429/67 Monday, December 2, 2024 The Ugandan government confirmed on Thursday that the country’s central bank was the target of a cyberattack by a criminal group seeking financial gain, resulting in significant monetary losses. The incident is under investigation by the Criminal Investigations Directorate and the Auditor General’s office. Henry Musasizi, Uganda’s Minister of State […]
428/67 Monday, December 2, 2024 McAfee security researchers have uncovered 15 SpyLoan applications on the Android platform available in the Google Play Store, with a total of over 8 million installations. These apps primarily target users in South America, Southeast Asia, and Africa. Far from being simple loan tools, they act as a means to […]
427/67 Friday, November 29, 2024 VMware has released a security update to address five vulnerabilities in its Aria Operations product (formerly known as VMware vRealize Operations), a comprehensive cloud management platform. These vulnerabilities could potentially be exploited for privilege escalation and cross-site scripting (XSS) attacks. The details of the vulnerabilities are as follows: Users of […]
426/67 Friday, November 29, 2024 A group of hackers has leveraged the popular open-source Godot Engine to develop and distribute malware called GodLoader. This malware is designed to evade antivirus detection and has already infected over 17,000 systems within just three months. According to Check Point, a cybersecurity research company, GodLoader targets multiple platforms, including […]
425/67 Thursday, November 28, 2024 Two critical vulnerabilities, identified as CVE-2024-10542 and CVE-2024-10781, have been discovered in the Spam Protection, Anti-Spam, and Firewall components of WordPress. These vulnerabilities could allow unauthenticated attackers to install and activate malicious plugins on vulnerable websites, potentially leading to remote code execution. Both vulnerabilities have a CVSS severity score of […]
424/67 Thursday, November 28, 2024 The State of New York has fined two auto insurance companies, GEICO and Travelers Indemnity, a total of $11.3 million for failing to secure customer data adequately. This failure allowed cybercriminals to steal the personal information of over 12,000 individuals and use it to file fraudulent unemployment claims during the […]
423/67 Wednesday, November 27, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-28461, with a CVSS score of 9.8, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability affects Array Networks AG Series and vxAG ArrayOS (version 9.4.0.481 and earlier). The vulnerability allows attackers to exploit the SSL VPN Gateway through unauthenticated […]
422/67 Wednesday, November 27, 2024 The Russian state-sponsored cyber threat group RomCom has been discovered exploiting critical vulnerabilities in Mozilla Firefox and Microsoft Windows to attack victim systems with a backdoor malware of the same name. These attacks leverage vulnerabilities that enable the execution of malicious code without user interaction. The operation involves two major […]
421/67 Tuesday, November 26, 2024 The U.S. Department of Justice (DoJ) has seized the PopeyeTools website, a dark web marketplace for selling stolen credit card data, and charged three administrators: Abdul Ghaffar, Abdul Sami, and Javed Mirza. They face charges of access device fraud and trafficking in data related to cybercrimes such as financial data […]
420/67 Tuesday, November 26, 2024 A Russian-linked cyber threat group has been identified as the perpetrator behind a cyber-espionage campaign targeting Central Asia, East Asia, and Europe. The campaign utilizes custom-tailored malware to steal critical information. According to Insikt Group, part of Recorded Future, the threat actor has been named TAG-110, which has ties to […]
