107Articles
9Categories
2024-12-12Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 11[−]
12 DecAMD data center chips vulnerable to revealing data through ‘BadRAM’ attackAMD’s Secure Encrypted Virtualization (SEV), meant to protect processor memory from prying eyes in virtual machine (VM) environments, can be tricked into giving access to its encrypted memory contents using a test rig costing less than $10, researchers have revealed. Dubbed “BadR…CSOONLINE.COM
12 DecSplunk RCE Vulnerability Let Attackers Execute Remote CodeSplunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution (RCE) vulnerability. This flaw, identified as CVE-2024-53247, affects several versions of Splunk Enterprise and the Splunk Secure Gateway app on the Splunk Cloud Platform. The vulnerabili…GBHACKERS.COM
12 DecWordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable PluginsMalicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prio…THEHACKERNEWS.COM
12 DecResearchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOSDetails have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-202…THEHACKERNEWS.COM
12 DecKeyTrap DNSSEC: The day the internet (almost) stood stillA severe vulnerability in the internet lookup protocol DNSSEC carried the potential to make much of the web functionally inaccessible for many, according to a presentation at Black Hat Europe . DNSSEC (Domain Name System Security Extensions) offers mitigation against various type…CSOONLINE.COM
12 DecMicrosoft Windows ‘Best Fit’ character conversion ‘ripe for exploitation’Security researchers have outlined a novel attack vector that exploits the “Best Fit” character conversion technology built into Windows. The technology comes into play in string conversions, particularly when characters cannot be directly represented in a target character set. H…CSOONLINE.COM
12 DecCVE-2024-49147 Microsoft Update Catalog Elevation of Privilege VulnerabilityDeserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.MSRC.MICROSOFT.COM
12 DecCVE-2024-49071 Windows Defender Information Disclosure VulnerabilityImproper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 Dec KEVSecurity researchers find deep flaws in CVSS vulnerability scoring systemThe industrywide method for assessing the severity of vulnerabilities in software and hardware needs to be revised because it provides potential misleading severity assessment, delegates at Black Hat Europe were told Thursday. The Common Vulnerability Scoring System (CVSS) makes …CSOONLINE.COM
12 DecChromium: CVE-2024-12381 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
12 DecChromium: CVE-2024-12382 Use after free in TranslateThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 34[−]
12 DecAttackers can abuse the Windows UI Automation framework to steal data from appsAn accessibility feature built into Windows to facilitate the use of computers by people with disabilities can be abused by malware to steal data from other applications or control them in malicious ways that evades detection by most endpoint protection systems . The Windows UI A…CSOONLINE.COM
12 DecEuropol Shutsdown 27 DDoS Service Provider PlatformsIn a major international operation codenamed “PowerOFF,” Europol, collaborating with law enforcement agencies across 15 countries, has taken down 27 illegal platforms facilitating Distributed Denial-of-Service (DDoS) attacks. This takedown marks a significant blow to the cybercri…GBHACKERS.COM
12 DecEuropol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins ArrestedA global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a multi-year international exercise called PowerOFF. The effort, coordinated by Europol and involving 15 coun…THEHACKERNEWS.COM
12 DecBadRAM Attack Breaches AMD Secure VMs with $10 DeviceResearchers have uncovered a vulnerability that allows attackers to compromise AMD’s Secure Encrypted Virtualization (SEV) technology using a $10 device. This breakthrough exposes a previously underexplored weakness in memory module security, specifically in cloud computing…GBHACKERS.COM
