December, 2024
December 31, 2024 – Vulnerabilities
TrueNAS CORE Vulnerability Let Attackers Execute Remote Code Full Text
Abstract
Security researchers Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7 disclosed a critical vulnerability in TrueNAS CORE, a widely-used open-source storage operating system developed by iXsystems.GBHackers
December 30, 2024 – Breach
16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft Full Text
Abstract
A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft.The Hacker News
December 30, 2024 – Vulnerabilities
15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials Full Text
Abstract
A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-12856, has been described as an OS command injection bug affecting router models F3x24 and F3x36.The Hacker News
December 30, 2024 – Attack
North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign Full Text
Abstract
North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. The development is a sign that the threat actors are actively updating their tools.The Hacker News
December 28, 2024 – Hacker
Cyber Espionage Cluster Paper Werewolf Engages in Destructive Behavior Full Text
Abstract
The BI.ZONE Threat Intelligence team has recorded a surge in the activity of the Paper Werewolf cluster (aka GOFFEE), which has conducted at least seven campaigns since 2022. Victims include government, energy, financial, media, and other sectors.Bi.Zone
December 28, 2024 – Vulnerabilities
Critical SSRF Vulnerability (CVE-2024-53353) Found in Invoice Ninja Full Text
Abstract
The flaw allows both local and remote users with permissions to create or edit invoices and low-privileged client portal users to inject malicious payloads during PDF generation in Invoice Ninja.Security Online
December 28, 2024 – Cryptocurrency
Fake Zoom Meeting Links Lead to Million-Dollar Cryptocurrency Heist Full Text
Abstract
The phishing links, designed to mimic legitimate Zoom meeting invitations, directed users to a fraudulent domain, “app[.]us4zoom[.]us”, which closely resembled the genuine Zoom interface.Security Online
December 28, 2024 – Botnet
FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks Full Text
Abstract
Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN.The Hacker News
December 28, 2024 – Phishing
Cybersecurity Expert Reveals Alarming Tactics Used in Google Impersonation Scams Full Text
Abstract
Cybersecurity expert Brian Krebs uncovered alarming new stories of two victims, Adam Griffin and Tony, who together lost millions of dollars in cryptocurrency to social engineering attacks that combined technical precision and emotional manipulation.Security Online
December 28, 2024 – Vulnerabilities
Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately Full Text
Abstract
The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, and Prisma Access running PAN-OS versions. It has been addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and later versions.The Hacker News
December 27, 2024 – Malware
New ‘OtterCookie’ Malware Used to Backdoor Developers in Fake Job Offers Full Text
Abstract
A report from NTT Security Japan found that the Contagious Interview operation is now using a new piece of malware called OtterCookie, which was likely introduced in September and with a new variant appearing in the wild in November.Bleeping Computer
December 27, 2024 – Vulnerabilities
Critical XXE Vulnerability Discovered in libxml2 Full Text
Abstract
The vulnerability, tracked as CVE-2024-40896 (CVSS 9.1) and assigned a critical severity score of 9.1, affects libxml2 versions 2.11 prior to 2.11.9, 2.12 prior to 2.12.9, and 2.13 prior to 2.13.3.Security Online
December 27, 2024 – Malware
AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case Full Text
Abstract
Unit 42 used LLMs to rewrite malware samples, bypassing detection by ML models like Innocent Until Proven Guilty (IUPG) and PhishingJS, creating 10,000 functional JavaScript variants without altering the functionality.The Hacker News
December 26, 2024 – Ransomware
Clop Ransomware is Now Extorting 66 Cleo Data-Theft Victims Full Text
Abstract
The Cleo data theft attack represents another major success for Clop, who leveraged leveraging a zero-day vulnerability in Cleo LexiCom, VLTransfer, and Harmony products to steal data from the networks of breached companies.Bleeping Computer
December 24, 2024 – Criminals
Major Biometric Data Farming Operation Uncovered Full Text
Abstract
Security researchers have urged customer-facing businesses to improve their verification checks after discovering a large-scale identity farming operation on the dark web.Infosecurity Magazine
December 24, 2024 – Cryptocurrency
North Korean Hackers Pulled Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin Full Text
Abstract
Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors.The Hacker News
December 24, 2024 – Malware
Malicious Intent Discovered in Two PyPI Packages Full Text
Abstract
Fortinet flagged two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, exhibiting behaviors like keylogging, data exfiltration, webhook injection, and anti-VM checks while employing obfuscation to evade detection.Fortinet
December 24, 2024 – Vulnerabilities
PoC Exploit Released for Windows Elevation of Privilege Vulnerability Full Text
Abstract
Security researcher Alex Birnberg with SSD Secure Disclosure published the technical details and a proof-of-concept (PoC) exploit code for CVE-2024-30085, a Windows Cloud Files Mini Filter Driver Elevation of Privilege vulnerability.Security Online
December 24, 2024 – Government
CISA Adds Acclaim Systems USAHERDS Flaw to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
