Daily News - Janeiro (12/01 - 18/01) - 03 Semana de 2025Information Security, Cyber Security, Privacy and Hacking News --- Daily Updates !! Weekly Resume...17/01Balancing usability and security in the fight against identity-based attacksCritical Flaws in WGS-804HPT Switches Enable RCE and Network ExploitationDORA Takes Effect: Financial Firms Still Navigating Compliance HeadwindsEU takes decisive action on healthcare cybersecurityEuropean Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to ChinaGoogle Releases Open Source Library for Software Composition AnalysisHomeowners are clueless about how smart devices collect their dataHow to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?MSSqlPwner: Open-source tool for pentesting MSSQL serversNew 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code BypassNoyb Files GDPR Complaints Against TikTok and Five Chinese Tech GiantsPython-Based Bots Exploiting PHP Servers Fuel Gambling Platform ProliferationStar Blizzard Targets WhatsApp in New CampaignUS Announces Sanctions Against North Korean Fake IT Worker NetworkU.S. Sanctions North Korean IT Worker Network Supporting WMD ProgramsVulnerabilities in SimpleHelp Remote Access Software May Lead to System Compromise16/012024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User RecordsAccelerated BlackBasta-like email attack examinedAmerican cycling clothing brand hit by ransomware attackBiden Tightens Software Supply Chain Security Requirements Ahead of Trump TakeoverBlack Basta Rapid-Fire Attack Blasted 1,165 Emails at 22 Target Mailboxes in 90 MinutesCalifornia Wildfire Exploited By Hackers To Launch Phishing AttacksChange Healthcare Ransomware Attack: Data Review “Substantially Complete”City of West Haven takes IT systems offline following a major cyber attackClop Ransomware exploits Cleo File Transfer flaw: dozens of claims, disputed breachesConfiguration files for 15,000 Fortinet firewalls leaked. Are yours among them?Critical SimpleHelp vulnerabilities fixed, update your server instances!Critical vulnerabilities remain unresolved due to prioritization gapsCrypto Phishing on Telegram Surged 2,000% Since November 2024: Scam SnifferCyber attack on Conad: Lynx group claims theft of confidential data and demands ransom in cryptoCybercriminals Impersonate Google Ads in Promoted Results to Exploit Advertiser AccountsDigital Operational Resilience Act (DORA) Compliance Costs Soar Past €1m for Many UK and EU BusinessesEnzo Biochem Agrees to Settlement in Class Action Suit Related to Ransomware AttackEU Steps Up Cyber Defense with Action Plan to Protect Critical Healthcare InfrastructureEU To Launch New Support Centre by 2026 to Boost Healthcare CybersecurityEyewear Wholesaler Data Breach Sparks Privacy ConcernsFlorida State Database Breach Sparks Public Data Security ConcernsFrench woman falls for faux Brad Pitt, loses $850K, gets cyberbulliedFTC scolds GoDaddy for neglecting basic cybersecurityFunkSec Ransomware Dominating Ransomware Attacks, Compromised 85 Victims in DecemberGoDaddy Accused of Serious Security Failings by FTCGoogle OAuth flaw exposes millions to data breach riskGoogle ‘Perpetual Hack’ Attack Steals Passwords And 2FA—Act NowGoogle Search ads are being hacked to steal account infoGravy Analytics Data Breach Sparks Privacy Concerns in the United StatesHackers Abusing Teams Chat For Remote Session & To Drop Black Basta MalwareHackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity StealerHackers Use Image-Based Malware and GenAI to Evade Email SecurityHackney Council buys new IT system to handle cyber incident-related housing backlogsHow CISOs can elevate cybersecurity in boardroom discussionsHuge “zombie” MikroTik router botnet spreads malware and obscures Russian hackersIllicit crypto volumes growJia Bo Sports Betting Platform Faces Potential Data Breach in ChinaJuly ransomware attack on OneBlood resulted in data heistLiberty Public Schools notifies families of data breach to student information systemMajor leak exposes 1.5 billion Weibo, DiDi, Shanghai Communist Party, and others’ recordsMassive Data Breach Exposes Over 1 Million U.S. Personal RecordsMetLife Data Breach Raises Privacy Concerns in the United StatesMicrosoft sues cybercriminals for breaching Azure OpenAI platformNew Hacking Group Leaks Configuration of 15,000 Fortinet FirewallsNew UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)New UEFI Secure Boot flaw exposes systems to bootkits, patch nowNew UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious BootkitsNew Zealand law firm Bell & Graham confirms ransomware attackNominet confirms network breach via Ivanti VPN Zero-Day vulnerabilityNorthborough-Southborough Public Schools (NSBORO) posts details on the PowerSchool data breachOne in ten AI prompts puts sensitive data at risk15/013 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update5 Emerging AI Threats Australian Cyber Pros Must Watch in 2025$675K Morrison Community Hospital data breach class action settlementA Warning For Millions Of iPhone Users: Beware Of This Text Phishing ScamAI