Aggregator

Inside the incident: Uncovering an advanced phishing attack

New Cleo zero-day RCE flaw exploited in data theft attacks

韩国网络巨头 Naver 创造了自己的发行版，提供十年支持

SaaS 巨头被勒索攻击，泄露 680GB 数据

As part of the commitment to CISA's Secure by Design pledge, Snowflake will begin blocking sign-ins using single-factor authentication next year.

勒索软件袭击了全球领先的心脏手术设备制造商 Artivion

The AI Fix #28: Robot dogs with bombs, and who is David Mayer?

Cybercriminal Gang 'Money Message' Claims Credit, Publishes Stolen Records
A Massachusetts hospital is notifying 316,000 people that their information was compromised in a cyberattack discovered nearly a year ago during Christmas 2023. Cybercriminal group Money Message claimed that it stole 600 gigabytes data, posting patient and employee records on the darkweb.

Flaw in Embedded Device Operating System Allowed Hackers to Bypass Integrity Check
A critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, tracked as CVE-2024-54143, with a CVSS score of 9.3.

deviceTrust, Strong Network Acquisitions Improve Zero Trust, Developer Protections
Citrix enhances its security for hybrid work by acquiring deviceTrust and Strong Network. Purchasing these European startups boosts protection for VDI, DaaS and cloud development, empowering organizations to enforce zero-trust principles and reduce risks across their hybrid environments.

Report: Financial Orgs Shift to Multi-Cloud to Address Cyber Threats and Regulation
Financial institutions are increasingly adopting multi-cloud strategies to mitigate rising cyber risks and comply with complex regulations, according to a new report. The move enhances flexibility and disaster recovery, though challenges remain, from implementation costs to a growing skills gap.

FCC Chairwoman Jessica Rosenworcel recommended "urgent action" to safeguard the nation's communications systems from real and present cybersecurity threats.

马来西亚收紧对互联网的控制

Microsoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities including an actively exploited zero-day. Microsoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities in Windows and Windows Components, Office and Office Components, SharePoint Server, Hyper-V, Defender for Endpoint, and System Center Operations Manager. 16 vulnerabilities are rated Critical, 54 are rated Important, and […]

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

Traveling for the Holidays? Your Digital Identity Is Along for the Ride

darkdump: Open Source Intelligence Interface for Deep Web Scraping

【情报资料】对叙利亚的经济制裁：关键的重新评估