News
Hi folks,
Almost missed an issue for the first time, but hell no! Yesterday was filled with studying and a test, next Friday is the big exam. After that normal business should resume :-)
Thanks for bearing with me!
FBI, CISA and NSA reveal most exploited vulnerabilities of 2023
The FBI, the NSA, and Five Eyes cybersecurity authorities have released a list of the top 15 routinely exploited vulnerabilities throughout last year, most of them first abused as zero-days.
Volt Typhoon rebuilds malware botnet following FBI disruption
The Chinese state-sponsored hacking group Volt Typhoon has begun to rebuild its "KV-Botnet" malware botnet after it was disrupted by law enforcement in January, according to researchers from SecurityScorecard.
Microsoft revamps how it will disclose vulnerabilities
The company said the additional disclosure method using the Common Security Advisory Framework will help organizations better prioritize CVEs.
CISA’s Jack Cable on secure-by-design pledge progress — and next steps
The pledge, and CISA’s broader secure-by-design initiative, are key parts of the White House’s push to hold tech companies accountable for the cascading harms of poorly designed products and vulnerable software.
Breaches and leaks
- Amazon confirms employee data breach after vendor hack: link.
- HIBP notifies 57 million people of Hot Topic data breach: link.
- Leaked info of 122 million linked to B2B data aggregator breach: link.
- Botnet exploits GeoVision zero-day to install Mirai malware: link.
- 2 million records, including the PII of job seekers, exposed online by a tech recruitment service: link.
- Halliburton reports $35 million loss after ransomware attack: link.
- Hungary confirms hack of defense procurement agency: link.
- Wisconsin city of Sheboygan says ransom demanded after cyberattack: link.
- Cyberattack causes credit card readers to malfunction in Israel: link.
Issues and fixes
- Mystery Palo Alto Networks 0-day RCE now actively exploited: link.
- Palo Alto Networks’ customer migration tool hit by trio of CVE exploits: link.
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws: link.
- Unpatched Mazda Connect bugs let hackers install persistent malware: link.
- Critical bug in EoL D-Link NAS devices now exploited in attacks: link.
- Critical Veeam RCE bug now used in Frag ransomware attacks: link.
- Microsoft says recent Windows 11 updates break SSH connections: link.
1Password: the password manager with (to me) the best UX
I'm not going to write a long marketing-heavy paragraph on this one. I just love using 1Password. The UX, the support, the integrations, it all works wonderfully. Highly recommended. (Sponsored)