CyberHappenings Logo

First Reported

Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting

A Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign targeting victims' WhatsApp accounts, using a broken quick response (QR) code in an email to trick the recipient into joining a fake WhatsApp group. The campaign aims to exploit WhatsApp's QR code feature to gain unauthorized access to victims' messages and exfiltrate data via browser add-ons.

First Reported: 2025-01-16 23:42:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Russian, Star Blizzard, WhatsApp, WhatsApp, WhatsApp

Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting

A Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign targeting victims' WhatsApp accounts, using a broken quick response (QR) code in an email to trick the recipient into joining a fake WhatsApp group. The campaign aims to exploit WhatsApp's QR code feature to gain unauthorized access to victims' messages and exfiltrate data via browser add-ons.

First Reported: 2025-01-16 23:42:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Russian, Star Blizzard, WhatsApp, WhatsApp, WhatsApp

Simplifying Trust Management with DigiCert ONE: A Technical Webinar

A free webinar hosted by DigiCert to demonstrate their ONE platform, which aims to simplify and automate trust management for devices, users, and workloads in hybrid environments. The webinar will showcase how to centralize control, automate security, implement secure software signing practices, and ensure compliance.

First Reported: 2025-01-16 17:55:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: DigiCert

Simplifying Trust Management with DigiCert ONE: A Technical Webinar

A free webinar hosted by DigiCert to demonstrate their ONE platform, which aims to simplify and automate trust management for devices, users, and workloads in hybrid environments. The webinar will showcase how to centralize control, automate security, implement secure software signing practices, and ensure compliance.

First Reported: 2025-01-16 17:55:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: DigiCert

Bypassing Microsoft's Group Policy to Enable NTLMv1 Authentication

A misconfiguration in on-premise applications can override Microsoft's Active Directory Group Policy, effectively allowing NTLMv1 authentication despite restrictions. This happens due to a simple setting in the Netlogon Remote Protocol (MS-NRPC) that enables NTLMv1 authentication when only NTLMv2 is allowed.

First Reported: 2025-01-16 16:50:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Microsoft, Active Directory Group Policy, MS-NRPC

Bypassing Microsoft's Group Policy to Enable NTLMv1 Authentication

A misconfiguration in on-premise applications can override Microsoft's Active Directory Group Policy, effectively allowing NTLMv1 authentication despite restrictions. This happens due to a simple setting in the Netlogon Remote Protocol (MS-NRPC) that enables NTLMv1 authentication when only NTLMv2 is allowed.

First Reported: 2025-01-16 16:50:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Microsoft, Active Directory Group Policy, MS-NRPC

Malware Concealment via Image Hiding

Threat actors have been hiding malware in images to deliver keyloggers and info-stealers, exploiting vulnerabilities in Microsoft Excel and utilizing AI-generated HTML files.

First Reported: 2025-01-16 16:45:00

Last Updated: None

Source Count: 1

CVEs: CVE-2017-11882

Key Entities: Microsoft Excel, HTML, CVE-2017-11882

Malware Concealment via Image Hiding

Threat actors have been hiding malware in images to deliver keyloggers and info-stealers, exploiting vulnerabilities in Microsoft Excel and utilizing AI-generated HTML files.

First Reported: 2025-01-16 16:45:00

Last Updated: None

Source Count: 1

CVEs: CVE-2017-11882

Key Entities: Microsoft Excel, HTML, CVE-2017-11882

Integrating Threat Detection, Investigation, and Response (TDIR) Frameworks for Enhanced Cybersecurity

The Happening: Implementing a comprehensive Threat Detection, Investigation, and Response (TDIR) framework within organizations to enhance cybersecurity posture and operational resilience. The TDIR approach integrates advanced technologies, skilled professionals, and well-defined processes to anticipate, identify, and address threats swiftly.

First Reported: 2025-01-16 15:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Threat Detection, Investigation, Response (TDIR, TDIR

Integrating Threat Detection, Investigation, and Response (TDIR) Frameworks for Enhanced Cybersecurity

The Happening: Implementing a comprehensive Threat Detection, Investigation, and Response (TDIR) framework within organizations to enhance cybersecurity posture and operational resilience. The TDIR approach integrates advanced technologies, skilled professionals, and well-defined processes to anticipate, identify, and address threats swiftly.

First Reported: 2025-01-16 15:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Threat Detection, Investigation, Response (TDIR, TDIR

Reputational Scoring Services in Cybersecurity Experience Mixed Success

A growing trend of using reputational scoring services to optimize risk management and decision-making processes in cybersecurity has led to mixed success, with some companies experiencing benefits while others finding it a wasted effort.

First Reported: 2025-01-16 14:29:59

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: None

Reputational Scoring Services in Cybersecurity Experience Mixed Success

A growing trend of using reputational scoring services to optimize risk management and decision-making processes in cybersecurity has led to mixed success, with some companies experiencing benefits while others finding it a wasted effort.

First Reported: 2025-01-16 14:29:59

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: None

Executive Order to Enhance National Cybersecurity

President Biden signed an executive order to bolster national cybersecurity by making it easier to sanction hacking groups targeting federal agencies and critical infrastructure. The order also expands on existing sanctions against entities responsible for or complicit in cyberattacks that result in a significant threat to the nation's security, foreign policy, or economy.

First Reported: 2025-01-16 12:58:14

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Biden

Executive Order to Enhance National Cybersecurity

President Biden signed an executive order to bolster national cybersecurity by making it easier to sanction hacking groups targeting federal agencies and critical infrastructure. The order also expands on existing sanctions against entities responsible for or complicit in cyberattacks that result in a significant threat to the nation's security, foreign policy, or economy.

First Reported: 2025-01-16 12:58:14

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Biden

Python-Based Malware Deployment for Lateral Movement and Ransomware Delivery

A threat actor utilized a Python-based backdoor to maintain persistent access to compromised endpoints, then leveraged this access to deploy the RansomHub ransomware throughout the target network. The initial infection was facilitated by the SocGholish JavaScript malware, which was downloaded from infected websites that tricked unsuspecting users into downloading bogus web browser updates.

First Reported: 2025-01-16 12:15:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-4984, CVE-2024-3665

Key Entities: Python, RansomHub, SocGholish, JavaScript, CVE-2024-4984, CVE-2024-3665

Python-Based Malware Deployment for Lateral Movement and Ransomware Delivery

A threat actor utilized a Python-based backdoor to maintain persistent access to compromised endpoints, then leveraged this access to deploy the RansomHub ransomware throughout the target network. The initial infection was facilitated by the SocGholish JavaScript malware, which was downloaded from infected websites that tricked unsuspecting users into downloading bogus web browser updates.

First Reported: 2025-01-16 12:15:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-4984, CVE-2024-3665

Key Entities: Python, RansomHub, SocGholish, JavaScript, CVE-2024-4984, CVE-2024-3665

Critical Flaws Discovered in Ivanti Endpoint Manager

A researcher has uncovered critical security flaws in multiple versions of Ivanti Endpoint Manager, allowing a remote unauthenticated attacker to leak sensitive information. The four critical bugs affect EPM versions prior to January-2025 Security Update and were discovered by Zach Hanley from Horizon3.ai.

First Reported: 2025-01-16 12:09:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159, CVE-2025-0070, CVE-2025-0066

Key Entities: Ivanti Endpoint, EPM, January-2025 Security Update, Zach Hanley, CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159, CVE-2025-0070, CVE-2025-0066

Critical Flaws Discovered in Ivanti Endpoint Manager

A researcher has uncovered critical security flaws in multiple versions of Ivanti Endpoint Manager, allowing a remote unauthenticated attacker to leak sensitive information. The four critical bugs affect EPM versions prior to January-2025 Security Update and were discovered by Zach Hanley from Horizon3.ai.

First Reported: 2025-01-16 12:09:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159, CVE-2025-0070, CVE-2025-0066

Key Entities: Ivanti Endpoint, EPM, January-2025 Security Update, Zach Hanley, CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159, CVE-2025-0070, CVE-2025-0066

Wolf Haldenstein Data Breach Incident

On December 13, 2023, Wolf Haldenstein detected a data breach where hackers accessed confidential information stored on its servers. The incident is reported to have affected approximately 3.5 million individuals, exposing their personal information. Although the firm has not yet sent direct notices to all impacted parties due to difficulties in locating contact information, complementary credit monitoring coverage will be offered.

First Reported: 2025-01-16 11:26:41

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: December 13, 2023, Wolf Haldenstein

Wolf Haldenstein Data Breach Incident

On December 13, 2023, Wolf Haldenstein detected a data breach where hackers accessed confidential information stored on its servers. The incident is reported to have affected approximately 3.5 million individuals, exposing their personal information. Although the firm has not yet sent direct notices to all impacted parties due to difficulties in locating contact information, complementary credit monitoring coverage will be offered.

First Reported: 2025-01-16 11:26:41

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: December 13, 2023, Wolf Haldenstein

FTC requires GoDaddy to implement basic security protections

The Federal Trade Commission (FTC) will require web hosting giant GoDaddy to implement basic security protections, including HTTPS APIs and mandatory multi-factor authentication. This requirement is a direct result of the FTC's charges that GoDaddy failed to secure its hosting services against attacks since 2018. The company's unreasonable security practices led to multiple breaches, affecting millions of customers worldwide.

First Reported: 2025-01-16 11:09:19

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The Federal Trade Commission, FTC, GoDaddy, HTTPS, FTC, GoDaddy, 2018

FTC requires GoDaddy to implement basic security protections

The Federal Trade Commission (FTC) will require web hosting giant GoDaddy to implement basic security protections, including HTTPS APIs and mandatory multi-factor authentication. This requirement is a direct result of the FTC's charges that GoDaddy failed to secure its hosting services against attacks since 2018. The company's unreasonable security practices led to multiple breaches, affecting millions of customers worldwide.

First Reported: 2025-01-16 11:09:19

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The Federal Trade Commission, FTC, GoDaddy, HTTPS, FTC, GoDaddy, 2018

UEFI Secure Boot Bypass Vulnerability Exposes Systems to Bootkits

A UEFI Secure Boot bypass vulnerability (CVE-2024-7344) allows attackers to deploy bootkits even if Secure Boot protection is active, affecting systems that use Microsoft-signed applications and exploiting systems during system boot. The vulnerable application is part of several real-time system recovery software suites.

First Reported: 2025-01-16 10:05:59

Last Updated: 2025-01-16 16:53:00

Source Count: 3

CVEs: CVE-2024-7344

Key Entities: ESET, EFI, SANFONG Inc., StartImage, Radix SmartRecovery, Slovakian, Computer Education System Inc., 10.2.023-20240927, 11.2.023-20240927, Signal Computer, CA 2011, Smolár, PE, EDR, the CERT Coordination Center, Howyar Technologies Inc., 10.3.021-20241127, Secure Boot, Howyar Technologies, January 14, 2025, CVE, Tuesday, CVE-2024-7344, The Hacker News, Howyar SysReturn, Martin Smolár, LoadImage, 10.3.024-20241127, recent years, Microsoft, Greenware Technologies, July 2024, Jan. 14, 2025, Greenware GreenGuard, Windows, NeoImpact, the Original Equipment Manufacturer, Dark Reading, the Secure Boot, 10.1.024-20241127, Patch Tuesday, UEFI, Microsoft Corporation, June 2024, CERT/CC, Reloader.efi, Extensible Firmware Interface, Wasay Software Technology Inc., OEM, Linux, Sanfong EZ-back

UEFI Secure Boot Bypass Vulnerability Exposes Systems to Bootkits

A UEFI Secure Boot bypass vulnerability (CVE-2024-7344) allows attackers to deploy bootkits even if Secure Boot protection is active, affecting systems that use Microsoft-signed applications and exploiting systems during system boot. The vulnerable application is part of several real-time system recovery software suites.

First Reported: 2025-01-16 10:05:59

Last Updated: 2025-01-16 16:53:00

Source Count: 3

CVEs: CVE-2024-7344

Key Entities: ESET, EFI, SANFONG Inc., StartImage, Radix SmartRecovery, Slovakian, Computer Education System Inc., 10.2.023-20240927, 11.2.023-20240927, Signal Computer, CA 2011, Smolár, PE, EDR, the CERT Coordination Center, Howyar Technologies Inc., 10.3.021-20241127, Secure Boot, Howyar Technologies, January 14, 2025, CVE, Tuesday, CVE-2024-7344, The Hacker News, Howyar SysReturn, Martin Smolár, LoadImage, 10.3.024-20241127, recent years, Microsoft, Greenware Technologies, July 2024, Jan. 14, 2025, Greenware GreenGuard, Windows, NeoImpact, the Original Equipment Manufacturer, Dark Reading, the Secure Boot, 10.1.024-20241127, Patch Tuesday, UEFI, Microsoft Corporation, June 2024, CERT/CC, Reloader.efi, Extensible Firmware Interface, Wasay Software Technology Inc., OEM, Linux, Sanfong EZ-back

Enhanced AI Cybersecurity Collaboration Through Information Sharing

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new playbook, encouraging organizations to share information about cybersecurity incidents and vulnerabilities linked to Artificial Intelligence (AI) systems. The JCDC AI Cybersecurity Collaboration Playbook aims to enhance incident response activities, strengthen information sharing processes, and fortify defenses by promoting voluntary sharing of sensitive information.

First Reported: 2025-01-15 23:11:51

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The U.S. Cybersecurity and Infrastructure Security Agency, Artificial Intelligence (AI, The JCDC AI Cybersecurity Collaboration Playbook

Enhanced AI Cybersecurity Collaboration Through Information Sharing

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new playbook, encouraging organizations to share information about cybersecurity incidents and vulnerabilities linked to Artificial Intelligence (AI) systems. The JCDC AI Cybersecurity Collaboration Playbook aims to enhance incident response activities, strengthen information sharing processes, and fortify defenses by promoting voluntary sharing of sensitive information.

First Reported: 2025-01-15 23:11:51

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The U.S. Cybersecurity and Infrastructure Security Agency, Artificial Intelligence (AI, The JCDC AI Cybersecurity Collaboration Playbook

North Korean IT Worker Fraud Scheme Expansion: Link to 2016 Crowdfunding Scam and Fake Domains

A connection has been found between North Korean IT worker fraud schemes and a 2016 crowdfunding scam, with threat actors also linked to a previous cryptocurrency heist. The U.S. Treasury Department has sanctioned multiple front companies involved in the schemes, including those generating over $88 million in illegal remote IT work.

First Reported: 2025-01-15 19:02:00

Last Updated: 2025-01-16 13:48:43

Source Count: 2

CVEs: None

Key Entities: the United States, Jong, Ukraine, Korea Osong Shipping Co, UN, Volasys Silverstar, last year, DPRK, North Korean, Liaoning China Trade, FBI, Bradley T. Smith, Office of Foreign Assets Control (OFAC, Chonsurim Trading Corporation, Chonsurim, Yanbian, The State Department, North Korea, 2016, US Treasury, Chol, Son Kyong Sik, Biden, US, the last six years, Russia, Ministry of National Defense, the years, Treasury, the Ministry of National Defense, The United States, U.S., Department 53, years, Silk Typhoon, North Korea's, Today, The U.S. Treasury Department, Chinese

North Korean IT Worker Fraud Scheme Expansion: Link to 2016 Crowdfunding Scam and Fake Domains

A connection has been found between North Korean IT worker fraud schemes and a 2016 crowdfunding scam, with threat actors also linked to a previous cryptocurrency heist. The U.S. Treasury Department has sanctioned multiple front companies involved in the schemes, including those generating over $88 million in illegal remote IT work.

