Attacks, Threats, and Vulnerabilities
The Insecure IoT Cloud Strikes Again: RCE on Ruijie Cloud-Connected Devices (Claroty) Team82's research of Ruijie Networks’ cloud and device ecosystem uncovered 10 vulnerabilities that would allow an attacker to execute arbitrary code on every cloud-connected device. Team82 also developed an attack called Open Sesame that allows an attacker using a chain of vulnerabilities to execute on code on a Ruij...
Oasis Security Research Team Discovers Microsoft Azure MFA Bypass (Oasis Security) Critical vulnerability could have allowed malicious actors to gain unauthorized access to users’ Microsoft accounts.
Advisory: Dubai Police Scam Alert (BforeAI) Researchers at BforeAI observed a recent surge in phishing attacks leveraging alleged communications from the Dubai Police, an integral part of the government
Widespread exploitation of Cleo file transfer software (CVE-2024-50623) (Rapid7) On Monday, December 9, multiple security firms began privately circulating reports of in-the-wild exploitation targeting Cleo file transfer software.
5 Email Attacks You Need to Know for 2025 (Abnormal) Explore five emerging email threats for 2025 and learn how AI-native solutions can protect your organization from evolving cyberattacks.
Cleo Software Actively Being Exploited in the Wild CVE-2024-50623 (Huntress) Huntress identified an emerging threat involving Cleo’s LexiCom, VLTransfer, and Harmony software, known as CVE-2024-50623, commonly used to manage file transfers. Read more about this emerging threat on the Huntress Blog.
Lookout Discovers New Chinese Surveillance Tool Used by Public Security (Lookout) Lookout researchers have discovered a new Chinese surveillance family used by Chinese law enforcement to collect extensive information from mobile devices.
Trends
ZeroFox Releases 2025 Threat Forecast Report Assessing Next Year’s External Cyber Threat Landscape (ZeroFox) Press Release December 12, 2024 ZeroFox Releases 2025 Threat Forecast Report Assessing Next Year’s External Cyber Threat Landscape | ZeroFox
TCS Launches 2025 Cybersecurity Outlook; GenAI, Cloud Security, and 'Zero Trust' Remain Key Priorities for Enterprises (TCS) TCS’ 2025 Cybersecurity Outlook finds that organizations that prepare for evolving cyber threats can build the necessary resilience to operate in an increasingly complex threat landscape
BlackFog: Personal Liability Concerns Impact 70% of Cybersecurity Leaders (BlackFog) 70% of cybersecurity leaders face personal liability concerns. Discover how it impacts governance, accountability, and cybersecurity practices.
ISC2 Survey: More Cybersecurity Leadership Training Needed (ISC2) Regardless of tenure, cybersecurity professionals in leadership positions receive limited training. Even those who have been in the profession the longest admit they have learned more from past experiences observing their managers, supervisors and leaders than they have through formal training opportunities, according to a recent member survey conducted by ISC2.
HP Wolf Security Study Reveals Platform Security Gaps That Threaten Organizations at Every Stage of the Device Lifecycle (HP Wolf Security) HP Inc. (NYSE: HPQ) today released a new report highlighting the far-reaching cybersecurity implications of failing to secure devices at every stage of their lifecycle.
The Impact of Cloud Security Services on the Financial Sector, Health Industry and Critical Infrastructure (Optiv) Discover how cloud security services protect the financial, healthcare and infrastructure sectors from cyber threats, ensuring security posture and resilience.
Bridging the Cyber Confidence Gap: Digital Resilience in the Public Sector (Splunk) Mick Baccio shares the findings of Splunk's report – conducted in collaboration with Foundry – on bridging the resilience gap across public and private sectors.
Marketplace
Astrix Raises $45M Series B to Redefine Identity Security for the AI Era (Astrix Security) The round, which brings the total raised to $85M, is led by Menlo Ventures through their Anthology Fund, a strategic partnership with Anthropic, alongside Workday Ventures and previous investors BVP, CRV, and F2
Silent Push Secures $10 Million Investment and Awardable Status on Tradewinds Solution Marketplace (Silent Push) Funding will fuel global expansion of the company's unrivaled ability to identify pre-weaponized attacker infrastructure through its Indicators of Future Attacks (IOFA) data. Reston, VA., December 11, 2024 - Silent Push, the leading preemptive cybersecurity intelligence company, announced today its $10 million financing round co-led by Ten Eleven Ventures and Stepstone Group LP. This combined
Products, Services, and Solutions
ISC2 Launches 2025 Online Cybersecurity Leadership Workshops to Equip Current and Future Cyber Leaders (ISC2) ISC2 survey reveals the leadership qualities most valued by cybersecurity professionals and uncovers shortage of formal leadership training opportunities.
Cortex XDR Delivers Unmatched 100% Detection in MITRE Evals 2024 (Palo Alto Networks Blog) Cortex XDR achieves 100% technique-level detection in the 2024 MITRE ATT&CK evaluation.
HackerOne Expands Capabilities of AI Copilot Hai as Adoption Surges 500% (HackerOne) Hai Now Offers Program Insights, So Customers Instantly Identify Trends Across Their HackerOne Programs for Faster, Strategic Decision Making
Bitdefender Excels in MITRE ATT&CK® Evaluations with Outstanding Alert Accuracy and Low False Positives, Critical for Security Team Efficiency (Bitdefender)
How RAD Security Saved One Customer $300K a Year in Cloud Spending and Became a Business Enabler (RAD Security) RAD Security helped a customer save over $300,000 a year in cloud spending by finding dormant resources and helping consolidate tools.
Coro Celebrates Monumental Year In 2024—Significant Business Growth, Industry Recognition, And Expanded Offerings (Coro Cybersecurity) Invigorated by a $100 million funding round, Coro accelerated its mission to empower SMBs and their service providers with powerful cybersecurity that’s
Previously Undetectable AI-Designed Cyberattacks Can Now Be Found in Minutes as CyTwist Launches Breakthrough Malware Detection Engine (PR Newswire) /PRNewswire/ -- Today, CyTwist, a leading cybersecurity platform countering Advanced Persistent Threats (APTs) and AI-engineered cyberattacks, launches its...
SonicWall and CrowdStrike Partner to Protect SMBs with MDR Offering (CrowdStrike) SonicWall's managed services combines with CrowdStrike's endpoint protection to deliver AI-powered solutions for SMBs.
Torq Expands Agentic AI Capabilities With Powerful New Autonomous, Collaborative Multi-Agent Framework For Security Operations (BusinessWire) Carvana Joins Fortune 500 Customer Base Using Torq Agentic AI To Dramatically Boost SOC Productivity Through Autonomous Incident Response and Escalation
SpecterOps Receives FedRAMP® High Authorization for BloodHound Enterprise Identity Attack Path Management Platform (SpecterOps) SpecterOps has achieved FedRAMP® High Authorization for BloodHound Enterprise (BHE), its Attack Path Management (APM) solution for securing Microsoft Active Directory and Azure AD/Entra ID. The certification was facilitated through a partnership with Palantir FedStart.
Legislation, Policy, and Regulation
Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' (The Record) U.S. Cyber Command and the National Security Agency are jointly led by a single four-star officer. Donald Trump made moves to end that arrangement in 2020, and sources say the idea is circulating again as the president-elect transitions into a new administration.