Risk Discovery

DarkReading

It's Near-Unanimous: AI, ML Make the SOC Better

China's 'Liminal Panda' APT Attacks Telcos, Steals Phone Data

Alleged Ford 'Breach' Encompasses Auto Dealer Info

Apple Urgently Patches Actively Exploited Zero-Days

Small US Cyber Agencies Are Underfunded & That's a Problem

'Water Barghest' Sells Hijacked IoT Devices for Proxy Botnet Misuse

African Reliance on Foreign Suppliers Boosts Insecurity Concerns

DeepTempo Launches AI-Based Security App for Snowflake

RIIG Launches With Risk Intelligence Solutions

SWEEPS Educational Initiative Offers Application Security Training

Ars Technica

Google stops letting sites like Forbes rule search for “Best CBD Gummies“

A year after ditching waitlist, Starlink says it is “sold out” in parts of US

Niantic uses Pokémon Go player data to build AI navigation system

Join us today for Ars Live: Our first encounter with manipulative AI

AI-generated shows could replace lost DVD revenue, Ben Affleck says

ChatGPT’s success could have come sooner, says former Google AI researcher

IBM boosts the amount of computation you can get done on quantum hardware

New secret math benchmark stumps AI models and PhDs alike

Is “AI welfare” the new frontier in ethics?

Claude AI to process secret government data through new Palantir deal

CyberScoop

CISOs can now obtain professional liability insurance

US charges five men linked to ‘Scattered Spider’ with wire fraud

Vulnerability disclosure policy bill for federal contractors clears Senate panel

Sen. Blumenthal wants FCC to get busy on telecom wiretap security rules

Microsoft launches ‘Zero Day Quest’ competition to enhance cloud and AI security

Bipartisan Senate bill targets supply chain threats from foreign adversaries

Rail and pipeline representatives push to dial back TSA’s cyber mandates

Attackers are hijacking Jupyter notebooks to host illegal Champions League streams

Botnet serving as ‘backbone’ of malicious proxy network taken offline

How to remove the cybersecurity gridlock from the nation’s energy lifelines

HITBSecNews

WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme

CISA Director Jen Easterly, in Place Since 2021, to Step Down

Man sick of crashes sues Intel for allegedly hiding CPU defects

North Korean hackers target cryptocurrency with malware

Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Here’s the paper no one read before declaring the demise of modern cryptography

OpenAI launches ChatGPT with Search, taking Google head-on

Chinese attackers accessed Canadian government networks – for five years

Youth of today say passwords are old news, passkeys are the future

SecurityWeek

Risk Intelligence Startup RIIG Raises $3 Million

Twine Snags $12M for AI-Powered ‘Digital Employees’ Tech

Surf Security Adds Deepfake Detection Tool to Enterprise Browser

D-Link Warns of RCE Vulnerability in Legacy Routers

CISA Warns of Progress Kemp LoadMaster Vulnerability Exploitation

GitHub Launches Fund to Improve Open Source Project Security

Cyera Raises $300 Million at $3 Billion Valuation

Oracle Patches Exploited Agile PLM Zero-Day

Ford Blames Third-Party Supplier for Data Breach

Apple Confirms Zero-Day Attacks Hitting macOS Systems

ZDNet

Why I recommend the Blink Mini 2 security camera over the Wyze Cam (and it's only $30 right now)

Update your iPhone, iPad, and Mac now to patch these serious zero-day security flaws

'Scam yourself' attacks just increased over 600% - here's what to look for

Microsoft offers $4 million in AI and cloud bug bounties - how to qualify

Microsoft to tighten Windows security dramatically in 2025 - here's how

How to clear your Google search cache on Android (and why you should)

The best password manager for Mac in 2024: Expert tested

Gen AI could speed up coding, but businesses should still consider risks

Proton VPN review: A very solid free VPN with robust leak protection

The best secure browsers for privacy in 2024: Expert tested

The Hacker News

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

NHIs Are the Future of Cybersecurity: Meet NHIDR

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices

Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

BleepingComputer

Fintech giant Finastra investigates data breach after SFTP hack

MITRE shares 2024's top 25 most dangerous software weaknesses

US charges five linked to Scattered Spider cybercrime gang

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root

Microsoft confirms game audio issues on Windows 11 24H2 PCs

New Ghost Tap attack abuses NFC mobile payments to steal money

Amazon and Audible flooded with 'forex trading' and warez listings

Apple fixes two zero-days used in attacks on Intel-based Macs

CISA tags Progress Kemp LoadMaster flaw as exploited in attacks

Ford investigates alleged breach following customer data leak

gbhackers

ANY.RUN Sandbox Automates Interactive Analysis of Complex Cyber Attack Chains

Rekoobe Backdoor In Open Directories Possibly Attacking TradingView Users

Water Barghest Botnet Comprised 20,000+ IoT Devices By Exploiting Vulnerabilities

North Korean IT Worker Using Weaponized Video Conference Apps To Attack Job Seakers

Hackers Hijacked Misconfigured Servers For Live Streaming Sports

Volt Typhoon Attacking U.S. Critical Infra To Maintain Persistent Access

Microsoft Ignite New 360-Degree Details Attackers Tools & Methods

Trend Micro Deep Security Vulnerable to Command Injection Attacks

CISA Warns Kemp LoadMaster OS Command Injection Vulnerability Exploited in Attacks

