Cybersecurity researchers have identified a new tactic used by the Rhadamanthys Infostealer to spread malware, leveraging Microsoft Management Console (MMC) files with the MSC extension. This latest discovery, confirmed by the AhnLab Security Intelligence Center (ASEC), highlights an evolving threat where attackers misuse legitimate administrative tools for malicious purposes. Methods of Exploitation The Rhadamanthys Infostealer […]
Dream, an AI-driven cybersecurity company specializing in national and critical infrastructure protection, has announced the successful closure of a $100 million Series B funding round. Led by Bain Capital Ventures, this latest investment values the company at $1.1 billion. Additional investors include Group 11, Tru Arrow, Tau Capital, and Aleph. The funding will support Dream’s […]
Security researchers warn of ongoing exploitation of a critical vulnerability in SonicWall’s SonicOS. Key Findings: Ongoing Exploitation and Threat Landscape SonicWall initially patched CVE-2024-53704 after researchers from Computest Security disclosed the flaw. At the time of the patch release, the company stated it had no evidence of active exploitation. However, subsequent findings suggest otherwise. Researchers […]
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert warning of recent ransomware activity by the group known as Ghost, also referred to as Cring. According to the advisory released on Wednesday, the group has been actively exploiting vulnerabilities in software and firmware as recently as January. Operating from China, […]
Digital payments leader PayPal has agreed to pay a $2 million fine following a cybersecurity incident in December 2022 that exposed thousands of Social Security numbers, according to New York state regulators. The penalty resolves violations of New York’s financial cybersecurity regulations, which require companies like PayPal to employ qualified personnel to manage critical cybersecurity […]
A team of researchers has uncovered over 100 security vulnerabilities affecting LTE and 5G network implementations, which could potentially be exploited to disrupt services or gain unauthorized access to cellular core networks. The study identified 119 vulnerabilities, with 97 assigned unique CVE identifiers, spanning seven LTE implementations—Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, and srsRAN—and three […]
State-linked hackers were implicated in a series of cyberattacks in December, resulting in the theft of unclassified data from the U.S. Treasury Department, among other incidents. BeyondTrust confirmed that 17 customers were affected by the attack, which involved the compromise of a Remote Support SaaS API key. The attack, attributed to a state-linked threat actor, […]
Conduent, a New Jersey-based contractor that provides technology solutions for social service agencies and transit systems across the U.S., has confirmed that it was the target of a cyberattack. The incident disrupted operations and caused delays in child support payment processing in multiple states, including Wisconsin. The attack first came to light when Wisconsin officials […]
The growing security threats posed by advancements in artificial intelligence are well-documented, impacting billions of Gmail users, bank customers, and even individuals targeted through smartphone calls and messages. The FBI has issued warnings about such dangers, highlighting the risks AI poses when exploited by malicious actors. Adding to these concerns, researchers have recently identified GhostGPT, […]
The Pittsburgh Regional Transit (PRT) authority experienced a ransomware attack last week, causing temporary disruptions to the city’s public transportation system. The attack, initially detected on December 19, briefly affected rail services, according to a statement from PRT. Initially reported by WPXI Channel 11 as an internet outage, the incident caused delays of up to […]