email guardian hamstrung by powerful QR code and CAPTCHA combo cyberattackAlliance Public Schools Reports Data BreachBayMark Health Services says cyber attack compromised staff and patients' dataBridgewater-Raritan school software provider targeted in global cyberattackCatholic school board impacted by data breachChange This Setting to Avoid This Google Calendar Spoofing AttackChinese PlugX Malware Deleted in Global Law Enforcement OperationCISA Launches AI Cybersecurity Playbook to Strengthen Collective DefenseCISA Launches Playbook to Boost AI Cybersecurity CollaborationCodefinger ransomware gang uses compromised AWS keys to encrypt S3 bucketContextal Platform: Open-source threat detection and intelligenceCritical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE AttacksCVE-2024-44243 macOS flaw allows persistent malware installationCyberattack disclosed by Mortgage Investors Group after Black Basta claimsCybersecurity Incident Targets San Nicolás, Nuevo LeónCybersecurity is stepping into a new era of complexityDare County Schools provides update on recent online data breachE-Benefit Solution Notifies Consumers of Recent Data BreachEnhancing Health Care Cybersecurity: Bridging HIPAA Gaps with InnovationExcelsior Orthopaedics says data breach compromised the data of 357,000 patientsFBI Confirms It Deleted Files From 4,258 U.S.-Based ComputersFBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month OperationFBI removed PlugX malware from U.S. computersFBI Removes PlugX Malware from 4,200 U.S. Computers in PRC-Linked Cyber OperationFortinet Confirms Critical Zero-Day Vulnerability in FirewallsFortinet Vulnerability Exploited: Patch Now to Prevent Super-Admin BreachesGateshead Council suffers cyber attack and personal data stolenGlobal Data Breach Exposes 1.27TB of Sensitive InformationGoogle Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA CodesGoogle Cloud Researchers Uncover Flaws in Rsync File Synchronization ToolGranite School District reassures residents after data breach letter sparks scam fearsHackers are stealing Google Ads accounts to publish fake ads in a perpetual cycleHackers boast of health workers visa data breach, sparking police probeHackers Use CVE-2024-50603 to Deploy Backdoor on Aviatrix ControllersHow Role-Based Identity Management Can Protect Against AD- And Entra ID-Related RiskHow scammers are tricking Apple iMessage users into disabling phishing protectionI tested a VPN-ready router to secure my Wi-Fi connections - and I'm nearly sold on the ideaIllicit Crypto-Inflows Set to Top $51bn in a YearKnowBe4 research confirms effective security awareness training significantly reduces data breachesLazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99Massive Data Breach Exposes Personal Information of 125,000 EgyptiansMicrosoft Discovers macOS Flaw CVE-2024-44243, Bypassing SIPMicrosoft ends support for Office apps on Windows 10 in OctoberMicrosoft Patches Eight Zero-Days to Start the YearMulti-Cloud Adoption Surges Amid Rising Security ConcernsNationwide Data Breach Affecting Multiple Long Island School DistrictsNorth Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake DomainsOver 660,000 Rsync servers exposed to code execution attacksRsync vulnerabilities allow remote code execution on servers, patch quickly!Secureworks Exposes North Korean Links to Fraudulent CrowdfundingStop wasting money on ineffective threat intelligence: 5 mistakes to avoidThe CFO may be the CISO's most important business allyThe High-Stakes Disconnect For ICS/OT SecurityThe Top 8 Countries Leading the Cyber Defense Race in 2025University of Rwanda Faces Major Data Breach ConcernsU.S. CISA adds Fortinet FortiOS to its Known Exploited Vulnerabilities catalogUsing cognitive diversity for stronger, smarter cyber defenseWebsite Breach Reported for Ahmad Al Mutawa Platform in UAEWelcome Hall Mission Data Breach Sparks Privacy ConcernsWindows BitLocker bug triggers warnings on devices with TPMsWultra Secures €3M to Protect Financial Institutions from Quantum Threats14/014 Reasons Your SaaS Attack Surface Can No Longer be IgnoredA new campaign is likely targeting a zero-day in Fortinet FortiGate firewallsAI, Web3 and Decentralization: Tech Trends Shaping 2025’s Altcoin SeasonAllstate car insurer sued for tracking drivers without permissionApple vulnerability discovered: your camera and data could be at riskBeware cybersecurity tech that’s past its prime — 5 areas to check or retireBlockchain in cybersecurity: opportunities and challengesBoost up Your SOC & DFIR Operations with ANY.RUN's Threat Intelligence FeedsBreach of Lebanese Intelligence Database Sparks Security ConcernsBrowser-Based Cyber-Threats Surge as Email Malware DeclinesCISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active AttacksConnecticut city of West Haven assessing impact of cyberattackCritical Infrastructure Urged to Scrutinize Product Security During ProcurementCritical PowerDNS Vulnerabilities Let Attackers Gain Access to the Server RemotelyCritical SAP NetWeaver Vulnerabilities Let Attacker Gain Access to the