The Banshee Stealer can rob sensitive data, including passwords from macOS Keychain, system information, and data from popular web browsers like Safari, Chrome, and Firefox. It can also access cryptocurrency wallets and plugins.
The flaws include denial-of-service issues, unauthorized file write bugs, directory traversal, and forced Wi-Fi connections. Google has released an update (v1.0.1724.0) to address these vulnerabilities and is tracking them under two CVE identifiers.
Cyber threat operation ClearFake distributes fake antivirus software to trick users into believing their systems are infected, leading to requests for payment or installation of more malware.
The Network and Information Security (NIS) 2 Directive is a major cybersecurity regulation in Europe, with EU Member States having until October 17, 2024, to comply with the increased security standards and reporting requirements.
Initially discovered in January 2023 impersonating government entities, Gigabud and Golddigger malware campaigns have overlapped, suggesting the same threat actors behind both.
FreeBSD has issued an urgent patch for a high-severity vulnerability in OpenSSH that could allow attackers to remotely execute arbitrary code with elevated privileges. The flaw, identified as CVE-2024-7589, has a CVSS score of 7.4 out of 10.
The malicious PyPI package, named “solana-py,” had 1,122 downloads before being removed. It mimicked the legitimate “solana” package with version numbers 0.34.3, 0.34.4, and 0.34.5.
Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) have made it easier for cybercriminals to carry out sophisticated attacks, according to Darktrace. These subscription-based tools have lowered the barrier for less experienced attackers.
The vulnerability, identified as CVE-2024-38200, affects various versions of Office, including Microsoft Office 2016, Microsoft Office LTSC 2021, Microsoft 365 Apps, and Microsoft Office 2019.
The United Nations has unanimously passed its first cybercrime treaty, initially proposed by Russia. This treaty establishes a global legal framework for addressing cybercrime and data access.