A big finish to 2025 in December’s Patch Tuesday
A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up
Similar Posts
Lawsuit: Pharmacist used spyware on UMMS computers to watch women, gain personal information
Bys sFor your reminder of the insider threat for this week, Tolly Taylor reports: A Maryland pharmacist is accused of installing spyware on 400 computers over eight years to watch women at the hospital or in their homes, a lawsuit alleges. Six women filed a civil lawsuit on Thursday against the University of Maryland Medical System,…
P3 Advertised 20+ Years and 0 Security Breaches. You Can Guess What Happened Next.
Bys sIntroduction P3 Global Intel advertises itself as a “fully integrated and state-of-the-art tip acquisition and tip management solution that has quickly become the leading choice of Crime Stoppers Programs, Law Enforcement Agencies, Campus Safety Programs, and Federal Agency Initiatives.” 35,000 U.S. schools use P3 Campus, which partners with “safer school” initiatives such as Sandy Hook……
FBI Blames North Korea for $308M Cryptocurrency Hack as Losses Surge in 2024
The FBI said the target was tricked into downloading a malicious Python script under the guise of a pre-employment test hosted on GitHub. The post FBI Blames North Korea for $308M Cryptocurrency Hack as Losses Surge in 2024 appeared first on SecurityWeek.
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection
Bys sThe JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that’s designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. “The actor creates a malformed archive as an anti-analysis technique,” Expel security researcher Aaron Walton said in a report shared with The Hacker News. “That…
California hospitals can escape fines if workers expose patient info
Bys sScott Holland reports that a California state appeals court agreed with a hospital that it should not be held liable for employee misbehavior if they had a clear policy in place but the employee knowingly violated it: A state appeals panel has agreed hospitals can’t be sued if one of their employees posts confidential patient……
Hackers leak purported Aeroflot data as Russia denies breach
Bys s“Information… has not been confirmed.” — Victim “Hold my beer.” — Hacker Daryna Antoniuk reports: Hackers have leaked flight records allegedly belonging to the CEO of the Russian airline Aeroflot following a major cyberattack that grounded flights, as Moscow denies any data breach occurred. Russia’s internet watchdog Roskomnadzor said there was no confirmation that data had been leaked from…