Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged...
Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged...
While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed "BellaCPP".
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to...
Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths'
2024-12-18 • KELA • KELA’s Research Team Open article on Malpedia
2024-12-18 • Bleeping Computer • Sergiu Gatlan • win.raccoon, win.recordbreaker Open article on Malpedia
2024-12-19 • SpyCloud • James • win.lumma Open article on Malpedia
2024-12-13 • Bleeping Computer • Bill Toulas • apk.badbox Open article on Malpedia
2024-12-17 • BitSight • Pedro Falé • apk.badbox Open article on Malpedia
2024-12-19 • Bleeping Computer • Bill Toulas • apk.badbox Open article on Malpedia
A Dragos report observed 23 new ransomware groups targeting industrial organizations in Q3 2024
The U.S. Department of Homeland Security (DHS), through its Office of Economic Security, Supply Chain Resilience Center (SCRC),... The post DHS white paper focuses on enhancing infrastructure...
2024-12-12 • Spamhaus • Spamhaus Team • js.mints_loader Open article on Malpedia
2024-12-16 • Guardio Labs • Nati Tal • win.lumma Open article on Malpedia
Check out the new cloud security requirements for federal agencies. Plus, beware of North Korean government operatives posing as remote IT pros. Also, learn how water plants can protect their HMIs...
The Health Sector Cybersecurity Coordination Center (HC3) of the U.S. Department of Health & Human Services (HHS) disclosed... The post HC3 reveals credential harvesting threat targeting...
2024-12-12 • XLab • XLab Team • elf.winnti Open article on Malpedia
The Play ransomware gang has claimed responsibility for a cyberattack that impacted the business operations of the U.S. doughnut chain Krispy Kreme in November. [...]
Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to...
The Alliance for Creativity and Entertainment (ACE) has taken down one of the world's largest live sports streaming piracy rings, with over 821 million visits last year. [...]
Rapido restricted access to the exposed portal soon after TechCrunch contacted the company. © 2024 TechCrunch. All rights reserved. For personal use only.
Daniel Christian Hulea, a Romanian man charged for his involvement in NetWalker ransomware attacks, was sentenced to 20 years in prison after pleading guilty to computer fraud conspiracy and wire...
KEY SUMMARY POINTS Krispy Kreme, the beloved doughnut chain, disclosed a data breach on December 11, 2024, in…
However, less than 10% of the disclosures addressed the material impacts of the security incidents. The post Study finds ‘significant uptick’ in cybersecurity disclosures to SEC appeared first on...
Each year, Barracuda rolls out hundreds of articles. Here’s a roundup of our most popular ones from 2024.
Rostislav Panev allegedly served as a software developer for LockBit. The post Israeli court to hear U.S. extradition request for alleged LockBit developer appeared first on CyberScoop.
Beginning December 11, customers started reporting “suspicious behavior” on their Session Smart Routers, Juniper says, and they had one thing in common: They were still using the factory-set...
Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package...
Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company...