Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. [...]
SUMMARY Three Russian nationals have been indicted for their alleged roles in running cryptocurrency mixing services Blender.io and…
The company confirmed the breach after a hacker posted millions of location data records online. © 2024 TechCrunch. All rights reserved. For personal use only.
Nominet, the U.K. domain registry that maintains .co.uk domains, has experienced a cybersecurity incident that it confirmed is linked to the recent exploitation of a new Ivanti VPN vulnerability....
Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table...
A new WEF report highlighted growing disparities in the cyber capabilities of different types of organizations and regions
Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. [...]
No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired infrastructure for as little as $20 per domain....
Telefónica faces a data breach impacting its internal systems, linked to hackers using compromised credentials. Learn more about this alarming cyber threat.
Three Russian men have been indicted on money laundering charges connected to cryptocurrency mixers
A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the...
Telefonica has confirmed a breach of its internal ticketing system exposing more than 236,000 lines of customer data
Behind the scenes, companies and governments are feeding a trove of data about international travelers into opaque AI tools that aim to predict who’s safe—and who’s a threat.
For the latest discoveries in cyber research for the week of 13th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The International Civil Aviation Organization...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released on Friday four advisories concerning industrial control systems (ICS).... The post CISA reports security vulnerabilities...
The Cyber Security Agency of Singapore (CSA) addressed reports of an ongoing Mirai-based botnet campaign targeting security flaws... The post Singapore’s CSA issues urgent advisory on Mirai botnet...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released on Friday its Cybersecurity Performance Goals Adoption Report, emphasizing... The post CISA CPG adoption report highlights...
Microsoft is investigating an ongoing Multi-Factor Authentication (MFA) outage that is blocking customers from accessing Microsoft 365 Office apps. [...]
This is a weekly threat intelligence report review from RST Cloud. This week, we analysed 29 threat intelligence reports and summarized their key findings, along with the relevant metadata that...
Researchers discovered a ransomware campaign leveraging AWS Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data in Amazon S3 buckets. The attack, orchestrated by the threat...
With the advent of virtual reality, everyone got scared that the life we know will disappear, and only…
Note This trend report on the deep web and dark web of December 2024 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the...
AhnLab SEcurity intelligence Center (ASEC) has recently confirmed that proxyware is being installed through advertisement pages of freeware software sites. The proxyware that is ultimately...
Cybercriminals are exploiting a trick to turn off Apple iMessage's built-in phishing protection for a text and trick users into re-enabling disabled phishing links. [...]
A pastor at a Pasco, Washington, church has been indicted on 26 counts of fraud for allegedly operating a cryptocurrency scam that defrauded investors of millions between 2021 and 2023. [...]
The evolving landscape of cyber-physical security brings unique challenges to IT (information technology) and OT (operational technology) environments... The post Adopting holistic approach to...
The scourge of ransomware continues primarily because of three main reasons: Ransomware-as-a-Service (RaaS), cryptocurrency, and safe havens.RaaS platforms enable aspiring cybercriminals to join a...
The Wiz Incident Response team is currently responding to multiple incidents involving CVE-2024-50603, an Aviatrix Controller unauthenticated RCE vulnerability, that can lead to privileges...
SUMMARY Cybercriminals are deploying a tricky new phishing campaign impersonating the cybersecurity firm CrowdStrike‘s recruiters to distribute a…
A fake proof-of-concept (PoC) exploit designed to lure cybersecurity researchers into downloading malicious software. This deceptive tactic leverages a recently patched critical vulnerability in...