Breaking (Cyber) News
Keep abreast of breaking cyber security news and evolution in the cyber threat landscape
The Hacker News
- North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake DomainsCybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyang-based threamoret groups may have pulled off illicit money-making scams that predate the use of IT workers, SecureWorks Counter Threat Unit (CTU) said in a report shared […]
- Google Cloud Researchers Uncover Flaws in Rsync File Synchronization ToolAs many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. "Attackers can take control of a malicious server and read/write arbitrary files of any connected client," the CERT Coordination Center (CERT/CC) said in an […]
- The High-Stakes Disconnect For ICS/OT SecurityWhy does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn’t just ineffective—it’s high risk. In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Control Systems (ICS) and Operational Technology (OT) security distinctly stand out from traditional IT security. […]
Cisco’s homegrown AI to help enterprises navigate AI adoption | CSO Online
- Cisco’s homegrown AI to help enterprises navigate AI adoptionAs the world rushes to integrate AI into all aspects of enterprise applications, there’s a pressing need to secure data-absorbing AI systems from malicious interferences. To achieve that, Cisco has announced Cisco AI Defense, a solution designed to address the risks introduced by the development, deployment, and usage of AI. According to Tom Gillis, SVP […]
- CISA unveils ‘Secure by Demand’ guidelines to bolster OT securityThe US Cybersecurity and Infrastructure Security Agency (CISA), along with its international cybersecurity allies, has unveiled the “Secure by Demand” guidelines to safeguard operational technology (OT) environments. The framework provides a blueprint for OT owners and operators to prioritize cybersecurity when procuring digital products. This initiative addresses growing concerns about vulnerabilities in critical infrastructure, including […]
- Diese Unternehmen hat’s schon erwischtLesen Sie, welche Unternehmen in Deutschland aktuell von Cyberangriffen betroffen sind.Roman Samborskyi | shutterstock.com Sie denken, Ihre Sicherheitsmaßnahmen können Sie langfristig vor Cyberangriffen schützen? Oder dass Ihr Unternehmen zu klein und damit uninteressant für Hacker ist? Egal, ob Sie dem Mittelstand angehören, an der Börse gelistet sind oder zu den kritischen Infrastrukturen gehören: Jedes Unternehmen […]
darkreading
- As Tensions Mount With China, Taiwan Sees Surge in CyberattacksIn 2024, the Taiwanese government saw the daily average of attempted attacks by China double to 2.4 million, with a focus on government targets and telecommunications firms.
- Microsoft Rings in 2025 With Record Security UpdateCompany has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
- 1Password's Trelica Buy Part of Broader Shadow IT PlayThe acquisition accelerates 1Password's ongoing efforts to expand the role of the password manager with secure SaaS management.
Sophos News
- 159-CVE January Patch Tuesday smashes single-month recordBrace yourselves... and consider reading your email in plaintext for now
- Prioritizing patching: A deep dive into frameworks and tools – Part 2: Alternative frameworksIn the second of a two-part series on tools and frameworks designed to help with remediation prioritization, we explore some alternatives to CVSS
- Prioritizing patching: A deep dive into frameworks and tools – Part 1: CVSSIn the first of a two-part series exploring tools and frameworks which can help organizations with remediation prioritization, Sophos X-Ops takes a look at the Common Vulnerability Scoring System (CVSS)
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
- Hackers Exploiting Fortinet Zero-day Vulnerability In Wild To Gain Super-Admin PrivilegesA critical zero-day vulnerability in Fortinet’s FortiOS and FortiProxy products is being actively exploited by hackers to gain super-admin privileges on affected devices. The authentication bypass flaw, tracked as CVE-2024-55591, allows remote attackers to execute unauthorized code or commands via crafted requests to the Node.js websocket module. Fortinet confirmed the exploitation of this vulnerability in […]
- Critical SAP NetWeaver Flaws Let Hackers Gain System AccessSAP has released its January 2025 Security Patch Day updates, addressing 14 new vulnerabilities, including two critical flaws in SAP NetWeaver that could allow attackers to gain unauthorized access to affected systems. The most severe vulnerability, CVE-2025-0070, is an improper authentication issue in SAP NetWeaver ABAP Server and ABAP Platform. With a CVSS score of […]
- Microsoft January 2025 Patch Tuesday Comes with Fix for 159 VulnerabilitiesMicrosoft’s January 2025 Patch Tuesday has arrived with a significant security update, addressing a total of 159 vulnerabilities. This marks the largest number of CVEs addressed in a single month since at least 2017, more than doubling the usual amount fixed in January. Out of the 159 CVEs, 11 are classified as critical security flaws. […]