🚨 CISA KEV 1[−]
16 Jan KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malici…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
16 JanNew UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious BootkitsDetails have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI applic…THEHACKERNEWS.COM
16 JanUnder the cloak of UEFI Secure Boot: Introducing CVE-2024-7344The story of a signed UEFI application allowing a UEFI Secure Boot bypassWELIVESECURITY.COM
⚠️ VULNERABILITY DISCLOSURE 16[−]
16 JanGootloader inside outOpen-source intelligence reveals the server-side code of this pernicious SEO-driven malware - without needing a lawyer afterwardSOPHOS.COM
16 JanThe $10 Cyber Threat Responsible for the Biggest Breaches of 2024You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks. (Source: Verizon). Cybersecurity budgets grew again in 2024, with organiza…THEHACKERNEWS.COM
16 JanResearchers Find Exploit Allowing NTLMv1 Despite Active Directory RestrictionsCybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration. "A simple misconfiguration in on-premise applications can override the Group Policy, effectiv…THEHACKERNEWS.COM
16 JanPython-Based Malware Powers RansomHub Ransomware to Exploit Network FlawsCybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to Gu…THEHACKERNEWS.COM
16 JanCISA Releases Twelve Industrial Control Systems AdvisoriesCISA released twelve Industrial Control Systems (ICS) advisories on January 16, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-016-01 Siemens Mendix LDAP ICSA-25-016-02 Siemens Industrial Edg…CISA.GOV
16 JanCISA and Partners Release Call to Action to Close the National Software Understanding GapToday, CISA—in partnership with the Defense Advanced Research Projects Agency (DARPA), the Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E), and the National Security Agency (NSA)—published Closing the Software Understanding Gap . This rep…CISA.GOV
16 JanNews alert: Sweet Security’s LLM-powered detection engine reduces cloud noise to 0.04%Tel Aviv, Israel, Jan. 15, 2025, CyberNewswire — Sweet Security , a leader in cloud runtime detection and response, today announced the launch of its groundbreaking patent-pending Large Language Model (LLM)-powered cloud detection engine . This innovation enhances SweetR…LASTWATCHDOG.COM
16 JanOSV-SCALIBR: A library for Software Composition AnalysisPosted by Erik Varga, Vulnerability Management, and Rex Pan, Open Source Security Team In December 2022, we announced OSV-Scanner , a tool to enable developers to easily scan for vulnerabilities in their open source dependencies. Together with the open source community, we’ve con…SECURITY.GOOGLEBLOG.COM
16 JanLe Coq Sportif Columbia - 79,712 breached accountsIn January 2025, a data breach from the Columbian website for Le Coq Sportif was posted to a popular hacking forum . The data included almost 80k unique email addresses with the breach dating back to May 2023. Impacted data included physical and IP addresses, names, purchases, ge…HAVEIBEENPWNED.COM
16 JanHow do you unlock automation within IT security and IT operations?The proliferation of endpoints in today’s enterprises is outpacing the ability of IT operations and security teams to cost-effectively manage increasingly complex environments. Already stretched thin, teams face the daunting task of securing vast IT estates with siloed tools, sta…CSOONLINE.COM
16 JanFTC orders GoDaddy to fix its infosec practicesWeb-hosting giant GoDaddy has been called out by the US Federal Trade Commission (FTC) for its lax security practices, since at least January 2018, with an order to immediately implement a tighter infosec program. An FTC complaint signed by five commissioners accused the leading …CSOONLINE.COM
16 JanSIEM buyer’s guide: Top 15 security information and event management tools — and how to chooseSecurity information and event management (SIEM) is a blue-collar tool for network security professionals. There’s nothing remotely glamorous about auditing, reviewing, and managing event logs, but it’s one of the more important aspects of building a secure enterprise network. In…CSOONLINE.COM
16 JanCybersecurity hiring is deeply flawed, demoralizing, and needs to be fixedWhen people think about starting a new job, words like “exciting,” “motivating,” and “rewarding” often come to mind. The search for a new role represents an opportunity to embrace fresh challenges, grow professionally, and explore untapped potential. However, for many in cybersec…CSOONLINE.COM
16 JanBreaking: Moxa Security Flaws Could Cost Millions 💰🚨 Breaking: Major security flaws in Moxa devices could lead to catastrophic vulnerabilities! These networking devices are critical in sectors like transportation, utilities, energy, and telecom, yet two newly discovered issues (scoring 8.6 & 9.3 in severity) have raised red flags…YOUTUBE.COM
16 JanResearchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictionssubmitted by kid to cybersecurity 11 points | 0 comments https://thehackernews.com/2025/01/researchers-find-exploit-allowing.html A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 auth…SH.ITJUST.WORKS
