Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Hackers Leak Sensitive FortiGate Device Configurations and VPN Credentials for 15,000 Devices



Hackers have leaked sensitive technical information for over 15,000 FortiGate devices on the dark web, exposing firewall rules and credentials. The data dump is linked to a 2022 zero-day vulnerability tracked as CVE-2022–40684, which was exploited by threat actors before a fix was released. Cybersecurity experts are urging organizations using FortiGate to review their network defenses and update firewall rules and credentials.



Published: Thu Jan 16 00:37:36 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Sophisticated Threat Actor Utilizing Python-Based Malware to Exploit Network Flaws


A new type of ransomware attack has been discovered, utilizing Python-based malware to exploit network flaws and deploy RansomHub ransomware throughout compromised networks. This article delves into the details of the attack, including the use of SocGholish malware, the deployment of a Python-based backdoor, and the tactics used by the threat actor to maintain persistent access to compromised endpoints. By understanding the tactics and techniques employed by Codefinger's threat actor, organizations can take proactive measures to protect themselves against this new type of attack.

Published: Thu Jan 16 02:15:20 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New Vulnerabilities and Exploits: A Threatening Landscape for Enterprise Security

Recent revelations have highlighted critical vulnerabilities in Ivanti Endpoint Manager and SAP's NetWeaver ABAP Server, emphasizing the need for organizations to prioritize robust security measures and swift action in addressing emerging threats.

Published: Thu Jan 16 02:31:59 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Great Data Breach: How Assist Security Exposed Sensitive Files Due to Lax Security Measures


A London-based private security company, Assist Security, has been accused of exposing over 120,000 sensitive files online due to a lapse in their security measures. The breach, which was discovered by an independent security researcher, included personal identifiable information (PII), payroll data, job application forms, and other sensitive documents.

Published: Thu Jan 16 04:53:33 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Comprehensive Framework for National Cybersecurity: The Biden Administration's Executive Order


The Biden administration has issued a comprehensive executive order aimed at bolstering federal cybersecurity protections, directing the use of artificial intelligence, and addressing concerns about the dominance of certain technology companies. This landmark document introduces several key provisions, including requirements for secure development practices, pilot programs to utilize AI in energy infrastructure protection, and updates to digital identity documents.

Published: Thu Jan 16 05:03:04 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

MICROSOFT Patches Windows Vulnerability That Could Have Allowed Hackers to Install Malicious Firmware During Bootup


Microsoft patches Windows vulnerability that could have allowed hackers to install malicious firmware during bootup. The patch neutralizes the threat posed by an unsigned UEFI application named reloader.efi, which had been digitally signed after passing Microsoft's internal review process. According to security researcher Martin Smolár, this raises questions about how common the use of such unsafe techniques is among third-party UEFI software vendors.

Published: Thu Jan 16 07:52:46 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Future of US Cyber Diplomacy: A New Era Under Trump

US Cyber Diplomacy: A New Era Under Trump - The future of US cyber diplomacy hangs in the balance as the Trump administration prepares to take office with a bold strategy that mirrors military-equipment sales to foreign governments. Experts warn that societies like the US are more vulnerable due to their openness and interconnectedness, while Fick advocates for a bias for action to address growing concerns about China's increasing investment in US infrastructure.

Published: Thu Jan 16 08:34:31 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Ongoing Problem of Deepfake Porn on GitHub: A Web of Open Source Software Used for Intimate Image Abuse

Despite efforts by GitHub to crack down on deepfake porn, a web of open source software used to create non-consensual explicit images continues to exist on the platform. WIRED has found over a dozen GitHub projects linked to deepfake "porn" videos evading detection, highlighting blind spots in the company's moderation efforts.

Published: Thu Jan 16 08:58:55 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Evolving Landscape of Cybersecurity: Trends, Threats, and Tools



In this article, we explored the latest trends, threats, and tools in cybersecurity, including emerging threats like zero-click exploits, AI-driven ransomware, and virtualized attacks. We also highlighted various resources available to help individuals and organizations navigate the complex world of cybersecurity. From practical guides to advanced tools, there's something here for everyone.



Published: Thu Jan 16 09:08:38 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Stolen Credential Conundrum: Unpacking the Rise of Identity Attacks and How to Defend Against Them



The rise of stolen credential-based attacks has reached unprecedented levels, with 80% of web app attacks attributed to these breaches. Experts warn that cybersecurity budgets will only continue to grow in response to this pressing threat. But how can organizations effectively defend against these identity-based attacks? From the role of MFA in prevention to the emergence of browser-based ITDR solutions, explore the nuances behind the latest data and emerging trends in this comprehensive article.

