ThreatsHub Cybersecurity News

As our Microsoft AI Tour reached Brussels, Paris, and Berlin recently, we met with European organizations that were energized by the possibilities of our latest AI technologies and engaged in deployment projects. They were also alert to the fact that 2025 is the year that key obligations under the European Union’s AI Act come into effect, opening a new chapter in digital regulation as the world’s first, comprehensive AI law becomes a reality.
The post Innovating in line with the European Union’s AI Act appeared first on Microsoft Security Blog. READ MORE HERE…

ZDNet | Security

January 15, 2025 TH Author

How scammers are tricking Apple iMessage users into disabling phishing protection

People who unwittingly follow the instructions in certain malicious text messages end up bypassing Apple’s phishing protection.READ MORE HERE…

The Register

January 15, 2025 TH Author

Microsoft fixes under-attack privilege-escalation holes in Hyper-V

Plus: Excel hell, angst for Adobe fans, and life’s too Snort for Cisco Patch Tuesday The first Patch Tuesday of 2025 has seen Microsoft address three under-attack privilege-escalation flaws in its Hyper-V hypervisor, plus plenty more problems that deserve your attention.… READ MORE HERE…

The Register

January 14, 2025 TH Author

FBI wipes Chinese PlugX malware from thousands of Windows PCs in America

Hey, Xi: Zài jiàn! The FBI, working with French cops, obtained nine warrants to remotely wipe PlugX malware from thousands of Windows-based computers that had been infected by Chinese government-backed criminals, according to newly unsealed court documents.… READ MORE HERE…

The Register

January 14, 2025 TH Author

Miscreants ‘mass exploited’ Fortinet firewalls, ‘highly probable’ zero-day used

Ransomware ‘not off the table,’ Arctic Wolf threat hunter tells El Reg Miscreants running a “mass exploitation campaign” against Fortinet firewalls, which peaked in December, may be using an unpatched zero-day vulnerability to compromise the equipment, according to security researchers who say they’ve observed the intrusions.… READ MORE HERE…

TrendMicro

January 14, 2025 TH Author

Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. Read More HERE…

The Register

January 13, 2025 TH Author

Microsoft sues ‘foreign-based’ cyber-crooks, seizes sites used to abuse AI

Scumbags stole API keys, then started a hacking-as-a-service biz, it is claimed Microsoft has sued a group of unnamed cybercriminals who developed tools to bypass safety guardrails in its generative AI tools. The tools were used to create harmful content, and access to the tools were sold as a service to other miscreants.… READ MORE HERE…

ZDNet | Security

January 13, 2025 TH Author

Proton Pass review: A highly secure password manager with easy to overlook flaws

Proton Pass offers interoperability with Proton VPN and Proton Mail, along with a host of security features compatible with most devices and operating systems.READ MORE HERE…

Microsoft Secure

January 13, 2025 TH Author

Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions

Microsoft discovered a macOS vulnerability allowing attackers to bypass System Integrity Protection (SIP) by loading third party kernel extensions, which could lead to serious consequences, such as allowing attackers to install rootkits, create persistent malware, bypass Transparency, Consent, and Control (TCC), and expand the attack surface to perform other unauthorized operations.
The post Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

January 13, 2025 TH Author

3 takeaways from red teaming 100 generative AI products

Since 2018, Microsoft’s AI Red Team has probed generative AI products for critical safety and security vulnerabilities. Read our latest blog for three lessons we’ve learned along the way.
The post 3 takeaways from red teaming 100 generative AI products appeared first on Microsoft Security Blog. READ MORE HERE…

Cyber Security Trending News

How to disable ACR on your TV (and why doing so makes such a big difference)

Innovating in line with the European Union’s AI Act

How scammers are tricking Apple iMessage users into disabling phishing protection

Microsoft fixes under-attack privilege-escalation holes in Hyper-V

FBI wipes Chinese PlugX malware from thousands of Windows PCs in America

Miscreants ‘mass exploited’ Fortinet firewalls, ‘highly probable’ zero-day used

Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR

Microsoft sues ‘foreign-based’ cyber-crooks, seizes sites used to abuse AI

Proton Pass review: A highly secure password manager with easy to overlook flaws

Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions

3 takeaways from red teaming 100 generative AI products