Head Mare Targets Russian Orgs With Hidden LNK Files, Ransomware
Cyble researchers have detected a new campaign targeting Russia by the hacktivist group Head Mare that uses a disguised LNK file to hide an executable.…
Author: Cybernoz
Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day
Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day Pierluigi Paganini December 10, 2024 Microsoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities including…
Dangerous CLFS and LDAP flaws stand out on Patch Tuesday
Microsoft has issued fixes for 71 new Common Vulnerabilities and Exposures (CVEs) to mark the final Patch Tuesday of 2025, with a solitary zero-day that…
Wyden proposes bill to secure US telecoms after Salt Typhoon hacks
U.S. Senator Ron Wyden of Oregon announced a new bill to secure the networks of American telecommunications companies breached by Salt Typhoon Chinese state hackers…
Microsoft fixes exploited zero-day (CVE-2024-49138)
On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in…
Telstra fined $3m over Triple Zero outage – Telco/ISP
Telstra has been fined $3 million for a Triple Zero outage earlier this year that led to 127 calls not being transferred to emergency services.…
Windows 11 KB5048667 & KB5048685 cumulative updates released
Microsoft has released the Windows 11 KB5048667 and KB5048685 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. Both KB5048667 and KB5048685 are mandatory cumulative updates…
US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks
The Department of the Treasury is sanctioning Chinese cybersecurity company Sichuan Silence, and one of its employees, Guan Tianfeng, for their roles in the April…
Optus lands CBA’s Jesse Arundell for its new AI division – Software – Telco/ISP
Optus has brought former Commonwealth Bank head of emerging tech Jesse Arundell into its new artificial intelligence unit. Holding the title of head of emerging…
Ivanti warns of maximum severity CSA auth bypass vulnerability
Today, Ivanti warned customers about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. The security flaw (tracked as CVE-2024-11639 and…
Australia Post’s new POS beset by technical problems – Cloud – Software
Australia Post’s new point-of-sale platform has been beset by multiple technical troubles, including outages and missing transactions, since its launch last year. The cloud-based point-of-sale…
WPForms bug allows Stripe refunds on millions of WordPress sites
A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions.…