12 DecThe 7 most in-demand cybersecurity skills todayCybersecurity teams find themselves understaffed , overburdened , and rushing to keep up with a rapidly changing threat landscape, as cyberattackers continually devise new ways to attack organizations — and organizations accelerate their embrace of the latest technologies . As a …CSOONLINE.COM
12 DecA security ‘hole’ in Krispy Kreme Doughnuts helped hackers take a biteGlobal Doughnut and coffee chain owner Krispy Kreme, famous for its “original glazed doughnuts,” has a “portion of their IT systems” disrupted by a cyberattack. In an SEC filing on Wednesday, the global doughnut business said it suffered a cybersecurity incident that has hampered…CSOONLINE.COM
12 DecCleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in AttacksCleo has released patches for the exploited vulnerability and security firms have detailed the malware delivered in attacks. The post Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecConvoC2 – A Red Teamers Tool To Execute Commands on Hacked Hosts Via Microsoft TeamsA stealthy Command-and-Control (C2) infrastructure Red Team tool named ConvoC2 showcases how cyber attackers can exploit Microsoft Teams to execute system commands on compromised hosts remotely. This innovative project, designed with Red Team operations in mind, uses Teams messag…GBHACKERS.COM
12 DecCleo 0-day Vulnerability Exploited to Deploy Malichus MalwareCybersecurity researchers have uncovered a sophisticated exploitation campaign involving a zero-day (0-day) vulnerability in Cleo file transfer software platforms. This campaign has been used to deliver a newly identified malware family, now dubbed “Malichus.” The threat, recentl…GBHACKERS.COM
12 DecSplunk RCE Vulnerability Let Attackers Execute Remote Codesubmitted by kid to cybersecurity 2 points | 0 comments https://gbhackers.com/splunk-rce-vulnerability/SH.ITJUST.WORKS
12 Dec27 DDoS Attack Services Taken Down by Law EnforcementLaw enforcement agencies in 15 countries cooperated in taking down 27 websites selling DDoS-for-hire services. The post 27 DDoS Attack Services Taken Down by Law Enforcement appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecAttack Exploiting Legitimate Service by APT-C-60submitted by Joker to cybersecurity 1 points | 0 comments https://blogs.jpcert.or.jp/en/2024/12/APT-C-60.htmlINFOSEC.PUB
12 DecMicrosoft MFA Bypassed via AuthQuake AttackOasis Security has disclosed AuthQuake, a method for bypassing Microsoft MFA within an hour without user interaction. The post Microsoft MFA Bypassed via AuthQuake Attack appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecMalicious ESLint Package Let Attackers Steal Data And Inject Remote CodeCybercriminals exploited typosquatting to deploy a malicious npm package, `@typescript_eslinter/eslint`, targeting developers seeking the legitimate TypeScript ESLint plugin, which was designed to mimic the genuine plugin, compromised systems by monitoring keystrokes, clipboard d…GBHACKERS.COM
12 DecMobile Surveillance Tool EagleMsgSpy Used by Chinese Law EnforcementLookout details EagleMsgSpy, a surveillance tool used by Chinese law enforcement to collect data from Android devices. The post Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecUnauthorized access to iCloud: analyzing an iOS vulnerability that could expose sensitive data to attackerssubmitted by Joker to cybersecurity 2 points | 0 comments https://www.jamf.com/blog/tcc-bypass-steals-data-from-icloud/INFOSEC.PUB
12 DecOver 300K Prometheus Instances Exposed: Credentials and API Keys Leaking OnlineCybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. "Prometheus servers or exporters, ofte…THEHACKERNEWS.COM
12 DecApache issues patches for critical Struts 2 RCE bugsubmitted by PhilipTheBucket to cybersecurity 1 points | 0 comments https://go.theregister.com/feed/www.theregister.com/2024/12/12/apache_struts_2_vuln/SH.ITJUST.WORKS
12 DecFortinet Acquires Perception Point Reportedly for $100 MillionFortinet has acquired Israeli collaboration and email security company Perception Point to expand its offering. The post Fortinet Acquires Perception Point Reportedly for $100 Million appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecCISA Releases Ten Industrial Control Systems AdvisoriesCISA released ten Industrial Control Systems (ICS) advisories on December 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-347-01 Siemens CPCI85 Central Processing/Communication ICSA-24-347…CISA.GOV
