40Articles
7Categories
2025-01-03Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
3 JanExploit Code Published for Potentially Dangerous Windows LDAP VulnerabilityProof-of-concept (PoC) code was published for CVE-2024-49113, a denial-of-service (DoS) vulnerability in Windows LDAP. The post Exploit Code Published for Potentially Dangerous Windows LDAP Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
3 JanLDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain ControllersA proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score…THEHACKERNEWS.COM
3 JanASUS Critical Vulnerabilities Let Attackers Execute Arbitrary CommandsIn a recent security advisory, ASUS has alerted users to critical vulnerabilities affecting several of its router models.  These flaws, tracked as CVE-2024-12912 and CVE-2024-13062, pose severe risks by allowing attackers to execute arbitrary commands on compromised devices.…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 6[−]
3 JanBad Tenable plugin updates take down Nessus agents worldwideTenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates. [...]BLEEPINGCOMPUTER.COM
3 JanApple to Pay $95 Million to Settle Lawsuit Accusing Siri of EavesdroppingApple isn’t acknowledging any wrongdoing in the settlement, which must be approved by a Judge and represents a sliver of the $705 billion in profits that Apple has pocketed since September 2014. The post Apple to Pay $95 Million to Settle Lawsuit Accusing Siri of Eavesdropping ap…SECURITYWEEK.COM
3 JaniTerm2 Emulator Vulnerability Let Attackers Access Sensitive User DataA critical vulnerability discovered in the popular macOS terminal emulator iTerm2 has raised concerns among cybersecurity experts and software users. The flaw, which could allow malicious attackers to access sensitive user data, underscores the importance of timely updates and vi…GBHACKERS.COM
3 JanUS government sanctions Chinese cybersecurity company linked to APT groupThe US Department of Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against a Beijing cybersecurity company for its role in attacks attributed to a Chinese cyberespionage group known as Flax Typhoon. The company, called Integrity Technology Group (Integri…CSOONLINE.COM
3 JanSecure by design vs by default – which software development concept is better?As cybersecurity professionals, we need to know that the software products we acquire are safe and able to support or accommodate the procedures and tools we use to keep attackers at bay while performing their given functions. With attacks perennially on the rise and the software…CSOONLINE.COM
3 JanRouter reality check: 86% of default passwords have never been changedMisconfigurations remain a popular compromise point — and routers are leading the way. According to recent survey data, 86% of respondents have never changed their router admin password, and 52% have never adjusted any factory settings. This puts attackers in the perfe…SECURITYINTELLIGENCE.COM
📢 SECURITY ADVISORIES 1[−]
3 JanCloudflare’s VPN app among half-dozen pulled from Indian app storesMore than half a dozen VPN apps, including Cloudflare’s widely used 1.1.1.1, have been pulled from India’s Apple App Store and Google Play Store following intervention from government authorities, TechCrunch has learned. The Indian Ministry of Home Affairs issued remo…TECHCRUNCH.COM
🔥 INCIDENT REPORTING 5[−]
3 JanUS sanctions Chinese company linked to Flax Typhoon hackers​The U.S. Treasury Department has sanctioned Beijing-based cybersecurity company Integrity Tech (also known as Yongxin Zhicheng) for its involvement in cyberattacks attributed to the Chinese state-sponsored Flax Typhoon hacking group. [...]BLEEPINGCOMPUTER.COM
3 JanFrench govt contractor Atos denies Space Bears ransomware attack claimsFrench tech giant Atos, which secures communications for the country's military and secret services, has denied claims made by the Space Bears ransomware gang that they compromised one of its databases. [...]BLEEPINGCOMPUTER.COM
3 JanNew York Hospital Says Ransomware Attack Data Breach Impacts 670,000Richmond University Medical Center has been investigating a ransomware attack since May 2023 and it recently determined that it affects 670,000 people. The post New York Hospital Says Ransomware Attack Data Breach Impacts 670,000 appeared first on SecurityWeek .SECURITYWEEK.COM
3 JanNTT Docomo Hit by DDoS Attack, Services Disrupted for 11 HoursNTT Docomo, one of Japan’s leading telecommunications and IT service providers, experienced a massive disruption on January 2, 2025, after a Distributed Denial of Service (DDoS) attack targeted its network infrastructure. The attack resulted in widespread service irregularities a…GBHACKERS.COM
3 JanGLAMIRA - 999,999 breached accountsIn late 2023, the online jewellery store GLAMIRA suffered a data breach they attributed to "an unauthorised individual [who] briefly accessed one of our servers" . The data was subsequently published on a popular hacking forum and included 875k email addresses, names, p…HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 12[−]
3 JanFriday Squid Blogging: Anniversary PostI made my first squid post nineteen years ago this week. Between then and now, I posted something about squid every week (with maybe only a few exceptions). There is a lot out there about squid, even more if you count the other meanings of the word. Blog moderation policy.SCHNEIER.COM
3 JanShredOSShredOS is a stripped-down operating system designed to destroy data . GitHub page here .SCHNEIER.COM
3 JanIn Other News: Volkswagen Data Leak, DoubleClickjacking, China Denies Hacking US TreasuryNoteworthy stories that might have slipped under the radar: location data of 800,000 electric Volkswagen cars leaked, DoubleClickjacking attack, China denies hacking US Treasury. The post In Other News: Volkswagen Data Leak, DoubleClickjacking, China Denies Hacking US Treasury ap…SECURITYWEEK.COM
3 JanFireScam Android Malware Packs Infostealer, Spyware CapabilitiesThe FireScam Android infostealer monitors app notifications and harvests credentials and financial data and sends it to a Firebase database. The post FireScam Android Malware Packs Infostealer, Spyware Capabilities appeared first on SecurityWeek .SECURITYWEEK.COM
