New Variant of Mallox Ransomware Targets Linux and VMware ESXi Environments
Mallox Linux 1.0, derived from leaked Kryptina ransomware code, demonstrates adaptability of ransomware operations in cyber threat landscape.
View full story…
Kaspersky Withdraws Anti-Malware Software from 1 Million US Customers
Kaspersky has replaced its anti-malware software with UltraAV for 1 million US customers, leading to frustration over missing settings and file deletions.
View full story…
Critical Security Vulnerabilities Discovered in Houzez WordPress Theme and Login Register Plugin
Two critical security vulnerabilities, CVE-2024-22303 and CVE-2024-21743, were found in the Houzez WordPress theme and its Login Register plugin, allowing unauthorized users to escalate privileges and potentially compromise WordPress sites.
View full story…
Chinese APT Group Earth Baxia Targets APAC Government and Energy Sectors with GeoServer Exploit and EAGLEDOOR Malware
Earth Baxia, a Chinese APT group, is exploiting a critical GeoServer flaw to deploy EAGLEDOOR malware targeting government and energy sectors in the Asia-Pacific region.
View full story…
Latest Cybernews
Iranian APT Group UNC1860 Poses Significant Cybersecurity Threat in Middle East Region
UNC1860, an Iranian APT group affiliated with MOIS, utilizes specialized tooling and passive backdoors to target government and telecommunications sectors in the Middle East.
View full story…
North Korean APT Group Exploits DMARC Flaws for Cyber-Espionage Attacks
Kimsuky, a North Korean APT group, bypasses poorly configured DMARC protocols to conduct targeted cyber-espionage attacks on key organizations for sensitive intelligence gathering.
View full story…
Report Highlights Significant Skills Gap in Cloud Security Expertise
Over half of organizations have experienced security incidents related to public cloud use, leading to data breaches, due to a shortage of qualified personnel and lack of security awareness among employees.
View full story…
Global Sting Operation Dismantles iServer Phishing Network
Law enforcement authorities, in collaboration with Europol and Ameripol, arrest the administrator and 16 cybercriminals involved in the iServer phishing-as-a-service platform, seizing over 900 items and disrupting a major criminal network targeting over 1.2 million mobile phones worldwide.
View full story…
HSBC Successfully Trials Quantum-Secure Technology for Tokenized Gold Transactions
HSBC partners with Quantinuum to protect assets against potential quantum computing attacks, demonstrating the ability to move digital assets safely across distributed ledgers via secure networks.
View full story…
Google Expands Passkeys Feature for Enhanced Security and Convenience Across Platforms
Google has expanded its passkeys feature to include saving passkeys on desktop Chrome for Windows, macOS, and Linux, with iOS support on the way, providing users with enhanced security and convenience for managing passwords across various platforms.
View full story…
Critical Security Flaw in Ivanti’s Cloud Service Appliance (CSA) Identified as CVE-2024-8963
Remote unauthenticated attackers exploit vulnerability in Ivanti CSA to execute arbitrary commands and potentially achieve remote code execution.
View full story…
US Cyberspace Solarium Commission 2.0 Releases Fourth Annual Report on Cyber Policy Recommendations
The CSC 2.0 report highlights key achievements and ten new cyber policy recommendations aimed at protecting the US from nation-state adversaries and cybercriminals.
View full story…
Critical Zero-Click Vulnerability Discovered in MediaTek Wi-Fi Chipsets
Researchers have found a critical-rated zero-click vulnerability in MediaTek Wi-Fi chipsets that allows for remote code execution without user interaction, affecting routers and smartphones from various manufacturers.
View full story…