12 DecBitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposedUS Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. [...]BLEEPINGCOMPUTER.COM
12 DecNavigating Regulations in Supply Chain Security - Eric Greenwald - PSW #854Join us for this segment as we discuss government regulations and certifications as they apply to supply chain security and vulnerability management, and how understanding the mumbo jumbo can enable organizations to improve their cyber security. Visit https://www.securityweekly.c…YOUTUBE.COM
12 DecMobile Phishing Campaign Targets Job SeekersResearchers at Zimperium warn that a phishing campaign is targeting Android phones to deliver the Antidot banking trojan.KNOWBE4.COM
12 DecApple Releases Security Updates for Multiple ProductsApple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply nec…CISA.GOV
12 DecCleo patches critical zero-day exploited in data theft attacksCleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. [...]BLEEPINGCOMPUTER.COM
12 DecEuropol shutters 27 DDoS sites in major crackdownEuropol has announced that it has carried out a major crackdown on cybercriminal actors in cooperation with the police authorities in 15 countries as part of an ongoing international crackdown known as PowerOFF. Included in the effort are the Australian Federal Police, the UK’s N…CSOONLINE.COM
12 DecHackers Exploiting Cleo Software Zero-DayAttackers Target Managed File Transfer Software Vulnerabilities File transfer software made by Cleo Communications is under active attack and a patch meant to stymie hackers doesn't fix the flaw, say security researchers from Huntress. Hackers exploit an arbitrary file-write vuln…DATABREACHTODAY.CO.UK
12 DecNew Malware Framework Targets Cleo File SystemsPossible Long-Term Attack by Unknown Hackers Thwarted Hackers exploiting flaws in Cleo Communications software instances had intimate knowledge of their internals and deployed a previously unknown family of malware, security researchers from Huntress said Thursday. Cleo published…DATABREACHTODAY.CO.UK
12 DecExperts Call for Overhaul of National Cyber Director RoleCybersecurity Experts Push for Clearer Mission, Expanded Authority, More Resources Cybersecurity experts are urging a revamp of the Office of the National Cyber Director. The Center for Cybersecurity Policy and Law says the office needs a clearer mission, more resources and the a…DATABREACHTODAY.CO.UK
12 DecNY Health Group Fined $550K in Unpatched Vulnerability HackAG Says HealthAlliance Tried But Failed to Fix Zero-Day Flaw That Led to Exploit New York State has levied a $550,000 fine against a healthcare group that tried - but failed - to patch a critical zero-day vulnerability in a Citrix NetScaler appliance used for telemedicine. Hacker…DATABREACHTODAY.CO.UK
12 DecUS Indicts 14 North Koreans in IT Scam Funding WMD ProgramsDOJ Indicts North Korean IT Workers for Using Remote Jobs to Fund Weapons Programs U.S. federal prosecutors indicted 14 North Koreans for a long-running IT scam generating $88 million by exploiting remote work with U.S. firms, a scheme prosecutors say is tied to DPRK-controlled c…DATABREACHTODAY.CO.UK
12 DecPolice shuts down Rydox cybercrime market, arrests 3 adminsInternational law enforcement operation seizes the Rydox cybercrime marketplace and arrests three administrators. [...]BLEEPINGCOMPUTER.COM
12 DecNew stealthy Pumakit Linux rootkit malware spotted in the wildA new Linux rootkit malware called Pumakit has been discovered that uses stealth and advanced privilege escalation techniques to hide its presence on systems. [...]BLEEPINGCOMPUTER.COM
12 DecA Vulnerability in Multiple Cleo Products Could Allow for Remote Code ExecutionA vulnerability has been discovered in multiple Cleo products that could allow for remote code execution. Cleo’s LexiCom, VLTransfer, and Harmony is software that is commonly used to manage file transfers. Successful exploitation of this vulnerability could allow for remote code …CISECURITY.ORG