First Reported: 2025-01-15 19:02:00

Last Updated: 2025-01-16 13:48:43

Source Count: 2

CVEs: None

Key Entities: the United States, Jong, Ukraine, Korea Osong Shipping Co, UN, Volasys Silverstar, last year, DPRK, North Korean, Liaoning China Trade, FBI, Bradley T. Smith, Office of Foreign Assets Control (OFAC, Chonsurim Trading Corporation, Chonsurim, Yanbian, The State Department, North Korea, 2016, US Treasury, Chol, Son Kyong Sik, Biden, US, the last six years, Russia, Ministry of National Defense, the years, Treasury, the Ministry of National Defense, The United States, U.S., Department 53, years, Silk Typhoon, North Korea's, Today, The U.S. Treasury Department, Chinese

Rsync File Synchronization Tool Flaws Discovered

A group of researchers from Google Cloud Vulnerability Research have uncovered six security vulnerabilities in the popular Rsync file-synchronizing tool, some of which could be exploited to execute arbitrary code on a client. The flaws include heap-buffer overflow, information disclosure, file leak, external directory file-write, and symbolic-link race condition. This has significant implications for users who rely on Rsync for data synchronization.

First Reported: 2025-01-15 17:56:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747, CVE-2024-12084, CVE-2024-12085, CVE-2024-12084, CVE-2024-12085

Key Entities: Google Cloud Vulnerability Research, Rsync, Rsync, CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747, CVE-2024-12084, CVE-2024-12085, CVE-2024-12084, CVE-2024-12085

Rsync File Synchronization Tool Flaws Discovered

A group of researchers from Google Cloud Vulnerability Research have uncovered six security vulnerabilities in the popular Rsync file-synchronizing tool, some of which could be exploited to execute arbitrary code on a client. The flaws include heap-buffer overflow, information disclosure, file leak, external directory file-write, and symbolic-link race condition. This has significant implications for users who rely on Rsync for data synchronization.

First Reported: 2025-01-15 17:56:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747, CVE-2024-12084, CVE-2024-12085, CVE-2024-12084, CVE-2024-12085

Key Entities: Google Cloud Vulnerability Research, Rsync, Rsync, CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747, CVE-2024-12084, CVE-2024-12085, CVE-2024-12084, CVE-2024-12085

SAP NetWeaver Application Servers Critical Vulnerabilities Patched

On January 15th, SAP fixed two critical vulnerabilities affecting its NetWeaver web application server, which could have allowed attackers to escalate privileges and access restricted information. Additionally, four other security issues were addressed across different SAP products.

First Reported: 2025-01-15 17:02:15

Last Updated: None

Source Count: 1

CVEs: CVE-2025-0070, CVE-2025-0066, CVE-2025-0063, CVE-2025-0061

Key Entities: January 15th, SAP, NetWeaver, SAP, CVE-2025-0070, CVE-2025-0066, CVE-2025-0063, CVE-2025-0061

SAP NetWeaver Application Servers Critical Vulnerabilities Patched

On January 15th, SAP fixed two critical vulnerabilities affecting its NetWeaver web application server, which could have allowed attackers to escalate privileges and access restricted information. Additionally, four other security issues were addressed across different SAP products.

First Reported: 2025-01-15 17:02:15

Last Updated: None

Source Count: 1

CVEs: CVE-2025-0070, CVE-2025-0066, CVE-2025-0063, CVE-2025-0061

Key Entities: January 15th, SAP, NetWeaver, SAP, CVE-2025-0070, CVE-2025-0066, CVE-2025-0063, CVE-2025-0061

ICS/OT Security Summit for Critical Infrastructure

The ICS/OT Security Summit brings together industry peers and security experts to address the high-stakes disconnect in industrial control system (ICS) and operational technology (OT) security. The summit focuses on aligning security expenditures with critical functions, verifying threat-driven prioritized SANS Five ICS Cybersecurity Critical Controls, and enhancing security for safe and efficient operations in today's ICS/OT cyber threat landscape.

First Reported: 2025-01-15 17:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: ICS/OT Security Summit, ICS, OT, ICS Cybersecurity Critical Controls, today, ICS/OT

ICS/OT Security Summit for Critical Infrastructure

The ICS/OT Security Summit brings together industry peers and security experts to address the high-stakes disconnect in industrial control system (ICS) and operational technology (OT) security. The summit focuses on aligning security expenditures with critical functions, verifying threat-driven prioritized SANS Five ICS Cybersecurity Critical Controls, and enhancing security for safe and efficient operations in today's ICS/OT cyber threat landscape.

First Reported: 2025-01-15 17:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: ICS/OT Security Summit, ICS, OT, ICS Cybersecurity Critical Controls, today, ICS/OT

Lazarus APT Evolves Developer-Recruitment Attacks

North Korea's Lazarus threat group has launched a fresh wave of attacks targeting software developers using recruitment tactics on job-hiring platforms, particularly LinkedIn, to lure victims into downloading malicious resources through project tests or code reviews, leading to data-stealing implants with capabilities extending across Windows, macOS, and Linux operating systems.

First Reported: 2025-01-15 16:02:08

Last Updated: 2025-01-15 21:07:00

Source Count: 2

CVEs: None

Key Entities: MCLIP, Brazil, the Lazarus Group's, SecurityScorecard, January 9, 2025, Egypt, Operation 99, North Korean, Operation Dream Job, today, GitLab, North Korea, Mexico, The Lazarus Group, Main5346, Intelligence, Argentina, AI, The Hacker News, Italy, India, Indonesia, NukeSped, LinkedIn, Pakistan, Windows, Ryan Sherstobitoff, Germany, Threat Research, U.S., Git, North Korea's, France, Philippines, Lazarus Group, Sherstobitoff, Linux, U.K., Lazarus

Lazarus APT Evolves Developer-Recruitment Attacks

North Korea's Lazarus threat group has launched a fresh wave of attacks targeting software developers using recruitment tactics on job-hiring platforms, particularly LinkedIn, to lure victims into downloading malicious resources through project tests or code reviews, leading to data-stealing implants with capabilities extending across Windows, macOS, and Linux operating systems.

First Reported: 2025-01-15 16:02:08

Last Updated: 2025-01-15 21:07:00

Source Count: 2

CVEs: None

Key Entities: MCLIP, Brazil, the Lazarus Group's, SecurityScorecard, January 9, 2025, Egypt, Operation 99, North Korean, Operation Dream Job, today, GitLab, North Korea, Mexico, The Lazarus Group, Main5346, Intelligence, Argentina, AI, The Hacker News, Italy, India, Indonesia, NukeSped, LinkedIn, Pakistan, Windows, Ryan Sherstobitoff, Germany, Threat Research, U.S., Git, North Korea's, France, Philippines, Lazarus Group, Sherstobitoff, Linux, U.K., Lazarus

CISA Publishes Guidance for Expanded Microsoft Logging Capabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has published a 60-page playbook providing guidance on using expanded cloud logs in Microsoft 365 tenants. The updated logging capabilities, known as Microsoft Purview Audit (Standard), allow organizations to monitor and analyze user and admin operations performed across multiple Microsoft services and solutions.

First Reported: 2025-01-15 15:39:16

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The Cybersecurity and Infrastructure Security Agency, Microsoft, Microsoft Purview Audit, Microsoft

CISA Publishes Guidance for Expanded Microsoft Logging Capabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has published a 60-page playbook providing guidance on using expanded cloud logs in Microsoft 365 tenants. The updated logging capabilities, known as Microsoft Purview Audit (Standard), allow organizations to monitor and analyze user and admin operations performed across multiple Microsoft services and solutions.

First Reported: 2025-01-15 15:39:16

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The Cybersecurity and Infrastructure Security Agency, Microsoft, Microsoft Purview Audit, Microsoft

MikroTik Botnet Exploits Misconfigured SPF DNS Records for Malware Spread

A botnet of approximately 13,000 MikroTik devices exploits misconfigured SPF DNS records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. The threat actor impersonated DHL Express shipping company and delivered fake freight invoices with a malicious payload.

First Reported: 2025-01-15 15:04:45

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: MikroTik, DNS, DHL Express

MikroTik Botnet Exploits Misconfigured SPF DNS Records for Malware Spread

A botnet of approximately 13,000 MikroTik devices exploits misconfigured SPF DNS records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. The threat actor impersonated DHL Express shipping company and delivered fake freight invoices with a malicious payload.

First Reported: 2025-01-15 15:04:45

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: MikroTik, DNS, DHL Express

Avery Website Compromised: Credit Card and Personal Information Stolen

Avery Products Corporation's website was hacked between July 18, 2024, and December 9, 2024, leading to the exfiltration of sensitive payment information from customers. The attack resulted in the compromise of first and last names, billing and shipping addresses, email addresses, phone numbers, payment card numbers, CVV codes, expiration dates, and purchase amounts for 61,193 affected customers.

First Reported: 2025-01-15 14:44:28

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Avery Products Corporation's, between July 18, 2024, December 9, 2024, CVV

Avery Website Compromised: Credit Card and Personal Information Stolen

Avery Products Corporation's website was hacked between July 18, 2024, and December 9, 2024, leading to the exfiltration of sensitive payment information from customers. The attack resulted in the compromise of first and last names, billing and shipping addresses, email addresses, phone numbers, payment card numbers, CVV codes, expiration dates, and purchase amounts for 61,193 affected customers.

First Reported: 2025-01-15 14:44:28

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Avery Products Corporation's, between July 18, 2024, December 9, 2024, CVV

Critical Flaws in SimpleHelp Remote Access Software Discovered

A critical vulnerability was discovered in the SimpleHelp remote access software, allowing attackers to steal files, escalate privileges, and execute arbitrary code on the server. The flaw, identified by researchers at Horizon3.ai, affects multiple versions of the software.

First Reported: 2025-01-15 10:40:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-57727, CVE-2024-57728, CVE-2024-57726, CVE-2024-57726, CVE-2024-57728

Key Entities: SimpleHelp, CVE-2024-57727, CVE-2024-57728, CVE-2024-57726, CVE-2024-57726, CVE-2024-57728

Critical Flaws in SimpleHelp Remote Access Software Discovered

A critical vulnerability was discovered in the SimpleHelp remote access software, allowing attackers to steal files, escalate privileges, and execute arbitrary code on the server. The flaw, identified by researchers at Horizon3.ai, affects multiple versions of the software.

First Reported: 2025-01-15 10:40:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-57727, CVE-2024-57728, CVE-2024-57726, CVE-2024-57726, CVE-2024-57728

Key Entities: SimpleHelp, CVE-2024-57727, CVE-2024-57728, CVE-2024-57726, CVE-2024-57726, CVE-2024-57728

Rapid Expansion of SaaS Attack Surface Requires Immediate Attention

A growing number of employees creating new SaaS accounts every two weeks expands the organization's attack surface, making it an attractive target for attackers. This phenomenon, known as SaaS sprawl, necessitates proactive security measures to mitigate risks associated with identity, data, and third-party vulnerabilities.

First Reported: 2025-01-14 15:38:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: None

Rapid Expansion of SaaS Attack Surface Requires Immediate Attention

A growing number of employees creating new SaaS accounts every two weeks expands the organization's attack surface, making it an attractive target for attackers. This phenomenon, known as SaaS sprawl, necessitates proactive security measures to mitigate risks associated with identity, data, and third-party vulnerabilities.

First Reported: 2025-01-14 15:38:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: None

Cybersecurity Startups Focus on Deepfakes, Data-in-Motion, and Model Security

In 2024, cyber security startups focused on emerging data and AI security solutions. There was a surge in investments in startups tackling deepfakes, data-in-motion, and model security, driven by concerns over election disinformation, executive impersonation attacks, and data leakage. Startups developed identity assurance solutions to monitor conference calls and detect liveness indicators, while others focused on protecting against data leakage from models, reinventing data loss prevention (DLP), and providing a control plane for application security.

First Reported: 2025-01-14 15:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: 2024, AI

Cybersecurity Startups Focus on Deepfakes, Data-in-Motion, and Model Security

In 2024, cyber security startups focused on emerging data and AI security solutions. There was a surge in investments in startups tackling deepfakes, data-in-motion, and model security, driven by concerns over election disinformation, executive impersonation attacks, and data leakage. Startups developed identity assurance solutions to monitor conference calls and detect liveness indicators, while others focused on protecting against data leakage from models, reinventing data loss prevention (DLP), and providing a control plane for application security.

First Reported: 2025-01-14 15:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: 2024, AI

Huione Guarantee's Telegram Market Surpasses Hydra in Crypto Transactions

The Huione Guarantee Telegram market surpassed Hydra as the largest online illicit marketplace, with a cumulative $24 billion in cryptocurrency transactions. The marketplace has more than 820,000 users and was established in 2021 to facilitate car and real estate sales.

First Reported: 2025-01-14 14:59:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Hydra, 2021

Huione Guarantee's Telegram Market Surpasses Hydra in Crypto Transactions

The Huione Guarantee Telegram market surpassed Hydra as the largest online illicit marketplace, with a cumulative $24 billion in cryptocurrency transactions. The marketplace has more than 820,000 users and was established in 2021 to facilitate car and real estate sales.

First Reported: 2025-01-14 14:59:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Hydra, 2021

Abandoned Google OAuth Accounts Vulnerability

Attackers can gain access to abandoned employee accounts linked to various software-as-a-service (SaaS) platforms by purchasing defunct startup domains and exploiting a weakness in Google's OAuth 'Sign in with Google' feature, which is due to an unreliability issue that could theoretically be prevented but has been found unreliable.

First Reported: 2025-01-14 12:28:20

Last Updated: 2025-01-14 22:08:00

Source Count: 2

CVEs: None

Key Entities: Entra ID, Truffle Security, Microsoft, December 19, 2024, Slack, Notion, Zoom, Google, Dylan Ayrey, OpenAI, Ayrey, The Hacker News, American, San Francisco, Slack, Monday, Truffle

Abandoned Google OAuth Accounts Vulnerability

Attackers can gain access to abandoned employee accounts linked to various software-as-a-service (SaaS) platforms by purchasing defunct startup domains and exploiting a weakness in Google's OAuth 'Sign in with Google' feature, which is due to an unreliability issue that could theoretically be prevented but has been found unreliable.

First Reported: 2025-01-14 12:28:20

Last Updated: 2025-01-14 22:08:00

Source Count: 2

CVEs: None

Key Entities: Entra ID, Truffle Security, Microsoft, December 19, 2024, Slack, Notion, Zoom, Google, Dylan Ayrey, OpenAI, Ayrey, The Hacker News, American, San Francisco, Slack, Monday, Truffle

FBI Successfully Removes PlugX Malware from Over 4,000 US Computers

The FBI successfully removed the Chinese PlugX malware from over 4,200 US-based computers after issuing a self-delete command to erase files, registry keys, and stop the application. The operation was part of a global takedown led by French law enforcement and cybersecurity company Sekoia, with 59,475 disinfection payloads issued across 10 countries.

