2024 and Technology - Cyber Security Informer

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Continuing our look back at 2024, part two of Last Watchdogs year-ender roundtable turns its focus to emerging threats vs. evolving defense tactics. This has fueled rapid adoption of autonomous AI agents, which matured significantly in 2024 and will become mainstream in 2025. The drivers are intensifying. million (NIST, WEF).

Cyber threats

Cyber threats CISO IoT Phishing

Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024

Security Affairs

APRIL 29, 2025

Google tracked 75 zero-day flaws exploited in 2024, down from 98 in 2023, according to its Threat Intelligence Group’s latest analysis. In 2024, Google tracked 75 exploited zero-day vulnerabilities, down from 98 in 2023 but up from 63 in 2022. In 2024, over half of zero-days enabled remote code execution or privilege escalation.

Surveillance

Surveillance Mobile Software Hacking

HM Surf (CVE-2024-44133): macOS Flaw Exposing Cameras and Microphones to Hackers, PoC Published

Penetration Testing

OCTOBER 17, 2024

In a significant discovery by Microsoft Threat Intelligence, a vulnerability in macOS, identified as CVE-2024-44133, has been found to bypass Apple’s Transparency, Consent, and Control (TCC) technology.

Technology

Technology Cybersecurity

Patch Tuesday, October 2024 Edition

Krebs on Security

OCTOBER 8, 2024

One of the zero-day flaws — CVE-2024-43573 — stems from a security weakness in MSHTML , the proprietary engine of Microsoft’s Internet Explorer web browser. If that sounds familiar it’s because this is the fourth MSHTML vulnerability found to be exploited in the wild so far in 2024.

Engineering

Engineering Internet Internet System Administration

Cybersecurity Predictions for 2024

Attackers have taken advantage of the rapid shift to remote work and new technologies. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024. Add to that hacktivism due to global conflicts and U.S. We’ve recently looked back at what happened within cybersecurity in 2023.

Cybersecurity

Mobile malware evolution in 2024

SecureList

MARCH 3, 2025

The statistics for previous years may differ from earlier publications due to a data and methodology revision implemented in 2024. The year in figures According to Kaspersky Security Network, in 2024: A total of 33.3 The year’s trends In 2024, cybercriminals launched a monthly average of 2.8 A total of 1.1

Mobile

Mobile Malware Adware Banking

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” reads the report published by Microsoft Threat Intelligence. “Microsoft assesses with medium confidence that Storm-2372 aligns with Russian interests, victimology, and tradecraft.”

Phishing

Phishing Authentication Telecommunications Accountability

Report on Paragon Spyware

Schneier on Security

MARCH 25, 2025

This person received an Apple threat notification in November 2024, but no WhatsApp notification. Our analysis showed an attempt to infect the device with novel spyware in June 2024. We shared details with Apple, who confirmed they had patched the attack in iOS 18. Other Surveillance Tech Deployed Against The Same Italian Cluster.

Spyware

Spyware Surveillance Technology

Best of 2024: FIDO: Consumers are Adopting Passkeys for Authentication

Security Boulevard

DECEMBER 31, 2024

The FIDO Alliance found in a survey that as consumers become more familiar with passkeys, they are adopting the technology as a more secure alternative to passwords to authenticate their identities online. The post Best of 2024: FIDO: Consumers are Adopting Passkeys for Authentication appeared first on Security Boulevard.

Authentication

Authentication Passwords Technology

RSAC Fireside Chat: Qwiet AI leverages graph-database technology to reduce AppSec noise

The Last Watchdog

MAY 23, 2024

By the same token, AppSec technology is advancing apace to help companies meet this challenge. We also had a lively sidebar about the lessons security vendors are learning as they race to integrate GenAI and LLM technology into their respective solutions. AppSec has never been more challenging.

Technology

Technology Antivirus Marketing Internet

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

DECEMBER 3, 2024

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as.shop ,top ,xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds.

Cybercrime

Cybercrime Phishing Accountability Internet

Vulnerability Reward Program: 2024 in Review

Google Security

MARCH 7, 2025

Posted by Dirk Ghmann In 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. Chrome Chrome did some remodeling in 2024 as we updated our reward amounts and structure to incentivize deeper research. million in total.

Mobile

Mobile Hacking Engineering Technology

The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets

Security Affairs

FEBRUARY 13, 2025

Researchers at cybersecurity firm Resecurity detected a rise in cyberattacks targeting UAV and counter-UAV technologies. Resecurity identified an increase in malicious cyber activity targeting UAV and counter-UAV (C-UAV/C-UAS) technologies.

