Intel
The ransomware group who has appropriated the name Cicada3301 has taken responsibility for a significant data breach involving Concession Peugeot, a notable car dealership in France associated with the Peugeot name. This breach, which reportedly compromised 35GB of confidential data, continues the group's aggressive ransomware activities. Date of
Discovery and Capabilities On December 13, 2024, cybersecurity experts revealed a sophisticated Linux rootkit named PUMAKIT, which has the capacity to escalate privileges, hide files and directories, and avoid detection by system tools. According to a report by Elastic Security Lab researchers Remco Sprooten and Ruben Groenewoud, PUMAKIT uses advanced
Cleo, a leading provider of file-transfer software, has issued an urgent security warning urging users to patch an actively exploited vulnerability affecting its Harmony, VLTrader, and LexiCom products. This vulnerability, which allows unauthenticated users to execute arbitrary commands on the host system, has been observed in widespread exploitation across the
A critical security flaw in the WordPress plugin, Hunk Companion, which supports 10,000 sites, remains largely unpatched, leaving thousands vulnerable to malicious attacks. Despite a recent fix, the majority of users are yet to apply the update. Vulnerability Identifier CVE-2024-11972 Severity Rating: 9.8 out of 10 Affected Plugin:
Recent research has revealed a significant security vulnerability affecting hundreds of thousands of Prometheus servers and exporters, leaving them susceptible to password exposure, denial-of-service (DoS) attacks, and repojacking threats. Prometheus is a widely-used open-source monitoring tool vital for application performance and cloud infrastructure oversight. However, its potential exposure risks are
Oasis Security has unveiled a vulnerability in Microsoft's multi-factor authentication (MFA) system, allowing circumvention by malicious actors. This exploit, termed AuthQuake, was initially reported to Microsoft in late June, leading the company to issue a temporary workaround, followed by a comprehensive patch released in October. Critical Exposure The
In a strategic cyber espionage campaign, the Russian-affiliated group known as Secret Blizzard, also referred to as Turla, has been implicated in leveraging malware from various sources to deploy the Kazuar backdoor on targets within Ukraine. This revelation comes from Microsoft’s threat intelligence team, which observed these activities occurring
A newly discovered Android spyware, identified as 'EagleMsgSpy,' is reportedly being utilized by law enforcement agencies in China to conduct surveillance on mobile devices, according to cybersecurity firm Lookout. Origins and Evidence EagleMsgSpy, developed by Wuhan Chinasoft Token Information Technology Co., Ltd., has been in existence since at
A critical vulnerability in Microsoft Azure's multifactor authentication (MFA) was recently exposed by researchers at Oasis Security, allowing unauthorized access to user accounts in under an hour. This flaw put over 400 million Microsoft 365 seats at risk, as it permitted access to email, OneDrive, Teams, and more