Monthly Archives: December 2024

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could...

20
Dec
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors...

20
Dec
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw...

20
Dec
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint...

19
Dec
Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being...

19
Dec
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager...

19
Dec
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01,...

19
Dec
Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency

The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75...

19
Dec
UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it...

19
Dec
Assured Cyber Incident Response scheme – important updates
December 18, 2024

We’ve updated the CIR ‘Enhanced Level’ scheme standard and will be ready to accept applications...

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft

Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an...

18
Dec
Not Your Old ActiveState: Introducing our End-to-End OS Platform

Having been at ActiveState for nearly eight years, I’ve seen many iterations of our product....

18
Dec
APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP

The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology...

18
Dec
ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders...

18
Dec
BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products

BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and...

18
Dec
INTERPOL Pushes for “Romance Baiting” to Replace “Pig Butchering” in Scam Discourse

INTERPOL is calling for a linguistic shift that aims to put to an end to...

18
Dec
Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251...

18
Dec
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that...

18
Dec
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the...

17
Dec
Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks

A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor...

17
Dec
Even Great Companies Get Breached — Find Out Why and How to Stop It

Even the best companies with the most advanced tools can still get hacked. It’s a...

17
Dec
Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware

A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense...

17
Dec
5 Practical Techniques for Effective Cyber Threat Hunting

Addressing cyber threats before they have a chance to strike or inflict serious damage is...

17
Dec
Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

Bogus software update lures are being used by threat actors to deliver a new stealer...

17
Dec
The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal

A little-known cyber espionage actor known as The Mask has been linked to a new...

17
Dec
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to...

17
Dec
Equities process
December 16, 2024

Publication of the UK’s process for how we handle vulnerabilities....

Three random words or #thinkrandom
December 16, 2024

Ian M discusses what makes a good password...

What does the NCSC think of password managers?
December 16, 2024

Emma W discusses the question everyone keeps asking us....

Ransomware: ‘WannaCry’ guidance for home users and small businesses
December 16, 2024

Guidance for home users or small businesses who want to reduce the likelihood of being...