A recently identified Android malware described as an information stealer and spyware has broad monitoring capabilities that allow it to harvest and exfiltrate sensitive information from numerous applications, threat landscape management company Cyfirma reports. Dubbed FireScam, the malware is distributed disguised as the ‘Telegram Premium’ application, through a phishing website that mimics the legitimate RuStore […]

SafeBreach has published proof-of-concept (PoC) exploit code targeting a recently resolved denial-of-service (DoS) vulnerability in Windows Lightweight Directory Access Protocol (LDAP). The issue, tracked as CVE-2024-49113 (CVSS score of 7.5), was patched on December 10 along with a critical remote code execution (RCE) flaw in LDAP (CVE-2024-49112, CVSS score of 9.8). Neither of the defects […]

The United States has imposed sanctions on two groups linked to Iranian and Russian efforts to target American voters with disinformation ahead of this year’s election. Treasury officials announced the sanctions Tuesday, alleging that the two organizations sought to stoke divisions among Americans before November’s vote. US intelligence has accused both governments of spreading disinformation, […]

The Richmond University Medical Center in New York has been investigating a ransomware attack since May 2023 and it recently determined that the incident resulted in a data breach affecting more than 670,000 people.  The healthcare facility, which serves residents in Staten Island, New York, suffered significant disruptions in May 2023 after being targeted in […]

Apple has agreed to pay $95 million to settle a lawsuit accusing the privacy-minded company of deploying its virtual assistant Siri to eavesdrop on people using its iPhone and other trendy devices. The proposed settlement filed Tuesday in an Oakland, California, federal court would resolve a 5-year-old lawsuit revolving around allegations that Apple surreptitiously activated […]

A US Army soldier suspected of leaking presidential call logs was reportedly arrested in Texas on December 20, after being charged on two counts of unlawful transfer of confidential phone records. The suspect, Cameron John Wagenius, 20, was arrested in Fort Hood, Texas, under the suspicion of being a cybercriminal who, using the online moniker […]

Cybercriminals who hacked Rhode Island’s system for health and benefits programs have released files to a site on the dark web, a scenario the state has been preparing for, Gov. Daniel McKee said Monday. The state has an outreach strategy to encourage potentially impacted Rhode Islanders to protect their personal information, according to a press […]

The supply chain attack in which cybersecurity firm Cyberhaven’s Chrome extension was compromised to steal users’ data appears to be part of a wider campaign in which at least 29 extensions were hit over the past year and a half. As part of the Cyberhaven incident, a threat actor gained access to the company’s Chrome […]

Chinese hackers remotely accessed US Treasury Department workstations and unclassified documents after compromising a cloud-based service operated by BeyondTrust, the department said Monday. While the Treasury described the situation as a “major cybersecurity incident,” the scope of the breach was not detailed, with no information on how many workstations had been compromised or what types […]

Palo Alto Networks informed customers late last week that it has patched a zero-day vulnerability that has been exploited to launch denial-of-service (DoS) attacks against its firewalls. The security hole, tracked as CVE-2024-3393, impacts the DNS Security feature of the PAN-OS software that runs on Palo Alto Networks firewalls. The flaw allows an unauthenticated attacker […]