CampusCoin Student Feed Aggregator

+ The Intersection of AI and OSINT: Advanced Threats On The Horizon—Artificial Intelligence (A) is revolutionizing intelligence gathering, empowering cybersecurity defenders, and amplifying threat actor capabilities. ...

+ Defense Giant General Dynamics Says Employees Targeted in Phishing Attack—General Dynamics says several benefits accounts were hacked after threat actors targeted employees in a phishing campaign. The post Defense Giant ...

+ Cl0p Ransomware Group to Name Over 60 Victims of Cleo Attack—The Cl0p ransomware group has confirmed that Blue Yonder was hit in the Cleo attack and the hackers are preparing to name over 60 others. The post ...

+ Japan Airlines Was Hit by a Cyberattack, Delaying Flights During the Year-End Holiday Season—Japan Airlines was hit by a cyberattack, causing delays to more than 20 domestic flights, but there was no threat to flight safety. The post Japa...

+ FBI Blames North Korea for $308M Cryptocurrency Hack as Losses Surge in 2024—The FBI said the target was tricked into downloading a malicious Python script under the guise of a pre-employment test hosted on GitHub. The post ...

+ American Addiction Centers Data Breach Impacts 422,000 People—American Addiction Centers says the personal information of more than 422,000 people was stolen in a data breach. The post American Addiction Cent...

+ 2025 NDAA Provides $3 Billion Funding for FCC’s Rip-and-Replace Program—The 2025 National Defense Authorization Act (NDAA) has been signed into law and it authorizes several cyber-related initiatives.  The post 2025 ND...

+ Adobe Patches ColdFusion Flaw at High Risk of Exploitation—Adobe has released patches for a high-severity ColdFusion vulnerability for which proof-of-concept (PoC) code exists. The post Adobe Patches ColdF...

+ Beware Of Shadow AI – Shadow IT’s Less Well-Known Brother—While AI tools can enable employees to be innovative and productive, significant data privacy risks can stem from their usage. The post Beware Of ...

+ 5.6 Million Impacted by Ransomware Attack on Healthcare Giant Ascension—Ascension Health says the personal, medical, and payment information of 5.6 million people was stolen in a May 2024 ransomware attack. The post 5....

+ Botnet of 190,000 BadBox-Infected Android Devices Discovered—Bitsight has discovered a BadBox botnet consisting of over 190,000 Android devices, mainly Yandex smart TVs and Hisense smartphones. The post Botn...

+ Ransomware Group Claims Theft of Personal, Financial Data From Krispy Kreme—The Play ransomware group claims to have stolen sensitive data from donut and coffee retail chain Krispy Kreme. The post Ransomware Group Claims T...

+ Another NetWalker Ransomware Affiliate Gets 20-Year Prison Sentence in US—A second individual accused of being involved in NetWalker ransomware attacks, a Romanian national, has received a 20-year prison sentence. The pos...

+ CISA Urges Immediate Patching of Exploited BeyondTrust Vulnerability—CISA is urging federal agencies to patch a recent critical vulnerability in BeyondTrust remote access products in one week. The post CISA Urges Im...

+ Rockwell PowerMonitor Vulnerabilities Allow Remote Hacking of Industrial Systems—Rockwell’s PowerMonitor is affected by critical vulnerabilities that can enable remote access to industrial systems for disruption or further attacks....

+ How to Implement Impactful Security Benchmarks for Software Development Teams—Benchmarking is all about taking back control – you’re measuring to gain complete awareness of your development teams’ security skills and practices. ...

+ CISA Releases Mobile Security Guidance After Chinese Telecom Hacking—In light of recent Chinese hacking into US telecom infrastructure, CISA has released guidance on protecting mobile communications. The post CISA R...

+ Ukrainian Raccoon Infostealer Operator Sentenced to Prison in US—Raccoon Infostealer MaaS operator Mark Sokolovsky was sentenced to 60 months in prison in the US and agreed to pay over $910,000 in restitution. Th...

+ Cisco to Acquire Threat Detection Company SnapAttack—Cisco has announced its intention to acquire threat detection company SnapAttack to boost Splunk security product capabilities.  The post Cisco to...

+ Watch Now: Navigating Your OT Cybersecurity Journey: From Assessment to Implementation—Learn how to develop a holistic solution that provides you and your team the power to mitigate cyber threats effectively within your OT environment. ...

