Microsoft: Happy 2025. Here's 161 Security Updates
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three "zero-day" weaknesses that are already under active attack. Redmond's inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. January marks the fourth consecutive month where Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them as critical severity at time of publication. READ MORE...
US, Japan, South Korea Blame North Korean Hackers for $660M Crypto Heists
North Korean hackers stole approximately $660 million in cryptocurrency in 2024, the US, Japan, and South Korea said in a joint statement on Tuesday. Warning the blockchain technology industry of the threat posed by the North Korean hacking groups, the statement reiterates that the stolen funds are used to fuel Pyongyang's "unlawful weapons of mass destruction and ballistic missile programs". READ MORE...
The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads
Online criminals are targeting individuals and businesses that advertise via Google Ads by phishing them for their credentials - ironically - via fraudulent Google ads. The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages. We believe their goal is to resell those accounts on blackhat forums, while also keeping some to themselves to perpetuate these campaigns. READ MORE...
ICS Patch Tuesday: Security Advisories Published by Schneider, Siemens, Phoenix Contact, CISA
Schneider Electric, Siemens, Phoenix Contact and CISA have released ICS product security advisories on the January 2025 Patch Tuesday. Schneider Electric published nine new advisories this month. Siemens has only published five new advisories this month. Phoenix Contact has released two new advisories. Germany's CERT@VDE also published these two advisories on Tuesday on its website. The US cybersecurity agency CISA published four ICS advisories. READ MORE...
Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities
Nvidia, Zoom, and Zyxel this week announced fixes for multiple high-severity vulnerabilities in their products, urging users to update devices as soon as possible. Nvidia released patches for three security defects in Container Toolkit and GPU Operator for Linux, including two high-severity improper isolation bugs that could be exploited using crafted container images. Zoom rolled out patches for a high-severity type confusion issue in the Workplace app for Linux. READ MORE...
FBI Wraps Up Eradication Effort of Chinese 'PlugX' Malware
The US Justice Department and the FBI said on Jan. 14 that they were able to delete "PlugX" malware from thousands of devices globally as part of a cooperative effort. The operation spanned a series of months, targeting the work of a group of China-sponsored hackers known as "Mustang Panda" and "Twill Typhoon." The group used PlugX malware to infect victims' computers and steal their information. READ MORE...
North Korea's Lazarus APT Evolves Developer-Recruitment Attacks
North Korea's Lazarus threat group has launched a fresh wave of attacks targeting software developers, using recruitment tactics on job-hiring platforms. This time, the group is using job postings on LinkedIn to lure freelance developers in particular into downloading malicious Git repositories, these contain malware for stealing source code, cryptocurrency, and other sensitive data. READ MORE...
- ...in 1559, Elizabeth I is crowned Queen of England in Westminster Abbey, London.
- ...in 1929, American civil rights movement leader Rev. Dr. Martin Luther King, Jr. is born in Atlanta, GA.
- ...in 1963, cryptographer and information security expert Bruce Schneier is born in New York City.
- ...in 2001, Wikipedia is first brought online by creators Jimmy Wales and Larry Sanger.
