Recent Security News
-
U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists
March 6, 2024 at 03:15AM The U.S. Treasury’s OFAC sanctioned individuals and entities linked to Intellexa Alliance for distributing spyware targeting government officials and journalists. The group, including companies like Cytrox, developed the Predator spyware, similar to NSO Group’s Pegasus, enabling unauthorized data access. The sanctions aim to address misuse of commercial spyware and protect…
-
VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws
March 6, 2024 at 03:15AM VMware has issued patches for four security flaws affecting ESXi, Workstation, and Fusion, including two critical bugs allowing code execution. The vulnerabilities, including use-after-free bugs in the XHCI USB controller, carry high CVSS scores. CVE-2024-22252 and CVE-2024-22253 were discovered by multiple security researchers and require immediate patching. Temporary workaround includes…
-
Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries
March 6, 2024 at 02:15AM GhostSec, a cybercrime group, has partnered with Stormous to launch double extortion ransomware attacks on businesses globally. They are part of a coalition called The Five Families, offering a new ransomware-as-a-service (RaaS) program called STMX_GhostLocker. The groups have also introduced a Go-written ransomware called GhostLocker 2.0 and developed hacking tools…
-
New APT Group ‘Lotus Bane’ Behind Recent Attacks on Vietnam’s Financial Entities
March 6, 2024 at 02:15AM A new cyber attack targeting a financial entity in Vietnam was linked to Lotus Bane, an advanced persistent threat group with methods overlapping those of OceanLotus. This suggests possible connections with or inspirations from OceanLotus, though the different target industries indicate potential differences. Financial organizations worldwide have been targeted by…
-
Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws
March 6, 2024 at 01:03AM Apple has released security updates to fix actively exploited vulnerabilities, CVE-2024-23225 and CVE-2024-23296, in its iOS and iPadOS, addressing them with improved validation. The flaws can be exploited by attackers to bypass kernel memory protections. This development adds to a total of three zero-days that Apple has addressed since the…