📋 SECURITY BULLETINS 1[−]
12 DecGitLab Security Update, Patch for Critical VulnerabilitiesGitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE). The newly released versions 17.6.2, 17.5.4, and 17.4.6 address several high-severity vulnerabilities, and GitLab strongly recommends that all self-managed install…GBHACKERS.COM
📢 SECURITY ADVISORIES 4[−]
12 DecRydox Cybercrime Marketplace Shut Down and Three Administrators Arrestedsubmitted by Joker to cybersecurity 1 points | 0 comments https://www.justice.gov/opa/pr/rydox-cybercrime-marketplace-shut-down-and-three-administrators-arrested According to the indictment, the Rydox marketplace has conducted over 7,600 sales of personally identifiable informati…INFOSEC.PUB
🔥 INCIDENT REPORTING 13[−]
12 DecBitcoin ATM giant Byte Federal says 58,000 users’ personal data compromised in breachByte Federal, one of the largest Bitcoin ATM operators in the U.S., said the personal data of thousands of customers may have been compromised during a recent breach. In a filing with Maine’s attorney general, Florida-based Byte Federal said hackers tried to access the data…TECHCRUNCH.COM
12 DecBadRAM: Breaching Processor Security via Rogue Memory Modulessubmitted by Joker to cybersecurity 1 points | 0 comments https://badram.eu/INFOSEC.PUB
12 DecMicrosoft Defender XDR demonstrates 100% detection coverage across all cyberattack stages in the 2024 MITRE ATT&CK® Evaluations: Enterprise​​submitted by Joker to cybersecurity 1 points | 0 comments https://www.microsoft.com/en-us/security/blog/2024/12/11/microsoft-defender-xdr-demonstrates-100-detection-coverage-across-all-cyberattack-stages-in-the-2024-mitre-attck-evaluations-enterprise/INFOSEC.PUB
12 DecTriad Nexus, Chinese Hackers Using 200,000 Domains For Widespread Cyber AttackResearchers identified FUNNULL, a Chinese CDN, as hosting malicious content, which includes fake trading apps for financial fraud, gambling sites likely used for money laundering, and phishing login pages targeting luxury brands.  The gambling sites use algorithmically gener…GBHACKERS.COM
12 DecJapanese publisher Kadokawa paid $3 million to Russia-linked hacker group after cyberattacksubmitted by Joker to cybersecurity 1 points | 0 comments https://mainichi.jp/english/articles/20241212/p2g/00m/0na/035000cINFOSEC.PUB
12 DecSecurity Operations in 2025 and BeyondLearn 2025 trends and challenges from Cortex leadership as organizations face cyberattacks and signs of cybercriminal adoption of AI. The post Security Operations in 2025 and Beyond appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
12 DecDie wichtigsten Cybersecurity-Prognosen für 2025Der Cybersecurity-Blick auf 2025. Madcat_Madlove – Shutterstock.com Cyberangriffe auf mehrere deutsche Kliniken oder weltweite IT-Ausfälle durch eine Ransomware-Attacke auf den Software-as-a-Service (SaaS)-Anbieter Blue Yonder – das Jahr 2024 war geprägt von zahlreichen Meldungen…CSOONLINE.COM
12 DecDoughnut orders disrupted! Krispy Kreme suffers hack attackKrispy Kreme, the dispenser of delectable doughnuts, says that it suffered a cyber attack at the end of last month which saw its IT systems compromised and has disrupted online orders in parts of the United States. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
12 DecTriad Nexus, Chinese Hackers Using 200,000 Domains For Widespread Cyber Attacksubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/chinese-hackers-200k-domains-attack/SH.ITJUST.WORKS
12 DecInline vs. Post Breach: How Cybersecurity Adapts in Real-Time!Inline cybersecurity is the frontline of defense during a breach 🚨. But how do systems adapt in real-time to block threats and stop attacks? Discover how experts identify exposures, leverage cutting-edge tools, and stop breaches before they spiral out of control. From pre-breach …YOUTUBE.COM
12 DecMITRE ATT&CK Evaluation Results 2024 – Cynet Became a Leader With 100% Detection & ProtectionAcross small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital to understand the current cybersecurity vendo…GBHACKERS.COM