16 JanUEFI Secure Boot: Not so secure?A vulnerability affecting a UEFI application and discovered by ESET researchers could let malicious actors deploy malicious bootkits on vulnerable systemsWELIVESECURITY.COM
📋 SECURITY BULLETINS 1[−]
16 JanResearcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint ManagerIvanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure. All the four critical security flaws, rated 9.8 out of 10.…THEHACKERNEWS.COM
📢 SECURITY ADVISORIES 10[−]
16 JanGDPR complaints filed against TikTok, Temu for sending user data to ChinaNon-profit privacy advocacy group "None of Your Business" (noyb) has filed six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European user's data to China and infringing European Union's general data protection regulation (GDP…BLEEPINGCOMPUTER.COM
16 JanMicrosoft expands testing of Windows 11 admin protection featureMicrosoft has expanded its Windows 11 administrator protection tests, allowing Insiders to enable the security feature from the Windows Security settings. [...]BLEEPINGCOMPUTER.COM
16 JanUS cracks down on North Korean IT worker army with more sanctionsThe U.S. Treasury Department has sanctioned a network of individuals and front companies linked to North Korea's Ministry of National Defense that have generated revenue via illegal remote IT work schemes. [...]BLEEPINGCOMPUTER.COM
16 JanBiden signs executive order to bolster national cybersecurityDays before leaving office, President Joe Biden signed an executive order to shore up the United States' cybersecurity by making it easier to sanction hacking groups targeting federal agencies and the nation's critical infrastructure. [...]BLEEPINGCOMPUTER.COM
16 JanReady to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in ActionThe digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up with it all can feel like trying to juggle chainsaws while riding a unicycle. Traditio…THEHACKERNEWS.COM
16 JanBiden White House goes all out in final, sweeping cybersecurity orderThe Biden administration’s last cybersecurity action is a comprehensive and ambitious 50-page executive order (EO) entitled “Strengthening and Promoting Innovation in the Nation’s Cybersecurity” which aims “to improve our nation’s cybersecurity, focusing on defending our digital …CSOONLINE.COM
16 JanNeuer EU-Plan für mehr Cybersicherheit im Gesundheitswesensrcset="https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2566052025.jpg?quality=50&strip=all 6178w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2566052025.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
16 JanThe current state of ransomware: Weaponizing disclosure rules and moreAs we near the end of 2024, ransomware remains a dominant and evolving threat against any organization. Cyber criminals are more sophisticated and creative than ever. They integrate new technologies, leverage geopolitical tensions and even use legal regulations to their advantage…SECURITYINTELLIGENCE.COM
16 JanBiden administration launches cybersecurity executive ordersubmitted by kid to cybersecurity 14 points | 1 comments https://www.cnbc.com/2025/01/16/biden-administration-launches-cybersecurity-executive-order.html The Biden administration is imposing new security standards for companies that do business with the U.S. government with a new…SH.ITJUST.WORKS
🔥 INCIDENT REPORTING 7[−]
16 JanFBI Deletes PlugX Malware from Thousands of ComputersAccording to a DOJ press release , the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based computers and networks.” Details : To retrieve information from and send commands to the hacked machines, the malware connects to a comman…SCHNEIER.COM
16 JanWolf Haldenstein law firm says 3.5 million impacted by data breachWolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers. [...]BLEEPINGCOMPUTER.COM
16 JanClop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breachesThe Russia-linked ransomware group is threatening to leak data stolen from almost 60 Cleo Software customers if ransoms aren't paid © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
16 JanSmashing Security podcast #400: Hacker games, AI travel surveillance, and 25 years of IoTThe video game Path of Exile 2 suffers a security breach, we explore the issues of using predictive algorithms in travel surveillance systems, and the very worst IoT devices are put on show in Las Vegas. Oh, and has Elon Musk accidentally revealed he cheats at video games? All th…GRAHAMCLULEY.COM
16 JanThe Dangerous Software You Forgot You Installed!Did you know that old software like TeamViewer could be the perfect entry point for hackers? 🤯 Many businesses forget it’s installed, leaving their systems vulnerable. In this video, we uncover how outdated remote access tools could be the backdoor cybercriminals are counting on.…YOUTUBE.COM
16 JanFBI Deletes PlugX Malware from Thousands of Computers - Schneier on Securitysubmitted by 0x0 to cybersecurity 19 points | 1 comments https://www.schneier.com/blog/archives/2025/01/fbi-deletes-plugx-malware-from-thousands-of-computers.html According to a DOJ press release , the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,25…SH.ITJUST.WORKS
