🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
10 JanGoogle Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung DevicesCybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Andro…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 7[−]
10 Jan90 Percent of Free VPNs Have Security Weaknesses: Cyber Security Today for Friday, January 10, 2025Cybersecurity Alert: Free VPN Risks, Packers' Data Breach, and SonicWall Vulnerability In this episode, host Jim Love delves into critical cybersecurity issues including the hidden dangers of free VPNs, a payment skimmer attack on the Green Bay Packers’ online pro shop, and a sev…CYBERSECURITYTODAY.LIBSYN.COM
10 JanCrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig CryptominerCybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a supposed recruitment process. "The attack begins with a phishing email impersonati…THEHACKERNEWS.COM
10 JanCISA Releases Four Industrial Control Systems AdvisoriesCISA released four Industrial Control Systems (ICS) advisories on January 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-010-01 Schneider Electric PowerChute Serial Shutdown ICSA-25-010-0…CISA.GOV
10 JanCISA Releases the Cybersecurity Performance Goals Adoption ReportToday, CISA released the Cybersecurity Performance Goals Adoption Report to highlight how adoption of Cybersecurity Performance Goals (CPGs) benefits our nation’s critical infrastructure sectors. Originally released in October 2022, CISA’s CPGs are voluntary practices that critic…CISA.GOV
10 JanNew Paper: “Future of SOC: Transform the ‘How’” (Paper 5)After a long, long, long writing effort … eh … break, we are ready with our 5th Deloitte and Google Cloud Future of the SOC paper “Future of SOC: Transform the ‘How’.” As a reminder (and I promise you do need it; it has been years…), the previous 4 papers are: “New Paper: “Future…MEDIUM.COM
10 JanIs the water safe? The state of critical infrastructure cybersecurityOn September 25, CISA issued a stark reminder that critical infrastructure remains a primary target for cyberattacks. Vulnerable systems in industrial sectors, including water utilities, continue to be exploited due to poor cyber hygiene practices. Using unsophisticated methods l…SECURITYINTELLIGENCE.COM
10 JanBadRAM: attack using malicious RAM module | Kaspersky official blogTheoretical BadRAM attack on virtualization systems exploits a vulnerability in AMD EPYC processors.KASPERSKY.COM
📢 SECURITY ADVISORIES 1[−]
🔥 INCIDENT REPORTING 5[−]
10 JanApps That Are Spying on Your Location404 Media and Wired are reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy C…SCHNEIER.COM
10 JanAI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion TacticsCybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combining data theft with encrypti…THEHACKERNEWS.COM
10 JanUS government charges operators of crypto mixing service used by North Korea and ransomware gangsThree Russian citizens were charged with money laundering for their role in operating Blender.io and Sinbad.io crypto mixing services. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
10 JanChina hacked US Treasury’s CFIUS, which reviews foreign investments for national security risksThe hackers targeting the Treasury are dubbed Silk Typhoon, and previously mass-hacked thousands of corporate email servers. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
10 JanCannabis company Stiiizy says hackers accessed customers’ ID documentsA ransomware gang took credit for the breach, claiming to have stolen over 400,000 government-issued identity documents from customers. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 3[−]
10 JanFriday Squid Blogging: Cotton-and-Squid-Bone SpongeNews : A sponge made of cotton and squid bone that has absorbed about 99.9% of microplastics in water samples in China could provide an elusive answer to ubiquitous microplastic pollution in water across the globe, a new report suggests. […] The study tested the material in…SCHNEIER.COM
10 JanRedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage CampaignsMongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024. "The group used lure documents themed around the 2024 Taiwanese presidential can…THEHACKERNEWS.COM
10 JanOff-Topic Fridaysubmitted by shellsharks to cybersecurity 8 points | 1 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 1[−]
10 JanHow Cracks and Installers Bring Malware to Your DeviceOur research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data.TRENDMICRO.COM
📡 INFOSEC NEWS 4[−]
10 JanTaking the Pain Out of Cybersecurity Reporting: A Practical Guide for MSPsCybersecurity reporting is a critical yet often overlooked opportunity for service providers managing cybersecurity for their clients, and specifically for virtual Chief Information Security Officers (vCISOs). While reporting is seen as a requirement for tracking cybersecurity pr…THEHACKERNEWS.COM
10 JanHands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by ElisityNetwork segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challen…THEHACKERNEWS.COM
10 JanMicrosoft accuses group of developing tool to abuse its AI service in new lawsuitMicrosoft has taken legal action against a group the company claims intentionally developed and used tools to bypass the safety guardrails of its cloud AI products. According to a complaint filed by the company in December in the U.S. District Court for the Eastern District of Vi…TECHCRUNCH.COM
10 JanCanadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to youA Canadian man lost a $100,000 cryptocurrency fortune - all because he did a careless Google search. Read more in my article on the Hot for Security blog.BITDEFENDER.COM