Uncategorized

CISA added three new vulnerabilities to its KEV catalog of actively exploited vulnerabilities. CVE-2024-4879 ServiceNow Improper Input Validation Vulnerability: ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the …

A scam campaign linked to an unknown threat actor is using an email routing misconfiguration in Proofpoint’s defenses to send millions of fake emails pretending to be from companies like Best Buy, IBM, Nike, and Walt Disney. Guardio Labs named the campaign EchoSpoofing. It started in January 2024. The threat …

Malware based threats increased by 30% in the first half of 2024 compared to the same period in 2023, according to SonicWall’s 2024 Mid-Year Cyber Threat Report. Malware attacks increased significantly from March to May, with a 92% year-on-year increase in May. The firm also observed an average of 526 …

CISA released two advisories about security issues for Industrial Control Systems (ICS) on July 25, 2024. These advisories offer important information about current vulnerabilities and exploits for ICS. ICSA-24-207-01 Siemens SICAM Products: Successful exploitation of these vulnerabilities could allow an attacker to perform an unauthorized password reset which could lead …

AT&T paid a hacker over $300,000 to delete stolen call records and prove the deletion with a video. The hacker from the ShinyHunters group said that AT&T paid the ransom in May. He gave the address of the cryptocurrency wallet where the payment was sent and the address that received …

Banks in Singapore are to phase out the use of phishing-prone One-Time Passwords (OTP) in favour of digital tokens for bank account login. OTP was introduced in the 2000s to enhance online security. However, scammers now use advanced tactics like setting up fake bank websites to easily phish for customers’ …

Apple has warned again iPhone users in 98 countries about potential spyware attacks. This is the second time this year that the company has issued such a warning, after a similar one in April in 92 countries. Apple has been sending notifications regularly since 2021. These notifications have reached users …

The New York Times’ internal source code and data were leaked on the 4chan message board. The new work times confirmed to Bleeping Computer that they were stolen from the company’s GitHub repositories in January 2024. An anonymous user leaked internal data on Thursday. They posted a torrent containing a …

On May 30, 2024, CISA published seven advisories about Industrial Control Systems (ICS). These advisories share important information regarding security issues, vulnerabilities, and exploits related to ICS. ICSA-24-151-01 LenelS2 NetBox ICSA-24-151-02 Fuji Electric Monitouch V-SFT ICSA-24-151-03 Inosoft VisiWin ICSA-24-151-04 Westermo EDW-100 ICSA-22-356-03 Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC …

A federal grand jury indicted Linwei Ding, aka Leon Ding, charging him with four counts of theft of trade secrets in connection with an alleged plan to steal from Google LLC (Google) proprietary information related to artificial intelligence (AI) technology. The announcement was made by Attorney General Merrick B. Garland …