November 18, 2024
- T-Mobile Also Targeted in Chinese Telecom Hacking Campaign
Source: Security Week
Summary: T-Mobile has been targeted by Salt Typhoon, a Chinese group engaged in a major espionage campaign targeting US telecom companies. - Industry Moves for the week of November 18, 2024 - SecurityWeek
Source: Security Week
Summary: Highlights significant industry changes for the week of November 18, 2024, providing insights into emerging trends and developments. - Exploit attempts for unpatched Citrix vulnerability
Source: SANS
Summary: Details a new, unpatched vulnerability in Citrix Virtual Apps and Desktops, potentially compromising remote access solutions. - NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit
Source: The Hacker News
Summary: Legal documents reveal that NSO Group continued using WhatsApp exploits for Pegasus spyware, despite an ongoing lawsuit from Meta. - Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites
Source: The Hacker News
Summary: A vulnerability in the Really Simple Security plugin could allow attackers to gain full administrative access to affected sites.
November 17, 2024
- Ancient TP-Link Backdoor Discovered by Attackers
Source: SANS
Summary: Vulnerabilities in older TP-Link routers have been exploited, reflecting ongoing threats from dated infrastructure weaknesses.
November 16, 2024
- Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist
Source: Wired
Summary: Ilya Lichtenstein is sentenced to five years for laundering billions of dollars in Bitcoin following the 2016 Bitfinex hack. - PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released
Source: The Hacker News
Summary: Palo Alto Networks disclosed indicators of compromise for an actively exploited zero-day in its PAN-OS firewall interface. - Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
Source: The Hacker News
Summary: A Fortinet vulnerability has been exploited by BrazenBamboo to steal VPN credentials using the DEEPDATA malware framework.
November 15, 2024
- Homeland Security Department Releases Framework for Using AI in Critical Infrastructure
Source: Security Week
Summary: A framework recommending safeguards for AI use in critical infrastructure prioritizes privacy, user safety, and ethical practices. - SurePath AI Raises $5.2 Million for Gen-AI Governance Solution
Source: Security Week
Summary: SurePath AI secures funding to help enterprises securely integrate generative AI solutions into their systems. - Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover
Source: Security Week
Summary: A flaw in a WordPress plugin jeopardized millions of websites, enabling administrative control by attackers. - The best secure browsers for privacy in 2024: Expert tested
Source: Zero Day Weekly
Summary: Lists and evaluates the most secure browsers offering advanced privacy features and ad-blocking capabilities.
November 14, 2024
- Cybersecurity in Crisis: How to Combat the $10.5 Trillion Cybercrime Surge
Source: Cybercrime Magazine
Summary: Discusses strategies to mitigate the projected $10.5 trillion annual global cybercrime costs by 2025. - HackerOne urges U.S. to advocate for research protections in UN cybercrime treaty
Source: CyberScoop
Summary: Highlights concerns over the UN cybercrime treaty's ambiguous language that could hinder ethical security research.