A critical vulnerability in the NVIDIA Container Toolkit could allow a container to escape and gain full access to the underlying host. Critical vulnerability CVE-2024-0132 (CVSS score 9.0) in the NVIDIA Container Toolkit could allow an attacker to escape the container and gain full access to the underlying host. The vulnerability is a Time-of-check Time-of-Use […]
Microsoft warns that financially motivated threat actor Vanilla Tempest is using INC ransomware in attacks aimed at the healthcare sector in the U.S. Microsoft Threat Intelligence team revealed that a financially motivated threat actor, tracked as Vanilla Tempest (formerly DEV-0832) is using the INC ransomware for the first time to target the U.S. healthcare sector. “Vanilla […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apache OFBiz Incorrect Authorization Vulnerability CVE-2024-38856 (CVSS score of 9.8) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an incorrect authorization issue in Apache OFBiz that impacts versions […]
The Russian national Deniss Zolotarjovs has been charged in a U.S. court for his role in the Karakurt cybercrime gang. Deniss Zolotarjovs (33), a Russian cybercriminal, has been charged in a U.S. court for his role in the Russian Karakurt cybercrime gang. The man has been charged with money laundering, wire fraud, and extortion. The […]
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Deciphering the Brain Cipher Ransomware Ideal typosquat ‘solana-py’ steals your crypto wallet keys Ransomware attackers introduce new EDR killer to their arsenal Beyond the wail: deconstructing the BANSHEE infostealer A Deep Dive into a New ValleyRAT […]
Cisco warns of critical remote code execution zero-day vulnerabilities impacting end-of-life Small Business SPA 300 and SPA 500 series IP phones. Cisco warns of multiple critical remote code execution zero-day vulnerabilities in end-of-life Small Business SPA 300 and SPA 500 series IP phones. “Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 […]
FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the document provides TTPs and IOCs as recently as July 2024. CISA, in collaboration with the FBI, has published a joint advisory on the BlackSuit Ransomware group. The advisory includes recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise […]
Ransomware attacks are the most significant risk for modern organizations, why organizations should avoid paying ransoms. Ransomware attacks are the most significant risk for modern organizations, with the Verizon Data Breach Report 2024 reporting that ransomware is a top threat across 92% of industries. In recent years, the number of ransomware attacks has grown significantly. […]
Today, 24 prisoners were released in an international swap between Russia and Western countries, including convicted Russian cybercriminals. In the recent international prisoner swap two notorious Russian cybercriminals, Roman Seleznev (40) and Vladislav Klyushin (42), are among those released. In December 2017, the Russian hacker Roman Seleznev, aka Track2, Bulba and Ncux, was sentenced to 27 years in prison, he was convicted […]
Zscaler researchers revealed that a company paid a record-breaking $75 million ransom to the Dark Angels ransomware group. Zscaler discovered a record-breaking ransom payment of US$75 million made by a company to the Dark Angels ransomware group. Zscaler did not name the company that paid the $75 million ransom following an attack that occurred in […]