42Articles
7Categories
2024-12-18Date
🚨 CISA KEV 1[−]
18 Dec KEVCISA Adds Four Known Exploited Vulnerabilities to CatalogCISA has added four new vulnerabilities to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2018-14933  NUUO NVRmini Devices OS Command Injection Vulnerability CVE-2022-23227  NUUO NVRmini 2 Devices Missing Authentication…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
18 DecPatch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts DetectedThreat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability sha…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 18[−]
18 DecBlackberry Sells Cylance To Arctic Wolf At Huge Loss: Cyber Security Today for Wednesday, December 18, 2024BlackBerry's Cylance Sale, Major AWS Breach, Klopp Ransomware Strikes Again, and Russian Cyber Attacks In this episode of Cybersecurity Today, host Jim Love discusses BlackBerry's sale of Cylance to Arctic Wolf for significantly less than its purchase price, the massive AWS breac…CYBERSECURITYTODAY.LIBSYN.COM
18 DecHubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential TheftCybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks U…THEHACKERNEWS.COM
18 DecNot Your Old ActiveState: Introducing our End-to-End OS PlatformHaving been at ActiveState for nearly eight years, I’ve seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code. ActiveState has been helping enterprises mana…THEHACKERNEWS.COM
18 DecAPT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDPThe Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tan…THEHACKERNEWS.COM
18 DecBeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS ProductsBeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts and cred…THEHACKERNEWS.COM
18 DecCISA Releases Best Practice Guidance for Mobile CommunicationsToday, CISA released Mobile Communications Best Practice Guidance . The guidance was crafted in response to identified cyber espionage activity by People’s Republic of China (PRC) government-affiliated threat actors targeting commercial telecommunications infrastructure , specifi…CISA.GOV
18 DecNo, KnowBe4 Is Not Being ExploitedSome of our customers are reporting “Threat Alerts” from Mimecast stating hackers have exploited KnowBe4 or KnowBe4 domains to send email threats.KNOWBE4.COM
18 DecAI-Powered Investment Scams Surge: How 'Nomani' Steals Money and DataCybersecurity researchers are warning about a new breed of investment scam that combines AI-powered video testimonials, social media malvertising, and phishing tactics to steal money and personal data.KNOWBE4.COM
18 DecPhishing Campaign Targets YouTube CreatorsAn email phishing campaign is targeting popular YouTube creators with phony collaboration offers, according to researchers at CloudSEK. The emails contain OneDrive links designed to trick users into installing malware.KNOWBE4.COM
18 DecDon’t overlook these key SSE componentsSecurity service edge (SSE) has emerged as a hot topic in the networking and security markets because it provides cloud-delivered security to protect access to websites and applications. This is key for the work-from-anywhere approach enterprises adopted during the pandemic and m…CSOONLINE.COM
18 DecCisco grabs SnapAttack for threat detectionCisco is acquiring threat-detection startup SnapAttack for an undisclosed amount as it continues to expand its security portfolio . Established in 2001 by Booz Allen’s Dark Labs, SnapAttack is known for its threat detection and engineering technology, which melds threat intellige…NETWORKWORLD.COM
18 DecA new ransomware regime is now targeting critical systems with weaker networksThe year 2024’s ransomware shake-up, fueled by law enforcement crackdowns on giants like LockBit, has shifted focus to critical operations, with major attacks this year hitting targets like Halliburton, TfL , and Arkansas water plant. A Dragos study for the third quarter of 2024 …CSOONLINE.COM
18 DecMeta hit with $263 million fine in Europe over 2018 data breachMeta has been fined $263.5 million (€251 million) by Ireland’s Data Protection Commission (DPC) for a 2018 Facebook security breach that exposed the sensitive data of 29 million users globally. The breach exploited a vulnerability in Facebook’s “view as” feature, which allows use…CSOONLINE.COM
18 DecKey strategies to enhance cyber resilienceThe faulty CrowdStrike software update that triggered IT outages on a global scale in July was a sobering reminder of the importance of incident response and business continuity plans. The update caused more than eight million Windows devices to crash and take down with them airl…CSOONLINE.COM
18 DecCISOs should stop freaking out about attackers getting a boost from LLMsA common refrain from cybersecurity professionals in recent years has been the need for a diversification of the CISO role to meet the demands of increased responsibility across numerous categories. In the past year, this refrain has grown louder, specifically around the topic of…CSOONLINE.COM
18 DecThis new cipher tech could break you out of your Gen AI woesGenerative AI has cybersecurity teams thrilled and sweating bullets. The technology churns out tricks much like a slot machine on a hot streak — yet significant risks to proprietary data lurk in the background. There’s no telling how exposed that data is — once it’s fed into thes…CSOONLINE.COM
18 DecData Security Posture Management: Die besten DSPM-ToolsData Security Posture Management erfordert nicht nur die richtigen Tools, sondern auch eine entsprechende Vorbereitung. Foto: Rawpixel.com | shutterstock.com Cloud Computing ist von Natur aus dynamisch und flüchtig: Daten können schnell und einfach erstellt, gelöscht oder verscho…CSOONLINE.COM
