WordPress websites were found distributing the ClearFake Trojan malware, a dangerous threat that can lead to ransomware infections. The malware was disguised as a prompt to install a root certificate.
SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. “An improper access control vulnerability has been identified in the SonicWall SonicOS
The Dutch Data Protection Authority (DPA) has fined Uber a record €290 million ($324 million) for allegedly failing to comply with European Union (E.U.) data protection standards when sending sensitive driver data to the U.S. “The Dutch DPA found that Uber transferred personal data of European taxi drivers to the United States (U.S.) and failed […]
CISA’s new $524M headquarters, set to be completed in 2027, will be located at the DHS campus in Washington. Construction is expected to begin in the fall, consolidating the agency’s workforce currently spread across five office rentals.
A new malware campaign has targeted numerous online stores, compromising their security by injecting digital skimmers that can steal credit card information during the checkout process.
Lingo Telecom failed to comply with caller ID rules before the New Hampshire primary. FCC is seeking a $6 million fine against political consultant Steve Kramer for arranging the calls.
The group, which has been active since 2020, specializes in data extortion and ransomware attacks. They have targeted at least 20 healthcare entities since 2021 and claim to have stolen patient information.
The US government has filed a lawsuit against the Georgia Institute of Technology (Georgia Tech) and its affiliate Georgia Tech Research Corporation (GTRC) for alleged cybersecurity violations.
The two vulnerabilities are path traversal flaws, with CVE-2024-24809 allowing unrestricted file upload with dangerous types and CVE-2024-31214 enabling remote code execution through device image uploads.