The vulnerability, tracked as CVE-2021-44207, was exploited by the Chinese cyber-espionage group APT41 to breach multiple U.S. state government networks. The flaw stems from the use of hard-coded credentials.Security Affairs
December 24, 2024 – Vulnerabilities
Critical Webmin Vulnerability Leaves a Million Servers Exposed to RCE Full Text
Abstract
The vulnerability was discovered by Trend Micro’s Zero Day Initiative and has been addressed in Webmin version 2.111. All Webmin and Virtualmin administrators are strongly urged to update their installations immediately.Security Online
December 24, 2024 – Phishing
WikiKit AiTM Phishing Kit: Where Links Tell Lies Full Text
Abstract
The WikiKit-powered phishing campaign began in early October 2024, targeting the automotive, manufacturing, medical, construction, consulting, and entertainment industries.TRAC Labs
December 24, 2024 – Vulnerabilities
Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP Full Text
Abstract
Among the most severe flaws discovered by PatchStack were arbitrary file uploads, including CVE-2024-56046, allowing attackers to upload malicious files, potentially leading to remote code execution (RCE).Infosecurity Magazine
December 24, 2024 – Hacker
“Holy League” Hacktivist Group Emerges, Targets West Full Text
Abstract
Holy League employs a blend of DDoS attacks, website defacements, and data breaches to incite fear and attract attention. Their propaganda combines dystopian visuals and religious themes.Security Online
December 24, 2024 – Vulnerabilities
Critical CrushFTP Flaw Exposes Users to Account Takeover Full Text
Abstract
CrushFTP urges all users to update their servers to the latest versions (10.8.3 or 11.2.3) as soon as possible. In addition to patching, administrators must configure allowed email reset URL domains to further enhance security.Security Online
December 21, 2024 – Breach
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware Full Text
Abstract
Rspack, a popular high performance JavaScript bundler written in Rust, has been hit with a supply chain attack, affecting two of its npm packages, including @rspack/core and @rspack/cli. Versions 1.1.7 of both packages are affected.Socket
December 21, 2024 – Hacker
Unpacking the Diicot Malware Targeting Linux Environments Full Text
Abstract
The Diicot threat group (also known as Mexals) is known for targeting Linux systems using techniques like self-propagating tools, custom UPX packers, Internet scanning, and cryptomining malware like XMRig.Wiz
December 21, 2024 – Malware
Malicious Microsoft VSCode Extensions Target Developers, Crypto Community Full Text
Abstract
Malicious Visual Studio Code extensions were discovered on the VSCode marketplace that download heavily obfuscated PowerShell payloads to target developers and cryptocurrency projects in supply chain attacks.Bleeping Computer
December 21, 2024 – Business
SailPoint Acquires Imprivata’s IGA Business - Expands Portfolio Full Text
Abstract
Identity security provider SailPoint acquired Imprivata’s Identity Governance and Administration (IGA) business, expanding its portfolio of healthcare security solutions. The two firms will collaborate as strategic partners in the healthcare market.Hit Consultant
December 21, 2024 – Hacker
UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App Full Text
Abstract
As part of the operation, the hackers create fraudulent websites that mimic the official page of a Ukrainian military app, Army+, tricking users into downloading an executable file disguised as an app installation package.The Hacker News
December 21, 2024 – Vulnerabilities
Critical Flaws in Rockwell Automation PowerMonitor 1000 Devices Full Text
Abstract
The vulnerabilities, tracked as CVE-2024-12371, CVE-2024-12372, and CVE-2024-12373, have each been assigned a CVSS v3.1 Base Score of 9.8/10, underscoring their critical nature.Security Online
December 21, 2024 – Business
Bureau Raises $30M in Series B Funding Full Text
Abstract
The round was led by Sorenson Capital, with participation from PayPal Ventures and previous investors Commerce Ventures, GMO Venture Partners, and Village Global. It intends to use the funds to expand operations and its development efforts.Finsmes
December 21, 2024 – Vulnerabilities
Routers With Default Passwords are Attracting Mirai Infections, Juniper Says Full Text
Abstract
A specific line of Juniper Networks devices can easily become infected with Mirai malware if users don’t scrap their default passwords, the networking equipment company said in an advisory.The Record
December 21, 2024 – Attack
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware Full Text
Abstract
The Lazarus Group, an infamous North Korea threat actor, has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024.The Hackers
December 21, 2024 – Business
OPSWAT Acquires Fend for OT Security Full Text
Abstract
Critical infrastructure security firm OPSWAT, has acquired Fend Incorporated. Fend is a data pipeline and cybersecurity company dedicated to securing operational technology (OT) against cyber threats, ransomware, and other evolving risks.MSSP Alert
December 18, 2024 – Vulnerabilities
Multiple Vulnerabilities in SHARP Routers Demand Urgent Firmware Updates Full Text
Abstract
The vulnerabilities impact various SHARP router models, including those provided by NTT DOCOMO, INC., SoftBank Corp., and KDDI CORPORATION. The flaws can lead to OS command injection, denial-of-service, and unauthorized file access.Security Online
December 18, 2024 – Malware
CoinLurker Stealer Infects Users Through Fake Software Update Prompts Full Text
