers to interact with the Solana Blockchain has suffered a supply chain attack aimed at crypto theft. Solana Web3.js library, which provides APIs for sending transactions, managing accounts, querying blockchain…CSOONLINE.COM
5 DecResearchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese HackersA suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the…THEHACKERNEWS.COM
5 DecBlack Basta erpresst Beko TechnologiesDie Ransomware-Bande Black Basta erpresst den deutschen Druckluftspezialisten Beko Technologies mit 700 Gigabyte gestohlenen Daten. PeopleImages.com – Yuri A – Shutterstock.com Beko Technologies wurde möglicherweise von einer Ransomware-Attacke getroffen. Die Ransomware-Gruppe Bl…CSOONLINE.COM
5 DecMassive breach exposes major USAID contractorsubmitted by kid to cybersecurity 2 points | 0 comments https://cybernews.com/news/chemonics-usaid-contractor-data-breach/SH.ITJUST.WORKS
5 DecRoundup: The top ransomware stories of 2024The year 2024 saw a marked increase in the competence, aggression and unpredictability of ransomware attackers. Nearly all the key numbers are up — more ransomware gangs, bigger targets and higher payouts. Malicious ransomware groups also focus on critical infrastructure an…SECURITYINTELLIGENCE.COM
5 DecUS arrests Scattered Spider suspect linked to telecom hacksU.S. authorities have arrested a 19-year-old teenager linked to the notorious Scattered Spider cybercrime gang who is now charged with breaching a U.S. financial institution and two unnamed telecommunications firms. [...]BLEEPINGCOMPUTER.COM
5 DecBreach Roundup: Vodka Maker Bankrupt After CyberattackAlso: Trinity Didn't Really Hack the Spanish Tax Agency, Law Firm KYL Reports Breach This week, a vodka maker in bankruptcy cited its ransomware attack, no ransomware at the Spanish tax agency and cable cuttings in Finland. Data stolen from Japanese shoppers, Chemonics Internatio…DATABREACHTODAY.CO.UK
5 DecU.S. org suffered four month intrusion by Chinese hackersA large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024. [...]BLEEPINGCOMPUTER.COM
5 DecRomania's election systems targeted in over 85,000 cyberattacksA declassified report from Romania's Intelligence Service says that the country's election infrastructure was targeted by more than 85,000 cyberattacks. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 36[−]
5 DecFBI Warns Americans to Start Using Encrypted Messaging Appssubmitted by kid to cybersecurity 1 points | 0 comments https://gizmodo.com/fbi-warns-americans-to-start-using-encrypted-messaging-apps-2000533800SH.ITJUST.WORKS
5 DecT-Mobile US CSO: Spies jumped from one telco to another in a way "I've not seen in my career"submitted by PhilipTheBucket to cybersecurity 1 points | 0 comments https://go.theregister.com/feed/www.theregister.com/2024/12/05/tmobile_cso_telecom_attack/SH.ITJUST.WORKS
5 DecISC Stormcast For Thursday, December 5th, 2024 https://isc.sans.edu/podcastdetail/9242, (Thu, Dec 5th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
5 DecANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against JapanThe China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024. The aim of the campaign is to deliver backdoors known as NOOPDOOR (aka HiddenFace) and ANEL (aka UPPERCU…THEHACKERNEWS.COM
5 DecFraudulent shopping sites tied to cybercrime marketplace taken offlinesubmitted by Joker to cybersecurity 1 points | 0 comments https://www.europol.europa.eu/media-press/newsroom/news/fraudulent-shopping-sites-tied-to-cybercrime-marketplace-taken-offlineINFOSEC.PUB
5 DecCloudflare’s pages.dev and workers.dev Domains Increasingly Abused forsubmitted by Joker to cybersecurity 1 points | 0 comments https://emailsecurity.fortra.com/blog/cloudflares-pagesdev-and-workersdev-domains-increasingly-abused-phishingINFOSEC.PUB
5 DecCrowdStrike IT Outage: Impacts to Public Safety Systems and Considerations for Congresssubmitted by Joker to cybersecurity 1 points | 0 comments https://www.everycrsreport.com/reports/IF12717.htmlINFOSEC.PUB