+ CISA Issues Binding Operational Directive for Improved Cloud Security—CISA’s Binding Operational Directive 25-01 requires federal agencies to align cloud environments with SCuBA secure configuration baselines. The pos...

+ BeyondTrust Patches Critical Vulnerability Discovered During Security Incident Probe—A critical vulnerability in BeyondTrust Privileged Remote Access and Remote Support could lead to arbitrary command execution. The post BeyondTrus...

+ AI Regulation Gets Serious in 2025 – Is Your Organization Ready?—While the challenges are significant, organizations have an opportunity to build scalable AI governance frameworks that ensure compliance while enabli...

+ Exploitation of Recent Critical Apache Struts 2 Flaw Begins—Researchers warn of malicious attacks exploiting a recently patched critical vulnerability in Apache Struts 2 leading to remote code execution (RCE). ...

+ Hacker Leaks Cisco Data—IntelBroker has leaked 2.9 Gb of data stolen recently from a Cisco DevHub instance, but claims it’s only a fraction of the total.  The post Hacker...

+ Facebook Owner Hit With 251 Million Euros in Fines for 2018 Data Breach—EU privacy watchdogs hit Facebook owner Meta with fines totaling 251 million euros after an investigation into a 2018 data breach that exposed million...

+ CISA Seeking Public Comment on Updated National Cyber Incident Response Plan—CISA has updated its National Cyber Incident Response Plan in line with the changing threat landscape and is now seeking public comment. The post ...

+ Webinar Today: Navigating Your OT Cybersecurity Journey: From Assessment to Implementation—Learn how to develop a holistic solution that provides you and your team the power to mitigate cyber threats effectively within your OT environment. ...

+ Man Accused of SQL Injection Hacking Gets 69-Month Prison Sentence —Vitalii Antonenko has been sentenced to 69 months in prison for hacking, but he is being released as he has been detained since 2019. The post Man...

+ Organizations Warned of Rise in Okta Support Phishing Attacks—Okta has warned customers that it has seen an increase in phishing attacks impersonating its support team. The post Organizations Warned of Rise i...

+ Cybersecurity Marketing Predictions for 2025 Business Growth—Brand awareness is vital in cybersecurity because buyers—often risk-averse professionals like CISOs, IT managers, and procurement teams—rely on truste...

+ US Water Facilities Urged to Secure Access to Internet-Exposed HMIs—EPA and CISA urge organizations in the water and wastewater systems sector to harden remote access to internet-exposed human-machine interfaces (HMIs)...

+ FBI Warns of HiatusRAT Attacks on Cameras, DVR Systems—FBI says HiatusRAT’s operators were seen scanning for web cameras and DVR systems affected by years-old vulnerabilities. The post FBI Warns of Hia...

+ Texas Tech University Data Breach Impacts 1.4 Million People—Texas Tech University says the personal, health, and financial information of 1.4 million was stolen from its health sciences centers. The post Te...

+ CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities—CISA has warned organizations that two vulnerabilities affecting Adobe ColdFusion and Windows have been exploited in the wild.  The post CISA Warn...

+ Fortinet Acquires Perception Point Reportedly for $100 Million—Fortinet has acquired Israeli collaboration and email security company Perception Point to expand its offering. The post Fortinet Acquires Percept...

+ The Ghost of Christmas Past – AI’s Past, Present and Future—The potential for how AI may change the way we work is endless, but we are still a way off from this and careful planning and consideration is what is...

+ Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement—Lookout details EagleMsgSpy, a surveillance tool used by Chinese law enforcement to collect data from Android devices. The post Mobile Surveillanc...

+ Microsoft MFA Bypassed via AuthQuake Attack —Oasis Security has disclosed AuthQuake, a method for bypassing Microsoft MFA within an hour without user interaction. The post Microsoft MFA Bypas...

+ 27 DDoS Attack Services Taken Down by Law Enforcement—Law enforcement agencies in 15 countries cooperated in taking down 27 websites selling DDoS-for-hire services. The post 27 DDoS Attack Services Ta...

+ Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks—Cleo has released patches for the exploited vulnerability and security firms have detailed the malware delivered in attacks. The post Cleo Patches...

+ Hunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress Sites—Two vulnerabilities in the Hunk Companion and WP Query Console WordPress plugins allow attackers to backdoor websites. The post Hunk Companion, WP...

+ Apple Pushes Major iOS, macOS Security Updates—Cupertino ships iOS 18.2 and macOS Sequoia 15.2 patches to fix data leakage, sandbox escapes and code exection vulnerabilities. The post Apple Pus...

