Está aqui

InfoSec News 20250129

Publicado: Qua, 29/01/2025 - 13:58

Top News

New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits

"A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome."

Link

TLP¹ : Green

Lynx Ransomware Group Unveiled with Sophisticated Affiliate Program

"The Lynx Ransomware-as-a-Service (RaaS) group has been found operating a highly organized platform, complete with a structured affiliate program and robust encryption methods."

Link

TLP¹ : Green

New Phishing Campaign Targets Mobile Devices with Malicious PDFs

"A newly uncovered phishing campaign is targeting mobile users with advanced social engineering tactics and malicious PDF files designed to compromise sensitive data."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

"The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE."

Link

TLP¹ : Green

Trump eyes up to 100% tariffs on foreign semiconductors, TSMC in crosshairs

"Americans could soon see the price of electronics skyrocket in response to a 25-100 percent import tariff on computer chips promised by US President Donald Trump on Monday."

Link

TLP¹ : Green

Baguette bandits strike again with ransomware and a side of mockery

"Hellcat, the ransomware crew that infected Schneider Electric and demanded $125,000 in baguettes, has aggressively targeted government, education, energy, and other critical industries since it emerged around mid-2024."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

Engineering giant Smiths Group discloses security breach

"London-based engineering giant Smiths Group disclosed a security breach after unknown attackers gained access to the company's systems."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

Nvidia Releases Security Update for GPU Display Driver to Address Multi Vulnerabilities

"Nvidia has recently released a critical software security update for its GPU Display Driver, addressing several vulnerabilities that could potentially lead to serious security risks for users."

Link

TLP¹ : Green

CVSS 10 Alert: Coolify Hit by Three Critical Security Flaws – CVE-2025-22612, CVE-2025-22611, and CVE-2025-22609

"A trio of critical security vulnerabilities has been discovered in Coolify, an open-source platform for managing servers, applications, and databases. These vulnerabilities, identified as CVE-2025-22612, CVE-2025-22611, and CVE-2025-22609, could potentially grant malicious actors remote code execution (RCE) privileges, enabling them to take complete control of affected systems."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

Explore 17 different career paths with this CompTIA course bundle deal

"Feeling burnt out? Or worried about job security with layoffs making headlines? It might be time to consider making a career change, and the IT industry offers an intriguing path forward. Keep reading to learn how you can get a job in IT, even if you don’t have a degree or experience."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

CVE-2025-22604 (CVSS 9.1): Remote Code Execution Flaw in Cacti, PoC Released

"The Cacti Group, Inc. has issued a security advisory warning users of a critical vulnerability (CVE-2025-22604) in its network monitoring software. This flaw could allow authenticated attackers to remotely execute code on vulnerable systems, potentially compromising sensitive data and disrupting network operations."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

Red:Not for disclosure, restricted to participants only.
Amber: Limited disclosure, restricted to participants organizations.
Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp

Infosec News

Análise / Investigações

Campanha Social Engineering

Analise ao Emotet

Campanha Smishing CTT

Campanha de Phishing BBVA

Campanha de phishing/ malware Millennium BCP

Newsletters

Para subscrever ou anular a subscrição da nossa newsletter InfoSec, seleccione a opção e preencha os campos abaixo.

Está aqui

InfoSec News 20250129

Top News

New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits

Lynx Ransomware Group Unveiled with Sophisticated Affiliate Program

New Phishing Campaign Targets Mobile Devices with Malicious PDFs

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

Trump eyes up to 100% tariffs on foreign semiconductors, TSMC in crosshairs

Baguette bandits strike again with ransomware and a side of mockery

Breaches: Data Breaches and Hacks

Engineering giant Smiths Group discloses security breach

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

Nvidia Releases Security Update for GPU Display Driver to Address Multi Vulnerabilities

CVSS 10 Alert: Coolify Hit by Three Critical Security Flaws – CVE-2025-22612, CVE-2025-22611, and CVE-2025-22609

Incident Response: Infrastructure, Training, SIEM and Incident Handling

Explore 17 different career paths with this CompTIA course bundle deal

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

CVE-2025-22604 (CVSS 9.1): Remote Code Execution Flaw in Cacti, PoC Released