US-CERT Vulnerability Summary for the Week of June 17, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
News
Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool
Cybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be...
Google Introduces Project Naptime for AI-Powered Vulnerability Research
Google has developed a new framework called Project Naptime that it says enables a large language model (LLM) to carry...
Critical Vulnerability in Facebook PrestaShop Module
Security researchers have disclosed a critical vulnerability (CVE-2024-36680) involving a premium Facebook module for PrestaShop named pkfacebook. The vulnerability has...
Ease the Burden with AI-Driven Threat Intelligence Reporting
Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill's threat experts. Each...
RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations
A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic...
Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices
Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet...
Crypto Firm Kraken Calls the Cops After Researchers Attempt “Extortion”
Cryptocurrency exchange Kraken has said it is “coordinating with law enforcement” after security researchers allegedly attempted to extort the firm following...
Threat Actor Claims AMD and Apple Breaches
A prolific threat actor has claimed to have breached tech giants AMD and Apple, stealing source code for internal tools,...
French Diplomatic Entities Targeted by Russian-Aligned Nobelium
Russian-aligned threat actor Nobelium has been continuously targeting French diplomatic entities and public organizations since 2021, according to the French...
US Bans Kaspersky Over Alleged Kremlin Links
The US government has banned cybersecurity provider Kaspersky from selling its products in the country because of the company’s alleged...
Chemical Facilities Warned of Possible Data Exfiltration Following CISA Breach
The US Cybersecurity and Infrastructure Security Agency (CISA) has revealed its Chemical Security Assessment Tool (CSAT) was breached by a...
Synnovis Attackers Publish NHS Patient Data Online
Threat actors have published nearly 400GB of data stolen from pathology provider Synnovis, including sensitive NHS patient information, according to...
LockBit Most Prominent Ransomware Actor in May 2024
The notorious LockBit group has reemerged to become the most prominent ransomware actor in May 2024, according to a new...
Warning: New Adware Campaign Targets Meta Quest App Seekers
A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new...
ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor
Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed....
U.S. Treasury Sanctions 12 Kaspersky Executives Amid Software Ban
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions against a dozen individuals serving executive...
Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign
A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across...
Military-themed Email Scam Spreads Malware to Infect Pakistani Users
Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan using...
Oyster Backdoor Spreading via Trojanized Popular Software Downloads
A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a...
SolarWinds Serv-U Vulnerability Under Active Attack – Patch Immediately
A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the...
How to Use Tines’s SOC Automation Capability Matrix
Created by John Tuckner and the team at automation and AI-powered workflow platform Tines, the SOC Automation Capability Matrix (SOC...
Why SaaS Security is Suddenly Hot: Racing to Defend and Comply
Recent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other industries...
U.S. Bans Kaspersky Software, Citing National Security Risks
The U.S. Department of Commerce's Bureau of Industry and Security (BIS) on Thursday announced a "first of its kind" ban...
