Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Germany blocks BadBox malware loaded on 30,000 Android devices
Germany’s Federal Office for Information Security (BSI) has disrupted the BadBox malware operation pre-loaded in over 30,000 Android IoT devices sold in the country. The types of impacted devices include digital picture frames, media players and streamers, and potentially smartphones and tablets. BadBox is an Android malware that comes pre-installed in an internet-connected device’s firmware […]
New stealthy Pumakit Linux rootkit malware spotted in the wild
A new Linux rootkit malware called Pumakit has been discovered that uses stealth and advanced privilege escalation techniques to hide its presence on systems. The malware is a multi-component set that includes a dropper, memory-resident executables, a kernel module rootkit, and a shared object (SO) userland rootkit. Elastic Security discovered Pumakit in a suspicious binary (‘cron’) upload […]
Police shuts down Rydox cybercrime market, arrests 3 admins
Albanian law enforcement has seized the Rydox cybercrime marketplace and arrested three administrators in collaboration with international partners. Kosovo nationals Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli were arrested on Thursday by Kosovo law enforcement and Albania’s Special Anti-Corruption Body (SPAK). The U.S. Justice Department indicted the first two for involvement in Rydox’s operations, and they’re awaiting extradition to […]
New IOCONTROL malware used in critical infrastructure attacks
Iranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. Targeted devices include routers, programmable logic controllers (PLCs), human-machine interfaces (HMIs), IP cameras, firewalls, and fuel management systems. The malware’s modular nature makes it capable of […]
Spain busts voice phishing ring for defrauding 10,000 bank customers
The Spanish police, working with colleagues in Peru, conducted a simultaneous crackdown on a large-scale voice phishing (vishing) scam ring in the two countries, arresting 83 individuals. Thirty-five of the arrested people were located across Spain, including in Madrid, Barcelona, Mallorca, Salamanca, and Vigo, and another 48 were arrested in Peru. The leader of the […]
Cleo patches critical zero-day exploited in data theft attacks
Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. In October, the company patched a pre-auth remote code execution vulnerability (CVE-2024-50623) in its managed file transfer software and recommended that “all customers upgrade immediately.” Huntress security researchers first spotted evidence of attacks targeting fully […]
US offers $5 million for info on North Korean IT worker farms
The U.S. State Department is offering a reward of up to $5 million for information that could help disrupt the activities of North Korean front companies and employees who generated over $88 million via illegal remote IT work schemes in six years. The two companies, Chinese-based Yanbian Silverstar and Volasys Silverstar from Russia, tricked businesses worldwide […]
Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed
US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. Byte Federal is the largest US operator of Bitcoin ATMs across the United States, with over 1,200 ATMs located in forty-two states, allowing people to exchange cash for cryptocurrency. […]
Hunk Companion WordPress plugin exploited to install vulnerable plugins
Hackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. By installing outdated plugins with known vulnerabilities with available exploits, the attackers can access a large pool of flaws that lead to remote code execution (RCE), SQL injection, cross-site scripting (XSS) […]
New EagleMsgSpy Android spyware used by Chinese police, researchers say
A previously undocumented Android spyware called ‘EagleMsgSpy’ has been discovered and is believed to be used by law enforcement agencies in China to monitor mobile devices. According to a new report by Lookout, the spyware was developed by Wuhan Chinasoft Token Information Technology Co., Ltd. and has been operational since at least 2017. Lookout presents abundant […]