Technology

Technology Surveillance Manufacturing Cyber threats

Managed detection and response in 2024

SecureList

FEBRUARY 20, 2025

Kaspersky Managed Detection and Response service (MDR) provides round-the-clock monitoring and threat detection, based on Kaspersky technologies and expertise. For organizations with in-house security operations teams, internal processes and technologies must be equipped to handle the modern threat landscape. in IT, 18.3% in IT, 18.3%

Social Engineering

Social Engineering Phishing Government Threat Detection

Most Popular Cyber Blogs from 2024

Lohrman on Security

JANUARY 12, 2025

What were the top government technology and cybersecurity blog posts in 2024? The metrics tell us what cybersecurity and technology infrastructure topics were most popular.

Technology

Technology Government Cybersecurity

IT threat evolution Q3 2024

SecureList

NOVEMBER 29, 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations.

Energy and Utilities

Energy and Utilities Ransomware Malware Government

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 18, 2024, the City of Columbus, Ohio, suffered a cyber attack that impacted the City’s services. ” reads the update published by the City.

Ransomware

Ransomware Identity Theft Data breaches Cyber threats

The Evolving Cyber Landscape: Insights from 2024 Reports

Lohrman on Security

JUNE 9, 2024

Over the past month, the Verizon Data Breach Investigation Report and the Watchguard Technologies Internet Security Report were released. Here are some highlights.

Data breaches

Data breaches Internet Internet Technology

Financial cyberthreats in 2024

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing

Phishing Banking Scams Mobile

Securing Tomorrow: Cybersecurity Review 2023 & Forecasting 2024 Threats – A Free Webinar With Joseph Steinberg and Dror Liwer

Joseph Steinberg

JANUARY 30, 2024

They will then shift our focus to the future, and help us forecast for 2024 with a forward-thinking exploration of anticipated cybersecurity challenges and advancements. Steinberg and Liwer will analyze the potential impact of emerging technologies, legislative changes, and geopolitical events on the cybersecurity landscape.

Artificial Intelligence

Artificial Intelligence Cybersecurity Cyber threats Technology

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

The Last Watchdog

AUGUST 12, 2024

LAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024 : GenAI is very much in the mix as a potent X-factor in cybersecurity. This is all part of Generative AI and Large Language Models igniting the next massive technological disruption globally. AppSec technology security-hardens software at the coding level.

Software

Software Technology Mobile Cybersecurity

Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677

Security Affairs

DECEMBER 18, 2024

Researchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677. Researchers warn that threat actors are attempting to exploit the vulnerability CVE-2024-53677 (CVSS score of 9.5) “The vulnerability, CVE-2024-53677, appears to be related to CVE-2023-50164.

Hacking

Hacking Technology Software Information Security

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

An analysis of their technology infrastructure shows that all of these exchanges use Russian email providers, and most are directly hosted in Russia or by Russia-backed ISPs with infrastructure in Europe (e.g. A machine-translated version of Flymoney, one of dozens of cryptocurrency exchanges apparently nested at Cryptomus. ”

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

2024 in AI: It’s changed the world, but it’s not all good

Malwarebytes

DECEMBER 27, 2024

And as long as we have been waiting for AI technology to become commonplace, if AI has taught us one thing this year, then its that when humans and AI cooperate, amazing things can happen. As with many developing technologies, sometimes the race to stay ahead is more important than security. But amazing is not always positive.

Scams

Scams Media Artificial Intelligence Technology

MY TAKE: Fostering Digital Trust – the role of ‘post-quantum crypto’ and ‘crypto agility’ in 2024

The Last Watchdog

DECEMBER 13, 2023

I had the opportunity to sit down with DigiCert’s Jason Sabin , Chief Technology Officer and Avesta Hojjati , Vice President of Engineering to chew this over. We drilled down on a few significant developments expected to play out in 2024 and beyond. And PKI is the best technology we’ve got to get us there.

Encryption

Encryption Technology CISO IoT

Cybersecurity Vulnerability News: October 2024 CVE Roundup

Security Boulevard

NOVEMBER 1, 2024

Keep Your Organization Safe with Up-to-Date CVE Information Cybersecurity vulnerability warnings from the National Institute of Standards and Technology (NIST) continue to identify critical concerns. The post Cybersecurity Vulnerability News: October 2024 CVE Roundup appeared first on TrueFort.

