December 12, 2024 at 06:08AM Cleo has updated its Harmony, VLTrader, and LexiCom file transfer tools to address a critical vulnerability (CVE-2024-50623) affecting several industries. The flaw allows unpatched systems to be exploited for file access and remote code execution. Security firms are analyzing related malware linked to ongoing attacks, suggesting widespread exploitation. ### Meeting … Read more
December 12, 2024 at 05:15AM A critical vulnerability (CVE-2024-11972, CVSS 9.8) in the Hunk Companion WordPress plugin allows attackers to install malicious plugins, risking Remote Code Execution and other exploits. This flaw impacts all versions prior to 1.9.0 and has over 10,000 installations. Additionally, a related vulnerability in WPForms also poses risks. ### Meeting Takeaways … Read more
December 12, 2024 at 02:27AM A global law enforcement operation named PowerOFF has dismantled 27 stresser services used for DDoS attacks, arresting three administrators and identifying over 300 users. Coordinated by Europol and 15 countries, the initiative addresses the rising threat of cybercrime and highlights vulnerabilities in web application security. ### Meeting Takeaways – December … Read more
December 12, 2024 at 12:09AM Citrix has acquired two European companies, deviceTRUST and Strong Network, enhancing its security and cloud development capabilities. deviceTRUST focuses on secure device context management, while Strong Network offers customizable cloud development environments. Both will integrate into Citrix’s platform to enhance its zero trust tools and developer support. Pricing details remain … Read more
December 11, 2024 at 05:52PM The US government has charged Chinese national Guan Tianfeng for allegedly hacking 81,000 Sophos firewall devices in 2020 using a severe zero-day vulnerability (CVE-2020-12271). An arrest warrant has been issued, and a $10 million reward is offered for information about him and his operations in China. ### Meeting Takeaways: 1. … Read more
December 11, 2024 at 05:48PM In the 2024 MITRE ATT&CK Evaluation, Cynet achieved 100% Detection Visibility and 100% Protection, marking a significant milestone. The evaluation highlights the importance of understanding the cybersecurity vendor landscape. Cynet’s effectiveness makes it a preferred choice for SMEs and MSPs seeking robust cybersecurity solutions. ### Meeting Takeaways from 2024 MITRE … Read more
December 11, 2024 at 05:38PM Krispy Kreme experienced a cybersecurity incident affecting online ordering while retail operations remain unaffected. An SEC filing revealed unauthorized access to its IT systems, prompting ongoing investigations and external expert assistance. The company anticipates material business impact, though losses may be mitigated by cyber insurance. Customer data compromise remains unconfirmed. … Read more
December 11, 2024 at 04:51PM A security update for Safari 18.2, releasing December 11, 2024, addresses multiple type confusion issues (CVE-2024-44246, CVE-2024-54479, CVE-2024-54502, CVE-2024-54508, CVE-2024-54505, CVE-2024-54534). These vulnerabilities could lead to memory corruption from malicious web content. Updates are available for macOS Ventura and Sonoma. ### Meeting Takeaways **Apple ID**: 121846 **Release Date**: December 11, … Read more
December 11, 2024 at 04:47PM Cavero Quantum has developed a cryptographic system using symmetric keys to counter future threats from quantum computing and harvest now, decrypt later attacks. Their unique method ensures mutual key generation without sharing information publicly, aiming to enhance privacy and security across various industries, including finance and telecommunications. ### Meeting Takeaways: … Read more
December 11, 2024 at 04:06PM A new Android spyware, EagleMsgSpy, developed by Wuhan Chinasoft Token, facilitates surveillance by Chinese law enforcement. Operational since 2017, it targets various data types, including messages and location. Evidence ties it to public security bureaus, suggesting systematic government use. An iOS version is suspected but unverified. ### Meeting Takeaways: EagleMsgSpy … Read more