Issues Persist Into Monday, Causing Frustration for Users Microsoft has attributed this past weekend’s widespread Outlook outage to a “problematic code change,” leaving thousands of users unable to access their email accounts. The disruption began around 2100 UTC on Saturday, with more than 30,000 users reporting issues via DownDetector. While Microsoft claims services have since […]
Hackers Leverage Privilege Escalation Flaw in Paragon Partition Manager A zero-day vulnerability in a Microsoft-signed driver from Paragon Software is being actively exploited in ransomware attacks, according to a recent security advisory from CERT Coordination Center (CERT/CC). Researchers discovered five vulnerabilities in the BioNTdrv.sys driver used by Paragon Partition Manager, a tool designed to optimize […]
Attackers Use Typosquatting to Target Developers, Particularly in Finance Cybersecurity researchers have uncovered an ongoing supply chain attack targeting the Go ecosystem, where typosquatted modules are being used to distribute loader malware on Linux and macOS systems. According to Kirill Boychenko, a researcher at Socket, at least seven malicious Go packages have been identified, with […]
Stolen Data Includes Social Security Numbers, Financial Details, and IDs A major data breach at DISA Global Solutions, a U.S.-based employee screening company, has compromised the personal information of over 3.3 million individuals, including more than 360,000 residents in Massachusetts. In a notice posted on April 22, 2024, DISA confirmed it was the victim of […]
Cybersecurity researchers have identified a new tactic used by the Rhadamanthys Infostealer to spread malware, leveraging Microsoft Management Console (MMC) files with the MSC extension. This latest discovery, confirmed by the AhnLab Security Intelligence Center (ASEC), highlights an evolving threat where attackers misuse legitimate administrative tools for malicious purposes. Methods of Exploitation The Rhadamanthys Infostealer […]
Dream, an AI-driven cybersecurity company specializing in national and critical infrastructure protection, has announced the successful closure of a $100 million Series B funding round. Led by Bain Capital Ventures, this latest investment values the company at $1.1 billion. Additional investors include Group 11, Tru Arrow, Tau Capital, and Aleph. The funding will support Dream’s […]
Security researchers warn of ongoing exploitation of a critical vulnerability in SonicWall’s SonicOS. Key Findings: Ongoing Exploitation and Threat Landscape SonicWall initially patched CVE-2024-53704 after researchers from Computest Security disclosed the flaw. At the time of the patch release, the company stated it had no evidence of active exploitation. However, subsequent findings suggest otherwise. Researchers […]
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert warning of recent ransomware activity by the group known as Ghost, also referred to as Cring. According to the advisory released on Wednesday, the group has been actively exploiting vulnerabilities in software and firmware as recently as January. Operating from China, […]
Digital payments leader PayPal has agreed to pay a $2 million fine following a cybersecurity incident in December 2022 that exposed thousands of Social Security numbers, according to New York state regulators. The penalty resolves violations of New York’s financial cybersecurity regulations, which require companies like PayPal to employ qualified personnel to manage critical cybersecurity […]
A team of researchers has uncovered over 100 security vulnerabilities affecting LTE and 5G network implementations, which could potentially be exploited to disrupt services or gain unauthorized access to cellular core networks. The study identified 119 vulnerabilities, with 97 assigned unique CVE identifiers, spanning seven LTE implementations—Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, and srsRAN—and three […]