Abstract
"Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday.Morphisec
December 18, 2024 – Malware
Technical Analysis of RiseLoader Reveals Similarities with RisePro’s Communication Protocol Full Text
Abstract
RiseLoader is a new malware loader family that was first observed in October 2024. The malware implements a custom TCP-based binary network protocol that is similar to RisePro.ZScalar
December 18, 2024 – Vulnerabilities
New Dirty DAG Vulnerabilities in Azure Data Factory’s Apache Airflow Integration Full Text
Abstract
The vulnerabilities can provide attackers with shadow admin control over Azure infrastructure, which could lead to data exfiltration, malware deployment and unauthorized data access.Palo Alto Networks
December 18, 2024 – General
New FTC Data Show Skyrocketing Consumer Reports About Game-Like Online Job Scams Full Text
Abstract
According to the FTC’s latest data spotlight, task scam reports skyrocketed from virtually none in 2020 to 5,000 in 2023, then quadrupled to an alarming 20,000 in just the first half of 2024.FTC
December 18, 2024 – Vulnerabilities
Hackers Exploit Critical Apache Struts RCE Flaw After PoC Exploit Release Full Text
Abstract
Rated 9.5 on the CVSSv4 scale, CVE-2024-53677 allows remote attackers to execute arbitrary code by abusing flaws in the file upload logic. It affects a broad range of Apache Struts versions, including 2.0.0 to 2.5.33 and 6.0.0 to 6.3.0.2.Security Online
December 18, 2024 – Government
FBI Spots HiatusRAT Malware Attacks Targeting Web Cameras, DVRs Full Text
Abstract
As a private industry notification (PIN) published on Monday explains, the attackers focus their attacks on Chinese-branded devices that are still waiting for security patches or have already reached the end of life.Bleeping Computer
December 18, 2024 – Malware
Threat Actors Exploit Brand Collaborations to Target Popular YouTube Channels Full Text
Abstract
The malware, disguised as legitimate documents like contracts or promotional materials, is often delivered through password-protected files hosted on platforms such as OneDrive to evade detection.CloudDesk
December 18, 2024 – Vulnerabilities
Critical XXE Vulnerability Found in http4k Toolkit Full Text
Abstract
With a CVSS score of 9.8, this vulnerability poses significant risks, including sensitive data exposure, Server-Side Request Forgery (SSRF), and, under certain circumstances, remote code execution.Security Online
December 18, 2024 – Malware
New Android NoviSpy Spyware Linked to Qualcomm Zero-Day Bugs Full Text
Abstract
One of the Qualcomm flaws linked to the attacks is CVE-2024-43047, which was marked as an actively exploited zero-day vulnerability by Google Project Zero in October 2024 and received a fix on Android in November.Bleeping Computer
December 17, 2024 – Vulnerabilities
Multiple Flaws in Volkswagen Group’s Infotainment Units Allow for Vehicle Compromise Full Text
Abstract
Researchers from PCAutomotive discovered multiple vulnerabilities in the infotainment units used in some Volkswagen. Remote attackers can exploit the flaws to achieve certain controls and track the location of cars in real time.Security Affairs
December 17, 2024 – Business
Arctic Wolf Acquires BlackBerry’s Cylance Endpoint Security Unit for $160 Million Full Text
Abstract
Cylance became part of the company’s cybersecurity portfolio through a 2018 acquisition. The BlackBerry unit sells a software platform for protecting endpoints such as employee workstations.Silicon Angle
December 17, 2024 – Ransomware
Update: Clop Ransomware Claims Responsibility for Cleo Data Theft Attacks Full Text
Abstract
The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits tracked as CVE-2024-50623 and CVE-2024-55956 to breach corporate networks and steal data.Bleeping Computer
December 17, 2024 – Attack
Novel ‘TPUXtract’ Attack can Infer the Internal Structure of AI Models Full Text
Abstract
Researchers at North Carolina State University demonstrated how to recreate a neural network using the electromagnetic (EM) signals emanating from the chip it runs on using a new method called "TPUXtract."Dark Reading
December 17, 2024 – Government
CISA Says Windows Kernel Flaw Exploited in Attacks to Gain SYSTEM Privileges Full Text
Abstract
Tracked as CVE-2024-35250, this security flaw is due to an untrusted pointer dereference weakness that allows local attackers to gain SYSTEM privileges in low-complexity attacks that don't require user interaction.Bleeping Computer
December 17, 2024 – Phishing
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide Full Text
Abstract
"The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest their personal information," ESET noted in its H2 2024 Threat Report shared with The Hacker News.The Hacker News
December 17, 2024 – Criminals
Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation Full Text
Abstract
The majority of HeartCrypt customers are malware operators using families such as LummaStealer, Remcos, and Rhadamanthys. However, researchers also observed payloads from a wide variety of other crimeware families.Palo Alto Networks
December 17, 2024 – Vulnerabilities
RCE Vulnerability Discovered in Laravel Pulse Monitoring Tool Full Text
Abstract
Tracked as CVE-2024-55661, this vulnerability could allow authenticated users with access to the Pulse dashboard to execute arbitrary code on the server, potentially leading to full system compromise.Security Online
December 17, 2024 – Vulnerabilities
Open Sesame Attack: Ruijie Networks Devices Vulnerable to Remote Takeover Full Text
Abstract
