BadRAM Attack Uses $10 Equipment to Break AMD Processor Protections
A new attack named BadRAM exploits $10 off-the-shelf tools to bypass AMD’s Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) protections. Researchers from KU Leuven, University of Lubeck, and the University of Birmingham revealed the attack manipulates memory module SPD chips to create aliasing in physical address spaces. This bypass allows attackers to tamper with or replay encrypted data, compromising SEV-SNP’s guarantees. AMD has released firmware updates (CVE-2024-21944) to mitigate the issue, and experts advise using SPD-locked memory modules for enhanced security. Read more.
Google Pays $55,000 for High-Severity Chrome Browser Bug
Google issued a Chrome update fixing three vulnerabilities, including a type confusion flaw (CVE-2024-12381) in the V8 JavaScript engine. This bug, which earned a $55,000 bounty, could allow remote code execution, posing significant risks. The update also addressed a use-after-free issue in the Translate component. Users are strongly advised to update Chrome to the latest version to prevent exploitation. Learn more.
Atlassian, Splunk Patch High-Severity Vulnerabilities
Atlassian and Splunk have released critical updates for their platforms. Atlassian patched dependency flaws affecting Bamboo, Bitbucket, and Confluence, while Splunk resolved a deserialization vulnerability (CVE-2024-53247) in its Secure Gateway app. Users should apply these updates immediately to mitigate potential threats. Details here.
Cleo Vulnerability Exploitation Linked to Termite Ransomware Group
The Termite ransomware group has exploited a vulnerability (CVE-2024-50623) in Cleo’s enterprise file transfer tools, compromising over 1,700 servers. The flaw enables unrestricted file uploads and remote code execution. Cleo plans additional patches to resolve the issue completely. Full story.
Google’s Willow Chip Signals the Urgency of Post-Quantum Cryptography Migration
Google's Willow chip marks a milestone in quantum computing with below-threshold error correction, enabling scalable quantum operations. This advance, while not yet reaching cryptographically relevant levels, underscores the urgency of transitioning to post-quantum encryption standards. Explore the breakthrough.
446,000 Impacted by Center for Vein Restoration Data Breach
A cyberattack on the Center for Vein Restoration exposed personal, medical, and financial data of over 446,000 individuals. The breach highlights persistent vulnerabilities in healthcare systems. The organization is offering affected individuals identity theft protection. Incident details.
ICS Patch Tuesday: Siemens, Schneider, CISA Release Critical Updates
This month’s ICS Patch Tuesday includes critical fixes from Siemens, Schneider Electric, and CISA. Vulnerabilities range from CSRF flaws in Siemens devices to code execution bugs in Schneider products. Organizations are urged to update systems promptly. Read the advisories.
Ivanti Patches Critical Flaws in Connect Secure, Cloud Services Application
Ivanti addressed critical vulnerabilities, including an authentication bypass (CVE-2024-11639) in its Cloud Services Application. These flaws could enable remote code execution and compromise enterprise systems. Patches are now available for affected users. Patch details.
US Charges, Sanctions Chinese Man Accused of Sophos Firewall Hacking
The United States has charged and sanctioned Guan Tianfeng, a Chinese national allegedly linked to a sophisticated hacking campaign targeting Sophos firewalls. According to the Department of Justice (DOJ), Guan exploited a zero-day vulnerability, CVE-2020-12271, compromising over 81,000 firewall devices globally, including those used by U.S. government agencies. These attacks, attributed to Chinese state-sponsored actors, were facilitated through Sichuan Silence Information Technology, a firm linked to China's Ministry of Public Security.
Sophos' investigation revealed the attackers' use of advanced custom implants, leading to their identification. The Treasury Department has also sanctioned Guan and Sichuan Silence, while the State Department is offering up to $10 million for information on Guan's whereabouts. Guan has been added to the FBI's Cyber’s Most Wanted list.
This action underscores growing tensions between the U.S. and China in the cybersecurity domain. Sophos praised the move, stating it disrupts operations of high-profile threat actors. Read more from Sophos and SecurityWeek.
Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day
Microsoft has issued patches addressing 70 security vulnerabilities, including the actively exploited CLFS zero-day flaw (CVE-2024-49138). This vulnerability, with a CVSS score of 7.8, allows attackers to gain SYSTEM privileges via a heap-based buffer overflow. CrowdStrike, which discovered the flaw, highlighted its use in targeted attacks.
