🚨 CISA KEV 1[−]
13 Jan KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability CVE-2023-48365 …CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
13 JanHackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto MinersA recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding to "multiple incidents" inv…THEHACKERNEWS.COM
13 JanAnalyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensionsMicrosoft discovered a macOS vulnerability allowing attackers to bypass System Integrity Protection (SIP) by loading third party kernel extensions, which could lead to serious consequences, such as allowing attackers to install rootkits, create persistent malware, bypass Transpar…MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 4[−]
13 JanMassive Data Breaches Hit Thousands Of Popular Mobile Apps: Cyber Security Today for Monday, January 13, 2025Massive Data Breaches, Apple Targeted, Facebook Security Flaw - Cybersecurity Today In this episode of Cybersecurity Today, host Jim Love covers a massive breach revealing how location data is harvested through thousands of popular mobile apps on Android and iOS. Files leaked fro…CYBERSECURITYTODAY.LIBSYN.COM
13 JanWordPress Skimmers Evade Detection by Injecting Themselves into Database TablesCybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS). "This credit card skimmer malwar…THEHACKERNEWS.COM
13 JanCISA and US and International Partners Publish Guidance on Priority Considerations in Product Selection for OT Owners and OperatorsToday, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products . As part of CISA’s Secure by Demand series, this guidance focuses on help…CISA.GOV
13 JanUK domain giant Nominet confirms cybersecurity incident linked to Ivanti VPN hacksNominet, the U.K. domain registry that maintains .co.uk domains, has experienced a cybersecurity incident that it confirmed is linked to the recent exploitation of a new Ivanti VPN vulnerability. In an email to customers, seen by TechCrunch, Nominet warned of an “ongoing security…TECHCRUNCH.COM
🔥 INCIDENT REPORTING 8[−]
13 JanMicrosoft Takes Legal Action Against AI “Hacking as a Service” SchemeNot sure this will matter in the end, but it’s a positive move : Microsoft is accusing three individuals of running a “hacking-as-a-service” scheme that was designed to allow the creation of harmful and illicit content using the company’s platform for AI-g…SCHNEIER.COM
13 JanExperimenting with Stealer Logs in Have I Been PwnedPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite TL;DR — Email addresses in stealer logs can now be queried in HIBP to discover which websites they've had credentials …TROYHUNT.COM
13 JanRansomware on ESXi: The Mechanization of Virtualized AttacksIn 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these a…THEHACKERNEWS.COM
13 JanExpired Domains Allowed Control Over 4,000 Backdoors on Compromised SystemsNo less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired infrastructure for as little as $20 per domain. Cybersecurity company watchTowr Labs said it pulled off the operation by registering …THEHACKERNEWS.COM
13 JanA breach of Gravy Analytics’ huge trove of location data threatens the privacy of millionsThe company confirmed the breach after a hacker posted millions of location data records online. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
13 JanStealer Logs, Jan 2025 - 71,039,833 breached accountsIn January 2025, stealer logs with 71M email addresses were added to HIBP . Consisting of email address, password and the website the credentials were entered against, this breach marks the launch of a new HIBP feature enabling the retrieval of the specific websites the logs were…HAVEIBEENPWNED.COM
13 JanScholastic - 4,247,768 breached accountsIn January 2025, a data breach of the publishing company Scholastic surfaced . The breach contained 4.2M unique email addresses with many of the records also including name, phone number and physical address.HAVEIBEENPWNED.COM
13 JanTrusted-relationship cyberattacks and their preventionHow to work with suppliers to reduce the risk of incidents related to supply-chain cyberattacks.KASPERSKY.COM
🕵️ THREAT INTELLIGENCE 7[−]
13 JanISC Stormcast For Tuesday, January 14th, 2025 https://isc.sans.edu/podcastdetail/9278, (Mon, Jan 13th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
13 JanISC Stormcast For Monday, January 13th, 2025 https://isc.sans.edu/podcastdetail/9276, (Mon, Jan 13th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
13 Jan3 takeaways from red teaming 100 generative AI productsSince 2018, Microsoft's AI Red Team has probed generative AI products for critical safety and security vulnerabilities. Read our latest blog for three lessons we've learned along the way. The post 3 takeaways from red teaming 100 generative AI products appeared first on Microsoft…MICROSOFT.COM
13 JanWaging War on Explicit Deepfakes. The Real Problem Behind the UK CrackdownThe UK government decided to wage war on explicit deepfakes. About time, right? But before we start celebrating, let's take a closer look.KNOWBE4.COM
13 JanHow CTEM is providing better cybersecurity resilience for organizationsOrganizations today continuously face a number of fast-moving cyber threats that regularly challenge the effectiveness of their cybersecurity defenses. However, to keep pace, businesses need a proactive and adaptive approach to their security planning and execution. Cyber threat …SECURITYINTELLIGENCE.COM
13 JanNew HHS nondiscrimination guidelines on AI use in Healthcaresubmitted by boatswain to cybersecurity 4 points | 3 comments Looks like they’re pretty concerned with the possibility of mass discrimination by AI, perhaps in the wake of the news about United Healthcare using AI to decline coverage. This could be useful to people: If you believ…INFOSEC.PUB
13 Jan38C3 - We've not been trained for this: life after the Newag DRM disclosure [Stream archive; Youtube]submitted by taaz to cybersecurity 15 points | 1 comments https://www.youtube.com/watch?v=8OB2NqcSDXQ cross-posted from: biglemmowski.win/post/4480202 This is a follow up to the DRM’d polish trains.INFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 1[−]
13 JanWorld Tour Survey: Cloud Engineers Wrestle with RiskTrend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of cybersecurity, from job pressures to the need for more advanced tools. Explore what cloud security engineers teams had to say.TRENDMICRO.COM
📰 CYBERSECURITY BRIEFINGS 1[−]
13 Jan⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening,…THEHACKERNEWS.COM
📡 INFOSEC NEWS 5[−]
13 JanIndustry Moves for the week of January 13, 2025 - SecurityWeekExplore industry moves and significant changes in the industry for the week of January 13, 2025. Stay updated with the latest industry trends and shifts.SECURITYWEEK.COM
13 JanHikvision Password Reset Brute Forcing, (Mon, Jan 13th)One common pattern in password resets is sending a one-time password to the user to enable them to reset their password. The flow usually looks like:
ISC.SANS.EDU
13 JanPastor’s “dream” crypto scheme alleged to be a multi-million dollar scamImagine trusting your pastor with your savings, only to find out he's running a crypto scam. Read more in my article on the Hot for Security blog.BITDEFENDER.COM