Germany blocks BadBox malware loaded on 30,000 Android devices

December 13, 2024 at 11:49AM Germany’s Federal Office for Information Security (BSI) has successfully disrupted the BadBox malware operation, which was pre-installed in over 30,000 sold Android IoT devices in the country. **Meeting Takeaways:** 1. **Operation Disruption**: Germany’s Federal Office for Information Security (BSI) successfully disrupted the BadBox malware operation. 2. **Affected Devices**: The malware … Read more

In Other News: Gen Digital Makes $1B Buy, Recall Captures Sensitive Data, MITRE ATT&CK Evaluations

December 13, 2024 at 08:36AM SecurityWeek’s roundup highlights key cybersecurity stories, including China’s Salt Typhoon espionage revealing phone call recordings, WhatsApp’s fixed View Once feature, and Russia’s Secret Blizzard attacks in Ukraine. Notable developments include MITRE’s evaluations, Gen Digital’s $1 billion acquisition of MoneyLion, and Yahoo’s layoffs in its cybersecurity team. ### Key Takeaways from … Read more

Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog 

December 13, 2024 at 06:40AM Microsoft has patched two critical vulnerabilities: one in Windows Defender (CVE-2024-49071) related to information disclosure, and another in the Update Catalog (CVE-2024-49147) involving privilege escalation. These issues have been fully mitigated, requiring no action from users. Transparency remains a priority for Microsoft with CVE identifiers. **Meeting Takeaways: Microsoft Vulnerabilities Update** … Read more

Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

December 12, 2024 at 07:39AM A recently patched vulnerability in Apple’s iOS and macOS could allow unauthorized access to sensitive user data by bypassing the TCC security framework. Tracked as CVE-2024-44131, this flaw was linked to the FileProvider component. Attackers could exploit it to intercept user actions without raising alerts. ### Meeting Takeaways – Dec … Read more

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

December 11, 2024 at 10:36AM A new technique exploits Windows UI Automation to conduct malicious activities undetected by endpoint security. It allows for command execution, data theft, and access to messaging apps. Additionally, recent research highlights vulnerabilities in the DCOM protocol, enabling attackers to remotely write and execute payloads, creating embedded backdoors on target machines. … Read more

Snowflake Rolls Out Mandatory MFA Plan

December 11, 2024 at 08:46AM Snowflake will require all customers to enable multifactor authentication (MFA) by November 2025, following a three-phase policy change. After incidents of attacks on customers, this measure aims to enhance security, with guides available for migration. Failure to comply will result in access being blocked after specified deadlines. ### Meeting Takeaways: … Read more

Atlassian, Splunk Patch High-Severity Vulnerabilities

December 11, 2024 at 08:03AM Atlassian and Splunk issued patches for numerous vulnerabilities in their products. Atlassian fixed 10 high-severity flaws in various Data Center and Server applications, while Splunk addressed over 15 vulnerabilities, including a high-severity issue in its Secure Gateway app. Users are urged to update promptly; no exploits have been reported. **Meeting … Read more

Ubisoft fixes Windows 11 24H2 conflicts causing game crashes

December 9, 2024 at 03:36PM Microsoft has partially removed the compatibility hold on the Windows 24H2 update for systems with certain Ubisoft games, following bug fixes by Ubisoft that addressed crashes, freezes, and audio issues. **Meeting Takeaways:** 1. **Microsoft Update:** A compatibility hold on the Windows 24H2 update has been partially lifted. 2. **Affected Systems:** … Read more

OpenWrt orders router firmware updates after supply chain attack scare

December 9, 2024 at 09:07AM OpenWrt users are urged to upgrade to the same version due to a reported supply chain attack affecting the attended sysupgrade server. Vulnerabilities allow attackers to serve compromised firmware through command injection and weak hash issues. While risks are low, users should update immediately or apply specific commits to secure … Read more

QNAP Patches Vulnerabilities Exploited at Pwn2Own

December 9, 2024 at 08:29AM QNAP Systems announced security patches for vulnerabilities discovered at Pwn2Own Ireland 2024, including a severe command injection flaw (CVE-2024-50393) and a CRLF injection bug (CVE-2024-48868), both with CVSS scores of 8.7. Users are urged to update their systems to protect against potential attacks. ### Meeting Takeaways 1. **Vulnerability Patches Released**: … Read more