π¦
Weekly Vulnerability Insights Report: Critical Vulnerabilities Highlighted from December 25-31, 2024 π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview This weeks vulnerability report sheds light on a broad range of critical vulnerabilities identified from December 25 to December 31, 2024. The report emphasizes several highseverity flaws that pose online threats to cybersecurity, including new additions to the CISA's Known Exploited Vulnerability KEV catalog. Among the most pressing vulnerabilities, one concerning Palo Alto Networks PANOS stands out. This vulnerability has been actively exploited by cybercriminals to compromise firewalls, forcing them to reboot and disrupting network security. The Cybersecurity and Infrastructure Security Agency CISA added this vulnerability to their KEV catalog, signifying its exploitation in the wild. Beyond this, CRIL also analyzed multiple highprofile vulnerabilities impacting DL...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
π¦
Weekly Vulnerability Roundup: Highlights from SingCERTβs Security Bulletin π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Singapore Computer Emergency Response Team SingCERT has released its latest Security Bulletin, summarizing vulnerabilities reported in the past week from the National Institute of Standards and Technology NISTs National Vulnerability Database NVD. This bulletin provides essential insights for businesses and security professionals to mitigate risks associated with these vulnerabilities. The vulnerabilities have been categorized based on the Common Vulnerability Scoring System v3 CVSSv3 base scores, which assess their severity levels Critical CVSS score of 9.0 to 10.0 High CVSS score of 7.0 to 8.9 Medium CVSS score of 4.0 to 6.9 Low CVSS score of 0.1 to 3.9 None CVSS score of 0.0 Lets take a closer look at the critical vulnerabilities reported this wee...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
SingCERT Highlights Critical CVEs In Latest Security Bulletin
SingCERTβs latest security bulletin covers key vulnerabilities from the National Vulnerability Database. Protect your systems now.
π΅οΈββοΈ IoT's Regulatory Reckoning Is Overdue π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
New security regulations are more than compliance hurdles they're opportunities to build better products, restore trust, and lead the next chapter of innovation.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
IoT's Regulatory Reckoning Is Overdue
New security regulations are more than compliance hurdles β they're opportunities to build better products, restore trust, and lead the next chapter of innovation.
ποΈ India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Indian government has published a draft version of the Digital Personal Data Protection DPDP Rules for public consultation. "Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau PIB said in a statement released Sunday. "Citizens are empowered with rights to demand data erasure,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Supply Chain Attack Targets Key Ethereum Development Tools π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A new supply chain attack targets Ethereum tools, exploiting npm packages to steal sensitive data.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Supply Chain Attack Targets Key Ethereum Development Tools
A new supply chain attack targets Ethereum tools, exploiting npm packages to steal sensitive data
π΅οΈββοΈ EagerBee Backdoor Takes Flight Against Mideast ISPs, Government Targets π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The malware, operated by Chinabacked cyberattackers, has been significantly fortified with new evasive and postinfection capabilities.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
EagerBee Backdoor Takes Flight Against Mideast Targets
The malware, operated by China-backed cyberattackers, has been significantly fortified with new evasive and post-infection capabilities.
π΅οΈββοΈ In Appreciation: Amit Yoran, Tenable CEO, Passes Away π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Cybersecurity industry visionary and renowned executive Amit Yoran has passed away after an almost oneyear battle with cancer.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
In Appreciation: Amit Yoran, Tenable CEO, Passes Away
Cybersecurity industry visionary and renowned executive Amit Yoran has passed away after an almost one-year battle with cancer.
π΅οΈββοΈ China's Salt Typhoon Adds Charter, Windstream to Telecom Victim List π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
These latest attacks follow a long string of cyberattacks and breaches targeting US and global telecom and ISP companies.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
China's Salt Typhoon Adds to Telecom Cyber Victim List
These latest attacks follow a long string of cyberattacks and breaches targeting US and global telecom and ISP companies.
π΅οΈββοΈ FireScam Android Spyware Campaign Poses 'Significant Threat Worldwide' π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A fake Telegram Premium app delivers informationstealing malware, in a prime example of the rising threat of adversaries leveraging everyday applications, researchers say.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Android Spyware Campaign Poses 'Significant Threat'
A fake Telegram Premium app delivers information-stealing malware, in a prime example of the rising threat of adversaries leveraging everyday applications, researchers say.