systemDepartment of Justice (DOJ) confirms FBI operation that mass-deleted Chinese malware from thousands of US computersExtensive Personal Data Leak Reported in FranceFBI wipes Chinese PlugX malware from over 4,000 US computersFortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)Fortinet FortiGate Firewalls Under Attack By Exploit a Zero-Day VulnerabilityFortinet Released Security Updates to Fix 15 Vulnerabilities That Affect Multiple ProductsFortinet warns of auth bypass zero-day exploited to hijack firewallsGen AI strategies put CISOs in a stressful bindGoogle OAuth flaw lets attackers gain access to abandoned accountsGoogle OAuth “Sign in with Google” Vulnerability Exposes Millions of Accounts to Data TheftGoogle OAuth Vulnerability Exposes Millions via Failed Startup DomainsHackers use FastHTTP in new high-speed Microsoft 365 password attacksHackers Using Fake YouTube Links to Steal Login CredentialsHow AI and ML are transforming digital banking securityIllicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto TransactionsJanuary Windows updates may fail if Citrix SRA is installedMalicious actors’ GenAI use has yet to match the hypeMalicious Kong Ingress Controller Image Found on DockerHubManchester Law Firm Leads 15,000 to Sue Google and Microsoft over AI DataMassive Data Leak Targets U.S. Mobile HomeownersMicrosoft 365 apps crash on Windows Server after Office updateMicrosoft drops legal hammer on AI jailbreaksMicrosoft fixes actively exploited Windows Hyper-V zero-day flawsMicrosoft January 2025 Patch Tuesday: 8 Zero-Days, 3 Actively ExploitedMicrosoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flawsMicrosoft January 2025 Patch Tuesday – 159 Vulnerabilities Fixed, Including 10 Critical RCE'sMicrosoft Releases Windows 11 KB5050009 & KB5050021 cumulative UpdatesMicrosoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit InstallationNew AI Rule Aims to Prevent Misuse of US TechnologyNew Codefinger Ransomware Exploits AWS to Encrypt S3 BucketsNew Ransomware Encrypts Amazon S3 Buckets Using SSE-C EncryptionOneBlood Confirms Ransomware Attack – Donor’s Personal Information StolenOWASP Publishes First-Ever Top 10 “Non-Human Identities (NHI) Security RisksRemediation Times Drop Sharply as Cyber Hygiene Take Up SurgesRussia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malwareRussian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE MalwareRussia's largest platform for state procurement hit by cyberattack from pro-Ukraine groupSensitive Data Reportedly Exposed in Baghdad’s Al-Karkh RegionSmishing Attack Targets iMessage Users by Exploiting Built-In Phishing ProtectionsSoftware security awareness training is at an all-time lowTechnoBoom User Database Leak Raises Privacy ConcernsTennessee-based mortgage lender confirms December cyberattackThis is the year CISOs unlock AI’s full potentialThreat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency minersTikTok's last dance: the ‘spy’ you can’t quitUK Considers Ban on Ransomware Payments by Public BodiesUK Domain Registry Nominet Confirms Cyber Attack Exploiting Ivanti RCE Zero-DayUK Registry Nominet Breached Via Ivanti Zero-DayUS govt says North Korea stole over $659 million in crypto last yearZero-Day Vulnerability in PDF Files Leaking NTLM Data in Adobe & Foxit ReaderZero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed InterfacesWhat 2024 taught us about security vulnerabiltiesWindows 10 KB5049981 update released with new BYOVD blocklistWindows 11 KB5050009 & KB5050021 cumulative updates releasedWP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites13/014.2m impacted by Scholastic data beach7 Million OpenSea Emails Exposed: Crypto Community on High Alert for Phishing Threats33,542 Ivanti Connect Secure Instances Exposed as Exploitation of CVE-2025-0282 Unfolds100 Million macOS Users At Risk – New Banshee Malware Attacks Bypassing Apple’s XProtectA breach of Gravy Analytics’ huge trove of location data threatens the privacy of millionsAI revolutionizes phishing attacks, enables use of deepfakeAko Ransomware Abusing Windows API Calls To Detect Infected System LocationsAlleged Blender, Sinbad cryptomixer operators arrested, indictedAlleged Top Ransomware FunkSec Operators Appear to Develop Malware Using AI HelpAttackers are encrypting AWS S3 data without using ransomwareAviatrix Controller RCE Vulnerability Exploited In The WildChainsaw: Open-source tool for hunting through Windows forensic artefacts CISOs embrace rise in prominence — with broader business authorityClicks on phishing links in the workplace almost tripled in 2024 Credit Card Skimmer campaign targets WordPress via database injectionCyber Attack Hits Renowned University, Classes SuspendedCyberattack forces Dutch university to cancel lecturesCybersecurity researchers discover malware targeting macOS usersCritical macOS Sandbox Vulnerability (CVE-2024-54498) PoC Exploit Released OnlineCrypto industry alarmed as 7 million OpenSea email users’ leak resurfacesData breach compromises STIIIZY customers’ dataData Breach For Both Golden Hills And