"Cryptocurrency wallet drainer stole $494 million in 2024."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 05 January 2025, 2145 UTC.

Content and Source:  Compilation of various sources by https://feedly.com.

 https://feedly.com/i/collection/content/user/f401222a-bca6-4c45-9cc1-183f239e8d86/category/7737d3c9-5fe2-4b34-8708-85e57085f895

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security News Bundle

14

Most popular

Cryptocurrency wallet drainers stole $494 million in 2024

Crypto phishing losses near 500M

•

47BleepingComputer / 57min

Scammers stole $494 million worth of cryptocurrency in wallet drainer attacks last year that targeted more than 300,000 wallet addresses. [...]

Roborock's new robot vacuum has a mechanical arm to move obstacles - and you have to see it

Roborock unveils robotic arm vacuum

•

ZDNet | Security / 3h

The new Roborock Saros Z70 robot vacuum features an arm that grabs toys, socks, and other small obstacles to clean your floors thoroughly.

Nuclei flaw allows signature bypass and code execution

4 TTPs

•

Security Affairs / 2h

A vulnerability in Nuclei, an open-source vulnerability scanner, could allow attackers to bypass signature checks and execute malicious code. A high-severity security flaw, tracked as CVE-2024-43405 (CVSS score of 7.4), in the open-source vulnerability scanner ProjectDiscovery’s Nuclei , could allow attackers to bypass signature checks and execute malicious code. The Wiz’s engineering team discov

Today

LG's new projector is also a Bluetooth speaker and a mood lamp

LG unveils CineBeam S projector

•

ZDNet | Security / 23min

The company unveiled two projectors during CES' first media day - and one of them does so much more.

Windows 10 users urged to upgrade to avoid "security fiasco"

ESET advises Linux for unsupported Windows

•

44BleepingComputer / 56min

​Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a "security fiasco" as the 10-year-old operating system nears the end of support in October 2025. [...]

What is an AI PC exactly? And should you buy one in 2025?

ZDNet | Security / 1h

How does a computer built to handle artificial intelligence tasks differ from a regular PC? Who's making them? And where do Windows and MacOS fit in? We answer all your burning questions.

Is your office cold? These power banks double as hard warmers - on purpose

ZDNet | Security / 1h

Most of the time, you definitely don't want a power bank getting hot. These ones have been designed to do just that!

Samsung and Google will unveil their open-source Dolby Atmos alternative at CES 2025

Samsung introduces Eclipsa Audio technology

•

ZDNet | Security / 4h

The two companies joined forces to create a 3D audio format that beats out Dolby in one huge way: No licensing fees.

New FireScam Android data-theft malware poses as Telegram Premium app

FireScam Android malware steals data

•

BleepingComputer / 4h

A new Android malware named 'FireScam' is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia's app market for mobile devices. [...]

The Even Realities G1 are unlike any other smart glasses you've seen

ZDNet | Security / 5h

The Even Realities G1 don't have a camera or speaker like the Meta Ray-Bans, nor are they trying to be a portable Vision Pro. These are different and unique, but expensive.

My favorite robot mower adds two more affordable 'mini' units for smaller yards

ZDNet | Security / 7h

Mammotion launches two 'mini' robot mowers at CES 2025. These lightweight machines promise to be as good as their full-size siblings.

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 27

Security Affairs / 10h

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. 7-Zip Zero-Day Exploit Dropped: A New Playground for Infostealer & Supply Chain Attacks Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts The Mac Malware of 2024 Ransomware Vulnerability Matrix Inside FireScam : An In

Security Affairs newsletter Round 505 by Pierluigi Paganini – INTERNATIONAL EDITION

CVE-2024-49112 & 1 other

•

Security Affairs / 11h

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Malicious npm packages target Ethereum developers US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT FireScam Android

Yesterday

Nuclei flaw lets malicious templates bypass signature verification

5 TTPs

•

BleepingComputer / 18h

A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems. [...]

End of feed

The CyberWire Daily Briefing.

"Chinese hackers targeted the U.S. Treasury Department's Office of Foreign Assets Control."

Views expressed in this cybersecurity, cyber espionage, and cyber crime update are those of the reporters and correspondents.  Accessed on 05 January 2025, 1456 UTC.

Content and Source:  https://thecyberwire.com

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

 Issues

V14 | Issue 2 | 1.3.25

Chinese hackers targeted the US Treasury Department's Office of Foreign Assets Control.

Phishing campaign compromised at least 35 browser extensions. Apple will pay $95 million to settle proposed privacy lawsuit.

V14 | Issue 1 | 1.2.25

US Treasury Department breached by Chinese APT.

AT&T and Verizon say they've contained China's Salt Typhoon attacks. US Army soldier arrested over alleged involvement in Snowflake hacks.

V13 | Issue 241 | 12.23.24

Judge finds NSO Group liable in WhatsApp lawsuit. China accuses the US government of cyberattacks.

Alleged LockBit ransomware developer to be extradited to the US.

V13 | Issue 240 | 12.20.24

Threat actors stole $2.2 billion worth of cryptocurrency in 2024.

Hacker leaks data allegedly stolen from Cisco. Mirai botnet operators are targeting Juniper Networks routers using default passwords. Raccoon Infostealer operator sentenced to 60 months in prison.

V13 | Issue 239 | 12.19.24

CISA issues security guidance for highly targeted individuals amid Salt Typhoon hacks.

Russia's Sandworm targets Ukrainian soldiers. Nebraska sues Change Healthcare over data breach. APT29 launches widespread rogue RDP campaign.

V13 | Issue 238 | 12.18.24

US considers a ban on Chinese-made TP-Link routers. Meta fined $263 million for alleged GDPR violations.

HiatusRAT malware operators are scanning for vulnerable web cameras and DVRs. South Asia-nexus threat actor targets Turkish defense sector.

V13 | Issue 237 | 12.17.24

Biden Administration moves to ban China Telecom from US networks.

CISA issues new draft of its National Cyber Incident Response Plan. Telecom Namibia sustains data breach. New York City man convicted for SQL injection attacks.

V13 | Issue 236 | 12.16.24

Hackers breach Rhode Island benefits system. Clop ransomware gang claims responsibility for Cleo attacks.

California healthcare system sustains ransomware attack.

V13 | Issue 235 | 12.13.24

Cleo urges customers to patch actively exploited vulnerability. Iran-linked threat actor deploys new ICS malware.

Law enforcement shutters the Rydox cybercrime marketplace.

V13 | Issue 234 | 12.12.24

Outages hit Meta and OpenAI products.

Microsoft patches against technique to bypass multifactor authentication. Researchers describe Nova, a new version of the Snake Keylogger.