DATE

NAME

Info

CATEG.

WEB

New Star Blizzard spear-phishing campaign targets WhatsApp accounts

In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group. This is the first time we have identified a shift in Star Blizzard’s longstanding tactics, techniques, and procedures (TTPs) to leverage a new access vector.

Cyber blog

Microsoft blog

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024

Since the end of 2024, we have been continuously monitoring large-scale DDoS attacks orchestrated by an IoT botnet exploiting vulnerable IoT devices such as wireless routers and IP cameras.

IoT blog

Trend Micro

Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data.

Safety blog

Trend Micro

How Cracks and Installers Bring Malware to Your Device

Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data.

Hacking blog

Trend Micro

GhostRAT Plays Effective Hide and Seek

OverviewThis week, the SonicWall Capture Labs threat research team investigated a sample of GhostRAT malware. This highly infectious file is built to be persistent and thorough, with many anti-analysi...

Malware blog

SonicWall

Windows LDAP Denial of Service Vulnerability (CVE-2024-49113): Crucial Information and How to Stay Protected

OverviewThe SonicWall Capture Labs threat research team became aware of a denial-of-service vulnerability in the Windows Lightweight Directory Access (LDAP) Protocol, assessed its impact and developed...

Vulnerebility blog

SonicWall

Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated Jan. 17)

On Jan. 8, 2025, Ivanti released a security advisory for two vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in its Connect Secure, Policy Secure and ZTA gateway products.

Vulnerebility blog

Palo Alto

One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks

When launching and persisting attacks at scale, threat actors can inadvertently leave behind traces of information. They often reuse, rotate and share portions of their infrastructure when automating their campaign’s setup before launching an attack.

Cyber blog

Palo Alto

Slew of WavLink vulnerabilities

Lilith >_> of Cisco Talos discovered these vulnerabilities. Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application. The Wavlink AC3000

Vulnerebility blog

Cisco Blog

Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”

Vulnerebility blog

Cisco Blog

UEFI Secure Boot: Not so secure

ESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems

Vulnerebility blog

Eset

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344

The story of a signed UEFI application allowing a UEFI Secure Boot bypass

Vulnerebility blog

Eset

Cybersecurity and AI: What does 2025 have in store?

In the hands of malicious actors, AI tools can enhance the scale and severity of all manner of scams, disinformation campaigns and other threats

AI blog

Eset

Protecting children online: Where Florida’s new law falls short

Some of the state’s new child safety law can be easily circumvented. Should it have gone further?

Safety blog

Eset

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit

Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.

Vulnerebility blog

Trend Micro

How Cracks and Installers Bring Malware to Your Device

Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data.

Malware blog

Trend Micro

Trend Micro Contributes and Maps Container Security to MITRE ATT&CK: A Game-Changer for Cyber Defense

Trend Micro leads the way by mapping its Container Security detection capabilities to the MITRE ATT&CK framework for Containers and contributing real-world attack data.

Cyber blog

Trend Micro

Apache Struts Path Traversal to RCE: CVE-2024-53677

OverviewThe SonicWall Capture Labs threat research team became aware of an unauthenticated, remote code execution vulnerability in the Apache Struts 2 framework, assessed its impact, and developed mit...

Vulnerebility blog

SonicWall

FunkSec – Alleged Top Ransomware Group Powered by AI

The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month.

Ransom blog

Checkpoint

Banshee: The Stealer That “Stole Code” From MacOS XProtect

Since September, Check Point Research has been monitoring a new version of the Banshee macOS stealer, a malware linked to Russian-speaking cyber criminals targeting macOS users.

Malware blog

Checkpoint

Crypto is soaring, but so are threats: Here’s how to keep your wallet safe

As detections of cryptostealers surge across Windows, Android and macOS, it's time for a refresher on how to keep your bitcoin or other crypto safe

Cryptocurrency blog

Eset

APT groups are increasingly deploying ransomware – and that’s bad news for everyone

The blurring of lines between cybercrime and state-sponsored attacks underscores the increasingly fluid and multifaceted nature of today’s cyberthreats

APT blog

Eset

AI moves to your PC with its own special hardware

Seeking to keep sensitive data private and accelerate AI workloads? Look no further than AI PCs powered by Intel Core Ultra processors with a built-in NPU.

AI blog

Eset

Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike

The distinction between nation-state actors and organized cybercriminals is becoming increasingly blurred in our rapidly evolving cyber landscape. Historically, these groups had distinct motivations: nation-states sought to achieve long-term geopolitical advantages through espionage and intelligence operations, while cybercriminals focused on financial gain, exploiting vulnerabilities for extortion, theft, and fraud.

Cyber blog

Trelix

What We Know About CVE-2024-49112 and CVE-2024-49113

This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that IT and SOC professionals need to know to stay protected against possible exploitation.

Vulnerebility blog

Trend Micro

AI Pulse: Top AI Trends from 2024 - A Look Back

In this edition of AI Pulse, let's look back at top AI trends from 2024 in the rear view so we can more clearly predicts AI trends for 2025 and beyond.

AI blog

Trend Micro

Gary Marcus – Taming Silicon Valley | Starmus Highlights

The prominent AI researcher explores the societal impact of AI and calls for a reimagined approach to AI development that avoids the dangers of surveillance capitalism

Cyber blog

Eset

This month in security with Tony Anscombe – December 2024 edition

From attacks leveraging new new zero-day exploits to a major law enforcement crackdown, December 2024 was packed with impactful cybersecurity news

Cyber blog

Eset

Chris Hadfield: The sky is falling – what to do about space junk? | Starmus Highlights

The first Canadian to walk in space dives deep into the origins of space debris, how it’s become a growing problem, and how we can clean up the orbital mess

Cyber blog

Eset