The White House has launched a cybersecurity hiring sprint to fill 500,000 job openings, part of a program to address the ongoing shortage in cyber, technology, and AI positions.
This campaign, active since July, utilizes at least three malicious ISO files to compromise Malaysian entities, containing components like a malicious executable and a decoy PDF file, ultimately delivering the Babylon RAT as a final payload.
Local attackers can exploit this weakness through malicious CLI commands without user interaction, but only if they have Administrator privileges. So far, there is no evidence of this vulnerability being exploited in the wild.
Cisco has issued a warning about a backdoor admin account discovered in the Cisco Smart Licensing Utility (CSLU), allowing unauthorized access to unpatched systems. This critical flaw (CVE-2024-20439) enables remote access with admin privileges.
Despite this, the risk is limited as attackers would need physical access to the device, specific knowledge of targeted accounts, and specialized equipment for the attack.
Google has patched a high-severity vulnerability, known as CVE-2024-32896, in its Android OS actively exploited in the wild. The issue involves a privilege escalation in the Android Framework component.
This method could potentially lead to numerous malicious package downloads. The attack involves hijacking popular projects by registering new projects under the names of removed packages on PyPI.
Two vulnerabilities, CVE-2021-20123 and CVE-2021-20124, pose serious risks for Draytek VigorConnect routers, potentially leading to unauthorized access to sensitive files. Another vulnerability, CVE-2024-7262, affects Kingsoft WPS Office.
A new ransomware variant named Underground, linked to the Russia-based RomCom group, encrypts files on victims’ Windows machines and demands a ransom for decryption. It has been active since July 2023.
The FBI issued a warning about aggressive social engineering attacks by North Korean hacking groups targeting cryptocurrency firms. The attacks involve deploying malware to steal crypto assets through highly targeted tactics that are hard to detect.