Published: Thu Jan 16 09:19:33 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New UEFI Secure Boot Vulnerability Exposed: A Threat to System Security


A newly discovered vulnerability in UEFI systems, identified as CVE-2024-7344, can be exploited to bypass Secure Boot mechanisms and deploy malicious UEFI bootkits. The Slovakian cybersecurity firm ESET responsibly disclosed the findings, which were later addressed by Howyar Technologies and Microsoft. This discovery underscores the importance of continuous monitoring and patching of vulnerabilities in firmware and UEFI systems.

Published: Thu Jan 16 09:33:05 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New Vulnerability Found in Active Directory Group Policy: Can Be Trivially Bypassed by Misconfigured Applications


A recently discovered vulnerability in Microsoft's Active Directory group policy allows for NTLMv1 authentication despite its official deprecation. Experts warn that misconfigured applications can bypass the Group Policy mechanism, making it essential to stay vigilant about potential security threats.

Published: Thu Jan 16 09:53:51 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Hackers' Cunning: A Deeper Dive into the World of Image-Based Malware Attacks



Hackers have taken a cunning approach by hiding malicious code in images to deploy malware such as VIP Keylogger and 0bj3ctivity Stealer. This trend has left cybersecurity experts scrambling to understand the motivations behind such attacks and develop strategies to combat them. With the growing use of GenAI, threat actors are able to create variations of attacks that can scale more easily and increase their infection rates. It is essential for defenders to stay ahead of the curve by staying abreast of the latest security research and updates from reputable sources.

Published: Thu Jan 16 10:09:39 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

MikroTik Botnet Exploits DNS Flaws to Spread Malware on a Massive Scale


A 13,000-device MikroTik botnet has been discovered that exploits DNS flaws to bypass email protections, spoof approximately 20,000 domains, and deliver malware. This shocking discovery highlights the importance of proper DNS configurations and regular audits of security settings to prevent such vulnerabilities.

Published: Thu Jan 16 10:38:08 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Biden's Comprehensive Cybersecurity Initiative: A New Era for National Security

President Biden signs executive order to bolster U.S. national cybersecurity, aiming to strengthen defenses against foreign cyber threats and enhance capabilities to counter malicious actors domestically and internationally.

Published: Thu Jan 16 13:48:54 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

3.5 Million Liable for Wolf Haldenstein Law Firm Data Breach Scandal

A highly publicized data breach incident at Wolf Haldenstein law firm has exposed the sensitive details of nearly 3.5 million individuals, leaving them vulnerable to phishing scams and other targeted attacks.

Published: Thu Jan 16 13:59:03 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

FTC Cracks Down on GoDaddy for Years of Negligent Security Practices


The Federal Trade Commission (FTC) has taken action against web hosting giant GoDaddy for years of poor security practices. The FTC's decision requires GoDaddy to implement basic security protections and mandates the company to hire an independent third-party assessor to conduct biennial reviews of its information security program. This move aims to protect consumers around the globe from the detrimental effects of lax security practices.

Published: Thu Jan 16 14:29:44 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New UEFI Secure Boot Vulnerability Exposes Systems to Bootkits: A Critical Security Threat

A recently discovered UEFI Secure Boot flaw exposes systems to bootkits, highlighting the ongoing struggle between attackers and defenders in the digital landscape. To protect yourself, make sure you're running the latest Windows updates and stay informed about potential security threats.

Published: Thu Jan 16 14:39:32 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Rise of Star Blizzard: A Phishing Crew Targeting WhatsApp Accounts



A phishing crew known as Star Blizzard has been identified as behind a recent campaign aimed at compromising WhatsApp accounts. The group's tactics have shifted from targeting government and diplomatic officials to attempting to gain access to WhatsApp accounts via emails inviting victims to join fake groups. According to Microsoft, the new campaign marks a significant escalation of the group's tactics, as it marks the first time they have attempted to compromise WhatsApp accounts.

Published: Thu Jan 16 15:12:25 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Enzo Biochem Ransomware Attack: A Cautionary Tale of Cybersecurity Failures and Patient Safety

Enzo Biochem's 2023 ransomware attack highlights the critical role of cybersecurity in protecting patient safety and underscores the need for robust measures to protect sensitive medical information. The incident serves as a cautionary tale for organizations across various sectors, emphasizing the importance of adopting best practices in data security.

