Home 2017-08-28T17:57:09+05:30

SMS Bombing: The Risks and Dangers of Text Message Attacks

In the realm of cybersecurity, SMS Bomber attacks are emerging as a modern threat with significant and concerning consequences. Many of us have experienced receiving SMS or calls from unknown [...]

Beware: Business Email Compromise (BEC) Attacks Threaten Organizations

The pandemic has spurred significant shifts in business models. With the rise of digital transformation, increased efficiency, and profitability, the threat landscape for organizations has evolved. Presently, with over 60% [...]

New Bifrost malware for Linux mimics VMware domain for evasion

A new Linux variant of Bifrost, called Bifrose, was detected employing a clever evasion tactic by utilizing a deceptive domain resembling the official VMware domain to avoid detection. What is [...]

Emerging Phishing Kit Exploits SMS and Voice Calls to Target Cryptocurrency Users

A newly discovered phishing kit has been observed impersonating the login pages of prominent cryptocurrency services as part of an attack cluster aimed primarily at mobile devices. Emerging Phishing Kit [...]

Hackers Exploit SVG Image Files for GUloader Malware Distribution

Cybercriminals are leveraging the flexibility of SVG (Scalable Vector Graphics) files for the dissemination of the GUloader malware. Hackers Exploit SVG Image Files for GUloader Malware GuLoader is notorious for [...]

Cybercriminals Exploit Weaponized ZIP Files to Acquire NTLM Hashes

Cyber adversaries utilize ZIP files as a means to weaponize them, leveraging the ease of concealing malicious payloads within compressed archives. This tactic poses a challenge for security systems, as [...]

Malicious npm Packages: North Korean Hackers Targeting Developers

Recent discoveries by Phylum indicate that a series of counterfeit npm packages identified on the Node.js repository are associated with state-sponsored actors from North Korea. Malicious npm Packages The packages [...]

SSH-Snake Malware: Stealing SSH Keys to Expand Network Spread

Threat actors exploit SSH credentials to gain unauthorized access to systems and networks, executing malicious activities by leveraging weak or compromised credentials. The misuse of SSH credentials offers a covert [...]

LiteSpeed Plugin Vulnerability Exposes 5 Million WordPress Sites to Risk

Researchers at Patchstack have issued a warning regarding an unauthenticated site-wide stored XSS vulnerability, identified as CVE-2023-40000, affecting the LiteSpeed Cache plugin for WordPress. LiteSpeed Plugin Vulnerability The LiteSpeed Cache [...]

Xeno RAT Exploits Windows DLL Search to Evade Detection

A newly identified, sophisticated malware coded in C# has emerged. Dubbed Xeno RAT, this malware boasts advanced features such as evasion tactics, payload generation, and an additional layer of threat [...]

Compromised PyPI Package Deploys NovaSentinel Stealer on Windows

Researchers uncovered an advanced cyberattack involving a dormant Python Package Index (PyPI) package called Django-log-tracker, which was unexpectedly updated to distribute the NovaSentinel stealer malware. This finding underscores a substantial [...]

LockBit Returns, Unveiling Fresh Claims and Victims

The narrative surrounding the takedown of the LockBit ransomware on February 19 is still evolving. Following nearly a week of silence and downtime, the notorious gang has resurfaced on a [...]

Microsoft Initiates Wi-Fi 7 Testing in Windows 11

Microsoft has commenced testing Wi-Fi 7 compatibility within the Windows 11 Insider Preview Build 26063. Initially available only in the Canary Channel, a potential expansion to Dev Channel users could [...]

Analysts Expose Apple’s Latest Zero-Click Shortcuts Vulnerability

Information has surfaced regarding a recently patched high-severity security vulnerability in Apple's Shortcuts app, allowing a shortcut to access sensitive device information without user consent. Apple's Latest Zero-Click Shortcuts Apple [...]

Multiple Cross-Site Scripting (XSS) Flaws in Joomla Could Result in Remote Code Execution

Five vulnerabilities have been discovered within the Joomla content management system that could be exploited to execute arbitrary code on vulnerable websites. Multiple Cross-Site Scripting (XSS) Flaws in Joomla The [...]

MrB Ransomware (.mrB Files) – Analysis & File Recovery

MrB ransomware, a variant of Dharma ransomware, was identified on February 21, 2024. It encrypts files with the extension ".mrB" and targets small businesses, demanding ransom solely for file decryption [...]

