PrivacyGoogle class action privacy lawsuit to go forward after judge’s rulingLaura FrenchJanuary 9, 2025The suit regarding Google’s “Web App & Activity” tracking options is scheduled for an August trial.
Endpoint/Device SecurityTikTok faces U.S. Supreme Court: Join SC Media for liveblog coverage FridayDustin SachsJanuary 9, 2025Join us Friday, Jan. 10 at 9:45 ET for liveblog coverage of this pivotal Supreme Court hearing. We will provide real-time updates, expert analysis, and key takeaways as the event unfolds.
PhishingEmails from legitimate PayPal address used in crafty phishing schemeLaura FrenchJanuary 8, 2025Attackers exploit PayPal’s email notifications to trick users into linking their accounts to attacker emails.
Network SecurityHackers take Pride in exploiting Four-Faith zero dayShaun NicholsJanuary 8, 2025Hackers have set up a botnet based on exploitation of zero day in Four-Faith industrial routers.
Vulnerability ManagementCISA adds Mitel and Oracle bugs to exploited vulnerabilities listSteve ZurierJanuary 8, 2025Two Mitel MiCollab bugs were added to the KEV catalog, while a patched Oracle WebLogic Server exploit is still under threat.
Network SecurityNetis routers vulnerable to chained authentication bypass, RCE flawsLaura FrenchJanuary 7, 2025Attackers could remotely reset the router password and inject commands through the reset password page.
AI/MLAI attacks now a bigger risk than endpoint threatsShaun NicholsJanuary 7, 2025AI-based attacks have begun to outpace those against endpoint systems
Critical Infrastructure SecurityMoxa patches two flaws in its OT devices, one a critical RCE Steve ZurierJanuary 7, 2025Flaw considered serious since Moxa customers include leading industrial manufacturers and telecoms.
PhishingWordPress phishing plugin drives online shopping fraudLaura FrenchJanuary 6, 2025PhishWP imitates trusted payment services and sends stolen information directly to Telegram.
Governance, Risk and ComplianceUS sanctions Chinese service provider for supporting threat groupShaun NicholsJanuary 6, 2025The US government has issued sanctions against a Chinese service provider it said provided support for threat actors