5 DecWhite House Says at Least 8 US Telecom Firms, Dozens of Nations Impacted by China Hacking CampaignA top White House official said at least eight U.S. telecom firms and dozens of nations have been impacted by a Chinese hacking campaign. The post White House Says at Least 8 US Telecom Firms, Dozens of Nations Impacted by China Hacking Campaign appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecSystem Two Security Emerges From Stealth With Detection Engineering SolutionSystem Two Security has emerged from stealth mode with a threat detection engineering solution and $7 million in seed funding. The post System Two Security Emerges From Stealth With Detection Engineering Solution appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecU.S. Organization in China Targeted by Attackerssubmitted by Joker to cybersecurity 1 points | 0 comments https://www.security.com/threat-intelligence/us-china-espionageINFOSEC.PUB
5 DecOperation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnelssubmitted by Joker to cybersecurity 2 points | 0 comments https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/INFOSEC.PUB
5 DecThreat Actor Targets Manufacturing Industry With Malwaresubmitted by Joker to cybersecurity 1 points | 0 comments https://cyble.com/blog/threat-actor-targets-manufacturing-industry-with-malware/INFOSEC.PUB
5 DecDroidBot: Insights from a new Turkish MaaS fraud operationsubmitted by Joker to cybersecurity 2 points | 0 comments https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operationINFOSEC.PUB
5 Dec(QR) Coding My Way Out of Here: C2 in Browser Isolation Environmentssubmitted by Joker to cybersecurity 2 points | 0 comments https://cloud.google.com/blog/topics/threat-intelligence/c2-browser-isolation-environments/INFOSEC.PUB
5 DecNew DroidBot Android malware targets 77 banking, crypto appssubmitted by kid to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/security/new-droidbot-android-malware-targets-77-banking-crypto-apps/SH.ITJUST.WORKS
5 DecUkraine’s DDoS attack cripples Russia’s Gazprombanksubmitted by kid to cybersecurity 1 points | 0 comments https://english.nv.ua/nation/ukraine-s-hur-paralyzes-gazprombank-s-online-services-50471837.htmlSH.ITJUST.WORKS
5 DecDeepfake Fraud: How AI is Bypassing Biometric Security in Financial Institutionssubmitted by kid to cybersecurity 1 points | 0 comments https://www.group-ib.com/blog/deepfake-fraud/ Our research highlights several key aspects of deepfake fraud. It explores the main deepfake techniques used by fraudsters to bypass Know Your Customer (KYC) and biometric verifi…SH.ITJUST.WORKS
5 Dec‘DroidBot’ Android Trojan Targets Banking, Cryptocurrency ApplicationsThe newly discovered DroidBot Android trojan targets 77 banks, cryptocurrency exchanges, and national organizations. The post ‘DroidBot’ Android Trojan Targets Banking, Cryptocurrency Applications appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecForecasting the 2025 CloudscapeDiscover 2025 cloud security trends, predictions on AI-driven threats, market consolidation, data security in CNAPPs, and more from Prisma Cloud leaders. The post Forecasting the 2025 Cloudscape appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
5 DecCisco NX-OS Flaw Let Attackers Bypass Image Signature Verificationsubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/nx-os-flaw-image-signature-verification/SH.ITJUST.WORKS
5 DecCYBERWARCON 2024submitted by ashar to security_cpe 1 points | 0 comments CYBERWARCON is a one-day conference in Arlington, VA focused on the specter of destruction, disruption, and malicious influence on our society through cyber capabilities. CYBERWARCON is not a hacker conference, or an ICS co…INFOSEC.PUB
