November 19, 2024 at 03:40PM SecurityWeek Network offers extensive resources on cybersecurity topics, including news on malware, cybercrime, ransomware, and data breaches. It features events like the ICS Cybersecurity Conference, daily newsletters, and insights into various security sectors, ensuring subscribers stay informed on key cybersecurity trends and practices. Unsubscribe options are available. ### Meeting Takeaways: … Read more
November 19, 2024 at 03:15PM Ford is investigating a potential data breach involving 44,000 customer records allegedly leaked by a hacker on a forum. The records, which include identifiable information, could facilitate phishing attacks. The company is currently assessing the situation, acknowledging the seriousness of the claims, and advising caution regarding unsolicited communications. ### Meeting … Read more
November 19, 2024 at 03:02PM A recent EPA study found that nearly one-third of U.S. drinking water systems have cybersecurity vulnerabilities, affecting approximately 82.7 million people. The agency lacks a tracking system for potential attacks, relies on DHS for incident reporting, and faces ongoing challenges in enhancing cybersecurity amidst aging infrastructure. ### Meeting Takeaways: 1. … Read more
November 19, 2024 at 03:00PM Oracle has addressed a critical unauthenticated file disclosure vulnerability (CVE-2024-21287) in its Agile PLM software, which was exploited as a zero-day. Users are urged to update immediately to prevent unauthorized file access. The flaw was reported by CrowdStrike and has a CVSS score of 7.5. **Meeting Takeaways:** 1. **Vulnerability Identified**: … Read more
November 19, 2024 at 02:43PM Apple has addressed two security vulnerabilities in visionOS 2.1.1 for the Apple Vision Pro, with release set for November 19, 2024. CVE-2024-44308 involves potential arbitrary code execution from malicious web content, while CVE-2024-44309 addresses cookie management issues that could lead to cross-site scripting attacks. ### Meeting Notes Takeaways 1. **Upcoming … Read more
November 19, 2024 at 01:57PM Ransomware gangs like Apos, Lynx, and Rabbit Hole are recruiting pen testers to enhance their operations, reflecting the professionalization of Russian cybercrime. A Cato Networks report highlights the growing threat of ransomware, unauthorized AI, and underutilization of Transport Layer Security (TLS) in cybersecurity practices. ### Meeting Takeaways 1. **Ransomware Gangs … Read more
November 19, 2024 at 01:54PM Apple released updates on November 19, 2024, addressing CVE-2024-44308 and CVE-2024-44309, which involved vulnerabilities that could lead to arbitrary code execution and cross-site scripting attacks, respectively. The issues were reported to have been actively exploited on Intel-based Macs and affect iOS and iPadOS 18.1.1 devices. ### Meeting Takeaways **Release Information:** … Read more
November 19, 2024 at 01:54PM Apple has addressed two security vulnerabilities in macOS Sequoia 15.1.1 (CVE-2024-44308 and CVE-2024-44309), which involve arbitrary code execution and cross-site scripting attacks, respectively. Both issues may have been actively exploited on Intel-based Mac systems, with updates now available. Release date is November 19, 2024. **Meeting Takeaways:** 1. **Release Information:** – … Read more
November 19, 2024 at 01:54PM Two vulnerabilities (CVE-2024-44308 and CVE-2024-44309) in iOS 17.7.2 and iPadOS 17.7.2 could allow arbitrary code execution and cross-site scripting attacks, respectively, on Intel-based Macs. Updates are available for various iPhone and iPad models starting from iPhone XS and iPad Air 3rd generation onward. ### Meeting Takeaways **Release Information:** – **Release … Read more
November 19, 2024 at 01:21PM Russian cybercriminal Evgenii Ptitsyn, 42, appeared in a Maryland court after extradition from South Korea. He faces charges for operating the Phobos ransomware, allegedly extorting over $16 million from more than 1,000 victims globally. He could face significant prison time if convicted on multiple counts, including wire fraud and extortion. … Read more