Christ The Redeemer School DivisionsDutch chipmaking giant ASML's key feeder university, located just 5 miles away, suspends lessons after cyber attackEindhoven University hit by cyber attack, perpetrators unknownEindhoven University of Technology suspends classes following cyberattackEmergency shutdown as top tech university grapples with cyberattackEU law enforcement training agency data breach: Data of 97,000 individuals compromisedEverest ransomware gang lists Aussie company Evidn as a victimExpired Domains Allowed Control Over 4,000 Backdoors on Compromised SystemsFour Years of CISA: A Policy Review of U.S. Cybersecurity and Infrastructure SecurityFurry Hacker Breaches Scholastic – Exposes Data of 8 Million PeopleGame developer deletes all social media accounts, suggests others should followGitHub CISO on security strategy and collaborating with the open-source communityGPU Driver Vulnerabilities in Imagination Let Attackers Gain Kernel Access RemotelyHacker Broke into ‘Path of Exile 2’ Admin Account, Hijacked Wave of CharactersHackers behind the TU Eindhoven cyber attack still unknown, no classes on TuesdayHackers Breach Telefonica Network, Leak 2.3 GB of Data OnlineHackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto MinersHackers Exploiting YouTube to Deliver Malware Bypassing Antivirus DetectionsiMessage text gets recipient to disable phishing protection so they can be phishedIndian EdTech platform Wissenhive targeted by ransomware groupInternational Civil Aviation Organization (ICAO) says nearly 12,000 impacted by recruitment data breachIvanti Rolls Out Patches to Mitigate Exploits in Connect Secure, Policy Secure, and ZTA GatewaysLocation tracking company Unacast tells Norway its data was hacked, broadcaster saysMajor cyberattack hits Slovakian land registryMaryland Secures $564K in Settlement Over Data Breach Impacting ThousandsMassive Data Breach at Gravy Analytics Exposes Location Data of Millions, Raising Privacy ConcernsMassive Data Breach Exposes Personal Information of 328,000 AustraliansMedusind Data Breach Exposes Over 360,000 Individuals’ Healthcare InfoMeet FunkSec: A New, Surprising Ransomware Group, Powered by AIMicrosoft MFA outage blocking access to Microsoft 365 appsMicrosoft Multi-Factor Authentication Down Blocking Office 365 Users AccessMicrosoft took legal action against crooks who developed a tool to abuse its AI-based servicesNetherlands’ Eindhoven University Hit by Cyberattack, Network Shut DownNew Amazon Ransomware Attack—‘Recovery Impossible’ Without PaymentNew Ransomware Group Uses AI to Develop Nefarious ToolsNew York Pursues £1.6 Million in Cryptocurrency Stolen in Job FraudOpenSea email breach puts crypto users at $1B phishing riskOppo, Realme phone brands in hot seat for data breachPayPal Phishing Attack; Cybercriminals Exploit Platform Features in Sophisticated ScamPeterborough Police warn residents about phishing scam targeting online usersPhishing campaign targeting Apple iMessagePhishing click rates tripled in 2024 despite user trainingPowerSchool Data Breach May Affect Southwestern Pa. SchoolsPro-Palestine Hacktivist Group ‘Mr. Hamza’ Claims MI6 DDoS Attack to Show PowerQuishing – The Rising Threat of QR Code Phishing in CybersecurityRansomware abuses Amazon AWS feature to encrypt S3 bucketsRansomware on ESXi: The mechanization of virtualized attacksResearchers Detailed ZAP Scanner’s Capabilities in Identifying Security FlawsScholastic suffers data breach exposing 8 million people, report saysSuperDraft data breach exposes more than 300,000 customer recordsTelefonica Breach Hits 20,000 Employees and Exposes Jira DetailsTelefónica confirms breach of internal ticketing system following data leakThree Cryptomixer Masterminds Charged Processing Ransomware PaymentsThree Russians Charged with Crypto Mixer Money LaunderingTime for a change: Elevating developers’ security skillsUkrainians in Portugal complain about data breachUS cannabis company hacked, customers’ passports exposedWEF Warns of Growing Cyber Inequity Amid Escalating Complexities in CyberspaceWordPress Skimmers Evade Detection by Injecting Themselves into Database Tables12/01ASML-Backed Dutch University Suspends Classes After Cyber AttackAudioPrints.com Database Reportedly CompromisedEindhoven University of Technology (TU Eindhoven) takes network offline after cyber attackIBM watsonx.ai Vulnerability Let Attackers Embed Arbitrary JavaScript Code in Web UIItaly Attacked by Pro Palestine Hackers MovementKaspersky Reveals AI Dangers In Perfecting Phishing FraudLocal schools affected by PowerSchool data breachMagic Unveiled: Happy Magic Trick Shop Database Reportedly LeakedMassive Vehicle Dealer Customer Data Leak Reported in ChinaNew Gmail Cyber Attack Confirmed— Encryption Key Hackers StrikeNew hacker attacks on Italy: banks, ports and companies targetedPayPal Phishing Attacks: New Cybersecurity Threat ExplainedPowerSchool data breach exposes millions of student and teacher recordsTU Eindhoven network taken offline after cyber attack, no classes on MondayDaily News - Janeiro (05/01 - 11/01) - 02 Semana de 2025
