cybersecurity

Fortinet Acquires Perception Point Reportedly for $100 Million

by

December 12, 2024 at 10:10AM Fortinet announced the acquisition of Israeli security company Perception Point for approximately $100 million. Perception Point enhances Fortinet’s security offerings with advanced threat detection and cloud-native solutions for email and collaboration platforms. This marks Fortinet’s third acquisition in 2024, following Next DLP and Lacework. **Meeting Notes Takeaways:** 1. **Acquisition Announcement**: … Read more

Cultivating a Hacker Mindset in Cybersecurity Defense

by

December 12, 2024 at 10:06AM The commentary highlights the decline of the hacker spirit among security professionals, who now often lack genuine curiosity and creativity. Instead of using automated tools, security teams must understand attackers’ motivations and tactics. Building a hacker mindset through mentorship and hands-on experience is crucial for effective defense against evolving threats. … Read more

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

by

December 12, 2024 at 09:51AM Cybersecurity researchers warn that numerous publicly accessible Prometheus servers are vulnerable to information leakage and attacks due to inadequate authentication. Sensitive data, including credentials, can be exposed, and denial-of-service attacks may occur via specific endpoints. Organizations should implement authentication, limit exposure, and monitor server activity to mitigate risks. **Meeting Takeaways … Read more

The Ghost of Christmas Past – AI’s Past, Present and Future

by

December 12, 2024 at 09:41AM The rapid growth of AI since GenAI’s emergence in 2022 has transformed operations and cybersecurity. However, despite its hype, GenAI hasn’t yet provided substantial business value. Moving forward, a focus on SynthAI, which synthesizes information for better decision-making, is essential, emphasizing the need for careful strategy and long-term ROI. ### … Read more

Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement

by

December 12, 2024 at 08:42AM Chinese law enforcement has utilized a surveillance tool called EagleMsgSpy since at least 2017 to collect data from Android devices via physical access. Developed by Wuhan Chinasoft Token Information Technology Co., it gathers sensitive information such as SMS, call logs, and GPS data, linked to public security bureaus in China. … Read more

Apache issues patches for critical Struts 2 RCE bug

by

December 12, 2024 at 08:39AM A severe remote code execution vulnerability (CVE-2024-53677) in Apache Struts 2 has been revealed, with a rating of 9.5 or 9.8. Attackers can exploit it without privileges. Users must upgrade to Struts 6.4.0+ to avoid risk. There are no workarounds; patching is mandatory. ### Meeting Takeaways 1. **Vulnerability Severity**: The … Read more

Microsoft MFA Bypassed via AuthQuake Attack 

by

December 12, 2024 at 08:28AM Oasis Security revealed a critical vulnerability, AuthQuake, allowing bypass of Microsoft’s multi-factor authentication (MFA). Reported in June, a temporary fix was issued before a permanent one in October. The exploit required no user interaction and could quickly grant access to sensitive accounts, affecting over 400 million Office 365 users. ### … Read more

Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

by

December 12, 2024 at 07:39AM A recently patched vulnerability in Apple’s iOS and macOS could allow unauthorized access to sensitive user data by bypassing the TCC security framework. Tracked as CVE-2024-44131, this flaw was linked to the FileProvider component. Attackers could exploit it to intercept user actions without raising alerts. ### Meeting Takeaways – Dec … Read more

27 DDoS Attack Services Taken Down by Law Enforcement

by

December 12, 2024 at 07:21AM An international law enforcement operation, Operation PowerOff, successfully dismantled 27 DDoS-for-hire websites and arrested three suspects in France and Germany. Coordinated by Europol, the operation identified over 300 users and aimed to curb disruptive DDoS attacks, especially during the holiday season, which cause significant financial and operational harm. ### Meeting … Read more

Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push

by

December 12, 2024 at 07:12AM Europol’s Operation PowerOFF recently shut down 27 domains linked to DDoS services, arresting three suspected administrators. This collaborative effort involved 15 countries to combat cybercrime and deter potential users through ads, warnings, and outreach. Since 2018, the operation has led to significant progress against DDoS platforms and criminal activities. ### … Read more