5 DecFBI-Tipps zum persönlichen Schutz vor KI-AngriffenKI-Kriminalität nimmt zu. Deswegen veröffentlicht die US-Sicherheitsbehörde Ratschläge, wie man sich dagegen wappnet. Ralf Liebhold/shutterstock.com Die digitale Neuauflage des Enkeltricks , Phishing-Attacken oder andere KI-gestützte Angriffe : All das zeigt, das Kriminelle mit g…CSOONLINE.COM
5 DecBSIDES Cybersecurity Conference SUR 2024submitted by ashar to security_cpe 1 points | 0 comments Te invitamos a seguir la Conferencia de Ciberseguridad 8.8 BSIDES 2024 SUR, un evento pionero que une dos de las más grandes conferencias de ciberseguridad en Chile con el propósito de democratizar el conocimiento técnico y…INFOSEC.PUB
5 DecBlueAlpha Leverages Cloudflare Tunnels for GammaDrop Infrastructuresubmitted by Joker to cybersecurity 1 points | 0 comments https://www.recordedfuture.com/research/bluealpha-abuses-cloudflare-tunneling-serviceINFOSEC.PUB
5 DecBackdoor slips into popular code library, drains ~$155k from digital walletssubmitted by PhilipTheBucket to cybersecurity 1 points | 0 comments https://arstechnica.com/information-technology/2024/12/backdoor-slips-into-popular-code-library-drains-155k-from-digital-wallets/SH.ITJUST.WORKS
5 DecSolana SDK backdoored to steal secrets, private keyssubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.csoonline.com/article/3617893/solana-sdk-backdoored-for-stealing-secrets-private-keys.html Two spoofed versions of the Web3.js library were pushed out to capture private keys and send them to a hardcoded addre…SH.ITJUST.WORKS
5 DecTenable's Amit Yoran Takes Medical Leave; Interim CEOs NamedCFO Stephen Vintz, COO Mark Thurmond to Run Tenable as CEO Yoran Receives Treatment Longtime Tenable CEO Amit Yoran is temporarily stepping aside for cancer treatment and recovery, with top deputies Stephen Vintz and Mark Thurmond stepping up to lead the organization. Yoran was d…DATABREACHTODAY.CO.UK
5 DecAI and 'Customer Zero' Practices for Enhanced UsabilityBarracuda's Siroui Mushegian on Building Resilient Solutions Through Collaboration Barracuda's CIO Siroui Mushegian discusses how Barracuda uses AI and strong partnerships to deliver comprehensive cybersecurity solutions. The company builds products on AWS infrastructure, sells t…DATABREACHTODAY.CO.UK
5 DecSecurity News - PSW #853Bootkitties and Linux bootkits, Canada realizes banning Flippers is silly, null bytes matter, CVE samples, how dark web marketplaces do security, Perl code from 2014 and vulnerabilities in needrestart, malware in gaming engines, the nearby neighbor attack, this week in security a…YOUTUBE.COM
5 DecHacker Gadgets - PSW #853The hosts discuss hacker gadgets! We'll cover what we've been hacking on lately and discuss gadgets we want to work on in the future and other gadgets we want to get our hands on. * Paul has been working with some M5Stack devices, a guide can be found here: https://securitypodcas…YOUTUBE.COM
5 DecOne Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s Annual InfoSec Awards during CyberDefenseCon 2024. One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the …GBHACKERS.COM
5 DecRussian APT Hackers Co-Opt Pakistani InfrastructureFSB Hackers Have Hijacked Others' Command and Control Before A Russian state hacking group hijacked the command and control infrastructure of a Pakistan-based espionage network as part of an ongoing intelligence-gathering operation targeting victims in Asia, finds a report from M…DATABREACHTODAY.CO.UK
5 DecCryptohack Roundup: Solana npm Package Attack Risks WalletsAlso, Man Who Stole $3.5M of Cloud Computing to Mine $1M in Crypto Pleads Guilty This week, Solana npm package attack, a Brazilian banking giant entered crypto trading and a Nebraska man pleaded guilty to cryptojacking. Australia tightened rules for crypto businesses and crypto l…DATABREACHTODAY.CO.UK
5 DecVeeam Closes $2B Offering to Boost Data Resilience, Eyes IPOCEO Anand Eswaran Talks Investors, Innovation and Data Resilience Leadership CEO Anand Eswaran explains how Veeam's $2 billion secondary offering strengthens its financial position as the data resilience vendor prepares for an initial public offering. He discusses the company’s c…DATABREACHTODAY.CO.UK
