Monthly Archives: December 2024

NCSC advice for Dixons Carphone plc customers
December 16, 2024

Advice for Dixons Carphone customers following its data breach....

‘Krack’ Wi-Fi guidance
December 16, 2024

Guidance for enterprise administrators, small businesses and home users in relation to the recently published...

NCSC advice for Marriott International customers
December 16, 2024

Advice for customers of Marriott International following the reports of a data breach....

How to recover an infected device
December 16, 2024

Advice for those concerned a device has been infected....

Early Years practitioners: using cyber security to protect your settings
December 16, 2024

How to protect sensitive information about your setting and the children in your care from...

DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages

Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that...

16
Dec
NoviSpy Spyware Installed on Journalist’s Phone After Unlocking It With Cellebrite Tool

A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised...

16
Dec
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

This past week has been packed with unsettling developments in the world of cybersecurity. From...

16
Dec
Data Governance in DevOps: Ensuring Compliance in the AI Era

With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical...

16
Dec
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a...

16
Dec
New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to...

16
Dec
Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected...

16
Dec
Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action

Germany’s Federal Office of Information Security (BSI) has announced that it has disrupted a malware...

14
Dec
Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques

Thai government officials have emerged as the target of a new campaign that leverages a...

14
Dec
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online...

13
Dec
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

A security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully...

13
Dec
DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People’s...

13
Dec
Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

Iran-affiliated threat actors have been linked to a new custom malware that’s geared toward IoT...

13
Dec
How to Generate a CrowdStrike RFM Report With AI in Tines

Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains...

13
Dec
New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to...

13
Dec
FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized

The U.S. Department of Justice (DoJ) on Thursday announced the shutdown of an illicit marketplace...

13
Dec
Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit...

12
Dec
Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet States

The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android...

12
Dec
Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

Details have emerged about a now-patched security vulnerability in Apple’s iOS and macOS that, if...

12
Dec
SaaS Budget Planning Guide for IT Professionals

SaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses....

12
Dec
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to...

12
Dec
Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

A global law enforcement operation has failed 27 stresser services that were used to conduct...

12
Dec
Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with...

11
Dec
New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform...

11
Dec
Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

Cybersecurity researchers have flagged a “critical” security vulnerability in Microsoft’s multi-factor authentication (MFA) implementation that...

11
Dec