IT officials at PRT are still examining whether data was stolen and pledged to provide public updates as the investigation evolves.
The biggest crypto heist of 2024 was conducted by seasoned cybercriminals working on behalf of North Korea’s government, according to the FBI.
The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed the new version BellaCPP, said it discovered the artifact as part of a "recent" investigation into a compromised machine in Asia that was also infected with the BellaCiao malware. BellaCiao was first
Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices," Claroty researchers Noam Moshe and Tomer Goldschmidt said in a recent analysis. "The vulnerabilities, if
The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system. "An SQL injection
Source: grahamcluley.com – Author: Graham Cluley Skip to content In episode 30 of The AI Fix, AIs are caught lying to avoid being turned off, Apple’s AI flubs a headline, ChatGPT is available to people who haven’t left the 1970s, our hosts regret to inform you that an AI artist now has a personality, and show more ... […] La entrada The AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!) – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.securityweek.com – Author: Ryan Naraine The Federal Bureau of Investigation (FBI) is publicly blaming North Korean government hackers for a $308 million cryptocurrency heist from Bitcoin.DMM.com earlier this year. A brief statement from the FBI said it worked with Japan’s National Police Agency show more ... (NPA) to trace the theft of 4,502.9 BTC to “TraderTraitor,” a […] La entrada FBI Blames North Korea for $308M Cryptocurrency Hack as Losses Surge in 2024 – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.securityweek.com – Author: Ionut Arghire American Addiction Centers is notifying more than 422,000 people that their personal information was stolen in a recent data breach. The Brentwood, Tennessee-based organization provides inpatient and outpatient substance abuse treatment services through a show more ... network of rehabilitation facilities across multiple states. It employs over 2,700 people. The incident was […] La entrada American Addiction Centers Data Breach Impacts 422,000 People – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.securityweek.com – Author: Eduard Kovacs The 2025 National Defense Authorization Act (NDAA), signed into law by President Biden on Monday, authorizes several cyber-related initiatives, including funding for the FCC’s Rip-and-Replace program. Over the past several years the US has been working on show more ... removing China-made equipment from telecommunications networks due to the cyber and national […] La entrada 2025 NDAA Provides $3 Billion Funding for FCC’s Rip-and-Replace Program – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.securityweek.com – Author: Ionut Arghire Adobe on Monday warned that proof-of-concept (PoC) code exists for a fresh ColdFusion vulnerability. Tracked as CVE-2024-53961 (CVSS score of 7.4), the security defect is described as a path traversal issue leading to arbitrary file system read if the show more ... ‘pmtagent’ package is installed on the ColdFusion server. “An attacker could […] La entrada Adobe Patches ColdFusion Flaw at High Risk of Exploitation – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: hackread.com – Author: Deeba Ahmed. SUMMARY 30,000 Public Workspaces Exposed: CloudSEK identifies massive data leaks from Postman workspaces. Sensitive Data at Risk: Leaks include API keys, tokens, and administrator credentials. Major Platforms Affected: GitHub, Slack, and Salesforce among the impacted show more ... services. Key Causes: Misconfigured access, plaintext storage, and public sharing of collections. Mitigation Steps: […] La entrada Postman Workspaces Leak 30000 API Keys and Sensitive Tokens – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: go.theregister.com – Author: Jessica Lyons After the Mozi botnet mysteriously disappeared last year, a new and seemingly more powerful botnet, Androxgh0st, rose from its ashes and has quickly become a major threat to critical infrastructure. As of December, at least one security shop suspects the new show more ... hybrid botnet is being weaponized by the Chinese […] La entrada How Androxgh0st rose from Mozi’s ashes to become ‘most prevalent malware’ – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: go.theregister.com – Author: Connor Jones Feature Your Christmas holidays looked quite different in the ’80s to how they do today. While some will remember what it was like to wake up on the 25th back then, some of you won’t even have been born. The food hasn’t changed much. Turkey, show more ... stuffing, Brussels sprouts… that’s […] La entrada What do ransomware and Jesus have in common? A birth month and an unwillingness to die – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: go.theregister.com – Author: Richard Speed The UK’s Information Commissioner’s Office (ICO) has warned that many adults don’t know how to wipe their old devices, and a worrying number of young people just don’t care. Clearing personal data off an old device is an important step show more ... before ditching it or handing it on to another […] La entrada One third of adults can’t delete device data – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityboulevard.com – Author: mykola myroniuk In our last post, we discussed the powerful, yet potentially risky nature of web pixels. Now, let’s dive into how you can assess your