🚨 CISA KEV 1[−]
30 Dec KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-3393 Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability These types of vulnerabilities are frequent attack vectors for maliciou…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
30 DecHackers exploit Four-Faith router flaw to open reverse shellsThreat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers. [...]BLEEPINGCOMPUTER.COM
30 DecPalo Alto Networks Patches Firewall Zero-Day Exploited for DoS AttacksPalo Alto Networks has patched CVE-2024-3393, a vulnerability that has been exploited for DoS attacks against the company’s firewalls. The post Palo Alto Networks Patches Firewall Zero-Day Exploited for DoS Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
30 DecPoC Exploited Released for Oracle Weblogic Server VulnerabilitySecurity researchers have warned that a Proof-of-Concept (PoC) exploit has been publicly released for a critical vulnerability affecting Oracle WebLogic Server. The flaw tracked as CVE-2024-21182, poses a significant risk to organizations using the server, as it allows an unauthe…GBHACKERS.COM
30 DecSevere Vulnerability in Palo Alto Networks PAN-OS Exposes Firewalls to Denial of Service (CVE-2024-3393)submitted by kid to cybersecurity 11 points | 0 comments https://socradar.io/vulnerability-in-palo-alto-pan-os-cve-2024-3393/SH.ITJUST.WORKS
⚠️ VULNERABILITY DISCLOSURE 12[−]
30 DecFour-Faith Industrial Router Vulnerability Exploited in AttacksThreat actors are exploiting a command injection vulnerability in Four-Faith industrial routers to deploy a reverse shell. The post Four-Faith Industrial Router Vulnerability Exploited in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
30 DecUS Issues Final Rule for Protecting Personal Data Against Foreign AdversariesThe DoJ has issued a final rule addressing adversaries’ access to and exploitation of Americans’ bulk sensitive personal information. The post US Issues Final Rule for Protecting Personal Data Against Foreign Adversaries appeared first on SecurityWeek .SECURITYWEEK.COM
30 DecCisco Confirms Authenticity of Data After Second LeakCisco has confirmed that 4 Gb of data leaked by a hacker is authentic and related to a recently disclosed security incident. The post Cisco Confirms Authenticity of Data After Second Leak appeared first on SecurityWeek .SECURITYWEEK.COM
30 DecNew Botnet Exploiting D-Link Routers To Gain Control RemotelyResearchers observed a recent surge in activity from the “FICORA” and “CAPSAICIN,” both variants of Mirai and Kaiten, respectively, which exploit known vulnerabilities in D-Link routers, including those with outdated firmware like DIR-645, DIR-806, GO-RT-A…GBHACKERS.COM
30 DecSquareX Researchers Uncover OAuth Vulnerability in Chrome Extensions Days Before Major BreachSquareX, an industry-first Browser Detection and Response (BDR) solution, leads the way in browser security. About a week ago, SquareX reported large-scale attacks targeting Chrome Extension developers aimed at taking over the Chrome Extension from the Chrome Store. On Decem…GBHACKERS.COM
30 DecNew 7-Zip 0-Day Exploit Allegedly Leaked Online Via ‘X’A previously unknown zero-day vulnerability in the popular file compression tool 7-Zip has been publicly disclosed by an anonymous user claiming to be an NSA employee. The disclosure, made on X (formerly Twitter), reveals a severe security flaw that could have far-reaching implic…GBHACKERS.COM
30 DecBlown the cybersecurity budget? Here are 7 ways cyber pros can save moneyIt’s hard to find a CISO or cybersecurity leader who has the money they need to pay for all the work they want to do. A majority of CISOs (57%) said they expect to see an increase in their cybersecurity budgets over the next one to two years, according to Deloitte’s Global Future…CSOONLINE.COM
30 DecThird Party Risk Management: So vermeiden Sie Compliance-UnheilThird Party Risk Management hilft Unternehmen, das Risiko von Compliance-Verstößen zu vermeiden. Foto: Diyajyoti – shutterstock.com In Zeiten der Digitalisierung ist es für Unternehmen unerlässlich, auf die Unterstützung von Drittanbietern zurückzugreifen. Sei es im Bereich der I…CSOONLINE.COM
30 DecBrauchen Sie einen vCISO?In komplexen Bedrohungslandschaften sicher bleiben, ohne das (Personal-)Budget zu sprengen? Das vCISO-Konzept stellt das in Aussicht. TippaPatt | shutterstock.com In der heutigen Digitallandschaft, die sich in einem steten Wandel befindet, sind versierte Cybersecurity-Führungskrä…CSOONLINE.COM
30 Dec7-Zip Zero-Day Exploit Allegedly Leaked Onlinesubmitted by kid to cybersecurity 50 points | 2 comments https://cybersecuritynews.com/7-zip-zero-day-exploit/SH.ITJUST.WORKS
