ποΈ 16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions in order to steal.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
βοΈ Happy 15th Anniversary, KrebsOnSecurity! βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
KrebsOnSecurity.com turns 15 years old today! Maybe it's indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024's most engrossing security stories were about bad things happening to bad guys. It's also an occasion to note that despite my publishing fewer stories than ever this past year, we somehow managed to attract near record levels of readership thank you!.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Happy 15th Anniversary, KrebsOnSecurity!
KrebsOnSecurity.com turns 15 years old today! Maybe it's indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024's most engrossing security stories were about bad things happening to bad guys. It'sβ¦
π¦
A Look at CISA Known Exploited Vulnerabilities in 2024 π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The U.S. Cybersecurity and Infrastructure Security Agency CISA added 185 vulnerabilities to its Known Exploited Vulnerabilities KEV catalog in 2024, as the database grew to 1,238 software and hardware flaws at high risk of cyberattacks. The agency removed at least two vulnerabilities from the catalog in 2024, but the database has generally grown steadily since its launch in November 2021. Well look at some of the trends and vulnerabilities from 2024, along with the vendors and projects that had the most CVEs added to the list this year. CISA Known Exploited Vulnerabilities Growth Stabilizes CISAs KEV catalog has grown at a steady rate in 2023 and 2024, with 187 vulnerabilities added in 2023 and 185 this year. Thats a pretty stable rate after KEVs first year, wh...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CISA Adds 185 Exploited Vulnerabilities To KEV Catalog
CISA added 185 exploited vulnerabilities to its Known Exploited Vulnerabilities catalog in 2024, with Microsoft and Ivanti leading the list.
π Majority of UK SMEs Lack Cybersecurity Policy π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Insurance firm Markel Direct found that 69 of UK SMEs lack a cybersecurity policy, with a significant lack of basic cybersecurity measures in place across these firms.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Majority of UK SMEs Lack Cybersecurity Policy
Insurance firm Markel Direct found that 69% of UK SMEs lack a cybersecurity policy, with a significant lack of basic cybersecurity measures in place across these firms
π¦
Attack Surface Management (ASM) in 2025: Key Trends to Watch π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
The digital world is evolving at lightning speed, and so are the challenges that come with it. For organizations today, their attack surfacethe sum of all potential entry points for a cyberattackis expanding faster than ever before. From misconfigured cloud environments to overlooked IoT devices, vulnerabilities creep around places many dont think to check. In 2025, Attack Surface Management ASM will take center stage as organizations shift from reactive defenses to proactive strategies. ASM is no longer just a buzzword its a necessity in the cybersecurity resource. Its about seeing what attackers see and mitigating threats before they escalate. As organizations struggle with increasing cyber threats, understanding the trends shaping ASM is crucial to staying ahead of adversaries. ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Top Attack Surface Management Trends For 2025
Here are the key Attack Surface Management trends for 2025, including AI-driven solutions, IoT and cloud security.
ποΈ When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure LayerX, one of the companies involved in.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The United States Department of Health and Human Services' HHS Office for Civil Rights OCR has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance Portability and Accountability Act HIPAA of 1996, is part of a broader initiative to bolster the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ β‘ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Every week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. Whether it's a hidden flaw in popular software or a clever new attack method, staying informed is key to protecting yourself and your organization. In this week's update, we'll cover the most important developments in.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ What Security Lessons Did We Learn in 2024? π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Proactive defenses, crosssector collaboration, and resilience are key to combating increasingly sophisticated threats.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
What Security Lessons Did We Learn in 2024?
Proactive defenses, cross-sector collaboration, and resilience are key to combating increasingly sophisticated threats.
π¦Ώ VyprVPN Review: Can It Still Perform This Year and Beyond? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
VyprVPN is an affordable VPN provider, but is it trustworthy enough to keep your data secure? Read our VyprVPN review to find out.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
VyprVPN Review (2025): Can It Still Perform This Year and Beyond?
VyprVPN is known for strong performance with top-notch security and speed. Discover if it remains a reliable choice for privacy and streaming this year and beyond.
π΅οΈββοΈ How to Get the Most Out of Cyber Insurance π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Cyber insurance should augment your cybersecurity strategy not replace it.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
How to Get the Most Out of Cyber Insurance
Cyber insurance should augment your cybersecurity strategy β not replace it.