ποΈ Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Taiwanbased Moxa has warned of two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances that could allow privilege escalation and command execution. The list of vulnerabilities is as follows CVE20249138 CVSS 4.0 score 8.6 A hardcoded credentials vulnerability that could allow an authenticated user to escalate privileges and gain.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π CISA Claims Treasury Breach Did Not Impact Other Agencies π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The US Cybersecurity and Infrastructure Security Agency claims a recent Chinalinked breach was confined to the Treasury.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
CISA Claims Treasury Breach Did Not Impact Other Agencies
The US Cybersecurity and Infrastructure Security Agency claims a recent China-linked breach was confined to the Treasury
ποΈ New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Internet service providers ISPs and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework. The new variant of EAGERBEE aka Thumtais comes fitted with various components that allow the backdoor to deploy additional payloads, enumerate file systems, and execute commands shells, demonstrating a significant evolution. "The key.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday said there are no indications that the cyber attack targeting the Treasury Department impacted other federal agencies. The agency said it's working closely with the Treasury Department and BeyondTrust to get a better understanding of the breach and mitigate its impacts. "The security of federal systems and the data they.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ UN aviation body investigates potential data breach π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The agency is acting on a hacker forum post which claimed 42,000 records had been stolen in a recent incident.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
UN aviation body investigates potential data breach
The agency is acting on a hacker forum post which claimed 42,000 records had been stolen in a recent incident
ποΈ Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
It's time once again to pay our respects to the oncefamous cybersecurity solutions whose usefulness died in the past year. The cybercriminal world collectively mourns the loss of these solutions and the easy access they provide to victim organizations. These solutions, though celebrated in their prime, succumbed to the twin forces of time and advancing threats. Much like a tribute to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Phishing Click Rates Triple in 2024 π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Netskope observed a 190 growth in enterprise users clicking phishing links as attackers become more creative in delivering effective lures.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Phishing Click Rates Triple in 2024
Netskope observed a 190% growth in enterprise users clicking phishing links as attackers become more creative in delivering effective lures
π UK Government to Ban Creation of Explicit Deepfakes π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The UK government is cracking down on the generation of sexually explicit deepfakes in a bid to protect women and girls.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Government to Ban Creation of Explicit Deepfakes
The UK government is cracking down on the generation of sexually explicit deepfakes in a bid to protect women and girls
π¦
MyCERT Advisory Recommends Cybersecurity Practices for Water Systems π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The water sector is experiencing a rise in cyber threats, with critical infrastructure, including both IT and operational technology OT systems, becoming primary targets for malicious actors. These attacks, which exploit vulnerabilities in internetfacing OT systems and industrial control systems ICS, pose cybersecurity risks to public health, business continuity, and national security. MyCERT, the Malaysian Computer Emergency Response Team, has issued MA1228.012025, an advisory aimed at raising awareness of cybersecurity risks in the water sector and providing recommendations to mitigation stratergies. While there have been no cyber incidents reported in Malaysia's water systems, the MyCERT advisory stresses the importance of vigilance and proactive defense strategies....π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
MyCERT Advisory Shares Cybersecurity Facts For Water Systems
The MyCERT Advisory warns of growing cyber threats to water systems and provides essential recommendations to protect public health and security.
π¦
Tenable Nessus Bug and LDAP RCE: What You Need to Know π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview JoCERT has alerted the global cybersecurity community about two critical issues requiring urgent attention from IT professionals and system administrators. The first involves Tenable Nessus Agents, a widelyused vulnerability scanning tool, while the second concerns a critical vulnerability in Windows Lightweight Directory Access Protocol LDAP, potentially leading to remote code execution RCE. Both incidents emphasize the need for prompt action and a proactive approach to cybersecurity. This blog will provide a detailed overview of the incidents, their impacts, and recommended resolution steps to help organizations mitigate potential risks. Incident 1 Tenable Nessus Agent Outage Incident Overview On December 31, 2024, Tenable Nessus Agent versions 10.8.0 and 10....π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Veracode Buys Package Analysis Technology From Phylum π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The deal adds Phylum's technology for malicious package analysis, detection, and mitigation to Veracode's software composition analysis portfolio.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Veracode Buys Package Analysis Technology From Phylum
The deal adds Phylum's technology for malicious package analysis, detection, and mitigation to Veracode's software composition analysis portfolio.
π¦Ώ IVPN Review: Pricing, Features, Pros, and Cons π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Read our IVPN review to uncover its strong security features and privacyfirst approach. Discover what sets it apart but are there hidden drawbacks?.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
IVPN Review: Pricing, Features, Pros, and Cons
Read our IVPN review to uncover its strong security features and privacy-first approach. Discover what sets it apart β but are there hidden drawbacks?