First Reported: 2025-01-14 11:26:26

Last Updated: 2025-01-15 11:44:00

Source Count: 3

CVEs: None

Key Entities: the Federal Bureau of Investigation (FBI, Asia, Europe, at least 2014, Taiwan, Japan, the United States, USB, the Paris Prosecutor's Office, Earth Preta, the Eastern District, Korplug, Stately Taurus, Pennsylvania, FBI, DoJ, Asian, 2014, Myanmar, Delete, Twill Typhoon, US, Mustang Panda, Sekoia.io, Tuesday, Jacqueline Romero, The U.S. Department of Justice (DoJ, Jan. 14, Mongolia, Bronze, the People's Republic of China, China, The US Justice Department, HoneyMyte, months, India, TA416, Sekoia, European, Pakistan, PRC, PlugX, Camaro Dragon, late July 2024, South Korea, U.S., Thailand, IP, Hong Kong, Philippines, Red Lich, late April 2024, RedDelta, French, Vietnam, Last month, Indonesia, Chinese

FBI Successfully Removes PlugX Malware from Over 4,000 US Computers

The FBI successfully removed the Chinese PlugX malware from over 4,200 US-based computers after issuing a self-delete command to erase files, registry keys, and stop the application. The operation was part of a global takedown led by French law enforcement and cybersecurity company Sekoia, with 59,475 disinfection payloads issued across 10 countries.

First Reported: 2025-01-14 11:26:26

Last Updated: 2025-01-15 11:44:00

Source Count: 3

CVEs: None

Key Entities: the Federal Bureau of Investigation (FBI, Asia, Europe, at least 2014, Taiwan, Japan, the United States, USB, the Paris Prosecutor's Office, Earth Preta, the Eastern District, Korplug, Stately Taurus, Pennsylvania, FBI, DoJ, Asian, 2014, Myanmar, Delete, Twill Typhoon, US, Mustang Panda, Sekoia.io, Tuesday, Jacqueline Romero, The U.S. Department of Justice (DoJ, Jan. 14, Mongolia, Bronze, the People's Republic of China, China, The US Justice Department, HoneyMyte, months, India, TA416, Sekoia, European, Pakistan, PRC, PlugX, Camaro Dragon, late July 2024, South Korea, U.S., Thailand, IP, Hong Kong, Philippines, Red Lich, late April 2024, RedDelta, French, Vietnam, Last month, Indonesia, Chinese

Fortinet FortiGate Firewalls Vulnerable to Auth Bypass Zero-Day Exploit

Attackers exploit a zero-day vulnerability in FortiOS and FortiProxy to gain super-admin privileges, create rogue admin users, add themselves to SSL VPN user groups, modify firewall policies, login to internal networks; they target devices with exposed management interfaces on the public Internet, gained access to management interfaces on affected firewalls (firmware versions 7.0.14 and 7.0.16), altered their configurations, and leaked configs and VPN credentials for 15,000 FortiGate devices.

First Reported: 2025-01-14 10:24:27

Last Updated: 2025-01-15 21:57:23

Source Count: 4

CVEs: CVE-2024-55591, CVE-2024-47575, CVE-2022-40684, CVE-2023-37936, CVE-2018-13379

Key Entities: zero-day, 2021, Google Calendar, November 16, 2024, late December, early December, 2022, configuration.conf, the Belsen Group, FortiGate, Fortinet FortiGate, config files, today, January 14, 2025, Artic Wolf, mid-November, this month, SSL, FortiOS 7.0.0-7.0.6, BleepingComputer, one day, CVE-2024-55591, just over 2 years later, DCSync, Tor, last week, October 3, 2022, October 2024, Cyber Abuse, the beginning of December, the start of December 2024, the end of November, Kevin Beaumont, VPS, February, CLI, Heise, Wolf, CVE-2022–40684, CVSS, CVE-2024-47575, Node.js, FortiOS, the "Belsen Group, CVE-2022, CVE-2018, IP, the beginning of the year, German, mid-November 2024, December, October 2022, Arctic Wolf, Beaumont, FortiProxy, CVE-2023-37936, Fortinet

Fortinet FortiGate Firewalls Vulnerable to Auth Bypass Zero-Day Exploit

Attackers exploit a zero-day vulnerability in FortiOS and FortiProxy to gain super-admin privileges, create rogue admin users, add themselves to SSL VPN user groups, modify firewall policies, login to internal networks; they target devices with exposed management interfaces on the public Internet, gained access to management interfaces on affected firewalls (firmware versions 7.0.14 and 7.0.16), altered their configurations, and leaked configs and VPN credentials for 15,000 FortiGate devices.

First Reported: 2025-01-14 10:24:27

Last Updated: 2025-01-15 21:57:23

Source Count: 4

CVEs: CVE-2024-55591, CVE-2024-47575, CVE-2022-40684, CVE-2023-37936, CVE-2018-13379

Key Entities: zero-day, 2021, Google Calendar, November 16, 2024, late December, early December, 2022, configuration.conf, the Belsen Group, FortiGate, Fortinet FortiGate, config files, today, January 14, 2025, Artic Wolf, mid-November, this month, SSL, FortiOS 7.0.0-7.0.6, BleepingComputer, one day, CVE-2024-55591, just over 2 years later, DCSync, Tor, last week, October 3, 2022, October 2024, Cyber Abuse, the beginning of December, the start of December 2024, the end of November, Kevin Beaumont, VPS, February, CLI, Heise, Wolf, CVE-2022–40684, CVSS, CVE-2024-47575, Node.js, FortiOS, the "Belsen Group, CVE-2022, CVE-2018, IP, the beginning of the year, German, mid-November 2024, December, October 2022, Arctic Wolf, Beaumont, FortiProxy, CVE-2023-37936, Fortinet

CPG Adoption Increases Among Critical Infrastructure Sectors

CISA's Cybersecurity Performance Goals (CPGs) adoption rate has increased among critical infrastructure sectors, particularly in Healthcare and Public Health, Water and Wastewater Systems, Communications, and Government Services and Facilities. As CISA strengthens partnerships across all 16 critical infrastructure sectors, the agency expects CPG adoption to expand.

First Reported: 2025-01-13 21:51:36

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: CISA, Cybersecurity Performance Goals, Healthcare, Wastewater Systems, Government Services, CPG

CPG Adoption Increases Among Critical Infrastructure Sectors

CISA's Cybersecurity Performance Goals (CPGs) adoption rate has increased among critical infrastructure sectors, particularly in Healthcare and Public Health, Water and Wastewater Systems, Communications, and Government Services and Facilities. As CISA strengthens partnerships across all 16 critical infrastructure sectors, the agency expects CPG adoption to expand.

First Reported: 2025-01-13 21:51:36

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: CISA, Cybersecurity Performance Goals, Healthcare, Wastewater Systems, Government Services, CPG

K2 Awarded Navy SeaPort NxG Contract for Professional Support Services

The Native Hawaiian Organization (NHO) leader in defense, technology, and workforce development, Krilla Kaleiwahea LLC (K2), was selected as a prime contractor on the prestigious Navy SeaPort contract. This achievement positions K2 to provide exceptional professional support services to the U.S. Navy across various functional areas.

First Reported: 2025-01-13 21:44:23

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The Native Hawaiian Organization, Krilla Kaleiwahea, Navy SeaPort, K2, the U.S. Navy

K2 Awarded Navy SeaPort NxG Contract for Professional Support Services

The Native Hawaiian Organization (NHO) leader in defense, technology, and workforce development, Krilla Kaleiwahea LLC (K2), was selected as a prime contractor on the prestigious Navy SeaPort contract. This achievement positions K2 to provide exceptional professional support services to the U.S. Navy across various functional areas.

First Reported: 2025-01-13 21:44:23

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The Native Hawaiian Organization, Krilla Kaleiwahea, Navy SeaPort, K2, the U.S. Navy

Grupo Bimbo Ventures Invests in NanoLock Security for OT Cybersecurity Solutions

Grupo Bimbo Ventures, a venture capital arm of Grupo Bimbo, invested in NanoLock Security to enhance food operations security and resilience worldwide. The investment aims to leverage NanoLock's advanced OT cybersecurity solutions for industrial manufacturing and critical infrastructure.

First Reported: 2025-01-13 21:42:26

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Grupo Bimbo Ventures, Grupo Bimbo, NanoLock Security, NanoLock, OT

Grupo Bimbo Ventures Invests in NanoLock Security for OT Cybersecurity Solutions

Grupo Bimbo Ventures, a venture capital arm of Grupo Bimbo, invested in NanoLock Security to enhance food operations security and resilience worldwide. The investment aims to leverage NanoLock's advanced OT cybersecurity solutions for industrial manufacturing and critical infrastructure.

First Reported: 2025-01-13 21:42:26

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Grupo Bimbo Ventures, Grupo Bimbo, NanoLock Security, NanoLock, OT

Personal Data Exposure via Ransomware Attack on OneBlood

OneBlood, a blood-donation not-for-profit organization in the US, confirmed that donors' personal information (names and SSNs) was stolen during a ransomware attack in July 2024. The attack caused delays in blood collection, testing, and distribution, leading to critical blood shortage protocols. Donors were notified of potential data exposure six months after the breach occurred.

First Reported: 2025-01-13 17:36:16

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: OneBlood, US, July 2024, six months

Personal Data Exposure via Ransomware Attack on OneBlood

OneBlood, a blood-donation not-for-profit organization in the US, confirmed that donors' personal information (names and SSNs) was stolen during a ransomware attack in July 2024. The attack caused delays in blood collection, testing, and distribution, leading to critical blood shortage protocols. Donors were notified of potential data exposure six months after the breach occurred.

First Reported: 2025-01-13 17:36:16

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: OneBlood, US, July 2024, six months

UTF-16 to ANSI Conversion Vulnerability in Windows

A vulnerability exists in the Windows operating system's UTF-16 to ANSI conversion process, allowing for path traversal and remote code execution attacks via techniques like filename smuggling and environment variable confusion.

First Reported: 2025-01-13 17:35:00

Last Updated: None

Source Count: 1

CVEs: CVE-2025-0282, CVE-2024-52875, CVE-2024-8474, CVE-2024-46981, CVE-2024-51919, CVE-2024-51818, CVE-2024-12877, CVE-2024-12847, CVE-2025-23016, CVE-2024-10215, CVE-2024-11350, CVE-2024-13239, CVE-2024-54676, CVE-2025-0103, CVE-2024-53704, CVE-2024-50603, CVE-2024-9138, CVE-2024-9140

Key Entities: Windows, ANSI, CVE-2025-0282, CVE-2024-52875, CVE-2024-8474, CVE-2024-46981, CVE-2024-51919, CVE-2024-51818, CVE-2024-12877, CVE-2024-12847, CVE-2025-23016, CVE-2024-10215, CVE-2024-11350, CVE-2024-13239, CVE-2024-54676, CVE-2025-0103, CVE-2024-53704, CVE-2024-50603, CVE-2024-9138, CVE-2024-9140

UTF-16 to ANSI Conversion Vulnerability in Windows

A vulnerability exists in the Windows operating system's UTF-16 to ANSI conversion process, allowing for path traversal and remote code execution attacks via techniques like filename smuggling and environment variable confusion.

First Reported: 2025-01-13 17:35:00

Last Updated: None

Source Count: 1

CVEs: CVE-2025-0282, CVE-2024-52875, CVE-2024-8474, CVE-2024-46981, CVE-2024-51919, CVE-2024-51818, CVE-2024-12877, CVE-2024-12847, CVE-2025-23016, CVE-2024-10215, CVE-2024-11350, CVE-2024-13239, CVE-2024-54676, CVE-2025-0103, CVE-2024-53704, CVE-2024-50603, CVE-2024-9138, CVE-2024-9140

Key Entities: Windows, ANSI, CVE-2025-0282, CVE-2024-52875, CVE-2024-8474, CVE-2024-46981, CVE-2024-51919, CVE-2024-51818, CVE-2024-12877, CVE-2024-12847, CVE-2025-23016, CVE-2024-10215, CVE-2024-11350, CVE-2024-13239, CVE-2024-54676, CVE-2025-0103, CVE-2024-53704, CVE-2024-50603, CVE-2024-9138, CVE-2024-9140

Malware Distribution via Abused YouTube Comments and Google Search Results

Cyberattackers are distributing malware through YouTube comments and Google search results, targeting users looking for pirated software. The attackers pose as legitimate software install guides on YouTube, leading viewers to fake download links that contain infostealing malware. On Google, they seed search results with malicious links that appear to be legitimate downloaders, but actually contain malware. This happening has a significant impact on individuals and organizations, as it can lead to the theft of sensitive information such as passwords and cryptocurrency-wallet data.

First Reported: 2025-01-13 17:26:08

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: YouTube, Google, YouTube, Google

Malware Distribution via Abused YouTube Comments and Google Search Results

Cyberattackers are distributing malware through YouTube comments and Google search results, targeting users looking for pirated software. The attackers pose as legitimate software install guides on YouTube, leading viewers to fake download links that contain infostealing malware. On Google, they seed search results with malicious links that appear to be legitimate downloaders, but actually contain malware. This happening has a significant impact on individuals and organizations, as it can lead to the theft of sensitive information such as passwords and cryptocurrency-wallet data.

First Reported: 2025-01-13 17:26:08

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: YouTube, Google, YouTube, Google

Ransomware Attacks on VMware ESXi Servers Escalate in 2024

In 2024, a significant number of ransomware attacks targeted VMware ESXi servers, resulting in substantial losses. The attackers exploited vulnerabilities in the vCenter server, which manages multiple ESXi hosts, and employed hybrid encryption to encrypt essential files, making recovery difficult. The attacks were often carried out by variants of the Babuk ransomware, adapted to evade detection.

First Reported: 2025-01-13 17:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: 2024, VMware, vCenter, Babuk

Ransomware Attacks on VMware ESXi Servers Escalate in 2024

In 2024, a significant number of ransomware attacks targeted VMware ESXi servers, resulting in substantial losses. The attackers exploited vulnerabilities in the vCenter server, which manages multiple ESXi hosts, and employed hybrid encryption to encrypt essential files, making recovery difficult. The attacks were often carried out by variants of the Babuk ransomware, adapted to evade detection.

First Reported: 2025-01-13 17:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: 2024, VMware, vCenter, Babuk

Compromised Path of Exile 2 Admin Account Enables Account Takeovers

A hacked admin account allowed a threat actor to access at least 66 player accounts, causing them to lose in-game purchases and valuable items. The breach occurred when the attackers compromised an old Steam account linked to one of the game's administrator accounts.

First Reported: 2025-01-13 15:33:46

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: None

Compromised Path of Exile 2 Admin Account Enables Account Takeovers

A hacked admin account allowed a threat actor to access at least 66 player accounts, causing them to lose in-game purchases and valuable items. The breach occurred when the attackers compromised an old Steam account linked to one of the game's administrator accounts.

First Reported: 2025-01-13 15:33:46

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: None

SIP Bypass Vulnerability Allows Hackers to Install Malicious Kernel Drivers

A macOS vulnerability (CVE-2024-44243) allows attackers with root privileges to bypass SIP protections and install rootkits by loading third-party kernel extensions, leading to severe consequences, including the creation of persistent malware. New security measures such as monitoring processes with special entitlements and implementing endpoint detection tools are suggested to prevent similar attacks in the future.