Internet of Things (IoT) vendor Ruijie Networks has shored up its Reyee cloud management platform against 10 newly discovered vulnerabilities that could have given adversaries control of thousands of connected devices in a single cyberattack.Dark Reading
December 17, 2024 – Phishing
Malicious Ads Distribute SocGholish Malware to Kaiser Permanente Employees Full Text
Abstract
The ads pretended to be the company's HR portal for benefits and paystub access. The threat was aimed at stealing employee login details, but instead of phishing, it led victims to a compromised website that asked them to update their browser.MalwareBytes
December 14, 2024 – Business
Fortinet Acquires Perception Point, Boosting AI Security for Email and SaaS Apps Full Text
Abstract
The acquisition highlights Fortinet’s strategy to extend its cybersecurity solutions beyond email, aiming to secure the broader digital workspace as businesses increasingly adopt cloud-first and hybrid environments.Cacalis Tech
December 14, 2024 – Business
Sublime Security Raises $60M in Series B Funding Full Text
Abstract
The round was led by IVP, with participation from new investor Citi Ventures, as well as existing investors Index Ventures, Decibel Partners, and Slow Ventures. The company intends to use the funds to expand operations and its development efforts.Finsmes
December 14, 2024 – Vulnerabilities
Dell Warns of Critical Flaws in Enterprise Products, Including CVE-2024-37143 (CVSS 10) Full Text
Abstract
These vulnerabilities, identified as CVE-2024-37143 and CVE-2024-37144, pose significant risks, ranging from remote code execution to information disclosure, with CVSS scores of 10.0 and 8.2, respectively.Security Online
December 14, 2024 – Vulnerabilities
Secure Email Gateways Fail to Stop Advanced Phishing Campaign Targeting Multiple Industries Full Text
Abstract
To conceal their malicious intent, the attackers employed URL redirections via Google AMP and encoded parameters to create a complex trail. This multi-layered strategy not only bypassed SEGs but also complicated manual detection efforts.Security Online
December 14, 2024 – Business
Silent Push Raises $10M in Series A Funding Full Text
Abstract
The round was led by Ten Eleven Ventures and Stepstone Group. The company intends to use the funds to accelerate its global expansion in EMEA and APJ regions and strengthen its GTM efforts.Finsmes
December 14, 2024 – Vulnerabilities
Woffice WordPress Theme Vulnerabilities Could Lead to Full Site Takeovers Full Text
Abstract
Patchstack identified two critical flaws in the Woffice Core plugin, which is required for the theme’s functionality. This includes a privilege escalation vulnerability (CVE-2024-43153) and an unauthenticated account takeover (CVE-2024-43234).Security Online
December 14, 2024 – Business
Citrix Strengthens Zero-Trust Security with Acquisitions of deviceTRUST and strong.network Full Text
Abstract
The company acquired deviceTRUST GmbH and strong.network SA, both companies that specialize in security technology designed to provide zero-trust security for hybrid environments.Silicon Angle
December 14, 2024 – Criminals
Cybercriminal Marketplace Rydox Seized in International Law Enforcement Operation Full Text
Abstract
The operation was carried out by the FBI’s Pittsburgh Office, Albania’s Special Anti-Corruption Body (SPAK) and its National Bureau of Investigation (BKH), the Kosovo Special Prosecution Office, the Kosovo Police, and the Royal Malaysian Police.Cyber Scoop
December 14, 2024 – Malware
New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection Full Text
Abstract
Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection.The Hacker News
December 14, 2024 – Malware
New IOCONTROL malware used in critical infrastructure attacks Full Text
Abstract
The malware's modular nature makes it capable of compromising a broad spectrum of devices from various manufacturers, including D-Link, Hikvision, Baicells, Red Lion, Orpak, Phoenix Contact, Teltonika, and Unitronics.Bleeping Computer
December 12, 2024 – Vulnerabilities
Exploiting CDN Integrations: A WAF Bypass Threatening Global Web Applications Full Text
Abstract
By exploiting this flaw, threat actors can bypass WAF protections, directly targeting backend servers and exposing them to distributed denial-of-service (DDoS) attacks or vulnerabilities within the web applications themselves.Security Online
December 12, 2024 – Vulnerabilities
Hunk Companion WordPress Plugin Exploited to Install Vulnerable Plugins Full Text
Abstract
Hackers are exploiting a critical vulnerability in the "Hunk Companion" plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository.Bleeping Computer
December 12, 2024 – Vulnerabilities
Splunk Secure Gateway App Vulnerability Allows Remote Code Execution Full Text
Abstract
The vulnerability, identified as CVE-2024-53247 and with a CVSS score of 8.8, affects Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.2.461 and 3.7.13 of the Splunk Secure Gateway app on the Splunk Cloud Platform.Security Online
December 12, 2024 – Vulnerabilities
Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts Full Text
Abstract
Oasis identified a vulnerability involving a lack of rate limits and extended validation time for Time-based One-Time Passwords (TOTPs), enabling attackers to rapidly guess all code permutations without alerting victims to failed login attempts.The Hacker News
December 12, 2024 – Policy and Law
US Sanctions Chinese Cyber Firm for Compromising ‘Thousands’ of Firewalls in 2020 Full Text
Abstract
Sichuan Silence Information Technology Company and one of its employees, Guan Tianfeng, were the targets of the sanctions, and the Justice Department indicted Guan for his role in the attacks.The Record
