18Articles
6Categories
2025-01-20Date
⚠️ VULNERABILITY DISCLOSURE 4[−]
20 JanThreat Actors Abuse Google Translate to Craft Phishing LinksThreat actors are abusing Google Translate’s redirect feature to craft phishing links that appear to belong to, according to researchers at Abnormal Security.KNOWBE4.COM
20 JanPhishing Campaign Attempts to Bypass iOS ProtectionsAn SMS phishing (smishing) campaign is attempting to trick Apple device users into disabling measures designed to protect them against malicious links, BleepingComputer reports.KNOWBE4.COM
20 JanPython-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferationsubmitted by IllNess to securitynews 9 points | 0 comments https://thehackernews.com/2025/01/python-based-bots-exploiting-php.htmlINFOSEC.PUB
20 JanCISA and US and International Partners Publish Guidance for OT Owners and Operatorssubmitted by IllNess to securitynews 6 points | 0 comments https://www.darkreading.com/ics-ot-security/cisa-and-us-and-international-partners-publish-guidance-for-ot-owners-and-operators CISA: Secure by Demand: Priority Considerations for Operational Technology Owners and Operato…INFOSEC.PUB
📢 SECURITY ADVISORIES 1[−]
20 JanProduct Walkthrough: How Satori Secures Sensitive Data From Production to AIEvery week seems to bring news of another data breach, and it’s no surprise why: securing sensitive data has become harder than ever. And it’s not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is…THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 3[−]
20 JanDoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence CollectionThe Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem (meaning "organization" in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company…THEHACKERNEWS.COM
20 Jan⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to…THEHACKERNEWS.COM
20 JanFrom Pig Butchering to People TalkingInterpol has recently recommended discontinuing the use of the term "Pig Butchering" in cybercrime discussions, expressing concern that such terminology may discourage victims from reporting incidents due to feelings of shame or embarrassment.KNOWBE4.COM
🕵️ THREAT INTELLIGENCE 5[−]
20 JanISC Stormcast For Monday, January 20th, 2025 https://isc.sans.edu/podcastdetail/9286, (Mon, Jan 20th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
20 JanMY TAKE: Here’s why Donald Trump really needs to fully embrace Joe Biden’s cybersecurity EOAs one of his final official acts, President Joe Biden issued a landmark directive , addressing the evolving challenges posed by cyber threats while charting a strategic course toward a more secure digital ecosystem. Related: How Trump views of AI, … (more…) The post MY TAK…LASTWATCHDOG.COM
20 JanMalicious PyPi package steals Discord auth tokens from devssubmitted by IllNess to securitynews 11 points | 0 comments https://www.bleepingcomputer.com/news/security/malicious-pypi-package-steals-discord-auth-tokens-from-devs/ A malicious package named ‘pycord-self’ on the Python package index (PyPI) targets Discord developers to steal a…INFOSEC.PUB
20 JanNew 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypasssubmitted by IllNess to securitynews 11 points | 0 comments https://thehackernews.com/2025/01/new-sneaky-2fa-phishing-kit-targets.htmlINFOSEC.PUB
20 JanMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 11 points | 7 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions?…INFOSEC.PUB
🎙️ PODCASTS 1[−]
20 JanSneaky 2FA Attacks Microsoft 365 Users Breaking Two Factor Authentication (2FA): Cyber Security Today Monday January 20, 2025Cybersecurity Today: Sneaky 2FA Phishing Attack & AI-Powered Scams In this episode of Cybersecurity Today, host Jim Love explores the emergence of Sneaky 2FA, a new phishing-as-a-service attack that compromises two-factor authentication for Microsoft 365 users. The episode also c…CYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 4[−]
20 JanIndustry Moves for the week of January 20, 2025 - SecurityWeekExplore industry moves and significant changes in the industry for the week of January 20, 2025. Stay updated with the latest industry trends and shifts.SECURITYWEEK.COM
20 JanUnsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and RoutersNew research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. "Internet hosts that accept tunneling packets without verifying the sender's identity can be hijacked to perform anonymous attacks an…THEHACKERNEWS.COM
20 JanHackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTPCybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems. The list of identified packages is below - @async-m…THEHACKERNEWS.COM
20 JanPartial ZIP File Downloads, (Mon, Jan 20th)Say you want a file that is inside a huge online ZIP file (several gigabytes large). Downloading the complete ZIP file would take too long. ISC.SANS.EDU