US-CERT Vulnerability Summary for the Week of July 1, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
News
New Ransomware-as-a-Service ‘Eldorado’ Targets Windows and Linux Systems
An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado...
Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites
An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers...
New APT Group “CloudSorcerer” Targets Russian Government Entities
A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud...
5 Key Questions CISOs Must Ask Themselves About Their Cybersecurity Strategy
Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024...
Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries
Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz). That's according to findings...
Apple Removes VPN Apps from Russian App Store Amid Government Pressure
Apple removed a number of virtual private network (VPN) apps in Russia from its App Store on July 4, 2024,...
Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service
Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could...
Gamers’ Data Exposed in RPG Platform Roll20 Breach
Roll20, a popular online tabletop platform for role-playing games (RPGs), revealed on July 3 that its systems had been breached.It...
Over $1bn in Cryptocurrency Lost to Web3 Cyber Incidents in 2024
More than $1.1bn worth of cryptocurrency has been lost from Web3 cybersecurity incidents in the first half of 2024, according...
UK’s NCA Leads Major Cobalt Strike Takedown
The UK’s National Crime Agency (NCA) has revealed details of an ambitious operation to disrupt the cybercrime supply chain by...
New Ransomware Group Phones Execs to Extort Payment
A newly discovered ransomware group has dispensed with the usual leak site and is instead targeting executives in victim organizations...
Vinted Fined €2.3m Over Data Protection Failure
Vinted, the leading online platform for second-hand sales, has been fined €2,385,276 ($2,582,730) for breaching the EU’s General Data Protection...
EU Opens Applications for Cybersecurity and Digital Skills Funding
The EU Commission has opened applications for over €210m ($227.3m) in funding for cybersecurity and digital skills programs.The latest funding...
Meta Faces Suspension of AI Data Training in Brazil
Brazil’s National Data Protection Authority (ANPD) has issued a preventive measure halting Meta’s processing of personal data for the training...
Europol Warns of Home Routing Challenges For Lawful Interception
Europol has released a position paper today highlighting significant challenges posed by privacy enhancing technologies (PET) in home routing to...
OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers
French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a...
Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks
Identity theft isn't just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause...
GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks
The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to...
Blueprint for Success: Implementing a CTEM Operation
The attack surface isn't what it once was and it's becoming a nightmare to protect. A constantly expanding and evolving...
Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies
The supply chain attack targeting widely-used Polyfillio JavaScript library is wider in scope than previously thought, with new findings from...
New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks
Cybersecurity researchers have uncovered a new botnet called Zergeca that's capable of conducting distributed denial-of-service (DDoS) attacks. Written in Golang,...
Cisco NX-OS Remote Code Execution Vulnerability
A vulnerability has been identified in Cisco NX-OS. A remote attacker could exploit some of these vulnerabilities to trigger denial...
OpenSSH Remote Code Execution Vulnerability
A vulnerability was identified in OpenSSH. A remote attacker could exploit this vulnerability to trigger remote code execution on the...