+ No Doughnuts Today? Cyberattack Puts Krispy Kreme in a Sticky Situation—The doughnut and coffeehouse chain confirmed a cyberattack took out parts of its online ordering system in parts of the United States. The post No...

+ T-Mobile Shares More Information on China-Linked Cyberattack—T-Mobile has confirmed being targeted by hackers, likely China’s Salt Typhoon, but reiterated that the attack was blocked. The post T-Mobile Share...

+ Microsoft Patches Exploited Vulnerability in Partner Network Website—Microsoft informed customers that vulnerabilities affecting cloud, AI and other services have been patched, including an exploited flaw. The post ...

+ ESET Flags Prototype UEFI Bootkit Targeting Linux—ESET warns of a new reality: “UEFI bootkits are no longer confined to Windows systems alone.” The post ESET Flags Prototype UEFI Bootkit Targeting...

+ Source Code of $3,000-a-Month macOS Malware ‘Banshee Stealer’ Leaked—The Banshee Stealer macOS malware operation, which emerged earlier this year, was reportedly shut down following a source code leak.  The post Sou...

+ ProjectSend Vulnerability Exploited in the Wild—VulnCheck warns of widespread exploitation of a year-and-a-half-old ProjectSend vulnerability for which multiple public exploits exist. The post P...

+ Bipartisan Legislation Seeks Stronger Healthcare Cybersecurity—US senators introduce new legislation to protect health data and strengthen the cybersecurity of the country’s healthcare sector. The post Biparti...

+ New VPN Attack Demonstrated Against Palo Alto Networks, SonicWall Products—Palo Alto Networks and SonicWall VPNs affected by vulnerabilities allowing remote code execution and privilege escalation. The post New VPN Attack...

+ Russian APT Chained Firefox and Windows Zero-Days Against US and European Targets—The Russia-linked RomCom APT has been observed chaining two zero-days in Firefox and Windows for backdoor delivery. The post Russian APT Chained F...

+ Interpol Clamps Down on Cybercrime and Arrests Over 1,000 Suspects in Africa—Operation Serengeti targeted criminal suspects in Africa behind ransomware, business email compromise, digital extortion and scams. The post Inter...

+ In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit —Noteworthy stories that might have slipped under the radar: Nvidia fixes vulnerability with rare ‘critical’ severity, Chinese APT’s first Linux backdo...

+ US Takes Down Stolen Credit Card Marketplace PopeyeTools—The US government has announced the seizure of stolen credit card marketplace PopeyeTools and charges against its administrators. The post US Take...

+ Russian Cyberespionage Group Hit 60 Victims in Asia, Europe—Russia-linked TAG-110 has targeted over 60 government, human rights, and educational entities in Asia and Europe. The post Russian Cyberespionage ...

+ Rising Tides: Wendy Nather on Resilience, Leadership, and Building a Stronger Cybersecurity Community—Industry veteran Wendy Nather discusses cybersecurity leadership and the importance of amplifying others’ efforts for the common good. The post Ri...

+ 400,000 Systems Potentially Exposed to 2023’s Most Exploited Flaws—VulnCheck finds hundreds of thousands of internet-accessible hosts potentially vulnerable to 2023’s top frequently exploited flaws. The post 400,0...

+ Microsoft Disrupts ONNX Phishing Service, Names Its Operator—Microsoft has seized 240 phishing-related websites and has disrupted the ONNX service, which the company says is run by an Egyptian man. The post ...

+ Prompt Security Raises $18 Million for Gen-AI Security Platform—Gen-AI security startup Prompt Security has raised $18 million in a Series A funding round led by Jump Capital. The post Prompt Security Raises $1...

+ Thai Court Dismisses Activist’s Suit Against Israeli Spyware Producer Over Lack of Evidence—A Thai court dismissed a lawsuit brought by Jatupat Boonpattararaksa which alleged spyware made by NSO Group was used to hack his phone. The post ...

+ Trustero Secures $10 Million in Funding to Grow AI-Powered Security and Compliance Platform—The company emerged from stealth mode in March 2022 and has been on a mission to help companies reduce compliance cost and handle time-consuming GRC t...

+ SurePath AI Raises $5.2 Million for Gen-AI Governance Solution—SurePath AI has raised $5.2 million in seed funding for a solution that helps enterprises securely use generative AI. The post SurePath AI Raises ...

