The US government has filed a lawsuit against the Georgia Institute of Technology (Georgia Tech) and its affiliate Georgia Tech Research Corporation (GTRC) for alleged cybersecurity violations.
The two vulnerabilities are path traversal flaws, with CVE-2024-24809 allowing unrestricted file upload with dangerous types and CVE-2024-31214 enabling remote code execution through device image uploads.
This malware allows attackers to emulate victims’ cards, enabling them to make unauthorized payments or withdraw cash from ATMs. The campaign has been active since November 2023.
Disguised as a legitimate software, Cthulhu Stealer is designed to steal credentials, cryptocurrency wallets, and other sensitive information. It prompts users to enter their system password and MetaMask password, exfiltrating them to a C2 server.
These vulnerabilities pose risks to organizations using outdated versions, allowing unauthorized access to sensitive data and privilege escalation through SQL Injection techniques.
A recent Qilin ransomware attack targeted several endpoints, stealing VPN credentials and Chrome browser data. This attack, detected in July 2024, involved network access through compromised VPN credentials without multi-factor authentication.
SonicWall has released an urgent patch to address a critical vulnerability (CVE-2024-40766) in SonicOS, which could allow unauthorized access to their firewalls. The vulnerability could lead to system compromise and network disruption.
The NSA has released guidelines to improve logging and threat detection for Living-off-the-Land (LotL) attacks in cloud services, enterprise networks, mobile devices, and OT networks as part of a global effort for critical infrastructure security.
The CISA has added new vulnerabilities to its Known Exploited Vulnerabilities catalog, including Dahua IP Camera authentication bypass flaws, a Linux Kernel buffer overflow issue, and a Microsoft Exchange Server vulnerability.
Liverpool fans have suffered the most in Premier League ticket scams for the 2023/24 season, losing over £17,000 (~$22,460) to criminals, as revealed by a report from NatWest Bank. Arsenal supporters were also hit hard, losing £12,000 (~$15,855).