Cybersecurity News

Cybersecurity researchers have identified an actively exploited critical vulnerability in the widely-used WordPress plugin Hunk Companion. The security flaw, designated as CVE-2024-11972, has received a critical CVSS score of 9.8, enabling unauthorized attackers to install malicious plugins on vulnerable WordPress websites without authentication. Vulnerability Impact and Scope The Hunk Companion plugin, which enhances ThemeHunk themes … Read more

Security researchers at Oasis Security have unveiled a significant vulnerability in Microsoft’s Multi-Factor Authentication (MFA) system, dubbed “AuthQuake.” This critical security flaw enabled potential attackers to bypass MFA protections and gain unauthorized access to Microsoft 365 enterprise resources, highlighting substantial risks in what many organizations consider a fundamental security measure. Understanding the AuthQuake Vulnerability: Technical … Read more

A critical security vulnerability in OpenWRT’s Attended SysUpgrade (ASU) system has been identified, potentially enabling malicious actors to distribute compromised firmware to users. The vulnerability, tracked as CVE-2024-54143, has received a critical CVSS score of 9.3, highlighting the significant security implications for OpenWRT users worldwide. Understanding the Security Vulnerabilities The security flaws, discovered by a … Read more

Cybersecurity researchers have uncovered a sophisticated supply chain attack targeting the widely-used Ultralytics YOLO computer vision library. The compromise involved the injection of cryptocurrency mining malware into versions 8.3.41 and 8.3.42 distributed through the Python Package Index (PyPI), affecting thousands of users worldwide. Attack Impact and Scope Assessment The severity of this security incident is … Read more

Romania’s National Cyber Security Directorate (DNSC) has confirmed a significant ransomware attack targeting Electrica Group, the country’s largest energy distributor serving over 3.8 million customers. The attack, attributed to the emerging Lynx ransomware group, represents a concerning escalation in cyber threats against critical energy infrastructure in Eastern Europe. Impact Assessment and Operational Status According to … Read more

Security researchers have uncovered a critical vulnerability in AMD processors that compromises the integrity of encrypted virtual machines in cloud environments. The attack, dubbed BadRAM, can bypass AMD’s SEV-SNP (Secure Encrypted Virtualization-Secure Nested Paging) protection mechanism using readily available hardware costing merely $10, raising significant concerns about cloud infrastructure security. Understanding the BadRAM Attack Vector … Read more

QNAP Systems, a leading network-attached storage (NAS) manufacturer, has released urgent security updates addressing multiple critical vulnerabilities in their QTS and QuTS Hero operating systems. These security flaws, discovered during the prestigious Pwn2Own Ireland competition in fall 2024, pose significant risks to enterprise data security and require immediate attention from system administrators. Critical Security Vulnerabilities … Read more

Cybersecurity researchers at Rapid7 have uncovered a significant evolution in Black Basta ransomware group’s attack methodology, marking a strategic shift toward sophisticated social engineering techniques. Since October 2024, the threat actors have been combining traditional malware deployment with advanced social manipulation, leveraging tools like Zbot and DarkGate to enhance their attack effectiveness. Sophisticated Email Bombing … Read more

Cybersecurity researchers have uncovered a significant security breach affecting Cleo’s enterprise file transfer solutions, potentially impacting over 4,000 organizations worldwide. The critical vulnerability, tracked as CVE-2024-50623, affects popular products including LexiCom, VLTrader, and Harmony, enabling unauthorized file operations and remote code execution capabilities. Understanding the Technical Impact The vulnerability affects all versions of Cleo software … Read more

In a significant breakthrough against cybercrime, Europol has successfully dismantled a sophisticated phishing operation that utilized luxury Airbnb properties as temporary command centers. The December 2024 operation resulted in eight arrests across Belgium and Netherlands, marking a crucial victory in the fight against financial fraud. Innovative Criminal Infrastructure: Luxury Properties as Fraud Centers The criminal … Read more