December Patch Tuesday arrives bearing 71 gifts
Seventeen Critical-severity CVEs ready to deck your halls; also, new blog guidance for Windows Server admins
Similar Posts
EEOC experienced security incident involving an Opexus employee’s ‘unauthorized’ access, email says
Bys sDavid DiMolfetta reports: The Equal Employment Opportunity Commission was impacted in an internal data security incident that occurred around a year ago, and involved a contractor’s employees mishandling sensitive information in one of the agency’s systems, according to a notification email obtained by Nextgov/FCW. The breach in the EEOC’s Public Portal system, which the agency was……
NL: Hackers had access to prison staff data for five months
Bys sDutch News reports: Hackers had access to data from the Dutch prisons agency DJI for at least five months, according to an investigation by radio programme Argos. Cyber criminals could see e-mail addresses, phone numbers and security certificates of staff at the agency, Argos said, which may increase the risk of extortion or blackmail. The hackers……
EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware
Bys sThe financially motivated threat actor known as EncryptHub (aka LARVA-208 and Water Gamayun) has been attributed to a new campaign that’s targeting Web3 developers to infect them with information stealer malware. “LARVA-208 has evolved its tactics, using fake AI platforms (e.g., Norlax AI, mimicking Teampilot) to lure victims with job offers or portfolio review requests,”…
As US newspaper outages drag on, Lee Enterprises blames cyberattack for encrypting critical systems
Bys sZack Whittaker reports: Newspaper publishing giant Lee Enterprises said an ongoing cyberattack is causing disruptions across its business, and is now in its third week of outages. In a filing with the U.S. Securities and Exchange Commission, Lee said it was conducting a forensic analysis to determine if sensitive or personal data was stolen in…
Google Disrupts IPIDEA — One of the World’s Largest Residential Proxy Networks
Bys sGoogle on Wednesday announced that it worked together with other partners to disrupt IPIDEA, which it described as one of the largest residential proxy networks in the world. To that end, the company said it took legal action to take down dozens of domains used to control devices and proxy traffic through them. As of…
BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key
Bys sBeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company’s Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local…