Category: Cyware News – Latest Cyber News

A critical vulnerability (CVE-2024-2169) in Webmin/Virtualmin control panels allows for launching DoS attacks. This flaw reveals IP addresses through the UDP service on port 10000, enabling attackers to create a loop of traffic between servers. This article has been indexed…

Read more →

The group, active since at least 2023, exclusively targets companies in these countries. They use modern techniques to gain initial access to systems, primarily through phishing emails with custom malware like PhantomDL and PhantomCore. This article has been indexed from…

Read more →

CVE-2024-20017 is a critical zero-click exploit found in popular Wi-Fi chipsets like MediaTek MT7622/MT7915. The vulnerability allows remote code execution without user interaction, posing a severe risk with a CVSS score of 9.8. This article has been indexed from Cyware…

Read more →

A fake OnlyFans tool circulating among hackers promises to help steal accounts but actually infects them with the Lumma stealer malware, as discovered by Veriti Research. This article has been indexed from Cyware News – Latest Cyber News Read the…

Read more →

Local attackers can exploit this weakness through malicious CLI commands without user interaction, but only if they have Administrator privileges. So far, there is no evidence of this vulnerability being exploited in the wild. This article has been indexed from…

Read more →

This campaign, active since July, utilizes at least three malicious ISO files to compromise Malaysian entities, containing components like a malicious executable and a decoy PDF file, ultimately delivering the Babylon RAT as a final payload. This article has been…

Read more →

Discovered by security researcher Rafie Muhammad, the flaw allows unauthorized users to take control of logged-in accounts, potentially gaining administrator privileges on WordPress sites. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…

Read more →

Cisco has issued a warning about a backdoor admin account discovered in the Cisco Smart Licensing Utility (CSLU), allowing unauthorized access to unpatched systems. This critical flaw (CVE-2024-20439) enables remote access with admin privileges. This article has been indexed from…

Read more →

Despite this, the risk is limited as attackers would need physical access to the device, specific knowledge of targeted accounts, and specialized equipment for the attack. This article has been indexed from Cyware News – Latest Cyber News Read the…

Read more →

Google has patched a high-severity vulnerability, known as CVE-2024-32896, in its Android OS actively exploited in the wild. The issue involves a privilege escalation in the Android Framework component. This article has been indexed from Cyware News – Latest Cyber…

Read more →

This method could potentially lead to numerous malicious package downloads. The attack involves hijacking popular projects by registering new projects under the names of removed packages on PyPI. This article has been indexed from Cyware News – Latest Cyber News…

Read more →

A new ransomware variant named Underground, linked to the Russia-based RomCom group, encrypts files on victims’ Windows machines and demands a ransom for decryption. It has been active since July 2023. This article has been indexed from Cyware News –…

Read more →

Two vulnerabilities, CVE-2021-20123 and CVE-2021-20124, pose serious risks for Draytek VigorConnect routers, potentially leading to unauthorized access to sensitive files. Another vulnerability, CVE-2024-7262, affects Kingsoft WPS Office. This article has been indexed from Cyware News – Latest Cyber News Read…

Read more →

Malicious actors potentially utilized the MacroPack red-teaming framework to distribute harmful payloads like Brute Ratel and Havoc tools, as well as a new version of the PhantomCore remote access trojan. This article has been indexed from Cyware News – Latest…

Read more →

The FBI issued a warning about aggressive social engineering attacks by North Korean hacking groups targeting cryptocurrency firms. The attacks involve deploying malware to steal crypto assets through highly targeted tactics that are hard to detect. This article has been…

Read more →

The industry remains largely unscathed by cyber threats, but recent events like the JBS ransomware attack highlight vulnerabilities. The sector’s increased automation makes it a target for hackers, posing risks to the US food supply. This article has been indexed…

Read more →

The Dutch Data Protection Authority (Dutch DPA) fined Clearview AI $34 million for the illegal creation of a facial image database. If Clearview AI does not comply, an additional fine of up to $5.5 million will be imposed. This article…

Read more →

The latest version 4.0.1 of the Payment Card Industry Data Security Standard (PCI DSS) has introduced key changes to address the evolving digital landscape. While some requirements are already in effect, others will come into play by April 2025. This…

Read more →

Ransomware groups are increasingly weaponizing stolen data to pressure victims into paying. They analyze data to maximize damage and create opportunities for extortion, targeting business leaders and employees for blame. This article has been indexed from Cyware News – Latest…

Read more →

The Biden administration has dropped its appeal of a court decision that rejected new regulations restricting hospitals’ use of web-tracking tools. A Texas judge ruled the administration’s efforts illegal in June. This article has been indexed from Cyware News –…

Read more →