Published: Thu Jan 16 15:24:07 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cybersecurity's Shift from Reaction to Resilience: A New Era for Data Protection

Cybersecurity is undergoing a significant transformation from a reactive to a proactive approach. The industry is shifting its focus from simply reacting to cyber threats to building resilience against them. With the growing importance of identity management, advanced tools and strategies for data security, AI/ML capabilities, and organizational culture, organizations must adapt to this new landscape to protect their data and systems.

Published: Thu Jan 16 15:31:56 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting



A Russian threat actor known as Star Blizzard has shifted its focus from traditional spear-phishing campaigns to exploiting WhatsApp QR codes for credential harvesting. This new approach marks a significant departure from the group's longstanding tradecraft, highlighting the ongoing cat-and-mouse game between security professionals and malicious actors.

In this article, we will explore the details of the campaign, including how it began, how it works, and what measures can be taken to protect against it. We will also examine the implications of this new approach by Star Blizzard and the need for cybersecurity professionals to stay vigilant and adapt to emerging threats.



Published: Thu Jan 16 15:46:31 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Prominent US Law Firm Wolf Haldenstein Discloses Massive Data Breach Exposing Personal Information of Nearly 3.5 Million Individuals

US law firm Wolf Haldenstein Adler Freeman & Herz LLP has disclosed a massive data breach that exposed the personal information of nearly 3.5 million individuals. The breach highlights the importance of robust cybersecurity measures in protecting sensitive information, and raises questions about the adequacy of existing regulations and laws governing data breaches.

Published: Thu Jan 16 16:11:59 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Clop Ransomware: Exploiting Cleo File Transfer Vulnerability, Dozens of Companies Impacted

Dozens of companies have been breached by the Clop ransomware gang, exploiting a vulnerability in Cleo file transfer products. The impact is significant, with multiple organizations claiming they were targeted but disputing the breaches. Security experts warn that the exploitation of this vulnerability highlights the need for robust cybersecurity measures.

Published: Thu Jan 16 16:40:55 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Breaking Down the AT&T Breach: A Potential Blow to FBI Informants and a Shift towards End-to-End Encryption

Breaking Down the AT&T Breach: A Potential Blow to FBI Informants and a Shift towards End-to-End Encryption. The recent telecom breach at AT&T has sent shockwaves through the US intelligence community, with the Federal Bureau of Investigation (FBI) scrambling to mitigate any potential fallout that could lead to revelations about the identities of anonymous sources connected to investigations.

Published: Thu Jan 16 18:50:12 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Fallout of GM's Smart Driver Program: Unraveling the Web of Privacies and Data Breaches in the Automotive Sector


General Motors Settles FTC Charges Over Alleged Privacy Violations: A Look into the Controversy Surrounding Smart Driver and Telematics Data Sharing


Published: Thu Jan 16 20:09:16 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cisco and Nvidia Unveil AI Safety and Security Tools to Combat LLM Risks

Cisco and Nvidia have unveiled specialized AI safety and security tools to address growing concerns over Large Language Models' potential risks. These tools, including Nvidia's trio of Inference Microservices and Cisco's AI Defense suite, aim to prevent AI agents from being compromised or producing unwanted results, ensuring the responsible development and deployment of these powerful technologies.

Published: Thu Jan 16 21:28:29 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Russian Threat Actor Shifts Tactics: Exploring Star Blizzard's New Spear-Phishing Campaign Against WhatsApp Accounts


Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign


Published: Thu Jan 16 21:40:19 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Austria's Noyb Files Complaints Against TikTok and AliExpress for Illicit Data Transfers to China



Austrian privacy non-profit None of Your Business (noyb) has filed complaints against TikTok and AliExpress, alleging they are transferring user data to China in violation of GDPR. The move comes as a significant concern for the European Union, highlighting the need for greater transparency and accountability among companies that handle user data.



Published: Thu Jan 16 23:21:42 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Russia-linked APT Star Blizzard: Shifting Tactics in Spear-Phishing Campaigns Targeting WhatsApp Accounts

Russia-linked APT group Star Blizzard has shifted its tactics in a spear-phishing campaign targeting WhatsApp accounts, marking a significant development in the ongoing threat landscape of cybercrime. The group's persistence in targeting sensitive data and information raises concerns about the need for enhanced security measures to protect against such attacks.