organization’s use of these digital trackers and uncover potential privacy vulnerabilities. Conducting a Thorough show more ... Audit Think of this audit as a detective investigation, where you […] La entrada Unmasking the Risks: Auditing Your Web Pixel Usage – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini December 24, 2024 Adobe released out-of-band security updates to address a critical ColdFusion vulnerability, experts warn of a PoC exploit code available for it. Adobe released out-of-band security updates to address a critical show more ... vulnerability, tracked as CVE-2024-53961 (CVSS score 7.4), in ColdFusion. Experts warn of the availability of a […] La entrada Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini December 24, 2024 The Apache Software Foundation fixed a Tomcat server software flaw that could lead to remote code execution under certain conditions. The Apache Software Foundation (ASF) addressed an important vulnerability, tracked show more ... as CVE-2024-56337, in its Tomcat server software. The researchers warn that exploiting this vulnerability […] La entrada Apache Foundation fixed a severe Tomcat vulnerability – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: hackread.com – Author: Deeba Ahmed. SUMMARY NSO Group Held Accountable: A U.S. court ruled against NSO Group for hacking WhatsApp accounts, violating U.S. law and its terms of service. Pegasus Spyware Abuse: NSO exploited a WhatsApp flaw to install Pegasus spyware on 1,400 devices, targeting activists, show more ... journalists, and officials. WhatsApp Lawsuit Victory: WhatsApp sued […] La entrada WhatsApp Wins Lawsuit Against Israeli Spyware Maker NSO Group – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: hackread.com – Author: Owais Sultan. Fintech thrives on innovation, but cybersecurity requires a proactive approach. AI, predictive intelligence, and tailored strategies safeguard against risks, ensuring trust, resilience, and growth. Let’s be honest, there are moments when the fintech industry seems show more ... like the Wild West. Risk is rising along with innovation. We’re creating amazing things […] La entrada The Fintech Wild West: Why Preventive Cybersecurity Is Essential for Survival – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: sec.cloudapps.cisco.com – Author: . Multiple Cisco Products Snort Rate Filter Bypass Vulnerability Medium CVE-2024-20342 CWE-1025 Download CSAF Email Summary Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an show more ... unauthenticated, remote attacker to bypass a configured rate limiting filter. This vulnerability is […] La entrada Multiple Cisco Products Snort Rate Filter Bypass Vulnerability – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: sec.cloudapps.cisco.com – Author: . Cisco Firepower Threat Defense Software TCP Snort 3 Detection Engine Bypass Vulnerability Medium CVE-2024-20407 CWE-399 Download CSAF Email Summary A vulnerability in the interaction between the TCP Intercept feature and the Snort 3 detection engine on Cisco Firepower show more ... Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass […] La entrada Cisco Firepower Threat Defense Software TCP Snort 3 Detection Engine Bypass Vulnerability – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.schneier.com – Author: Bruce Schneier HomeBlog Spyware Maker NSO Group Found Liable for Hacking WhatsApp A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a show more ... legal […] La entrada Spyware Maker NSO Group Found Liable for Hacking WhatsApp – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: thehackernews.com – Author: . Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. “These vulnerabilities affect both the Reyee platform, as well as show more ... Reyee OS network devices,” Claroty researchers Noam Moshe and Tomer Goldschmidt said […] La entrada Ruijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: thehackernews.com – Author: . The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection show more ... vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 […] La entrada Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: thehackernews.com – Author: . The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed the new version BellaCPP, said it discovered the artifact as part of a show more ... “recent” investigation into a compromised machine in Asia that […] La entrada Iran’s Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.csoonline.com – Author: Die physische Sicherheit von Gebäudekomplexen und Geräten zu gewährleisten, kann ebenso herausfordernd sein wie Cyberbedrohungen abzuwehren. Wenn physische Security nur immer so simpel umzusetzen wäre… Foto: Leremy | shutterstock.com Obwohl CISOs im Allgemeinen show more ... eher selten mit dem gesamten Spektrum der Gesundheits- und Arbeitssicherheitsbelange betraut sind, spielen sie diesbezüglich doch eine wichtige, […] La entrada 10 essenzielle Maßnahmen für physische Sicherheit – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.csoonline.com – Author: Beyond the usual playbook, nation-state actors in 2024 relied on a mix of advanced tactics, including sophisticated backdoors and stealthy LOTL, to compromise critical systems for espionage. In 2024, nation-state cyber activity was off the charts, with Chinese, Russian, and show more ... Iranian actors leading the charge. Their campaigns weren’t just relentless — […] La entrada The 2024 cyberwar playbook: Tricks used by nation-state actors – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
