29Articles
7Categories
2024-12-24Date
🚨 CISA KEV 1[−]
24 Dec KEVCISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerabil…THEHACKERNEWS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
24 DecApache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE AttacksThe Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as a…THEHACKERNEWS.COM
24 DecNode.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE AttacksA critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions of systems to potential remote code execution (RCE) and privilege escalation attacks. The vulnerability, assigned CVE-2024-56334, highlights the …GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 7[−]
24 DecNew botnet exploits vulnerabilities in NVRs, TP-Link routersA new Mirai-based malware campaign is actively exploiting unpatched vulnerabilities in Internet of Things (IoT) devices, including DigiEver DS-2105 Pro DVRs. [...]BLEEPINGCOMPUTER.COM
24 DecAdobe Patches ColdFusion Flaw at High Risk of ExploitationAdobe has released patches for a high-severity ColdFusion vulnerability for which proof-of-concept (PoC) code exists. The post Adobe Patches ColdFusion Flaw at High Risk of Exploitation appeared first on SecurityWeek .SECURITYWEEK.COM
24 DecClop ransomware gang takes credit for latest mass hack that breached dozens of companiesThe prolific ransomware gang says it hacked at least 66 companies by exploiting a bug in tools made by Cleo Software. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
24 DecThe AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!)In episode 30 of The AI Fix, AIs are caught lying to avoid being turned off, Apple’s AI flubs a headline, ChatGPT is available to people who haven't left the 1970s, our hosts regret to inform you that an AI artist now has a personality, and ant-like robots join forces to lob each…GRAHAMCLULEY.COM
24 Dec7 biggest cybersecurity stories of 2024Cybersecurity headlines were plenty this year, with several breaches, attacks, and mishaps drawing worldwide attention. But a few incidents in particular had far-reaching consequences, with the potential to reshape industry protections, shake up how vendors secure customers’ syst…CSOONLINE.COM
24 DecUnbelievable Java Exploit Exposed! 🚨Hackers just uncovered a mind-blowing exploit in the Java Spring Framework that’s causing a stir! 🚨 Dive into the creativity and patience it takes to find vulnerabilities like this and learn how "dot dot semi-colon" became the ultimate hacker move. Shoutout to Watch Tower Labs fo…YOUTUBE.COM
24 DecHerding Dev Cats: Can You Really Control Source Code Chaos?Dealing with messy source code management? Let’s talk about how to “herd the dev cats” 🐱 and streamline your workflows for better security and efficiency. From random OneDrive folders to rogue server setups, managing developer habits can feel impossible—but it doesn’t have to be.…YOUTUBE.COM
📢 SECURITY ADVISORIES 1[−]
24 DecCompliance & Privacy - SWN VaultJosh Marpet and Doug talk about Compliance and Privacy for about 30 minutes but it could have been a lot more. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/vault-swn-23YOUTUBE.COM
🔥 INCIDENT REPORTING 6[−]
24 DecEuropean Space Agency's official store hacked to steal payment cardsEuropean Space Agency's official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout. [...]BLEEPINGCOMPUTER.COM
24 DecClop ransomware is now extorting 66 Cleo data-theft victimsThe Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands. [...]BLEEPINGCOMPUTER.COM
24 DecAmerican Addiction Centers Data Breach Impacts 422,000 PeopleAmerican Addiction Centers says the personal information of more than 422,000 people was stolen in a data breach. The post American Addiction Centers Data Breach Impacts 422,000 People appeared first on SecurityWeek .SECURITYWEEK.COM
24 DecResearchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social AccountsCybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. Th…THEHACKERNEWS.COM
24 DecHacker knacken das Smart Homeloading="lazy" width="400px"> Im Smart Home werkeln immer mehr Devices mit Internet-Anschluss – für Hacker ein lohnendes Ziel. Andrey Suslov – shutterstock.com IoT-Geräte wie digitale Bilderrahmen oder Mediaplayer sind immer häufiger das Ziel von Cyberkriminellen. Viele dieser mi…CSOONLINE.COM
24 DecConversation with a “Nam3L3ss” Watchdog: Prefacesubmitted by BrikoX to cybersecurity 6 points | 0 comments https://databreaches.net/2024/12/23/conversation-with-a-nam3l3ss-watchdog-preface/ This is a multi-part interview with the individual known as “Nam3L3ss,” who leaked more than 100 databases on a popular hacking forum and …SH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 10[−]
24 DecSpyware Maker NSO Group Found Liable for Hacking WhatsAppA judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper on the case.SCHNEIER.COM
24 DecFBI links North Korean hackers to $308 million crypto heistThe North Korean hacker group 'TraderTraitor' stole $308 million worth of cryptocurrency in the attack on the Japanese exchange DMM Bitcoin in May. [...]BLEEPINGCOMPUTER.COM
24 DecFBI Blames North Korea for $308M Cryptocurrency Hack as Losses Surge in 2024The FBI said the target was tricked into downloading a malicious Python script under the guise of a pre-employment test hosted on GitHub. The post FBI Blames North Korea for $308M Cryptocurrency Hack as Losses Surge in 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
24 Dec2025 NDAA Provides $3 Billion Funding for FCC’s Rip-and-Replace ProgramThe 2025 National Defense Authorization Act (NDAA) has been signed into law and it authorizes several cyber-related initiatives. The post 2025 NDAA Provides $3 Billion Funding for FCC’s Rip-and-Replace Program appeared first on SecurityWeek .SECURITYWEEK.COM
24 DecNorth Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM BitcoinJapanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. "The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet…THEHACKERNEWS.COM
24 DecMore SSH Fun!, (Tue, Dec 24th)A few days ago, I wrote a diary[ 1 ] about a link file that abused the ssh.exe tool present in modern versions of Microsoft Windows. At the end, I mentioned that I will hunt for more SSH-related files/scripts. Guess what? I already found another one. ISC.SANS.EDU
24 DecGovernment cybersecurity in 2025: Former Principal Deputy National Cyber Director weighs inAs 2024 comes to an end, it’s time to look ahead to the state of public cybersecurity in 2025. The good news is this: Cybersecurity will be an ongoing concern for the government regardless of the party in power, as many current cybersecurity initiatives are bipartisan. But …SECURITYINTELLIGENCE.COM
24 DecHarnessing AI to Strengthen OT Security Against Modern Cyber ThreatsTo manage AI's dual role in OT environments, organizations need rigorous risk assessment and clear governance protocols for deploying AI. The post Harnessing AI to Strengthen OT Security Against Modern Cyber Threats appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
24 DecCybersecurity in the Cloud: Lessons for Businesses and Beyond - Melina Scotto - CSP #206Jessica Hoffman and Melina Scotto discuss the evolution of cybersecurity, focusing on cloud security, business responsibilities, and the importance of basic cyber hygiene. They highlight the role of communication, consulting, and integrating security into business operations, con…YOUTUBE.COM
📡 INFOSEC NEWS 2[−]
24 DecThese are the cybersecurity stories we were jealous of in 2024The very best work from our friends at competing publications. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
24 DecThe Secret to Making Your Tech Stack Work Smarter 🧠Is your tech stack overflowing with tools you don’t need? 🤔 By consolidating your tools, you can cut unnecessary costs, improve efficiency, and even enhance your data insights. 🚀 Discover how smart organizations are reducing silos, streamlining workflows, and preparing for the fu…YOUTUBE.COM