Published: Fri Jan 17 00:56:23 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Uncanny Valley of AI Security: A Warning from Microsoft's Red Team


Microsoft's AI red team has issued a stark warning about the security risks associated with generative AI, stating that securing these systems will never be complete. The research highlights the importance of understanding what the system can do and where it is applied, as well as the need for automation and human involvement in addressing the challenges posed by these models.

Published: Fri Jan 17 02:16:23 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Gateshead Council Falls Victim to Ransomware Attack by Medusa Group

Gateshead Council has fallen victim to a ransomware attack by the Medusa group, which gained access to its systems on January 8 and leaked sensitive personal data onto the dark web. The council's swift response and commitment to transparency will be crucial in mitigating the damage caused by this incident, as the UK government considers implementing stricter regulations and requirements for organizations to combat organized cybercrime.

Published: Fri Jan 17 05:36:37 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Evolution of Zero Trust Security: How Cloud-based Captive Portals Are Revolutionizing Wi-Fi Security



The evolution of Zero Trust Security is revolutionizing Wi-Fi security, enabling organizations to implement robust security measures while maintaining convenient access for visitors. Cloud-based captive portals play a critical role in this transformation, providing scalable, centralized access control layers that simplify management and enhance security.

In this article, we explore the benefits of Zero Trust Cloud Captive Portal solutions, how they adapt Zero Trust principles for guest access, and the advantages of transitioning from traditional to zero-trust security. With practical tips and expert insights, you'll be equipped with the knowledge to protect your organization's digital assets and stay ahead of emerging threats.



Published: Fri Jan 17 05:48:33 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New Phishing Kit Uncovered: Sneaky 2FA's Evolved Threat Landscape


A new phishing kit has been discovered that can bypass Microsoft 365 accounts with two-factor authentication codes, posing a significant threat to users' security. The Sneaky 2FA PhaaS is being sold as a phishing-as-a-service and employs various anti-bot measures to evade detection. As individuals and organizations continue to rely on cloud-based services, it's essential to remain vigilant and take necessary precautions to protect against such threats.

Published: Fri Jan 17 05:55:08 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Global Reach of North Korea's Illicit IT Workforce: Unpacking the Web of Wages and Weapons Programs



A recent move by the US Department of Treasury highlights North Korea’s clandestine efforts to generate revenue through overseas IT workers. The government has sanctioned several entities for their involvement in generating illicit funds, which are allegedly used to support the regime's weapons programs.

Published: Fri Jan 17 06:06:48 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Bypass of the Secure Boot Mechanism: A New Vulnerability in UEFI Systems

Researchers have discovered a now-patched vulnerability in UEFI systems that could allow a bypass of the Secure Boot mechanism, tracked as CVE-2024-7344. This vulnerability has significant implications for the security and integrity of these systems, particularly those developed by several real-time system recovery software suites.

Published: Fri Jan 17 06:47:21 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

FTC Orders GoDaddy to Overhaul Web Hosting Security Practices Following Multiple Breaches



The Federal Trade Commission (FTC) has announced its intention to take enforcement action against web hosting giant GoDaddy, citing multiple breaches of customer data. The proposed settlement order requires GoDaddy to overhaul its internal security practices and implement basic security protections for its hosting services.

Published: Fri Jan 17 09:17:32 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New Threats to Industrial IoT Security: Uncovering Vulnerabilities in WGS-804HPT Switches


A new set of vulnerabilities has been discovered in WGS-804HPT switches, which could be chained together for remote code execution. The identified vulnerabilities pose significant risks to the security of industrial IoT systems and require immediate attention from device manufacturers, users, and security professionals.


Published: Fri Jan 17 09:30:46 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Coordinated Campaign of Deception: Python-Based Bots Exploiting PHP Servers to Promote Gambling Platforms


A recent campaign by a group of malicious actors has been uncovered, utilizing sophisticated tactics to exploit vulnerabilities in web servers running PHP-based applications. The attack appears to be part of a larger effort to promote online gambling platforms in Indonesia, and highlights the ongoing struggle between cybersecurity professionals and malicious actors.

Published: Fri Jan 17 09:43:37 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Critical Aviatrix Controllers Vulnerability: A Widespread Threat to Cloud Security


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the Aviatrix Controllers vulnerability, tracked as CVE-2024-50603, to its Known Exploited Vulnerabilities catalog due to its critical nature. This vulnerability allows unauthenticated attackers to execute arbitrary code via improper command neutralization in the API, posing significant risks to cloud security.

