"News 'doubleclicking' exploit bypasses clickjacking protections o major websites."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 01 January 2025, 2236 UTC.

Content and Source:  Security News Bundle-a compilation of top security information from https://feedly.com.

 https://feedly.com/i/collection/content/user/f401222a-bca6-4c45-9cc1-183f239e8d86/category/7737d3c9-5fe2-4b34-8708-85e57085f895

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security News Bundle

22

Most popular

New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites

6 TTPs

•

74The Hacker News / 7h

•

DoubleClickjacking exploits user interactions

Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo. "Instead of relying on a single click, it takes advantage of a double-click sequence," Yibelo said.

Eight things that should not have happened last year, but did

The Register – Security / 9h

2024's Tech Fail Roll Of Dishonor Opinion Happy new year! Tradition says that this is when we boldly look forward to what may happen in the 12 months to come. Do you really want to know that? Didn’t think so.…

Proposed updates to HIPAA Security Rule mandate to restore the loss of certain relevant electronic information systems and data within 72 hours

HIPAA to receive cybersecurity updates

•

Security Affairs / 3h

HHS OCR proposed updates to the HIPAA Security Rule to boost cybersecurity for electronic protected health information (ePHI). On December 27, 2024, the United States Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) proposed updates to the HIPAA Security Rule to enhance cybersecurity for electronic protected health information (ePHI). The proposed updates to the Securi

Today

U.S. Treasury sanctions Russian and Iranian entities for interfering in the presidential election

US sanctions Iranian Russian entities

•

Security Affairs / 8h

The U.S. Treasury sanctioned entities for disinformation tied to Russian and Iranian intelligence before the 2024 presidential elections. The U.S. Treasury sanctioned entities for spreading disinformation linked to Russian and Iranian intelligence ahead of the 2024 presidential elections . The U.S. Treasury sanctioned Moscow’s Center for Geopolitical Expertise (CGE), founded by OFAC-designated Al

Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics

3 TTPs

•

75The Hacker News / 10h

•

US sanctions Iranian Russian entities

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. The federal agency said the entities – a subordinate organization of Iran's Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia's Main Intelligence

Yesterday

US Army soldier who allegedly stole Trump's AT&T call logs arrested

Army soldier arrested for extortion

•

The Register – Security / 13h

Brings the arrest count related to the Snowflake hacks to 3 A US Army soldier has been arrested in Texas after being indicted on two counts of unlawful transfer of confidential phone records information. …

Cybersecurity Lags in Middle East Business Development

Dark Reading / 1d

The fast growing region has its own unique cyber issues — and it needs its own talent to fight them.

Rhode Island ’s data from health benefits system leaked on the dark web

4 TTPs

•

Security Affairs / 1d

•

HealthSource RI extends call center hours

Rhode Island ’s health benefits system was hacked, and threat actors leaked residents’ data on the dark web. Cybercriminals leaked data stolen from Rhode Island ‘s health benefits system on the dark web . Gov. Daniel McKee stated the state had prepared for this and is informing impacted individuals. RIBridges supports state programs like Medicaid, SNAP, Rhode Island Works, childcare assistance, l

New details reveal how hackers hijacked 35 Google Chrome extensions

5 TTPs

•

71BleepingComputer / 1d

•

Cyberhaven Chrome extension compromised attack

New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven. [...]

Hacking campaign compromised at least 16 Chrome browser extensions

14 TTPs

•

Security Affairs / 1d

•

Cyberhaven Chrome extension compromised attack

Threat actors compromised at least 16 Chrome browser extensions leading to the exposure of data from over 600,000 users. A supply chain attack compromised 16 Chrome browser extensions, exposing over 600,000 users. Threat actors targeted the publishers of the extensions on the Chrome Web Store via phishing messages, then once obtained access to their account inserted a malicious code into the code

US Treasury Department outs the blast radius of BeyondTrust's key leak

US Treasury hit by BeyondTrust breach

•

The Register – Security / 1d

Data pilfered as miscreants roamed affected workstations The US Department of the Treasury has admitted that miscreants were in its systems, accessing documents in what has been called a "major incident."…

Over 3.1 million fake "stars" on GitHub projects used to boost rankings

41BleepingComputer / 1d

GitHub has a problem with inauthentic "stars" used to artificially inflate the popularity of scam and malware distribution repositories, helping them reach more unsuspecting users. [...]

Rhode Islanders’ Data Was Leaked From a Cyberattack on State Health Benefits Website

HealthSource RI extends call center hours

•

SecurityWeek / 1d

Cybercriminals who hacked Rhode Island’s system for health and benefits programs have released files to a site on the dark web, The post appeared first on SecurityWeek .

