December 12, 2024 at 09:51AM Gamaredon, a Russia-linked threat actor, has developed two Android spyware tools, BoneSpy and PlainGnome, targeting Russian-speaking victims in former Soviet states. These tools gather extensive data from infected devices. Their use marks the first instance of mobile-only malware in Gamaredon’s campaigns, which also includes attempts against NATO countries. ### Meeting … Read more
December 12, 2024 at 08:28AM Oasis Security revealed a critical vulnerability, AuthQuake, allowing bypass of Microsoft’s multi-factor authentication (MFA). Reported in June, a temporary fix was issued before a permanent one in October. The exploit required no user interaction and could quickly grant access to sensitive accounts, affecting over 400 million Office 365 users. ### … Read more
December 12, 2024 at 07:39AM A recently patched vulnerability in Apple’s iOS and macOS could allow unauthorized access to sensitive user data by bypassing the TCC security framework. Tracked as CVE-2024-44131, this flaw was linked to the FileProvider component. Attackers could exploit it to intercept user actions without raising alerts. ### Meeting Takeaways – Dec … Read more
December 12, 2024 at 06:08AM Cleo has updated its Harmony, VLTrader, and LexiCom file transfer tools to address a critical vulnerability (CVE-2024-50623) affecting several industries. The flaw allows unpatched systems to be exploited for file access and remote code execution. Security firms are analyzing related malware linked to ongoing attacks, suggesting widespread exploitation. ### Meeting … Read more
December 11, 2024 at 05:48PM In the 2024 MITRE ATT&CK Evaluation, Cynet achieved 100% Detection Visibility and 100% Protection, marking a significant milestone. The evaluation highlights the importance of understanding the cybersecurity vendor landscape. Cynet’s effectiveness makes it a preferred choice for SMEs and MSPs seeking robust cybersecurity solutions. ### Meeting Takeaways from 2024 MITRE … Read more
December 11, 2024 at 05:38PM Krispy Kreme experienced a cybersecurity incident affecting online ordering while retail operations remain unaffected. An SEC filing revealed unauthorized access to its IT systems, prompting ongoing investigations and external expert assistance. The company anticipates material business impact, though losses may be mitigated by cyber insurance. Customer data compromise remains unconfirmed. … Read more
December 11, 2024 at 02:57PM Apple released significant security updates for iOS 18.2 and macOS Sequoia 15.2 to address vulnerabilities, including data leakage and code execution risks. Key patches target flaws in kernel, WebKit, and AppleMobileFileIntegrity components, and fix a critical defect in libexpat that could lead to unauthorized remote actions. ### Meeting Takeaways: 1. … Read more
December 11, 2024 at 02:05PM Krispy Kreme has reported a cybersecurity attack affecting online orders, revealing unauthorized access to its IT systems. Despite engaging cybersecurity experts, the incident is expected to significantly impact revenues and operations. The company faces potential costs related to recovery and restoration, while maintaining that fresh doughnuts remain available in stores. … Read more
December 11, 2024 at 01:33PM Apple’s iOS 18.2 and iPadOS 18.2 address multiple security vulnerabilities with improved checks and memory handling. Notable risks include potential unauthorized access to private information, memory corruption, and sensitive data leaks. Updates are available for iPhone XS and later, various iPad models, enhancing overall system security. ### Meeting Notes Summary … Read more
December 11, 2024 at 01:33PM Multiple security vulnerabilities have been identified in macOS Sequoia 15.2. Issues range from unauthorized access to user data, memory handling problems, and permissions misconfigurations. Updates have been made to address these vulnerabilities, enhancing overall system security. The release date for the update is set for December 11, 2024. ### Meeting … Read more