Published: Fri Jan 17 10:12:05 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Comprehensive Analysis of the Latest Cybersecurity Threats: U.S. CISA Adds Fortinet FortiOS Flaw to its Known Exploited Vulnerabilities Catalog


A critical vulnerability has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), highlighting the need for prompt action from affected organizations using Fortinet FortiOS software. The newly identified authorization bypass vulnerability poses a significant threat, emphasizing the importance of timely patching and vulnerability management to prevent exploitation by malicious actors.

Published: Fri Jan 17 10:47:06 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

US Sanctions Chinese Firm, Hacker Behind Telecom and Treasury Hacks: A Comprehensive Analysis


The US Department of the Treasury has sanctioned two entities linked to Chinese state-sponsored hacking groups in an effort to disrupt their financial networks and limit their ability to operate in the United States. The move comes after a recent breach at the US Treasury, which was attributed to hackers from China. To combat these threats, the US government has imposed sanctions on a Shanghai-based hacker and a Chinese cybersecurity firm with alleged ties to the Salt Typhoon state hacker group.

Published: Fri Jan 17 12:00:44 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

FCC Cracks Down on Telecoms: Securing Networks After Salt Typhoon Hack Exposé


The Federal Communications Commission (FCC) has ordered U.S. telecommunications carriers to secure their networks following last year's Salt Typhoon security breaches, highlighting the need for robust cybersecurity practices in the industry.

Published: Fri Jan 17 12:24:20 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The US Supreme Court's Ruling on TikTok: A Balancing Act Between National Security Concerns and Free Speech Rights


US Supreme Court Upholds TikTok Ban: A Victory for National Security Concerns Over Free Speech Rights
The US Supreme Court has upheld a law requiring TikTok to either divest from its Chinese parent company ByteDance or face a ban in the United States, clearing the way for a shutdown of the platform on January 19. The decision eliminates the final legal obstacle to the federal government's efforts to force a shutdown of the platform, but it is still unclear what will happen next as President-elect Trump plans to skirt enforcement and allow TikTok to continue operating in the US.


Published: Fri Jan 17 12:45:18 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Rsync Vulnerability Patched: A Look into the Six CVEs Affected by a Single Day



A single day saw the patching of six critical vulnerabilities in the widely-used rsync tool, demonstrating the importance of staying updated with security patches.


Published: Fri Jan 17 13:00:42 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Shift in Power: How the Departure of Rosenworcel Affects the US Telecom Industry's Cybersecurity Landscape

US Telecom Industry Braces for Uncertain Future Under New FCC Chairman

Published: Fri Jan 17 13:10:52 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Fortinet's FortiGate Config Leak: A Glimpse into the Dark World of Cybercrime

Fortinet's FortiGate config leak highlights the importance of staying up-to-date with the latest security patches and being vigilant about potential cyber threats. The recent data leak involving Fortinet's firewalls serves as a stark reminder of the ever-evolving threat landscape.

Published: Fri Jan 17 14:20:28 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Otelier Data Breach Exposes Millions of Hotel Guests' Personal Information

Millions of hotel guests' personal information and reservations have been exposed in a massive data breach affecting several well-known hotel brands, including Marriott, Hilton, and Hyatt. The breach occurred on Otelier's Amazon S3 cloud storage service and resulted in the unauthorized access to approximately eight terabytes of sensitive data.

Published: Fri Jan 17 16:18:43 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Dark Side of PyPI: A Malicious Package Steals Discord Auth Tokens from Devs

Malicious PyPi package steals Discord auth tokens from devs, according to a recent security report by code security company Socket, a malicious Python package has been found on the popular open-source package index PyPI. The package, named 'pycord-self,' mimics a highly popular project called 'discord.py' that is used by developers to control accounts programmatically and allows communication with Discord's user API.

Published: Fri Jan 17 16:27:53 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Micorsoft's Dominance in Federal Cybersecurity: A Story of Bundling and Exclusion

ProPublica's latest investigation reveals Microsoft's bundling practices, which have led to its dominance in federal cybersecurity and excluded competitors from lucrative government contracts. The story raises questions about the impact of this dominance on national security and the role of antitrust regulations in preventing monopolies.