π§ CISO vs. CEO: Making a case for cybersecurity investments π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Ask CISOs why they think there is a cyber skills shortage in their organization, what keeps them up at night or what the most important issue facing the industry is at some point, even if not the first response, they will bring up budgets. For example, at RSA Conference 2024, a roundtable discussion about The post CISO vs. CEO Making a case for cybersecurity investments appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
CISO vs. CEO: Making a case for cybersecurity investments
Budget concerns are one of the biggest problems facing cybersecurity professionals today. It's time for CISOs to change tactics.
π¦Ώ Windows 11 Media Update Bug Stops Security Updates π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Microsoft advises users not to install recent security updates using physical media. The company is working on a fix.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Windows 11 Media Update Bug Stops Security Updates
Microsoft advises users not to install recent security updates using physical media. The company is working on a fix.
π₯1
π΅οΈββοΈ Chinese State Hackers Breach US Treasury Department π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
In what's being called a 'major cybersecurity incident,' Beijingbacked adversaries broke into cyber vendor BeyondTrust to access US Department of Treasury workstations and steal unclassified data, according to a letter sent to lawmakers.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Chinese State Hackers Breach US Treasury Department
In what's being called a "major cybersecurity incident," Beijing-backed adversaries broke into cyber vendor BeyondTrust to access US Department of Treasury workstations and steal unclassified data, according to a letter sent to lawmakers.
βοΈ U.S. Army Soldier Arrested in AT&T, Verizon Extortions βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Federal authorities have arrested and indicted a 20yearold U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from ATT and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
U.S. Army Soldier Arrested in AT&T, Verizon Extortions
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reportedβ¦
ποΈ Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. "On December 8, 2024, Treasury was notified by a thirdparty software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloudbased.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment. "Exploiting these flaws could allow attackers to gain persistent access as shadow administrators.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π₯1
π¦
Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024 π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Cyber Security Agency of Singapore CSA has alerted users of multiple vulnerabilities in Apache software. According to the alert, three Apache vulnerabilities have been reported, including CVE202443441, CVE202445387, and CVE202452046. In late 2024, the Apache Software Foundation released security updates for several of its widely used products to address critical vulnerabilities. These vulnerabilities, identified as CVE202443441, CVE202445387, and CVE202452046, affect Apache HugeGraph, Apache Traffic Control, and Apache MINA. Exploitation of these vulnerabilities could lead to severe security risks, including remote code execution RCE, authentication bypasses, and SQL injection attacks. Details of the Apache Vulnerabilities Here are the vulnerabilities identif...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CSA Warns Of CVE-2024-43441 And Other Vulnerabilities
The Cyber Security Agency of Singapore (CSA) alerts users about CVE-2024-43441 and other Apache vulnerabilities.
π1
ποΈ New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Department of Justice DoJ has issued a final rule carrying out Executive Order EO 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China including Hong Kong and Macau, Cuba, Iran, North Korea, Russia, and Venezuela. "This final rule is a crucial step forward in addressing the extraordinary national security threat posed of our.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
ποΈ New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Department of Justice DoJ has issued a final rule carrying out Executive Order EO 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China including Hong Kong and Macau, Cuba, Iran, North Korea, Russia, and Venezuela. "This final rule is a crucial step forward in addressing the extraordinary national security threat posed of our.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π¦
VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Cybersecurity and Infrastructure Security Agency CERTIn released an urgent vulnerability note CIVN20240360 concerning several critical VibeBP vulnerabilities . These vulnerabilities in VibeBP pose online risk to website owners using affected versions, and they could lead to severe security breaches, including arbitrary code execution, privilege escalation, and SQL injection attacks. VibeBP is a WordPress plugin developed by VibeThemes that enhances the BuddyPress plugin by adding social networking features to WordPress sites. These features enable users to create profiles, manage activity feeds, send private messages, form groups, and more, transforming an ordinary WordPress website into a dynamic community platform. Details of the VibeBP Vulnerabilities While ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
VibeBP Vulnerabilities: RCE & Privilege Escalation Risks
CERT-In highlights VibeBP vulnerabilities in WordPress, risking RCE, privilege escalation, and SQL injection.