Latest Cybersecurity News and Articles
28 September 2024
Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months.
The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it.
"Fake
28 September 2024
HPE has released patches for three critical security vulnerabilities in Aruba's networking access points, which could allow attackers to run code on the systems by sending specially crafted packets to UDP port 8211.
28 September 2024
The Brazilian-targeted threat BBTok has a complex infection chain that starts with an email containing an ISO image. The malware compiles C# code directly on the infected machine and uses the AppDomain Manager Injection technique.
28 September 2024
The most severe issue is a stack-based buffer overflow vulnerability (CVE-2024-34026) that allows an attacker to execute remote code. Users are advised to update to the latest version of OpenPLC to protect against these security risks.
28 September 2024
The vulnerabilities could be exploited to remotely control Kia vehicles equipped with remote hardware in under 30 seconds, exposing the sensitive personal information of car owners.
28 September 2024
Experts are investigating whether the hackers gained access to Cisco Systems routers, a key component of ISP infrastructures, but Cisco has not found any indication of router involvement.
28 September 2024
U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data.
The Department of Justice (DoJ) accused Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yasar (Yaser) Balaghi, 37, of participating in a conspiracy
28 September 2024
SloppyLemming has been active since at least July 2021 and has targeted the government, law enforcement, energy, education, telecommunications, and technology sectors in countries such as Pakistan, Sri Lanka, Bangladesh, China, Nepal, and Indonesia.
28 September 2024
Hackers are now using AI-generated malware in targeted attacks. In a recent email campaign in France, researchers found malicious code crafted with the help of generative AI to distribute the AsyncRAT malware.
28 September 2024
A security flaw in OpenAI's ChatGPT app for macOS, now patched, could have allowed attackers to implant persistent spyware into the AI tool's memory. This could lead to continuous data exfiltration of user information across chat sessions.
27 September 2024
Joint advisory encourages individuals at higher risk of targeted phishing to follow mitigation advice and sign up for NCSC's cyber defence services.
27 September 2024
Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities.
The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers -
CVE-2024-46905 (CVSS score: 8.8)
27 September 2024
Security researchers at Bitsight discovered critical vulnerabilities in Automated Tank Gauge (ATG) systems, including Maglink LX, Maglink LX4, OPW SiteSentinel, Proteus OEL8000, Alisonic Sibylla, and Franklin TS-550.
27 September 2024
HashiCorp has released updated versions (1.17.6, 1.16.10, 1.15.15) to fix the flaw, along with a new configuration option to enhance security. Users are advised to upgrade or adjust their configurations to protect against exploitation.
27 September 2024
The CISA has issued a warning about hackers using basic techniques to target industrial systems, particularly OT and ICS devices in critical infrastructure, water, and wastewater systems.
27 September 2024
A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions.
"A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print
27 September 2024
The six vulnerabilities, with high severity scores, could lead to unauthorized access and control over network infrastructure. Progress Software advises all WhatsUp Gold users to upgrade to version 24.0.1 to mitigate these vulnerabilities.
27 September 2024
Cybersecurity researchers at Palo Alto Networks' Unit 42 have discovered a prolific Phishing-as-a-Service platform called Sniper Dz, responsible for creating over 140,000 phishing websites in just one year.
27 September 2024
Security researchers have found critical flaws in the Jupiter X Core WordPress plugin, affecting over 90,000 websites. The vulnerabilities could allow attackers to take control of websites or hijack user accounts, including admin accounts.
27 September 2024
As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection.
Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion” techniques is especially alarming.