cybersecurity

Cisco Says Flaws in Industrial Routers, BGP Tool Remain Unpatched 8 Months After Disclosure

by

December 10, 2024 at 07:21AM Cisco’s Talos unit has revealed several unpatched vulnerabilities in MC Technologies’ industrial router and GoCast’s BGP tool, despite responsible disclosure to vendors months ago. Notably, the MC LR router has four high-severity command injection flaws, while GoCast has three critical vulnerabilities, both potentially exploitable through crafted HTTP requests. ### Meeting … Read more

Microsoft Rolls Out Default NTLM Relay Attack Mitigations

by

December 10, 2024 at 06:29AM Microsoft has introduced enhanced security measures to combat NTLM relay attacks on Exchange servers, including enabling Extended Protection for Authentication (EPA) and channel binding by default. These changes aim to safeguard accounts from exploitation via vulnerabilities, ensuring a more secure environment as the company plans to phase out NTLM usage … Read more

Sprawling ‘Operation Digital Eye’ Attack Targets European IT Orgs

by

December 10, 2024 at 06:03AM Chinese hackers nearly infiltrated critical European supply chain companies by disguising attacks within Microsoft tools during a three-week span. This operation, called “Operation Digital Eye,” involved SQL injections and the use of Visual Studio Code for persistent access, complicating attribution and demonstrating a sophisticated approach to cyber-espionage. ### Meeting Takeaways … Read more

Ongoing Phishing and Malware Campaigns in December 2024

by

December 10, 2024 at 05:12AM Cybersecurity threats are evolving, with ongoing zero-day attacks using corrupted files largely undetected, as seen in a recent analysis by ANY.RUN. Additionally, fileless malware and phishing tactics are on the rise. Utilizing advanced tools like ANY.RUN’s Interactive Sandbox helps organizations identify and analyze these threats effectively. ### Meeting Takeaways (Dec … Read more

CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force

by

December 10, 2024 at 05:12AM The Ukrainian Computer Emergency Response Team (CERT-UA) warns of phishing attacks targeting defense firms and military forces by the Russia-linked UAC-0185 group. The emails masquerade as official conference invitations, containing malicious links that enable remote system access and credential theft from messaging apps and military systems. ### Meeting Takeaways – … Read more

Radiant Capital $50 Million Heist Blamed on North Korean Hackers

by

December 10, 2024 at 05:00AM Radiant Capital was targeted by a North Korean threat actor in a $50 million heist on October 16. Malware infected developers’ devices, enabling fraudulent transactions during normal operations. The attack, linked to group UNC4736, started in September through a deceptive Telegram message and exploited various blockchain platforms before erasing evidence. … Read more

WhatsApp finally fixes View Once flaw that allowed theft of supposedly vanishing pics

by

December 10, 2024 at 02:37AM WhatsApp has resolved a vulnerability in its View Once feature, which allows disappearing media to be accessed through web clients and browser extensions. Following reports from Zengo, WhatsApp issued a software update to enhance privacy protections, though further improvements were noted as necessary. Users are encouraged to trust their recipients … Read more

Google Launches Open-Source Patch Validation Tool

by

December 9, 2024 at 07:34PM Google’s Vanir tool enhances Android security patch validation by automating the identification of missing updates through static code analysis. Covering 95% of known vulnerabilities with a 97% accuracy rate, it significantly reduces patch fix time, offering efficiency improvements for manufacturers and potential adaptability for other platforms. **Meeting Takeaways:** 1. **Complexity … Read more

Ransomware attack hits leading heart surgery device maker

by

December 9, 2024 at 06:03PM Artivion experienced a ransomware attack on November 21, disrupting operations and forcing some systems offline. The company is investigating the incident, involving external advisors, and has reported data encryption and theft. While most operational disruptions have been addressed, additional costs are expected, and no ransom demands have yet been claimed. … Read more

Microsoft NTLM Zero-Day to Remain Unpatched Until April

by

December 9, 2024 at 05:44PM Microsoft issued guidance to mitigate NTLM relay attacks following the discovery of a zero-day bug affecting all Windows versions, enabling credential theft through malicious files. The bug’s fix is anticipated in April. Organizations are advised to enable Extended Protection for Authentication (EPA) to strengthen defenses against these vulnerabilities. ### Meeting … Read more