The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent
VLC Media Player users are urged to update their software due to the critical CVE-2024-46461 vulnerability, which could crash the program or lead to code execution by malicious actors.
Multiple critical vulnerabilities in CUPS (Common Unix Printing System) have been uncovered, affecting Linux systems, BSDs, Oracle Solaris, and Google Chrome OS. These flaws can enable attackers to execute arbitrary commands through IPP URLs.
In today’s fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher. Whether you’re a seasoned cyber professional or just starting your journey, signing up for the GIAC Newsletter ensures you’re always informed and equipped for
Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling. The development marks the first time the malware has been deployed using this method, a departure from previously observed delivery vectors such as compromised or fake […]
Nvidia Container Toolkit has critical vulnerabilities (CVE-2024-0132 and CVE-2024-0133) up to v1.16.1, allowing attackers to access the host file system, execute code, escalate privileges, and disrupt services.
The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals. The virtual currency exchanges, Cryptex and PM2BTC, have been alleged to facilitate the laundering of cryptocurrencies possibly obtained through
A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It […]
Mallox, known for targeting Windows systems, has expanded its operations to Linux by using a modified version of the Kryptina ransomware, named “Mallox Linux 1.0.” The ransomware utilizes the same encryption algorithm as Kryptina.