New Wi-Fi Authentication Bypass Vulnerabilities Pose Threat to Home and Enterprise Networks

Two recently discovered Wi-Fi authentication bypass vulnerabilities in open-source software could potentially expose numerous enterprise and home networks to attacks. New Wi-Fi Authentication Bypass Vulnerabilities Mathy Vanhoef, a professor at [...]

Critical Vulnerabilities in ConnectWise ScreenConnect, PostgreSQL JDBC, and VMware EAP

ConnectWise has remedied a critical vulnerability rated CVSS 10 in its ScreenConnect product, a desktop and mobile support software that offers fast and secure remote access solutions. ConnectWise has addressed [...]

Migo Malware: Targeting Redis Servers for Cryptocurrency Mining

A recent malware campaign has been detected, focusing on gaining initial access through Redis servers, aiming to mine cryptocurrency on compromised Linux hosts. What is Migo Malware? Migo Malware is [...]

Mastodon Security Flaw Enables Account Takeover

Cybersecurity experts have uncovered a critical vulnerability in the decentralized social network Mastodon, potentially enabling unauthorized access and account takeover. Fortunately, a fix is already available for this flaw. MASTODON [...]

Meta Warns of 8 Spyware Companies Targeting iOS, Android, and Windows Devices

Meta Platforms announced it has taken measures to combat malicious activities originating from eight firms in Italy, Spain, and the United Arab Emirates (UAE) engaged in the surveillance-for-hire industry. Meta [...]

SYSDF Ransomware: Analysis, .SYSDF File Recovery, and Removal Guide

SYSDF is a ransomware program belonging to the Dharma malware family. Typically targeting small businesses, it encrypts files and demands ransom payments for decryption. The ransomware was first identified by [...]

Ov3r_Stealer: Targeting Cryptocurrency and Credentials via Facebook Job Ads

"A recent report by Trustwave SpiderLabs reveals the emergence of Ov3r_Stealer, a Windows malware propagated through deceptive Facebook job advertisements. This malware is engineered to pilfer sensitive data and cryptocurrency [...]

Malicious ‘SNS Sender’ Script Exploits AWS for Mass Smishing Campaigns

A malicious Python script named SNS Sender is being promoted as a tool for threat actors to distribute bulk smishing messages by exploiting Amazon Web Services (AWS) Simple Notification Service [...]

Shim Bootloader Vulnerability Detected in Linux Systems

Security researchers have uncovered a critical vulnerability in Shim, a commonly used Linux bootloader. This flaw has the potential to enable attackers to execute malicious code and take control of [...]

Zoom patched seven vulnerabilities across Windows, iOS, and Android, including one critical flaw (CVE-2024-24691)

Zoom, the well-known video conferencing platform, recently patched 7 security vulnerabilities in a recent update. These vulnerabilities range in severity from medium to critical, and they affect a variety of [...]

Beware of Malicious Fake ChatGPT Apps

The public release of ChatGPT caused a sensation back in 2022, and it's fair to say it's been a game-changer. However, scammers often target platforms with large user bases. Fake [...]

HijackLoader Malware Introduces Fresh Evasion Techniques

The HijackLoader malware has incorporated additional defense evasion tactics. Increasingly, other threat actors are leveraging this malware for delivering payloads and tooling. The developer employed a standard process hollowing technique [...]

New Fortinet VPN RCE Vulnerability Uncovered: Apply Patch Immediately

Fortinet has issued a warning regarding a critical vulnerability found in its FortiOS SSL VPN system, which could be actively exploited by attackers. This vulnerability within Fortinet's network security solutions [...]

GitLab Security Flaw (CVE-2024-0402) Raises Concerns of File Overwrite Risk

In a recent security update, GitLab has released a patch addressing a critical vulnerability that could permit unauthorized users to overwrite files. This poses a risk of data corruption or [...]

A critical vulnerability in Apple iOS and macOS has been discovered and exploited

The Cybersecurity and Infrastructure Security Agency has identified a security flaw in Apple operating systems, specifically iOS and macOS, and has included it in the agency’s Known Exploited Vulnerabilities catalog. [...]

Kasseika Ransomware Exploits Vulnerable Antivirus Drivers

A recently discovered ransomware, named "Kasseika," employs Bring Your Own Vulnerable Driver tactics to incapacitate antivirus software prior to encrypting files. It is suspected that Kasseika may have been developed [...]

