28Articles
7Categories
2024-12-31Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
31 Dec KEVCISA Warns of Palo Alto Networks PAN-OS Vulnerability Exploited in WildThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert on a critical vulnerability in Palo Alto Networks PAN-OS. Tracked as CVE-2024-3393, this flaw has been observed in active exploitation, putting systems at risk of remote disruption. …GBHACKERS.COM
31 DecTrueNAS CORE Vulnerability Let Attackers Execute Remote CodeSecurity researchers Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7 disclosed a critical vulnerability in TrueNAS CORE, a widely-used open-source storage operating system developed by iXsystems. The vulnerability, CVE-2024-11944, allows network-adjacent at…GBHACKERS.COM
31 Dec KEVTop 12 ways hackers broke into your systems in 2024In 2024, hackers had a field day finding sneaky ways into systems — from convincing phishing scams that played on human curiosity to brutal software flaws that exposed gaps in tech upkeep. It was a year of clever breaches, showing just how wide the gap is between user habits and …CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 5[−]
31 DecChinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and DocumentsThe United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents.  "On December 8, 2024, Treasury was notified by a third-party software service p…THEHACKERNEWS.COM
31 DecMisconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to ExploitationCybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and m…THEHACKERNEWS.COM
31 DecUS Treasury Department workstations breached in attack attributed to ChinaThe US Department of the Treasury revealed on Monday that an attacker was able to bypass security, access an undisclosed number of Treasury workstations, and steal “certain unclassified documents,” in what it called a “major cybersecurity incident”. In a letter to the US Senate’s…CSOONLINE.COM
31 DecVielen CISOs droht der Burnoutloading="lazy" width="400px"> Wer seinen CISO verheizt, dem drohen noch mehr Cyberrisiken. Kaspars Grinvalds – shutterstock.com Mit der zunehmend komplexer werdenden Cyber-Bedrohungslage wächst der Stress für die Chief Information Security Officers (CISOs). 57 Prozent der Cyber-S…CSOONLINE.COM
31 Dec🎶 For Secured Times Gone By 🎶submitted by coolboole to cybersecurity 2 points | 0 comments (Tune: Auld Lang Syne) Should old accounts be all forgot, And passwords left to die, We’ll set them strong, revoke the weak, For secured times gone by. (Chorus) For secured times gone by, my friends, For safe and sure …INFOSEC.PUB
📢 SECURITY ADVISORIES 3[−]
31 DecNew U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect PrivacyThe U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela. "Th…THEHACKERNEWS.COM
31 DecUS Treasury Department Breach, Hackers Accessed WorkstationsThe Biden administration confirmed that a Chinese state-sponsored hacking group breached the U.S. Treasury Department, gaining unauthorized access to employee workstations and unclassified documents. This revelation follows a string of sophisticated surveillance operations target…GBHACKERS.COM
31 DecCloud Security in Higher Education: Balancing Trust and Risk - Sheena Thomas - CSP #207In this episode of CISO Stories, Jess Hoffman and Sheena Thomas explore the challenges of cloud security in higher education. They discuss trust issues with cloud providers, the importance of understanding data sensitivity, and navigating regulatory compliance. Sheena highlights …YOUTUBE.COM
🔥 INCIDENT REPORTING 3[−]
31 DecMassive healthcare breaches prompt US cybersecurity rules overhaulThe U.S. Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to secure patients' health data following a surge in massive healthcare data leaks. [...]BLEEPINGCOMPUTER.COM
31 DecRhode Islanders’ Data Was Leaked From a Cyberattack on State Health Benefits WebsiteCybercriminals who hacked Rhode Island’s system for health and benefits programs have released files to a site on the dark web, The post Rhode Islanders’ Data Was Leaked From a Cyberattack on State Health Benefits Website appeared first on SecurityWeek .SECURITYWEEK.COM
31 DecChinese Hackers Accessed US Treasury Workstations in ‘Major’ Cybersecurity IncidentChinese hackers remotely accessed US Treasury Department workstations after compromising a cloud-based service operated by BeyondTrust. The post Chinese Hackers Accessed US Treasury Workstations in ‘Major’ Cybersecurity Incident appeared first on SecurityWeek .SECURITYWEEK.COM
🕵️ THREAT INTELLIGENCE 5[−]
31 DecGift Card FraudIt’s becoming an organized crime tactic : Card draining is when criminals remove gift cards from a store display, open them in a separate location, and either record the card numbers and PINs or replace them with a new barcode. The crooks then repair the packaging, return t…SCHNEIER.COM
31 DecCyberhaven Chrome Extension Hack Linked to Widening Supply Chain CampaignThe recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago. The post Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign appeared first on SecurityWeek .SECURITYWEEK.COM
31 DecFTC Warns Immigrants About Rising Social Media Immigration ScamsThe Federal Trade Commission (FTC) has issued an urgent warning about a surge in immigration scams targeting immigrants and their families on social media platforms like Facebook.KNOWBE4.COM
31 DecThe 5 most impactful cybersecurity guidelines (and 3 that fell flat)The best cybersecurity guidelines have made a huge difference in protecting data from theft and compromise, both in the United States and around the world. These guidelines are comprehensive sets of recommended practices, procedures and principles designed to help organizations a…SECURITYINTELLIGENCE.COM
31 DecThe Future in the Age of AI - SWN VaultOur old friend Russ Beauchemin and Doug talk about the future of AI and what it may mean when AI is smarter than us all. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/vault-swn-25YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
31 DecOver 3.1 million fake "stars" on GitHub projects used to boost rankingsGitHub has a problem with inauthentic "stars" used to artificially inflate the popularity of scam and malware distribution repositories, helping them reach more unsuspecting users. [...]BLEEPINGCOMPUTER.COM
31 DecMITRE’s New AI Security Tool - Worth the Hype?Cyber threats are evolving fast, but can AI really keep up? Discover how MITRE’s new AI-powered security tool is reshaping the future of application security. Is it just hype or the real deal for protecting your codebase? Stay ahead in the cybersecurity game by exploring this cut…YOUTUBE.COM
📡 INFOSEC NEWS 7[−]
31 DecNew details reveal how hackers hijacked 35 Google Chrome extensionsNew details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven. [...]BLEEPINGCOMPUTER.COM
31 DecU.S. Army Soldier Arrested in AT&T, Verizon ExtortionsFederal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSec…KREBSONSECURITY.COM
31 DecNo Holiday Season for Attackers, (Tue, Dec 31st)While most of us are preparing the switch to a new year (If it's already the case for you: Happy New Year!), Attackers never stop and implement always new tricks to defeat our security controls. For a long time now, we have been flooded by sextortion emails. This is a ki…ISC.SANS.EDU
31 DecUS telco Lumen says its network is now clear of China’s Salt Typhoon hackersLumen says there is 'no evidence' that customer data was accessed during the intrusion © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
31 DecNew Year’s cybersecurity resolutions that every startup should keepThese simple cybersecurity resolutions can help keep your startup protected from most malicious hackers. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
31 DecTech Overhead: The Hidden Maintenance You Pay For!Ever wondered why your tech products feel like they need constant attention? From setup to maintenance, every gadget has a hidden 'overhead' cost. Learn what it takes to keep them running smoothly and why some devices demand more effort than others. Define 'value' in a whole new …YOUTUBE.COM
31 DecFBI Says STOP Texting? 😱 Here’s Why!The FBI has issued a jaw-dropping warning: stop texting as we know it! But why? 🤔 Turns out, encrypted messaging might be the key to safer communication. From RCS protocols to the future of secure texting, this report has everyone talking. Are our texting habits about to change f…YOUTUBE.COM