🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
15 DecExploit attempts inspired by recent Struts2 File Upload Vulnerability (CVE-2024-53677, CVE-2023-50164), (Sun, Dec 15th)Last week, Apache announced a vulnerability in Struts2 [1]. The path traversal vulnerability scored 9.5 on the CVSS scale. If exploited, the vulnerability allows file uploads into otherwise restricted directories, which may lead to remote code execution if a webshell is…ISC.SANS.EDU
⚠️ VULNERABILITY DISCLOSURE 3[−]
15 DecMalware warning on my phone (mirai-gx)submitted by joulethief to cybersecurity 1 points | 0 comments Hey there, not entirely sure where to post this, hope it fits. This morning, for the first time ever, my phone (a Huawei P20) showed a malware warning to me. The app ‘Idealo’, a german portal for price comparison, was…INFOSEC.PUB
15 DecWeekly Update 430Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device. I'm back in Oslo! Writing this the day after recording, it feels like I couldn't be further from Dubai; the temperature starts with a minus, it's snowi…TROYHUNT.COM
15 DecClop ransomware claims responsibility for Cleo data theft attacksThe Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 1[−]
15 DecMC2 Data - 2,122,280 breached accountsIn August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher . The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of differe…HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 3[−]
15 DecGetting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentialssubmitted by Joker to cybersecurity 1 points | 0 comments https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/INFOSEC.PUB
15 DecGlutton: A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimalssubmitted by Joker to cybersecurity 1 points | 0 comments https://blog.xlab.qianxin.com/glutton_stealthily_targets_mainstream_php_frameworks-en/INFOSEC.PUB
15 DecWinnti hackers target other threat actors with new Glutton PHP backdoorThe Chinese Winnti hacking group is using a new PHP backdoor named 'Glutton' in attacks on organizations in China and the U.S., and also in attacks on other cybercriminals. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 4[−]
15 DecOffice 365 Token Glitch—How It Shut Everything DownMillions of users faced disruptions as Microsoft Office 365 apps, including Outlook and OneDrive, experienced major outages due to a glitch in their authentication system. 🖥️🔧 Microsoft is investigating the issue, focusing on token generation failures in their infrastructure. Whi…YOUTUBE.COM
15 DecHam Radio Meets Android – Game Changer!Did you know your Android phone can become a full-fledged ham radio? 📱➡️📻 With just an ESP32 module and some setup, you can transmit, receive, and even text message using ham radio protocols! Whether you're into scanning or chatting, this tech combo is a must-try for radio enthus…YOUTUBE.COM
15 DecConfessions of a Cyber Stalker?! 😱Confessions of a Cyber Stalker?! 😱 Ever wondered what it’s like to walk in the shoes of a professional cyber investigator? Ken Westin spills the beans, sharing the surprising highs and lows of tracking digital footprints. From unexpected hacker movie favorites to the quirks of li…YOUTUBE.COM
15 DecC-Suite Says 'You're Included' But Are You? 🤔The boardroom thinks they've got cybersecurity under control, but what do the real security pros say? There's a major disconnect happening in companies everywhere, and it's not what you think! 😮 The C-Suite may believe their security teams are in the loop, but many cybersecurity …YOUTUBE.COM