30 DecFICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attackssubmitted by kid to cybersecurity 10 points | 0 comments https://thehackernews.com/2024/12/ficora-and-kaiten-botnets-exploit-old-d.htmlSH.ITJUST.WORKS
30 Dec16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theftsubmitted by kid to cybersecurity 100 points | 11 comments https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html AI Assistant - ChatGPT and Gemini for Chrome Bard AI Chat Extension GPT 4 Summary with OpenAI Search Copilot AI Assistant for Chrome TinaMInd AI …SH.ITJUST.WORKS
📋 SECURITY BULLETINS 1[−]
30 DecMicrosoft Warns of Windows 11 24H2 Issue that Blocks Windows Security UpdatesMicrosoft has issued a warning about a significant issue impacting devices running Windows 11, version 24H2, that could block essential Windows Security updates. The problem arises when users install this version of the operating system using media—such as CDs or USB drives—conta…GBHACKERS.COM
📢 SECURITY ADVISORIES 2[−]
30 DecNew HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance AuditsThe United States Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients' data against potential cyber attacks. The proposal, which seeks to modify the…THEHACKERNEWS.COM
30 DecCyber attack on Italy's Foreign Ministry, airports claimed by pro-Russian hacker groupsubmitted by kid to cybersecurity 17 points | 0 comments https://www.reuters.com/technology/cybersecurity/cyber-attack-italys-foreign-ministry-airports-claimed-by-pro-russian-hacker-2024-12-28/SH.ITJUST.WORKS
🔥 INCIDENT REPORTING 13[−]
30 DecSalt Typhoon’s Reach Continues to GrowThe US government has identified a ninth telecom that was successfully hacked by Salt Typhoon.SCHNEIER.COM
30 DecUS Treasury Department breached through remote support platformChinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency. [...]BLEEPINGCOMPUTER.COM
30 DecAT&T and Verizon say networks secure after Salt Typhoon breachAT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks. [...]BLEEPINGCOMPUTER.COM
30 DecSeveral Chrome Extensions Compromised in Supply Chain AttackCyberhaven and other Chrome extensions were compromised in a supply chain attack targeting Facebook advertising users. The post Several Chrome Extensions Compromised in Supply Chain Attack appeared first on SecurityWeek .SECURITYWEEK.COM
30 DecWeekly Update 432Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite There's a certain irony to the Bluesky situation where people are pushing back when I include links to X. Now, where have we seen …TROYHUNT.COM
30 Dec⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and TipsEvery week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. Whether it's a hidden flaw in popular software or a clever new attack method, staying informed is key to protect…THEHACKERNEWS.COM
30 DecWhen Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser ExtensionsNews has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be com…THEHACKERNEWS.COM
30 DecHackers Weaponize Websites With LNK File To Deliver Weaponized LZH FileThe watering hole attack leverages a compromised website to deliver malware. When a user visits the infected site, their system downloads an LZH archive containing an LNK file, where executing this LNK file triggers a malware infection. An infected website utilizes JavaScript to …GBHACKERS.COM
30 DecUS Treasury says China accessed government documents in ‘major’ cyberattackTreasury officials attributed the December theft of unclassified documents to China. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
30 DecAT&T and Verizon say networks are secure after being breached by China-linked Salt Typhoon hackersU.S. telecom giants AT&T and Verizon say they have secured their networks after being targeted by the China-linked Salt Typhoon cyberespionage group. In a statement given to TechCrunch on Monday, AT&T spokesperson Alexander Byers said the company detects “no ac…TECHCRUNCH.COM
30 DecNews alert: SquareX exposes OAuth attack on Chrome extensions — days before a major breachPalo Alto, Calif., Dec. 30, 2024, CyberNewswire — SquareX , an industry-first Browser Detection and Response (BDR) solution, leads the way in browser security. About a week ago, SquareX reported large-scale attacks targeting Chrome Extension developers aimed at taking over …LASTWATCHDOG.COM
30 DecHackers hijack a wide range of companies' Chrome extensions, experts saysubmitted by kid to cybersecurity 14 points | 0 comments https://www.reuters.com/technology/cybersecurity/data-loss-prevention-company-cyberhaven-hit-by-breach-statement-says-2024-12-27/SH.ITJUST.WORKS