3 JanUS Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American VotersThe United States has imposed sanctions on two groups linked to Iranian and Russian efforts to target American voters with disinformation ahead of this year’s election. The post US Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American Voters appea…SECURITYWEEK.COM
3 JanSwaetRAT Delivery Through Python, (Fri, Jan 3rd)We entered a new year, but attack scenarios have not changed (yet). I found a Python script with an interesting behavior[ 1 ] and a low Virustotal score (7/61). It targets Microsoft Windows hosts because it starts by loading all libraries required to call Microsoft API …ISC.SANS.EDU
3 JanLegionLoader Abusing Chrome Extensions To Deliver Infostealer MalwareLegionLoader, a C/C++ downloader malware, first seen in 2019, delivers payloads like malicious Chrome extensions, which can manipulate emails, track browsing, and even transform infected browsers into proxies for attackers, enabling them to browse the web with the victim’s …GBHACKERS.COM
3 JanApple Agrees to $95M Settlement Over Siri Privacy LawsuitApple Inc. has agreed to pay $95 million to settle a proposed class-action lawsuit alleging that its Siri voice assistant infringed on users’ privacy by recording private conversations without their consent. The preliminary settlement, filed in federal court in Oakland, Californi…GBHACKERS.COM
3 JanEndpoint Security - Rob Allen - SWN VaultRob Allen and Doug talk about Endpoint security and how important it is to secure your endpoints going into the new year. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/vault-swn-26YOUTUBE.COM
3 JanOff-Topic Fridaysubmitted by shellsharks to cybersecurity 4 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
3 Jan38C3: Illegal Instructionssubmitted by ashar to security_cpe 5 points | 0 comments https://media.ccc.de/b/congress/2024 38C3: Illegal Instructions (English and German language talks) The 38th Chaos Communication Congress (38C3) takes place in Hamburg, 27.-30.12.2024, and is the 2024 edition of the annual …INFOSEC.PUB
3 JanTime to check if you ran any of these 33 malicious Chrome extensionssubmitted by BrikoX to cybersecurity 29 points | 6 comments https://arstechnica.com/security/2025/01/dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices/ Two separate campaigns have been stealing credentials and browsing history for months.SH.ITJUST.WORKS
🌐 CYBER THREAT LANDSCAPE 2[−]
3 JanUS sanctions Chinese cyber firm linked to Flax Typhoon hacksU.S. officials say the sanctioned Chinese firm provided botnet infrastructure for the China-backed hacking group Flax Typhoon © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
3 JanWhat Airports Don’t Tell You About Their Cameras!Airports are hiding something extraordinary about their cameras that could blow your mind! 🎥 From facial recognition to advanced retina scanning, these systems go beyond just watching. They can track entire crowds with one camera and even integrate iris and retina biometrics for …YOUTUBE.COM
📡 INFOSEC NEWS 11[−]
3 JanMalicious npm packages target Ethereum developers' private keysTwenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. [...]BLEEPINGCOMPUTER.COM
3 JanApple offers $95 million in Siri privacy violation settlementApple has agreed to pay $95 million to settle a class action lawsuit in the U.S. alleging that its Siri assistant recorded private conversations and shared them with third parties. [...]BLEEPINGCOMPUTER.COM
3 JanNew AI Jailbreak Method 'Bad Likert Judge' Boosts Attack Success Rates by Over 60%Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model's (LLM) safety guardrails and produce potentially harmful or malicious responses. The multi-turn (aka many-shot) attack strategy has been codenamed Bad Lik…THEHACKERNEWS.COM
3 JanCritical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service DisruptionMicrosoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. "We expect that most users will not be directly affected, however, it is critical th…THEHACKERNEWS.COM
3 JanApple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy ViolationsApple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri assistant. The development was first reported by Reuters. The settlement applies to U.S.-based individuals current…THEHACKERNEWS.COM
3 JanTime to check if you ran any of these 33 malicious Chrome extensionsTwo separate campaigns have been stealing credentials and browsing history for months.ARSTECHNICA.COM
3 JanOnline gift card store exposed hundreds of thousands of people’s identity documentsThe gift card store secured the public cloud storage server containing customer ID documents, which was not protected with a password. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
3 JanAI Pulse: Top AI Trends from 2024 - A Look BackIn this edition of AI Pulse, let's look back at top AI trends from 2024 in the rear view so we can more clearly predicts AI trends for 2025 and beyond.TRENDMICRO.COM
3 JanHack Your Phone: Code in Bed With This Device! 😱Ever dreamed of coding in bed on your phone? 😴👨‍💻 Meet the ultimate hardware hack: a device that pairs as a Bluetooth mouse and keyboard, turning your phone into a coding powerhouse! We also explore how to load custom firmware with Wget and an SD card to unlock even more mind-blo…YOUTUBE.COM
3 JanApple vs Microsoft: Who Protects Your Data Better?Apple and Microsoft take different paths when it comes to protecting your data. While Microsoft focuses on tech features first and privacy second, Apple flips the script by addressing privacy concerns right from the start. Which approach keeps your personal information safer in t…YOUTUBE.COM
3 JanGary Marcus – Taming Silicon Valley | Starmus HighlightsThe prominent AI researcher explores the societal impact of artificial intelligence and outlines his vision for a future in which AI upholds human rights, dignity, and fairnessWELIVESECURITY.COM