Latest Cybersecurity News and Articles


Litespeed Cache Flaw Exposes Millions of WordPress Sites to Takeover Attacks

05 September 2024
Discovered by security researcher Rafie Muhammad, the flaw allows unauthorized users to take control of logged-in accounts, potentially gaining administrator privileges on WordPress sites.

Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government

05 September 2024
This campaign, active since July, utilizes at least three malicious ISO files to compromise Malaysian entities, containing components like a malicious executable and a decoy PDF file, ultimately delivering the Babylon RAT as a final payload.

UK and Allies uncover Russian military unit carrying out cyber attacks and digital sabotage for the first time

05 September 2024
The NCSC and partners call out Russian GRU cyber actors Unit 29155 for campaign of malicious cyber activity since at least 2020.

Cisco Fixes Root Escalation Vulnerability With Public Exploit Code

05 September 2024
Local attackers can exploit this weakness through malicious CLI commands without user interaction, but only if they have Administrator privileges. So far, there is no evidence of this vulnerability being exploited in the wild.

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East

05 September 2024
Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. "Sighting this group's [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them," Kaspersky

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues

05 September 2024
Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution. CVE-2024-42024 (CVSS score: 9.1

Cisco Warns of Backdoor Admin Account in Smart Licensing Utility

05 September 2024
Cisco has issued a warning about a backdoor admin account discovered in the Cisco Smart Licensing Utility (CSLU), allowing unauthorized access to unpatched systems. This critical flaw (CVE-2024-20439) enables remote access with admin privileges.

EUCLEAK Attack Allows Yubico Security Keys to be Cloned

05 September 2024
Despite this, the risk is limited as attackers would need physical access to the device, specific knowledge of targeted accounts, and specialized equipment for the attack.

Google Fixed Actively Exploited Android Privilege Escalation Flaw (CVE-2024-32896)

05 September 2024
Google has patched a high-severity vulnerability, known as CVE-2024-32896, in its Android OS actively exploited in the wild. The issue involves a privilege escalation in the Android Framework component.

Revival Hijack Attack Puts 22,000 PyPI Packages at Risk of Hijack

05 September 2024
This method could potentially lead to numerous malicious package downloads. The attack involves hijacking popular projects by registering new projects under the names of removed packages on PyPI.

CISA Warns of Three Actively Exploited Vulnerabilities That Demand Immediate Attention

05 September 2024
Two vulnerabilities, CVE-2021-20123 and CVE-2021-20124, pose serious risks for Draytek VigorConnect routers, potentially leading to unauthorized access to sensitive files. Another vulnerability, CVE-2024-7262, affects Kingsoft WPS Office.

RomCom Group’s Underground Ransomware Exploits Microsoft Zero-Day Flaw

05 September 2024
A new ransomware variant named Underground, linked to the Russia-based RomCom group, encrypts files on victims’ Windows machines and demands a ransom for decryption. It has been active since July 2023.

U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown

05 September 2024
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. Accusing the Russian government-directed foreign malign influence campaign of violating U.S. money laundering and criminal trademark laws, the agency called out companies Social Design Agency (SDA),

FTC cites Verkada for alleged CAN-SPAM violations

05 September 2024
The FTC will require security camera firm Verkada to develop and implement a comprehensive information security program.

NIST Cybersecurity Framework (CSF) and CTEM – Better Together

05 September 2024
It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally

FBI Warns Crypto Firms of Aggressive Social Engineering Attacks

05 September 2024
The FBI issued a warning about aggressive social engineering attacks by North Korean hacking groups targeting cryptocurrency firms. The attacks involve deploying malware to steal crypto assets through highly targeted tactics that are hard to detect.

Threat Actors Using MacroPack to Deploy Brute Ratel, Havoc, and PhantomCore Payloads

05 September 2024
Malicious actors potentially utilized the MacroPack red-teaming framework to distribute harmful payloads like Brute Ratel and Havoc tools, as well as a new version of the PhantomCore remote access trojan.

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore

05 September 2024
Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos. The program in question is a payload generation framework called MacroPack, which is used to generate Office documents, Visual Basic scripts, Windows shortcuts, and other formats for penetration testing and social engineering assessments. It was developed

New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm

05 September 2024
The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China. The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of targeting both Microsoft Windows and Linux systems. "KTLVdoor is a highly obfuscated malware that

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks

05 September 2024
Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information. A brief description of the two vulnerabilities is below - CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account