+ Glove Stealer Malware Bypasses Chrome’s App-Bound Encryption—The Glove Stealer malware leverages a recently disclosed App-Bound encryption bypass method in attacks. The post Glove Stealer Malware Bypasses Ch...

+ In Other News: TSA Wants New Cyber Rules, Scam Call Detection in Android, SIM Swappers Arrested—Noteworthy stories that might have slipped under the radar: TSA proposes new cyber rules for pipelines and railroads, Google adds scam call detection ...

+ Known Brand, Government Domains Hijacked via Sitting Ducks Attacks—Threat actors have hijacked over 70,000 domains, including known brands and government entities, because of failed domain ownership verification. T...

+ CISO Forum Virtual Summit: Full Session List On Demand—All sessions from the 2024 CISO Forum Virtual Summit are now available to watch on demand. The post CISO Forum Virtual Summit: Full Session List O...

+ Man Who Stole and Laundered Roughly $1B in Bitcoin Is Sentenced to 5 Years in Prison—Bitfinex hacker Ilya Lichtenstein, who stole bitcoin worth billions of dollars at current prices, has been sentenced to five years in prison. The p...

+ CISA Warns of Two More Palo Alto Expedition Flaws Exploited in Attacks—CISA has added two more Palo Alto Networks Expedition flaws, CVE-2024-9463 and CVE-2024-9465, to its KEV catalog. The post CISA Warns of Two More ...

+ Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover—Over 4 million WordPress websites were impacted by a critical Really Simple Security plugin vulnerability providing full administrative access. The...

+ Palo Alto Networks Confirms New Firewall Zero-Day Exploitation—Palo Alto Networks has confirmed that a zero-day is being exploited in attacks after investigating claims of a firewall remote code execution flaw. ...

+ A 9th Telecoms Firm Has Been Hit by a Massive Chinese Espionage Campaign, the White House SaysIndustry Moves for the week of December 23, 2024 - SecurityWeek—A top White House official said at least eight U.S. telecom firms and dozens of nations have been impacted by a Chinese hacking campaign. The post...

+ The Intersection of AI and OSINT: Advanced Threats On The HorizonIndustry Moves for the week of December 23, 2024 - SecurityWeek—Artificial Intelligence (A) is revolutionizing intelligence gathering, empowering cybersecurity defenders, and amplifying threat actor capabilities. ...

+ In Other News: McDonald’s API Hacking, Netflix Fine, Malware Kills ICS Process  Industry Moves for the week of December 16, 2024 - SecurityWeek—Noteworthy stories that might have slipped under the radar: McDonald’s API hacking, Netflix fined nearly $5 million in Netherlands, experimental malwa...

+ Regional Care Data Breach Impacts 225,000 PeopleIndustry Moves for the week of December 16, 2024 - SecurityWeek—Healthcare insurance firm Regional Care has disclosed a data breach impacting more than 225,000 individuals. The post Regional Care Data Breach Im...

+ Facebook Owner Hit With 251 Million Euros in Fines for 2018 Data BreachIndustry Moves for the week of December 16, 2024 - SecurityWeek—EU privacy watchdogs hit Facebook owner Meta with fines totaling 251 million euros after an investigation into a 2018 data breach that exposed million...

+ Sublime Snags $60M Series B for Email Security TechIndustry Moves for the week of December 9, 2024 - SecurityWeek—Sublime said the new capital was provided by IVP, Citi Ventures, Index Ventures, Decibel Partners, and Slow Ventures and brings the total raised to $9...

+ In Other News: OPPC Breach Impacts 1.7M, US Soldier Suspected in Snowflake Hack, Cloudflare Loses LogsIndustry Moves for the week of November 25, 2024 - SecurityWeek—Noteworthy stories that might have slipped under the radar: OnePoint Patient Care data breach impact doubles, a US soldier may have been involved in t...

+ Cyberattack Disrupts Systems of Gambling Giant IGTIndustry Moves for the week of November 25, 2024 - SecurityWeek—Gambling giant IGT says it has taken certain systems offline in response to a cyberattack discovered over the weekend. The post Cyberattack Disrup...

+ Homeland Security Department Releases Framework for Using AI in Critical InfrastructureIndustry Moves for the week of November 11, 2024 - SecurityWeek—The framework recommends that AI developers evaluate potentially dangerous capabilities in their products, ensure their products align with “human-cen...

As of 12/30/24 12:30pm. Last new 12/29/24 11:31am.  Score: 393