Krebs on Security

DECEMBER 10, 2024

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138 , a security weakness in the Windows Common Log File System (CLFS) driver — used by applications to write transaction logs — that could let an authenticated attacker gain “system” level privileges on a vulnerable Windows device.

Engineering 254

Engineering Authentication Software Accountability 254

Penetration Testing

DECEMBER 10, 2024

Google has announced its Chrome browser’s latest stable channel update, addressing several security vulnerabilities, including two classified as “High” severity. The update, rolling out progressively to Windows, Mac, and Linux... The post Google Chrome Patches High-Severity Vulnerabilities – CVE-2024-12381 & CVE-2024-12382 appeared first on Cybersecurity News.

Cybersecurity 128

Cybersecurity 128

Security Affairs

DECEMBER 10, 2024

Resecurity uncovered a large-scale fraud campaign in the UAE where scammers impersonate law enforcement to target consumers. Resecurity has identified a wide-scale fraudulent campaign targeting consumers in the UAE by impersonating law enforcement. Victims are asked to pay non-existent fines online (traffic tickets, parking violations, driving license renewals) following multiple phone calls made on behalf of Dubai Police officers.

Phishing 113

Phishing Social Engineering Banking DNS 113

Security Boulevard

DECEMBER 10, 2024

SpartanWarrioz, whose prolific phishing kit business took a hit when the group's Telegram channel was shut down in November, is rebounding quickly, creating a new channel and courting former subscribers as it rebuilds its operations, Forta researchers say. The post Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down appeared first on Security Boulevard.

Scams 120

Scams Phishing Social Engineering Security Awareness 120

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

DECEMBER 10, 2024

This is going to be interesting. It’s a video of someone trying on a variety of printed full-face masks. They won’t fool anyone for long, but will survive casual scrutiny. And they’re cheap and easy to swap.

288

288

Penetration Testing

DECEMBER 10, 2024

Jamf Threat Labs has identified a vulnerability in Apples Transparency, Consent, and Control (TCC) security framework. Designated as CVE-2024-44131, this flaw enables malicious applications to bypass user consent mechanisms and... The post Researcher Details CVE-2024-44131 – A Critical TCC Bypass in macOS and iOS appeared first on Cybersecurity News.

Cybersecurity 107

Cybersecurity 107

Penetration Testing

DECEMBER 10, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a security advisory (CERT-UA#12414) detailing a sophisticated phishing campaign targeting organizations within Ukraine’s defense industrial base. The attacks, attributed to... The post UAC-0185 APT Leverages Social Engineering to Target Ukrainian Defense Industrial Base appeared first on Cybersecurity News.

Social Engineering 108

Social Engineering Engineering Phishing Cybersecurity 108

Security Boulevard

DECEMBER 10, 2024

Microsoft is calling out to researchers to participate in a competition that is aimed at testing the latest protections in LLMs against prompt injection attacks, which OWASP is calling the top security risk facing the AI models as the industry rolls into 2025. The post Microsoft Challenge Will Test LLM Defenses Against Prompt Injections appeared first on Security Boulevard.

Risk 106

Risk Data privacy Security Awareness Mobile 106

Tech Republic Security

DECEMBER 10, 2024

TechRepublic looks back at the biggest cybersecurity stories of 2024, from record data breaches to rising ransomware threats and CISO burnout.

CISO 196

CISO Cybersecurity Data breaches Ransomware 196

WIRED Threat Level

DECEMBER 10, 2024

The design of the gun police say they found on the alleged United Healthcare CEO's killerthe FMDA or Free Men Dont Askwas released by a libertarian group.

Healthcare 27

Healthcare 27

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

DECEMBER 10, 2024

The E.U. Cyber Resilience Act is now in effect. The legislation affects manufacturers, distributors, and importers of software and hardware.

