⚠️ VULNERABILITY DISCLOSURE 8[−]
14 Dec390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC ExploitsA now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a t…THEHACKERNEWS.COM
14 DecAI and Quantum Computing - Waves of innovation and Cyber Security Concerns: Cyber Security Today Weekend for December 14, 2024AI and Quantum Computing: Waves of Innovation and Cybersecurity Concerns In this episode of Cyber Security Today, host Jim Love delves into the latest in AI advancements, discussing their impact on cybersecurity with guests Marcel Gagné and John Pinard. The conversation covers a …CYBERSECURITYTODAY.LIBSYN.COM
14 DecTibber - 50,002 breached accountsIn November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers . The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases. The data was provided to HIBP …HAVEIBEENPWNED.COM
14 DecNodeLoader Exposed: The Node.js Malware Evading Detectionsubmitted by Joker to cybersecurity 2 points | 0 comments https://www.zscaler.com/blogs/security-research/nodeloader-exposed-node-js-malware-evading-detection Key Takeaways > - ThreatLabz has observed threat actors deploying NodeLoader using the Node Package Manager (NPM) pkg …INFOSEC.PUB
14 DecNew Research Uncovered Dark Internet Service Providers Used For HackingBulletproof hosting services, a type of dark internet service provider, offer infrastructure to cybercriminals, facilitating malicious activities like malware distribution, hacking attacks, fraudulent websites, and spam. These services evade legal scrutiny, posing a signifi…GBHACKERS.COM
14 DecOver 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking ExploitThe research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks from pprof endpoints, and potential code execution threats, which could lead to data breaches, system outages, and unauthorized access. Vulnerable Prometheus se…GBHACKERS.COM
14 DecReyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi LoginsResearchers discovered multiple vulnerabilities in Ruijie Networks’ cloud-connected devices. By exploiting these vulnerabilities, attackers can remotely compromise access points, gain unauthorized access to internal networks, and execute arbitrary code on affected devices.&…GBHACKERS.COM
14 DecNew Android Banking Malware Attacking Indian Banks To Steal Login CredentialsResearchers have discovered a new Android banking trojan targeting Indian users, and this malware disguises itself as essential utility services to trick users into providing sensitive information. The malware has already compromised 419 devices, intercepted 4,918 SMS messages, a…GBHACKERS.COM
🔥 INCIDENT REPORTING 4[−]
14 DecYonéma - 35,962 breached accountsIn November 2024, data from the Senegalese payment platform Yonéma was posted to a popular hacking forum . The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth.HAVEIBEENPWNED.COM
14 DecBolster Your Systems! The New Way to Beat Cyber Threats ⚔️Cross-functional communication can be the secret weapon against cyber threats! 🛡️ Theresa Lanowitz shares why it's no longer enough to focus on fear when facing hackers and ransomware. Instead, the key is strong communication between your CISO, CIO, and CTO teams to stay ahead of…YOUTUBE.COM
14 DecUnmasking Attacks with Secure Boot Alerts 🛡️Did you know that bootloader changes and Secure Boot tampering could signal a cyberattack? 🚨 Learn how to monitor these rare but critical events to protect your systems! Cybersecurity starts with vigilance. Stay ahead of the threats! 🔒 #Cybersecurity #Bootloader #SecureBoot #Cybe…YOUTUBE.COM
14 DecRhode Island says personal data likely breached in social services cyberattackState officials said hundreds of thousands of Rhode Island residents could be affected by a cyberattack on the state’s online portal for social services, with a “high probability” that personally identifiable information was breached. According to an update from Governor Da…TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 7[−]
14 DecCrypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operationsubmitted by Joker to cybersecurity 1 points | 0 comments https://unit42.paloaltonetworks.com/packer-as-a-service-heartcrypt-malware/ Executive Summary > This article analyzes a new packer-as-a-service (PaaS) called HeartCrypt, which is used to protect malware. It has been in …INFOSEC.PUB
14 DecThai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading TechniquesThai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil…THEHACKERNEWS.COM
14 DecUK police chief asks China to stop exporting engines used for small boatssubmitted by Amoxtli to cybersecurity 1 points | 0 comments https://www.yahoo.com/news/uk-police-chief-asks-china-211658139.htmlSH.ITJUST.WORKS
14 DecPassword Era is Ending Microsoft to Delete 1 Billion PasswordsMicrosoft has announced that it is currently blocking an astounding 7,000 password attacks every second, nearly double the rate from just a year ago. This surge in cyber threats underscores the urgent need for more robust authentication methods, with passkeys emerging as a promis…GBHACKERS.COM
14 DecUnder the SADBRIDGE with GOSAR: QUASAR Gets a Golang Rewritesubmitted by Joker to cybersecurity 1 points | 0 comments https://www.elastic.co/security-labs/under-the-sadbridge-with-gosar Elastic Security Labs share details about the SADBRIDGE loader and GOSAR backdoor, malware used in campaigns targeting Chinese-speaking victims. Introduct…INFOSEC.PUB
14 DecUpcoming Speaking EventsThis is a current list of where and when I am scheduled to speak: I’m speaking at a joint meeting of the Boston Chapter of the IEEE Computer Society and GBC/ACM , in Boston, Massachusetts, USA, at 7:00 PM ET on Thursday, January 9, 2025. The event will take place at the Mas…SCHNEIER.COM
14 Dec390,000 WordPress accounts stolen from hackers in supply chain attackA threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker. [...]BLEEPINGCOMPUTER.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
14 DecGermany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole ActionGermany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said the…THEHACKERNEWS.COM
14 DecThe Hidden Danger Lurking in Managed File Transfers! 🔐Ever heard of a supply chain attack? They’re not just about hacking updates like SolarWinds—there’s a scarier twist! Imagine using a managed file transfer system to bypass email security and access multiple companies’ servers. The hidden danger is real, and it’s terrifying. Could…YOUTUBE.COM
📡 INFOSEC NEWS 1[−]
14 DecVietnamese Moonshine in a Soda Bottle?! What Could Go Wrong?When your buddy retires, brings back souvenirs, and casually hands you Vietnamese moonshine in a Sprite bottle, what do you do? This short dives into an unexpected story of a reunion, cheap thrills from Vietnam, and a green bottle holding... what exactly? Will we drink it? How ba…YOUTUBE.COM