Category: Security Affairs

A high-severity flaw in the WordPress LiteSpeed Cache plugin could allow attackers to execute arbitrary JavaScript code under certain conditions. A high-severity security flaw, tracked as CVE-2024-47374 (CVSS score 7.2), in the LiteSpeed Cache plugin for WordPress could allow attackers…

Read more →

Apple released iOS 18.0.1 update that addressed two vulnerabilities that exposed passwords and audio snippets to attackers. Apple released iOS 18.0.1 and iPadOS 18.0.1 updates to fix two vulnerabilities, respectively tracked as CVE-2024-44207 and CVE-2024-44204. The company addressed the vulnerability…

Read more →

Google removed Kaspersky ‘s Android security apps from the Play Store and suspended its developer accounts over the weekend. Over the weekend, all the Android products designed by the Russian cybersecurity firm Kaspersky were removed from the official Google Play in…

Read more →

perfctl malware targets misconfigured Linux servers to deploy cryptocurrency miners and proxyjacking software in an ongoing campaign. Aqua Nautilus researchers shed light on a Linux malware, dubbed perfctl malware, that over the past 3-4 years targeted misconfigured Linux servers. The…

Read more →

Microsoft and the U.S. DoJ seized over 100 domains used by the Russia-linked Callisto Group for launching attacks on U.S. government and nonprofits. The Justice Department revealed the unsealing of a warrant to seize 41 domains used by Russia-linked Callisto…

Read more →

The Dutch government blames a “state actor” for hacking a police system, exposing the contact details of all police officers, according to the justice minister. The Dutch police blame a state actor for the recent data breach that exposed officers’…

Read more →

Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise…

Read more →

Cloudflare recently mitigated a new record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion packets per second (Pps). Cloudflare reported that starting from early September, it has mitigated over 100 hyper-volumetric L3/4 DDoS attacks, with many exceeding 2 billion…

Read more →

Telegram fulfilled over a dozen U.S. law enforcement data requests this year, potentially revealing the IP addresses or phone numbers of 100+ users. Independent website 404 Media first revealed that in 2024 Telegram has fulfilled more than a dozen law…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Endpoint Manager (EPM) vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-29824 (CVSS score of 9.6)…

Read more →

Multiple flaws in DrayTek residential and enterprise routers can be exploited to fully compromise vulnerable devices. Forescout researchers discovered 14 new vulnerabilities in DrayTek routers, two of which have been rated as critical. Of the 14 security flaws nine are…

Read more →

The Rhadamanthys information stealer has been upgraded with advanced features, including the use of artificial intelligence (AI) for optical character recognition (OCR). Researchers at the Recorded Future’s Insikt group have documented the evolution of the Rhadamanthys info stealer. The malware…

Read more →

Threat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519 in Synacor’s Zimbra Collaboration. Proofpoint cybersecurity researchers reported that threat actors are attempting to exploit a recently disclosed vulnerability, tracked as CVE-2024-45519, in Synacor’s Zimbra Collaboration. Starting on September 28, 2024,…

Read more →

An international police operation led to the arrest of four individuals linked to the LockBit ransomware group, including a developer. Europol, the UK, and the US law enforcement authorities announced a new operation against the LockBit ransomware gang. The police…

Read more →

US healthcare provider UMC Health System had to divert patients due to a network outage caused by a ransomware attack. On September 27, 2024, US healthcare provider UMC Health System announced an investigation into an IT outage across its network.…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux…

Read more →

AFP suffered a cyberattack affecting its IT systems and content delivery for partners, the incident impacted some client services. Agence France-Presse (AFP) reported a cyberattack on Friday that impacted its IT systems and content delivery for partners. The media agency…

Read more →

North Korea-linked APT Kimsuky has been linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems. North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the…

Read more →

The ransomware attack on Patelco Credit Union this summer led to a data breach affecting over 1 million individuals, revealed the company. Patelco Credit Union is a member-owned, not-for-profit credit union that serves Northern California, particularly the San Francisco Bay Area.…

Read more →

Community Clinic of Maui experienced a data breach impacting over 120,000 people following a LockBit ransomware attack. In May, the Community Clinic of Maui experienced a major IT outage that impacted thousands of patients following a cyber attack. In June,…

Read more →