The CVE-2024-54143 vulnerability affects the OpenWrt sysupgrade server and exposes users to risks of installing malicious firmware images.
The post Critical OpenWrt Flaw Exposes Firmware Update Server to Exploitation appeared first on SecurityWeek.
Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering
The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024.
“Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user’s email to numerous mailing lists simultaneously,” Rapid7
“Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user’s email to numerous mailing lists simultaneously,” Rapid7
Cybercrime gang arrested after turning Airbnbs into fraud centers
Eight members of an international cybercrime network that stole millions of Euros from victims and set up Airbnb fraud centers were arrested in Belgium and the Netherlands. […]
Romanian energy supplier Electrica hit by ransomware attack
Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack that was still “in progress” earlier today. […]
Medical Device Maker Artivion Scrambling to Restore Systems After Ransomware Attack
Medical devices manufacturer Artivion says a ransomware attack caused disruptions to order and shipping processes.
The post Medical Device Maker Artivion Scrambling to Restore Systems After Ransomware Attack appeared first on SecurityWeek.
QNAP Patches Vulnerabilities Exploited at Pwn2Own
QNAP has released patches for multiple high-severity QTS and QuTS Hero vulnerabilities disclosed at the Pwn2Own Ireland 2024 hacking contest.
The post QNAP Patches Vulnerabilities Exploited at Pwn2Own appeared first on SecurityWeek.
⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 – 8)
This week’s cyber world is like a big spy movie. Hackers are breaking into other hackers’ setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in.
Want to
Want to
Blue Yonder Probing Data Theft Claims After Ransomware Gang Takes Credit for Attack
The Blue Yonder ransomware attack that caused disruptions to Starbucks and major grocery stores may have also involved information theft.
The post Blue Yonder Probing Data Theft Claims After Ransomware Gang Takes Credit for Attack appeared first on SecurityWeek.
Deloitte Responds After Ransomware Group Claims Data Theft
Deloitte has issued a response after the Brain Cipher ransomware group claimed to have stolen over 1 Tb of information belonging to the company.
The post Deloitte Responds After Ransomware Group Claims Data Theft appeared first on SecurityWeek.
Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI
Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim’s account by means of a prompt injection attack.
Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input “Print
Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input “Print