Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
New IOCONTROL malware used in critical infrastructure attacks
Iranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. Targeted devices include routers, programmable logic controllers (PLCs), human-machine interfaces (HMIs), IP cameras, firewalls, and fuel management systems. The malware’s modular nature makes it capable of […]
Spain busts voice phishing ring for defrauding 10,000 bank customers
The Spanish police, working with colleagues in Peru, conducted a simultaneous crackdown on a large-scale voice phishing (vishing) scam ring in the two countries, arresting 83 individuals. Thirty-five of the arrested people were located across Spain, including in Madrid, Barcelona, Mallorca, Salamanca, and Vigo, and another 48 were arrested in Peru. The leader of the […]
Cleo patches critical zero-day exploited in data theft attacks
Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. In October, the company patched a pre-auth remote code execution vulnerability (CVE-2024-50623) in its managed file transfer software and recommended that “all customers upgrade immediately.” Huntress security researchers first spotted evidence of attacks targeting fully […]
US offers $5 million for info on North Korean IT worker farms
The U.S. State Department is offering a reward of up to $5 million for information that could help disrupt the activities of North Korean front companies and employees who generated over $88 million via illegal remote IT work schemes in six years. The two companies, Chinese-based Yanbian Silverstar and Volasys Silverstar from Russia, tricked businesses worldwide […]
Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed
US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. Byte Federal is the largest US operator of Bitcoin ATMs across the United States, with over 1,200 ATMs located in forty-two states, allowing people to exchange cash for cryptocurrency. […]
Hunk Companion WordPress plugin exploited to install vulnerable plugins
Hackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. By installing outdated plugins with known vulnerabilities with available exploits, the attackers can access a large pool of flaws that lead to remote code execution (RCE), SQL injection, cross-site scripting (XSS) […]
New EagleMsgSpy Android spyware used by Chinese police, researchers say
A previously undocumented Android spyware called ‘EagleMsgSpy’ has been discovered and is believed to be used by law enforcement agencies in China to monitor mobile devices. According to a new report by Lookout, the spyware was developed by Wuhan Chinasoft Token Information Technology Co., Ltd. and has been operational since at least 2017. Lookout presents abundant […]
Hunk Companion WordPress plugin exploited to install vulnerable plugins
Hackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. By installing outdated plugins with known vulnerabilities with available exploits, the attackers can access a large pool of flaws that lead to remote code execution (RCE), SQL injection, cross-site scripting (XSS) […]
Russian cyber spies hide behind other hackers to target Ukraine
Russian cyber-espionage group Turla, aka “Secret Blizzard,” is utilizing other threat actors’ infrastructure to target Ukrainian military devices connected via Starlink. Microsoft and Lumen recently exposed how the nation-state actor, who is linked to Russia’s Federal Security Service (FSB), is hijacking and using malware and servers of the Pakistani threat actor Storm-0156. Microsoft released another report […]
Operation PowerOFF shuts down 27 DDoS-for-hire platforms
Law enforcement agencies from 15 countries have taken 27 DDoS-for-hire services offline, also known as “booters” or “stressers,” arrested three administrators, and identified 300 customers of the platforms. The action is part of ‘Operation PowerOFF,’ an international initiative to combat cybercrime, specifically distributed denial-of-service (DDoS) attacks. DDoS-for-hire services are platforms that utilize botnets on compromised […]