12 DecPhishing: The Silent Precursor to Data BreachesPhishing is more than a mere nuisance—it is a formidable precursor to destructive data breaches. The post Phishing: The Silent Precursor to Data Breaches appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecCrypto Roundup: Crypto Pros Targeted with Fake Meeting AppsAlso, Australian Fines Kraken AU$8 million Over Breaches This week, scammers targeted crypto workers with fake meeting apps, Australia fined Kraken crypto exchange operator Bit Trade and a Los Angeles federal court ordered five individuals to pay $5 million. Polish police detaine…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 32[−]
12 DecRussia takes unusual route to hack Starlink-connected devices in Ukrainesubmitted by PhilipTheBucket to cybersecurity 1 points | 0 comments https://arstechnica.com/security/2024/12/russia-takes-unusual-route-to-hack-starlink-connected-devices-in-ukraine/SH.ITJUST.WORKS
12 DecINTERPOL & Trend's Fight Against CybercrimeTrend threat intelligence and training were crucial to the success of two major policing operations in 2024TRENDMICRO.COM
12 DecISC Stormcast For Thursday, December 12th, 2024 https://isc.sans.edu/podcastdetail/9252, (Thu, Dec 12th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
12 DecGoogle Gemini 2.0 Introduced With Advanced AI for DevelopersMultimodal Agentic AI Delivers Speed, Tools, and Research Prototypes Google's latest AI model can natively process and output text, images and audio in the search giant's push toward more autonomous reasoning, planning and action. The company said Gemini 2.0 is designed for appli…DATABREACHTODAY.CO.UK
12 Dec8 Trends Reshaping Network Security in 2025Eight trend predictions for network security in 2025 that Palo Alto Networks thinks will redefine organizations’ approach to cybersecurity. The post 8 Trends Reshaping Network Security in 2025 appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
12 DecMessenger Group Call DoS for iOSsubmitted by Joker to cybersecurity 1 points | 0 comments https://s11research.com/posts/Messenger-Group-Call-DoS-for-iOS/INFOSEC.PUB
12 DecHunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress SitesTwo vulnerabilities in the Hunk Companion and WP Query Console WordPress plugins allow attackers to backdoor websites. The post Hunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress Sites appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecFrench internet operator fined $53 million for unsolicited ads and tracking users without consentsubmitted by kid to cybersecurity 3 points | 0 comments https://therecord.media/french-internet-operator-fined-53-million-unsolicited-ads-trackingSH.ITJUST.WORKS
12 DecInside Zloader’s Latest Trick: DNS Tunnelingsubmitted by kid to cybersecurity 2 points | 0 comments https://www.zscaler.com/blogs/security-research/inside-zloader-s-latest-trick-dns-tunnelingSH.ITJUST.WORKS
12 DecCareto APT’s recent attacks discoveredsubmitted by Joker to cybersecurity 1 points | 0 comments https://securelist.com/careto-is-back/114942/INFOSEC.PUB
12 DecHacktivist Alliances Target France Amidst Political Crisissubmitted by Joker to cybersecurity 2 points | 0 comments https://cyble.com/blog/hacktivist-alliances-target-france/INFOSEC.PUB
12 DecNew Chinese Surveillance Tool Attack Android Users Since 2017Wuhan Chinasoft Token Information Technology Co., Ltd. developed EagleMsgSpy, a surveillance tool operational since 2017, which, installed as an APK, secretly collects extensive user data, including chat messages, screen recordings, audio, call logs, contacts, SMS, location, and …GBHACKERS.COM
12 DecAntidot Malware Attacking Employees Android Devices To Inject Malicious PayloadsResearchers discovered a new variant of the AntiDot banking trojan targeting Android mobile devices through a mobile-phishing (mishing) campaign, where this variant builds upon the version identified by Cyble in May 2024. The attackers leverage social engineering tactics, posing …GBHACKERS.COM