Manufacturing 172

Manufacturing Software Cybersecurity 172

Zero Day

DECEMBER 10, 2024

For 12 days, the OpenAI daily live stream is unveiling 'new things, big and small.' Here's what's new today.

Artificial Intelligence 133

Artificial Intelligence 133

Security Boulevard

DECEMBER 10, 2024

Although AI can enhance threat detection and response capabilities, it also introduces sophisticated attack vectors that require a rethink of traditional security models. The post Defending Against AI-Powered Attacks in a Spy vs. Spy World appeared first on Security Boulevard.

Threat Detection 123

Threat Detection Security Awareness Cybersecurity 123

Malwarebytes

DECEMBER 10, 2024

TikTok has requested an emergency injunction to stop or postpone the planned ban on the platform in the US. Back in March , the House of Representatives passed a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance agreed to give up its share of the immensely popular app. TikTok claims this is censorship and collides with the principle of free speech.

Identity Theft 120

Identity Theft Small Business Media Risk 120

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

WIRED Threat Level

DECEMBER 10, 2024

Several recent schemes were uncovered involving poker players at casinos allegedly using miniature cameras, concealed in personal electronics, to spot cards. Should players everywhere be concerned?

Hacking 115

Hacking 115

Security Boulevard

DECEMBER 10, 2024

For too long, architecting for cyber recovery and resiliency was on the vision board for a distant future. Unfortunately, that distant future is here, but many companies have not started this critical effort. The post Given Todays Data Complexity, a Platform Mindset is Crucial for Cyber Recovery appeared first on Security Boulevard.

Cybersecurity 114

Cybersecurity 114

SecureWorld News

DECEMBER 10, 2024

Zimperium's zLabs team has uncovered a dangerous new variant of the Antidot banking trojan, dubbed AppLite, that is targeting Android devices through sophisticated mobile phishing (mishing) campaigns. The research , released this morning, reveals how attackers are leveraging advanced social engineering, obfuscation techniques, and device exploitation to steal credentials and compromise financial and corporate applications.

Mobile 109

Mobile Social Engineering Banking Phishing 109

Security Boulevard

DECEMBER 10, 2024

Cybersecurity companies traditionally considered pioneers of data innovation are often the ones struggling to unlock the full potential of the data they collect within their own organizations. The post Cybersecurity Companies Must Practice What They Preach to Avoid the Data Paradox appeared first on Security Boulevard.

Cybersecurity 103

Cybersecurity Security Awareness 103

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

SecureWorld News

DECEMBER 10, 2024

Supervisory control and data acquisition (SCADA) systems are at the heart of modern industrial operations. It includes systems that provide real-time monitoring, control, and analysis of critical processes. To increase operational efficiency and guarantee and enable scalability, selecting the right SCADA software is mandatory. My article below will guide you through comparing SCADA software and help you understand the features to select the most appropriate software for your organization.

Software 108

Software IoT Mobile Cybersecurity 108

Fox IT

DECEMBER 10, 2024

Author: Guus Beckers Back in2022Fox-IT decided to open source its proprietary incident response tooling known as Dissect. Since then it has been adopted by many different companies in their regular workflow. For those of you who are not yet familiar with Dissect, it is an incident response framework built with incident response engagements of any scale in mind.

Encryption 103

Encryption Architecture 103

Security Boulevard

DECEMBER 10, 2024

GitGuardian today extended the reach of its ability to manage applications secrets into the realm of non-human identities (NHI) associated with machines and software components. The post GitGuardian Extends Reach to Manage Non-Human Identities appeared first on Security Boulevard.

Software 102

Software Security Awareness Cybersecurity 102

SecureBlitz

DECEMBER 10, 2024

Here are innovative marketing ideas every B2C business should try. Maintaining a competitive advantage in the hectic field of business depends on always being ahead of the curve. Particularly with social media and digital platforms rising, the B2C scene has changed drastically. Creative marketing techniques are necessary to remain current and grab the interest of […] The post Innovative Marketing Ideas Every B2C Business Should Try appeared first on SecureBlitz Cybersecurity.