Microsoft has faced a surge of vulnerabilities within CLFS, with at least 25 documented issues over the past five years. The company announced plans to integrate HMAC security mitigations to detect unauthorized modifications in CLFS log files. Other critical fixes include CVE-2023-44487, which addressed HTTP/2 Rapid Reset DoS attacks, and CVE-2024-49112, an LDAP bug with a CVSS score of 9.8.
For further technical details and update guidance, visit Microsoft’s Security Response Center.
Adobe Patches Over 160 Vulnerabilities Across 16 Products
Adobe’s December updates addressed over 160 vulnerabilities across 16 products, including critical flaws in Experience Manager, Animate, and Acrobat. A high-severity issue in Experience Manager (CVE-2024-43711) and multiple code execution vulnerabilities in Connect and Animate are among the highlights.
While Adobe reported no active exploitation of these flaws, security experts urge users to promptly apply the updates. For a detailed breakdown of affected products, visit Adobe’s Security Bulletin.
Wald.ai Raises $4M in Seed Funding to Protect Data in AI Assistant Conversations
Wald.ai, a Palo Alto startup, secured $4 million in seed funding to develop its contextual AI and data protection platform. The solution allows enterprises to use AI assistants like ChatGPT securely by redacting sensitive information during processing.
The platform is already gaining traction in healthcare, finance, and legal sectors. Learn more about Wald.ai’s innovative approach from TechCrunch.
Cleo File Transfer Tool Vulnerability Exploited in Wild
Huntress has warned that CVE-2024-50623, a vulnerability in Cleo's file transfer tools, is being exploited in the wild. Despite a prior patch, threat actors have bypassed protections, targeting enterprises in industries like logistics and consumer goods.
The attacks bear similarities to previous MOVEit campaigns, with attackers engaging in post-exploitation reconnaissance. Cleo is expected to release a new patch midweek. Visit Huntress for the latest updates and mitigation steps.
SAP Patches Critical Vulnerability in NetWeaver
SAP’s December Patch Day addressed nine new and four updated vulnerabilities, including a critical issue in NetWeaver AS for JAVA (CVE-2024-47578). The flaw could allow attackers to execute arbitrary commands on internal systems. Onapsis, a leading SAP security firm, has urged immediate updates. Read more from Onapsis and SAP.
Microsoft Bets $10,000 on Prompt Injection Protections of LLM Email Client
Microsoft’s LLMail-Inject challenge offers $10,000 in prizes for researchers who can bypass prompt injection defenses in its LLM-based email client. The initiative tests advanced security measures like PromptShield and TaskTracker. Interested participants can register via GitHub. Learn more at Microsoft Research.
Astrix Security Banks $45M Series B to Secure Non-Human Identities
Astrix Security raised $45 million in Series B funding, bringing total investments to $85 million. The Tel Aviv-based company focuses on securing non-human identities like API keys and service accounts, addressing a critical gap in identity and access management. Read Astrix’s vision at Astrix Security.
Cisco Says Flaws in Industrial Routers, BGP Tool Remain Unpatched
Cisco Talos disclosed unpatched vulnerabilities in MC Technologies' routers and the GoCast BGP tool. The flaws, initially reported eight months ago, remain unresolved, posing significant risks to industrial systems. Read Cisco Talos’ findings at Cisco Talos.
Microsoft Rolls Out Default NTLM Relay Attack Mitigations
Microsoft has introduced default protections against NTLM relay attacks in Exchange Server 2019 and Windows Server 2025. Extended Protection for Authentication (EPA) is now enabled by default, mitigating risks tied to NTLM coercion vulnerabilities. Read Microsoft’s announcement at Microsoft Tech Community.
$50 Million Radiant Capital Heist Blamed on North Korean Hackers
Radiant Capital confirmed a $50 million DeFi heist attributed to North Korean threat group UNC4736. The attack leveraged malware-infected devices during multi-signature processes. Mandiant linked the breach to Pyongyang’s Reconnaissance General Bureau. For insights, visit Mandiant.
Cisco Faces Heat Over Unpatched Industrial Router, BGP Tool Flaws for 8 Months
Cisco Talos has revealed critical vulnerabilities in MC Technologies’ industrial router and the GoCast BGP tool that remain unpatched eight months after disclosure. Four high-severity flaws in the MC LR router’s web interface allow arbitrary command injection by authenticated attackers, while three critical issues in GoCast expose it to unauthenticated exploits. These vulnerabilities enable malicious actors to execute arbitrary commands via specially crafted HTTP requests. SecurityWeek reports that technical details are public, and vendors have yet to respond. Read more at SecurityWeek.
