December 10, 2024 at 09:48AM Huntress warned of an exploited vulnerability (CVE-2024-50623) in Cleo’s file transfer products, affecting over 1,700 servers, mostly in consumer and shipping sectors. Despite a patch, it failed to secure systems, allowing unauthorized access and persistent threats. Cleo plans to release a new patch shortly. **Meeting Takeaways:** 1. **Vulnerability Identified**: Huntress … Read more
December 10, 2024 at 09:48AM Cybersecurity researchers have uncovered a mobile phishing campaign distributing an updated Antidot banking trojan, luring victims through fake job offers. Attackers prompt downloads of malicious apps, enabling extensive device control and data theft. Targeting multilingual users, the advanced malware requires robust protection measures to prevent significant data loss and financial … Read more
December 10, 2024 at 08:57AM SAP released nine new and four updated security notes on December 2024 Security Patch Day, addressing critical vulnerabilities in NetWeaver AS for Java. Notably, CVE-2024-47578 poses a significant risk of complete system compromise. Users are urged to implement the security updates promptly, although there are no known active exploits. ### … Read more
December 10, 2024 at 08:44AM Huntress reports widespread exploitation of a vulnerability in Cleo file management products, affecting patched systems. The bug, CVE-2024-50623, allows remote code execution, impacting over 1,700 servers. At least ten customers are compromised, prompting Huntress to recommend firewall protection and other mitigations while awaiting an updated patch from Cleo. ### Meeting … Read more
December 10, 2024 at 08:27AM Microsoft has launched the LLMail-Inject hacking challenge, offering $10,000 in prizes for breaking defenses in a simulated email client using an instruction-tuned large language model. The challenge runs until January 20, 2025, featuring 40 unique scenarios. Participants can form teams of up to five and must register via GitHub. ### … Read more
December 10, 2024 at 08:19AM Join SecurityWeek on December 10th at 1:00 PM ET for a session featuring Rachel Tobac and Mahmood Khan, focusing on how cybercriminals use social engineering, deepfake technology, and BEC to steal funds. Learn about attack methods, emerging threats, and actionable defense strategies for your organization. ### Meeting Notes Summary: Cybersecurity … Read more
December 10, 2024 at 08:06AM As cyber threats evolve, automated internal and external pentesting becomes essential for organizations. These cost-effective solutions enable frequent and thorough security assessments, addressing both insider and perimeter risks. Automated tools, like vPenTest, offer detailed insights, streamline compliance, and empower IT teams to enhance their security posture proactively. ### Key Takeaways … Read more
December 10, 2024 at 08:04AM Astrix Security, a startup focusing on securing non-human identities, has raised $45 million in Series B funding, totaling $85 million. Investors include Menlo Ventures, Workday Ventures, and BVP. The company addresses identity management challenges and has expanded its workforce significantly to serve major clients like Workday and Netapp. ### Meeting … Read more
December 10, 2024 at 07:48AM Chinese hackers are utilizing Visual Studio Code tunnels to maintain persistent remote access to compromised IT service providers in Southern Europe, in a campaign dubbed ‘Operation Digital Eye.’ Initiating access through SQL injection and employing various techniques, these activities were detected by SentinelLabs, raising alarms about this emerging threat. ### … Read more
December 10, 2024 at 07:38AM Artivion reported a cybersecurity incident resembling a ransomware attack on November 21, 2024, resulting in data theft and file encryption. The company is investigating, has engaged external advisors, and is working to restore systems. The incident has disrupted operations but is not expected to impact finances significantly, aided by cyber … Read more