Friday, December 6, 2024

InfoSec News Feeds

Packetstorm

    Feed has no items.

THN

PortSwigger

Security Affaris

  • Hundred of CISCO switches impacted by bootloader...
    by Pierluigi Paganini on 6 December 2024 at 12:46 AM

    A bootloader vulnerability in Cisco NX-OS affects 100+ switches, allowing attackers to bypass image signature checks. Cisco released security patches for a vulnerability, tracked as CVE-2024-20397 (CVSS score of 5.2), in the NX-OS software’s bootloader that could be exploited by attackers to […]

  • Burnout in SOCs: How AI Can Help Analysts Focus...
    by Pierluigi Paganini on 5 December 2024 at 3:39 PM

    SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and the effectiveness of organizational defenses. Security Operations Center (SOC) analyst burnout is a very real problem. These are some of the most important cybersecurity professionals out […]

  • Operation Destabilise dismantled Russian money...
    by Pierluigi Paganini on 5 December 2024 at 3:09 PM

    Operation Destabilise: The U.K. National Crime Agency disrupted Russian money laundering networks tied to organized crime. The U.K. National Crime Agency (NCA) disrupted Russian money laundering networks linked to organized crime across the U.K., Middle East, Russia, and South America as part of an […]

HackerOne

WeLiveSecurity

    Feed has no items.

TheRegister

  • PoC exploit chains Mitel MiCollab 0-day,...
    by Jessica Lyons on 6 December 2024 at 6:01 AM

    Still unpatched 100+ days later, watchTowr says A zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a now-patched critical bug in the same platform to give attackers access to sensitive files on vulnerable instances. …

  • Microsoft: Another Chinese cyberspy crew...
    by Jessica Lyons on 6 December 2024 at 1:03 AM

    Redmond threat intel maven talks explains this persistent pain to The Reg A Chinese government-linked group that Microsoft tracks as Storm-0227 yesterday started targeting critical infrastructures organisations and US government agencies, according to Redmond's threat intel team.…

  • Solana blockchain's popular web3.js npm package...
    by Thomas Claburn on 5 December 2024 at 11:13 PM

    Damage likely limited to those running bots with private key access Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry, according to an advisory issued Wednesday by project maintainer Steven Luscher.…

Security Week

    Feed has no items.

Exploit-DB Updates