• Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

    Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

    A security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and…

    Read More

  • DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

    DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

    The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People’s Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations. “The conspirators, who…

    Read More

  • Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

    Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

    Iran-affiliated threat actors have been linked to a new custom malware that’s geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras,…

    Read More

  • How to Generate a CrowdStrike RFM Report With AI in Tines

    How to Generate a CrowdStrike RFM Report With AI in Tines

    Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform.  Their bi-annual “You Did What with Tines?!” competition highlights some of the most…

    Read More

  • New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

    New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

    Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection. “PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with

    Read More

  • ‘Democracy: A Public Conversation’ Dec. 17 at the Rockford Grange

    ‘Democracy: A Public Conversation’ Dec. 17 at the Rockford Grange

    HOOD RIVER — The Mid-Columbia Unitarian Universalist Fellowship invites the public to participate in a conversation about democracy on Tuesday evening, Dec. 17, at the Rockford Grange from 7-8:30 p.m.

    Read More

  • Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions

    Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions

    In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a…

    Read More

  • Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar

    Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar

    Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management (PAM) solutions often fall short, leaving: Blind spots that limit full visibility. Complex deployment processes.

    Read More

  • Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals’ Data

    Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals’ Data

    Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. “The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy,” Cado Security researcher…

    Read More

  • Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

    Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

    In a historic decision, Romania’s constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference. As a result, the second round vote, which was scheduled for December 8, 2024, will no longer take place. Călin Georgescu, who won the first round, denounced the verdict…

    Read More