-
Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system.…
-
Guide to Smart Windows 11 Settings to Boost Your Productivity
The newest Windows OS is fast gaining ground on Windows 10. As of August 2024, Windows 11 had over 31% of the Windows market share. That is bound to increase fast as Windows 10 retires in 2025. Already upgraded to the new operating system or planning to soon? Then, you’ll love these tips on optimizing…
-
Iran’s Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware
The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed the new version BellaCPP, said it discovered the artifact as part of a “recent” investigation into a compromised machine in Asia that was also infected with the…
-
Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts
Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and cometlogger, attracted 118 and 164 downloads each, prior to them being taken down.
-
North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin
Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. “The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces,” the agencies said. “TraderTraitor activity is often characterized by…
-
Italy Fines OpenAI €15 Million for ChatGPT GDPR Data Privacy Violations
Italy’s data protection authority has fined ChatGPT maker OpenAI a fine of €15 million ($15.66 million) over how the generative artificial intelligence application handles personal data. The fine comes nearly a year after the Garante found that ChatGPT processed users’ information to train its service in violation of the European Union’s General Data Protection Regulation…
-
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department…
-
Protect Yourself: 8 Steps to Take When You Get a Notice Your Data Was Breached
When it happens, you feel powerless. You get an email or letter from a business saying someone breached your data. It happens all too often today. Data breaches happen at banks, online sites like Facebook, and ecommerce stores. Not only that, but governments are also victims. This leaves things like your address, SSN, and credit…
-
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular…
-
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm…