12 DecSecurity roundup: Top AI stories in 20242024 has been a banner year for artificial intelligence (AI). As enterprises ramp up adoption, however, malicious actors have been exploring new ways to compromise systems with intelligent attacks. With the AI landscape rapidly evolving, it’s worth looking back before movin…SECURITYINTELLIGENCE.COM
12 DecThe Ghost of Christmas Past – AI’s Past, Present and FutureThe potential for how AI may change the way we work is endless, but we are still a way off from this and careful planning and consideration is what is needed. The post The Ghost of Christmas Past – AI’s Past, Present and Future appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecGamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet StatesThe Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy an…THEHACKERNEWS.COM
12 DecSublime Snags $60M Series B for Email Security TechSublime said the new capital was provided by IVP, Citi Ventures, Index Ventures, Decibel Partners, and Slow Ventures and brings the total raised to $93.8 million. The post Sublime Snags $60M Series B for Email Security Tech appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecSilent Push Raises $10 Million for Preemptive Threat Intelligence PlatformThreat intel startup Silent Push has raised $10 million in a funding round co-led by Ten Eleven Ventures and Stepstone Group LP. The post Silent Push Raises $10 Million for Preemptive Threat Intelligence Platform appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecThis Trick Makes Raspberry Pi Projects EASY 🔧Tired of complicated Raspberry Pi setups? 🤔 Discover the genius of modular computing! In this short, we show how a simple daughter board transforms your Raspberry Pi into a flexible, swappable powerhouse. Whether you’re working on laptops, gaming setups, or creative projects, thi…YOUTUBE.COM
12 DecBe Careful of Malicious AdsFor decades, we have all been warned to be appropriately skeptical of internet search engine results. Sadly, most people are not.KNOWBE4.COM
12 DecLookout Discovers PlainGnome and Bonespy Russian Android spywaresubmitted by Joker to cybersecurity 1 points | 0 comments https://www.lookout.com/threat-intelligence/article/gamaredon-russian-android-surveillancewareINFOSEC.PUB
12 DecDeclawing PUMAKITsubmitted by Joker to cybersecurity 1 points | 0 comments https://www.elastic.co/security-labs/declawing-pumakit PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-a…INFOSEC.PUB
12 DecThe Stealthy Stalker: Remcos RATsubmitted by Joker to cybersecurity 1 points | 0 comments https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-stealthy-stalker-remcos-rat/INFOSEC.PUB
12 DecNo Paul? We got this! - PSW #854In the security news, the crew, (minus Paul) get to gather to discus hacks causing disruptions, in healthcare, donuts and vodka, router and OpenWRT hacks (and the two are not related), Salt/Volt Typhoon means no more texting and 10 year old vulnerabilities and more! Visit https:/…YOUTUBE.COM
12 DecCheckmarx CEO: Evolving Supply Chain Threats Demand ActionCheckmarx's Sandeep Johri Details Malicious Code, AI Risks in Application Security As software complexities grow, supply chain security is now essential to application security, according to Sandeep Johri, Checkmarx CEO. Johri discusses the challenges of malicious code, adversari…DATABREACHTODAY.CO.UK
12 DecFake IT Workers Funneled Millions to North Korea, DOJ SaysThe fake IT worker scheme netted $88 million over six years, transferred through U.S. and Chinese financial systems to the DPRK government. The post Fake IT Workers Funneled Millions to North Korea, DOJ Says appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecUS offers $5 million for info on North Korean IT worker farms​The U.S. State Department is offering a reward of up to $5 million for information that could help disrupt the activities of North Korean front companies and employees generating millions via illegal remote IT work schemes. [...]BLEEPINGCOMPUTER.COM
12 DecNew IOCONTROL malware used in critical infrastructure attacksIranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. [...]BLEEPINGCOMPUTER.COM
