20Articles
7Categories
2024-12-27Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
27 DecPrioritizing patching: A deep dive into frameworks and tools – Part 1: CVSSIn the first of a two-part series exploring tools and frameworks which can help organizations with remediation prioritization, Sophos X-Ops takes a look at the Common Vulnerability Scoring System (CVSS)SOPHOS.COM
27 DecHackers exploit DoS flaw to disable Palo Alto Networks firewallsPalo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot. [...]BLEEPINGCOMPUTER.COM
27 DecCloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in RussiaThe threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting "several dozen users" in 2024. "Victims get infected via phishing emails containing a malicious document that exploits a …THEHACKERNEWS.COM
27 DecPalo Alto Releases Patch for PAN-OS DoS Flaw — Update ImmediatelyPalo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Acc…THEHACKERNEWS.COM
27 DecApache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe SerializationThe Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046, the vulnerability carries a CVSS s…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 4[−]
27 DecFICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global AttacksCybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN. "These botnets are frequently spread through doc…THEHACKERNEWS.COM
27 DecData protection challenges abound as volumes surge and threats evolveIn the global digital economy, data is the most important asset organizations must protect from theft and damage. CISOs are fundamentally guardians of that asset, obligated to keep it secure and available to relevant users when and where they need it. “Every company has become a …CSOONLINE.COM
27 DecSecurity-Awareness-Trainings – ein RatgeberWenn Ihre erste Verteidigungslinie fällt, haben Cyberschurken leichtes Spiel. Leremy | shutterstock.com Security-Awareness-Schulungen sind für Unternehmen und Organisationen obligatorisch und sollten Teil jeder übergreifenden Cybersecurity-Strategie sein. Zumindest, wenn sämtlich…CSOONLINE.COM
27 DecThis month in security with Tony Anscombe – December 2024 editionFrom attacks leveraging new new zero-day exploits to a major law enforcement crackdown, December 2024 was packed with impactful cybersecurity newsWELIVESECURITY.COM
📢 SECURITY ADVISORIES 1[−]
27 DecCISA’s cyber incident reporting portal: Progress and future plansOn August 29, 2024, CISA announced the launch of a new cyber-incident Reporting Portal, part of the new CISA Services Portal. “The Incident Reporting Portal enables entities and individuals reporting cyber incidents to create unique accounts, save reports and return to subm…SECURITYINTELLIGENCE.COM
🔥 INCIDENT REPORTING 3[−]
27 DecWhite House links ninth telecom breach to Chinese hackersA White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries. [...]BLEEPINGCOMPUTER.COM
27 DecRecord-breaking ransoms and breaches: A timeline of ransomware in 2024From LoanDepot to Evolve Bank and Blue Yonder, these ransomware attacks affect tens of millions of people. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
27 DecVW Suffers Major Breach Exposing Location of 800,000 Electric Vehiclessubmitted by minyaen to cybersecurity 224 points | 26 comments https://cyberinsider.com/vw-suffers-major-breach-exposing-location-of-800000-electric-vehicles/ If emphasis wasn’t already concentrated on the security of these connected vehicles, major oversight obviously…SH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 4[−]
27 DecCasino Players Using Hidden Cameras for CheatingThe basic strategy is to place a device with a hidden camera in a position to capture normally hidden card values, which are interpreted by an accomplice off-site and fed back to the player via a hidden microphone. Miniaturization is making these devices harder to detect. Presuma…SCHNEIER.COM
27 DecFriday Squid Blogging: Squid on PizzaPizza Hut in Taiwan has a history of weird pizzas, including a “2022 scalloped pizza with Oreos around the edge, and deep-fried chicken and calamari studded throughout the middle.” Blog moderation policy.SCHNEIER.COM
27 DecNorth Korean Hackers Deploy OtterCookie Malware in Contagious Interview CampaignNorth Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with …THEHACKERNEWS.COM
27 DecTexas awards $170M contract to SAIC for IT, cybersecurity services | StateScoopsubmitted by Amoxtli to cybersecurity -1 points | 1 comments https://statescoop.com/texas-awards-170m-contract-to-saic-for-it-cybersecurity-services/SH.ITJUST.WORKS
🌐 CYBER THREAT LANDSCAPE 1[−]
27 DecCybersecurity trends in 2025 | Kaspersky official blogHow to guard against new threats in 2025: seven resolutions to boost cybersecurityKASPERSKY.COM
📡 INFOSEC NEWS 2[−]
27 DecPhishing for Banking Information, (Fri, Dec 27th)It is again the time of the year when scammers are asking to verify banking information, whether it is credit cards, bank card, package shipping information, winning money, etc. Last night I received a text message to verify a credit card, it is case a Bank of Montreal (BMO) cred…ISC.SANS.EDU
27 DecCyber firm’s Chrome extension hijacked to steal user passwordsThe data-loss startup says it was targeted as part of a "wider campaign to target Chrome extension developers." © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM