Breaking News

Pierluigi Paganini October 07, 2024
Man pleads guilty to stealing over $37 Million worth of cryptocurrency

A man from Indiana pleaded guilty to stealing over $37M in cryptocurrency from 571 victims during a 2022 cyberattack. Evan Frederick Light, 21, of Lebanon, Indiana, pleaded guilty to conspiracy to commit wire fraud and conspiracy to launder monetary instruments.  In February 2022, Light participated in a cyber attack on an investment firm in Sioux […]

Pierluigi Paganini October 06, 2024
China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

China-linked APT group Salt Typhoon breached U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data. According to the Wall Street Journal, which reported the news […]

Pierluigi Paganini October 06, 2024
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0 Threat Actors leverage Docker Swarm and Kubernetes to […]

Pierluigi Paganini October 06, 2024
Security Affairs newsletter Round 492 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WordPress LiteSpeed Cache plugin flaw could allow site takeover Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session […]

Pierluigi Paganini October 06, 2024
Google Pixel 9 supports new security features to mitigate baseband attacks

Google announced that its Pixel 9 has implemented new security features, and it supports measures to mitigate baseband attacks. Pixel phones are known for their strong security features, particularly in protecting the cellular baseband, which is the processor handling LTE, 4G, and 5G communications. While basebands in smartphones are often vulnerable to attacks due to […]

Pierluigi Paganini October 05, 2024
WordPress LiteSpeed Cache plugin flaw could allow site takeover

A high-severity flaw in the WordPress LiteSpeed Cache plugin could allow attackers to execute arbitrary JavaScript code under certain conditions. A high-severity security flaw, tracked as CVE-2024-47374 (CVSS score 7.2), in the LiteSpeed Cache plugin for WordPress could allow attackers to execute arbitrary JavaScript. The vulnerability is a stored cross-site scripting (XSS) issue impacting versions […]

Pierluigi Paganini October 05, 2024
Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs

Apple released iOS 18.0.1 update that addressed two vulnerabilities that exposed passwords and audio snippets to attackers. Apple released iOS 18.0.1 and iPadOS 18.0.1 updates to fix two vulnerabilities, respectively tracked as CVE-2024-44207 and CVE-2024-44204. The company addressed the vulnerability by improving checks. The flaw was reported by Michael Jimenez and an anonymous researcher. The […]

Pierluigi Paganini October 04, 2024
Google removed Kaspersky’s security apps from the Play Store

Google removed Kaspersky ‘s Android security apps from the Play Store and suspended its developer accounts over the weekend. Over the weekend, all the Android products designed by the Russian cybersecurity firm Kaspersky were removed from the official Google Play in the United States and other countries. Google also disabled the developer accounts used by the cybersecurity […]

Pierluigi Paganini October 04, 2024
New Perfctl Malware targets Linux servers in cryptomining campaign

perfctl malware targets misconfigured Linux servers to deploy cryptocurrency miners and proxyjacking software in an ongoing campaign. Aqua Nautilus researchers shed light on a Linux malware, dubbed perfctl malware, that over the past 3-4 years targeted misconfigured Linux servers. The malicious code was used to drop cryptocurrency miners and proxyjacking software. Perfctl is an elusive […]

Pierluigi Paganini October 04, 2024
Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group

Microsoft and the U.S. DoJ seized over 100 domains used by the Russia-linked Callisto Group for launching attacks on U.S. government and nonprofits. The Justice Department revealed the unsealing of a warrant to seize 41 domains used by Russia-linked Callisto Group (formerly SEABORGIUM, also known as COLDRIVER) for computer fraud in the United States. US […]