Security Bulletin

More than 15,000 internet-exposed Four-Faith F3x24 and F3x36 routers could potentially be compromised in ongoing intrusions exploiting the high-severity operating system command injection flaw, tracked as CVE-2024-12856, according to The Hacker News.

Hackread reports that Cisco had another 4.84 GB of its 4.5 TB dataset compromised from an October breach of an unsecured DevHub portal exposed on Christmas Eve by IntelBroker, who previously leaked 2.9 GB of files from the same trove.

Security Affairs reports that numerous Italian websites — including those of the country's Ministry of Foreign Affairs, the Turin Transport Group, and the Linate and Malpensa airports — have been compromised as part of a distributed denial-of-service...

Utah-based consumer electronics accessories manufacturer ZAGG had its customers' credit card details compromised following a breach of the third-party FreshClicks app available through software-as-a-service e-commerce platform provider BigCommerce...

Cariad, the automotive software firm of Volkswagen Group, had data from nearly 800,000 Volkswagen, Audi, Skoda, and Seat electric vehicles inadvertently leaked by a misconfigured Amazon cloud storage, according to BleepingComputer.

Attacks with the new VBCloud malware have been deployed by Russian state-backed threat operation Cloud Atlas, also known as Clean Ursa, Oxygen, Inception, and Red October, to facilitate data theft against dozens of users, most of whom are in Russia...

The U.S. Department of Justice has finalized a rule banning the sales of Americans' biometric, geolocation, health, genomic, and financial data, as well as U.S. government data to adversarial nations, including China, Russia, Iran, North Korea...

Cyber insurance should augment your cybersecurity strategy — not replace it.

Proactive defenses, cross-sector collaboration, and resilience are key to combating increasingly sophisticated threats.

Organizations in the region should expect to see threat actors accelerate their use of AI tools and mount ongoing "harvest now, decrypt later" attacks for various malicious use cases.

DoS flaw actively exploited in production. Security pros warn teams to patch right away.

Security Weekly News' Adrian Sanabria discusses a collaborative approach to disrupting cybercrime with Fortinet's Derek Manky, chief security strategist and global VP of threat intelligence.