Discovery of Authentication Bypass Vulnerability in GoAnywhere MFT

Fortra has revealed a critical vulnerability in its GoAnywhere MFT (Managed File Transfer) software—an authentication bypass that poses a significant security risk. Exploiting this vulnerability successfully could enable attackers to [...]

Apple resolves the first zero-day bug exploited in attacks this year

Apple has issued security updates to tackle the first zero-day vulnerability of the year, which has been exploited in attacks and could affect iPhones, Macs, and Apple TVs. The zero-day [...]

GitHub Developer SSH Keys Targeted Through Malicious npm Packages

Security researchers recently discovered two new malicious packages on the npm open source package manager. These packages utilized GitHub to store stolen Base64-encrypted SSH keys taken from developer systems. Identified [...]

Active Exploitation of 2 Citrix Remote Code Execution (RCE) Vulnerabilities, CISA Issues Notification

CISA has set a deadline of one to three weeks for addressing three vulnerabilities associated with Citrix NetScaler and Google Chrome. These zero-day vulnerabilities have been actively exploited in cyber [...]

New Godzilla Web Shell Attacks Exploit Apache ActiveMQ Flaw

Cybersecurity researchers caution about a significant rise in threat actor activity exploiting a recently patched flaw in Apache ActiveMQ. This exploitation aims to deliver the Godzilla web shell on compromised [...]

LockBit Ransomware Uses Resume Word Files to Spread

An ASEC investigation has uncovered the latest tactics employed by the notorious LockBit ransomware. Under the guise of "post-paid pentesters," the ransomware now adopts the strategy of appearing as harmless [...]

Latest Docker Malware: CPU Theft for Crypto and Fake Website Traffic Generation

A recently launched campaign aimed at vulnerable Docker services installs both an XMRig miner and the 9hits viewer app on compromised hosts, enabling a dual monetization approach. 9hits functions as [...]

Critical Vulnerability: 178,000 SonicWall Firewalls at Risk of DoS and RCE

Recent research reveals a substantial number of vulnerable SonicWall firewall instances susceptible to remote code execution (RCE) and DoS attacks. Regrettably, no official patches are currently available, compelling clients to [...]

Atlassian’s Confluence Data Center and Server Affected by Critical RCE Vulnerability

Atlassian recommends that its customers update their Confluence Data Center and Server to safeguard against the exploitation of a critical vulnerability that has the potential to lead to Remote Code [...]

AzorUlt Stealer Resurfaces, Employing Email Phishing Tactics

Cybersecurity experts have rediscovered the eight-year-old Azorult malware, known for stealing information and harvesting sensitive data. The malware had been inactive since late 2021, prompting the question of whether this [...]

New Google Chrome 0-day Vulnerability Exploited

In the latest release notes, Google discloses a newly discovered 0-day vulnerability already being exploited in the wild. Although the update addresses the issue, the fact that it is actively [...]

Can Patches Prevent Zero-Day Attacks?

In recent years, zero-day exploits and attacks have emerged as prominent threats. Leveraging unknown vulnerabilities within software, these attacks are nearly impossible to detect and prevent. Zero-day attacks can result [...]

Windows SmartScreen Bypass Exploited by Information Stealer

The malicious campaign leverages the CVE-2023-36025 vulnerability in Microsoft Windows Defender SmartScreen to propagate Phemedrone Stealer. Employing sophisticated evasion techniques, it evades conventional security measures to target sensitive user information. [...]

Researchers identify FBot hacking tool hijacking cloud and payment services.

SentinelOne's malware hunters flagged a recently uncovered Python-based hacking tool employed by cybercriminals to hijack cloud platforms and payment services. FBot hacking tool hijacking cloud and payment services The tool, [...]

High Severity Vulnerability in Cisco Unity Connection Could Enable Root Privileges (CVE-2024-20272)

Cisco has successfully addressed a high-severity security vulnerability in Unity Connection. This flaw had the potential to allow unauthenticated attackers to upload malicious files, execute arbitrary commands, and acquire root [...]

Volexity detects Chinese hackers exploiting zero-day vulnerabilities in Ivanti VPN.

On Wednesday, cybersecurity researchers at Volexity issued a warning, revealing that suspected Chinese nation-state hackers are currently exploiting two unauthenticated remote zero-day vulnerabilities in Ivanti Connect Secure VPN devices. Zero-days [...]

Water Curupira Hackers Spreading PikaBot Loader Malware

In 2023, the threat actor known as Water Curupira has been actively disseminating the PikaBot loader malware through spam campaigns. All about PikaBot Loader Malware In a recently published report, [...]

