447/67 Wednesday, December 18, 2024 ConnectOnCall, a telemedicine and after-hours emergency call service platform, has disclosed a data breach affecting the personal and medical information of over 900,000 users. The company discovered the security breach on May 12, 2024, and immediately began an investigation. It was found that an external party had gained access to […]
446/67 Wednesday, December 18, 2024 Cybersecurity researchers from QiAnXin, a company in China, have revealed an advanced PHP backdoor called Glutton, a new tool associated with the Winnti group, which is linked to China. This backdoor targets multiple countries, including China, the United States, Cambodia, Pakistan, and South Africa. Glutton is designed in a modular […]
445/67 Tuesday, December 17, 2024 Germany’s Federal Office for Information Security (BSI) announced its success in halting the BADBOX malware operation, which was found to have infected over 30,000 internet-connected devices sold within the country. The agency disrupted communication between the infected devices and their command-and-control (C2) servers using a sinkholing technique. Affected devices include […]
444/67 Tuesday, December 17, 2024 Thai government officials have become targets of a new cyberattack employing a technique known as DLL Side-Loading to deploy a backdoor malware called “Yokai.” This malware is designed to take control of systems and execute commands from attackers via a command-and-control (C2) server. The campaign begins with a RAR file […]
443/67 Monday, December 16, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerability CVE-2024-50623 (CVSS score 8.8), which affects Cleo Harmony, VLTrader, and LexiCom products, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability involves unrestricted file upload and download, which could lead to remote code execution (RCE). Users are advised to […]
442/67 Monday, December 16, 2024 OpenWrt, a popular open-source operating system for routers and network devices, has been revealed to contain a critical security vulnerability in its Attended Sysupgrade (ASU) feature. This vulnerability, identified as CVE-2024-54143, has received a CVSS severity score of 9.3 out of 10, indicating a high level of risk. The vulnerability […]
441/67 Thursday, December 12, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in the Microsoft Windows Common Log File System (CLFS), identified as CVE-2024-49138, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, with a CVSS score of 7.8, was addressed in Microsoft’s December 2024 Patch Tuesday security update, which […]
440/67 Thursday, December 12, 2024 Adobe, a leading software developer, has released its December 2024 Patch Tuesday security update, addressing over 160 vulnerabilities across 16 popular products such as Reader, Illustrator, Photoshop, and Connect. Key details of the fixes include: While Adobe confirmed that no active exploits of these vulnerabilities have been detected, the company […]
439/67 Wednesday, December 11, 2024 Anna Jaques Hospital in Massachusetts, USA, has disclosed a ransomware attack on December 25, 2023, which led to the leak of sensitive health information for over 316,000 patients. The hospital, which provides a range of services including emergency care, maternity, oncology, cardiology, and orthopedic surgery, immediately suspended the affected systems […]
438/67 Wednesday, December 11, 2024 The newly established ransomware group “Termite” has claimed responsibility for a cyberattack that caused significant damage to Blue Yonder, a major U.S.-based supply chain technology company. The attack has disrupted operations for leading organizations such as Starbucks and prominent UK retailers Morrisons and Sainsbury’s. Blue Yonder, headquartered in Arizona, revealed […]
