Latest Cybersecurity News and Articles

WorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts

This vulnerability, dubbed the “WorkflowKit Race Vulnerability,” targets the extraction and signing processes of shortcuts within WorkflowKit, potentially allowing a malicious app to intercept and modify shortcut files during import.

CVE-2024-42450 (CVSS 10): Versa Networks Addresses Critical Vulnerability in Versa Director

Versa Networks has issued a security advisory addressing a critical vulnerability (CVE-2024-42450) affecting its Versa Director software. The vulnerability, carries a CVSS score of 10, could allow unauthenticated attackers to access sensitive data.

CVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution

A high-severity vulnerability has been discovered in Kubernetes, potentially allowing attackers to execute arbitrary commands outside of container boundaries. It is tracked as CVE-2024-10220 and assigned a CVSS score of 8.1.
November 21, 2024

FBI says BianLian based in Russia, moving from ransomware attacks to extortion

BianLian ransomware actors are likely based in Russia and have multiple Russia-based affiliates, according to new information shared by the FBI and Australian law enforcement.

Lumma Stealer on the Rise: How Telegram Channels Are Fueling Malware Proliferation | McAfee Blog

In today’s rapidly evolving cyber landscape, malware threats continue to adapt, employing new tactics and leveraging popular platforms to reach unsuspecting victims. One such emerging threat is the Lumma Stealer.

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement. New techniques used by NodeStealer include using Windows Restart Manager to unlock browser database files.

“Sad announcement” email leads to tech support scam

Tech support scammers are again stooping low with their email campaigns. This one hints that one of your contacts may have met an untimely end. It all starts with an email titled “Sad announcement” followed by a full name of someone you know.

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic.

Amazon and Audible flooded with 'forex trading' and warez listings

Amazon, Amazon Music, and Audible, an Amazon-owned online audiobook and podcast service, have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software.

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags