Iranian State-Sponsored Group OilRig Launches Cyber Attack on Iraqi Government Networks
OilRig, also known as APT34 or Crambus, targets Iraqi government organizations with new malware families Veaty and Spearal, posing a threat to sensitive information and infrastructure.
View full story…
GitLab Releases Critical Security Updates to Address Severe Vulnerability
GitLab has patched a critical vulnerability (CVE-2024-6678) that allows attackers to run pipeline jobs as arbitrary users, posing a significant risk of exploitation.
View full story…
Mastercard Acquires Recorded Future for $2.65 Billion to Enhance Cybersecurity Services
Mastercard has acquired Recorded Future, a global threat intelligence company, to strengthen its position in the digital economy and enhance cybersecurity services.
View full story…
Irish Data Protection Commission Launches Inquiry into Google’s PaLM 2 AI Model
The Irish Data Protection Commission is investigating Google’s PaLM 2 AI model for compliance with EU data protection laws.
View full story…
17-Year-Old Arrested in Connection with Cyber-Attack on Transport for London (TfL)
A 17-year-old boy from Walsall has been arrested by the National Crime Agency in connection with the recent cyber-attack on TfL, where customer data, including names, addresses, and potentially bank details, was stolen.
View full story…
Key Findings from Cato CTRL’s Q2 2024 Threat Report
IntelBroker identified as persistent threat actor in Cato CTRL’s report, with Amazon as most spoofed brand and surge in Log4j and Oracle WebLogic exploit attempts.
View full story…
North Korean Lazarus Group Targets Developers with Fake Job Interviews
The Lazarus Group, a North Korean state-sponsored threat actor, is using fake job interviews to trick developers into downloading malware disguised as coding tests on open source repositories.
View full story…
1.3 Million Android TV Boxes Infected by AndroidVo1d Malware Worldwide
AndroidVo1d malware infects 1.3 million Android-based TV boxes in 197 countries, targeting outdated devices with unpatched vulnerabilities.
View full story…
Latest Cybernews
Singapore Police Arrest Seven Individuals for Suspected Involvement in Illegal Global Cyber Activities
Seven individuals, including six mainland Chinese nationals and one Singaporean man, have been arrested for their suspected involvement in illegal global cyber activities in Singapore.
View full story…
Global Cybersecurity Workforce Gap Increases by 19% in 2024, ISC2 Study Finds
ISC2’s 2024 Cybersecurity Workforce Study reveals a global shortage of 4.8 million professionals, with budget constraints and skills shortages hindering efforts to secure systems effectively.
View full story…
Cybersecurity Risks of Remote Access Tools in OT Environments Highlighted by Claroty Study
Research from Team82’s Claroty reveals the dangers of using non-enterprise-grade remote access tools in operational technology environments, emphasizing the need for organizations to implement centralized management and security controls to defend against potential compromise and disruptive attacks.
View full story…
Quad7 Botnet Expands to Target VPN Routers and Media Servers
The Quad7 botnet, previously focused on TP-Link routers, now targets a wider range of devices including Zyxel VPN appliances, Ruckus wireless routers, and Axentra media servers, utilizing backdoors with HTTP reverse shells and the KCP communications protocol over UDP.
View full story…
Critical Deserialization Vulnerability in Ivanti Endpoint Manager (EPM) Allows Remote Code Execution
A critical deserialization vulnerability in Ivanti Endpoint Manager (EPM) enables remote attackers to execute arbitrary code, posing a high risk of compromise to managed endpoints.
View full story…
Americans Lose $5.6 Billion to Cryptocurrency Fraud in 2023
Investment scams targeting victims aged 60 and above account for majority of losses, with FBI receiving over 69,000 complaints related to financial fraud and crypto.
View full story…