Information Security, Cyber Security, Privacy and Hacking News --- Daily Updates !! Weekly Resume...17/01Balancing usability and security in the fight against identity-based attacksCritical Flaws in WGS-804HPT Switches Enable RCE and Network ExploitationDORA Takes Effect: Financial Firms Still Navigating Compliance HeadwindsEU takes decisive action on healthcare cybersecurityEuropean Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to ChinaGoogle Releases Open Source Library for Software Composition AnalysisHomeowners are clueless about how smart devices collect their dataHow to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?MSSqlPwner: Open-source tool for pentesting MSSQL serversNew 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code BypassNoyb Files GDPR Complaints Against TikTok and Five Chinese Tech GiantsPython-Based Bots Exploiting PHP Servers Fuel Gambling Platform ProliferationStar Blizzard Targets WhatsApp in New CampaignUS Announces Sanctions Against North Korean Fake IT Worker NetworkU.S. Sanctions North Korean IT Worker Network Supporting WMD ProgramsVulnerabilities in SimpleHelp Remote Access Software May Lead to System Compromise16/012024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User RecordsAccelerated BlackBasta-like email attack examinedAmerican cycling clothing brand hit by ransomware attackBiden Tightens Software Supply Chain Security Requirements Ahead of Trump TakeoverBlack Basta Rapid-Fire Attack Blasted 1,165 Emails at 22 Target Mailboxes in 90 MinutesCalifornia Wildfire Exploited By Hackers To Launch Phishing AttacksChange Healthcare Ransomware Attack: Data Review “Substantially Complete”City of West Haven takes IT systems offline following a major cyber attackClop Ransomware exploits Cleo File Transfer flaw: dozens of claims, disputed breachesConfiguration files for 15,000 Fortinet firewalls leaked. Are yours among them?Critical SimpleHelp vulnerabilities fixed, update your server instances!Critical vulnerabilities remain unresolved due to prioritization gapsCrypto Phishing on Telegram Surged 2,000% Since November 2024: Scam SnifferCyber attack on Conad: Lynx group claims theft of confidential data and demands ransom in cryptoCybercriminals Impersonate Google Ads in Promoted Results to Exploit Advertiser AccountsDigital Operational Resilience Act (DORA) Compliance Costs Soar Past €1m for Many UK and EU BusinessesEnzo Biochem Agrees to Settlement in Class Action Suit Related to Ransomware AttackEU Steps Up Cyber Defense with Action Plan to Protect Critical Healthcare InfrastructureEU To Launch New Support Centre by 2026 to Boost Healthcare CybersecurityEyewear Wholesaler Data Breach Sparks Privacy ConcernsFlorida State Database Breach Sparks Public Data Security ConcernsFrench woman falls for faux Brad Pitt, loses $850K, gets cyberbulliedFTC scolds GoDaddy for neglecting basic cybersecurityFunkSec Ransomware Dominating Ransomware Attacks, Compromised 85 Victims in DecemberGoDaddy Accused of Serious Security Failings by FTCGoogle OAuth flaw exposes millions to data breach riskGoogle ‘Perpetual Hack’ Attack Steals Passwords And 2FA—Act NowGoogle Search ads are being hacked to steal account infoGravy Analytics Data Breach Sparks Privacy Concerns in the United StatesHackers Abusing Teams Chat For Remote Session & To Drop Black Basta MalwareHackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity StealerHackers Use Image-Based Malware and GenAI to Evade Email SecurityHackney Council buys new IT system to handle cyber incident-related housing backlogsHow CISOs can elevate cybersecurity in boardroom discussionsHuge “zombie” MikroTik router botnet spreads malware and obscures Russian hackersIllicit crypto volumes growJia Bo Sports Betting Platform Faces Potential Data Breach in ChinaJuly ransomware attack on OneBlood resulted in data heistLiberty Public Schools notifies families of data breach to student information systemMajor leak exposes 1.5 billion Weibo, DiDi, Shanghai Communist Party, and others’ recordsMassive Data Breach Exposes Over 1 Million U.S. Personal RecordsMetLife Data Breach Raises Privacy Concerns in the United StatesMicrosoft sues cybercriminals for breaching Azure OpenAI platformNew Hacking Group Leaks Configuration of 15,000 Fortinet FirewallsNew UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)New UEFI Secure Boot flaw exposes systems to bootkits, patch nowNew UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious BootkitsNew Zealand law firm Bell & Graham confirms ransomware attackNominet confirms network breach via Ivanti VPN Zero-Day vulnerabilityNorthborough-Southborough Public Schools (NSBORO) posts details on the PowerSchool data breachOne in ten AI prompts puts sensitive data at risk15/013 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update5 Emerging AI Threats Australian Cyber Pros Must Watch in 2025$675K Morrison Community Hospital data breach class action settlementA Warning For Millions Of iPhone Users: Beware Of This Text Phishing ScamAI email guardian hamstrung by powerful