Infosec bits for 2025 week 2

Heloise Meyer | Jan. 10, 2025, 2:52 p.m.

Cybersecurity News:

Understanding AI in Network Security [Bob Erdman, Tripwire]

The biggest cybersecurity and cyberattack stories of 2024 [Lawrence Abrams, BleepingComputer]

Ransomware Targeting Infrastructure Hits Telecom Namibia [Robert Lemos, DarkReading]

Understanding the importance of OSINT in modern research [Nihad Hassan, Barracuda]

Critical Infrastructure Ransomware Attack Tracker Reaches 2,000 Incidents [Eduard Kovacs, SecurityWeek]

Data Breaches & Attacks:

New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites [Ravie Lakshmanan, The Hacker News]

New PhishWP Plugin on Russian Forum Turns Sites into Phishing Pages [Waqas, HackRead]

Cell C hit by data breach [Jan Vermeulen, Mybroadband]

Vulnerabilities & Patches:

Bad Tenable plugin updates take down Nessus agents worldwide [Sergiu Gatlan, BleepingComputer]

Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers [Ravie Lakshmanan, The Hacker News]

Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities [Ionut Arghire, SecurityWeek]

CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer [Ravie Lakshmanan, The Hacker News]

Ivanti zero-day attacks infected devices with custom malware [Bill Toulas, BleepingComputer]

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit [Sarah Pearl Camiling, Trend Micro]