Attacks, Threats, and Vulnerabilities
Further analysis of Denmark attacks leads to warning about unpatched network gear (The Record) Waves of incidents that seemed like a highly-targeted effort by a nation-state actor might have been less connected than originally thought, according to a new report by Forescout.
Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin (Wordfence) On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability makes it possible for unauthenticated threat actors to reset the API key used to authenticate to the mailer and view ...Read More
Akira, again: The ransomware that keeps on taking (SC Media) Seven months after our first investigation, a fuller portrait of the criminal gang and its tactics emerges
FBot Hacking Tool Targets Cloud, Payment Platforms (Decipher) A new Python-based hacking tool is leveraged by cybercriminals to target cloud and SaaS platforms, and payment services, like AWS, Office365, PayPal and Twilio.
Mirai-based NoaBot Botnet Targeting Linux Systems with Cryptominer (Hackread - Latest Cybersecurity News, Press Releases & Technology Today) Follow us on Twitter (X) @Hackread - Facebook @ /Hackread
Security Patches, Mitigations, and Software Updates
Urgent: GitLab Releases Patch for Critical Vulnerabilities - Update ASAP (The Hacker News) GitLab patches critical vulnerabilities! CVE-2023-7028 scores a perfect 10 on severity.
Juniper Networks Releases Security Bulletin for Junos OS and Junos OS Evolved | CISA (Cybersecurity and Infrastructure Security Agency CISA) Juniper Networks has released a security advisory to address a vulnerability (CVE-2024-21611) in Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition.
Trends
Five key trends for data protection in 2024 (Bangkok Post) 2024 promises to be a dynamic year. As we integrate artificial intelligence (AI) technology into businesses, the importance of responsible practices, vigilant oversight and continuous learning cannot be overstated.
Marketplace
Synagex Acquires Ascentek, Bolstering Managed IT Services (ChannelE2E) Synagex, a provider of managed IT and cybersecurity services, today announced the acquisition of Ascentek, a western Massachusetts information technology firm. Financial information was not disclosed.
Most Technology Fund Dollars Going to Cybersecurity (FEDweek) Cybersecurity initiatives were the focus of most of the grants from the Technology Modernization Fund in fiscal 2023, accounting for 10 of 18 awards and
Ballistic Ventures Adds Renowned Security Researchers Jaime Blasco and Marshall Heilman as Threat Intelligence Advisors (PR Newswire) /PRNewswire/ -- Ballistic Ventures, the venture capital firm dedicated exclusively to funding and incubating entrepreneurs and innovations in cybersecurity,...
Peraton Appoints New Advisory Board Members (PR Newswire) /PRNewswire/ -- Peraton today announced the appointment of four new Advisory Board members: Lt. Gen. Bob Ashley, retired, U.S. Army, and former director,...
Products, Services, and Solutions
Keeper Security enhances Granular Sharing for enterprise compliance (SecurityBrief Asia) Keeper Security enhances its Granular Sharing Enforcements in a move that will heighten visibility and control over how staff use and share credentials, aiding businesses in better meeting stringent security directives.
Cisco Recognized for IoT Security and Smart Manufacturing Innovation in 2024 IoT Breakthrough Awards Program (GlobeNewswire News Room) Prestigious Annual IoT Breakthrough Awards Program Honors Standout Internet-of-Things Companies and Products...
23 Best Free Spyware Removal Tools in 2024 (GeeksMint: Computers, How-to's, Internet, Tips and Tricks) In this article, we will talk about the best free spyware removal tools that can reliably detect, eliminate, and prevent spyware from infiltrating your devices.
Legislation, Policy, and Regulation
UK government accused of being misleading over new laws affecting encryption (The Record) The trade association techUK says the laws essentially grant a de facto power to the British government to "indefinitely veto companies from making changes to their products and services offered in the UK.”
Companies likely to incur significant costs to meet cyber agency’s standard for mobile app safety (www.singaporelawwatch.sg) Cybersecurity experts warned the costs incurred by companies to make their mobile applications safe could pile up, as malware and other malicious threats become more sophisticated. This comes after the Cyber Security Agency of Singapore on Wednesday (Jan 10) published a recommended standard for mobile apps, particularly for those that perform high-risk transactions, such as banking and e-commerce apps.
NSA says cybersecurity will gain many benefits with generative AI (ReadWrite) Will the use of generative AI in Cybersecurity help countries and nations combat threats in cyber wars? The NSA thinks so.
Litigation, Investigation, and Law Enforcement
French hacker from ‘ShinyHunters’ group sentenced to three years in US prison (The Record) Sebastien Raoult, also known as “Sezyo Kaizen,” was extradited to the U.S. in January 2023 after his arrest in Morocco the year before.