Bootkitty: Analyzing the first UEFI bootkit for Linux
We Live Security
NOVEMBER 28, 2024
ESET's discovery of the first UEFI bootkit designed for Linux sendss an important message: UEFI bootkits are no longer confined to Windows systems alone.
Thu.Nov 28, 2024
134 
Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware
The Hacker News
NOVEMBER 28, 2024
A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday.
Join 28,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Trending Sources
T-Mobile detected network intrusion attempts and blocked them
Security Affairs
NOVEMBER 28, 2024
T-Mobile reported recent infiltration attempts but pointed out that threat actors had no access to its systems and no sensitive data was compromised. T-Mobile detected recent infiltration attempts but confirmed no unauthorized system access occurred, and no sensitive data was compromised. The carrier is investigating reports that are linking it to “ Salt Typhoon ” cyberattacks tied to Chinese state actors. “Like the entire telecommunications industry, T-Mobile has been closely
CVE-2024-42330 (CVSS 9.1): Zabbix Patches Critical Remote Code Execution Vulnerability
Penetration Testing
NOVEMBER 28, 2024
Popular open-source monitoring tool Zabbix has released urgent security updates to address a critical vulnerability that could allow attackers to execute arbitrary code on vulnerable systems. The vulnerability, tracked as... The post CVE-2024-42330 (CVSS 9.1): Zabbix Patches Critical Remote Code Execution Vulnerability appeared first on Cybersecurity News.
Prevent Data Breaches With Zero-Trust Enterprise Password Management
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner
The Hacker News
NOVEMBER 28, 2024
Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems.
Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC
Penetration Testing
NOVEMBER 28, 2024
Security researchers from TrustedSec have uncovered a critical zero-day vulnerability, CVE-2024-49019, affecting Active Directory Certificate Services (AD CS). This flaw exploits a feature of version 1 certificate templates, allowing attackers... The post Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC appeared first on Cybersecurity News.
Sign up to get articles personalized to your interests!
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
More Trending
APT trends report Q3 2024
SecureList
NOVEMBER 28, 2024
Kaspersky’s Global Research and Analysis Team (GReAT) has been releasing quarterly summaries of advanced persistent threat (APT) activity for over seven years now. Based on our threat intelligence research, these summaries offer a representative overview of what we’ve published and discussed in more detail in our private APT reports. They are intended to highlight the significant events and findings that we think are important for people to know about.
U.S. Citizen Sentenced for Spying on Behalf of China's Intelligence Agency
The Hacker News
NOVEMBER 28, 2024
A 59-year-old U.S. citizen who immigrated from the People's Republic of China (PRC) has been sentenced to four years in prison for conspiring to act as a spy for the country and sharing sensitive information about his employer with China's principal civilian intelligence agency.
Want an entire tech repair shop of tools in a single messenger bag? Get 20% off for Black Friday
Zero Day
NOVEMBER 28, 2024
The iFixit Repair Business Toolkit got a refresh in 2023. I've been using the kit for over a year. Here's what I have inside the bag now.
Zello urges users to reset passwords following a cyber attack
Security Affairs
NOVEMBER 28, 2024
Zello urges customers with accounts created before November 2 to reset passwords following a potential security breach. Zello is warning customers who have an account created before November 2 to reset their passwords, a circumstance that suggests that the incident took place on November 2. Zello is a tech software company in Austin, Texas, U.S., known for the Zello app, which emulates push-to-talk (PTT) walkie-talkies over cell phone networks.
Optimizing The Modern Developer Experience with Coder
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Instead of AirPods, I'd recommend Meta Ray-Bans as the best tech deal of Black Friday 2024
Zero Day
NOVEMBER 28, 2024
A special Black Friday Meta Ray-Bans deal delivers a rare discount up to 50% off. The smart glasses have audio nearly as good as a pair of AirPods, plus you get a fast camera and a hands-free AI assistant.
A cyberattack impacted operations at UK Wirral University Teaching Hospital
Security Affairs
NOVEMBER 28, 2024
UK’s Wirral University Teaching Hospital suffered a cyberattack that caused delays in appointments and procedures. Wirral University Teaching Hospital NHS Foundation Trust (WUTH) is an NHS Foundation Trust. It provides healthcare for people of the Wirral Peninsula and the surrounding areas of North West England and North Wales. The trust is responsible for Arrowe Park Hospital, Clatterbridge Hospital, and Wirral Women and Children’s Hospital.
Score a free Google Pixel 9 phone with this T-Mobile Black Friday deal
Zero Day
NOVEMBER 28, 2024
T-Mobile gives you a free Pixel 9 phone with qualifying trade-in or new line activation, with up to $800 back across 24 months of credits.
Integer Overflow Vulnerability in Windows Driver Enables Privilege Escalation, PoC Published
Penetration Testing
NOVEMBER 28, 2024
An independent researcher has uncovered a critical vulnerability in the ksthunk.sys driver, a component of the Windows operating system responsible for facilitating 32-bit to 64-bit process communications. The flaw, which... The post Integer Overflow Vulnerability in Windows Driver Enables Privilege Escalation, PoC Published appeared first on Cybersecurity News.
The Tumultuous IT Landscape Is Making Hiring More Difficult
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Future of Serverless Security in 2025: From Logs to Runtime Protection
The Hacker News
NOVEMBER 28, 2024
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration.
