Collaborate Disseminate
Apple has released emergency security updates for macOS Sequoia that fix two zero-day vulnerabilities (CVE-2024-44309, CVE-2024-44308) that “may have been actively exploited on Intel-based Mac systems”. About CVE-2024-44309 and CVE-2024-443… Continue reading Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308)
Microsoft has implemented some and is working on delivering several other security-related features and improvements for Windows 11. Administrator protection will allow users to make system changes on their PCs without having administrator rights (that… Continue reading Microsoft announces new and improved Windows 11 security features
Microsoft has announced the Windows Resiliency Initiative, aimed at avoiding a repeat of the prolonged worldwide IT outage caused by a buggy CrowdStrike update that took down millions of Windows machines and rendered them remotely unfixable. As part of… Continue reading Microsoft plans to boot security vendors out of the Windows kernel
It’s not just North Korean hackers who reach out to targets via LinkedIn: since at least September 2023, Iranian threat actor TA455 has been trying to compromise workers in the aerospace industry by impersonating job recruiters on the popular emp… Continue reading Aerospace employees targeted with malicious “dream job” offers
November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities (… Continue reading Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)
If you’re wondering whether your personal and financial data has been compromised in the massive Hot Topic breach, you can use two separate online tools to check: Have I Been Pwned? or DataBreach.com. Which data was compromised? News of a potenti… Continue reading Hot Topic breach: Has your credit card info been compromised?
A threat actor who goes by the online moniker “Nam3L3ss” has leaked employee data belonging to a number of corporations – including Amazon, 3M, HSBC and HP – ostensibly compromised during the May 2023 MOVEit hack by the Cl0p ran… Continue reading Massive troves of Amazon, HSBC employee data leaked
A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-59… Continue reading Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)
A recent spear-phishing campaign targeting industrial and engineering companies in Europe was aimed at saddling victims with the popular GuLoader downloader and, ultimately, a remote access trojan that would permit attackers to steal information from a… Continue reading Industrial companies in Europe targeted with GuLoader
North Korean hackers are targeting crypto-related businesses with phishing emails and novel macOS-specific malware. The crypto-related phishing campaign Since July 2024, phishing emails seemingly containing helpful information on risks related to the r… Continue reading North Korean hackers employ new tactics to compromise crypto-related businesses