Security researchers have discovered tens of thousands of exploited devices with a backdoor installed due to a critical zero-day vulnerability in Cisco IOS XE software’s web user interface.
CISA plans to issue a request for information to address Secure by Design engineering and is urging software manufacturers to demonstrate evidence of security incorporation through artifacts.
Vietnamese cybercrime groups are targeting the digital marketing sectors in the United Kingdom, United States, and India with various malware strains, including the DarkGate information stealer.
The Viking Line cyberattack, believed to be a DDoS attack, caused major disruptions to shipping company websites and emphasizes the urgent need for robust cybersecurity measures in the industry.
Using outdated software is the main reason for website compromise. In one case, an e-commerce store running on an old version of OpenCart led to credit card theft and fraud.
Cybersecurity firm Spec has successfully closed a $15M Series A funding round led by SignalFire, with participation from Legion Capital and Rally Ventures, enabling the company to advance its platform and expand its threat labs.
The BlackCat ransomware group has introduced a new evasion tool called Munchkin, distributed as an ISO file, allowing them to run ransomware on remote machines. The controller malware is written in Rust and resembles the BlackCat malware family. Organizations are recommended to leverage the updated IOCs associated with the malware to stay safe.
The IT manager and his wife stole the personally identifiable information of over 9,000 individuals and sold it for $160,000 in Bitcoin, which was later used for criminal activities.
The leaked data poses serious risks, as threat actors could potentially disrupt services, launch phishing campaigns, and engage in “doxxing” and “swatting” activities, putting customers at risk.
EDF, the company operating nuclear power plants in the UK, is facing increased regulatory attention after an inspection of its cybersecurity practices. The company failed to provide a comprehensive cybersecurity improvement plan.