Key Points :
A data breach has compromised personal information from Indonesian sources. The incident raises significant concerns about user privacy and data security. Authorities are urged to investigate the breach and enhance cybersecurity measures.…Summary: The Apache Software Foundation has issued critical security updates for Apache Tomcat to address two significant vulnerabilities, including one that could allow remote code execution. Users are urged to update their installations to mitigate potential risks.
Threat Actor: Unknown | unknown Victim: Apache Tomcat Users | Apache Tomcat Users
Key Point :
Vulnerability CVE-2024-50379 allows remote code execution if the default servlet is misconfigured.…Summary: Nova, a newly identified variant of the Snake Keylogger family, employs sophisticated techniques to steal sensitive information while avoiding detection. Its advanced capabilities pose significant challenges in the realm of cybersecurity, particularly in credential theft and data exfiltration.
Threat Actor: Unknown | Nova Victim: Individuals and organizations | individuals and organizations
Key Point :
Nova gathers detailed victim information through network behavior, including public IP and geographical location.…Summary: AhnLab Security Intelligence Center (ASEC) has reported cyberattacks on Korean companies by the TIDRONE threat actor, who exploits ERP software to deploy the CLNTEND backdoor malware. This marks a strategic shift for TIDRONE, previously focused on Taiwanese industries, now targeting South Korea’s vulnerable ERP systems.…
Summary: A new phishing campaign is targeting Ledger users by impersonating a data breach notification, urging them to verify their recovery phrases, which can lead to cryptocurrency theft. This tactic exploits past breaches and aims to deceive users into providing sensitive information.…
Summary: The emergence of GOSAR, a Golang-based variant of the QUASAR RAT, marks a significant evolution in malware development, particularly targeting Chinese-speaking regions. This new malware leverages advanced techniques for evasion and cross-platform functionality, enhancing its capabilities beyond its predecessor.
Threat Actor: REF3864 | REF3864 Victim: Chinese-speaking users | Chinese-speaking users
Key Point :
GOSAR is a Golang rewrite of the QUASAR RAT, discovered during investigations into campaigns using the SADBRIDGE loader.…Summary: A critical vulnerability in MinIO allows users to escalate their privileges to administrator level, posing a severe risk to data security. This flaw, tracked as CVE-2024-55949, affects all MinIO versions since June 2022 and requires immediate patching.
Threat Actor: Unknown | unknown Victim: MinIO Users | MinIO Users
Key Point :
Vulnerability CVE-2024-55949 has a CVSSv4 score of 9.3, indicating critical severity.…Key Points :
Dataset contains 1951 stealer logs leaked on December 17, 2024. Logs include sensitive information raising data privacy concerns.…Key Points :
A dataset containing sensitive information from Free Telecom has allegedly been put up for sale. The breach raises significant concerns about user privacy and the security of telecommunications data.…Key Points :
The website database of the University of Baghdad has been compromised. Sensitive information has been exposed, raising security concerns. The breach highlights vulnerabilities in managing sensitive information in educational institutions.…Key Points :
Data breach at BASC.edu.ph exposed sensitive information. The breach involved unauthorized access to personal data. Details regarding the exact nature of the sensitive information are still unclear.…Key Points :
Data breach allegedly exposes a database of WhatsApp users in Russia for 2024. Leaked information raises significant concerns about user privacy.…Key Points :
Alleged leak associated with the Lunar site raises concerns about phishing schemes. Fraudulent activities targeting unsuspecting users are on the rise.…Key Points :
The French Tennis Federation has allegedly experienced a data breach. Compromised data raises concerns about data privacy and security measures. The incident highlights the need for robust cybersecurity practices in sports organizations.…Summary: Unit 42 researchers have uncovered critical vulnerabilities in the Azure Data Factory’s Apache Airflow integration, which could allow attackers to gain unauthorized administrative control over Azure infrastructure. Despite being classified as low severity by Microsoft, these vulnerabilities pose significant risks, including data exfiltration and malware deployment.…
Summary: JPCERT/CC has alerted users about critical vulnerabilities in SHARP routers that could lead to severe security breaches, including arbitrary command execution and sensitive data theft. Affected models include those from major telecom providers in Japan, emphasizing the urgency for firmware updates.…
Key Points :
Data breach exposed information of 261,000 insurance agents in the U.S. Compromised data raises concerns about privacy and security in the insurance sector.…Key Points :
Data breach at Warid Telecom affects approximately 327,000 users. Incident raises concerns about the security of telecom user data and privacy. Highlights vulnerabilities in safeguarding sensitive information within the telecom sector.…Key Points :
Partial breach allegedly exposed Cisco’s source code. Raises significant concerns about security and intellectual property protection. Highlights the importance of safeguarding corporate assets from unauthorized access.…Key Points :
Talentely.com’s TMS-LMS platform experienced a data breach. Potential compromise of sensitive user information. Incident raises concerns about data privacy in online learning systems.…