December 12, 2024 – Vulnerabilities
Critical Vulnerability in Apache Struts Allows Remote Code Execution Full Text
Abstract
Developers using the popular Apache Struts framework are urged to update their systems immediately following the discovery of a critical security flaw (CVE-2024-53677, CVSS 9.5) that could allow attackers to execute malicious code remotely.Security Online
December 12, 2024 – Education
Preventing Data Leakage in Low-Node/No-Code Environments Full Text
Abstract
Low-code/no-code (LCNC) platforms enable application development by citizen developers, often generating “shadow engineering” projects that evade security oversight. While they foster agility and innovation, they also bring risks like data leakage.Help Net Security
December 12, 2024 – Denial Of Service
Operation PowerOFF Shuts Down 27 DDoS-for-Hire Platforms Full Text
Abstract
Law enforcement agencies from 15 countries have taken 27 DDoS-for-hire services offline, also known as "booters" or "stressers," arrested three administrators, and identified 300 customers of the platforms.Bleeping Computer
December 12, 2024 – Business
Astrix Security Secures $45M to Strengthen Nonhuman Identity Protection in Enterprise Full Text
Abstract
Menlo Ventures led the Series B round, with Workday Ventures and existing investors Bessemer Venture Partners Management, Charles River Ventures, and F2 Venture Capital also participating.Siicon Angel
December 12, 2024 – Vulnerabilities
GitLab Vulnerability Exposes User Accounts Full Text
Abstract
GitLab issued an update, which includes versions 17.6.2, 17.5.4, and 17.4.6 for GitLab Community Edition (CE) and Enterprise Edition (EE), to tackle flaws that could lead to account takeovers, denial of service attacks, and information disclosure.Security Online
December 11, 2024 – Vulnerabilities
Apache Superset Patches Multiple Security Flaws in Latest Release Full Text
Abstract
These vulnerabilities, identified as CVE-2024-53947, CVE-2024-53948, and CVE-2024-53949, range in severity and could potentially allow attackers to bypass security controls, access sensitive data, and gain unauthorized privileges.Security Online
December 11, 2024 – Vulnerabilities
Critical Vulnerability in Cleo Software Actively Exploited in the Wild Full Text
Abstract
The exploitation chain leverages an arbitrary file-write vulnerability. The attackers plant malicious files in Cleo’s autorun directory, which the software automatically processes and deletes post-execution.Security Online
December 11, 2024 – Malware
MoqHao Leverages iCloud and VK in Campaign Targeting Apple IDs and Android Device Full Text
Abstract
MoqHao, also known as Wroba and XLoader, is a mobile malware family linked to Roaming Mantis, a cybercrime group believed to be operating out of China. Malicious payloads are usually delivered through SMS phishing attacks targeting mobile devices.Hunt
December 11, 2024 – Vulnerabilities
Researcher Details a Critical TCC Bypass Flaw in macOS and iOS Full Text
Abstract
Designated as CVE-2024-44131, this flaw enables malicious applications to bypass user consent mechanisms and access sensitive data without the user’s knowledge. The vulnerability has since been patched in macOS 15 and iOS 18.Security Online
December 11, 2024 – Vulnerabilities
Microsoft December 2024 Patch Tuesday Fixes One Exploited Zero-Day, 71 Flaws Full Text
Abstract
Microsoft's December 2024 Patch Tuesday offered security updates for 71 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday fixed sixteen critical vulnerabilities, all of which are remote code execution flaws.Bleeping Computer
December 11, 2024 – Vulnerabilities
Siemens Healthineers Addresses Critical Flaw in Medical Imaging Software Full Text
Abstract
To address this vulnerability, Siemens Healthineers has released a new hotfix (HF05) for syngo.plaza VB30E. The company strongly advises all users to update their systems to the latest version as soon as possible.Security Online
December 11, 2024 – Breach
Operation Digital Eye: Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels Full Text
Abstract
The threat actors used a lateral movement capability indicative of the presence of a shared vendor or digital quartermaster maintaining and provisioning tooling within the Chinese APT ecosystem.Sentinel One
December 11, 2024 – Vulnerabilities
Schneider Electric Warns of Critical Flaw in Modicon Controllers Full Text
Abstract
The vulnerability, tracked as CVE-2024-11737 and assigned a CVSS score of 9.8, could allow an attacker to cause a denial of service and compromise the integrity of an affected controller.Security Online
December 11, 2024 – Vulnerabilities
Google Chrome Gets Patches for Two High-Severity Vulnerabilities Full Text
Abstract
The update, rolling out progressively to Windows, Mac, and Linux users over the coming days/weeks, brings Chrome to version 131.0.6778.139/.140 for Windows and Mac, and 131.0.6778.139 for Linux.Security Online
December 10, 2024 – Vulnerabilities
SAP Issues Critical Patch for NetWeaver AS for JAVA Full Text
Abstract
One of the most urgent issues, CVE-2024-47578, affects SAP NetWeaver AS for JAVA (Adobe Document Services). This vulnerability, combined with two related CVEs—CVE-2024-47579 and CVE-2024-47580—allows for severe exploitation risks.Security Online
December 10, 2024 – Vulnerabilities
Vulnerability in WPForms Plugins Affects 6 Million WordPress Sites, Enables Payment Refund and Subscription Cancellation Full Text
Abstract
The vulnerability, assigned a CVSS v3.1 base score of 8.5, allowed authenticated attackers with subscriber-level privileges or higher to execute unauthorized refunds of Stripe payments and cancellations of Stripe subscriptions.WordFence
