NATO Draws a Cyber Red Line in Tensions With Russia
This is clearly a strong and coordinated statement by NATO allies warning Russia to curtail the activity of APT28. Read More
Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities
Patch Tuesday: Microsoft documents 60 security flaws in multiple software products and flags an actively exploited Windows zero-day for urgent attention. Read More
‘Got that boomer!’: How Cybercriminals Steal One-time Passcodes for SIM Swap Attacks and Raiding Bank Accounts
Veteran security reporter Brian Krebs said these kinds of criminal operations make clear why you should “never provide any information in response to an unsolicited phone call.” Read More
A Third of CISOs Have Been Dismissed “Out of Hand” By the Board
79% claimed they have felt boardroom pressure to downplay the severity of cyber-risks facing their organization. Read More
Low-Tech Tactics Still Top the IT Security Risk Chart
USB-based attacks, QR codes for phishing and social engineering continue to be some of the most effective, now more dangerous with the help of AI. Read More
Royal Tiger Robocall Gang Impersonated Feds, Banks, Utilities, FCC says
As well as attempting to dupe victims by pretending to represent government agencies, banks and utilities, the FCC said Royal Tiger also touted fake credit card interest rate reduction offers and called victims seeking authorizations for fictitious purchases. Read More
Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities
Exploitation of a majority of these flaws can lead to privilege escalation, and some can allow DoS attacks or information disclosure. Read More
Data Breaches in US Schools Exposed 37.6M Records
2023 marked a record year, with 954 breaches recorded – a dramatic rise from 139 in 2022 and 783 in 2021 Read More
NIST Issues New Guidelines On Protecting Unclassified Data In Government Systems
The framework considers the private sector’s increased role in helping the federal government in day-to-day operations and aims to reduce the risk of supply chain cyberattacks. Read More
Vermont Passes Data Privacy Law Allowing Consumers To Sue Companies
Vermont’s legislature on Friday passed one of the country’s strongest comprehensive data privacy laws, with language allowing individuals to sue companies for violating their privacy rights — an unprecedented provision among similar existing state laws. Read More
Feds Seize BreachForums Platform, Telegram Page
The website and Telegram page for the notorious BreachForums platform, a popular bazaar for stolen data and cybercriminal tools, appears to have been seized. Read More
NATO has issued a strong warning to Russia, drawing a "cyber red line" following cyberattacks attributed to APT28. Germany, Czechia, and other NATO countries have condemned Russia's actions, specifically citing cyber espionage against political parties and critical infrastructure. While espionage is generally tolerated, interference in democratic processes and potential cyber sabotage are not. Russia's pattern of election interference and support for sympathetic politicians in Europe, coupled with cyberattacks targeting critical infrastructure, raises concerns about its long-term objectives. The coordinated NATO response signals a unified stance against Russian cyber aggression, with implications for potential collective action under Article 5.
Microsoft released security updates addressing 60 vulnerabilities, including an actively exploited zero-day bug (CVE-2024-30051) in Windows Desktop Window Manager (DWM) Core Library. The bug, with a severity score of 7.8/10, allows malware attacks requiring elevated SYSTEM privileges and was identified by security researchers from Kaspersky, DBAPPSecurity, and Google's Threat Analysis Group. Additionally, Microsoft warned about CVE-2024-30040, enabling attackers to execute arbitrary code in Microsoft 365 and Office, and urged attention to CVE-2024-30044, a critical remote code execution vulnerability in Microsoft Sharepoint.
Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.