Infosec bits for 2024 week 51

Maajied Moos | Dec. 20, 2024, 10:47 a.m.

Cybersecurity News:

CISOs need to consider the personal risks associated with their role [HelpNet Security, HelpNet Security]

New APIs Discovered by Attackers in Just 29 Seconds [Phil Muncaster, Info Security Magazine]

Silent Heists: The Danger of Insider Threats [Kirsten Doyle, Tripwire]

Data Breaches & Cyber Attacks:

Hackers Leak Partial Cisco Data from 4.5TB of Exposed Records [WAQAS, Hack Read]

Malware:

Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion [Catherine Loveria, Jovit Samaniego, Gabriel Nicoleta, Aprilyn Borja, Trend Micro]

FTC warns of online task job scams hooking victims like gambling [Bill Toulas, Bleeping Computer]

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits [Ravie Lakshmanan, The Hacker News]

Cybercriminals Exploit Google Calendar to Spread Malicious Links [Beth Maundrill, Info Security Magazine]

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools [Ravie Lakshmanan, The Hacker News]

‘Fix It’ social-engineering scheme impersonates several brands [Jérôme Segura, Malware Bytes Labs]

Vulnerabilities & Patches:

Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog [Eduard Kovacs, Security Week]

Fortinet Addresses Unpatched Critical RCE Vector [Tara Seals, Dark Reading]

Acrobat out-of-bounds and Foxit use-after-free PDF reader vulnerabilities found [Kri Dontje, CISCO Talos]