admin

Two severe vulnerabilities in Veeam Service Provider Console (VSPC) software have been patched, including one with a near-maximum CVSS score of 9.9. The issues, designated as CVE-2024-42448 and CVE-2024-42449, were identified during internal testing by Veeam. Both flaws pose significant risks to system integrity, requiring immediate attention from affected service providers. Details of the Vulnerabilities

The Federal Trade Commission (FTC) has banned data brokers Gravy Analytics and Mobilewalla from collecting, using or selling sensitive location data that reveals Americans’ visits to places like healthcare facilities, military bases and religious institutions. The settlements, announced on Tuesday, also require both companies to delete previously collected data and impose strict controls to prevent future

Houston-based ENGlobal Corporation, a contractor specializing in engineering and automation services for the energy sector and US government, announced Monday that a ransomware attack has disrupted its operations. The company disclosed the incident on Monday in aregulatory filing with the US Securities and Exchange Commission (SEC). The breach was identified on November 25 2024, prompting ENGlobal

A new report by a French government agency has accused Azerbaijan of manipulating online users in France’s overseas constituencies and Corsica. In a new report published on December 2, France’s technical agency responsible for monitoring foreign digital interference, VIGINUM, released findings about the Baku Initiative Group (BIG), a state-sponsored organization based in Azerbaijan. From July

UK cybercrime victims are being failed by the justice system, with perpetrators hardly ever facing charges and convictions, according to a report by The Cyber Helpline, a charity supporting individuals impacted by cybercrime and other online harms. The analysis The Funnel of Justice, found that victims of cybercrime in England and Wales are seven-times less

Romania’s national security council has warned that cyber-attacks are being used to influence the fairness of the country’s live presidential election. The Supreme Council of National Defense revealed it was presented with assessments on the actions of state and non-state cyber actors targeting election infrastructure and processes in a meeting on Thursday, November 28. While

An infamous ransomware group has claimed to have compromised sensitive data from a children’s hospital in Liverpool, UK. On November 28, INC Ransom posted on its data leak site that it has obtained large-scale data patient records, donor reports and procurement data for 2018-2024 from Alder Hey Children’s NHS Foundation Trust. The Trust quickly acknowledged

A new cyber-attack technique leveraging the Godot Gaming Engine to execute undetectable malware has been reported by Check Point Research. Using maliciously crafted GDScript code, threat actors deployed malware via “GodLoader,” bypassing most antivirus detections and infecting over 17,000 devices since June 2024. In a statement, the Godot security team said, “Based on the report, affected users

Cybersecurity researchers have discovered “Bootkitty,” possibly the first UEFI bootkit specifically designed to target Linux systems. This marks a significant shift in theUEFI threat landscape, which previously focused exclusively on Windows-based attacks. The bootkit, named by its creators, was uploaded to VirusTotal in November 2024 and is believed to be a proof of concept rather

A widespread distributed denial-of-service (DDoS) campaign leveraging accessible tools and targeting IoT devices and enterprise servers has been uncovered by security researchers. Orchestrated by a threat actor known as Matrix, the operation highlights how minimal technical knowledge combined with public scripts can enable global scale cyber-attacks. Matrix’s attack framework, analyzed in detail by Aqua Nautilus,

A network of four public relations (PR) firms has been operating pro-China influence operations online since at least 2022, according to Google. In a report published on November 22, Google’s Threat Intelligence Group revealed it has removed hundreds of domains from its search and news indexes. These domains were part of a complex ecosystem of

Consumers have been warned that 77% of Black Friday-themed spam emails in 2024 have been identified as scams, with the remainder marketing lures, according to new figures from Bitdefender. This represents a 7% rise in the proportion of spam emails identified as scams compared to Black Friday 2023, and a 21% increase compared to 2022.

A Russian-aligned hacking group is conducting a cyber espionage campaign across Europe and Asia, according to Recorded Future. Insikt Group, Recorded Future’s threat intelligence team, has shared in a November 21 report that a group it tracks as TAG-110 has been using custom malware to compromise government entities, human rights groups and educational institutions. The

Microsoft has seized 240 fraudulent websites associated with “do-it-yourself” phishing kits used by cybercriminals globally to break into customer accounts. The action was enabled by a civil court order in the Eastern District of Virginia which allowed the malicious technical infrastructure to be directed to Microsoft. This permanently stops the use of these domains in

US and Australian government agencies have urged critical infrastructure organizations to protect against new tactics employed by the BianLian ransomware group. These updated tactics, techniques and procedures (TTPs) include shifting exclusively to exfiltration-based extortion and leveraging new approaches for initial access, command and control, and defense evasion. The joint advisory from the FBI, Cybersecurity and