Phobos Ransomware Admin as Part of International Hacking Operation

Cybersecurity Dive

Security awareness and training is a method, not an outcome

Attackers wield password-spray attacks to zero-in on targets, research finds

HHS facing challenges as lead agency for healthcare cybersecurity: GAO

Palo Alto Networks customers grapple with another actively exploited zero-day

Federal probe finds vulnerabilities across more than 300 US water systems

AI training vendor iLearningEngines discloses cyberattack in wake of SEC probe

Splunk accelerates Cisco’s security business as core networking sales decline

Easterly to step down from CISA director role on Inauguration Day

Countering multidimensional threats: lessons learned from the 2024 election

Palo Alto Networks’ customer migration tool hit by trio of CVE exploits

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

CISA News

CISA Releases Venue Guide for Security Considerations

CISA Launches New Learning Platform to Enhance Training and Education U.S. Veterans and Other Stakeholders

Joint Statement from FBI and CISA on the People's Republic of China (PRC) Targeting of Commercial Telecommunications Infrastructure

CISA Kicks Off Critical Infrastructure Security and Resilience Month 2024

Statement from CISA Director Easterly on the Security of the 2024 Elections

Joint Statement from CISA and EAC in Support of State and Local Election Officials

Joint ODNI, FBI, and CISA Statement

Joint ODNI, FBI, and CISA Statement on Russian Election Influence Efforts

CISA Releases Its First Ever International Strategic Plan

CISA Launches #PROTECT2024 Election Threat Updates Webpage

The Register

Mega US healthcare payments network restores system 9 months after ransomware attack

Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed

D-Link tells users to trash old VPN routers over bug too dangerous to identify

Data is the new uranium – incredibly powerful and amazingly dangerous

Healthcare org Equinox notifies 21K patients and staff of data theft

China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer

Russian suspected Phobos ransomware admin extradited to US over $16M extortion

America's drinking water systems have a hard-to-swallow cybersecurity problem

Palo Alto Networks tackles firewall-busting zero-days with critical patches

Navigating third-party risks

VentureBeat

The graph database arms race: How Microsoft and rivals are revolutionizing cybersecurity

Goodbye cloud, Hello phone: Adobe’s SlimLM brings AI to mobile devices

Microsoft debuts custom chips to boost data center security and power efficiency

AnyChat brings together ChatGPT, Google Gemini, and more for ultimate AI flexibility

3 leadership lessons we can learn from ethical hackers

What Okta’s failures say about the future of identity security in 2025

Google Gemini unexpectedly surges to No. 1, over OpenAI, but benchmarks don’t tell the whole story

Anthropic’s new AI tools promise to simplify prompt writing and boost accuracy by 30%

Securing the AI frontier: Protecting enterprise systems against AI-driven threats

This startup’s AI platform could replace 90% of your accounting tasks—here’s how

TechCrunch

US charges five accused of multi-year hacking spree targeting tech and crypto giants

Fintech giant Finastra confirms it’s investigating a data breach

Portugal’s Tekever raises $74M for dual-use drone platform deployed to Ukraine

UK open to social media ban for kids as government kicks off feasibility study

Apple says Mac users targeted in zero-day cyberattacks

PSA: You shouldn’t upload your medical images to AI chatbots

GitHub launches $1.25M open source fund with a focus on security

YC-backed Formal brings a clever security reverse-proxy out of stealth

US extradites Russian accused of extorting millions in Phobos ransomware payments

Microsoft to launch new custom chips for data processing, security

Network World Security

Top 5 fastest-growing cities for data centers

Cisco: Pressure to deploy AI is up, but only 13% feel ready

Network jobs watch: Hiring, skills and certification trends

OpenTelemetry certification launches

EU industry group has its eye on Microsoft’s cloud business

NetOps startup Selector AI wants to solve the network noise problem

Germany blames ‘sabotage’ as two undersea fiber cables cut in the Baltic Sea

IBM deal brings AMD Instinct accelerators to IBM Cloud

2024 global network outage report and internet health check

Cato Networks adds TLS inspection capabilities to SASE platform

Help Net Security

GitHub Secure Open Source Fund: Project maintainers, apply now!

Oracle Linux 9 Update 5 brings security updates, OpenJDK 17, .NET 9.0

Quantum DXi9200 helps organizations manage and reduce cybersecurity risks

Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308)

ArmorCode unifies application security with infrastructure vulnerability management

Tanium Cloud Workloads provides visibility and protection for containerized environments

OpenText Cloud Editions 24.4 blends AI with secure data connectivity

Exabeam and Wiz join forces to improve cloud security

Arkose Device ID detects suspicious activity patterns

Yubico Enrollment Suite boosts security for Microsoft users

SC Magazine

Energy and Commitment - Umaimah Khan - FS #5

GAO finds gaps in TSA's cybersecurity efforts

Progress Kemp LoadMaster, PAN-OS bugs added to CISA exploited vulnerabilities catalog

Meow, INC Ransom gangs leak San Francisco Ballet Company data

Misconfigured Jupyter Notebooks leveraged for illicit sports streaming

Over 21K Equinox patients, staff impacted by LockBit-claimed attack

Alleged Finastra breach under investigation

Malicious NSOCKS proxy service-powering botnet dismantled

How to incentivize – not just mandate – MFA

Semperis HIP conference tries to diagnose healthcare cybersecurity

InfoSecurity Magazine

Five Privilege Escalation Flaws Found in Ubuntu needrestart

60% of Emails with QR Codes Classified as Spam or Malicious

Chinese APT Group Targets Telecom Firms Linked to Belt and Road Initiative

Apple Issues Emergency Security Update for Actively Exploited Vulnerabilities

OWASP Warns of Growing Data Exposure Risk from AI in New Top 10 List for LLMs

Hackers Hijack Jupyter Servers for Sport Stream Ripping

One Deepfake Digital Identity Attack Strikes Every Five Minutes

Cybercriminals Exploit Weekend Lull to Launch Ransomware Attacks

CISA Chief Jen Easterly Set to Step Down on January 20

T-Mobile Breached in Major Chinese Cyber-Attack on Telecoms

© 2024 RiskDiscovery | Sponsored by: Deception Logic