Автор: Dark Reading Staff

Critical-rated CVE-2024-20017 allows remote code execution (RCE) on a range of phones and Wi-Fi access points from a variety of OEMs.

The first patch lets threat actors with low-level credentials still exploit the vulnerability, while the second fully resolves the flaw.

Once a user’s device is infected as part of an ongoing Flax Typhoon APT campaign, the malware connects it to a botnet called Raptor Train, initiating malicious activity.

By accessing the MSSQL, threat actors gain admin-level access to the application, allowing them to automate their attacks.

Regulators fine AT&T $13 million for failing to protect customer information held by a third-party vendor, and extend consumer data protections to the cloud.

The Eastern European group is actively expanding its financial fraud activities, with its pipelines representing a veritable Silk Road for the transfer of cryptocurrency, and lucrative and exploitable data.

Three days after Ivanti published an advisory about the high-severity vulnerability CVE-2024-8190, threat actors began to abuse the flaw.

The FBI and CISA are warning citizens of attempts to convince voters that US election infrastructure has been compromised. (It hasn’t been.)

Law enforcement seized electronics containing special hacking tools and software as well as a substantial amount of cash in the raids.

Episode 3: On September 11, 2019, two cybersecurity professionals were arrested in Dallas County, Iowa and forced to spend the night in jail — just for doing their jobs. Gary De Mercurio and Justin Wynn. Despite the criminal charges against them event…