Phemex, a cryptocurrency exchange based in Singapore, suffered a significant cyberattack that resulted in the theft of $85 million worth of digital assets. The platform’s hot wallets, which are linked to the internet for real-time transactions, were the primary target…
Tag: Cyber Security News
Vulnerabilities in Telecom Networks Let Hackers Gain Access to 3,000 Companies
Cybersecurity researchers have exposed critical vulnerabilities in a telecom network that allowed unauthorized access to sensitive data and control over 3,000 companies. The research revealed obvious vulnerabilities in the network’s backend APIs, authentication systems, and Know Your Customer (KYC) processes,…
New TorNet Backdoor Abusing Windows Schedule Task to Deliver Malware
A financially motivated threat actor has been linked to a sophisticated cyber campaign that has been targeting users in Poland and Germany since July 2024. The effort uses phishing emails to spread a range of malware payloads, including Agent Tesla,…
Hackers Exploit Outdated Electricity Controller Using Flipper Zero to Disconnect Power Supply
Researchers Fabian Bräunlein and Luca Melette demonstrated how outdated Radio Ripple Control systems, used to manage up to 60 gigawatts (GW) of electricity, could be exploited by attackers to disrupt power supply on a massive scale. Their findings, presented at…
NVIDIA GPU Display Driver Vulnerabilities Let Attackers Trigger DoS
NVIDIA has issued a critical software security update for its GPU Display Driver, addressing multiple vulnerabilities that could potentially expose systems to denial-of-service (DoS) attacks, data tampering, and information disclosure. This update impacts users across Windows and Linux platforms and…
Destroying EDR Service Executable File by Using a Combination of Windows Symbolic Links
A new method of exploiting the “Bring Your Own Vulnerable Driver” (BYOVD) technique has emerged, combining it with Windows symbolic links to elevate its effectiveness. This innovative approach exploits drivers with file-writing capabilities, bypassing the need to rely solely on…
Hackers Using Hidden Text Salting Technique To Confuse Spam Filters & Evade Detection
Cybercriminals are increasingly employing a technique known as “hidden text salting” to bypass spam filters and evade detection. This method, which saw a surge in usage during the latter half of 2024, poses a significant threat to organizations relying on…
New Attack Mimics USPS To Deliver Malicious PDF In To Attack Mobile Devices
A sophisticated phishing campaign has been uncovered, leveraging malicious PDFs disguised as official U.S. Postal Service (USPS) communications to target mobile users. This attack, identified by Zimperium’s zLabs team, employs a novel obfuscation technique to bypass traditional endpoint security measures…
Critical One Identity Manager Vulnerability Let Attackers Escalate Privileges
A critical Insecure Direct Object Reference (IDOR) vulnerability has been identified in One Identity Manager, a widely used identity and access management solution. This vulnerability, officially tracked as CVE-2024-56404, allows unauthorized privilege escalation under specific configurations. The issue affects only…
Akira’s New Linux Ransomware Attacking VMware ESXi Servers
The Akira ransomware group, a prominent player in the Ransomware-as-a-Service (RaaS) domain since March 2023, has intensified its operations with a new Linux variant targeting VMware ESXi servers. Initially focused on Windows systems, Akira expanded its scope in April 2023…