🚨 CISA KEV 1[−]
15 Jan KEVThreat Actors Chained Vulnerabilities in Ivanti Cloud Service ApplicationsNote: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more information on mitigating CVE -2025-0282 and CVE-2025-0283, see Ivanti Releases Security Updates for Conne…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
15 Jan KEV3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security UpdateMicrosoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical and 149 are rated Important in severity. …THEHACKERNEWS.COM
15 Jan KEVCISA warns second BeyondTrust vulnerability also exploited in the wildThe US Cybersecurity and Infrastructure Security Agency (CISA) has added to its catalog of known exploited vulnerabilities a second vulnerability by BeyondTrust, which was patched in December. The flaw is different than the one that was used to compromise US Treasury workstations…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 14[−]
15 JanYouTubers Attacked By Malware: Cyber Security Today, Wednesday, January 15, 2025Cybersecurity Rundown: YouTube Malware, Strava Leaks, UK Ransomware Ban, AWS Exploits & Fortinet Vulnerabilities In this episode of 'Cybersecurity Today,' host Jim Love covers critical cybersecurity topics including YouTubers targeted with malware links, fitness apps leaking mili…CYBERSECURITYTODAY.LIBSYN.COM
15 JanMultiple Vulnerabilities in Rsync Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in Rsync, the most severe of which could allow for remote code execution. Rsync is an open-source file synchronization and data transferring tool valued for its ability to perform incremental transfers, reducing data transfer times an…CISECURITY.ORG
15 JanGoogle Cloud Researchers Uncover Flaws in Rsync File Synchronization ToolAs many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. "Attackers can take control of a malicious server and read/write arbitrary files of a…THEHACKERNEWS.COM
15 JanFBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month OperationThe U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation." PlugX, also known as Korp…THEHACKERNEWS.COM
15 JanCritical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE AttacksCybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings…THEHACKERNEWS.COM
15 JanThe Curious Case of a 12-Year-Old Netgear Router Vulnerability, (Wed, Jan 15th)Routers play an essential role in networking and are one of the key components that allow users to have internet connectivity. Vulnerabilities in routers could result in reduced speeds or the possibility of vulnerable equipment being compromised and turned into part of a botnet. …ISC.SANS.EDU
15 JanCISA Releases Microsoft Expanded Cloud Logs Implementation PlaybookToday, CISA released the Microsoft Expanded Cloud Logs Implementation Playbook to help organizations get the most out of Microsoft’s newly introduced logs in Microsoft Purview Audit (Standard). This step-by-step guide enables technical personnel to better detect and defend agains…CISA.GOV
15 JanPowerSchool data breach victims say hackers stole ‘all’ historical student and teacher dataA trove of information on current and former students and teachers was accessed during the December cyberattack, sources say © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
15 JanCisco’s homegrown AI to help enterprises navigate AI adoptionAs the world rushes to integrate AI into all aspects of enterprise applications, there’s a pressing need to secure data-absorbing AI systems from malicious interferences. To achieve that, Cisco has announced Cisco AI Defense, a solution designed to address the risks introduced by…CSOONLINE.COM
15 JanCISA unveils ‘Secure by Demand’ guidelines to bolster OT securityThe US Cybersecurity and Infrastructure Security Agency (CISA), along with its international cybersecurity allies, has unveiled the “ Secure by Demand ” guidelines to safeguard operational technology (OT) environments. The framework provides a blueprint for OT owners and operator…CSOONLINE.COM
15 JanISC2 Cybersecurity Workforce Study: Shortage of AI skilled workersAI has made an impact everywhere else across the tech world, so it should surprise no one that the 2024 ISC2 Cybersecurity Workforce Study saw artificial intelligence (AI) jump into the top five list of security skills. It’s not just the need for workers with security-relat…SECURITYINTELLIGENCE.COM
15 JanAre Cybercriminals More Afraid of Each Other?In the murky world of cybercrime, it’s not law enforcement that keeps hackers on edge—it’s each other. Dive into the secretive reputation systems criminals use to survive in this cutthroat community. Alison Nixon from Unit 221B reveals why cybercriminals fear their own more than …YOUTUBE.COM
15 JanApple Bug Allows Security Bypass Without Physical Accesssubmitted by IllNess to securitynews 24 points | 3 comments https://www.darkreading.com/vulnerabilities-threats/apple-bug-root-protections-bypass-physical-access cross-posted from: lemmy.zip/post/30049292 Emergent macOS vulnerability lets adversaries circumvent Apple’s System Int…INFOSEC.PUB
15 JanGoogle OAuth Vulnerability Exposes Millions via Failed Startup Domainssubmitted by IllNess to securitynews 11 points | 0 comments https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html New research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow that exploits a quirk in domain o…INFOSEC.PUB
📋 SECURITY BULLETINS 2[−]
15 Jan159-CVE January Patch Tuesday smashes single-month recordBrace yourselves... and consider reading your email in plaintext for nowSOPHOS.COM
