13Articles
7Categories
2025-01-01Date
⚠️ VULNERABILITY DISCLOSURE 4[−]
1 Jan6 Mittel gegen Security-Tool-WildwuchsViel hilft nicht immer viel. Foto: Roman Samborskyi | shutterstock.com Auf der Suche nach Möglichkeiten, sich vor ständig wachsenden Cyberbedrohungen zu schützen, erliegen nicht wenige Unternehmen einem regelrechten Security-Tool- und -Service-Kaufrausch. Kommen noch Abteilungssi…CSOONLINE.COM
1 JanNew "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major WebsitesThreat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security research…THEHACKERNEWS.COM
1 JanDrayTek Devices Vulnerability Let Attackers Arbitrary Commands RemotelyThe DrayTek Gateway devices, more specifically the Vigor2960 and Vigor300B models, are susceptible to a critical command injection vulnerability.  Exploitable via the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint, attackers can inject arbitrary commands into the system by …GBHACKERS.COM
1 Jan10 Years of Free Support?! The Linux Distro You’ve Never Heard Of!This Linux distro offers something truly unique—10 years of free support, including 5 years of full updates and 5 years of critical security patches! But there’s a catch… most of the documentation is in Korean. Could this be the next big thing in open-source? Dive into the nostal…YOUTUBE.COM
📢 SECURITY ADVISORIES 3[−]
🔥 INCIDENT REPORTING 1[−]
1 JanThe Dark Side of Data Exfiltration—A CISO’s Worst Nightmare!Data exfiltration isn’t just about stolen files—it’s about stolen trust. In healthcare, unauthorized access can jeopardize patient safety, compromise medications, and shatter data integrity. CISOs and cybersecurity practitioners, this is your wake-up call. Discover why this silen…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 1[−]
1 JanNew Stealthy Malware Leveraging SSH Over TOR Attacking Ukrainian MilitaryResearchers recently discovered a malicious campaign targeting Ukrainian military personnel through fake “Army+” application websites, which host a malicious installer that, upon execution, extracts the legitimate application alongside the Tor browser.  The insta…GBHACKERS.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
1 JanIranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber TacticsThe U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. The federal agency said the entities – a subordinate organizat…THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
1 JanThe AI Fix #31: Replay: AI doesn’t existMark and I took a break for the new year, but we'll be back for a new episode of "The AI Fix" podcast at the usual time next week. In the meantime, here is another chance to hear one of our favourite episodes again. The very first episode from April 2024... Graham attempts to con…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 2[−]
1 JanMicrosoft’s $20B Security Dilemma! 💰Is Microsoft’s massive $20 billion investment in security paying off, or are they still struggling with critical vulnerabilities? Despite having the largest security business by revenue, they face severe challenges, including cross-tenant vulnerabilities and trust issues with CIS…YOUTUBE.COM