Cybersecurity

Cybersecurity Technology Risk

Update your Android: Google patches two zero-day vulnerabilities

Malwarebytes

NOVEMBER 6, 2024

If your Android phone shows patch level 2024-11-05 or later then the issues discussed below have been fixed. The CVEs that look the most important are: CVE-2024-43047 : a high-severity use-after-free issue in closed-source Qualcomm components within the Android kernel that elevates privileges.

Encryption

Encryption Mobile Technology Software

A Deep Dive into the Last Vendor Breaches of 2024: What We Learned

Responsible Cyber

NOVEMBER 23, 2024

Overview of Vendor Breaches in 2024 In 2024, the cybersecurity landscape has faced an alarming rise in vendor-related breaches, underscoring the vulnerabilities associated with third-party service providers. A common characteristic among the vendor breaches reported in 2024 is the exploitation of weak security protocols.

Risk

Risk Healthcare Education Cybersecurity

F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP

Security Affairs

OCTOBER 20, 2024

Technology firm F5 patches a high-severity elevation of privilege vulnerability in BIG-IP and a medium-severity flaw in BIG-IQ. F5 addressed two vulnerabilities in BIG-IP and BIG-IQ enterprise products, respectively tracked as CVE-2024-45844 and CVE-2024-47139. There is no data plane exposure; this is a control plane issue only.”

Authentication

Authentication Hacking Technology Information Security

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security. As small businesses increasingly depend on digital technologies to operate and grow, the risks associated with cyber threats also escalate. Cary, NC, Oct.

Small Business

Small Business Data breaches Backups Passwords

MY TAKE: RSAC 2024’s big takeaway: rules-based security is out; contextual security is taking over

The Last Watchdog

MAY 13, 2024

Secretary of State Antony Blinken opened RSA Conference 2024 last week issuing a clarion call for the cybersecurity community to defend national security, nurture economic prosperity and reinforce democratic values. Today’s revolutions in technology are at the heart of our competition with geopolitical rivals,” Blinken said.

Artificial Intelligence

Artificial Intelligence Technology Accountability DNS

News alert: Gcore Radar reveals 56% rise in DDoS attacks – gaming industry targeted the most

The Last Watchdog

FEBRUARY 11, 2025

11, 2025, CyberNewswire — Gcore , the global edge AI, cloud, network, and security solutions provider, today announced the findings of its Q3-Q4 2024 Radar report into DDoS attack trends. DDoS attacks have reached unprecedented scale and disruption in 2024, and businesses need to act fast to protect themselves from this evolving threat.

DDOS

DDOS Financial Services Technology Accountability

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Krebs on Security

AUGUST 27, 2024

26, Versa urged customers to deploy a patch for the vulnerability ( CVE-2024-39717 ), which the company said is fixed in Versa Director 22.1.4 ISP on June 12, 2024. In January 2024, the U.S. In a security advisory published Aug. Versa said the weakness allows attackers to upload a file of their choosing to vulnerable systems.

Internet

Internet Internet Technology Engineering

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

The Last Watchdog

DECEMBER 12, 2023

What should I be most concerned about – and focus on – in 2024? In 2024, we will see more targeted, sophisticated business email compromise (BEC) attacks, including VIP impersonation, vendor email compromise (VEC), and autonomous agents used for malicious purposes. The comments we received were uniformly insightful and helpful.

Cybersecurity

Cybersecurity Social Engineering Cyber threats Software

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

“ Hello BreachForums Community , Today, I am selling the Cisco breach that recently happened (6/10/2024)” reads the message published by IntelBroker. DevHub is a platform designed for developers to access resources, tools, and APIs to build and integrate applications with Cisco’s technologies.

Cybercrime

Cybercrime Data breaches Technology Banking

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

The vulnerability CVE-2024-20481 (CVSS score of 5.8) Now the company confirmed that the flaw CVE-2024-20481 is actively exploited in the wild. Recently, tesearchers from Positive Technologies warned that unknown threat actors have attempted to exploit the now-patched vulnerability CVE-2024-37383 (CVSS score: 6.1)

VPN

VPN Firewall Technology Passwords

Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns

The Hacker News

MAY 14, 2025

A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors.

