Category: Information Security

Condi botnet

Critical TP-Link Flaw Under Attack: Update Now

Fortinet reports that malicious actors continue to exploit a year-old vulnerability in TP-Link routers, incorporating them into various botnets for conducting DDoS attacks. The command injection vulnerability, CVE-2023-1389 (CVSS score: 8.8), was identified at...

CVE-2024-31497

CVE-2024-31497: PuTTY Exploit Endangers Data

The developers of PuTTY are issuing a warning about a critical vulnerability affecting versions 0.68 to 0.80, which could potentially allow an attacker to completely reconstruct private NIST-P521 keys. The vulnerability, identified as CVE-2024-31497,...

Volt Typhoon group

Global Brute-Force Attacks Spike: Cisco Issues Warning

International cybersecurity is under threat following a discovery by Cisco Talos experts of a large-scale credential stuffing campaign targeting VPN and SSH services of companies including Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti. The campaign...

Muddled Libra

Cloud Under Siege: Muddled Libra Shifts Tactics

Palo Alto Networks’ Unit 42 reports that the cybercriminal group Muddled Libra is actively targeting cloud applications and cloud service providers in a bid to steal confidential data. According to the report, the attackers...

TA558

TA558 Attacks Surge: 320+ Organizations Targeted

Recently, the cybercriminal group TA558 has significantly increased its malicious activities, attacking organizations worldwide with various types of malware. Security specialists from Positive Technologies have identified over 320 attacks carried out by this group....

Omni Hotels cyberattack

Omni Hotels Hacked: Daixin Gang Demands Ransom

The cybercriminal group Daixin Team has claimed responsibility for the recent attack on the Omni Hotels & Resorts network and threatens to release confidential customer information unless a ransom is paid. Omni Hotels operates...

LockBit 3.0 builder

Kaspersky Warns: LockBit 3.0 Leak Makes Ransomware Worse

The latest study by Kaspersky Lab delves into the ramifications of the LockBit 3.0 builder leak that occurred in 2022. This event significantly empowered cybercriminals to create highly customizable malicious software versions, enhancing the...

Kansas State University cyberattack

Third-Party Breach Exposes Cisco Duo MFA Data

A third-party company responsible for the telecommunication services used in Cisco Duo’s multi-factor authentication (MFA) system was subjected to a cyberattack employing social engineering tactics. Consequently, Cisco has urged its clients to exercise extreme...

CVE-2024-31498

Security Alert: YubiKey Users Must Update Software

Yubico, the developer of the widely-used YubiKey authentication devices, has alerted Windows users to a significant vulnerability in its software. According to the company’s official statement, this vulnerability could lead to elevated privileges on...

CVE-2024-21410

Nexperia Hacked: Chipmaker Scrambles After Data Breach

Nexperia, a prominent Dutch semiconductor manufacturer under the management of the Chinese company Wingtech, recently experienced a serious cyberattack. According to an official statement from the company, unauthorized access to its information systems was...