December Patch Tuesday arrives bearing 71 gifts
Seventeen Critical-severity CVEs ready to deck your halls; also, new blog guidance for Windows Server admins
Similar Posts
UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents
Bys sThe advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE. “This research focuses on completing the picture of UAC-0063’s operations, particularly documenting their expansion beyond their initial focus on Central Asia,
China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions
Bys sCybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, technology, logistics, manufacturing, telecommunications, IT services, and retail in the Asia-Pacific (APAC) and Latin American (LATAM) regions. “The first sighting of its activity was in the second quarter of 2023; back then,…
Faster, safer, stronger: Sophos Firewall v22 security enhancements
Bys sHardened kernel, remote integrity monitoring, an enhanced anti-malware engine, and more.
Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT
Bys sCybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport RAT. The attack chain, analyzed by Securonix, involves three main moving parts: An obfuscated JavaScript loader injected into a website, an HTML Application (HTA) that runs…
Hacker Arrested for Data Theft Targeting Spanish Bank Customers
Bys sDivya reports: Spanish authorities have successfully apprehended a sophisticated cybercriminal who allegedly stole sensitive data from major financial institutions, educational organizations, and private companies across the country. The arrest represents a significant victory in the ongoing battle against cybercrime targeting Spanish citizens and businesses. A collaborative effort between the Mossos d’Esquadra (Catalan police) and Spain’s…
15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign
Bys sCybersecurity researchers have lifted the veil on a widespread malicious campaign that’s targeting TikTok Shop users globally with an aim to steal credentials and distribute trojanized apps. “Threat actors are exploiting the official in-app e-commerce platform through a dual attack strategy that combines phishing and malware to target users,” CTM360 said. “The core tactic involves…