First Reported: 2025-01-13 13:24:21

Last Updated: 2025-01-14 22:23:00

Source Count: 3

CVEs: CVE-2021-30892, CVE-2023-32369, CVE-2021-30970, CVE-2024-44133, CVE-2022-42821, CVE-2024-44243

Key Entities: Consent, CVE-2023-32369, the Disk Utility, Litty, Mac, nearly three months, Qualys, Apple, Bar Or, Migraine, last month, macOS Sequoia 15.2, Sectigo, the macOS System Integrity Protection, Dec. 11, CVE-2024-44243, Jason Soroko, /Library/Filesystems, Microsoft, CVE-2021-30970, CVE-2022-42821, CVSS, SIP, this week, Mayuresh Dani, Lionel Litty, HM Surf, Microsoft Threat Intelligence, Control (TCC, CVE-2021-30892, iPhone, macOS, Bypassing SIP, Jonathan Bar, Dani, Menlo Security, System Integrity Protection

SIP Bypass Vulnerability Allows Hackers to Install Malicious Kernel Drivers

A macOS vulnerability (CVE-2024-44243) allows attackers with root privileges to bypass SIP protections and install rootkits by loading third-party kernel extensions, leading to severe consequences, including the creation of persistent malware. New security measures such as monitoring processes with special entitlements and implementing endpoint detection tools are suggested to prevent similar attacks in the future.

First Reported: 2025-01-13 13:24:21

Last Updated: 2025-01-14 22:23:00

Source Count: 3

CVEs: CVE-2021-30892, CVE-2023-32369, CVE-2021-30970, CVE-2024-44133, CVE-2022-42821, CVE-2024-44243

Key Entities: Consent, CVE-2023-32369, the Disk Utility, Litty, Mac, nearly three months, Qualys, Apple, Bar Or, Migraine, last month, macOS Sequoia 15.2, Sectigo, the macOS System Integrity Protection, Dec. 11, CVE-2024-44243, Jason Soroko, /Library/Filesystems, Microsoft, CVE-2021-30970, CVE-2022-42821, CVSS, SIP, this week, Mayuresh Dani, Lionel Litty, HM Surf, Microsoft Threat Intelligence, Control (TCC, CVE-2021-30892, iPhone, macOS, Bypassing SIP, Jonathan Bar, Dani, Menlo Security, System Integrity Protection

Aviatrix Controller RCE Flaw Exploited by Hackers

Hackers exploit CVE-2024-50603 to install backdoors and crypto miners, leveraging a proof-of-concept exploit publicly available on GitHub, as well as exploiting a vulnerability in Aviatrix's Controller software disclosed on Jan. 7, which affects all versions of Aviatrix Controller from 7.x through 7.2.4820.

First Reported: 2025-01-13 12:57:45

Last Updated: 2025-01-13 20:44:00

Source Count: 3

CVEs: CVE-2024-50603

Key Entities: Heineken, Gili Tikochinski, Amazon Web Services, Jan. 7, Gal Nagli, GitHub, two years ago, Aviatrix Controller, 2024, Controller, SecuRing, Jessica MacGregor, Jan. 10, Resorts, XMRig, Wiz Security, Cloud Platform, November 2024, Sliver, Merav Bar, Polish, AWS, Alon Schindel, Securing, Aviatrix, CVE-2024-50603, Yara, CVSS 10, MacGregor, Wiz, Shaked Tanchuma, 7.x, PoC, Raytheon, Away CVE-2024-50603, Black Duck, Jakub Korepta, Schindel, API, GCP, Just one day later, AI & Threat Research, IP, Kelly, IHG Hotels

Aviatrix Controller RCE Flaw Exploited by Hackers

Hackers exploit CVE-2024-50603 to install backdoors and crypto miners, leveraging a proof-of-concept exploit publicly available on GitHub, as well as exploiting a vulnerability in Aviatrix's Controller software disclosed on Jan. 7, which affects all versions of Aviatrix Controller from 7.x through 7.2.4820.

First Reported: 2025-01-13 12:57:45

Last Updated: 2025-01-13 20:44:00

Source Count: 3

CVEs: CVE-2024-50603

Key Entities: Heineken, Gili Tikochinski, Amazon Web Services, Jan. 7, Gal Nagli, GitHub, two years ago, Aviatrix Controller, 2024, Controller, SecuRing, Jessica MacGregor, Jan. 10, Resorts, XMRig, Wiz Security, Cloud Platform, November 2024, Sliver, Merav Bar, Polish, AWS, Alon Schindel, Securing, Aviatrix, CVE-2024-50603, Yara, CVSS 10, MacGregor, Wiz, Shaked Tanchuma, 7.x, PoC, Raytheon, Away CVE-2024-50603, Black Duck, Jakub Korepta, Schindel, API, GCP, Just one day later, AI & Threat Research, IP, Kelly, IHG Hotels

Ivanti Zero-Day Exploit Affects UK Domain Registry Nominet

Nominet, the official .UK domain registry, has confirmed a network breach using an Ivanti VPN zero-day vulnerability. The incident occurred two weeks ago, affecting over 11 million .uk, .co.uk, and .gov .uk domain names. Nominet has reported the attack to relevant authorities, restricted access to its systems via VPN connections, and is still investigating the incident.

First Reported: 2025-01-13 11:50:12

Last Updated: None

Source Count: 1

CVEs: CVE-2025-0282

Key Entities: Nominet, Ivanti, zero-day, two weeks ago, Nominet, CVE-2025-0282

Ivanti Zero-Day Exploit Affects UK Domain Registry Nominet

Nominet, the official .UK domain registry, has confirmed a network breach using an Ivanti VPN zero-day vulnerability. The incident occurred two weeks ago, affecting over 11 million .uk, .co.uk, and .gov .uk domain names. Nominet has reported the attack to relevant authorities, restricted access to its systems via VPN connections, and is still investigating the incident.

First Reported: 2025-01-13 11:50:12

Last Updated: None

Source Count: 1

CVEs: CVE-2025-0282

Key Entities: Nominet, Ivanti, zero-day, two weeks ago, Nominet, CVE-2025-0282

Last Updated

UEFI Secure Boot Bypass Vulnerability Exposes Systems to Bootkits

A UEFI Secure Boot bypass vulnerability (CVE-2024-7344) allows attackers to deploy bootkits even if Secure Boot protection is active, affecting systems that use Microsoft-signed applications and exploiting systems during system boot. The vulnerable application is part of several real-time system recovery software suites.

First Reported: 2025-01-16 10:05:59

Last Updated: 2025-01-16 16:53:00

Source Count: 3

CVEs: CVE-2024-7344

Key Entities: ESET, EFI, SANFONG Inc., StartImage, Radix SmartRecovery, Slovakian, Computer Education System Inc., 10.2.023-20240927, 11.2.023-20240927, Signal Computer, CA 2011, Smolár, PE, EDR, the CERT Coordination Center, Howyar Technologies Inc., 10.3.021-20241127, Secure Boot, Howyar Technologies, January 14, 2025, CVE, Tuesday, CVE-2024-7344, The Hacker News, Howyar SysReturn, Martin Smolár, LoadImage, 10.3.024-20241127, recent years, Microsoft, Greenware Technologies, July 2024, Jan. 14, 2025, Greenware GreenGuard, Windows, NeoImpact, the Original Equipment Manufacturer, Dark Reading, the Secure Boot, 10.1.024-20241127, Patch Tuesday, UEFI, Microsoft Corporation, June 2024, CERT/CC, Reloader.efi, Extensible Firmware Interface, Wasay Software Technology Inc., OEM, Linux, Sanfong EZ-back

UEFI Secure Boot Bypass Vulnerability Exposes Systems to Bootkits

A UEFI Secure Boot bypass vulnerability (CVE-2024-7344) allows attackers to deploy bootkits even if Secure Boot protection is active, affecting systems that use Microsoft-signed applications and exploiting systems during system boot. The vulnerable application is part of several real-time system recovery software suites.

First Reported: 2025-01-16 10:05:59

Last Updated: 2025-01-16 16:53:00

Source Count: 3

CVEs: CVE-2024-7344

Key Entities: ESET, EFI, SANFONG Inc., StartImage, Radix SmartRecovery, Slovakian, Computer Education System Inc., 10.2.023-20240927, 11.2.023-20240927, Signal Computer, CA 2011, Smolár, PE, EDR, the CERT Coordination Center, Howyar Technologies Inc., 10.3.021-20241127, Secure Boot, Howyar Technologies, January 14, 2025, CVE, Tuesday, CVE-2024-7344, The Hacker News, Howyar SysReturn, Martin Smolár, LoadImage, 10.3.024-20241127, recent years, Microsoft, Greenware Technologies, July 2024, Jan. 14, 2025, Greenware GreenGuard, Windows, NeoImpact, the Original Equipment Manufacturer, Dark Reading, the Secure Boot, 10.1.024-20241127, Patch Tuesday, UEFI, Microsoft Corporation, June 2024, CERT/CC, Reloader.efi, Extensible Firmware Interface, Wasay Software Technology Inc., OEM, Linux, Sanfong EZ-back

North Korean IT Worker Fraud Scheme Expansion: Link to 2016 Crowdfunding Scam and Fake Domains

A connection has been found between North Korean IT worker fraud schemes and a 2016 crowdfunding scam, with threat actors also linked to a previous cryptocurrency heist. The U.S. Treasury Department has sanctioned multiple front companies involved in the schemes, including those generating over $88 million in illegal remote IT work.

First Reported: 2025-01-15 19:02:00

Last Updated: 2025-01-16 13:48:43

Source Count: 2

CVEs: None

Key Entities: the United States, Jong, Ukraine, Korea Osong Shipping Co, UN, Volasys Silverstar, last year, DPRK, North Korean, Liaoning China Trade, FBI, Bradley T. Smith, Office of Foreign Assets Control (OFAC, Chonsurim Trading Corporation, Chonsurim, Yanbian, The State Department, North Korea, 2016, US Treasury, Chol, Son Kyong Sik, Biden, US, the last six years, Russia, Ministry of National Defense, the years, Treasury, the Ministry of National Defense, The United States, U.S., Department 53, years, Silk Typhoon, North Korea's, Today, The U.S. Treasury Department, Chinese

North Korean IT Worker Fraud Scheme Expansion: Link to 2016 Crowdfunding Scam and Fake Domains

A connection has been found between North Korean IT worker fraud schemes and a 2016 crowdfunding scam, with threat actors also linked to a previous cryptocurrency heist. The U.S. Treasury Department has sanctioned multiple front companies involved in the schemes, including those generating over $88 million in illegal remote IT work.

First Reported: 2025-01-15 19:02:00

Last Updated: 2025-01-16 13:48:43

Source Count: 2

CVEs: None

Key Entities: the United States, Jong, Ukraine, Korea Osong Shipping Co, UN, Volasys Silverstar, last year, DPRK, North Korean, Liaoning China Trade, FBI, Bradley T. Smith, Office of Foreign Assets Control (OFAC, Chonsurim Trading Corporation, Chonsurim, Yanbian, The State Department, North Korea, 2016, US Treasury, Chol, Son Kyong Sik, Biden, US, the last six years, Russia, Ministry of National Defense, the years, Treasury, the Ministry of National Defense, The United States, U.S., Department 53, years, Silk Typhoon, North Korea's, Today, The U.S. Treasury Department, Chinese

Fortinet FortiGate Firewalls Vulnerable to Auth Bypass Zero-Day Exploit

Attackers exploit a zero-day vulnerability in FortiOS and FortiProxy to gain super-admin privileges, create rogue admin users, add themselves to SSL VPN user groups, modify firewall policies, login to internal networks; they target devices with exposed management interfaces on the public Internet, gained access to management interfaces on affected firewalls (firmware versions 7.0.14 and 7.0.16), altered their configurations, and leaked configs and VPN credentials for 15,000 FortiGate devices.

First Reported: 2025-01-14 10:24:27

Last Updated: 2025-01-15 21:57:23

Source Count: 4

CVEs: CVE-2024-55591, CVE-2024-47575, CVE-2022-40684, CVE-2023-37936, CVE-2018-13379

Key Entities: zero-day, 2021, Google Calendar, November 16, 2024, late December, early December, 2022, configuration.conf, the Belsen Group, FortiGate, Fortinet FortiGate, config files, today, January 14, 2025, Artic Wolf, mid-November, this month, SSL, FortiOS 7.0.0-7.0.6, BleepingComputer, one day, CVE-2024-55591, just over 2 years later, DCSync, Tor, last week, October 3, 2022, October 2024, Cyber Abuse, the beginning of December, the start of December 2024, the end of November, Kevin Beaumont, VPS, February, CLI, Heise, Wolf, CVE-2022–40684, CVSS, CVE-2024-47575, Node.js, FortiOS, the "Belsen Group, CVE-2022, CVE-2018, IP, the beginning of the year, German, mid-November 2024, December, October 2022, Arctic Wolf, Beaumont, FortiProxy, CVE-2023-37936, Fortinet

Fortinet FortiGate Firewalls Vulnerable to Auth Bypass Zero-Day Exploit

Attackers exploit a zero-day vulnerability in FortiOS and FortiProxy to gain super-admin privileges, create rogue admin users, add themselves to SSL VPN user groups, modify firewall policies, login to internal networks; they target devices with exposed management interfaces on the public Internet, gained access to management interfaces on affected firewalls (firmware versions 7.0.14 and 7.0.16), altered their configurations, and leaked configs and VPN credentials for 15,000 FortiGate devices.

First Reported: 2025-01-14 10:24:27

Last Updated: 2025-01-15 21:57:23

Source Count: 4

CVEs: CVE-2024-55591, CVE-2024-47575, CVE-2022-40684, CVE-2023-37936, CVE-2018-13379

Key Entities: zero-day, 2021, Google Calendar, November 16, 2024, late December, early December, 2022, configuration.conf, the Belsen Group, FortiGate, Fortinet FortiGate, config files, today, January 14, 2025, Artic Wolf, mid-November, this month, SSL, FortiOS 7.0.0-7.0.6, BleepingComputer, one day, CVE-2024-55591, just over 2 years later, DCSync, Tor, last week, October 3, 2022, October 2024, Cyber Abuse, the beginning of December, the start of December 2024, the end of November, Kevin Beaumont, VPS, February, CLI, Heise, Wolf, CVE-2022–40684, CVSS, CVE-2024-47575, Node.js, FortiOS, the "Belsen Group, CVE-2022, CVE-2018, IP, the beginning of the year, German, mid-November 2024, December, October 2022, Arctic Wolf, Beaumont, FortiProxy, CVE-2023-37936, Fortinet

Lazarus APT Evolves Developer-Recruitment Attacks

North Korea's Lazarus threat group has launched a fresh wave of attacks targeting software developers using recruitment tactics on job-hiring platforms, particularly LinkedIn, to lure victims into downloading malicious resources through project tests or code reviews, leading to data-stealing implants with capabilities extending across Windows, macOS, and Linux operating systems.

First Reported: 2025-01-15 16:02:08

Last Updated: 2025-01-15 21:07:00

Source Count: 2

CVEs: None

Key Entities: MCLIP, Brazil, the Lazarus Group's, SecurityScorecard, January 9, 2025, Egypt, Operation 99, North Korean, Operation Dream Job, today, GitLab, North Korea, Mexico, The Lazarus Group, Main5346, Intelligence, Argentina, AI, The Hacker News, Italy, India, Indonesia, NukeSped, LinkedIn, Pakistan, Windows, Ryan Sherstobitoff, Germany, Threat Research, U.S., Git, North Korea's, France, Philippines, Lazarus Group, Sherstobitoff, Linux, U.K., Lazarus

Lazarus APT Evolves Developer-Recruitment Attacks

North Korea's Lazarus threat group has launched a fresh wave of attacks targeting software developers using recruitment tactics on job-hiring platforms, particularly LinkedIn, to lure victims into downloading malicious resources through project tests or code reviews, leading to data-stealing implants with capabilities extending across Windows, macOS, and Linux operating systems.

