Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Stolen Path of Exile 2 admin account used to hack player accounts
Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November. The breached admin account allowed the threat actors to change the passwords of other accounts, with many losing their […]
Microsoft: macOS bug lets hackers install malicious kernel drivers
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. System Integrity Protection (SIP), or ‘rootless,’ is a macOS security feature that prevents malicious software from altering specific folders and files by limiting the root user account’s powers in protected […]
Hackers exploit critical Aviatrix Controller RCE flaw in attacks
Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. The Aviatrix Controller, part of the Aviatrix Cloud Networking Platform, enhances networking, security, and operational visibility for multi-cloud environments. It is used by enterprises, DevOps teams, network engineers, cloud architects, and managed […]
UK domain registry Nominet confirms breach via Ivanti zero-day
Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. The company manages and operates over 11 million .uk, .co.uk, and .gov .uk domain names and other top-level domains, including .cymru and .wales. It also […]
Ransomware abuses Amazon AWS feature to encrypt S3 buckets
A new ransomware campaign encrypts Amazon S3 buckets using AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key. The campaign was discovered by Halcyon, who reported that a threat actor named “Codefinger” had encrypted at least two victims. However, the operation could escalate or the […]
Scammers file first — Get your IRS Identity Protection PIN now
The IRS relaunched its Identity Protection Personal Identification Number (IP PIN) program this week and all US taxpayers are encouraged to enroll for added security against identity theft and fraudulent returns. An Identity Protection PIN (IP PIN) is a six-digit number assigned to a taxpayer that must be used when filing a tax return. This number […]
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka “LDAPNightmare”) on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. The tactic isn’t novel, as there have been multiple documented cases of malicious tools disguised as PoC exploits on GitHub. However, this case, discovered by Trend Micro, highlights that threat actors continue to […]
Telefónica confirms internal ticketing system breach after data leak
Spanish telecommunications company Telefónica confirms an internal ticketing system was breached after stolen data was leaked on a hacking forum. Telefónica is a Spanish multinational telecommunications company operating in twelve countries with over 104,000 employees. The company is the largest telecommunications firm in Spain, operating under the name Movistar. In an email to GeekFeed today, […]
New Web3 attack exploits transaction simulations to steal crypto
Threat actors are employing a new tactic called “transaction simulation spoofing” to steal crypto, with one attack successfully stealing 143.45 Ethereum, worth approximately $460,000. The attack, spotted by ScamSniffer, highlights a flaw in transaction simulation mechanisms used in modern Web3 wallets, meant to safeguard users from fraudulent and malicious transactions. How the attack works Transaction simulation […]