December 11, 2024 at 03:50PM Researchers at Oasis Security exploited a Microsoft Azure multifactor authentication vulnerability, dubbed “AuthQuake,” allowing unauthorized access to user accounts, including Microsoft 365 services. The flaw, caused by a lack of rate limits during MFA sign-in attempts, was fixed by Microsoft in October 2023. Recommendations for improved security were provided. ### … Read more
December 11, 2024 at 02:57PM Apple released significant security updates for iOS 18.2 and macOS Sequoia 15.2 to address vulnerabilities, including data leakage and code execution risks. Key patches target flaws in kernel, WebKit, and AppleMobileFileIntegrity components, and fix a critical defect in libexpat that could lead to unauthorized remote actions. ### Meeting Takeaways: 1. … Read more
December 11, 2024 at 02:05PM Krispy Kreme has reported a cybersecurity attack affecting online orders, revealing unauthorized access to its IT systems. Despite engaging cybersecurity experts, the incident is expected to significantly impact revenues and operations. The company faces potential costs related to recovery and restoration, while maintaining that fresh doughnuts remain available in stores. … Read more
December 11, 2024 at 01:56PM Russian cyber-espionage group Turla, also known as “Secret Blizzard,” is targeting Ukrainian military devices via Starlink by leveraging infrastructure from other threat actors, like Storm-0156 and Storm-1837. Their operations involve deploying custom malware, including Tavdig and KazuarV2, to gather intelligence on military activities. ### Meeting Takeaways: Turla Cyber Operations Targeting … Read more
December 11, 2024 at 01:36PM Russian threat actor Secret Blizzard has been using malware, specifically the Amadey bot, to deploy the Kazuar backdoor on Ukrainian military systems. This marks their continued strategy to utilize other hackers’ access for espionage. Microsoft reports the group uses various cyberattack methods to obtain covert intelligence. ### Meeting Takeaways – … Read more
December 11, 2024 at 01:33PM Multiple security vulnerabilities have been identified in macOS Sequoia 15.2. Issues range from unauthorized access to user data, memory handling problems, and permissions misconfigurations. Updates have been made to address these vulnerabilities, enhancing overall system security. The release date for the update is set for December 11, 2024. ### Meeting … Read more
December 11, 2024 at 01:23PM Krispy Kreme confirmed a cyberattack that disrupted operations, including online ordering, referencing a “cybersecurity incident.” The company took immediate steps with cybersecurity experts to investigate and mitigate the impact. The incident, likely a data-extortion ransomware attack, is expected to materially affect business operations until resolved. ### Meeting Takeaways: Krispy Kreme … Read more
December 11, 2024 at 12:20PM MITRE’s latest evaluation challenges security vendors to demonstrate their protection capabilities against modern attacks, focusing on ransomware and DPRK threats targeting Windows, Linux, and macOS. Trend Vision One achieved impressive detection rates but faced challenges in blocking all threats. The evaluations guide improvement and reinforce the importance of vigilance in … Read more
December 11, 2024 at 11:30AM The Romanian National Cybersecurity Directorate has confirmed that the Lynx ransomware gang breached Electrica Group, a major electricity supplier. While the attack is under investigation, critical systems remain unaffected. Electrica is collaborating with cybersecurity authorities, and the directorate advises scanning for malware and not paying ransom demands. ### Meeting Takeaways: … Read more
December 11, 2024 at 11:03AM Researchers from KU Leuven, University of Lubeck, and University of Birmingham introduced the BadRAM attack, utilizing $10 equipment to compromise AMD’s SEV-SNP technology by deceiving memory processors. This attack exploits rogue memory modules to manipulate memory mappings, leading to potential data integrity loss. AMD has implemented firmware updates to mitigate … Read more