US-CERT Vulnerability Summary for the Week of July 8, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
News
GitHub Token Leak Exposes Python’s Core Repositories to Potential Attacks
Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories...
10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit
Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought,...
CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool
A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect...
Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months
Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes...
New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection
Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new...
Exim Security Restriction Bypass Vulnerability
A vulnerability was identified in Exim, a remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system. Note:Proof...
Cisco Products Remote Code Execution Vulnerability
A vulnerability has been identified in Cisco Products, a remote user can exploit this vulnerability to trigger elevation of privilege...
AT&T Confirms Data Breach Affecting Nearly All Wireless Customers
American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its...
Snowflake Breach at Advance Auto Parts Hits 2.3 Million People
A leading US car parts provider has revealed that a high-profile data breach earlier in 2024 will impact over two...
NATO Set to Build New Cyber Defense Center
NATO’s members have agreed to the construction of a new cyber-defense facility designed to help the military alliance build resilience...
Indiana County Files Disaster Declaration Following Ransomware Attack
A County in Indiana, US, has filed a disaster declaration following a ransomware attack on local government networks, which has...
Hackers Downloaded Call Logs from Cloud Platform in AT&T Breach
Telecommunications giant AT&T has revealed that customer data has been illegally downloaded by threat actors.Hackers have downloaded the data from...
Australian Defence Force Private and Husband Charged with Espionage for Russia
Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part...
DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign
Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections....
Critical Vulnerability in Palo Alto Networks Expedition Migration Tool
Palo Alto Networks has released security updates addressing a critical vulnerability (CVE-2024-5910) in their Expedition migration tool.Successful exploitation of the...
Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar
In today's digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking...
U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation
The U.S. Department of Justice (DoJ) said it seized two internet domains and searched nearly 1,000 social media accounts that...
Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments
A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver...
Ransomware Surges Annually Despite Law Enforcement Takedowns
The number of successful ransomware attacks advertised on leak sites increased 9% year-on-year (YoY) in the first quarter of 2024...
CISA Urges Software Makers to Eliminate OS Command Injection Vulnerabilities
The US government has urged software manufacturers to work towards the elimination of operating system (OS) command injection vulnerabilities.The alert...
Fraud Campaign Targets Russians with Fake Olympics Tickets
A broad network of 708 fraudulent web domains is being used to sell fake sporting and musical events tickets, primarily...
Huione Guarantee Marketplace Exposed as Front for Cybercrime
Cryptocurrency investigators have claimed a popular online marketplace in South-East Asia is actually being used primarily by money launderers and...
High-Severity Vulnerability Affecting Microsoft Outlook
Microsoft has released security updates to address a high-severity vulnerability (CVE-2024-38021) in their Outlook applications.Successful exploitation of the vulnerability could...