B2C 97

B2C Marketing Media Cybersecurity 97

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Boulevard

DECEMBER 10, 2024

16 Critical 54 Important 0 Moderate 0 Low Microsoft addresses 70 CVEs with 16 rated critical, including one zero-day that was exploited in the wild. Microsoft patched 70 CVEs in its December 2024 Patch Tuesday release, with 16 rated critical, and 54 rated as important. This months update includes patches for: GitHub Microsoft Defender for Endpoint Microsoft Office Microsoft Office Access Microsoft Office Excel Microsoft Office Publisher Microsoft Office SharePoint Microsoft Office Word Remote De

Wireless 100

Wireless DNS Mobile Accountability 100

Penetration Testing

DECEMBER 10, 2024

Microsoft has released its December 2024 Patch Tuesday security update, addressing a total of 73 vulnerabilities across its product portfolio. This comprehensive update includes fixes for 16 critical and 54... The post Microsoft Addresses Critical Zero-Day CVE-2024-49138 & 72 Additional Flaws in December Patch Tuesday appeared first on Cybersecurity News.

Cybersecurity 86

Cybersecurity 86

Security Boulevard

DECEMBER 10, 2024

Our zLabs team has identified an extremely sophisticated mishing (mobile-targeted phishing) campaign that delivers malware to the users Android mobile device enabling a broad set of malicious actions including credential theft of banking, cryptocurrency and other critical applications. The post AppLite: A New AntiDot Variant Targeting Mobile Employee Devices appeared first on Zimperium.

Mobile 90

Mobile Cryptocurrency Banking Phishing 90

NetSpi Technical

DECEMBER 10, 2024

As a Security Consultant II at NetSPI, I’ve had the opportunity to dig into a variety of security issues during engagements, ranging from simple misconfigurations to complex attack chains. One recent project gave me the opportunity to uncover a critical vulnerability by chaining multiple findings together. This turned an initially informational issue into a high-severity, exploitative scenario.

Authentication 81

Authentication Risk Accountability 81

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Hacker's King

DECEMBER 10, 2024

If you're a tech enthusiast or a developer, the world of chatbots is exciting and ever-evolving, especially with advancements in AI. One of the most intriguing innovations in this space is TGPT, an OpenAI chatbot designed specifically for terminal environments and it doesn't require any API integration. You may also like to read: Email Investigation Using H8mail On Your Linux Imagine the power of advanced natural language processing at your fingertips, right in your command line interface!

Hacking 81

Hacking Cybersecurity Internet Internet 81

Penetration Testing

DECEMBER 10, 2024

A new campaign by the Roaming Mantis-affiliated MoqHao malware family, also known as Wroba and XLoader, has been uncovered by Threat Hunting Platform – Hunt.io. The campaign exploits trusted platforms... The post MoqHao Malware Targets Apple IDs and Android Devices Using iCloud and VK Platforms appeared first on Cybersecurity News.

Malware 76

Malware Cybersecurity 76

Pen Test

DECEMBER 10, 2024

Reverse engineering is the process of deconstructing a product or system to understand its design, architecture, and functionality. This technique is commonly used in various fields, including software development, hardware design, cybersecurity. The primary goal of reverse engineering is to analyze how a system works, identify its components, and uncover any underlying principles or mechanisms.

Engineering 70

Engineering Artificial Intelligence Software Malware 70

Penetration Testing

DECEMBER 10, 2024

In a recently disclosed analysis, Zafran’s research team has unveiled a pervasive misconfiguration vulnerability affecting some of the world’s largest web application firewall (WAF) vendors, including Akamai, Cloudflare, Fastly, and... The post Exploiting CDN Integrations: A WAF Bypass Threatening Global Web Applications appeared first on Cybersecurity News.

Firewall 73

Firewall Cybersecurity 73

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!