Latest Cybersecurity News and Articles
18 September 2024
A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration (NASA), research universities, and private companies.
Song Wu, 39, has been charged with 14 counts of wire fraud and 14 counts of aggravated identity theft.
18 September 2024
Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here's a closer look at the size of this scheme, and some findings about who may be responsible.
18 September 2024
MISTPEN is a trojanized version of a legitimate Notepad++ plugin that allows the threat actor to download and execute files from a command-and-control server. The threat group constantly enhances its malware, making it harder to detect and analyze.
18 September 2024
Claims of hacked voter data are intended to cause distrust in the election process, the FBI and CISA warn.
18 September 2024
Red Hat OpenShift, a popular hybrid cloud platform with robust security features, is facing two critical vulnerabilities: CVE-2024-45496 (CVSS 9.9) and CVE-2024-7387 (CVSS 9.1).
18 September 2024
The CISA and the FBI recommended software developers to implement rigorous validation, sanitization, and input escaping to prevent malicious script injections and data manipulation.
18 September 2024
The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the grandmaster Garry Kasparov in 1997, only to be stunned when the machine claimed victory. Fast forward to today, would we have imagined just three years ago that a chatbot could write essays, handle customer support calls, and even craft commercial
18 September 2024
Cybersecurity firm Huntress reported that attackers search for publicly accessible installations of Foundation software on the internet and then attempt to gain administrative access by trying combinations of default usernames and passwords.
18 September 2024
Valid account abuse remains a top entry point for critical infrastructure attacks, with the CISA reporting that 2 in 5 successful intrusions last year were attributed to this method.
18 September 2024
The vulnerability was related to the undocumented Salesforce Aura API and SOQL subqueries, allowing a blind SOQL injection attack to retrieve customer information, including personally identifiable information (PII).
18 September 2024
Prosecutors allege that Chinese national Wu Song targeted US academics and engineers to obtain applications used in aerospace engineering and fluid dynamics, which could be used for developing missiles and weapons.
18 September 2024
A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN.
The activity cluster is being tracked by Google-owned Mandiant under the moniker UNC2970, which it said overlaps with a threat group known as TEMP.Hermit, which is
18 September 2024
Two critical vulnerabilities, CVE-2024-8503 (SQL Injection) and CVE-2024-8504 (Privilege Escalation), have been uncovered in the VICIdial Contact Center Suite, posing a major risk for call centers globally.
18 September 2024
Advanced phishing attacks are putting X accounts, formerly known as Twitter, at risk. Even with two-factor authentication in place, researchers at eSentire have found that account takeovers are still possible.
18 September 2024
Google has announced that it's rolling out a new set of features to its Chrome browser that gives users more control over their data when surfing the internet and protects against online threats.
"With the newest version of Chrome, you can take advantage of our upgraded Safety Check, opt out of unwanted website notifications more easily and grant select permissions to a site for one time only,"
18 September 2024
The GSM Association, the governing body that oversees the development of the Rich Communications Services (RCS) protocol, on Tuesday, said it's working towards implementing end-to-end encryption (E2EE) to secure messages sent between the Android and iOS ecosystems.
"The next major milestone is for the RCS Universal Profile to add important user protections such as interoperable end-to-end
18 September 2024
Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution.
The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol.
"A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a
17 September 2024
The US has imposed further sanctions on Intellexa, the maker of the Predator spyware, targeting individuals and entities associated with the company due to its opaque corporate structure designed to evade accountability.
17 September 2024
This critical flaw, actively exploited in the wild, allows attackers to elevate privileges to SYSTEM level, posing a significant risk to organizations using Microsoft's Hyper-V virtualization technology.
17 September 2024
GitLab releases a security update for a critical flaw. Security leaders share advice on how organizations can secure against this vulnerability.