Krispy Kreme Cyberattack Shuts Down Online Ordering Systems
Krispy Kreme disclosed a cyberattack in late November, disrupting online orders across the U.S. The doughnut giant assures its physical stores remain operational. The SEC filing indicates potential material business impact and highlights the importance of cybersecurity insurance. Despite proactive steps and hired experts, no attacker group has claimed responsibility. Cyber experts urge robust incident response plans as such attacks escalate. Read more at BBC News.
Microsoft Windows Zero-Day Exploited; CISA Urges Immediate Updates
Microsoft confirms active exploitation of CVE-2024-49138, a zero-day vulnerability impacting all Windows editions back to Server 2008. The heap-based buffer overflow flaw in the Common Log File System driver poses critical risks, with potential ransomware implications. Both Microsoft and CISA urge immediate system updates to mitigate threats. Read more at Forbes.
SEC Cyber Reporting Rule Spurs 71 Filings, Lacks Useful Details
In 11 months since its implementation, the SEC cyber incident reporting rule has generated 71 filings, with less than 20% detailing material impacts. Research from BreachRx reveals companies are slow to comply and rely on generic disclosures. The rule aims to increase transparency and incident response efficiency. Read more at Industry Dive.
2025 U.S. Administration Shift to Reshape Cybersecurity and AI
As the U.S. prepares for a new administration in 2025, cybersecurity experts predict deregulation may foster AI innovation but weaken cyber defenses. National strategies could prioritize critical infrastructure protection while pushing public-private partnerships. However, ransomware and AI-driven threats remain key concerns for cybersecurity leaders. Read more at Gartner.
Dutch Seaports Launch National Cybersecurity Platform to Combat Threats
FERM Foundation, initially operational in Rotterdam, will expand nationwide to protect Dutch seaports against escalating cyber threats. The platform fosters collaboration between ports, private firms, and government entities, with CISO Marijn van Schoote leading the initiative starting January 2025. Read more at Marlink.
Moody’s Predicts Higher Credit Risks Amid AI-Powered Ransomware Surge
Cybercriminals are targeting larger firms with AI-enhanced ransomware attacks, raising credit risks in 2025, according to Moody’s. Stolen credentials, third-party breaches, and generative AI are fueling these threats, while deregulation under the new U.S. administration could exacerbate vulnerabilities. Read more at Moody’s.
Microsoft Azure MFA Vulnerability Exposed 400 Million Accounts
Oasis Security uncovered “AuthQuake,” a flaw in Azure’s MFA that enabled attackers to bypass protections, affecting millions of Office 365 users. Microsoft implemented permanent fixes after months of mitigation efforts. Experts emphasize the need for stringent MFA security practices. Read more at ThreatPost.
Snowflake to Mandate Multi-Factor Authentication by Late 2025
Snowflake announced it will phase out single-factor authentication starting April 2025, with full implementation by November. This move follows a series of attacks exploiting weak credentials, emphasizing the importance of secure authentication methods across cloud services. Read more at CISA.
VC Funding for AI Cybersecurity Startups Surges to $2.6 Billion
AI and cybersecurity intersect as venture capital pours $2.6 billion into startups in 2024. Companies like Cyera and Abnormal Security lead funding rounds, leveraging AI to tackle data protection, ransomware, and identity threats, reflecting industry-wide adoption of AI-driven cyber defenses. Read more at Crunchbase.
Gen Digital Acquires MoneyLion for $1 Billion
Cybersecurity leader Gen Digital expands its portfolio with the acquisition of MoneyLion, integrating fintech capabilities to enhance user identity protection and financial wellness. The deal highlights growing synergies between cybersecurity and fintech sectors. Read more at FinTech News.
USDA Enhances Cybersecurity with Threat Intelligence Dashboards
The USDA is leveraging advanced threat intelligence dashboards to bolster cybersecurity defenses. These tools aid in identifying anomalies, managing incident responses, and securing critical agricultural infrastructure through partnerships with DHS and private entities. Read more at Federal News Network.
Zloader Malware Adds DNS Tunneling, Interactive Shell for Ransomware Attacks
Researchers uncovered new capabilities in Zloader malware, including DNS tunneling for C2 communication and an interactive shell for executing ransomware attacks. These enhancements underline Zloader’s role as a major threat in initial access for ransomware operators. Read more at ThreatLabz.
Chrome Security Update Patches Three High-Severity Vulnerabilities
Google has issued a critical Chrome update, addressing vulnerabilities in its V8 JavaScript engine and Translate feature. The update underscores Chrome’s commitment to maintaining robust browser security against evolving cyber threats. Read more at Google Security Blog.