top of page
Untitled design.png

Weekly INK

Each week we compile an advisory on the latest threats, trends and newsworthy topics from the cyber security industry affecting small and medium enterprises. Join our subscribers below and help us prevent cybersecurity breaches.

watermark4.png

Issue #132 - January 13, 2025

Apple Bug Allows Root Protections Bypass Without Physical Access

Source: Dark Reading

Emergent macOS vulnerability lets adversaries circumvent Apple's System Integrity Protection (SIP) by loading third-party kernels. Cyber defenders are encouraged to ensure systems have been updated with the latest macOS patch, which includes a fix for a vulnerability that exposed the entire operating system to further compromise.




CISA Warns of Second BeyondTrust Vulnerability Exploited in Attacks

Source: Security Week

Attackers have been exploiting a second vulnerability in BeyondTrust’s remote management solutions, CISA warns. The US cybersecurity agency CISA is urging federal agencies to patch a second vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) enterprise solutions, based on evidence of active exploitation.




New Amazon Ransomware Attack—‘Recovery Impossible’ Without Payment

Source: Forbes

A new ransomware campaign targeting Amazon Web Services S3 buckets and users by a threat actor known as Codefinger has been confirmed in a Jan. 13 threat intelligence report from Halcyon threat research and intelligence team. 




PayPal Phishing Campaign Employs Genuine Links to Take Over Accounts

Source: Security Week

A new phishing campaign relies on legitimate links to trick victims into logging in and giving attackers control of their PayPal accounts, Fortinet warns. The phishing emails inform the intended victim of a payment request, providing legitimate-looking details, such as an amount and transaction ID, and even contain warnings that one would typically find in an email from PayPal.




Zero-Day Patch Alert: Ivanti Connect Secure Under Attack

Source: Data Breach Today

Internet appliance maker Ivanti has begun releasing updates to patch a zero-day vulnerability being actively exploited by suspected nation-state attackers. Security experts urged users of all affected products to immediately update their devices, after factory resetting them, to flush any malware attackers may have installed.



114 views

Help us Prevent Breaches.

We will never share or sell your information. Unsubscribe at any time.

Email: *

Received.

bottom of page