Security Bulletin

An attacker with local access can grab admin credentials from active memory prior to deletion.

Immediate blocking of IP addresses leveraging the issue has also been recommended by Cleo.

Infiltration of Byte Federal's systems exposed individuals' full names, birthdates, physical addresses, email addresses, phone numbers, Social Security numbers, government-issued IDs, photos, and transaction activity, according to the firm's data...

Aside from disrupting servers through a deluge of requests to "debug/pprof/heap" and other endpoints, attackers could also exploit Prometheus' "metrics" endpoint to obtain information from internal API endpoints, Docker registries, subdomains, and...

Attacks with Pumakit commence with the deployment of the cron dropper, which executes the '/memfd:tgt' and '/memfd:wpn' payloads, with the former eventually launching the 'puma.ko' LKM rootkit module that loads only after ensuring secure boot status...

Malicious battery charge tracking and photo gallery apps, as well as a phony Samsung Knox app and trojanized Telegram app, have been leveraged to distribute the similar BoneSpy and PlainGnome spyware, which facilitate compromise of device location...

Identified within a Gasboy fuel control system's payment terminal believed to have been targeted by the Iranian state-backed operation CyberAv3ngers, IOCONTROL features a modular configuration and sophisticated script enabling the persistent...

At least $88 million have already been earned by North Korean state-sponsored firms Yanbian Silverstar and Volasys Silverstar for leading operations of the six-year fraud scheme, which involved fake IT workers leveraging sophisticated obfuscation...

Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued.

DOJ announced that two arrested in Kosovo, a third in Albania tied to Rydox dark market website.