Healthcare

Healthcare Media Software Technology

A cyberattack on gambling giant IGT disrupted portions of its IT systems

Security Affairs

NOVEMBER 23, 2024

International Game Technology (IGT) detected a cyberattack on November 17, the company promptly started its incident response procedures. International Game Technology PLC (IGT), formerly Gtech S.p.A. is a multinational gambling company that produces slot machines and other gambling technology. and Lottomatica S.p.A.,

Technology

Technology Hacking Ransomware Cybersecurity

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Krebs on Security

APRIL 30, 2025

Scattered Spider is a loosely affiliated criminal hacking group whose members have broken into and stolen data from some of the world’s largest technology companies. Tyler Buchanan, being escorted by Spanish police at the airport in Palma de Mallorca in June 2024. As first reported by KrebsOnSecurity, Buchanan (a.k.a.

Identity Theft

Identity Theft Phishing Cryptocurrency Cybercrime

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

On Wednesday, December 25, 2024, at 17:07 EST, the threat actor IntelBroker posted on X about releasing more data. We have analyzed the post data, and it aligns with the known data set from October 14, 2024.” At 17:40 EST, IntelBroker released 4.45 GB of data for free on BreachForums. ” reads the update published by Cisco.

Data breaches

Data breaches Cybercrime Authentication Technology

Passwordless Authentication without Secrets!

Thales Cloud Protection & Licensing

OCTOBER 11, 2024

divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets. Passwordless Authentication without Secrets! To learn more about how Thales OneWelcome and Badge, Inc.

Authentication

Authentication Retail Healthcare Manufacturing

CyberSecurity Expert Joseph Steinberg To Lecture At Columbia University

Joseph Steinberg

APRIL 28, 2024

CyberSecurity Expert Joseph Steinberg, will join the faculty of Columbia University for the upcoming Summer 2024 semester. The post CyberSecurity Expert Joseph Steinberg To Lecture At Columbia University appeared first on Joseph Steinberg: CyberSecurity Expert Witness, Privacy, Artificial Intelligence (AI) Advisor.

Artificial Intelligence

Artificial Intelligence Cybersecurity Technology

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. In January 2024, KrebsOnSecurity broke the news that Urban had been arrested in Florida in connection with multiple SIM-swapping attacks. police as part of an FBI investigation into the MGM hack.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

Security Affairs

JANUARY 17, 2025

ESET disclosed details of a now-patched vulnerability, tracked as CVE-2024-7344 (CVSS score: 6.7), that could allow a bypass of the Secure Boot mechanism in UEFI systems. The vulnerability CVE-2024-7344 affects the UEFI application of several real-time system recovery software suites developed by Howyar Technologies Inc.,

Firmware

Firmware Technology Software Manufacturing

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024

Trending Sources

HM Surf (CVE-2024-44133): macOS Flaw Exposing Cameras and Microphones to Hackers, PoC Published

Patch Tuesday, October 2024 Edition

Cybersecurity Predictions for 2024

Mobile malware evolution in 2024

Storm-2372 used the device code phishing technique since August 2024

Report on Paragon Spyware

Best of 2024: FIDO: Consumers are Adopting Passkeys for Authentication

RSAC Fireside Chat: Qwiet AI leverages graph-database technology to reduce AppSec noise

Why Phishers Love New TLDs Like.shop,top and.xyz

Vulnerability Reward Program: 2024 in Review

The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets

Managed detection and response in 2024

Most Popular Cyber Blogs from 2024

IT threat evolution Q3 2024

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

The Evolving Cyber Landscape: Insights from 2024 Reports

Financial cyberthreats in 2024

Securing Tomorrow: Cybersecurity Review 2023 & Forecasting 2024 Threats – A Free Webinar With Joseph Steinberg and Dror Liwer

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677

How Cryptocurrency Turns to Cash in Russian Banks

2024 in AI: It’s changed the world, but it’s not all good

MY TAKE: Fostering Digital Trust – the role of ‘post-quantum crypto’ and ‘crypto agility’ in 2024

Cybersecurity Vulnerability News: October 2024 CVE Roundup

Update your Android: Google patches two zero-day vulnerabilities

A Deep Dive into the Last Vendor Breaches of 2024: What We Learned

F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

MY TAKE: RSAC 2024’s big takeaway: rules-based security is out; contextual security is taking over

News alert: Gcore Radar reveals 56% rise in DDoS attacks – gaming industry targeted the most

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns

A cyberattack on gambling giant IGT disrupted portions of its IT systems

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Cisco states that the second data leak is linked to the one from October

Passwordless Authentication without Secrets!

CyberSecurity Expert Joseph Steinberg To Lecture At Columbia University

Feds Charge Five Men in ‘Scattered Spider’ Roundup

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

Stay Connected