Published: Fri Jan 17 16:39:12 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The FCC's Ruling: Securing America's Telecommunications Networks from Foreign Interference

US telcos are now required by law to secure their networks from foreign spies, following recent high-profile breaches including the Salt Typhoon incident. The FCC has issued a formal ruling and proposed new regulations to ensure compliance with this requirement.

Published: Fri Jan 17 17:12:58 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Biden Signs Sweeping Cybersecurity Executive Order Amid Growing US Cyber Threat Landscape

Biden signs sweeping cybersecurity executive order aimed at bolstering America's defenses against nation-state and financially motivated cyber threats, while also addressing critical infrastructure security and AI-powered cyber threats. The move comes as the US faces unprecedented attacks from sources such as Russia, China, and other countries, with potentially catastrophic consequences.

Published: Fri Jan 17 17:55:45 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The FCC's New Directive: Securing US Telco Networks from Foreign Spies

The FCC has issued a formal ruling that makes it clear to US telcos: they must secure their networks from foreign spies. This directive is part of the government's efforts to strengthen cybersecurity measures and prevent similar breaches in the future, following the recent Salt Typhoon operation.

Published: Fri Jan 17 19:15:42 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

EU Non-Profit Group Files Complaints Against Chinese Companies for Alleged GDPR Violations

EU non-profit group None of Your Business (noyb) has filed complaints against several Chinese companies, including TikTok and AliExpress, alleging they have unlawfully transferred personal data of EU users to China, violating GDPR regulations. The allegations have significant implications for the digital landscape, highlighting the need for greater vigilance and cooperation in enforcing data protection laws.

Published: Fri Jan 17 20:06:21 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon

U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon, a development that highlights the ongoing struggle between the United States and China over issues of cyber espionage and national security.

Published: Sat Jan 18 05:03:26 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Escalating Global Cybersecurity Landscape: China's Salt Typhoon Hackers Leave Trail of Destruction

The US government has taken action against China's Salt Typhoon hackers, imposing sanctions on a Chinese individual and targeting companies linked to the hacking group. The move comes as part of efforts to combat cyber espionage and protect sensitive information from falling into the wrong hands. But with the threat landscape evolving rapidly, it remains to be seen whether this latest development will be enough to stem the tide of cyber attacks.

Published: Sat Jan 18 06:16:29 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Operation Lockbit: The Global Ransomware Crisis and the Rise of Advanced Persistent Threats (APTs)

Operation Lockbit: The Global Ransomware Crisis and the Rise of Advanced Persistent Threats (APTs)

Published: Sat Jan 18 15:20:13 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Global Conundrum: Navigating TikTok's Uncertain Future Amidst the US Ban


The Protecting Americans From Foreign Adversary Controlled Applications Act (PAFACA) has imposed a significant restriction on TikTok's operations in the US. But what does this mean for users seeking to access the platform, and how are they navigating the complex regulatory environment? This article explores the intricacies surrounding the ban and potential avenues for circumvention.

Published: Sun Jan 19 00:38:19 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

TikTok's Dark Days: The Unintended Consequences of a Federal Ban on Social Media

TikTok's Dark Days: A Federal Ban Takes Effect in the United States, Leaving Users Confused and Concerned. The sudden and unexpected move has raised questions about the motivations behind the government's decision to shut down the app.

Published: Sun Jan 19 00:53:39 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Star Blizzard: A Sophisticated Spear-Phishing Campaign Targeting High-Value Diplomats on WhatsApp

Star Blizzard, a sophisticated nation-state actor, has launched a new spear-phishing campaign targeting high-value diplomats on WhatsApp. The campaign involves impersonating U.S. government officials via email with fake QR codes to compromise victims' WhatsApp accounts. Microsoft Threat Intelligence reports the attack as part of Star Blizzard's evolving tactics, and users are advised to exercise caution when receiving unsolicited communications.

Published: Sun Jan 19 11:09:48 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Vulnerability in OpenAI's ChatGPT Crawler: A Threat to Web Security

A recent discovery has revealed a vulnerability in OpenAI's ChatGPT crawler that allows it to initiate Distributed Denial of Service (DDoS) attacks on arbitrary websites. This poses a significant threat to web security and highlights the need for greater scrutiny of AI-powered systems.

Published: Sun Jan 19 13:28:44 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Vulnerability in the W3 Total Cache Plugin Exposes Hundreds of Thousands of WordPress Sites to Attacks


A severe vulnerability was discovered in the popular W3 Total Cache plugin for WordPress sites, leaving hundreds of thousands of websites exposed to attacks. This article will delve into the details of this vulnerability, its impact, and what steps can be taken by website owners to protect their sites.

