South Korea Reports: 8,400 North Koreans in Cyber Warfare Operations
According to recent data, the number of cybercrime specialists in North Korea has reached approximately 8,400, marking a 20% increase compared to two years ago. This information comes from the... The...
View ArticleCVE-2024-42458 (CVSS 9.8) – New Security Vulnerability in Neat VNC: Urgent...
Neat VNC, a popular open-source VNC server library used for remote desktop access and screen sharing, has been found vulnerable to a security vulnerability (CVE-2024-42458, CVSS 9.8). This flaw...
View ArticleTrojan Malware Infiltrates Browser Extensions, Impacts 300,000 Users
The ReasonLabs Research Team has discovered a widespread polymorphic malware campaign that forcefully installs malicious extensions on endpoints. This campaign has been active since 2021 and has...
View ArticleATLAS LION Cybercriminal Group Persists in Targeting Gift Card Issuing Systems
A sophisticated cybercriminal group known as ATLAS LION (aka THIRSTY CAMELS, STORM-0539) continues to pose a significant threat to organizations, particularly those in the retail and consumer goods...
View Article1Password Updates macOS App to Fix Vulnerabilities CVE-2024-42218 and...
1Password, a leading password manager, has released security updates to address two vulnerabilities (CVE-2024-42218 and CVE-2024-42219) discovered in its macOS app. These vulnerabilities could...
View ArticleMongoDB Patches High-Severity Windows Vulnerability (CVE-2024-7553) in...
MongoDB, the popular NoSQL database provider, announced the patching of a high-severity vulnerability affecting multiple versions of its server and driver products. The flaw, tracked as CVE-2024-7553...
View ArticleCVE-2024-5290: Wi-Fi Flaw Leaves Millions Vulnerable to Root Takeover
Security researchers have uncovered a critical vulnerability in wpa_supplicant, a ubiquitous software component responsible for managing Wi-Fi connections on countless devices. The flaw, dubbed...
View ArticleExploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All...
Security researchers Ver, Lewis Lee, and Zhiniang Peng have detailed and published a proof-of-concept (PoC) exploit code for a critical vulnerability, designated as CVE-2024-38077 (CVSS 9.8) and...
View ArticleBeware: Hackers Use Google Drawings & WhatsApp Links to Steal Data
Menlo Security has uncovered a new phishing campaign that exploits Google Drawings to bypass security systems and deceive users, compelling victims to click on fraudulent links designed to steal...
View ArticleSSHamble: runZero’s Open Source Tool to Secure Your SSH Implementations
Experts at runZero have uncovered numerous vulnerabilities related to poorly secured or improperly implemented SSH services, an unexpected discovery during their investigation of a backdoor in the XZ...
View ArticleDepartment of Justice Disrupts North Korean IT Worker Fraud Scheme with...
The U.S. Department of Justice announced on Thursday charges against Matthew Isaac Knoot, a 38-year-old Nashville resident, for his alleged role in a scheme to generate illicit revenue for the... The...
View ArticleWindows Smart App Control, SmartScreen Vulnerable to Exploits
Cybersecurity specialists have discovered significant flaws in the protective mechanisms of Microsoft Windows—Smart App Control (SAC) and SmartScreen. The identified vulnerabilities allow malicious...
View ArticleTeam82 Unveils Research on Unitronics PLC/HMI Attacks Targeting Critical...
Recently, the cybersecurity research team known as Team82 has published an in-depth investigation into a series of cyberattacks targeting integrated Programmable Logic Controllers (PLCs) and...
View ArticleGoGra: New Go-Based Backdoor Targets South Asian Media
In a concerning development, cybersecurity researchers from Symantec’s Threat Hunter Team have uncovered a new Go-based backdoor named GoGra. This sophisticated malware has been used in a targeted...
View ArticleDjango Releases Security Updates to Address Critical Flaw (CVE-2024-42005,...
The Django team has issued security updates for Django 5.0.8 and 4.2.15 to address multiple vulnerabilities, including potential denial-of-service (DoS) attacks and a critical SQL injection...
View ArticleWazuh: A Comprehensive Open-Source Platform for Threat Detection and Response
In today’s complex and ever-evolving threat landscape, safeguarding diverse IT infrastructures demands a robust, adaptable security solution. Wazuh, a free and open-source platform, emerges as a...
View ArticleNexera Hacked: $1.8 Million Stolen from Tokenization Giant
The blockchain infrastructure protocol Nexera, renowned for its tokenization solutions, fell victim to an attack in which hackers stole $1.8 million. This incident was reported by experts from Cyvers....
View Article2024 US Election Faces Escalating Iranian Cyber Influence, MTAC Warns
As the 2024 US presidential election approaches, the Microsoft Threat Analysis Center (MTAC) has reported a significant escalation in cyber-enabled influence operations originating from Iran. This...
View ArticleSTAC6451: A Threat Group Targeting Indian Organizations with Mimic Ransomware
Sophos MDR threat hunters and intelligence analysts have recently unveiled a new threat activity cluster, dubbed STAC6451, that is actively targeting organizations in India with Mimic ransomware. This...
View ArticleGL-iNet Routers Exposed to Critical Vulnerabilities: Urgent Firmware Updates...
GL-iNet has recently issued a security advisory addressing multiple critical vulnerabilities in several of their router models. The vulnerabilities, tracked under CVE-2024-39225 through CVE-2024-39229...
View Article