First Reported: 2025-01-15 16:02:08

Last Updated: 2025-01-15 21:07:00

Source Count: 2

CVEs: None

Key Entities: MCLIP, Brazil, the Lazarus Group's, SecurityScorecard, January 9, 2025, Egypt, Operation 99, North Korean, Operation Dream Job, today, GitLab, North Korea, Mexico, The Lazarus Group, Main5346, Intelligence, Argentina, AI, The Hacker News, Italy, India, Indonesia, NukeSped, LinkedIn, Pakistan, Windows, Ryan Sherstobitoff, Germany, Threat Research, U.S., Git, North Korea's, France, Philippines, Lazarus Group, Sherstobitoff, Linux, U.K., Lazarus

FBI Successfully Removes PlugX Malware from Over 4,000 US Computers

The FBI successfully removed the Chinese PlugX malware from over 4,200 US-based computers after issuing a self-delete command to erase files, registry keys, and stop the application. The operation was part of a global takedown led by French law enforcement and cybersecurity company Sekoia, with 59,475 disinfection payloads issued across 10 countries.

First Reported: 2025-01-14 11:26:26

Last Updated: 2025-01-15 11:44:00

Source Count: 3

CVEs: None

Key Entities: the Federal Bureau of Investigation (FBI, Asia, Europe, at least 2014, Taiwan, Japan, the United States, USB, the Paris Prosecutor's Office, Earth Preta, the Eastern District, Korplug, Stately Taurus, Pennsylvania, FBI, DoJ, Asian, 2014, Myanmar, Delete, Twill Typhoon, US, Mustang Panda, Sekoia.io, Tuesday, Jacqueline Romero, The U.S. Department of Justice (DoJ, Jan. 14, Mongolia, Bronze, the People's Republic of China, China, The US Justice Department, HoneyMyte, months, India, TA416, Sekoia, European, Pakistan, PRC, PlugX, Camaro Dragon, late July 2024, South Korea, U.S., Thailand, IP, Hong Kong, Philippines, Red Lich, late April 2024, RedDelta, French, Vietnam, Last month, Indonesia, Chinese

FBI Successfully Removes PlugX Malware from Over 4,000 US Computers

The FBI successfully removed the Chinese PlugX malware from over 4,200 US-based computers after issuing a self-delete command to erase files, registry keys, and stop the application. The operation was part of a global takedown led by French law enforcement and cybersecurity company Sekoia, with 59,475 disinfection payloads issued across 10 countries.

First Reported: 2025-01-14 11:26:26

Last Updated: 2025-01-15 11:44:00

Source Count: 3

CVEs: None

Key Entities: the Federal Bureau of Investigation (FBI, Asia, Europe, at least 2014, Taiwan, Japan, the United States, USB, the Paris Prosecutor's Office, Earth Preta, the Eastern District, Korplug, Stately Taurus, Pennsylvania, FBI, DoJ, Asian, 2014, Myanmar, Delete, Twill Typhoon, US, Mustang Panda, Sekoia.io, Tuesday, Jacqueline Romero, The U.S. Department of Justice (DoJ, Jan. 14, Mongolia, Bronze, the People's Republic of China, China, The US Justice Department, HoneyMyte, months, India, TA416, Sekoia, European, Pakistan, PRC, PlugX, Camaro Dragon, late July 2024, South Korea, U.S., Thailand, IP, Hong Kong, Philippines, Red Lich, late April 2024, RedDelta, French, Vietnam, Last month, Indonesia, Chinese

SIP Bypass Vulnerability Allows Hackers to Install Malicious Kernel Drivers

A macOS vulnerability (CVE-2024-44243) allows attackers with root privileges to bypass SIP protections and install rootkits by loading third-party kernel extensions, leading to severe consequences, including the creation of persistent malware. New security measures such as monitoring processes with special entitlements and implementing endpoint detection tools are suggested to prevent similar attacks in the future.

First Reported: 2025-01-13 13:24:21

Last Updated: 2025-01-14 22:23:00

Source Count: 3

CVEs: CVE-2021-30892, CVE-2023-32369, CVE-2021-30970, CVE-2024-44133, CVE-2022-42821, CVE-2024-44243

Key Entities: Consent, CVE-2023-32369, the Disk Utility, Litty, Mac, nearly three months, Qualys, Apple, Bar Or, Migraine, last month, macOS Sequoia 15.2, Sectigo, the macOS System Integrity Protection, Dec. 11, CVE-2024-44243, Jason Soroko, /Library/Filesystems, Microsoft, CVE-2021-30970, CVE-2022-42821, CVSS, SIP, this week, Mayuresh Dani, Lionel Litty, HM Surf, Microsoft Threat Intelligence, Control (TCC, CVE-2021-30892, iPhone, macOS, Bypassing SIP, Jonathan Bar, Dani, Menlo Security, System Integrity Protection

SIP Bypass Vulnerability Allows Hackers to Install Malicious Kernel Drivers

A macOS vulnerability (CVE-2024-44243) allows attackers with root privileges to bypass SIP protections and install rootkits by loading third-party kernel extensions, leading to severe consequences, including the creation of persistent malware. New security measures such as monitoring processes with special entitlements and implementing endpoint detection tools are suggested to prevent similar attacks in the future.

First Reported: 2025-01-13 13:24:21

Last Updated: 2025-01-14 22:23:00

Source Count: 3

CVEs: CVE-2021-30892, CVE-2023-32369, CVE-2021-30970, CVE-2024-44133, CVE-2022-42821, CVE-2024-44243

Key Entities: Consent, CVE-2023-32369, the Disk Utility, Litty, Mac, nearly three months, Qualys, Apple, Bar Or, Migraine, last month, macOS Sequoia 15.2, Sectigo, the macOS System Integrity Protection, Dec. 11, CVE-2024-44243, Jason Soroko, /Library/Filesystems, Microsoft, CVE-2021-30970, CVE-2022-42821, CVSS, SIP, this week, Mayuresh Dani, Lionel Litty, HM Surf, Microsoft Threat Intelligence, Control (TCC, CVE-2021-30892, iPhone, macOS, Bypassing SIP, Jonathan Bar, Dani, Menlo Security, System Integrity Protection

Abandoned Google OAuth Accounts Vulnerability

Attackers can gain access to abandoned employee accounts linked to various software-as-a-service (SaaS) platforms by purchasing defunct startup domains and exploiting a weakness in Google's OAuth 'Sign in with Google' feature, which is due to an unreliability issue that could theoretically be prevented but has been found unreliable.

First Reported: 2025-01-14 12:28:20

Last Updated: 2025-01-14 22:08:00

Source Count: 2

CVEs: None

Key Entities: Entra ID, Truffle Security, Microsoft, December 19, 2024, Slack, Notion, Zoom, Google, Dylan Ayrey, OpenAI, Ayrey, The Hacker News, American, San Francisco, Slack, Monday, Truffle

Abandoned Google OAuth Accounts Vulnerability

Attackers can gain access to abandoned employee accounts linked to various software-as-a-service (SaaS) platforms by purchasing defunct startup domains and exploiting a weakness in Google's OAuth 'Sign in with Google' feature, which is due to an unreliability issue that could theoretically be prevented but has been found unreliable.

First Reported: 2025-01-14 12:28:20

Last Updated: 2025-01-14 22:08:00

Source Count: 2

CVEs: None

Key Entities: Entra ID, Truffle Security, Microsoft, December 19, 2024, Slack, Notion, Zoom, Google, Dylan Ayrey, OpenAI, Ayrey, The Hacker News, American, San Francisco, Slack, Monday, Truffle

Aviatrix Controller RCE Flaw Exploited by Hackers

Hackers exploit CVE-2024-50603 to install backdoors and crypto miners, leveraging a proof-of-concept exploit publicly available on GitHub, as well as exploiting a vulnerability in Aviatrix's Controller software disclosed on Jan. 7, which affects all versions of Aviatrix Controller from 7.x through 7.2.4820.

First Reported: 2025-01-13 12:57:45

Last Updated: 2025-01-13 20:44:00

Source Count: 3

CVEs: CVE-2024-50603

Key Entities: Heineken, Gili Tikochinski, Amazon Web Services, Jan. 7, Gal Nagli, GitHub, two years ago, Aviatrix Controller, 2024, Controller, SecuRing, Jessica MacGregor, Jan. 10, Resorts, XMRig, Wiz Security, Cloud Platform, November 2024, Sliver, Merav Bar, Polish, AWS, Alon Schindel, Securing, Aviatrix, CVE-2024-50603, Yara, CVSS 10, MacGregor, Wiz, Shaked Tanchuma, 7.x, PoC, Raytheon, Away CVE-2024-50603, Black Duck, Jakub Korepta, Schindel, API, GCP, Just one day later, AI & Threat Research, IP, Kelly, IHG Hotels

Aviatrix Controller RCE Flaw Exploited by Hackers

Hackers exploit CVE-2024-50603 to install backdoors and crypto miners, leveraging a proof-of-concept exploit publicly available on GitHub, as well as exploiting a vulnerability in Aviatrix's Controller software disclosed on Jan. 7, which affects all versions of Aviatrix Controller from 7.x through 7.2.4820.

First Reported: 2025-01-13 12:57:45

Last Updated: 2025-01-13 20:44:00

Source Count: 3

CVEs: CVE-2024-50603

Key Entities: Heineken, Gili Tikochinski, Amazon Web Services, Jan. 7, Gal Nagli, GitHub, two years ago, Aviatrix Controller, 2024, Controller, SecuRing, Jessica MacGregor, Jan. 10, Resorts, XMRig, Wiz Security, Cloud Platform, November 2024, Sliver, Merav Bar, Polish, AWS, Alon Schindel, Securing, Aviatrix, CVE-2024-50603, Yara, CVSS 10, MacGregor, Wiz, Shaked Tanchuma, 7.x, PoC, Raytheon, Away CVE-2024-50603, Black Duck, Jakub Korepta, Schindel, API, GCP, Just one day later, AI & Threat Research, IP, Kelly, IHG Hotels

Most Sources

Fortinet FortiGate Firewalls Vulnerable to Auth Bypass Zero-Day Exploit

Attackers exploit a zero-day vulnerability in FortiOS and FortiProxy to gain super-admin privileges, create rogue admin users, add themselves to SSL VPN user groups, modify firewall policies, login to internal networks; they target devices with exposed management interfaces on the public Internet, gained access to management interfaces on affected firewalls (firmware versions 7.0.14 and 7.0.16), altered their configurations, and leaked configs and VPN credentials for 15,000 FortiGate devices.

First Reported: 2025-01-14 10:24:27

Last Updated: 2025-01-15 21:57:23

Source Count: 4

CVEs: CVE-2024-55591, CVE-2024-47575, CVE-2022-40684, CVE-2023-37936, CVE-2018-13379

Key Entities: zero-day, 2021, Google Calendar, November 16, 2024, late December, early December, 2022, configuration.conf, the Belsen Group, FortiGate, Fortinet FortiGate, config files, today, January 14, 2025, Artic Wolf, mid-November, this month, SSL, FortiOS 7.0.0-7.0.6, BleepingComputer, one day, CVE-2024-55591, just over 2 years later, DCSync, Tor, last week, October 3, 2022, October 2024, Cyber Abuse, the beginning of December, the start of December 2024, the end of November, Kevin Beaumont, VPS, February, CLI, Heise, Wolf, CVE-2022–40684, CVSS, CVE-2024-47575, Node.js, FortiOS, the "Belsen Group, CVE-2022, CVE-2018, IP, the beginning of the year, German, mid-November 2024, December, October 2022, Arctic Wolf, Beaumont, FortiProxy, CVE-2023-37936, Fortinet

Fortinet FortiGate Firewalls Vulnerable to Auth Bypass Zero-Day Exploit

Attackers exploit a zero-day vulnerability in FortiOS and FortiProxy to gain super-admin privileges, create rogue admin users, add themselves to SSL VPN user groups, modify firewall policies, login to internal networks; they target devices with exposed management interfaces on the public Internet, gained access to management interfaces on affected firewalls (firmware versions 7.0.14 and 7.0.16), altered their configurations, and leaked configs and VPN credentials for 15,000 FortiGate devices.

First Reported: 2025-01-14 10:24:27

Last Updated: 2025-01-15 21:57:23

Source Count: 4

CVEs: CVE-2024-55591, CVE-2024-47575, CVE-2022-40684, CVE-2023-37936, CVE-2018-13379

Key Entities: zero-day, 2021, Google Calendar, November 16, 2024, late December, early December, 2022, configuration.conf, the Belsen Group, FortiGate, Fortinet FortiGate, config files, today, January 14, 2025, Artic Wolf, mid-November, this month, SSL, FortiOS 7.0.0-7.0.6, BleepingComputer, one day, CVE-2024-55591, just over 2 years later, DCSync, Tor, last week, October 3, 2022, October 2024, Cyber Abuse, the beginning of December, the start of December 2024, the end of November, Kevin Beaumont, VPS, February, CLI, Heise, Wolf, CVE-2022–40684, CVSS, CVE-2024-47575, Node.js, FortiOS, the "Belsen Group, CVE-2022, CVE-2018, IP, the beginning of the year, German, mid-November 2024, December, October 2022, Arctic Wolf, Beaumont, FortiProxy, CVE-2023-37936, Fortinet

UEFI Secure Boot Bypass Vulnerability Exposes Systems to Bootkits

A UEFI Secure Boot bypass vulnerability (CVE-2024-7344) allows attackers to deploy bootkits even if Secure Boot protection is active, affecting systems that use Microsoft-signed applications and exploiting systems during system boot. The vulnerable application is part of several real-time system recovery software suites.

First Reported: 2025-01-16 10:05:59

Last Updated: 2025-01-16 16:53:00

Source Count: 3

CVEs: CVE-2024-7344

Key Entities: ESET, EFI, SANFONG Inc., StartImage, Radix SmartRecovery, Slovakian, Computer Education System Inc., 10.2.023-20240927, 11.2.023-20240927, Signal Computer, CA 2011, Smolár, PE, EDR, the CERT Coordination Center, Howyar Technologies Inc., 10.3.021-20241127, Secure Boot, Howyar Technologies, January 14, 2025, CVE, Tuesday, CVE-2024-7344, The Hacker News, Howyar SysReturn, Martin Smolár, LoadImage, 10.3.024-20241127, recent years, Microsoft, Greenware Technologies, July 2024, Jan. 14, 2025, Greenware GreenGuard, Windows, NeoImpact, the Original Equipment Manufacturer, Dark Reading, the Secure Boot, 10.1.024-20241127, Patch Tuesday, UEFI, Microsoft Corporation, June 2024, CERT/CC, Reloader.efi, Extensible Firmware Interface, Wasay Software Technology Inc., OEM, Linux, Sanfong EZ-back

UEFI Secure Boot Bypass Vulnerability Exposes Systems to Bootkits

A UEFI Secure Boot bypass vulnerability (CVE-2024-7344) allows attackers to deploy bootkits even if Secure Boot protection is active, affecting systems that use Microsoft-signed applications and exploiting systems during system boot. The vulnerable application is part of several real-time system recovery software suites.