December 10, 2024 – Criminals
Cybercrime gang arrested after turning Airbnbs into fraud centers Full Text
Abstract
According to the Dutch police, the fraudsters rent Airbnb properties and luxury apartments to use as temporary call centers from where they launched phishing campaigns. They contacted victims across Europe using email, SMS, or WhatsApp messages.Bleeping Computer
December 10, 2024 – Business
System Two Security Raises $7M in Funding Full Text
Abstract
The round was led by Costanoa Ventures, with participation from Runtime Ventures, as well as The Hive and Webb Investment Network. The round was also joined by individual investors including Scott McNealy, Frederic Kerrest, Ash Devata, and others.Finsmes
December 10, 2024 – Cryptocurrency
Radiant Links $50 Million Crypto Heist to North Korean Hackers Full Text
Abstract
The attribution comes after investigating the incident, assisted by cybersecurity experts at Mandiant, who say the attack was conducted by North Korean state-affiliated hackers known as Citrine Sleet, aka "UNC4736 and "AppleJeus."Bleeping Computer
December 10, 2024 – Business
CyberProof acquires Interpres Security to enhance cybersecurity services Full Text
Abstract
The acquisition will enable CyberProof to provide clients with a comprehensive view of their cybersecurity posture, focusing on high-risk threats specific to industries, technologies, and locations.TechCircle
December 10, 2024 – Vulnerabilities
OpenWrt Sysupgrade Flaw Let Hackers Push Malicious Firmware Images Full Text
Abstract
The critical (CVSS v4 score: 9.3) flaw, tracked as CVE-2024-54143, was fixed within hours of being disclosed to OpenWrt's developers. However, users are urged to perform checks to ensure the safety of their installed firmware.Bleeping Computer
December 10, 2024 – Business
Integrity360 expands European presence with Adsigo acquisition Full Text
Abstract
The deal marks the next stage of Integrity360’s pan-European expansion plan and will expand the company’s presence in continental Europe, as well as bolster its PCI and cybersecurity compliance teams with additional skilled resources.ItPro
December 10, 2024 – Botnet
Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices Full Text
Abstract
The primary objective of the malware is to turn compromised systems into proxy exit nodes, which are then advertised for other actors, typically cybercriminals who are looking to obscure the source of their attacks.The Hacker News
December 10, 2024 – Vulnerabilities
Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI Full Text
Abstract
Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack.The Hacker News
December 7, 2024 – Attack
Romania’s Election Systems Targeted in Over 85,000 Cyberattacks Full Text
Abstract
Threat actors obtained access credentials for election-related websites and leaked them on a Russian hacker forum less than a week before the first presidential election round.Bleeping Computer
December 7, 2024 – Vulnerabilities
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks Full Text
Abstract
Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution.The Hacker News
December 7, 2024 – Attack
Threat Actor Targets Manufacturing Industry With Lumma Stealer and Amadey Bot Full Text
Abstract
This campaign leverages multiple Living-off-the-Land Binaries (LOLBins), such as ssh.exe, powershell.exe, and mshta.exe, to bypass traditional security mechanisms and remotely execute the next-stage payload.Cyble
December 7, 2024 – Malware
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks Full Text
Abstract
Earth Minotaur uses the MOONSHINE exploit kit to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a cross-platform threat.Trend Micro
December 7, 2024 – Ransomware
Black Basta Ransomware Campaign Drops Zbot, DarkGate, & Custom Malware Full Text
Abstract
According to a detailed analysis by Rapid7, the threat actors have refined their techniques, introducing novel methods for gaining access and delivering malware, including Zbot, DarkGate, and custom-developed tools.Rapid 7
December 7, 2024 – Malware
Crypto-Stealing Malware Posing as a Meeting App Targets Web3 Professionals Full Text
Abstract
Cybercriminals are targeting people working in Web3 with fake business meetings using a fraudulent video conferencing platform that infects Windows and Macs with crypto-stealing malware.Bleeping Computer
December 6, 2024 – Vulnerabilities
Mitel MiCollab Zero-Day Flaw Gets Proof-of-Concept Exploit Full Text
Abstract
Researchers released a PoC exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances.Bleeping Computer
December 6, 2024 – Vulnerabilities
Browser Isolation Bypassed: QR Codes Used in Novel C2 Attacks Full Text
Abstract
A recent report from Thibault Van Geluwe de Berlaere at Mandiant unveils an innovative method for attackers to bypass browser isolation and execute command-and-control (C2) operations using QR codes.Security Online
December 6, 2024 – General
Report: 65% of Office Workers Bypass Cybersecurity to Boost Productivity Full Text
Abstract
High-risk access exists throughout the workplace, in almost every job role, proving that the time has come for organizations to re-think the way they protect their workforce, according to CyberArk.Help Net Security
December 6, 2024 – Criminals
Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers Full Text
Abstract
Manson Market ("manson-market[.]pw") is believed to have launched in 2022 as a way to peddle sensitive information that was illegally obtained from victims as part of phishing and vishing (voice phishing) schemes.The Hacker News
December 5, 2024 – Malware
Beware of Celestial Stealer: New MaaS Targets Browsers and Crypto Wallets Full Text
Abstract
Celestial Stealer operates as a MaaS offering marketed on Telegram, with subscription plans available on a weekly, monthly, or lifetime basis. It is primarily designed for Windows 10 and 11.Security Online
December 5, 2024 – Malware
New Andromeda/Gamarue Command-and-Control Cluster Targets APAC Industries Full Text
Abstract
In a recent report, the Cybereason Security Services Team unveiled the discovery of a new cluster of Command-and-Control (C2) servers linked to the infamous Andromeda (aka Gamarue) malware family.Security Online
December 5, 2024 – Government
EU’s First Ever Report on the State of Cybersecurity in the Union Full Text
Abstract
In its first-ever Report on the State of Cybersecurity in the Union, published on December 3, ENISA said the cyber threat level to the EU between July 2023 and June 2024 was substantial.ENISA
December 5, 2024 – Criminals
Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud Full Text
Abstract
Attackers use AI-generated text to appear believable to a reader to push social engineering, spear phishing, and financial fraud schemes such as romance, investment, and other confidence schemes or to hide common indicators of fraud schemes.IC3
December 5, 2024 – Government
Critical CyberPanel Flaw Under Active Attack, CISA Warns Full Text
Abstract
The flaw in CyberPanel, tracked as CVE-2024-51378, is being actively exploited by attackers to deploy ransomware, including strains like PSAUX, C3RB3R, and a variant of Babuk.Security Online
December 5, 2024 – Government
US, Canada, Australia, and New Zealand Warn of China-Backed Cyber Espionage Campaign Targeting Telecom Networks Full Text
Abstract
The U.S. CISA, NSA, FBI, Australia's ACSC, Canada's CCCS, and New Zealand’s NCSC warned that China-affiliated threat actors compromised networks of major global telecommunications providers to conduct a broad and significant cyber espionage campaign.The Hacker News
December 5, 2024 – Vulnerabilities
Multiple Vulnerabilities Found in Lorex 2K Indoor Wi-Fi Security Cameras Full Text
Abstract
Discovered during the 2024 Pwn2Own IoT competition, these vulnerabilities let attackers compromise the devices, potentially accessing live video feeds and executing harmful code remotely.Rapid 7
December 5, 2024 – Criminals
Authorities Shut Down Crimenetwork, the Germany’s Largest Crime Marketplace Full Text
Abstract
The operation was carried out by Public Prosecutor’s Office in Frankfurt am Main, the Central Office for Combating Cybercrime (ZIT), and the Federal Criminal Police Office (BKA).Security Affairs
December 5, 2024 – Vulnerabilities
High-Severity Flaws in Veeam Backup & Replication Put Data at Risk Full Text
Abstract
Veeam has fixed these vulnerabilities in Veeam Backup & Replication 12.3 (build 12.3.0.310) and Veeam Agent for Microsoft Windows 6.3 (build 6.3.0.177) and urges all users to upgrade to this version immediately.Security Online
December 5, 2024 – Attack
Cloudflare’s Developer Domains Increasingly Abused by Threat Actors Full Text
Abstract
Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities.Bleeping Computer
December 4, 2024 – Ransomware
Inside Akira Ransomware’s Rust Experiment Full Text
Abstract
Check Point Research dissected Akira ransomware’s Rust version, targeting ESXi servers, revealing how Rust's design, compiler optimizations, and library usage complicate reverse-engineering.Check Point
December 4, 2024 – Vulnerabilities
I-O DATA Routers Under Attack; Urgent Firmware Update Needed Full Text
Abstract
Japan's JPCERT/CC issued a warning that these vulnerabilities leave devices open to serious attacks, including credential theft, command execution, and complete firewall bypass.December 4, 2024 – Breach
Solana Web3.js Library Compromised in Targeted Supply Chain Attack Full Text
Abstract
Malicious code was injected into versions 1.95.6 and 1.95.7 of the library, which is downloaded over 350,000 times weekly from the npm registry. This code was designed to exfiltrate private keys, leading to cryptocurrency theft.Security Online
December 4, 2024 – Vulnerabilities
PoC Confirms Root Privilege Exploit in TP-Link Archer AXE75 Vulnerability Full Text
Abstract
A newly discovered vulnerability in the TP-Link Archer AXE75 router, tracked as CVE-2024-53375, could allow remote attackers to execute arbitrary commands on vulnerable devices.Security Online
December 4, 2024 – Government
CISA Adds ProjectSend, North Grid Proself, and Zyxel Firewall Bugs to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application’s configuration.Security Affairs
December 4, 2024 – Business
French Mobile Operators Join Forces to Tackle Rising Fraud Full Text
Abstract
Bouygues Telecom, Free, Orange, and SFR announced on December 3 that they will launch two network APIs for the French market in the first half of 2025 to help online businesses combat fraud and digital identity theft.Infosecurity Magazine
December 4, 2024 – Vulnerabilities
Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console Full Text
Abstract
The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing.The Hacker News
December 4, 2024 – Phishing
Why Phishers Love New TLDs Like .shop, .top, and .xyz Full Text
Abstract
A study by Interisle Consulting found that new gTLDs introduced in the last few years command just 11% of the market for new domains, but accounted for roughly 37% of cybercrime domains reported between September 2023 and August 2024.Krebs On Security
December 4, 2024 – Vulnerabilities
