Lingo Telecom failed to comply with caller ID rules before the New Hampshire primary. FCC is seeking a $6 million fine against political consultant Steve Kramer for arranging the calls.

The group, which has been active since 2020, specializes in data extortion and ransomware attacks. They have targeted at least 20 healthcare entities since 2021 and claim to have stolen patient information.

The US government has filed a lawsuit against the Georgia Institute of Technology (Georgia Tech) and its affiliate Georgia Tech Research Corporation (GTRC) for alleged cybersecurity violations.

The two vulnerabilities are path traversal flaws, with CVE-2024-24809 allowing unrestricted file upload with dangerous types and CVE-2024-31214 enabling remote code execution through device image uploads.

This malware allows attackers to emulate victims’ cards, enabling them to make unauthorized payments or withdraw cash from ATMs. The campaign has been active since November 2023.

Disguised as a legitimate software, Cthulhu Stealer is designed to steal credentials, cryptocurrency wallets, and other sensitive information. It prompts users to enter their system password and MetaMask password, exfiltrating them to a C2 server.

These vulnerabilities pose risks to organizations using outdated versions, allowing unauthorized access to sensitive data and privilege escalation through SQL Injection techniques.

A recent Qilin ransomware attack targeted several endpoints, stealing VPN credentials and Chrome browser data. This attack, detected in July 2024, involved network access through compromised VPN credentials without multi-factor authentication.

SonicWall has released an urgent patch to address a critical vulnerability (CVE-2024-40766) in SonicOS, which could allow unauthorized access to their firewalls. The vulnerability could lead to system compromise and network disruption.

The NSA has released guidelines to improve logging and threat detection for Living-off-the-Land (LotL) attacks in cloud services, enterprise networks, mobile devices, and OT networks as part of a global effort for critical infrastructure security.