12 DecRussia Used Borrowed Spyware to Target Ukrainian TroopsSecret Blizzard Used Third-party Amadey Bots to Hack Ukrainian Military Devices A Russian state-backed hacker group used third-party data-stealing bots and possibly a backdoor used by another Russia-based threat group to infiltrate and spy on devices used by frontline Ukrainian m…DATABREACHTODAY.CO.UK
12 DecInside a New OT/IoT Cyberweapon: IOCONTROLsubmitted by Joker to cybersecurity 1 points | 0 comments https://claroty.com/team82/research/inside-a-new-ot-iot-cyber-weapon-iocontrol Executive Summary > - Team82 obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by the Iran-affiliated attackers to at…INFOSEC.PUB
12 DecNew IT Support in Townsubmitted by Joker to cybersecurity 2 points | 0 comments https://research.kudelskisecurity.com/2024/12/12/new-it-support-in-town/INFOSEC.PUB
12 DecConvincing a billion users to love passkeys: UX design insights from Microsoft to boost adoption and securityPasskeys offer faster, safer sign-ins than passwords. Microsoft encourages users to adopt passkeys for improved security and convenience. The post Convincing a billion users to love passkeys: UX design insights from Microsoft to boost adoption and security appeared first on Micro…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
12 Dec27 DDoS-for-hire services disrupted in run-up to holiday seasonOperation PowerOFF has disrupted what was anticipated to be a surge of distributed denial-of-service (DDoS) attacks over the Christmas period by taking over two dozen "booter" or "stresser" websites offline. Read more in my article on the Tripwire State of Security blog.TRIPWIRE.COM
12 DecHow Repo Swatting Can Destroy Your GitHub Account!How safe is your GitHub account? 🤔 A new attack called Repo Swatting is wreaking havoc on developers worldwide. Hackers sneak malicious binaries into projects and falsely report them for malware, getting accounts banned and wasting hours of precious time. In this video, we break …YOUTUBE.COM
🎙️ PODCASTS 1[−]
12 DecSmashing Security podcast #397: Snowflake hackers, and under the influenceA Canadian man is arrested in relation to the Snowflake hacks from earlier this year - after a cybersecurity researcher managed to track his identity, and a cryptocurrency-trading Instagram influencer is in trouble with the law. All this and more is discussed in the latest editio…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 9[−]
12 DecWhich encrypted file storage to choose? | Kaspersky official blogAttacks on encrypted file storage: how to choose a safe alternative to Dropbox or OneDriveKASPERSKY.COM
12 DecResearchers find security flaws in Skoda cars that may let hackers remotely track themSecurity researchers have discovered multiple vulnerabilities in the infotainment units used in some Skoda cars that could allow malicious actors to remotely trigger certain controls and track the cars’ location in real time. PCAutomotive, a cybersecurity firm specializing …TECHCRUNCH.COM
12 DecSaaS Budget Planning Guide for IT ProfessionalsSaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, it’s no wonder SaaS budgets are a big deal in the world of finance and IT. Efficient SaaS utilization can sig…THEHACKERNEWS.COM
12 DecThe Bite from Inside: The Sophos Active Adversary ReportA sea change in available data fuels fresh insights from the first half of 2024SOPHOS.COM
12 DecSpain busts voice phishing ring for defrauding 10,000 bank customersThe Spanish police, working with colleagues in Peru, conducted a simultaneous crackdown on a large-scale voice phishing (vishing) scam ring in the two countries, arresting 83 individuals. [...]BLEEPINGCOMPUTER.COM
12 DecYahoo cybersecurity team sees layoffs, outsourcing of ‘red team,’ under new CTOYahoo laid off around 25% of its cybersecurity team, known as The Paranoids, over the last year. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
12 DecBlack Hat Europe 2024: Can AI systems be socially engineered?Could attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally?WELIVESECURITY.COM
12 DecBlack Hat Europe 2024: Can AI systems be socially engineered?Could attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally?WELIVESECURITY.COM