30 DecJapan Airlines systems back to normal after cyberattack delayed flightssubmitted by kid to cybersecurity 20 points | 0 comments https://www.reuters.com/technology/cybersecurity/japan-airlines-systems-hit-by-cyberattack-ntv-says-2024-12-26/SH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 7[−]
30 DecNFS Protocol Security Bypassed To Access Files From Remote ServerThe NFS protocol offers authentication methods like AUTH_SYS, which relies on untrusted user IDs, and Kerberos, providing cryptographic verification. While Kerberos offers strong security, its Linux configuration can be complex, where emerging standards like RPC over TLS ai…GBHACKERS.COM
30 DecCISO vs. CEO: Making a case for cybersecurity investmentsAsk CISOs why they think there is a cyber skills shortage in their organization, what keeps them up at night or what the most important issue facing the industry is — at some point, even if not the first response, they will bring up budgets. For example, at RSA Conference 2…SECURITYINTELLIGENCE.COM
30 DecSay Easy, Do Hard, Minimum Viable Security - Part 2 - Jon Fredrickson - BSW VaultCheck out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on January 3, 2023. With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to m…YOUTUBE.COM
30 DecLearn This Early to Succeed in Cybersecurity 💡"Learn to learn" is the golden rule for thriving in the ever-changing world of cybersecurity. In this short, we explore the advice every young cyber pro needs: embrace a passion for continuous learning! Whether it’s new tech, evolving threats, or dynamic collaboration styles, sta…YOUTUBE.COM
30 DecGDPR Hindi/Urdu Video Lecturessubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/18615de8-35d1-46f6-a147-bdc8dc1a4f6c.png GDPR Urdu Video Lectures part 1 GDPR Urdu Video Lectures part 2INFOSEC.PUB
30 DecSAINTCON 2024 - Keynote - Jack Rhysidersubmitted by ashar to security_cpe 3 points | 0 comments https://youtu.be/vyFzXajI05g Take an incredible journey through the planning and execution of a heist, and what that means to your brain and it’s chemicals. Darknet Diaries host Jack Rhysider blends the why with the what an…INFOSEC.PUB
30 DecNorth Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaignsubmitted by kid to cybersecurity 20 points | 0 comments https://thehackernews.com/2024/12/north-korean-hackers-deploy-ottercookie.htmlSH.ITJUST.WORKS
📡 INFOSEC NEWS 7[−]
30 DecPrioritizing patching: A deep dive into frameworks and tools – Part 2: Alternative frameworksIn the second of a two-part series on tools and frameworks designed to help with remediation prioritization, we explore some alternatives to CVSSSOPHOS.COM
30 DecMicrosoft issues urgent dev warning to update .NET installer linkMicrosoft is forcing .NET developers to quickly update their apps and developer pipelines so they do not use 'azureedge.net' domains to install .NET components, as the domain will soon be unavailable due to the bankruptcy and imminent shutdown of CDN provider Edgio. [...]BLEEPINGCOMPUTER.COM
30 DecChanges in SSL and TLS support in 2024, (Mon, Dec 30th)With the end of the year quickly approaching, it is undoubtedly a good time to take a look at what has changed during the past 12 months. One security-related area, which deserves special attention in this context, is related to the use of different versions of SSL and TLS on var…ISC.SANS.EDU
30 DecVolkswagen leak exposed precise location data on thousands of vehicles across Europe for monthsThe data was found exposed on an Amazon cloud server, and contained precise location data on thousands of vehicles. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
30 DecThe Fastest Way to Flash M5 Firmware! 🚀Tired of wasting time trying to flash M5 firmware? 🚀 Discover the fastest way to get it done without the headaches! Forget the weird directories and confusing file names from M5Burner. Learn how to use your SD card like a pro and download firmware directly from an optimized site.…YOUTUBE.COM
30 DecThe $170 Billion Closet: Cybersecurity's Dirty Secret!Did you know that 70% of enterprise cybersecurity tools go unused? That's $170 billion worth of software sitting in the dreaded "closet" – tools purchased, shelved, and forgotten after the internal champion leaves. 😱 From over-hyped solutions to wasted budgets, this is the shocki…YOUTUBE.COM
30 DecIndustry Moves for the week of December 30, 2024 - SecurityWeekExplore industry moves and significant changes in the industry for the week of December 30, 2024. Stay updated with the latest industry trends and shifts.SECURITYWEEK.COM