QR code and CAPTCHA combo cyberattackAlliance Public Schools Reports Data BreachBayMark Health Services says cyber attack compromised staff and patients' dataBridgewater-Raritan school software provider targeted in global cyberattackCatholic school board impacted by data breachChange This Setting to Avoid This Google Calendar Spoofing AttackChinese PlugX Malware Deleted in Global Law Enforcement OperationCISA Launches AI Cybersecurity Playbook to Strengthen Collective DefenseCISA Launches Playbook to Boost AI Cybersecurity CollaborationCodefinger ransomware gang uses compromised AWS keys to encrypt S3 bucketContextal Platform: Open-source threat detection and intelligenceCritical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE AttacksCVE-2024-44243 macOS flaw allows persistent malware installationCyberattack disclosed by Mortgage Investors Group after Black Basta claimsCybersecurity Incident Targets San Nicolás, Nuevo LeónCybersecurity is stepping into a new era of complexityDare County Schools provides update on recent online data breachE-Benefit Solution Notifies Consumers of Recent Data BreachEnhancing Health Care Cybersecurity: Bridging HIPAA Gaps with InnovationExcelsior Orthopaedics says data breach compromised the data of 357,000 patientsFBI Confirms It Deleted Files From 4,258 U.S.-Based ComputersFBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month OperationFBI removed PlugX malware from U.S. computersFBI Removes PlugX Malware from 4,200 U.S. Computers in PRC-Linked Cyber OperationFortinet Confirms Critical Zero-Day Vulnerability in FirewallsFortinet Vulnerability Exploited: Patch Now to Prevent Super-Admin BreachesGateshead Council suffers cyber attack and personal data stolenGlobal Data Breach Exposes 1.27TB of Sensitive InformationGoogle Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA CodesGoogle Cloud Researchers Uncover Flaws in Rsync File Synchronization ToolGranite School District reassures residents after data breach letter sparks scam fearsHackers are stealing Google Ads accounts to publish fake ads in a perpetual cycleHackers boast of health workers visa data breach, sparking police probeHackers Use CVE-2024-50603 to Deploy Backdoor on Aviatrix ControllersHow Role-Based Identity Management Can Protect Against AD- And Entra ID-Related RiskHow scammers are tricking Apple iMessage users into disabling phishing protectionI tested a VPN-ready router to secure my Wi-Fi connections - and I'm nearly sold on the ideaIllicit Crypto-Inflows Set to Top $51bn in a YearKnowBe4 research confirms effective security awareness training significantly reduces data breachesLazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99Massive Data Breach Exposes Personal Information of 125,000 EgyptiansMicrosoft Discovers macOS Flaw CVE-2024-44243, Bypassing SIPMicrosoft ends support for Office apps on Windows 10 in OctoberMicrosoft Patches Eight Zero-Days to Start the YearMulti-Cloud Adoption Surges Amid Rising Security ConcernsNationwide Data Breach Affecting Multiple Long Island School DistrictsNorth Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake DomainsOver 660,000 Rsync servers exposed to code execution attacksRsync vulnerabilities allow remote code execution on servers, patch quickly!Secureworks Exposes North Korean Links to Fraudulent CrowdfundingStop wasting money on ineffective threat intelligence: 5 mistakes to avoidThe CFO may be the CISO's most important business allyThe High-Stakes Disconnect For ICS/OT SecurityThe Top 8 Countries Leading the Cyber Defense Race in 2025University of Rwanda Faces Major Data Breach ConcernsU.S. CISA adds Fortinet FortiOS to its Known Exploited Vulnerabilities catalogUsing cognitive diversity for stronger, smarter cyber defenseWebsite Breach Reported for Ahmad Al Mutawa Platform in UAEWelcome Hall Mission Data Breach Sparks Privacy ConcernsWindows BitLocker bug triggers warnings on devices with TPMsWultra Secures €3M to Protect Financial Institutions from Quantum Threats14/014 Reasons Your SaaS Attack Surface Can No Longer be IgnoredA new campaign is likely targeting a zero-day in Fortinet FortiGate firewallsAI, Web3 and Decentralization: Tech Trends Shaping 2025’s Altcoin SeasonAllstate car insurer sued for tracking drivers without permissionApple vulnerability discovered: your camera and data could be at riskBeware cybersecurity tech that’s past its prime — 5 areas to check or retireBlockchain in cybersecurity: opportunities and challengesBoost up Your SOC & DFIR Operations with ANY.RUN's Threat Intelligence FeedsBreach of Lebanese Intelligence Database Sparks Security ConcernsBrowser-Based Cyber-Threats Surge as Email Malware DeclinesCISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active AttacksConnecticut city of West Haven assessing impact of cyberattackCritical Infrastructure Urged to Scrutinize Product Security During ProcurementCritical PowerDNS Vulnerabilities Let Attackers Gain Access to the Server RemotelyCritical SAP NetWeaver Vulnerabilities Let Attacker Gain Access to the systemDepartment of Justice (DOJ) confirms FBI operation that mass-deleted Chinese malware from thousands of US computersExtensive Personal Data Leak Reported in FranceFBI wipes Chinese PlugX malware from over 4,000 US computersFortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)Fortinet FortiGate Firewalls Under Attack By Exploit a Zero-Day VulnerabilityFortinet Released Security Updates to Fix 15 Vulnerabilities That Affect Multiple ProductsFortinet warns of auth bypass zero-day exploited to hijack firewallsGen AI strategies put CISOs in a stressful bindGoogle OAuth flaw lets attackers gain access to abandoned accountsGoogle OAuth “Sign in with Google” Vulnerability Exposes Millions of Accounts to Data TheftGoogle OAuth Vulnerability Exposes Millions via Failed Startup DomainsHackers use FastHTTP in new high-speed Microsoft 365 password attacksHackers Using Fake YouTube Links to Steal Login CredentialsHow AI and ML are transforming digital banking securityIllicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto TransactionsJanuary Windows updates may fail if Citrix SRA is installedMalicious actors’ GenAI use has yet to match the hypeMalicious Kong Ingress Controller Image Found on DockerHubManchester Law Firm Leads 15,000 to Sue Google and Microsoft over AI DataMassive Data Leak Targets U.S. Mobile HomeownersMicrosoft 365 apps crash on Windows Server after Office updateMicrosoft drops legal hammer on AI jailbreaksMicrosoft fixes actively exploited Windows Hyper-V zero-day flawsMicrosoft January 2025 Patch Tuesday: 8 Zero-Days, 3 Actively ExploitedMicrosoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flawsMicrosoft January 2025 Patch Tuesday – 159 Vulnerabilities Fixed, Including 10 Critical RCE'sMicrosoft Releases Windows 11 KB5050009 & KB5050021 cumulative UpdatesMicrosoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit InstallationNew AI Rule Aims to Prevent Misuse of US TechnologyNew Codefinger Ransomware Exploits AWS to Encrypt S3 BucketsNew Ransomware Encrypts Amazon S3 Buckets Using SSE-C EncryptionOneBlood Confirms Ransomware Attack – Donor’s Personal Information StolenOWASP Publishes First-Ever Top 10 “Non-Human Identities (NHI) Security RisksRemediation Times Drop Sharply as Cyber Hygiene Take Up SurgesRussia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malwareRussian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE MalwareRussia's largest platform for state procurement hit by cyberattack from pro-Ukraine groupSensitive Data Reportedly Exposed in Baghdad’s Al-Karkh RegionSmishing Attack Targets iMessage Users by Exploiting Built-In Phishing ProtectionsSoftware security awareness training is at an all-time lowTechnoBoom User Database Leak Raises Privacy ConcernsTennessee-based mortgage lender confirms December cyberattackThis is the year CISOs unlock AI’s full potentialThreat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency minersTikTok's last dance: the ‘spy’ you can’t quitUK Considers Ban on Ransomware Payments by Public BodiesUK Domain Registry Nominet Confirms Cyber Attack Exploiting Ivanti RCE Zero-DayUK Registry Nominet Breached Via Ivanti Zero-DayUS govt says North Korea stole over $659 million in crypto last yearZero-Day Vulnerability in PDF Files Leaking NTLM Data in Adobe & Foxit ReaderZero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed InterfacesWhat 2024 taught us about security vulnerabiltiesWindows 10 KB5049981 update released with new BYOVD blocklistWindows 11 KB5050009 & KB5050021 cumulative updates releasedWP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites13/014.2m impacted by Scholastic data beach7 Million OpenSea Emails Exposed: Crypto Community on High Alert for Phishing Threats33,542 Ivanti Connect Secure Instances Exposed as Exploitation of CVE-2025-0282 Unfolds100 Million macOS Users At Risk – New Banshee Malware Attacks Bypassing Apple’s XProtectA breach of Gravy Analytics’ huge trove of location data threatens the privacy of millionsAI revolutionizes phishing attacks, enables use of deepfakeAko Ransomware Abusing Windows API Calls To Detect Infected System LocationsAlleged Blender, Sinbad cryptomixer operators arrested, indictedAlleged Top Ransomware FunkSec Operators Appear to Develop Malware Using AI HelpAttackers are encrypting AWS S3 data without using ransomwareAviatrix Controller RCE Vulnerability Exploited In The WildChainsaw: Open-source tool for hunting through Windows forensic artefacts CISOs embrace rise in prominence — with broader business authorityClicks on phishing links in the workplace almost tripled in 2024 Credit Card Skimmer campaign targets WordPress via database injectionCyber Attack Hits Renowned University, Classes SuspendedCyberattack forces Dutch university to cancel lecturesCybersecurity researchers discover malware targeting macOS usersCritical macOS Sandbox Vulnerability (CVE-2024-54498) PoC Exploit Released OnlineCrypto industry alarmed as 7 million OpenSea email users’ leak resurfacesData breach compromises STIIIZY customers’ dataData Breach For Both Golden Hills And Christ The Redeemer School DivisionsDutch