November 4, 2024 at 07:30AM The FBI is requesting information regarding Chinese cyber threat actors who are attempting to compromise Sophos edge devices, impacting both private and government organizations. The alert highlights ongoing cybersecurity concerns related to these hackers’ activities. **Meeting Takeaways:** 1. **Key Topic:** The FBI is actively seeking information regarding cyber threats posed … Read more
November 4, 2024 at 05:59AM The City of Columbus reported that a ransomware attack resulted in the theft of personal information belonging to 500,000 individuals. **Meeting Takeaways:** 1. **Incident Overview**: The City of Columbus experienced a ransomware attack. 2. **Data Compromised**: Personal information of approximately 500,000 individuals was stolen. 3. **Source of Information**: Details were … Read more
November 3, 2024 at 01:38PM The US Department of Justice charged six individuals in two fraud schemes involving IT contracts, defrauding the government of millions. The operations targeted various federal agencies, including the Department of Defense. In related news, an e-commerce fraud ring was disrupted, and Iranian hackers are using AI for new cyber threats. … Read more
November 1, 2024 at 07:10AM The US and Israel released an advisory detailing the cyber activities of Iranian firm Emennet Pasargad, now Aria Sepehr Ayandehsazan, highlighting their targeting of the Olympics and surveillance cameras. **Meeting Notes Takeaways:** 1. The US and Israel have released an advisory regarding the operations of the Iranian cyber firm known … Read more
October 31, 2024 at 04:10PM LottieFiles’ Lotti-Player project was compromised in a supply chain attack, injecting a crypto drainer into websites, potentially costing one victim $723,000 in Bitcoin. Affected versions were quickly replaced with a secure update. Users are advised to upgrade or be cautious of fraudulent wallet connection requests amid ongoing investigations into the … Read more
October 31, 2024 at 04:03PM The 2024 ISC2 Cybersecurity Workforce Study reveals a hiring halt in cybersecurity despite 90% of organizations facing skill shortages. Budget constraints are the primary obstacle, with job satisfaction dropping. However, 73% of workers seek to upskill, and many see artificial intelligence as a potential solution for workforce challenges. ### Meeting … Read more
October 31, 2024 at 12:50PM The LiteSpeed Cache plugin for WordPress fixed a high-severity privilege elevation flaw (CVE-2024-50550) enabling unauthenticated users to gain admin rights. The vulnerability stemmed from weak hash checks in the role simulation feature. A patch was released on October 17, 2024, but millions remain potentially exposed. ### Meeting Takeaways: 1. **Vulnerability … Read more
October 30, 2024 at 10:58AM The new FakeCall malware for Android hijacks users’ outgoing calls to banks, redirecting them to attackers. It features advanced voice phishing tactics, realistic interfaces, and can capture audio/video. Recent improvements include additional control functionalities and commands, making it a more dangerous banking trojan. Users are cautioned against installing APKs directly. … Read more
October 30, 2024 at 07:05AM A recent update of the LightSpy malware for iOS introduces more than a dozen new plugins, some featuring destructive capabilities. This development raises concerns about the malware’s potential impact on device security. **Meeting Takeaways:** 1. **Update on LightSpy Malware**: A newer version of the LightSpy malware specifically designed for iOS … Read more
October 28, 2024 at 05:51PM Windows 11 systems, even when fully patched, can be compromised through a technique demonstrated by SafeBreach’s Alon Leviev. His Windows Downdate tool allows attackers with admin access to downgrade critical OS components back to vulnerable versions, exposing systems to potential rootkit installation and exploitation. Microsoft is developing mitigations to address … Read more