15 JanMicrosoft: Happy 2025. Here’s 161 Security Updates – Krebs on Securitysubmitted by IllNess to securitynews 11 points | 2 comments https://krebsonsecurity.com/2025/01/microsoft-happy-2025-heres-161-security-updates/INFOSEC.PUB
📢 SECURITY ADVISORIES 4[−]
15 JanGovernments call for spyware regulations in UN Security Council meetingSeveral governments participated in a meeting on the proliferation of commercial spyware at the United Nations Security Council. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
15 JanInnovating in line with the European Union’s AI ActAs our Microsoft AI Tour reached Brussels, Paris, and Berlin recently, we met with European organizations that were energized by the possibilities of our latest AI technologies and engaged in deployment projects. They were also alert to the fact that 2025 is the year that key obl…BLOGS.MICROSOFT.COM
15 JanBiden White House to go all out in final, sweeping cybersecurity ordersubmitted by IllNess to securitynews 21 points | 2 comments https://www.csoonline.com/article/3802476/biden-white-house-to-go-all-out-in-final-sweeping-cybersecurity-order.html The ambitious final executive order requires 52 agency actions to bolster cyber protections and counter…INFOSEC.PUB
🔥 INCIDENT REPORTING 7[−]
15 JanLazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. "The campaign begins with fake recruiters, posing on platforms like…THEHACKERNEWS.COM
15 JanStartup necromancy: Dead Google Apps domains can be compromised by new ownersImproperly winding down a Google Apps domain can leave logins accessible.ARSTECHNICA.COM
15 JanJapan Attributes More Than 200 Cyberattacks to China Threat Actor "MirrorFace"Japan’s National Police Agency (NPA) has attributed more than 200 cyber incidents over the past five years to the China-aligned threat actor “MirrorFace,” Infosecurity Magazine reports.KNOWBE4.COM
15 JanUnitedHealth hid its Change Healthcare data breach notice for monthsThe ransomware attack on Change Healthcare affected over 100 million Americans, the health giant told regulators. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
15 JanDie Top 10 Geschäftsrisiken in Deutschland 2025Cyberangriffe zählen nach wie vor zu den größten Geschäftsrisiken. Andrey_Popov – shutterstock.com Kriminelle Hacker , Naturkatastrophen, politische Risiken und der Klimawandel bereiten Unternehmen weltweit wachsende Sorgen. Im jährlichen Risikobarometer der Allianz stehen wie im…CSOONLINE.COM
15 JanPerfide Ransomware-Attacke gegen AWS-Nutzersrcset="https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2390933631.jpg?quality=50&strip=all 4750w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2390933631.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
15 JanEmbassy Wi-Fi Hack: The Print Shop Scandal 🤯Hackers don’t need to be in the same room to attack! 🚨 Using embassy Wi-Fi vulnerabilities and a nearby print shop, they infiltrated systems without MFA. This real-life hacking incident shows why cybersecurity is crucial in today’s digital world. Protect your networks and stay vi…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 3[−]
15 JanPhishing False AlarmA very security-conscious company was hit with a (presumed) massive state-actor phishing attack with gift cards, and everyone rallied to combat it—until it turned out it was company management sending the gift cards.SCHNEIER.COM
15 JanNorth Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake DomainsCybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyang-based threamoret groups may have pulled off illicit money-making sc…THEHACKERNEWS.COM
15 Jan5 Trends Shaping Healthcare Cybersecurity in 2025Palo Alto Networks shares five of the top healthcare cybersecurity trends and strategies to prepare you for transformation in 2025 and beyond. The post 5 Trends Shaping Healthcare Cybersecurity in 2025 appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
15 JanThe High-Stakes Disconnect For ICS/OT SecurityWhy does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn’t just ineffective—it’s high risk. In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Co…THEHACKERNEWS.COM
15 JanLegitimate Chrome extensions are stealing Facebook passwordsSupply-chain attacks use trojanized legitimate Google Chrome extensions for data theft.KASPERSKY.COM
📡 INFOSEC NEWS 5[−]
15 JanGoogle Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA CodesCybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. "The scheme consists of stealing as many advertiser accounts as …THEHACKERNEWS.COM
15 JanCongratulations to the Top MSRC 2024 Q4 Security Researchers!Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q4 Security Researcher Leaderboa…MSRC.MICROSOFT.COM
15 JanUnlocking Cloud Potential While Managing Risk 🌩️Cloud technology offers endless potential, but are you balancing its value with the risks? 🌩️ CISOs, it’s time to rethink how you approach vendor security and contractual obligations. SOC 2 assessments are key, but are you carefully reviewing the complementary customer controls? …YOUTUBE.COM
15 JanFrom Chaos to Clarity: Observability Meets Security 💡Struggling to find the root cause of security vulnerabilities in your system? 🔍 Observability is the game-changer you need! By integrating observability with security, developers can quickly identify and resolve potential threats before they escalate. Watch this short to learn ho…YOUTUBE.COM
15 JanCybersecurity and AI: What does 2025 have in store?In the hands of malicious actors, AI tools can enhance the scale and severity of all manner of scams, disinformation campaigns and other threatsWELIVESECURITY.COM