Latest Cybersecurity News and Articles
19 September 2024
Microsoft has confirmed CVE-2024-37985 as a zero-day bug in Windows with a CVSS score of 5.9. It is a Windows Kernel information disclosure vulnerability, allowing attackers to access heap memory from a privileged process on a vulnerable server.
19 September 2024
The cryptojacking operation known as TeamTNT has likely resurfaced as part of a new campaign targeting Virtual Private Server (VPS) infrastructures based on the CentOS operating system.
"The initial access was accomplished via a Secure Shell (SSH) brute force attack on the victim's assets, during which the threat actor uploaded a malicious script," Group-IB researchers Vito Alfano and Nam Le
19 September 2024
In this campaign aimed at the APAC region, Earth Baxia used a new backdoor named EAGLEDOOR, which supports multiple communication protocols for information gathering and payload delivery.
19 September 2024
A recent study found that the majority of people worldwide (58%) are more fearful of becoming fraud victims now than they were two years ago.
19 September 2024
The CISA has directed federal agencies to remove Flash Player by October 8, 2024, to safeguard sensitive data and critical operations. Adobe officially ended Flash Player support in 2020, recognizing its security risks.
19 September 2024
Microsoft said Vanilla Tempest has been active since at least July 2022, with previous attacks targeting education, healthcare, IT, and manufacturing sectors using various ransomware families such as BlackCat, Quantum Locker, Zeppelin, and Rhysida.
19 September 2024
Motorists in the United Kingdom are being targeted with QR code scams.
19 September 2024
Using the fresh funding, the company plans to improve its threat modeling and deepfake protection services to safeguard high-profile individuals from cyber threats in their personal lives.
19 September 2024
Broadcom has released a patch for a critical security flaw in VMware vCenter Server, allowing remote code execution through a heap overflow vulnerability in the DCE/RPC protocol (CVE-2024-38812).
19 September 2024
Snowflake, a cloud-based data warehousing platform, has implemented default multifactor authentication and a minimum 14-character password requirement following cyberattacks in June affecting multiple customers.
19 September 2024
The group primarily focuses on online gaming personalities, cryptocurrency influencers, and technology professionals, enticing them with fake job opportunities on social media that lead to downloading malicious software.
19 September 2024
Cybersecurity in healthcare has never been more urgent. As the most vulnerable industry and largest target for cybercriminals, healthcare is facing an increasing wave of cyberattacks. When a hospital's systems are held hostage by ransomware, it’s not just data at risk — it’s the care of patients who depend on life-saving treatments. Imagine an attack that forces emergency care to halt, surgeries
19 September 2024
The Series B funding was led by Critical Ventures and SineWave Venture Partners, with other key investors joining in to support RunSafe's mission to protect critical systems from global threats.
19 September 2024
Approximately nine percent of tested firmware images use non-production cryptographic keys that are publicly known, making Secure Boot devices vulnerable to UEFI bootkit malware attacks.
19 September 2024
Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S.
The tech giant's threat intelligence team is tracking the activity under the name Vanilla Tempest (formerly DEV-0832).
"Vanilla Tempest receives hand-offs from GootLoader infections by the threat actor Storm-0494,
19 September 2024
GitLab has released a critical security patch for the CVE-2024-45409 vulnerability (CVSS 10). It impacts both GitLab Community Edition (CE) and Enterprise Edition (EE) and originates from the Ruby-SAML library used for SAML authentication.
19 September 2024
Security researcher Sina Kheirkhah has published a PoC exploit for CVE-2024-40711 in Veeam Backup & Replication, a critical vulnerability with a CVSS score of 9.8. The flaw allows unauthenticated RCE, posing a threat to enterprise environments.
19 September 2024
Ransomware groups such as BianLian and Rhysida are now exploiting Microsoft Azure tools like Storage Explorer and AzCopy to steal data from compromised networks and store it in Azure Blob storage.
19 September 2024
GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass.
The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week.
The
18 September 2024
Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett).
The sophisticated botnet, dubbed Raptor Train by Lumen's Black Lotus Labs, is believed to have been operational since at least May 2020,