5 DecWhy security leaders trust Microsoft Sentinel to modernize their SOCMicrosoft Sentinel transforms security operations centers with cloud-native SIEM capabilities, AI-powered threat detection, and cost-effective scalability to protect your entire digital ecosystem. The post Why security leaders trust Microsoft Sentinel to modernize their SOC ap…MICROSOFT.COM
5 Dec8 years as a Leader in the Gartner® Magic Quadrant™ for Access ManagementFor the 8th year in a row, Microsoft is designated a Leader in Gartner® Magic Quadrant™ for Access Management for our Microsoft Entra ID products and related solutions. The post 8 years as a Leader in the Gartner® Magic Quadrant™ for Access Management appeared first on Mic…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
5 DecRussian programmer says FSB agents planted spyware on his Android phoneSecurity researchers confirmed the programmer's phone had spyware, likely during a spell in Russian detention. The programmer told his story to TechCrunch. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
5 DecThis $3,000 Android Trojan Targeting Banks and Cryptocurrency ExchangesAs many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot. "DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-…THEHACKERNEWS.COM
5 DecNew Android spyware found on phone seized by Russian FSBAfter a Russian programmer was detained by Russia's Federal Security Service (FSB) for fifteen days and his phone confiscated, it was discovered that a new spyware was secretly installed on his device upon its return. [...]BLEEPINGCOMPUTER.COM
🎙️ PODCASTS 1[−]
5 DecSmashing Security podcast #396: Dishy DDoS dramas, and mining our minds for dataA CEO is arrested for turning satellite receivers into DDoS attack weapons! Then, we'll journey into the world of bossware and "affective computing" and explore how AI is learning to read our emotions – is this the future of work, or a recipe for dystopia? All this and more is di…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 9[−]
5 Dec[Guest Diary] Business Email Compromise, (Thu, Dec 5th)[This is a Guest Diary by Chris Kobee, an ISC intern as part of the SANS.edu Bachelor&#;39;s Degree in Applied Cybersecurity (BACS) program [1].
ISC.SANS.EDU
5 DecNCA Busts Russian Crypto Networks Laundering Funds and Evading SanctionsThe U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America. The effort, c…THEHACKERNEWS.COM
5 DecHow to guard against webcam and microphone tracking | Kaspersky official blogDo you need to tape over your camera in 2024?KASPERSKY.COM
5 DecExecutive summary and updated joint guidance on choosing secure and verifiable technologiesCYBER.GC.CA
5 DecEuropol Shuts Down Manson Market Fraud Marketplace, Seizes 50 ServersEuropol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of tw…THEHACKERNEWS.COM
5 DecWhat If Enron Sold Crypto? 🤔What happens when two of the most infamous names collide? 🤑 Imagine Enron selling crypto – would you trust it? Doug White dives into a hilarious story about unfortunate name choices and a club’s unexpected connection to history. Watch till the end for a laugh and a little lesson …YOUTUBE.COM
5 DecNebraska Man pleads guilty to dumb cryptojacking operationA Nebraska man pleaded guilty on Thursday to operating a large-scale cryptojacking operation after being arrested and charged in April. [...]BLEEPINGCOMPUTER.COM
5 DecNebraska Man pleads guilty to $3.5 million cryptojacking schemeA Nebraska man pleaded guilty on Thursday to operating a large-scale cryptojacking operation after being arrested and charged in April. [...]BLEEPINGCOMPUTER.COM
5 DecPhilip Torr: AI to the people | Starmus HighlightsWe’re on the cusp of a technological revolution that is poised to transform our lives – and we hold the power to shape its impactWELIVESECURITY.COM