-
"US Charges Russian Involved in 2013 Hacking of Neiman Marcus, Michaels"The US Justice Department recently announced separate charges against two Russian nationals accused of being involved in cybercriminal activities, including a man allegedly involved in the 2013 hacking of retailers Michaels and Neiman Marcus.
-
"CISA Issues Emergency Directive Requiring Federal Agencies to Mitigate Ivanti Connect Secure and Policy Secure Vulnerabilities"The Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 24-01 in response to the widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure appliances.
-
"Google: Russia's ColdRiver APT Unleashes Custom 'Spica' Malware"The Russia-backed Advanced Persistent Threat (APT) group ColdRiver, also known as Blue Charlie, Callisto, Star Blizzard, or UNC4057, has unleashed custom malware called Spica.
-
"VMware Confirms Critical vCenter Flaw Now Exploited in Attacks"VMware has confirmed the active exploitation of a critical vCenter Server Remote Code Execution (RCE) that was patched in October 2023.
-
"US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities"
The US government recently published new guidance aimed at helping organizations in the water and wastewater (WWS) sector improve their cyber resilience and incident response capabilities.
-
"Protect AI Finds Vulnerabilities in Open-Source AI and Machine Learning Tools"Protect AI has released a new report highlighting vulnerabilities recently discovered in open-source Artificial Intelligence (AI) and Machine Learning (ML) tools by its bug bounty program.
-
"New Docker Malware Steals CPU for Crypto and Drives Fake Website Traffic"A novel campaign is targeting vulnerable Docker services, with threat actors deploying both the XMRig cryptocurrency miner and the 9Hits Viewer software as part of a multi-pronged monetization strategy.
-
"Poorly Secured PostgreSQL, MySQL Servers Targeted by Ransomware Bot"
Border0 researchers warn that users who expose poorly secured PostgreSQL and MySQL servers online risk having their databases wiped by a ransomware bot. The attackers request a small sum to return and not publish the data.
-
"'Chaes' Infostealer Code Contains Hidden Threat Hunter Love Notes"An analysis of Chaes version 4.1 reveals hidden ASCII art and a message to cybersecurity researchers, thanking them for their interest in the malware. The current Chaes campaign uses a Portuguese-language email regarding an important legal matter.
-
"Have I Been Pwned Adds 71 Million Emails From Naz.API Stolen Account List"
Have I Been Pwned has added about 71 million email addresses associated with stolen accounts listed in the Naz.API data set to its data breach notification service.
-
"Energy Department to Invest $30 Million in Clean Energy Cybersecurity Solutions"The US Department of Energy (DoE) recently announced plans to invest $30 million in projects aimed at securing the clean energy infrastructure against cyber threats.
-
"Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks"
According to CISA, the Rapid SCADA open source industrial automation platform is affected by several vulnerabilities that could allow hackers to gain access to sensitive industrial systems, but the flaws remain unpatched. R
News