Sunday, December 22, 2024

Zero-day exploited in the wild.

Must read

A zero-day affects Samsung mobile processors. A critical vulnerability is discovered in the OneDev DevOps platform. German authorities warn against vulnerable industrial routers. The Bumblebee loader buzzes around corporate networks. Ghostpulse hides payloads in PNG files. A Michigan chain of dental centers agrees to a multimillion dollar data breach settlement. A White House proposal tamps down international data sharing. Fortinet is reportedly patching an as-yet undisclosed severe vulnerability. In our Threat Vector segment, host David Moulton speaks with Nathaniel Quist about cloud extortion operations, the rise of ransomware attacks, and the challenges businesses face in securing public cloud environments. Russian deepfakes spread election misinformation. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

In this segment of the Threat Vector podcast, host David Moulton, Director of Thought Leadership at Palo Alto Networks, speaks with Nathaniel Quist, Manager of Cloud Threat Intelligence at Cortex & Unit 42. David and Nathaniel discuss recent cloud extortion operations, the rise of ransomware attacks, and the challenges businesses face in securing public cloud environments. You can hear the full discussion here and catch new episodes of Threat Vector every Thursday on your favorite podcast app. 

Selected Reading

Google Warns of Samsung Zero-Day Exploited in the Wild (SecurityWeek)

Critical OneDev DevOps Platform Vulnerability Let Attacker Read Sensitive Data (Cyber Security News)

Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks (SecurityWeek)

Hackers Use Bumblebee Malware to Gain Access to Corporate Networks (GB Hackers)

CISA Adds Sciencelogic SL1 Unspecified Vulnerability to KEV Catalog (Cyber Security News)

Pixel perfect Ghostpulse malware loader hides inside PNG image files (The Register)

Dental Center Chain Settles Data Breach Lawsuit for $2.7M (BankInfo Security)

Biden administration proposes new rules governing data transfers to adversarial nations (The Record)

Fortinet issues private notifications to FortiManager customers to patch an undisclosed flaw (Beyond Machines)

Russian Propaganda Unit Appears to Be Behind Spread of False Tim Walz Sexual Abuse Claims (WIRED)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Latest article