First Reported: 2025-01-16 10:05:59

Last Updated: 2025-01-16 16:53:00

Source Count: 3

CVEs: CVE-2024-7344

Key Entities: ESET, EFI, SANFONG Inc., StartImage, Radix SmartRecovery, Slovakian, Computer Education System Inc., 10.2.023-20240927, 11.2.023-20240927, Signal Computer, CA 2011, Smolár, PE, EDR, the CERT Coordination Center, Howyar Technologies Inc., 10.3.021-20241127, Secure Boot, Howyar Technologies, January 14, 2025, CVE, Tuesday, CVE-2024-7344, The Hacker News, Howyar SysReturn, Martin Smolár, LoadImage, 10.3.024-20241127, recent years, Microsoft, Greenware Technologies, July 2024, Jan. 14, 2025, Greenware GreenGuard, Windows, NeoImpact, the Original Equipment Manufacturer, Dark Reading, the Secure Boot, 10.1.024-20241127, Patch Tuesday, UEFI, Microsoft Corporation, June 2024, CERT/CC, Reloader.efi, Extensible Firmware Interface, Wasay Software Technology Inc., OEM, Linux, Sanfong EZ-back

FBI Successfully Removes PlugX Malware from Over 4,000 US Computers

The FBI successfully removed the Chinese PlugX malware from over 4,200 US-based computers after issuing a self-delete command to erase files, registry keys, and stop the application. The operation was part of a global takedown led by French law enforcement and cybersecurity company Sekoia, with 59,475 disinfection payloads issued across 10 countries.

First Reported: 2025-01-14 11:26:26

Last Updated: 2025-01-15 11:44:00

Source Count: 3

CVEs: None

Key Entities: the Federal Bureau of Investigation (FBI, Asia, Europe, at least 2014, Taiwan, Japan, the United States, USB, the Paris Prosecutor's Office, Earth Preta, the Eastern District, Korplug, Stately Taurus, Pennsylvania, FBI, DoJ, Asian, 2014, Myanmar, Delete, Twill Typhoon, US, Mustang Panda, Sekoia.io, Tuesday, Jacqueline Romero, The U.S. Department of Justice (DoJ, Jan. 14, Mongolia, Bronze, the People's Republic of China, China, The US Justice Department, HoneyMyte, months, India, TA416, Sekoia, European, Pakistan, PRC, PlugX, Camaro Dragon, late July 2024, South Korea, U.S., Thailand, IP, Hong Kong, Philippines, Red Lich, late April 2024, RedDelta, French, Vietnam, Last month, Indonesia, Chinese

FBI Successfully Removes PlugX Malware from Over 4,000 US Computers

The FBI successfully removed the Chinese PlugX malware from over 4,200 US-based computers after issuing a self-delete command to erase files, registry keys, and stop the application. The operation was part of a global takedown led by French law enforcement and cybersecurity company Sekoia, with 59,475 disinfection payloads issued across 10 countries.

First Reported: 2025-01-14 11:26:26

Last Updated: 2025-01-15 11:44:00

Source Count: 3

CVEs: None

Key Entities: the Federal Bureau of Investigation (FBI, Asia, Europe, at least 2014, Taiwan, Japan, the United States, USB, the Paris Prosecutor's Office, Earth Preta, the Eastern District, Korplug, Stately Taurus, Pennsylvania, FBI, DoJ, Asian, 2014, Myanmar, Delete, Twill Typhoon, US, Mustang Panda, Sekoia.io, Tuesday, Jacqueline Romero, The U.S. Department of Justice (DoJ, Jan. 14, Mongolia, Bronze, the People's Republic of China, China, The US Justice Department, HoneyMyte, months, India, TA416, Sekoia, European, Pakistan, PRC, PlugX, Camaro Dragon, late July 2024, South Korea, U.S., Thailand, IP, Hong Kong, Philippines, Red Lich, late April 2024, RedDelta, French, Vietnam, Last month, Indonesia, Chinese

SIP Bypass Vulnerability Allows Hackers to Install Malicious Kernel Drivers

A macOS vulnerability (CVE-2024-44243) allows attackers with root privileges to bypass SIP protections and install rootkits by loading third-party kernel extensions, leading to severe consequences, including the creation of persistent malware. New security measures such as monitoring processes with special entitlements and implementing endpoint detection tools are suggested to prevent similar attacks in the future.

First Reported: 2025-01-13 13:24:21

Last Updated: 2025-01-14 22:23:00

Source Count: 3

CVEs: CVE-2021-30892, CVE-2023-32369, CVE-2021-30970, CVE-2024-44133, CVE-2022-42821, CVE-2024-44243

Key Entities: Consent, CVE-2023-32369, the Disk Utility, Litty, Mac, nearly three months, Qualys, Apple, Bar Or, Migraine, last month, macOS Sequoia 15.2, Sectigo, the macOS System Integrity Protection, Dec. 11, CVE-2024-44243, Jason Soroko, /Library/Filesystems, Microsoft, CVE-2021-30970, CVE-2022-42821, CVSS, SIP, this week, Mayuresh Dani, Lionel Litty, HM Surf, Microsoft Threat Intelligence, Control (TCC, CVE-2021-30892, iPhone, macOS, Bypassing SIP, Jonathan Bar, Dani, Menlo Security, System Integrity Protection

Aviatrix Controller RCE Flaw Exploited by Hackers

Hackers exploit CVE-2024-50603 to install backdoors and crypto miners, leveraging a proof-of-concept exploit publicly available on GitHub, as well as exploiting a vulnerability in Aviatrix's Controller software disclosed on Jan. 7, which affects all versions of Aviatrix Controller from 7.x through 7.2.4820.

First Reported: 2025-01-13 12:57:45

Last Updated: 2025-01-13 20:44:00

Source Count: 3

CVEs: CVE-2024-50603

Key Entities: Heineken, Gili Tikochinski, Amazon Web Services, Jan. 7, Gal Nagli, GitHub, two years ago, Aviatrix Controller, 2024, Controller, SecuRing, Jessica MacGregor, Jan. 10, Resorts, XMRig, Wiz Security, Cloud Platform, November 2024, Sliver, Merav Bar, Polish, AWS, Alon Schindel, Securing, Aviatrix, CVE-2024-50603, Yara, CVSS 10, MacGregor, Wiz, Shaked Tanchuma, 7.x, PoC, Raytheon, Away CVE-2024-50603, Black Duck, Jakub Korepta, Schindel, API, GCP, Just one day later, AI & Threat Research, IP, Kelly, IHG Hotels

SIP Bypass Vulnerability Allows Hackers to Install Malicious Kernel Drivers

A macOS vulnerability (CVE-2024-44243) allows attackers with root privileges to bypass SIP protections and install rootkits by loading third-party kernel extensions, leading to severe consequences, including the creation of persistent malware. New security measures such as monitoring processes with special entitlements and implementing endpoint detection tools are suggested to prevent similar attacks in the future.

First Reported: 2025-01-13 13:24:21

Last Updated: 2025-01-14 22:23:00

Source Count: 3

CVEs: CVE-2021-30892, CVE-2023-32369, CVE-2021-30970, CVE-2024-44133, CVE-2022-42821, CVE-2024-44243

Key Entities: Consent, CVE-2023-32369, the Disk Utility, Litty, Mac, nearly three months, Qualys, Apple, Bar Or, Migraine, last month, macOS Sequoia 15.2, Sectigo, the macOS System Integrity Protection, Dec. 11, CVE-2024-44243, Jason Soroko, /Library/Filesystems, Microsoft, CVE-2021-30970, CVE-2022-42821, CVSS, SIP, this week, Mayuresh Dani, Lionel Litty, HM Surf, Microsoft Threat Intelligence, Control (TCC, CVE-2021-30892, iPhone, macOS, Bypassing SIP, Jonathan Bar, Dani, Menlo Security, System Integrity Protection

Aviatrix Controller RCE Flaw Exploited by Hackers

Hackers exploit CVE-2024-50603 to install backdoors and crypto miners, leveraging a proof-of-concept exploit publicly available on GitHub, as well as exploiting a vulnerability in Aviatrix's Controller software disclosed on Jan. 7, which affects all versions of Aviatrix Controller from 7.x through 7.2.4820.

First Reported: 2025-01-13 12:57:45

Last Updated: 2025-01-13 20:44:00

Source Count: 3

CVEs: CVE-2024-50603

Key Entities: Heineken, Gili Tikochinski, Amazon Web Services, Jan. 7, Gal Nagli, GitHub, two years ago, Aviatrix Controller, 2024, Controller, SecuRing, Jessica MacGregor, Jan. 10, Resorts, XMRig, Wiz Security, Cloud Platform, November 2024, Sliver, Merav Bar, Polish, AWS, Alon Schindel, Securing, Aviatrix, CVE-2024-50603, Yara, CVSS 10, MacGregor, Wiz, Shaked Tanchuma, 7.x, PoC, Raytheon, Away CVE-2024-50603, Black Duck, Jakub Korepta, Schindel, API, GCP, Just one day later, AI & Threat Research, IP, Kelly, IHG Hotels

North Korean IT Worker Fraud Scheme Expansion: Link to 2016 Crowdfunding Scam and Fake Domains

A connection has been found between North Korean IT worker fraud schemes and a 2016 crowdfunding scam, with threat actors also linked to a previous cryptocurrency heist. The U.S. Treasury Department has sanctioned multiple front companies involved in the schemes, including those generating over $88 million in illegal remote IT work.

First Reported: 2025-01-15 19:02:00

Last Updated: 2025-01-16 13:48:43

Source Count: 2

CVEs: None

Key Entities: the United States, Jong, Ukraine, Korea Osong Shipping Co, UN, Volasys Silverstar, last year, DPRK, North Korean, Liaoning China Trade, FBI, Bradley T. Smith, Office of Foreign Assets Control (OFAC, Chonsurim Trading Corporation, Chonsurim, Yanbian, The State Department, North Korea, 2016, US Treasury, Chol, Son Kyong Sik, Biden, US, the last six years, Russia, Ministry of National Defense, the years, Treasury, the Ministry of National Defense, The United States, U.S., Department 53, years, Silk Typhoon, North Korea's, Today, The U.S. Treasury Department, Chinese

Lazarus APT Evolves Developer-Recruitment Attacks

North Korea's Lazarus threat group has launched a fresh wave of attacks targeting software developers using recruitment tactics on job-hiring platforms, particularly LinkedIn, to lure victims into downloading malicious resources through project tests or code reviews, leading to data-stealing implants with capabilities extending across Windows, macOS, and Linux operating systems.

First Reported: 2025-01-15 16:02:08

Last Updated: 2025-01-15 21:07:00

Source Count: 2

CVEs: None

Key Entities: MCLIP, Brazil, the Lazarus Group's, SecurityScorecard, January 9, 2025, Egypt, Operation 99, North Korean, Operation Dream Job, today, GitLab, North Korea, Mexico, The Lazarus Group, Main5346, Intelligence, Argentina, AI, The Hacker News, Italy, India, Indonesia, NukeSped, LinkedIn, Pakistan, Windows, Ryan Sherstobitoff, Germany, Threat Research, U.S., Git, North Korea's, France, Philippines, Lazarus Group, Sherstobitoff, Linux, U.K., Lazarus

North Korean IT Worker Fraud Scheme Expansion: Link to 2016 Crowdfunding Scam and Fake Domains

A connection has been found between North Korean IT worker fraud schemes and a 2016 crowdfunding scam, with threat actors also linked to a previous cryptocurrency heist. The U.S. Treasury Department has sanctioned multiple front companies involved in the schemes, including those generating over $88 million in illegal remote IT work.

First Reported: 2025-01-15 19:02:00

Last Updated: 2025-01-16 13:48:43

Source Count: 2

CVEs: None

Key Entities: the United States, Jong, Ukraine, Korea Osong Shipping Co, UN, Volasys Silverstar, last year, DPRK, North Korean, Liaoning China Trade, FBI, Bradley T. Smith, Office of Foreign Assets Control (OFAC, Chonsurim Trading Corporation, Chonsurim, Yanbian, The State Department, North Korea, 2016, US Treasury, Chol, Son Kyong Sik, Biden, US, the last six years, Russia, Ministry of National Defense, the years, Treasury, the Ministry of National Defense, The United States, U.S., Department 53, years, Silk Typhoon, North Korea's, Today, The U.S. Treasury Department, Chinese

Lazarus APT Evolves Developer-Recruitment Attacks

North Korea's Lazarus threat group has launched a fresh wave of attacks targeting software developers using recruitment tactics on job-hiring platforms, particularly LinkedIn, to lure victims into downloading malicious resources through project tests or code reviews, leading to data-stealing implants with capabilities extending across Windows, macOS, and Linux operating systems.

First Reported: 2025-01-15 16:02:08

Last Updated: 2025-01-15 21:07:00

Source Count: 2

CVEs: None

Key Entities: MCLIP, Brazil, the Lazarus Group's, SecurityScorecard, January 9, 2025, Egypt, Operation 99, North Korean, Operation Dream Job, today, GitLab, North Korea, Mexico, The Lazarus Group, Main5346, Intelligence, Argentina, AI, The Hacker News, Italy, India, Indonesia, NukeSped, LinkedIn, Pakistan, Windows, Ryan Sherstobitoff, Germany, Threat Research, U.S., Git, North Korea's, France, Philippines, Lazarus Group, Sherstobitoff, Linux, U.K., Lazarus

Abandoned Google OAuth Accounts Vulnerability

Attackers can gain access to abandoned employee accounts linked to various software-as-a-service (SaaS) platforms by purchasing defunct startup domains and exploiting a weakness in Google's OAuth 'Sign in with Google' feature, which is due to an unreliability issue that could theoretically be prevented but has been found unreliable.

First Reported: 2025-01-14 12:28:20

Last Updated: 2025-01-14 22:08:00

Source Count: 2

CVEs: None

Key Entities: Entra ID, Truffle Security, Microsoft, December 19, 2024, Slack, Notion, Zoom, Google, Dylan Ayrey, OpenAI, Ayrey, The Hacker News, American, San Francisco, Slack, Monday, Truffle

Abandoned Google OAuth Accounts Vulnerability

Attackers can gain access to abandoned employee accounts linked to various software-as-a-service (SaaS) platforms by purchasing defunct startup domains and exploiting a weakness in Google's OAuth 'Sign in with Google' feature, which is due to an unreliability issue that could theoretically be prevented but has been found unreliable.

First Reported: 2025-01-14 12:28:20

Last Updated: 2025-01-14 22:08:00

Source Count: 2

CVEs: None

Key Entities: Entra ID, Truffle Security, Microsoft, December 19, 2024, Slack, Notion, Zoom, Google, Dylan Ayrey, OpenAI, Ayrey, The Hacker News, American, San Francisco, Slack, Monday, Truffle

Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting

A Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign targeting victims' WhatsApp accounts, using a broken quick response (QR) code in an email to trick the recipient into joining a fake WhatsApp group. The campaign aims to exploit WhatsApp's QR code feature to gain unauthorized access to victims' messages and exfiltrate data via browser add-ons.

First Reported: 2025-01-16 23:42:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Russian, Star Blizzard, WhatsApp, WhatsApp, WhatsApp

Simplifying Trust Management with DigiCert ONE: A Technical Webinar

A free webinar hosted by DigiCert to demonstrate their ONE platform, which aims to simplify and automate trust management for devices, users, and workloads in hybrid environments. The webinar will showcase how to centralize control, automate security, implement secure software signing practices, and ensure compliance.

First Reported: 2025-01-16 17:55:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: DigiCert

Bypassing Microsoft's Group Policy to Enable NTLMv1 Authentication

A misconfiguration in on-premise applications can override Microsoft's Active Directory Group Policy, effectively allowing NTLMv1 authentication despite restrictions. This happens due to a simple setting in the Netlogon Remote Protocol (MS-NRPC) that enables NTLMv1 authentication when only NTLMv2 is allowed.

