November 21, 2024 at 05:00AM Five alleged members of the Scattered Spider cybercrime group have been indicted for targeting U.S. companies through social engineering, stealing credentials to access crypto accounts and personal data worth millions. They face multiple charges, including wire fraud and identity theft, with potential sentences of up to 27 years. ### Meeting … Read more
November 21, 2024 at 04:34AM Exploitation attempts have been reported for two Citrix Session Recording vulnerabilities (CVE-2024-8068, CVE-2024-8069), which allow remote code execution. Although patches were issued, some reports suggest systems are exposed to the internet. Citrix advises users to update software to mitigate risks, as exploitation attempts continue. **Meeting Takeaways:** 1. **Vulnerability Overview:** – … Read more
November 21, 2024 at 03:48AM Ford is investigating allegations of a data breach involving 44,000 customer records leaked on a hacking forum. Initially, claims of the breach raised concerns over potentially sensitive information. However, Ford later clarified that no breach occurred within its systems; the issue related to a third-party supplier and involved public dealer … Read more
November 21, 2024 at 03:13AM Google’s AI-powered fuzzing tool, OSS-Fuzz, has uncovered 26 vulnerabilities, including a medium-severity flaw in OpenSSL (CVE-2024-9143), indicating significant advancements in automated vulnerability detection. The tool enhances code coverage and is part of Google’s transition to memory-safe languages like Rust, alongside new security checks in C++. **Meeting Takeaways – Nov 21, … Read more
November 21, 2024 at 01:48AM Threat hunters report an updated Python NodeStealer targeting Facebook Ads Manager and web browser credit card data. Developed by Vietnamese actors, it uses advanced techniques for data exfiltration, including avoiding detection in Vietnam. Recent phishing campaigns deploy I2Parcae RAT via ClickFix techniques, endangering users’ security and financial stability. ### Meeting … Read more
November 21, 2024 at 01:24AM Japan’s National Consumer Affairs Center advises citizens to start “digital end of life planning” to ease the burden of managing digital legacies. It recommends steps like maintaining a list of subscriptions, ensuring account access for family, and using designated services to simplify the process for loved ones after death. **Meeting … Read more
November 20, 2024 at 10:07PM SecurityWeek provides a range of cybersecurity news and resources, including webcasts, virtual events, and conferences focused on themes like malware, data breaches, ransomware, and more. They offer a daily briefing newsletter for updates and insights, and a platform for connecting key cybersecurity professionals and discussions. ### Meeting Takeaways: 1. **SecurityWeek … Read more
November 20, 2024 at 09:24PM A data breach at a French hospital compromised medical records of 750,000 patients, linked to a hacker known as ‘nears’. The threat actor claims access to over 1.5 million patient records and is selling access to multiple hospitals’ systems. Exposed data includes personal and medical information, raising phishing risks. ### … Read more
November 20, 2024 at 08:37PM The US Department of Justice has indicted five individuals linked to the cyber gang Scattered Spider, accused of stealing millions in cryptocurrency through SMS phishing and social engineering. The group also targeted MGM Resorts and Caesars Entertainment. Arrests were made in the US and Spain, with serious charges facing the … Read more
November 20, 2024 at 06:55PM Senator Richard Blumenthal warned that U.S. tech companies’ ties to China pose national security risks during a hearing on cybersecurity threats. CrowdStrike revealed its findings on Liminal Panda, a Beijing-backed cyber-espionage group targeting telecommunications networks. Blumenthal criticized companies like SpaceX and Apple for prioritizing profits over American security. ### Meeting … Read more