"Governance in DevOps:  Ensuring compliance in the AI Era."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 16 December 2024, 1330 UTC.

Content and Source:  Compiled by https://feedly.com.   https://feedly.com/i/collection/content/user/f401222a-bca6-4c45-9cc1-183f239e8d86/category/7737d3c9-5fe2-4b34-8708-85e57085f895

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security News Bundle

31

Most popular

Data Governance in DevOps: Ensuring Compliance in the AI Era

48The Hacker News / 2h

With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, we’ll explore the concept of CI/CD pipeline governance and why it's vital, especially as AI becomes

Keepit Raises $50 Million for SaaS Data Protection Solution

Keepit named leader in data protection

•

SecurityWeek / 41min

Denmark-based data protection company Keepit has raised $50 million, which brings the total investment to $90 million. The post appeared first on SecurityWeek .

Schools Need Improved Cyber Education (Urgently)

IT Security Guru / 1h

New research by Keeper Security has revealed a concerning disconnect between parental trust and the actual cybersecurity practices happening in their children’s schools. While many parents believe schools are protecting their children’s sensitive information, only 14% of schools mandate security awareness training, and a mere 21% provide guidance on secure password management. This gap poses sign

Today

CVE Assigned to Cleo Vulnerability as Cl0p Ransomware Group Takes Credit for Exploitation

4 TTPs

•

SecurityWeek / 18min

The Cl0p ransomware group has taken credit for exploitation of the Cleo product vulnerability tracked as CVE-2024-55956. The post appeared first on SecurityWeek .

900,000 People Impacted by ConnectOnCall Data Breach

SecurityWeek / 41min

ConnectOnCall has disclosed a data breach impacting the personal information of more than 900,000 individuals. The post appeared first on SecurityWeek .

Only 41% of Businesses Have Programs in Place to Hire More Women in Tech

IT Security Guru / 2h

New research from ISACA has revealed that the majority (87%) of IT professionals agree that there is a lack of gender diversity in the cybersecurity sector, yet less than half (41%) of businesses have programmes in place to hire more women. Whilst troublesome, these stats are not necessarily surprising. What’s more, 74% of businesses noted that attracting and retaining talent is a challenge. The

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

7 TTPs

•

44The Hacker News / 3h

Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. "The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest

New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

16 TTPs

•

58The Hacker News / 3h

•

Glutton Trojan targets PHP frameworks

Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa. QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti (

Yesterday

Dell's latest XPS 13 hits the sweet spot of performance and value for me. Here's why

ZDNet | Security / 4h

The Dell XPS 13 (9350) with Intel's 'Lunar Lake' delivers similar performance to the Snapdragon version, but it's significantly more affordable.

Multiple flaws in Volkswagen Group’s infotainment unit allow for vehicle compromise

5 TTPs

•

Security Affairs / 4h

•

Skoda cars vulnerable to hacking

Researchers discovered multiple flaws in the infotainment systems of Volkswagen Group vehicles that could allow to track them in real-time. A team of security researchers from cybersecurity firm PCAutomotive discovered multiple vulnerabilities in the infotainment units used in some vehicles of the Volkswagen Group. Remote attackers can exploit the flaws to achieve certain controls and track the l

Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

2 TTPs

•

76The Hacker News / 6h

The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia's Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of "quest games." Law enforcement officials said that it detained two FSB agent groups following a special operation in Kharkiv. These groups, per the agency,

Are your Prometheus servers and exporters secure? Probably not

8 TTPs

•

The Register – Security / 13h

•

300K Prometheus instances exposed online

Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more Infosec in brief There's a problem of titanic proportions brewing for users of the Prometheus open source monitoring toolkit: hundreds of thousands of servers and exporters are exposed to the internet, creating significant security risks and leaving organizations vulnerable to attack.…

Clop ransomware claims responsibility for Cleo data theft attacks

6 TTPs

•

52BleepingComputer / 17h

•

CISA warns of Cleo bug exploitation

The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data. [...]

Winnti hackers target other threat actors with new Glutton PHP backdoor

12 TTPs

•

52BleepingComputer / 17h

•

Glutton Trojan targets PHP frameworks

​The Chinese Winnti hacking group is using a new PHP backdoor named 'Glutton' in attacks on organizations in China and the U.S., and also in attacks on other cybercriminals. [...]

PUMAKIT, a sophisticated rootkit that uses advanced stealth mechanisms

5 TTPs

•

Security Affairs / 21h

•

Pumakit Linux rootkit malware discovered

Researchers discovered PUMAKIT, a Linux rootkit capable of hiding files, escalating privileges, and evading system tools and detection. Elastic Security Lab researchers discovered a new loadable kernel module (LKM) rootkit called PUMAKIT that supports advanced evasion mechanisms. PUMAKIT features a multi-stage design including a dropper, memory-resident executables, and a rootkit. It leverages an

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 24

Security Affairs / 1d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. PROXY.AM Powered by Socks5Systemz Botnet AppLite: A New AntiDot Variant Targeting Mobile Employee Devices Inside Zloader’s Latest Trick: DNS Tunneling BSI points out pre-installed malware on IoT devices Declawing PUMAKIT Image-Based Malware Classification Using QR

Security Affairs newsletter Round 502 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs / 1d

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. IOCONTROL cyberweapon used to target infrastructure in the US and Isreael U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited V

Dec 14, 2024

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

10 TTPs

•

Security Affairs / 1d

•

Iranian malware IOCONTROL targets IoT systems

Iran-linked threat actors target IoT and OT/SCADA systems in US and Israeli infrastructure with IOCONTROL malware. Claroty’s Team82 obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by the Iran-linked threat actors to target devices in infrastructure located in Israel and U.S.. According to the experts Iran-linked threat group CyberAv3ngers reportedly targeted fuel manageme

390,000 WordPress accounts stolen from hackers in supply chain attack

16 TTPs

•

33BleepingComputer / 1d

•

390000 WordPress credentials stolen

A threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker. [...]

U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog

CVE-2024-50623

•

Security Affairs / 1d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2024-50623 (CVSS score 8.8), which impacts multiple Cleo products to its Known Exploited Vulnerabilities (KEV) catalog . “Cleo has identified an unrest

Private Internet Access review: Our favorite open-source VPN

29ZDNet | Security / 2d

Private Internet Access is a solid, lower-cost premium VPN service with flexible settings to customize your security.

Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action

4 TTPs

•

53The Hacker News / 2d

•

Germany blocks 30000 BadBox devices

Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between the devices and their command-and-control (C2) servers by sinkholing the domains

Bitdefender Total Security review: One of the top antivirus options you can buy

ZDNet | Security / 2d

Bitdefender bundles antivirus and anti-malware with other digital privacy tools to keep you safer. Here's how it works.

5 ways AI is changing baseball - and big data is up at bat

ZDNet | Security / 2d

How the Texas Rangers use artificial intelligence and big data to create a competitive advantage.

Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques

20 TTPs

•

26The Hacker News / 2d

Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil Hegde, senior engineer for Netskope's Security Efficacy team, told The Hacker News. "The Yokai backdoor itself is not

Dec 13, 2024

Russian cyberspies target Android users with new spyware

5 TTPs

•

26BleepingComputer / 2d

•

Gamaredon deploys Android spyware tools

Russian cyberspies Gamaredon has been discovered using two Android spyware families named 'BoneSpy' and 'PlainGnome' to spy on and steal data from mobile devices. [...]

End of feed