First Reported: 2025-01-16 16:50:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Microsoft, Active Directory Group Policy, MS-NRPC

Malware Concealment via Image Hiding

Threat actors have been hiding malware in images to deliver keyloggers and info-stealers, exploiting vulnerabilities in Microsoft Excel and utilizing AI-generated HTML files.

First Reported: 2025-01-16 16:45:00

Last Updated: None

Source Count: 1

CVEs: CVE-2017-11882

Key Entities: Microsoft Excel, HTML, CVE-2017-11882

Integrating Threat Detection, Investigation, and Response (TDIR) Frameworks for Enhanced Cybersecurity

The Happening: Implementing a comprehensive Threat Detection, Investigation, and Response (TDIR) framework within organizations to enhance cybersecurity posture and operational resilience. The TDIR approach integrates advanced technologies, skilled professionals, and well-defined processes to anticipate, identify, and address threats swiftly.

First Reported: 2025-01-16 15:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Threat Detection, Investigation, Response (TDIR, TDIR

Reputational Scoring Services in Cybersecurity Experience Mixed Success

A growing trend of using reputational scoring services to optimize risk management and decision-making processes in cybersecurity has led to mixed success, with some companies experiencing benefits while others finding it a wasted effort.

First Reported: 2025-01-16 14:29:59

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: None

Executive Order to Enhance National Cybersecurity

President Biden signed an executive order to bolster national cybersecurity by making it easier to sanction hacking groups targeting federal agencies and critical infrastructure. The order also expands on existing sanctions against entities responsible for or complicit in cyberattacks that result in a significant threat to the nation's security, foreign policy, or economy.

First Reported: 2025-01-16 12:58:14

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Biden

Python-Based Malware Deployment for Lateral Movement and Ransomware Delivery

A threat actor utilized a Python-based backdoor to maintain persistent access to compromised endpoints, then leveraged this access to deploy the RansomHub ransomware throughout the target network. The initial infection was facilitated by the SocGholish JavaScript malware, which was downloaded from infected websites that tricked unsuspecting users into downloading bogus web browser updates.

First Reported: 2025-01-16 12:15:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-4984, CVE-2024-3665

Key Entities: Python, RansomHub, SocGholish, JavaScript, CVE-2024-4984, CVE-2024-3665

Critical Flaws Discovered in Ivanti Endpoint Manager

A researcher has uncovered critical security flaws in multiple versions of Ivanti Endpoint Manager, allowing a remote unauthenticated attacker to leak sensitive information. The four critical bugs affect EPM versions prior to January-2025 Security Update and were discovered by Zach Hanley from Horizon3.ai.

First Reported: 2025-01-16 12:09:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159, CVE-2025-0070, CVE-2025-0066

Key Entities: Ivanti Endpoint, EPM, January-2025 Security Update, Zach Hanley, CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159, CVE-2025-0070, CVE-2025-0066

Wolf Haldenstein Data Breach Incident

On December 13, 2023, Wolf Haldenstein detected a data breach where hackers accessed confidential information stored on its servers. The incident is reported to have affected approximately 3.5 million individuals, exposing their personal information. Although the firm has not yet sent direct notices to all impacted parties due to difficulties in locating contact information, complementary credit monitoring coverage will be offered.

First Reported: 2025-01-16 11:26:41

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: December 13, 2023, Wolf Haldenstein

FTC requires GoDaddy to implement basic security protections

The Federal Trade Commission (FTC) will require web hosting giant GoDaddy to implement basic security protections, including HTTPS APIs and mandatory multi-factor authentication. This requirement is a direct result of the FTC's charges that GoDaddy failed to secure its hosting services against attacks since 2018. The company's unreasonable security practices led to multiple breaches, affecting millions of customers worldwide.

First Reported: 2025-01-16 11:09:19

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The Federal Trade Commission, FTC, GoDaddy, HTTPS, FTC, GoDaddy, 2018

Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting

A Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign targeting victims' WhatsApp accounts, using a broken quick response (QR) code in an email to trick the recipient into joining a fake WhatsApp group. The campaign aims to exploit WhatsApp's QR code feature to gain unauthorized access to victims' messages and exfiltrate data via browser add-ons.

First Reported: 2025-01-16 23:42:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Russian, Star Blizzard, WhatsApp, WhatsApp, WhatsApp

Simplifying Trust Management with DigiCert ONE: A Technical Webinar

A free webinar hosted by DigiCert to demonstrate their ONE platform, which aims to simplify and automate trust management for devices, users, and workloads in hybrid environments. The webinar will showcase how to centralize control, automate security, implement secure software signing practices, and ensure compliance.

First Reported: 2025-01-16 17:55:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: DigiCert

Bypassing Microsoft's Group Policy to Enable NTLMv1 Authentication

A misconfiguration in on-premise applications can override Microsoft's Active Directory Group Policy, effectively allowing NTLMv1 authentication despite restrictions. This happens due to a simple setting in the Netlogon Remote Protocol (MS-NRPC) that enables NTLMv1 authentication when only NTLMv2 is allowed.

First Reported: 2025-01-16 16:50:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Microsoft, Active Directory Group Policy, MS-NRPC

Malware Concealment via Image Hiding

Threat actors have been hiding malware in images to deliver keyloggers and info-stealers, exploiting vulnerabilities in Microsoft Excel and utilizing AI-generated HTML files.

First Reported: 2025-01-16 16:45:00

Last Updated: None

Source Count: 1

CVEs: CVE-2017-11882

Key Entities: Microsoft Excel, HTML, CVE-2017-11882

Integrating Threat Detection, Investigation, and Response (TDIR) Frameworks for Enhanced Cybersecurity

The Happening: Implementing a comprehensive Threat Detection, Investigation, and Response (TDIR) framework within organizations to enhance cybersecurity posture and operational resilience. The TDIR approach integrates advanced technologies, skilled professionals, and well-defined processes to anticipate, identify, and address threats swiftly.

First Reported: 2025-01-16 15:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Threat Detection, Investigation, Response (TDIR, TDIR

Reputational Scoring Services in Cybersecurity Experience Mixed Success

A growing trend of using reputational scoring services to optimize risk management and decision-making processes in cybersecurity has led to mixed success, with some companies experiencing benefits while others finding it a wasted effort.

First Reported: 2025-01-16 14:29:59

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: None

Executive Order to Enhance National Cybersecurity

President Biden signed an executive order to bolster national cybersecurity by making it easier to sanction hacking groups targeting federal agencies and critical infrastructure. The order also expands on existing sanctions against entities responsible for or complicit in cyberattacks that result in a significant threat to the nation's security, foreign policy, or economy.

First Reported: 2025-01-16 12:58:14

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Biden

Python-Based Malware Deployment for Lateral Movement and Ransomware Delivery

A threat actor utilized a Python-based backdoor to maintain persistent access to compromised endpoints, then leveraged this access to deploy the RansomHub ransomware throughout the target network. The initial infection was facilitated by the SocGholish JavaScript malware, which was downloaded from infected websites that tricked unsuspecting users into downloading bogus web browser updates.

First Reported: 2025-01-16 12:15:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-4984, CVE-2024-3665

Key Entities: Python, RansomHub, SocGholish, JavaScript, CVE-2024-4984, CVE-2024-3665

Critical Flaws Discovered in Ivanti Endpoint Manager

A researcher has uncovered critical security flaws in multiple versions of Ivanti Endpoint Manager, allowing a remote unauthenticated attacker to leak sensitive information. The four critical bugs affect EPM versions prior to January-2025 Security Update and were discovered by Zach Hanley from Horizon3.ai.

First Reported: 2025-01-16 12:09:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159, CVE-2025-0070, CVE-2025-0066

Key Entities: Ivanti Endpoint, EPM, January-2025 Security Update, Zach Hanley, CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159, CVE-2025-0070, CVE-2025-0066

Wolf Haldenstein Data Breach Incident

On December 13, 2023, Wolf Haldenstein detected a data breach where hackers accessed confidential information stored on its servers. The incident is reported to have affected approximately 3.5 million individuals, exposing their personal information. Although the firm has not yet sent direct notices to all impacted parties due to difficulties in locating contact information, complementary credit monitoring coverage will be offered.

First Reported: 2025-01-16 11:26:41

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: December 13, 2023, Wolf Haldenstein

FTC requires GoDaddy to implement basic security protections

The Federal Trade Commission (FTC) will require web hosting giant GoDaddy to implement basic security protections, including HTTPS APIs and mandatory multi-factor authentication. This requirement is a direct result of the FTC's charges that GoDaddy failed to secure its hosting services against attacks since 2018. The company's unreasonable security practices led to multiple breaches, affecting millions of customers worldwide.

First Reported: 2025-01-16 11:09:19

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The Federal Trade Commission, FTC, GoDaddy, HTTPS, FTC, GoDaddy, 2018

Enhanced AI Cybersecurity Collaboration Through Information Sharing

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new playbook, encouraging organizations to share information about cybersecurity incidents and vulnerabilities linked to Artificial Intelligence (AI) systems. The JCDC AI Cybersecurity Collaboration Playbook aims to enhance incident response activities, strengthen information sharing processes, and fortify defenses by promoting voluntary sharing of sensitive information.

First Reported: 2025-01-15 23:11:51

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The U.S. Cybersecurity and Infrastructure Security Agency, Artificial Intelligence (AI, The JCDC AI Cybersecurity Collaboration Playbook

Rsync File Synchronization Tool Flaws Discovered

A group of researchers from Google Cloud Vulnerability Research have uncovered six security vulnerabilities in the popular Rsync file-synchronizing tool, some of which could be exploited to execute arbitrary code on a client. The flaws include heap-buffer overflow, information disclosure, file leak, external directory file-write, and symbolic-link race condition. This has significant implications for users who rely on Rsync for data synchronization.

First Reported: 2025-01-15 17:56:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747, CVE-2024-12084, CVE-2024-12085, CVE-2024-12084, CVE-2024-12085

Key Entities: Google Cloud Vulnerability Research, Rsync, Rsync, CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747, CVE-2024-12084, CVE-2024-12085, CVE-2024-12084, CVE-2024-12085

SAP NetWeaver Application Servers Critical Vulnerabilities Patched

On January 15th, SAP fixed two critical vulnerabilities affecting its NetWeaver web application server, which could have allowed attackers to escalate privileges and access restricted information. Additionally, four other security issues were addressed across different SAP products.

First Reported: 2025-01-15 17:02:15

Last Updated: None

Source Count: 1

CVEs: CVE-2025-0070, CVE-2025-0066, CVE-2025-0063, CVE-2025-0061

Key Entities: January 15th, SAP, NetWeaver, SAP, CVE-2025-0070, CVE-2025-0066, CVE-2025-0063, CVE-2025-0061

ICS/OT Security Summit for Critical Infrastructure

The ICS/OT Security Summit brings together industry peers and security experts to address the high-stakes disconnect in industrial control system (ICS) and operational technology (OT) security. The summit focuses on aligning security expenditures with critical functions, verifying threat-driven prioritized SANS Five ICS Cybersecurity Critical Controls, and enhancing security for safe and efficient operations in today's ICS/OT cyber threat landscape.

First Reported: 2025-01-15 17:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: ICS/OT Security Summit, ICS, OT, ICS Cybersecurity Critical Controls, today, ICS/OT

CISA Publishes Guidance for Expanded Microsoft Logging Capabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has published a 60-page playbook providing guidance on using expanded cloud logs in Microsoft 365 tenants. The updated logging capabilities, known as Microsoft Purview Audit (Standard), allow organizations to monitor and analyze user and admin operations performed across multiple Microsoft services and solutions.

First Reported: 2025-01-15 15:39:16

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The Cybersecurity and Infrastructure Security Agency, Microsoft, Microsoft Purview Audit, Microsoft

MikroTik Botnet Exploits Misconfigured SPF DNS Records for Malware Spread

A botnet of approximately 13,000 MikroTik devices exploits misconfigured SPF DNS records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. The threat actor impersonated DHL Express shipping company and delivered fake freight invoices with a malicious payload.

First Reported: 2025-01-15 15:04:45

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: MikroTik, DNS, DHL Express

Avery Website Compromised: Credit Card and Personal Information Stolen

Avery Products Corporation's website was hacked between July 18, 2024, and December 9, 2024, leading to the exfiltration of sensitive payment information from customers. The attack resulted in the compromise of first and last names, billing and shipping addresses, email addresses, phone numbers, payment card numbers, CVV codes, expiration dates, and purchase amounts for 61,193 affected customers.

First Reported: 2025-01-15 14:44:28

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Avery Products Corporation's, between July 18, 2024, December 9, 2024, CVV

Critical Flaws in SimpleHelp Remote Access Software Discovered

A critical vulnerability was discovered in the SimpleHelp remote access software, allowing attackers to steal files, escalate privileges, and execute arbitrary code on the server. The flaw, identified by researchers at Horizon3.ai, affects multiple versions of the software.

First Reported: 2025-01-15 10:40:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-57727, CVE-2024-57728, CVE-2024-57726, CVE-2024-57726, CVE-2024-57728

Key Entities: SimpleHelp, CVE-2024-57727, CVE-2024-57728, CVE-2024-57726, CVE-2024-57726, CVE-2024-57728

Enhanced AI Cybersecurity Collaboration Through Information Sharing

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new playbook, encouraging organizations to share information about cybersecurity incidents and vulnerabilities linked to Artificial Intelligence (AI) systems. The JCDC AI Cybersecurity Collaboration Playbook aims to enhance incident response activities, strengthen information sharing processes, and fortify defenses by promoting voluntary sharing of sensitive information.

First Reported: 2025-01-15 23:11:51

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The U.S. Cybersecurity and Infrastructure Security Agency, Artificial Intelligence (AI, The JCDC AI Cybersecurity Collaboration Playbook

Rsync File Synchronization Tool Flaws Discovered

A group of researchers from Google Cloud Vulnerability Research have uncovered six security vulnerabilities in the popular Rsync file-synchronizing tool, some of which could be exploited to execute arbitrary code on a client. The flaws include heap-buffer overflow, information disclosure, file leak, external directory file-write, and symbolic-link race condition. This has significant implications for users who rely on Rsync for data synchronization.

First Reported: 2025-01-15 17:56:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747, CVE-2024-12084, CVE-2024-12085, CVE-2024-12084, CVE-2024-12085

Key Entities: Google Cloud Vulnerability Research, Rsync, Rsync, CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747, CVE-2024-12084, CVE-2024-12085, CVE-2024-12084, CVE-2024-12085

SAP NetWeaver Application Servers Critical Vulnerabilities Patched

On January 15th, SAP fixed two critical vulnerabilities affecting its NetWeaver web application server, which could have allowed attackers to escalate privileges and access restricted information. Additionally, four other security issues were addressed across different SAP products.

First Reported: 2025-01-15 17:02:15

Last Updated: None

Source Count: 1

CVEs: CVE-2025-0070, CVE-2025-0066, CVE-2025-0063, CVE-2025-0061

Key Entities: January 15th, SAP, NetWeaver, SAP, CVE-2025-0070, CVE-2025-0066, CVE-2025-0063, CVE-2025-0061

ICS/OT Security Summit for Critical Infrastructure

The ICS/OT Security Summit brings together industry peers and security experts to address the high-stakes disconnect in industrial control system (ICS) and operational technology (OT) security. The summit focuses on aligning security expenditures with critical functions, verifying threat-driven prioritized SANS Five ICS Cybersecurity Critical Controls, and enhancing security for safe and efficient operations in today's ICS/OT cyber threat landscape.