Published: Sun Jan 19 15:03:56 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cybersecurity Alert: A Deluge of Exploits and Vulnerabilities Threaten Global Digital Infrastructure


A recent surge in high-profile cyber attacks and vulnerabilities has highlighted the growing concern around cybersecurity globally. From nation-state actors exploiting zero-day vulnerabilities to ransomware campaigns targeting healthcare and finance, it seems that every aspect of our online lives is under siege. In this article, we will delve into some of the most notable incidents and vulnerabilities that have come to light, with a view to understanding the broader implications for cybersecurity.

Published: Sun Jan 19 16:28:11 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New Developments in Cybersecurity Threats and Intelligence: A Comprehensive Overview

A new wave of sophisticated cyber threats has emerged, targeting critical infrastructure, governments, and individuals worldwide. From vulnerabilities in UEFI Secure Boot to exploits in Aviatrix Controllers, this article provides an exhaustive overview of the latest developments in the realm of cybersecurity threats and intelligence.

Published: Sun Jan 19 17:13:36 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Trump Administration's Unconventional Solution to the TikTok Dilemma: A 50-50 Acquisition Proposal


US President-elect Donald Trump has proposed a 50-50 acquisition of TikTok's stateside operations by the US government, sparking both praise and criticism from various quarters. Will this unconventional solution address national security concerns or create new challenges for the popular social media platform? The fate of TikTok hangs in the balance as the situation continues to unfold.

Published: Sun Jan 19 19:24:12 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Remote Code Execution Nightmare: The WGS-804HPT Industrial Switch Vulnerability


A critical vulnerability has been discovered in Planet Technology's WGS-804HPT industrial switch, allowing for remote code execution via three separate vulnerabilities. This highlights the importance of prioritizing security in IoT and industrial control systems.

Published: Sun Jan 19 20:12:41 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Impact of Food Delivery Apps on Nutrition Transitions in Low- and Middle-Income Countries: A Study from Indonesia

Food delivery apps have become ubiquitous in many low- and middle-income countries, but their impact on nutrition transitions has been largely unexplored. A recent study from Indonesia sheds light on this important topic, revealing both positive and negative effects of these apps on the health of users.

Published: Sun Jan 19 22:38:07 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP: A Threat Assessment


Hackers have deployed malicious npm packages designed to steal sensitive data from infected systems, including Solana wallet keys via Gmail SMTP. These packages pose a significant threat to developers who use third-party repositories like npm and PyPI. To stay safe, it is essential for them to be cautious when installing new packages on their systems.

Published: Mon Jan 20 00:10:03 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Treasury's Cybersecurity Nightmare: A Chinese Cyber Actors' Web of Deceit

China has been accused of breaching the systems of the US Treasury Department and stealing sensitive information in a major cybersecurity attack. The incident has prompted calls for greater cybersecurity measures to protect US critical infrastructure from malicious cyber attacks.

Published: Mon Jan 20 00:23:48 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Sage Copilot Grounded Briefly Amidst AI Misbehavior Concerns


Sage Copilot, an artificial intelligence assistant designed to automate workflows and improve business efficiency, has been temporarily suspended by its parent company after it accessed and displayed unrelated customer information. The incident highlights concerns about the reliability and security of AI-powered systems in sensitive industries.

Published: Mon Jan 20 01:32:01 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Ransomware Attack on UK High School Highlights Growing Concerns over Public Sector Cybersecurity

Ransomware Attack on UK High School Highlights Growing Concerns over Public Sector Cybersecurity - A recent incident at Blacon High School in Chester, north west England, has raised concerns over the growing threat of cyberattacks targeting public sector organizations in the UK. The attack highlights the need for robust cybersecurity measures and a total ban on ransom payments made by public sector and critical national infrastructure (CNI) organizations to protect against such threats.

Published: Mon Jan 20 06:53:27 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Cybersecurity Landscape in 2025: A Complex Web of Threats and Opportunities

As the cybersecurity landscape in 2025 continues to evolve, a new wave of threats and opportunities emerges, challenging security professionals to adapt their strategies in response. From phishing kits and zero-day exploits to cyber espionage and AI-powered security tools, this complex web of threats demands a proactive and informed approach to protection.

