Google removed Kaspersky ‘s Android security apps from the Play Store and suspended its developer accounts over the weekend. Over the weekend, all the Android products designed by the Russian cybersecurity firm Kaspersky were removed from the official Google Play in…
Tag: Security Affairs
New Perfctl Malware targets Linux servers in cryptomining campaign
perfctl malware targets misconfigured Linux servers to deploy cryptocurrency miners and proxyjacking software in an ongoing campaign. Aqua Nautilus researchers shed light on a Linux malware, dubbed perfctl malware, that over the past 3-4 years targeted misconfigured Linux servers. The…
Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group
Microsoft and the U.S. DoJ seized over 100 domains used by the Russia-linked Callisto Group for launching attacks on U.S. government and nonprofits. The Justice Department revealed the unsealing of a warrant to seize 41 domains used by Russia-linked Callisto…
Dutch police breached by a state actor
The Dutch government blames a “state actor” for hacking a police system, exposing the contact details of all police officers, according to the justice minister. The Dutch police blame a state actor for the recent data breach that exposed officers’…
Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug
Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise…
Cloudflare mitigated new record-breaking DDoS attack of 3.8 Tbps
Cloudflare recently mitigated a new record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion packets per second (Pps). Cloudflare reported that starting from early September, it has mitigated over 100 hyper-volumetric L3/4 DDoS attacks, with many exceeding 2 billion…
Telegram revealed it shared U.S. user data with law enforcement
Telegram fulfilled over a dozen U.S. law enforcement data requests this year, potentially revealing the IP addresses or phone numbers of 100+ users. Independent website 404 Media first revealed that in 2024 Telegram has fulfilled more than a dozen law…
U.S. CISA adds Ivanti Endpoint Manager (EPM) flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Endpoint Manager (EPM) vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-29824 (CVSS score of 9.6)…
14 New DrayTek routers’ flaws impacts over 700,000 devices in 168 countries
Multiple flaws in DrayTek residential and enterprise routers can be exploited to fully compromise vulnerable devices. Forescout researchers discovered 14 new vulnerabilities in DrayTek routers, two of which have been rated as critical. Of the 14 security flaws nine are…
Rhadamanthys information stealer introduces AI-driven capabilities
The Rhadamanthys information stealer has been upgraded with advanced features, including the use of artificial intelligence (AI) for optical character recognition (OCR). Researchers at the Recorded Future’s Insikt group have documented the evolution of the Rhadamanthys info stealer. The malware…