6 AI-Related Security Trends to Watch in 2025

Dark Reading / 1d

AI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks.

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign

Cyberhaven Chrome extension compromised attack

•

SecurityWeek / 1d

The recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago. The post appeared first on SecurityWeek .

China's cyber intrusions took a sinister turn in 2024

15 TTPs

•

The Register – Security / 1d

From targeted espionage to pre-positioning - not that they are mutually exclusive The Chinese government's intrusions into America's telecommunications and other critical infrastructure networks this year appears to signal a shift from cyberspying as usual to prepping for destructive attacks.…

New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy

US final rule protects personal data

•

94The Hacker News / 1d

The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela. "This final rule is a crucial step forward in addressing the extraordinary national security threat posed of our

Dec 30, 2024

Massive healthcare breaches prompt US cybersecurity rules overhaul

HHS proposes cybersecurity rules for healthcare

•

68BleepingComputer / 1d

The U.S. Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to secure patients' health data following a surge in massive healthcare data leaks. [...]

China-linked actors hacked US Treasury Department

Security Affairs / 1d

China-linked threat actors breached the U.S. Treasury Department by hacking a remote support platform used by the agency. China-linked threat actors breached the U.S. Treasury Department via a compromised remote support platform. The Treasury Department discovered the security breach on December 8th from its vendor BeyondTrust , according to a letter to lawmakers. BeyondTrust provides Privileged

Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents

96The Hacker News / 1d

The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. "On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

6 TTPs

•

65The Hacker News / 1d

Cybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment. "Exploiting these flaws could allow attackers to gain persistent access as shadow administrators

Chinese Hackers Accessed US Treasury Workstations in ‘Major’ Cybersecurity Incident

SecurityWeek / 1d

Chinese hackers remotely accessed US Treasury Department workstations after compromising a cloud-based service operated by BeyondTrust. The post appeared first on SecurityWeek .

End of feed

"7 rules to follow before installing a home security camera and where you should never put one."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 01 January 2025, 1500 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.zdnet.com%2Fblog%2Fsecurity%2Frss

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

ZDNet | Security

154K followers76 articles per week#security#tech

12

Most popular

7 rules to follow before installing a home security camera - and where you should never put one

1d

Whether you want to mount a new camera or relocate an existing one, keep these pointers in mind to enhance performance and avoid problems.

How to easily use Cloudflare's secure DNS on your Mac and why it even matters

1d

If you want to get a security bump on your Mac, you should switch to secure DNS to encrypt your web traffic.

LG announced its new lineup of 'Hybrid AI' Gram laptops, and they're thinner than ever

1d

LG's 2025 Gram Pro laptops include the company's first-ever Copilot+ PC, armed with the 'Lunar Lake' Intel Core Ultra processor.

Yesterday

How we test laptops at ZDNET in 2025

9h

ZDNET receives dozens of laptops to review each year. This is how we approach testing them.

These Beyerdynamic headphones will blow you away with clarity, accuracy and comfort

19h

Looking for a brilliant pair of studio-quality, open-back cans? The Beyerdynamic DT 1990 Pro are the most comfortable over-ear headphones I've worn.

CES 2025: What is it, what to expect, and how to tune in

CES 2025 preview and expectations

•

20h

As the world's largest tech conference devoted to consumer electronics, CES showcases the most innovative technology from leading companies worldwide.

Google's Quick Share might soon rival AirDrop on iPhone and Mac - here's why

21h

If you're looking for another method of sharing files on iOS or MacOS devices, you might be in for a treat.

Buying a new VPN? 3 things to consider when shopping around - and why 'free' isn't always best

21h

VPNs are handy internet privacy tools, but with so many options available, it's hard to find the best one. To help, I'll tell you what you should look for in a good VPN.

Apple's iPhone SE 4 could be even better than the iPhone 14 at a fraction of the cost

21h

A new leak suggests Apple's next budget-friendly phone should be a big-time upgrade at an unbeatable price. Here's why.

My 5 favorite note-taking apps for staying organized on a desktop

22h

If you need to keep your notes from growing too chaotic on a Mac or PC, you might want to consider one of these outstanding note-taking apps. I've tried them all and can easily recommend any of them to help you be more productive and organized.

The upcoming Samsung Galaxy S25 phones may come with this major AI upgrade for free

Galaxy S25 may include Gemini Advanced

•

23h

A new leak reveals Google will offer a $200+ bonus to customers who purchase a new Samsung phone.

8 times the Apple Watch predicted danger and saved lives in 2024

1d

Wearables continued to rise in popularity this year, with Apple's devices proving to be lifesaving in these harrowing true stories.

End of feed