CVE-2024-11667: Critical Vulnerability in Zyxel Firewalls Actively Exploited
Penetration Testing
NOVEMBER 28, 2024
CERT Germany (CERT-Bund) and Zyxel have warned of actively exploiting a critical vulnerability in Zyxel firewalls. This vulnerability tracked as CVE-2024-11667, is being leveraged to deploy Helldown ransomware, with initial... The post CVE-2024-11667: Critical Vulnerability in Zyxel Firewalls Actively Exploited appeared first on Cybersecurity News.
Get a refurbished Amazon Fire HD 10 tablet for as little as $40 with this Black Friday deal
Zero Day
NOVEMBER 28, 2024
Save big this holiday season on an Amazon Fire HD 10 tablet that's perfect for a kid or casual use.
TikTok Takes Aim at Appearance-Altering Filters and Underage Users in Latest Safety Push
Penetration Testing
NOVEMBER 28, 2024
In a move driven by both legal pressures and growing concerns about the impact of social media on young people, TikTok has announced new measures to restrict the use of... The post TikTok Takes Aim at Appearance-Altering Filters and Underage Users in Latest Safety Push appeared first on Cybersecurity News.
The Cloud Development Environment Adoption Report
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
I've tested dozens of power banks. This one is in a class of its own and you can get it for $85
Zero Day
NOVEMBER 28, 2024
The Cuktech P-series power bank may look like something from a sci-fi movie, but its efficiency and premium build are very real. For Black Friday, Amazon has reduced the device to $85.
Zello urges users to reset passwords following a cyber attack
Security Affairs
NOVEMBER 28, 2024
Zello urges customers with accounts created before November 2 to reset passwords following a potential security breach. Zello is warning customers who have an account created before November 2 to reset their passwords, a circumstance that suggests that the incident took place on November 2. Zello is a tech software company in Austin, Texas, U.S., known for the Zello app, which emulates push-to-talk (PTT) walkie-talkies over cell phone networks.
The 30+ best Black Friday Samsung deals 2024
Zero Day
NOVEMBER 28, 2024
Black Friday is finally here, you can find serious discounts on Samsung products like TVs, smartphones, laptops, and more if you know where to look. We'll help you find the best deals.
Godot Engine Compromised: Malware Distributed via GodLoader
Penetration Testing
NOVEMBER 28, 2024
Check Point Research has identified the misuse of the Godot game engine—a popular, open-source tool for game development—as a platform for distributing malware. Dubbed GodLoader, this novel technique highlights how... The post Godot Engine Compromised: Malware Distributed via GodLoader appeared first on Cybersecurity News.
Bringing the Cybersecurity Imperative Into Focus
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Google's Pixel 8a is an AI phone well worth its price point, and it's on sale for Black Friday
Zero Day
NOVEMBER 28, 2024
Google's Pixel 9 may have taken over the spotlight, but the Pixel 8a remains a solid mid-range smartphone with a handful of the same AI features found in the newer models. It's available now for $100 off.
Evasive Malware Campaign Leverages CleverSoar Installer & Nidhogg Rootkit
Penetration Testing
NOVEMBER 28, 2024
Rapid7 Labs has uncovered a sophisticated malware campaign employing the newly identified CleverSoar installer, a highly evasive threat targeting Chinese and Vietnamese-speaking users. With advanced evasion techniques and layered malicious... The post Evasive Malware Campaign Leverages CleverSoar Installer & Nidhogg Rootkit appeared first on Cybersecurity News.
Data broker exposes 600,000 sensitive files including background checks
Malwarebytes
NOVEMBER 28, 2024
A researcher has discovered a data broker had stored 644,869 PDF files in a publicly accessible cloud storage container. The 713.1 GB container (an Amazon S3 bucket ) did not have password-protection, and the data was left unencrypted, so anybody who stumbled on them could read the files. The files not only contained thousands of people’s vehicle records (license plate and VIN) and property ownership reports, but also criminal histories, and background checks.
One of the best budget Android tablets is not from Samsung and it's on sale for Cyber Week
Zero Day
NOVEMBER 28, 2024
If you want a tablet for normal use and entertainment for under $200, the AGM Pad P2 is my recommendation. The rugged version is also on sale ahead of Black Friday.
Introducing CDEs to Your Enterprise
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Malicious npm Packages Threaten Crypto Developers: Keylogging and Wallet Theft Revealed
Penetration Testing
NOVEMBER 28, 2024
Researchers at Socket have uncovered a malicious campaign targeting crypto developers. The attacker, operating under the pseudonym “topnotchdeveloper12”, has published three malicious npm packages—crypto-keccak, crypto-jsonwebtoken, and crypto-bignumber—that mimic legitimate cryptographic... The post Malicious npm Packages Threaten Crypto Developers: Keylogging and Wallet Theft Revealed appeared first on Cybersecurity News.
Hulu's $1 Black Friday deal is back: Get 1 year of Hulu for $1 a month
Zero Day
NOVEMBER 28, 2024
Hulu's annual Black Friday deal ends Monday, so don't miss out on this chance to get a monthly subscription to the streaming service for just $1 for your first year.
Scams to look out for this holiday season
We Live Security
NOVEMBER 28, 2024
‘Tis the season to be wary – be on your guard for fraud doing the rounds during the holiday sales surge
How I bought the Meta Ray-Bans for 20% off on Black Friday - and got an Amazon gift card too
Zero Day
NOVEMBER 28, 2024
Consistent feature updates, a rare discount, and a free $90 Amazon gift card make the Meta Ray-Ban smart glasses a no-brainer purchase for me this holiday season.
IT Leadership Agrees AI is Here, but Now What?
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Let's personalize your content