Phishing for the News - Daily - December 3, 2024
Manage episode 453392222 series 3619852
Today's podcast covers a range of critical cybersecurity vulnerabilities and updates. Here are the high level bullet points:
- Critical Vulnerability in Ubuntu - Users are urged to update immediately due to a critical vulnerability.
- Critical Vulnerabilities in IBM Security Verify Access Hardware - IBM has patched multiple vulnerabilities. Organizations are urged to apply the patches to reduce risk.
- Critical and High Severity Vulnerabilities in Zabbix Monitoring Tool - Two critical vulnerabilities could allow for remote code execution, while two high severity vulnerabilities might enable attackers to escalate privileges or conduct denial-of-service attacks.
- Critical Security Flaws in Android OS - Researchers have discovered critical vulnerabilities in the Android OS, which could allow hackers to execute code remotely.
- Critical Vulnerability in Zyxel Devices - Zyxel has released an advisory warning of a critical vulnerability in their devices, potentially allowing unauthorized access, escalation of privileges, denial of service, and data exfiltration.
- Critical Android Update - The December 2024 Monthly Rollup addresses critical vulnerabilities in Android, including remote code execution and elevation of privilege.
- CISA Warns of Critical Vulnerabilities in Industrial Control Systems - CISA has issued advisories highlighting critical vulnerabilities in industrial control systems (ICS) that could allow for unauthorized access, disruption of services, and system compromise.
- Zabbix Patches Critical Vulnerabilities - Zabbix has addressed a critical stack buffer overflow vulnerability and a SQL injection flaw.
- Google Releases December Security Updates for Android - Google has released its December security updates, addressing a multitude of vulnerabilities.
- CEO Arrested for Adding DDoS Feature to Satellite Receivers - South Korea has detained a CEO for integrating DDoS features into over 240,000 satellite receivers.
- BootKitty UEFI Malware Targets Linux - Researchers have discovered a UEFI bootkit targeting Linux systems, exploiting the CVE-2023-40238 flaw.
- SmokeLoader Malware Resurfaces - Taiwan's manufacturing, healthcare, and IT sectors are being targeted by SmokeLoader malware, known for its advanced evasion techniques.
- AI-Driven Phishing on the Rise - AI is being leveraged to create sophisticated phishing emails, increasing the risk of cyber attacks.
- AWS Launches New Incident Response Service - AWS has launched its Security Incident Response service to help organizations combat cyber threats.
- Ransomware Disrupts UK Children's Hospital - A ransomware attack has targeted Alder Hey Children's Hospital in the UK. A second attack has been reported at Wirral University Teaching Hospital but details are limited.
- Microsoft Boosts Device Security - Microsoft's upcoming Windows release in 2025 will feature more resilient drivers and a "self-defending" kernel to enhance device security.
We also discuss a few high priority events:
- Hydra Market Leader Sentenced - A Russian court has sentenced the leader of the Hydra Market dark web marketplace to life in prison.
- Mozilla Aims to Make Firefox the Go-To Browser on Windows - Mozilla is testing new methods during Firefox's installation process to convince users to set Firefox as their default browser.
- Horns&Hooves Campaign Targets Retailers - The Horns&Hooves campaign is using fake emails and JavaScript payloads to deploy remote access trojans (RATs), targeting retailers and services in Russia.
- SpyLoan Malware in Loan Apps - Over 8 million Android users have been infected with
For more information in the SecureResearch Daily Cyber Intelligence Brief, email info@secureresearch.com
20 епізодів