Published: Mon Jan 20 07:03:28 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Data Security Beyond Analysis: How Satori's Approach Mitigates Risks

Discover how Satori is revolutionizing data security by extending its protection to all types of data and across the entire pipeline, from production to AI. Learn more about this innovative approach and its potential impact on your organization's security posture.

Published: Mon Jan 20 07:11:41 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Malicious Exploitation of npm and PyPI: A Threat to Cryptocurrency Investors


Malicious actors have been exploiting vulnerabilities in npm and PyPI, two popular open-source package repositories, to target Solana private keys and steal funds from victims' wallets. The malicious packages, which were published on these repositories, allowed the threat actors to exfiltrate sensitive data from infected systems via Gmail's SMTP servers. This exploitation has significant implications for cryptocurrency investors who utilize these platforms for their Solana-related activities.

Published: Mon Jan 20 07:42:08 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Rise of Underwater Cable Defense: Sweden's Bold Move to Protect Global Energy and Data Infrastructure

Sweden's bold move to defend its borders and protect global energy and data infrastructure sets a precedent for other countries to follow suit. By deploying warships in the Baltic Sea, Sweden is establishing clear rules and consequences for undersea cable cutting, ensuring that this modern form of sabotage will not be tolerated.

Published: Mon Jan 20 10:55:28 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Unveiling the Unseen: The Looming Threat of Unsecured Tunneling Protocols

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers - A recent study has revealed a critical vulnerability in tunneling protocols that could be exploited by malicious actors to launch devastating DoS and MITM attacks on vulnerable systems.

Published: Mon Jan 20 11:03:24 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Tanzeem Android Malware: A Looming Threat to Intelligence Collection


A new Android malware called Tanzeem has been linked to a group known as DoNot Team, which is believed to be targeting specific individuals or groups for intelligence collection. The malware uses sophisticated techniques to gather sensitive information from its victims, making it a concerning development for cybersecurity experts.

Published: Mon Jan 20 11:11:52 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Russia's Cyber Warfare Expansion: The HATVIBE Malware Campaign and Its Implications for Global Security

Russia-linked hackers have been implicated in an ongoing cyber espionage campaign involving Kazakhstan, employing HATVIBE malware that shares characteristics with APT28-related Zebrocy campaigns. This marks a significant development in Russia's efforts to expand its influence through surveillance capabilities.

Published: Mon Jan 20 11:29:43 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Hewlett Packard Enterprise Hit by Alleged Data Breach: An In-Depth Analysis



Hewlett Packard Enterprise (HPE) has been hit by an alleged data breach, with a threat actor claiming to have stolen sensitive information from the company's developer environments. The incident highlights the ongoing risks posed by sophisticated cyber threats and underscores the need for companies to prioritize robust cybersecurity measures.



Published: Mon Jan 20 13:40:49 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

MICROSOFT EXCHANGE 2016 AND 2019 REACH END OF SUPPORT: WHAT IT MEANS FOR YOUR BUSINESS



Microsoft Exchange Server 2016 and 2019 are set to reach the end of support in October, which means that Microsoft will no longer provide technical support for these servers after this date. This could potentially expose businesses to security risks, so it's essential to upgrade to Exchange Online or Exchange Server Subscription Edition (SE) as soon as possible.

Published: Mon Jan 20 15:12:21 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Taiwan Cyber War: A Glimpse into the US Navy's Wargame Against China


In a wargame exercise designed to test the mettle of Taiwan's critical infrastructure, US Navy officials revealed key vulnerabilities and proposed solutions aimed at bolstering the island's defenses against potential Chinese aggression. This groundbreaking exercise highlights the complexities of cybersecurity in the Asia-Pacific region, underscoring the need for proactive measures to address emerging threats.

Published: Mon Jan 20 15:29:21 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New Android Malware Linked to Indian APT Group DoNot Team


A new Android malware linked to the Indian APT group DoNot Team has been discovered by researchers at CYFIRMA. The malicious app, named "Tanzeem," shares the same code with minor differences in the user interface and can gather sensitive information, including call logs, contacts, and SMS messages. This discovery highlights the evolving nature of cyber threats and emphasizes the need for increased awareness among users to protect themselves and their organizations from such attacks.

Published: Mon Jan 20 15:59:42 2025 by llama3.2 3B Q4_K_M










     


© Ethical Hacking News . All rights reserved.

Privacy | Terms of Use | Contact Us