December 10, 2024 at 02:05PM Adobe’s December 2024 Patch Tuesday updates addressed over 160 vulnerabilities across 16 products, notably Adobe Experience Manager and Adobe Animate. The patches include medium to critical severity issues, particularly concerning arbitrary code execution. While no known exploits exist, users are urged to apply the updates promptly for security. ### Meeting … Read more
December 10, 2024 at 01:47PM Deepfakes pose a significant threat to Scottish Parliamentary recordings and live streams, as highlighted by researchers from the University of Edinburgh. They identified vulnerabilities, including hijacked streams and manipulated videos. Currently, the Parliament lacks preventative measures, but proposed solutions include enhanced authentication and a communication support team for targeted members. … Read more
December 10, 2024 at 01:38PM Several Microsoft vulnerabilities were reported, affecting various components such as Microsoft Defender, Edge, Office, SharePoint, and Windows services. Severity levels range from moderate to critical, with numerous remote code execution and elevation of privilege vulnerabilities listed, posing significant security risks to users and systems. ### Meeting Takeaways: CVE Vulnerabilities Overview … Read more
December 10, 2024 at 11:48AM Users of Cleo-managed file transfer software are urged to secure their systems due to exploitation of a remote code execution vulnerability (CVE-2024-50623). Despite patches, the issue persists, affecting products like Cleo Harmony and VLTrader. At least 10 companies have been compromised, with evidence of ransomware involvement. ### Meeting Takeaways – … Read more
December 10, 2024 at 11:40AM The U.S. Treasury sanctioned Sichuan Silence, a Chinese cybersecurity firm, and an employee for involvement in 2020 Ragnarok ransomware attacks on U.S. critical infrastructure. Guan Tianfeng exploited a zero-day vulnerability, compromising 81,000 firewalls globally, including over 23,000 in the U.S. A $10 million reward has been offered for information. **Meeting … Read more
December 10, 2024 at 11:21AM Cybercriminal gangs exploited public website vulnerabilities to steal AWS cloud credentials from numerous organizations, uncovered by researchers from CyberCyber Labs. The attackers, linked to groups Nemesis and ShinyHunters, misconfigured an AWS S3 bucket containing stolen data. AWS confirmed the incident was due to customer application flaws, not their systems. ### … Read more
December 10, 2024 at 11:10AM Researchers revealed that AMD’s Secure Encrypted Virtualization (SEV) can be compromised using low-cost hardware. Their “BadRAM” attack exploits the SPD chip to bypass memory access restrictions. This vulnerability undermines SEV’s integrity and affects major cloud providers, prompting AMD to prepare an advisory and recommend securing SPD locks on memory modules. … Read more
December 10, 2024 at 10:11AM Hackers are leveraging a zero-day vulnerability in Cleo managed file transfer software to infiltrate corporate networks and execute data theft attacks. This highlights the urgent need for organizations to address security weaknesses and implement protective measures against such threats. **Meeting Notes Takeaways:** 1. **Current Threat:** Hackers are exploiting a zero-day … Read more
December 10, 2024 at 10:11AM The article by Varonis Security Specialist Tom Barnea discusses the evolution of sophisticated phishing attacks that exploit AI and legitimate platforms. A specific case involving a U.K. insurance company illustrates how attackers used a trusted sender’s email and created deceptive links. Recommendations emphasize user awareness and technical measures for prevention. … Read more
December 10, 2024 at 09:59AM Marc Andreessen’s phrase “Software is eating the world” remains relevant as software transforms industries and boosts the economy. However, the rapid growth in software development has led to a surge in supply chain attacks, with predictions of increased occurrences. Organizations must prioritize security, vet vendors diligently, and evaluate their entire … Read more