The MITRE Corporation, a non-profit organization, has disclosed that in January 2024, a sophisticated, state-sponsored hacker group infiltrated its systems by chaining together two zero-day exploits in the Ivanti VPN. The incident was initially...
From June 2023 to February 2024, specialists from Sophos‘s cyber intelligence division identified 19 different types of ransomware being offered for sale on four dark web forums for relatively modest sums, ranging from $20...
Cisco has released updates to address a critical vulnerability in its Integrated Management Controller, which allows local attackers to elevate their privileges to the administrator level. “A vulnerability in the CLI of the Cisco...
Researchers from the University of Illinois at Urbana-Champaign recently published a study demonstrating that OpenAI’s artificial intelligence model, GPT-4, is capable of independently exploiting vulnerabilities in real systems once it receives detailed descriptions of...
A service called Spy Pet has raised alarms among Discord users by offering archival and activity tracking services on the platform for a nominal fee of $5. Spy Pet enables third parties, potentially including...
At the end of last year, a major American automobile manufacturer, whose name has not been disclosed, fell victim to a targeted attack orchestrated by the hacker group FIN7. According to researchers from BlackBerry,...
Forescout has detected a new campaign exploiting a vulnerability in Fortinet FortiClient EMS devices to disseminate malware. The SQL injection vulnerability, CVE-2023-48788 (CVSS score: 9.8), enables unauthorized attackers to execute code through specially crafted...
A new type of banking malware for Android, named “SoumniBot,” employs an unconventional obfuscation method that leverages vulnerabilities in the process of extracting and analyzing the Android manifest. This allows it to circumvent standard...
Since 2015, certain Ukrainian government networks have remained infected with a malicious program known as OfflRouter. Researchers from Cisco Talos have analyzed over 100 infected documents, which enabled them to identify the virus’s ongoing...
American mobile service providers T-Mobile and Verizon have been besieged by a wave of cybercriminal attacks, wherein employees are bombarded with messages on both personal and work phones offering financial incentives for engaging in...
Fortinet reports that malicious actors continue to exploit a year-old vulnerability in TP-Link routers, incorporating them into various botnets for conducting DDoS attacks. The command injection vulnerability, CVE-2023-1389 (CVSS score: 8.8), was identified at...
In the first quarter of 2024, the Philippines witnessed a sharp increase in cyberattacks amid escalating tensions in the South China Sea, as reported by Resecurity. Compared to the same period last year, the...
In 2023, the United States food and agriculture sector encountered no fewer than 167 ransomware attacks, ranking it as the seventh most vulnerable among all industries in the country, according to the inaugural annual...
The developers of PuTTY are issuing a warning about a critical vulnerability affecting versions 0.68 to 0.80, which could potentially allow an attacker to completely reconstruct private NIST-P521 keys. The vulnerability, identified as CVE-2024-31497,...
International cybersecurity is under threat following a discovery by Cisco Talos experts of a large-scale credential stuffing campaign targeting VPN and SSH services of companies including Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti. The campaign...
Palo Alto Networks’ Unit 42 reports that the cybercriminal group Muddled Libra is actively targeting cloud applications and cloud service providers in a bid to steal confidential data. According to the report, the attackers...
