Cybersecurity News

Cybersecurity researchers at Positive Technologies have uncovered a significant security vulnerability dubbed “DaMAgeCard,” which exploits Direct Memory Access (DMA) capabilities in SD Express memory cards. This discovery raises serious concerns about the security of devices supporting high-speed SD Express technology, particularly when attackers gain physical access to the target device. Understanding the Technical Foundation of … Read more

In a significant breakthrough for international law enforcement, Operation Passionflower has successfully dismantled Matrix, a sophisticated encrypted communication platform primarily utilized by criminal organizations. The operation, coordinated by Europol and Eurojust, involved a strategic takeover of the platform in early 2024, enabling authorities to monitor criminal communications for three months before the final takedown. Technical … Read more

Germany’s Federal Criminal Police Office (BKA) has successfully dismantled Crimenetwork, one of the largest German-language darknet marketplaces, marking a significant victory in the ongoing battle against cybercrime. The platform, which had operated since 2012, served as a hub for trading stolen data, illicit substances, and forged document services, demonstrating the persistent challenge of underground digital … Read more

Security researchers at VulnCheck have uncovered a large-scale cyber attack campaign targeting ProjectSend servers worldwide. The attacks exploit a critical authentication bypass vulnerability (CVE-2024-11680) rated 9.8 on the CVSS scale, highlighting an urgent security concern for organizations using this popular file-sharing solution. Despite a patch being available for over 18 months, an alarming 99% of … Read more

McAfee’s cybersecurity researchers have uncovered a widespread malware campaign operating through Google Play Store, with 15 malicious applications from the SpyLoan family accumulating over 8 million installations. The sophisticated operation primarily targets users in developing regions across South America, Southeast Asia, and Africa, exploiting vulnerable populations seeking financial assistance. Understanding SpyLoan’s Deceptive Operations The malicious … Read more

In a groundbreaking cybersecurity operation, South Korean law enforcement agencies have uncovered a sophisticated scheme involving the manufacture and distribution of malicious satellite receivers designed to conduct Distributed Denial of Service (DDoS) attacks. The operation resulted in the arrest of six individuals, including the CEO of a technology company, who were responsible for producing over … Read more

Cybersecurity researchers have discovered groundbreaking details about Bootkitty, the first-ever UEFI bootkit specifically designed to target Linux systems. This sophisticated malware exploits the critical LogoFAIL vulnerability (CVE-2023-40238) to compromise devices with vulnerable firmware, marking a significant development in the evolution of Linux-targeted threats. Technical Analysis: Bootkitty’s Advanced Attack Mechanism According to Binarly’s security analysis, Bootkitty … Read more

Security researchers have identified a critical vulnerability (CVE-2024-8785) in Progress WhatsUp Gold network monitoring solution, receiving the highest CVSS severity score of 9.8. This severe security flaw enables unauthorized attackers to execute arbitrary code remotely on vulnerable systems without requiring authentication, potentially compromising entire corporate networks. Technical Analysis of the Vulnerability The vulnerability affects WhatsUp … Read more

A significant cybersecurity incident has emerged as threat actors exposed sensitive data of more than 760,000 employees from leading global corporations on the Breached hacking forum. This latest development in the ongoing MOVEit Transfer platform compromise has affected major organizations including Bank of America, Nokia, and Morgan Stanley, marking another critical episode in the series … Read more

Cybersecurity researchers at Aqua Security have uncovered a sophisticated botnet operation codenamed “Matrix,” which poses a significant threat to Internet of Things (IoT) devices and cloud infrastructure worldwide. This emerging threat leverages multiple attack vectors to compromise vulnerable devices and orchestrate large-scale DDoS attacks, marking a concerning evolution in botnet capabilities. Global Impact and Strategic … Read more