chipmaking giant ASML's key feeder university, located just 5 miles away, suspends lessons after cyber attackEindhoven University hit by cyber attack, perpetrators unknownEindhoven University of Technology suspends classes following cyberattackEmergency shutdown as top tech university grapples with cyberattackEU law enforcement training agency data breach: Data of 97,000 individuals compromisedEverest ransomware gang lists Aussie company Evidn as a victimExpired Domains Allowed Control Over 4,000 Backdoors on Compromised SystemsFour Years of CISA: A Policy Review of U.S. Cybersecurity and Infrastructure SecurityFurry Hacker Breaches Scholastic – Exposes Data of 8 Million PeopleGame developer deletes all social media accounts, suggests others should followGitHub CISO on security strategy and collaborating with the open-source communityGPU Driver Vulnerabilities in Imagination Let Attackers Gain Kernel Access RemotelyHacker Broke into ‘Path of Exile 2’ Admin Account, Hijacked Wave of CharactersHackers behind the TU Eindhoven cyber attack still unknown, no classes on TuesdayHackers Breach Telefonica Network, Leak 2.3 GB of Data OnlineHackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto MinersHackers Exploiting YouTube to Deliver Malware Bypassing Antivirus DetectionsiMessage text gets recipient to disable phishing protection so they can be phishedIndian EdTech platform Wissenhive targeted by ransomware groupInternational Civil Aviation Organization (ICAO) says nearly 12,000 impacted by recruitment data breachIvanti Rolls Out Patches to Mitigate Exploits in Connect Secure, Policy Secure, and ZTA GatewaysLocation tracking company Unacast tells Norway its data was hacked, broadcaster saysMajor cyberattack hits Slovakian land registryMaryland Secures $564K in Settlement Over Data Breach Impacting ThousandsMassive Data Breach at Gravy Analytics Exposes Location Data of Millions, Raising Privacy ConcernsMassive Data Breach Exposes Personal Information of 328,000 AustraliansMedusind Data Breach Exposes Over 360,000 Individuals’ Healthcare InfoMeet FunkSec: A New, Surprising Ransomware Group, Powered by AIMicrosoft MFA outage blocking access to Microsoft 365 appsMicrosoft Multi-Factor Authentication Down Blocking Office 365 Users AccessMicrosoft took legal action against crooks who developed a tool to abuse its AI-based servicesNetherlands’ Eindhoven University Hit by Cyberattack, Network Shut DownNew Amazon Ransomware Attack—‘Recovery Impossible’ Without PaymentNew Ransomware Group Uses AI to Develop Nefarious ToolsNew York Pursues £1.6 Million in Cryptocurrency Stolen in Job FraudOpenSea email breach puts crypto users at $1B phishing riskOppo, Realme phone brands in hot seat for data breachPayPal Phishing Attack; Cybercriminals Exploit Platform Features in Sophisticated ScamPeterborough Police warn residents about phishing scam targeting online usersPhishing campaign targeting Apple iMessagePhishing click rates tripled in 2024 despite user trainingPowerSchool Data Breach May Affect Southwestern Pa. SchoolsPro-Palestine Hacktivist Group ‘Mr. Hamza’ Claims MI6 DDoS Attack to Show PowerQuishing – The Rising Threat of QR Code Phishing in CybersecurityRansomware abuses Amazon AWS feature to encrypt S3 bucketsRansomware on ESXi: The mechanization of virtualized attacksResearchers Detailed ZAP Scanner’s Capabilities in Identifying Security FlawsScholastic suffers data breach exposing 8 million people, report saysSuperDraft data breach exposes more than 300,000 customer recordsTelefonica Breach Hits 20,000 Employees and Exposes Jira DetailsTelefónica confirms breach of internal ticketing system following data leakThree Cryptomixer Masterminds Charged Processing Ransomware PaymentsThree Russians Charged with Crypto Mixer Money LaunderingTime for a change: Elevating developers’ security skillsUkrainians in Portugal complain about data breachUS cannabis company hacked, customers’ passports exposedWEF Warns of Growing Cyber Inequity Amid Escalating Complexities in CyberspaceWordPress Skimmers Evade Detection by Injecting Themselves into Database Tables12/01ASML-Backed Dutch University Suspends Classes After Cyber AttackAudioPrints.com Database Reportedly CompromisedEindhoven University of Technology (TU Eindhoven) takes network offline after cyber attackIBM watsonx.ai Vulnerability Let Attackers Embed Arbitrary JavaScript Code in Web UIItaly Attacked by Pro Palestine Hackers MovementKaspersky Reveals AI Dangers In Perfecting Phishing FraudLocal schools affected by PowerSchool data breachMagic Unveiled: Happy Magic Trick Shop Database Reportedly LeakedMassive Vehicle Dealer Customer Data Leak Reported in ChinaNew Gmail Cyber Attack Confirmed— Encryption Key Hackers StrikeNew hacker attacks on Italy: banks, ports and companies targetedPayPal Phishing Attacks: New Cybersecurity Threat ExplainedPowerSchool data breach exposes millions of student and teacher recordsTU Eindhoven network taken offline after cyber attack, no classes on MondayDaily News - Janeiro (05/01 - 11/01) - 02 Semana de 2025
Comments