newly discovered zero-day vulnerability, CVE-2024-43451, has been actively exploited in the wild, targeting Windows systems across various versions. This critical vulnerability, uncovered by the ClearSky Cyber Security team in June 2024, has been linked to attacks aimed specifically at Ukrainian organizations - affects nearly all versions of Windows

#Windows #CoSoSec

https://www.clearskysec.com/0d-vulnerability-exploited-in-the_wild/

Have I Been Pwned warns that an alleged data breach compromised the private data of 56,904,909 Hot Topic, Box Lunch, and Torrid users. Hot Topic is an American retail franchise that specialises in counterculture-themed clothes, accessories, and licensed music merchandise.

#CoSoSec

According to HIBP, the exposed information includes full names, email addresses, birth dates, phone numbers, physical addresses, transaction history, and partial credit card data

The US government has detected "a broad and significant cyber espionage campaign" conducted by China-linked attackers and directed at "multiple" US telecommunications providers' networks.

#China #CoSoSec

In a joint statement issued on Wednesday by the FBI and US Cybersecurity and Infrastructure Security Agency (CISA), the two government bodies revealed the digital assaults resulted in....

Threat actors with ties to the Democratic People's Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications

#NorthKorea #CoSoSec #MacOS

https://thehackernews.com/2024/11/north-korean-hackers-target-macos-using.html

Scammers have leapt at the opportunity to exploit vulnerable UK residents by sending bogus messages telling them they need to take action to receive help with their winter heating bills.

#CoSoSec

Winter Fuel Payment scam targets UK citizens via SMS

https://www.tripwire.com/state-of-security/winter-fuel-payment-scam-targets-uk-citizens-sms

Heads up: dont google “Are Bengal Cats legal in Australia?”

#CoSoSec #Privacy

Cybersecurity company SOPHOS issued an urgent warning on its website, urging people not to type six words into their search engines.

https://news.sophos.com/en-us/2024/11/06/bengal-cat-lovers-in-australia-get-psspsspssd-in-google-driven-gootloader-campaign/

Law enforcement send "emergency" requests to tech giants when they believe it's necessary to stop an immediate threat. Hackers are taking advantage of that - The problem, as TechCrunch first reported, is that these requests are often sent to the tech giants through specific email addresses. And of course, persistent hackers are pretty good at breaking into email accounts, especially ones that often aren’t two-factor secured—but even those are penetrable through hacks like SIM swapping

#CoSoSec

Cybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing (aka vishing) techniques to trick users into parting with their personal information.

#CoSoSec

New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls

https://thehackernews.com/2024/11/new-fakecall-malware-variant-hijacks.html

Sophos disclosed today a series of reports dubbed "Pacific Rim" that detail how the cybersecurity company has been sparring with Chinese threat actors for over 5 years as they increasingly targeted networking devices worldwide, including those from Sophos

#CyberSecurity #CoSoSec

Transport for London (TfL) Oyster photocards are still unavailable following a cyber attack

#CoSoSec

Photocards affected include those for children, students, care leavers, people aged over 60, apprentices and veterans - TfL said photocards for those aged five to 15 that may have expired since September would still be accepted if shown to staff until the end of this year.

Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code.

#CoSoSec

The activity, codenamed EMERALDWHALE, is estimated to have collected over 10,000 private repositories and stored in an Amazon S3 storage bucket belonging to a prior victim

https://thehackernews.com/2024/11/massive-git-config-breach-exposes-15000.html

Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products

#Apple #iOS #CoSoSec

https://www.securityweek.com/apple-patches-over-70-vulnerabilities-across-ios-macos-other-products/

The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States.

#CoSoSec #China

breached entities have been warned, and the agencies are proactively alerting other potential targets of the elevated cyber activity.

https://www.cisa.gov/news-events/news/joint-statement-fbi-and-cisa-prc-activity-targeting-telecommunications

#Privacy #CoSoSec

the current ecosystem of E2EE cloud storage is largely broken.

Several major end-to-end encrypted cloud storage services contain cryptographic flaws that could lead to loss of confidentiality, file tampering, file injection and more, researchers from ETH Zurich said in a paper published this month.

(PDF)

https://share.counter.social/s/87d462

#Windows #CoSoSec

Attackers can downgrade Windows kernel components to bypass security features such as Driver Signature Enforcement and deploy rootkits on fully patched systems

https://www.bleepingcomputer.com/news/security/new-windows-driver-signature-bypass-allows-kernel-rootkit-installs/

"They rob you visibly, with no repercussions’ – the unstoppable rise of phone theft

#CoSoSec

Snatch thefts of mobile phones soared by 150% in the last year, with victims left unable to work, use their bank, travel or use their diaries. Why are police finding it so hard to stop?

https://amp.theguardian.com/uk-news/2024/oct/09/they-rob-you-visibly-with-no-repercussions-the-unstoppable-rise-of-phone-theft

Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens

#CoSoSec

https://www.bleepingcomputer.com/news/security/internet-archive-breached-again-through-stolen-access-tokens/

#CoSoSec #Google

new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake connectivity errors that deliver info-stealing malware for Windows and macOS operating systems

https://www.bleepingcomputer.com/news/security/fake-google-meet-conference-errors-push-infostealing-malware/

WhatsApp may expose the OS you use to run it – which could expose you to crooks

#WhatsApp #CoSoSec

analysis of Meta's WhatsApp messaging software reveals that it may expose which operating system a user is running, and their device setup information – including the number of linked devices.…

https://theregister.com/2024/10/16/whatsapp_privacy_concerns/

September 2024, the digital library of internet sites Internet Archive suffered a data breach that exposed 31M records. The breach exposed user records including email addresses, screen names and bcrypt password hashes.

#CoSoSec

https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/

News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.