First Reported: 2025-01-15 17:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: ICS/OT Security Summit, ICS, OT, ICS Cybersecurity Critical Controls, today, ICS/OT

CISA Publishes Guidance for Expanded Microsoft Logging Capabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has published a 60-page playbook providing guidance on using expanded cloud logs in Microsoft 365 tenants. The updated logging capabilities, known as Microsoft Purview Audit (Standard), allow organizations to monitor and analyze user and admin operations performed across multiple Microsoft services and solutions.

First Reported: 2025-01-15 15:39:16

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The Cybersecurity and Infrastructure Security Agency, Microsoft, Microsoft Purview Audit, Microsoft

MikroTik Botnet Exploits Misconfigured SPF DNS Records for Malware Spread

A botnet of approximately 13,000 MikroTik devices exploits misconfigured SPF DNS records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. The threat actor impersonated DHL Express shipping company and delivered fake freight invoices with a malicious payload.

First Reported: 2025-01-15 15:04:45

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: MikroTik, DNS, DHL Express

Avery Website Compromised: Credit Card and Personal Information Stolen

Avery Products Corporation's website was hacked between July 18, 2024, and December 9, 2024, leading to the exfiltration of sensitive payment information from customers. The attack resulted in the compromise of first and last names, billing and shipping addresses, email addresses, phone numbers, payment card numbers, CVV codes, expiration dates, and purchase amounts for 61,193 affected customers.

First Reported: 2025-01-15 14:44:28

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Avery Products Corporation's, between July 18, 2024, December 9, 2024, CVV

Critical Flaws in SimpleHelp Remote Access Software Discovered

A critical vulnerability was discovered in the SimpleHelp remote access software, allowing attackers to steal files, escalate privileges, and execute arbitrary code on the server. The flaw, identified by researchers at Horizon3.ai, affects multiple versions of the software.

First Reported: 2025-01-15 10:40:00

Last Updated: None

Source Count: 1

CVEs: CVE-2024-57727, CVE-2024-57728, CVE-2024-57726, CVE-2024-57726, CVE-2024-57728

Key Entities: SimpleHelp, CVE-2024-57727, CVE-2024-57728, CVE-2024-57726, CVE-2024-57726, CVE-2024-57728

Rapid Expansion of SaaS Attack Surface Requires Immediate Attention

A growing number of employees creating new SaaS accounts every two weeks expands the organization's attack surface, making it an attractive target for attackers. This phenomenon, known as SaaS sprawl, necessitates proactive security measures to mitigate risks associated with identity, data, and third-party vulnerabilities.

First Reported: 2025-01-14 15:38:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: None

Cybersecurity Startups Focus on Deepfakes, Data-in-Motion, and Model Security

In 2024, cyber security startups focused on emerging data and AI security solutions. There was a surge in investments in startups tackling deepfakes, data-in-motion, and model security, driven by concerns over election disinformation, executive impersonation attacks, and data leakage. Startups developed identity assurance solutions to monitor conference calls and detect liveness indicators, while others focused on protecting against data leakage from models, reinventing data loss prevention (DLP), and providing a control plane for application security.

First Reported: 2025-01-14 15:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: 2024, AI

Huione Guarantee's Telegram Market Surpasses Hydra in Crypto Transactions

The Huione Guarantee Telegram market surpassed Hydra as the largest online illicit marketplace, with a cumulative $24 billion in cryptocurrency transactions. The marketplace has more than 820,000 users and was established in 2021 to facilitate car and real estate sales.

First Reported: 2025-01-14 14:59:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Hydra, 2021

Rapid Expansion of SaaS Attack Surface Requires Immediate Attention

A growing number of employees creating new SaaS accounts every two weeks expands the organization's attack surface, making it an attractive target for attackers. This phenomenon, known as SaaS sprawl, necessitates proactive security measures to mitigate risks associated with identity, data, and third-party vulnerabilities.

First Reported: 2025-01-14 15:38:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: None

Cybersecurity Startups Focus on Deepfakes, Data-in-Motion, and Model Security

In 2024, cyber security startups focused on emerging data and AI security solutions. There was a surge in investments in startups tackling deepfakes, data-in-motion, and model security, driven by concerns over election disinformation, executive impersonation attacks, and data leakage. Startups developed identity assurance solutions to monitor conference calls and detect liveness indicators, while others focused on protecting against data leakage from models, reinventing data loss prevention (DLP), and providing a control plane for application security.

First Reported: 2025-01-14 15:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: 2024, AI

Huione Guarantee's Telegram Market Surpasses Hydra in Crypto Transactions

The Huione Guarantee Telegram market surpassed Hydra as the largest online illicit marketplace, with a cumulative $24 billion in cryptocurrency transactions. The marketplace has more than 820,000 users and was established in 2021 to facilitate car and real estate sales.

First Reported: 2025-01-14 14:59:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Hydra, 2021

CPG Adoption Increases Among Critical Infrastructure Sectors

CISA's Cybersecurity Performance Goals (CPGs) adoption rate has increased among critical infrastructure sectors, particularly in Healthcare and Public Health, Water and Wastewater Systems, Communications, and Government Services and Facilities. As CISA strengthens partnerships across all 16 critical infrastructure sectors, the agency expects CPG adoption to expand.

First Reported: 2025-01-13 21:51:36

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: CISA, Cybersecurity Performance Goals, Healthcare, Wastewater Systems, Government Services, CPG

K2 Awarded Navy SeaPort NxG Contract for Professional Support Services

The Native Hawaiian Organization (NHO) leader in defense, technology, and workforce development, Krilla Kaleiwahea LLC (K2), was selected as a prime contractor on the prestigious Navy SeaPort contract. This achievement positions K2 to provide exceptional professional support services to the U.S. Navy across various functional areas.

First Reported: 2025-01-13 21:44:23

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The Native Hawaiian Organization, Krilla Kaleiwahea, Navy SeaPort, K2, the U.S. Navy

Grupo Bimbo Ventures Invests in NanoLock Security for OT Cybersecurity Solutions

Grupo Bimbo Ventures, a venture capital arm of Grupo Bimbo, invested in NanoLock Security to enhance food operations security and resilience worldwide. The investment aims to leverage NanoLock's advanced OT cybersecurity solutions for industrial manufacturing and critical infrastructure.

First Reported: 2025-01-13 21:42:26

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Grupo Bimbo Ventures, Grupo Bimbo, NanoLock Security, NanoLock, OT

Personal Data Exposure via Ransomware Attack on OneBlood

OneBlood, a blood-donation not-for-profit organization in the US, confirmed that donors' personal information (names and SSNs) was stolen during a ransomware attack in July 2024. The attack caused delays in blood collection, testing, and distribution, leading to critical blood shortage protocols. Donors were notified of potential data exposure six months after the breach occurred.

First Reported: 2025-01-13 17:36:16

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: OneBlood, US, July 2024, six months

UTF-16 to ANSI Conversion Vulnerability in Windows

A vulnerability exists in the Windows operating system's UTF-16 to ANSI conversion process, allowing for path traversal and remote code execution attacks via techniques like filename smuggling and environment variable confusion.

First Reported: 2025-01-13 17:35:00

Last Updated: None

Source Count: 1

CVEs: CVE-2025-0282, CVE-2024-52875, CVE-2024-8474, CVE-2024-46981, CVE-2024-51919, CVE-2024-51818, CVE-2024-12877, CVE-2024-12847, CVE-2025-23016, CVE-2024-10215, CVE-2024-11350, CVE-2024-13239, CVE-2024-54676, CVE-2025-0103, CVE-2024-53704, CVE-2024-50603, CVE-2024-9138, CVE-2024-9140

Key Entities: Windows, ANSI, CVE-2025-0282, CVE-2024-52875, CVE-2024-8474, CVE-2024-46981, CVE-2024-51919, CVE-2024-51818, CVE-2024-12877, CVE-2024-12847, CVE-2025-23016, CVE-2024-10215, CVE-2024-11350, CVE-2024-13239, CVE-2024-54676, CVE-2025-0103, CVE-2024-53704, CVE-2024-50603, CVE-2024-9138, CVE-2024-9140

Malware Distribution via Abused YouTube Comments and Google Search Results

Cyberattackers are distributing malware through YouTube comments and Google search results, targeting users looking for pirated software. The attackers pose as legitimate software install guides on YouTube, leading viewers to fake download links that contain infostealing malware. On Google, they seed search results with malicious links that appear to be legitimate downloaders, but actually contain malware. This happening has a significant impact on individuals and organizations, as it can lead to the theft of sensitive information such as passwords and cryptocurrency-wallet data.

First Reported: 2025-01-13 17:26:08

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: YouTube, Google, YouTube, Google

Ransomware Attacks on VMware ESXi Servers Escalate in 2024

In 2024, a significant number of ransomware attacks targeted VMware ESXi servers, resulting in substantial losses. The attackers exploited vulnerabilities in the vCenter server, which manages multiple ESXi hosts, and employed hybrid encryption to encrypt essential files, making recovery difficult. The attacks were often carried out by variants of the Babuk ransomware, adapted to evade detection.

First Reported: 2025-01-13 17:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: 2024, VMware, vCenter, Babuk

Compromised Path of Exile 2 Admin Account Enables Account Takeovers

A hacked admin account allowed a threat actor to access at least 66 player accounts, causing them to lose in-game purchases and valuable items. The breach occurred when the attackers compromised an old Steam account linked to one of the game's administrator accounts.

First Reported: 2025-01-13 15:33:46

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: None

Ivanti Zero-Day Exploit Affects UK Domain Registry Nominet

Nominet, the official .UK domain registry, has confirmed a network breach using an Ivanti VPN zero-day vulnerability. The incident occurred two weeks ago, affecting over 11 million .uk, .co.uk, and .gov .uk domain names. Nominet has reported the attack to relevant authorities, restricted access to its systems via VPN connections, and is still investigating the incident.

First Reported: 2025-01-13 11:50:12

Last Updated: None

Source Count: 1

CVEs: CVE-2025-0282

Key Entities: Nominet, Ivanti, zero-day, two weeks ago, Nominet, CVE-2025-0282

CPG Adoption Increases Among Critical Infrastructure Sectors

CISA's Cybersecurity Performance Goals (CPGs) adoption rate has increased among critical infrastructure sectors, particularly in Healthcare and Public Health, Water and Wastewater Systems, Communications, and Government Services and Facilities. As CISA strengthens partnerships across all 16 critical infrastructure sectors, the agency expects CPG adoption to expand.

First Reported: 2025-01-13 21:51:36

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: CISA, Cybersecurity Performance Goals, Healthcare, Wastewater Systems, Government Services, CPG

K2 Awarded Navy SeaPort NxG Contract for Professional Support Services

The Native Hawaiian Organization (NHO) leader in defense, technology, and workforce development, Krilla Kaleiwahea LLC (K2), was selected as a prime contractor on the prestigious Navy SeaPort contract. This achievement positions K2 to provide exceptional professional support services to the U.S. Navy across various functional areas.

First Reported: 2025-01-13 21:44:23

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: The Native Hawaiian Organization, Krilla Kaleiwahea, Navy SeaPort, K2, the U.S. Navy

Grupo Bimbo Ventures Invests in NanoLock Security for OT Cybersecurity Solutions

Grupo Bimbo Ventures, a venture capital arm of Grupo Bimbo, invested in NanoLock Security to enhance food operations security and resilience worldwide. The investment aims to leverage NanoLock's advanced OT cybersecurity solutions for industrial manufacturing and critical infrastructure.

First Reported: 2025-01-13 21:42:26

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: Grupo Bimbo Ventures, Grupo Bimbo, NanoLock Security, NanoLock, OT

Personal Data Exposure via Ransomware Attack on OneBlood

OneBlood, a blood-donation not-for-profit organization in the US, confirmed that donors' personal information (names and SSNs) was stolen during a ransomware attack in July 2024. The attack caused delays in blood collection, testing, and distribution, leading to critical blood shortage protocols. Donors were notified of potential data exposure six months after the breach occurred.

First Reported: 2025-01-13 17:36:16

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: OneBlood, US, July 2024, six months

UTF-16 to ANSI Conversion Vulnerability in Windows

A vulnerability exists in the Windows operating system's UTF-16 to ANSI conversion process, allowing for path traversal and remote code execution attacks via techniques like filename smuggling and environment variable confusion.

First Reported: 2025-01-13 17:35:00

Last Updated: None

Source Count: 1

CVEs: CVE-2025-0282, CVE-2024-52875, CVE-2024-8474, CVE-2024-46981, CVE-2024-51919, CVE-2024-51818, CVE-2024-12877, CVE-2024-12847, CVE-2025-23016, CVE-2024-10215, CVE-2024-11350, CVE-2024-13239, CVE-2024-54676, CVE-2025-0103, CVE-2024-53704, CVE-2024-50603, CVE-2024-9138, CVE-2024-9140

Key Entities: Windows, ANSI, CVE-2025-0282, CVE-2024-52875, CVE-2024-8474, CVE-2024-46981, CVE-2024-51919, CVE-2024-51818, CVE-2024-12877, CVE-2024-12847, CVE-2025-23016, CVE-2024-10215, CVE-2024-11350, CVE-2024-13239, CVE-2024-54676, CVE-2025-0103, CVE-2024-53704, CVE-2024-50603, CVE-2024-9138, CVE-2024-9140

Malware Distribution via Abused YouTube Comments and Google Search Results

Cyberattackers are distributing malware through YouTube comments and Google search results, targeting users looking for pirated software. The attackers pose as legitimate software install guides on YouTube, leading viewers to fake download links that contain infostealing malware. On Google, they seed search results with malicious links that appear to be legitimate downloaders, but actually contain malware. This happening has a significant impact on individuals and organizations, as it can lead to the theft of sensitive information such as passwords and cryptocurrency-wallet data.

First Reported: 2025-01-13 17:26:08

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: YouTube, Google, YouTube, Google

Ransomware Attacks on VMware ESXi Servers Escalate in 2024

In 2024, a significant number of ransomware attacks targeted VMware ESXi servers, resulting in substantial losses. The attackers exploited vulnerabilities in the vCenter server, which manages multiple ESXi hosts, and employed hybrid encryption to encrypt essential files, making recovery difficult. The attacks were often carried out by variants of the Babuk ransomware, adapted to evade detection.

First Reported: 2025-01-13 17:00:00

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: 2024, VMware, vCenter, Babuk

Compromised Path of Exile 2 Admin Account Enables Account Takeovers

A hacked admin account allowed a threat actor to access at least 66 player accounts, causing them to lose in-game purchases and valuable items. The breach occurred when the attackers compromised an old Steam account linked to one of the game's administrator accounts.

First Reported: 2025-01-13 15:33:46

Last Updated: None

Source Count: 1

CVEs: None

Key Entities: None

Ivanti Zero-Day Exploit Affects UK Domain Registry Nominet

Nominet, the official .UK domain registry, has confirmed a network breach using an Ivanti VPN zero-day vulnerability. The incident occurred two weeks ago, affecting over 11 million .uk, .co.uk, and .gov .uk domain names. Nominet has reported the attack to relevant authorities, restricted access to its systems via VPN connections, and is still investigating the incident.

First Reported: 2025-01-13 11:50:12

Last Updated: None

Source Count: 1

CVEs: CVE-2025-0282

Key Entities: Nominet, Ivanti, zero-day, two weeks ago, Nominet, CVE-2025-0282