Cybersecurity Articles

06/68 Monday, January 6, 2025 The Android malware FireScam has been discovered masquerading as a Telegram Premium app and spreading through a phishing website hosted on GitHub that mimics the appearance of RuStore, a Russian app marketplace. RuStore was launched in 2022 as an alternative to Google Play and the App Store following tech sanctions […]

05/68 Monday, January 6, 2025 The US Department of the Treasury has imposed sanctions on Integrity Tech, a Beijing-based cybersecurity company, after identifying its involvement in cyberattacks linked to the hacker group Flax Typhoon, which is allegedly backed by the Chinese government. The Office of Foreign Assets Control (OFAC) stated that Integrity Tech was used […]

04/68 Friday, January 3, 2025 Lumen has reported that it successfully blocked the Salt Typhoon hacker group, linked to China, from accessing its network, confirming that no customer data was accessed or leaked. Salt Typhoon, also known as FamousSparrow and GhostEmperor, has been active since 2019, targeting government agencies and global telecommunications companies. Most recently, […]

03/68 Friday, January 3, 2025 The role of AI is becoming a critical focus for organizations worldwide in 2025. Analysts believe that the use of Generative Artificial Intelligence (GenAI) and Large Language Models (LLMs) will significantly enhance productivity and efficiency. However, these advancements also introduce new challenges in terms of security, privacy, and governance. The […]

02/68 Thursday, January 2, 2025 The U.S. Department of the Treasury, under the Office of Foreign Assets Control (OFAC), has sanctioned organizations in Iran and Russia for attempting to interfere in the 2024 U.S. presidential election. The Iranian organization, the Cognitive Design and Planning Center (CDPC), operates under the Islamic Revolutionary Guard Corps (IRGC) and […]

01/68 Thursday, January 2, 2025 The U.S. Department of Justice (DoJ) has announced the final rule for implementing Executive Order (EO) 14117, aimed at regulating the mass transfer of personal data to countries considered potential threats, such as China, Cuba, Iran, North Korea, Russia, and Venezuela. This new rule stems from President Joe Biden’s executive […]

461/67 Friday, December 27, 2024 The Apache Software Foundation (ASF) has released a security update to address a critical vulnerability in Apache Traffic Control that could allow malicious actors to execute harmful SQL commands on the database. Identified as CVE-2024-45387, the vulnerability has been assigned a CVSS score of 9.9 out of 10.0. It affects […]

460/67 Friday, December 27, 2024 Cybersecurity researchers from Claroty have uncovered critical vulnerabilities in the cloud platform and networking devices of Ruijie Networks, potentially allowing attackers to gain control over more than 50,000 networking devices worldwide. Additionally, new flaws have been identified in the MIB3 infotainment system used in Skoda vehicles, enabling attackers to eavesdrop, […]

459/67 Thursday, December 26, 2024 The Apache Software Foundation (ASF) has addressed a critical vulnerability in the Tomcat server software, identified as CVE-2024-56337. Researchers have warned that this flaw could be exploited to achieve Remote Code Execution (RCE) under certain conditions. Apache Tomcat is an open-source software platform supporting Java Servlet, JavaServer Pages (JSP), Jakarta […]

458/67 Thursday, December 26, 2024 A new botnet has been discovered exploiting vulnerabilities in network devices, primarily targeting DigiEver’s DS-2105 Pro Network Video Recorders (NVR), outdated TP-Link routers, and Teltonika RUT9XX routers with old firmware. This campaign began in September 2024, with the main vulnerability in DigiEver NVRs being a remote code execution (RCE) flaw. […]