16 JanUK government proposes ransomware payment ban for public sectorThe UK government has proposed extending its ban on ransomware payments to cover the entire public sector in an attempt to deter cybercriminal attacks and protect taxpayers. But is a ban a good idea? Read more in my article on the Exponential-e blog.EXPONENTIAL-E.COM
🕵️ THREAT INTELLIGENCE 12[−]
16 JanCisco Unveils New AI Application Security SolutionCisco has unveiled AI Defense, a solution designed to help organizations protect development and use of AI applications. The post Cisco Unveils New AI Application Security Solution appeared first on SecurityWeek .SECURITYWEEK.COM
16 JanRussian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing CampaignThe Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims' WhatsApp accounts, signaling a departure from its longstanding tradecraft in a likely attempt to evade detection. "Star Blizzard's targets are most commonly rela…THEHACKERNEWS.COM
16 JanHackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity StealerThreat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid malicious code in images they uploaded to archive[.]org, a file-hosting website, …THEHACKERNEWS.COM
16 JanFirst Ever Magic Quadrant™ for Email Security Platforms by Gartner®In cybersecurity, email has always been a critical concern. However, we feel the new 2024 Gartner® Magic Quadrant for Email Security Platforms™ has signaled a shift in how we approach email protection.KNOWBE4.COM
16 JanYour KnowBe4 Fresh Content Updates from December 2024Check out the 52 new pieces of training content added in December, alongside the always fresh content update highlights, new features and events. KNOWBE4.COM
16 JanNews alert: Aembit announces speakers for NHIcon event, highlighting non-human identity securitySilver Spring, MD, Jan. 15, 2025, CyberNewswire — Aembit , the non-human identity and access management (IAM) company, unveiled the full agenda for NHIcon 2025, a virtual event dedicated to advancing non-human identity security, streaming live on Jan. 28 and … (more…)…LASTWATCHDOG.COM
16 JanNews alert: Wultra secures €3M funding to help financial firms mitigate coming quantum threatsPrague, Czech Republic, Jan. 15, 2025, CyberNewswire — Quantum computing is set to revolutionize technology, but it also presents a significant security risk for financial institutions. Czech cybersecurity startup Wultra has raised €3 million from Tensor Ventures, Elevator …LASTWATCHDOG.COM
16 JanNew Star Blizzard spear-phishing campaign targets WhatsApp accountsIn mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group. This is the first time we have identified a…MICROSOFT.COM
16 JanInternational agierende Internetbetrüger geschnapptInsgesamt waren ca. 150 Polizeikräfte – davon 10 Polizeibeamte des Nürnberger Kriminalfachdezernats 5 – und zwei Staatsanwältinnen sowie zwei IT-Forensiker der ZCB in Deutschland, Rumänien und Österreich im Einsatz. m.mphoto – shutterstock.com Die Kripo Nürnberg und die bayerisch…CSOONLINE.COM
16 JanMicrosoft catches Russian state-sponsored hackers shifting tactics to WhatsAppsubmitted by kid to cybersecurity 30 points | 0 comments https://cyberscoop.com/star-blizzard-fsb-whatsapp-microsoft-threat-intel/SH.ITJUST.WORKS
16 JanGSocket Gambling Scavenger – How Hackers Use PHP Backdoors and GSocket to Facilitate Illegal Gambling in Indonesiasubmitted by kid to cybersecurity 5 points | 0 comments https://www.imperva.com/blog/how-hackers-use-php-backdoors-and-gsocket-to-facilitate-illegal-gambling-in-indonesia/SH.ITJUST.WORKS
16 JanHackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealersubmitted by kid to cybersecurity 13 points | 2 comments https://thehackernews.com/2025/01/hackers-hide-malware-in-images-to.html In both campaigns, attackers hid malicious code in images they uploaded to archive[.]org, a file-hosting website, and used the same .NET loader to ins…SH.ITJUST.WORKS
🌐 CYBER THREAT LANDSCAPE 1[−]
16 JanNew gadgets unveiled at CES 2025, and their impact on security | Kaspersky official blogCybersecurity trends at the Consumer Electronics Show: from AI glasses to biometric locks.KASPERSKY.COM
📡 INFOSEC NEWS 8[−]
16 JanW3 Total Cache plugin flaw exposes 1 million WordPress sites to attacksA severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. [...]BLEEPINGCOMPUTER.COM
16 JanChinese Innovations Spawn Wave of Toll Phishing Via SMSResidents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added …KREBSONSECURITY.COM
16 JanExtracting Practical Observations from Impractical Datasets, (Thu, Jan 16th)[This is a Guest Diary by Curtis Dibble, an ISC intern as part of the SANS.edu BACS [1] program]
ISC.SANS.EDU
16 JanCrypto Chameleon Strikes: $4.7M Gone in Seconds!Discover how a notorious group of scammers, known as Crypto Chameleon, orchestrated a $4.7 million heist using Google's services. This elaborate phishing attack targeted a crypto investor, Tony, through fake Google Assistant prompts and phishing emails. Watch as the shocking deta…YOUTUBE.COM
16 JanEnd Users vs. Developers: Bridging the Gap in OpenTelemetryEver wondered how end users and developers come together to create better tools? In this short, we dive into how OpenTelemetry bridged the gap with a live panel, user feedback, and a collaborative approach that turned opinions into actionable insights. Watch how feedback is shapi…YOUTUBE.COM