MobSF XSS Vulnerability Let Attackers Inject Malicious Scripts Full Text
Abstract
This vulnerability, CVE-2024-53999 is a Stored Cross-Site Scripting (XSS) flaw found in the “Diff or Compare” functionality, which occurs due to improper handling of file uploads with script-laden filenames.GBHackers
December 4, 2024 – Malware
ElizaRAT: Enhancing C2 Communication Through Google, Telegram, & Slack Services Full Text
Abstract
Once executed, the malware extracts sensitive information from Userinfo.dll and transmits it to a remote server, which periodically checks for new instructions, enabling remote control over the compromised system.GBHackers
December 3, 2024 – Malware
Gafgyt Malware Broadens its Scope in Recent Attacks Full Text
Abstract
Gafgyt primarily targets vulnerable IoT devices, but Trend Micro researchers recently observed this malware being used to attack Docker Remote API servers, signifying a notable shift in its behavior.Trend Micro
December 3, 2024 – Hacker
North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks Full Text
Abstract
"Phishing emails were sent mainly through email services in Japan and Korea until early September," Korean cybersecurity firm Genians said. "Then, from mid-September, some phishing emails disguised as if they were sent from Russia were observed."The Hacker News
December 3, 2024 – Policy and Law
Russia Sentences Hydra Dark Web Market Leader to Life in Prison Full Text
Abstract
Russian authorities have sentenced the leader of the criminal group behind the now-closed dark web platform Hydra Market to life in prison. Additionally, more than a dozen accomplices have also been convicted.Bleeping Computer
December 3, 2024 – Phishing
People Facing Printer Problems Scammed via Fake Driver Downloads Full Text
Abstract
Victims clicking malicious Google ads are redirected to fake sites mimicking official printer brands, where scammers lure them into calling for support by offering printer drivers that fail to install.Malware Bytes
December 3, 2024 – Criminals
Korea Arrests CEO for Adding DDoS Feature to Satellite Receivers Full Text
Abstract
South Korean police have arrested a CEO and five employees for manufacturing over 240,000 satellite receivers pre-loaded or later updated to include DDoS attack functionality at a purchaser's request.Bleeping Computer
December 3, 2024 – Malware
New Malware Families RevC2 and Venom Loader Spread vis MaaS Tools Full Text
Abstract
“RevC2 uses WebSockets to communicate with its command-and-control (C2) server. The malware is capable of stealing cookies and passwords, proxies network traffic, and enables remote code execution (RCE),” noted ThreatLabz.ZSCaler
December 3, 2024 – Criminals
Ransomware suspect Wazawaka reportedly arrested by Russia Full Text
Abstract
Russian authorities have charged a high-profile hacker for creating malware used to blackmail commercial organizations, the Russian interior ministry said in a statement late last week.The Record
December 3, 2024 – APT
APT35 Forges Recruitment Sites, Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries Full Text
Abstract
In one of its campaigns, APT35 launched a fake recruitment site, particularly aimed at experts in drone design within the aerospace sector in Thailand. The site featured high-paying job postings, adding legitimacy to the ruse.Threat Book
December 3, 2024 – Vulnerabilities
ProFTPD Vulnerability Grants Root Access to Attackers Full Text
Abstract
ProFTPD contains a critical security flaw that could allow attackers to gain root access to vulnerable systems. The vulnerability, tracked as CVE-2024-48651 (CVSS 7.5), exists in the mod_sql component of ProFTPD versions 1.3.8b and earlier.Security Online
December 3, 2024 – Breach
The Shocking Speed of AWS Key Exploitation Full Text
Abstract
Researchers revealed that attackers tend to find and exploit (within a few minutes) AWS access keys leaked on GitHub and DockerHub, and within several hours those exposed on PyPI, Pastebin, and the Postman Community.Help Net Security
December 2, 2024 – Attack
SmokeLoader Malware Campaign Targets Companies in Taiwan Full Text
Abstract
SmokeLoader is a modular malware known for its adaptability and evasion techniques. It is being used in this attack to directly execute its payloads rather than serving as a downloader for other malicious software.Infosecurity Magazine
December 2, 2024 – Malware
Fake Betting Apps Using AI-Generated Voices to Steal Data Full Text
Abstract
Cybercriminals are creating fake betting app ads to lure users and steal money and personal information. Over 500 fake ads and 1,377 malicious sites have been identified, targeting users in regions like Egypt, the Middle East, Europe, and Asia.Hack Read
December 2, 2024 – Criminals
INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million Full Text
Abstract
The coordinated exercise saw the participation of authorities from 40 countries, territories, and regions as part of the latest wave of Operation HAECHI-V, which took place between July and November 2024, INTERPOL said.The Hacker News
December 2, 2024 – Vulnerabilities
New Windows Server 2012 Zero-Day Gets Free, Unofficial Patches Full Text
Abstract
Free unofficial security patches have been released through the 0patch platform to address a zero-day vulnerability introduced over two years ago in the Windows Mark of the Web (MotW) security mechanism.Bleeping Computer
December 2, 2024 – Phishing
Novel Phishing Campaign Uses Corrupted Word Documents To Evade Security Full Text
Abstract
A novel phishing attack abuses Microsoft's Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but still be recoverable by the application.Bleeping Computer