18 DecHackers Exploiting Linux eBPF Tech to Spread Malware in Ongoing Campaignsubmitted by kid to cybersecurity 17 points | 2 comments https://hackread.com/hackers-exploit-linux-ebpf-malware-ongoing-campaign/SH.ITJUST.WORKS
📢 SECURITY ADVISORIES 1[−]
18 DecLW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take holdToday, part three of Last Watchdog ’s year-end roundtable zeroes in on the regulatory and compliance landscape. Part three of a four-part series In 2024, global pressure on companies to implement advanced data protection measures intensified, with new standards in … (more…)…LASTWATCHDOG.COM
🔥 INCIDENT REPORTING 8[−]
18 DecHow to Lose a Fortune with Just One Bad ClickAdam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized contr…KREBSONSECURITY.COM
18 DecONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK EvaluationAcross small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital to understand the current cybersecurity vendo…THEHACKERNEWS.COM
18 DecMeta Fined €251 Million for 2018 Data Breach Impacting 29 Million AccountsMeta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent …THEHACKERNEWS.COM
18 DecNebraska sues Change Healthcare over security failings that led to medical data breach of over 100 million AmericansNew details emerged about the Change Healthcare ransomware attack in Nebraska's complaint. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
18 DecDownload our breach and attack simulation (BAS) buyer’s guideFrom the editors of CSO, this enterprise buyer’s guide helps IT security staff understand what the breach and attack simulation (BAS) options can do for their organizations and how to choose the right solution.US.RESOURCES.CSOONLINE.COM
18 DecCloud Threat Landscape Report: AI-generated attacks low for the cloudFor the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially w…SECURITYINTELLIGENCE.COM
18 DecNew I2PRAT communicates via anonymous peer-to-peer networksubmitted by Joker to cybersecurity 5 points | 0 comments https://www.gdatasoftware.com/blog/2024/12/38093-ip2rat-malware Criminals try to cover their tracks as best they can. This also includes hiding any activities that control the machines they have compromised. Using I2P is o…INFOSEC.PUB
18 DecRisky Business #775 -- Cl0p is back, SEC hack disclosures disappointOn this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: The SEC’s cyber incident reporting isn’t very exciting after all China Telecom on the way to being thrown out of the US The NSA/Cybercom might get two separate hats The Cl0p ranso…RISKY.BIZ
🕵️ THREAT INTELLIGENCE 6[−]
18 DecNew Advances in the Understanding of Prime NumbersReally interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters.SCHNEIER.COM
18 DecISC Stormcast For Wednesday, December 18th, 2024 https://isc.sans.edu/podcastdetail/9260, (Wed, Dec 18th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
18 DecFoundry study highlights the benefits of a unified security platform in new e-bookMicrosoft commissioned Foundry to conduct a study to understand the current state of threat protection. Read the new e-book for research-driven insights into a unified security platform. The post Foundry study highlights the benefits of a unified security platform in new e-book a…MICROSOFT.COM
18 DecCybersecurity Trends on the Horizon Across APAC for 2025 and BeyondAs we look ahead to 2025, businesses across APAC are expected to accelerate their adoption of AI in cybersecurity to combat evolving AI-powered threats. The post Cybersecurity Trends on the Horizon Across APAC for 2025 and Beyond appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
18 DecEffective Phishing Campaign Targeting European Companies and Institutionssubmitted by Joker to cybersecurity 5 points | 0 comments https://unit42.paloaltonetworks.com/european-phishing-campaign/INFOSEC.PUB
18 DecC.A.S hacktivists attack Russian organizations using rare RATssubmitted by Joker to cybersecurity 8 points | 1 comments https://securelist.com/cyber-anarchy-squad-attacks-with-uncommon-trojans/114990/INFOSEC.PUB
📡 INFOSEC NEWS 7[−]
18 DecSophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Winter 2025 ReportsSophos was also ranked the #1 solution in 36 individual reports spanning the Antivirus, EDR, Endpoint Protection Suites, XDR, Firewall, and MDR markets.SOPHOS.COM
18 DecINTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam DiscourseINTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic …THEHACKERNEWS.COM
18 Dec[Guest Diary] A Deep Dive into TeamTNT and Spinning YARN, (Wed, Dec 18th)[This is a Guest Diary by James Levija, an ISC intern as part of the SANS.edu Bachelor&&#x23&#x3b;39&#x3b;s Degree in Applied Cybersecurity (BACS) program [1].] ISC.SANS.EDU
18 DecTracker firm Hapn spilled names of thousands of GPS tracking customersA security researcher found customer names and workplace affiliations spilling directly from Hapn's servers. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
18 DecIt’s time to stop calling it “pig butchering”Online romance and investment scams are painful enough without its victims being described as "pigs." Read more in my article on the Hot for Security blog.BITDEFENDER.COM
18 DecMeasures for safe development and use of AI | Kaspersky official blogTechnical and organizational precautions when deploying existing AI systems and developing new onesKASPERSKY.COM
18 DecCybersecurity is never out-of-office: Protecting your business anytime, anywhereWhile you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of yearWELIVESECURITY.COM