Biztonsági szemle
2024. Dec. 11.
Biztonsági szemle
ISC Stormcast For Wednesday, December 11th, 2024 https://isc.sans.edu/podcastdetail/9250, (Wed, Dec 11th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
2024. Dec. 11.
Biztonsági szemle
Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary], (Wed, Dec 11th)
[This is a Guest Diary by Jean-Luc Hurier, an ISC intern as part of the SANS.edu BACS program]
2024. Dec. 11.
Biztonsági szemle
Spearphishing, rising ransomware attacks threaten utilities sectors
Sectors like water and energy face disproportional risks due to their unique role and IT/OT environments.
2024. Dec. 11.
Biztonsági szemle
Snowflake Rolls Out Mandatory MFA Plan
As part of the commitment to CISA's Secure by Design pledge, Snowflake will begin blocking sign-ins using single-factor authentication next year.
2024. Dec. 10.
Biztonsági szemle
Microsoft fixes 72 vulnerabilities in final 2024 Patch Tuesday
Sixteen critical flaws and 54 bugs designated as important priorities fixed for Windows, Office and Edge.
2024. Dec. 10.
Biztonsági szemle
FCC Proposes New Cybersecurity Rules for Telecoms
FCC Chairwoman Jessica Rosenworcel recommended "urgent action" to safeguard the nation's communications systems from real and present cybersecurity threats.
2024. Dec. 10.
Biztonsági szemle
Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday
The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.
2024. Dec. 10.
Biztonsági szemle
Critical OpenWrt bug enabling malicious firmware image installation addressed
Such a flaw, which could be exploited without authentication, stems from a command injection issue in Imagebuilder that enables arbitrary command injections in the build process and truncated SHA-256 hash collisions that allow reduced entropy that...
2024. Dec. 10.
Biztonsági szemle
North Korean APT blamed for Radiant Capital crypto heist
Citrine Sleet's intrusion against Radiant Capital commenced in September with the spoofing of a former contractor on Telegram to lure a Radiant developer into downloading a ZIP file featuring a decoy PDF file and the InletDrift macOS malware, which...
2024. Dec. 10.
Biztonsági szemle
Electrica Group impacted by ongoing ransomware attack
"...[A]ny disruptions in interaction with our consumers are the result of protective measures for internal infrastructure. These measures are temporary and are designed to ensure the security of the entire system," said Electrica Group.
2024. Dec. 10.
Biztonsági szemle
Over 11K youths affected by Datavant breach
Infiltration of a single user's email in a phishing attack between May 8 and May 9 allowed threat actors to compromise individuals' names, addresses, Social Security numbers, contact information, financial account details, health information...
2024. Dec. 10.
Biztonsági szemle
'Termite' Ransomware Likely Behind Cleo Zero-Day Attacks
The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks.