Cybersecurity Concerns Loom Over Drinking Water Systems, Says EPA Inspector...
A new report from the Office of Inspector General (OIG) of the U.S. Environmental Protection Agency (EPA) has highlighted significant cybersecurity concerns at drinking water systems across the United...
View ArticleCVE-2024-9478 & CVE-2024-9479: upKeeper IPA Flaws Rated CVSSv4 10 Now Resolved
upKeeper, a provider of privileged access management solutions, has recently addressed two critical vulnerabilities in their Instant Privilege Access (IPA) product. These vulnerabilities, identified as...
View ArticleRaspberry Robin’s Stealth Tactics: USB Infections, Exploits, and Advanced...
Raspberry Robin, also known as Roshtyak, stands out as a highly advanced malicious downloader. Discovered in 2021, it has gained notoriety for its use of infected USB drives and sophisticated... The...
View ArticleChinese APTs Shift Tactics to Evade Detection and Maintain Stealth
In light of increasing global tensions and heightened scrutiny, Chinese Advanced Persistent Threat (APT) groups are adapting their strategies to avoid detection and maintain stealth in their cyber...
View ArticleCVE-2024-10126 & CVE-2024-10127: M-Files Addresses File Inclusion and...
M-Files, a leading provider of information management solutions, has released security updates to address two vulnerabilities in its server software. The vulnerabilities, identified as CVE-2024-10126...
View ArticleWeaponized Defenses: Malicious Campaign Hijacks Legitimate Security Drivers
The Trellix Advanced Research Center has uncovered a malicious campaign that turns trusted security tools against their users. This campaign, detailed in their report, reveals how attackers exploited...
View ArticleNVIDIA Base Command Manager Update Patches CVE-2024-0138 (CVSS 9.8)
NVIDIA has issued a critical security update for its Base Command Manager software, addressing a vulnerability that could open systems to a range of serious attacks. The flaw, tracked as... The post...
View ArticleDOJ’s Radical Proposal: Could Google Be Forced to Sell Chrome and Android?
The Department of Justice (DOJ) has dropped a bombshell in its ongoing antitrust lawsuit against Google, proposing a radical overhaul of Google services that could see the tech giant forced... The post...
View ArticleRed Hat Enterprise Linux Lands on Windows Subsystem for Linux
Red Hat and Microsoft join forces to bring the leading enterprise Linux distribution to Windows developers. In a move that promises to streamline hybrid cloud development and enhance developer...
View Article“PopeyeTools” Dismantled: Justice Department Seizes Cybercrime Marketplace...
In a significant operation targeting cybercriminal infrastructure, the U.S. Department of Justice announced the seizure of PopeyeTools, an illicit online marketplace specializing in the sale of stolen...
View ArticleCISA Sounds the Alarm on Actively Exploited Apple and Oracle Zero-Days
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about three actively exploited vulnerabilities affecting Apple and Oracle products. These flaws, added to CISA’s...
View ArticleUSDA Pioneers Phishing-Resistant MFA with Fast IDentity Online (FIDO)
The Cybersecurity and Infrastructure Security Agency (CISA) has published an insightful report detailing the U.S. Department of Agriculture’s (USDA) successful implementation of phishing-resistant...
View Article300,000 Forced to Scam: Meta’s Report Reveals Staggering Scale of “Pig...
In a recent report, Meta detailed its efforts to combat the organized crime networks behind “pig butchering” scams and other fraudulent activities. These scams, often perpetrated through forced labor...
View ArticleMicrosoft Takes Down “ONNX” Phishing-as-a-Service Operation
Microsoft’s Digital Crimes Unit (DCU) has struck a significant blow against the cybercrime supply chain, seizing 240 fraudulent websites and disrupting a major player in the “Phishing-as-a-Service”...
View ArticleWowza Streaming Engine Vulnerabilities Expose Thousands of Servers to Attack
Ryan Emmons, Lead Security Researcher at Rapid7, has discovered multiple vulnerabilities in Wowza Streaming Engine, a popular media server software. The vulnerabilities could allow a remote attacker to...
View ArticleIgnoble Scorpius Strikes Again: The Rise of BlackSuit Ransomware
The cybercrime group known as Ignoble Scorpius has resurfaced with the BlackSuit ransomware, as detailed in a recent report from Unit 42 researchers. Emerging in May 2023 as a rebrand... The post...
View ArticleCVE-2024-8811: WinZip Flaw Allows Malicious Code Execution
Security researchers have uncovered a critical vulnerability in WinZip, a widely-used file archiving tool, that could allow attackers to bypass crucial security measures and potentially execute...
View ArticleMalicious Update in Python Crypto Library Targets Private Keys via Telegram
The Phylum Research Team has uncovered a malicious update to the PyPI package aiocpa, a crypto library widely used for its synchronous and asynchronous Crypto Pay API functionality. The attacker... The...
View ArticlePython NodeStealer Evolution: Targeting Facebook Ads Manager and Credit Cards
The ever-evolving Python NodeStealer has resurfaced with advanced techniques and a broader target range, as detailed in the latest report by Jan Michael Alcantara of Netskope Threat Labs. Initially...
View ArticleCVE-2024-9511 (CVSS 9.8): Critical Flaw in FluentSMTP Plugin Exposes Over...
A critical-severity vulnerability has been discovered in FluentSMTP, a widely used WordPress plugin designed to optimize email deliverability. Tracked as CVE-2024-9511 and assigned a CVSS v3.1 score of...
View Article