December 12, 2024 at 03:54AM Mozilla will remove the Do Not Track (DNT) toggle from Firefox 135, set for release on February 4, 2025. As DNT is often ignored by websites, users are encouraged to use the Global Privacy Control (GPC) instead, supported by newer privacy regulations. Browser extensions are also recommended for enhanced privacy. … Read more
December 11, 2024 at 04:51PM A security update for Safari 18.2, releasing December 11, 2024, addresses multiple type confusion issues (CVE-2024-44246, CVE-2024-54479, CVE-2024-54502, CVE-2024-54508, CVE-2024-54505, CVE-2024-54534). These vulnerabilities could lead to memory corruption from malicious web content. Updates are available for macOS Ventura and Sonoma. ### Meeting Takeaways **Apple ID**: 121846 **Release Date**: December 11, … Read more
December 9, 2024 at 03:03PM Researchers from Mandiant have demonstrated a method to bypass browser isolation using QR codes, allowing attackers to transmit commands to compromised devices. This technique exploits remote rendering processes to convey data visually, though it faces limitations, including latency and QR code size constraints. Mandiant still endorses browser isolation as a … Read more
December 3, 2024 at 04:06PM Cybercriminals are increasingly abusing Cloudflare’s ‘pages.dev’ and ‘workers.dev’ for phishing and malicious activities, with Fortra reporting a 198% rise in phishing incidents on Cloudflare Pages and a 104% increase on Cloudflare Workers. This exploitation leverages Cloudflare’s trusted reputation, complicating detection and allowing efficient phishing campaigns. **Meeting Takeaways:** 1. **Increase in … Read more
November 27, 2024 at 04:04PM A critical authentication bypass flaw (CVE-2024-11680) in ProjectSend allows attackers to exploit vulnerable versions to upload webshells and gain remote access. Despite a fix released on May 16, 2023, 99% of users remain vulnerable. Active exploitation has surged since September 2024, necessitating urgent updates to version r1750. ### Meeting Takeaways … Read more
November 27, 2024 at 06:23AM VulnCheck warns that threat actors are exploiting a severe vulnerability (CVE-2024-11680) in unpatched ProjectSend servers, allowing remote unauthorized access. Despite a patch released in May 2023, most servers remain unupdated, with 55% still vulnerable, leading to widespread exploitation and potential webshell installations. ### Meeting Takeaways: 1. **Vulnerability Overview**: – The … Read more
November 18, 2024 at 07:03AM Cybercriminals are increasingly exploiting vulnerabilities and human trust, affecting everyone and every organization. Recent threats include a zero-day flaw in Palo Alto firewall, hijacked domains, and phishing job offers targeting LinkedIn users. To defend against attacks, regular system updates and cybersecurity awareness are essential. ### Meeting Takeaways – Cybersecurity / … Read more
November 17, 2024 at 11:37AM A critical vulnerability (CVE-2024-10924) in the ‘Really Simple Security’ WordPress plugin allows unauthorized access due to improper user authentication handling. Wordfence warns it enables mass exploitation, urging forced updates. The flaw affects versions 9.0.0 to 9.1.1.1, with a fix released in version 9.1.2. Users must manually update to avoid risks. … Read more
November 8, 2024 at 08:04AM Recent updates to the Google mobile app for Android have caused shared links to be prepended with a “search.app” domain, raising user concerns about potential malware. This domain, similar to other link redirectors, allows Google to gather analytics and block unsafe content, though its lack of documentation remains puzzling. **Meeting … Read more
November 1, 2024 at 07:08AM Recent cyberattacks orchestrated by the pro-Russia group NoName057(16) targeted multiple UK councils, rendering websites inaccessible. Affected authorities included Bradford, Eastleigh, and Salford. The attacks stemmed from the UK’s support for Ukraine. Although confirmed attacks were limited, there are ongoing concerns about the psychological impact of such DDoS efforts. ### Meeting … Read more