News: New Mamba 2FA bypass service targets Microsoft 365 accounts
| An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. |  |
Breach: Credit monitoring and supply chain risk company hacked
 |
The unknown hackers accessed CreditRiskMonitor employee data but not customer personal information, the company said. |
News: Social Media Accounts: The Weak Link in Organizational SaaS Security
| Social media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access — a situation no organization wants as it can quickly spiral to include reputational damage and financial losses. |  |
Cyber Savvy AI Antics |
 |
|
Quantum Cyber Budgeting Greetings, team! As we dive into this year-end budgeting process, our main objective is clear: to enhance our cybersecurity protections and fortify our quantum-infused nexomorphic systems. It’s critical that we allocate funds to prevent potential breaches in our plasmonic neotriggers and reinforce our hyper-spatial firewall matrix. Let’s work together to ensure all data remains safely encased in our bio-neural defense lattice. Remember, by focusing our resources, we can thwart any electro-molecular disturbances and keep our infosphere’s gravimetric stability intact. Let’s synergize and keep our digiprotections strong! |
News: Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks
| Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. |  |
News: How Major Companies Are Honoring Cybersecurity Awareness Month
 |
The annual event reinforces best practices while finding new ways to build a culture where employees understand how their daily decisions affect company security. Find out how AWS, IBM, Intuit, SentinelOne, and Gallo are spreading the word. |
Privacy: Understanding the Florida Digital Bill of Rights
| Florida Senate Bill 262 has passed in the Republican-led Florida legislature. The Florida Privacy Act attempts to give consumers the right to opt out of sharing their data for targeted online ads, which are often collected and sold by companies to advertisers. |  |
News: Google warns uBlock Origin and other extensions may be disabled soon
 |
Google’s Chrome Web Store is now warning that the uBlock Origin ad blocker and other extensions may soon be blocked as part of the company’s deprecation of the Manifest V2 extension specification. |
AI: OpenAI confirms threat actors use ChatGPT to write malware
| OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. |  |
News: Cyberattackers Unleash Flood of Potentially Disruptive Election-Related Activity
 |
Organizations should be on high alert until next month’s US presidential election to ensure the integrity of the voting process, researchers warn. |
News: Even Orgs With SSO Are Vulnerable to Identity-Based Attacks
| Use SSO, don’t use SSO. Have MFA, don’t have MFA. An analysis of a snapshot of organizations using Push Security’s platform finds that 99% of accounts are susceptible to phishing attacks. |  |
AI: From Misuse to Abuse: AI Risks and Attacks
 |
AI from the attacker’s perspective: See how cybercriminals are leveraging AI and exploiting its vulnerabilities to compromise systems, users, and even other AI applications |
News: Master Privileged Access Management: Best Practices to Implement
| Nowadays, managing who has privileged access to your most critical data and systems is more important than ever. Privileged access serves as the key to your organization’s most sensitive assets, making it a high-value target for malicious actors. Any misstep in securing this access might lead to privilege abuse and serious data breaches. But it’s not just about defending against cybercriminals; poor management of privileged access can also result in operational disruptions, costly downtime, and non-compliance with industry regulations. |  |
News: Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign
 |
Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems. |
News: Delta Launches $500M Lawsuit Against CrowdStrike
| Delta argues that it lost hundreds of million of dollars in downtime and other costs in the aftermath of the incident, while CrowdStrike says it isn’t liable for more than $10 million. |  |
News: New tool bypasses Google Chrome’s new cookie encryption system
 |
A researcher has released a tool to bypass Google’s new App-Bound encryption cookie-theft defenses and extract saved credentials from the Chrome web browser. |
Vulnerability Vortex
New Windows Themes zero-day gets free, unofficial patches
| Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target’s NTLM credentials remotely. |  |
Fog and Akira Ransomware Attacks Exploits Sonicwall VPN Flaw CVE-2024-40766
 |
Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. |
LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites
| A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. |  |
Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information
 |
A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. |
Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System
| Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. |  |
Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
 |
Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. |
VEEAM Backup & Replication Exploit Reused in New Frag Ransomware Attack
| A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR) was also recently exploited to deploy Frag ransomware. |  |
Read also
Welcome to v062 : Roses are red, violets are blue, cyber-hackers are waiting for you
Welcome to v061 : New Year’s Resolution: Strengthen Cybersecurity, Protect Missions.
About Us
Developing cybersecurity plans, evaluating and implementing technology, building effective software, and executing strategic initiatives.