Two Adobe ColdFusion Vulnerabilities Exploited in The Wild

Two vulnerabilities in Adobe ColdFusion have been targeted in real-world attacks, as cautioned by the Cybersecurity & Infrastructure Security Agency (CISA). These vulnerabilities stem from inadequate validation of deserialized data, [...]

SMTP Smuggling Emerges as a Fresh Email Security Concern

An innovative SMTP Smuggling technique has been reported with the capability to circumvent current security protocols. Additionally, it empowers attackers to send forged emails that appear to originate from authentic [...]

Ivanti Released a Patch in Endpoint Manager Solution (EPM) for a Critical Vulnerability

Ivanti has resolved a critical vulnerability in its Endpoint Manager (EPM) solution, designated as CVE-2023-39336, carrying a severity score of 9.6/10. This vulnerability, impacting EPM versions 2021 and 2022 before [...]

New ‘SpectralBlur’ macOS Backdoor Linked to North Korea

Security researchers have delved into the intricacies of SpectralBlur, an emerging macOS backdoor believed to be associated with the recently discovered North Korean malware family known as KandyKorn. New ‘SpectralBlur’ [...]

3 Malicious PyPI Packages Target Linux with Crypto Miners

Fortinet researchers identified three malicious packages in the PyPI repository—modularseven, driftme, and catme. These packages, attributed to the same author, "sastra," were specifically crafted to target Linux systems and install [...]

CISA Issues Alert for Juniper Secure Analytics Vulnerabilities

In a recent alert, the Cybersecurity and Infrastructure Security Agency (CISA) highlighted that Juniper has issued security updates to resolve several vulnerabilities in the Juniper Secure Analytics Virtual Appliance. This [...]

Microsoft Disables MSIX App Installer Protocol

Microsoft has disabled the MSIX installer protocol in Windows in response to its exploitation in real-world cyberattacks. Hackers discovered a method to abuse the protocol, allowing them to install malicious [...]

Misconfigurations in Google Kubernetes Engine (GKE) Lead to a Privilege Escalation Exploit Chain

A recent Unit 42 investigation uncovered a dual privilege escalation chain affecting Google Kubernetes Engine (GKE). Stemming from misconfigurations in GKE's FluentBit logging agent and Anthos Service Mesh (ASM), this [...]

Xamalicious Trojan Hits Over 327K Android Devices

Researchers uncovered a novel Android backdoor named Xamalicious at the end of 2023. This malware demonstrates significant capabilities to carry out malicious actions on compromised devices, leveraging Android's accessibility permissions [...]

Remote Encryption Attacks -Explanation & Mitigation

The digital landscape is witnessing a rise in sophisticated ransomware attacks, specifically remote encryption attacks. While the technology itself is not novel, it resembles a YouTube video uploaded a decade [...]

Microsoft Word Documents Used as Lures to Distribute Nim-Based Malware

A recently identified phishing campaign is using decoy Microsoft Word documents as a lure to deploy a backdoor written in the Nim programming language. Nim-Based Malware "Malware in uncommon programming [...]

Cryptocurrency Scams on Twitter Exploit Post Features

Scammers exploit a feature of Twitter posts, deceiving users and putting digital assets at risk. This deceptive tactic relies on Twitter's URL structure, enabling hackers to entice individuals into various [...]

GOOGLE ADDRESSED A NEW ACTIVELY EXPLOITED CHROME ZERO-DAY

Google has issued emergency updates to address yet another Chrome zero-day vulnerability that has been actively exploited in the wild. This marks the eighth zero-day vulnerability patched since the beginning [...]

Microsoft Alerts of RCE and DoS Vulnerabilities in Perforce Server

In the course of a security assessment of its game development studios, Microsoft identified four vulnerabilities in Perforce Helix Core Server. These vulnerabilities have the potential to be exploited remotely [...]

Comcast’s Xfinity Breach Exposes Data of 35.8 Million Users

Comcast has officially acknowledged a significant security breach affecting its Xfinity division, with approximately 36 million customers of the world's largest telecom provider exposed due to the CitrixBleed exploitation. Hackers [...]

Kinsta Alerts About Phishing Campaign on Google Ads

Kinsta, a leading WordPress hosting provider, has alerted its customers to a troubling cybersecurity development. Cybercriminals are exploiting Google Search Ads to promote phishing websites, with a focus on pilfering [...]

Qbot malware resurfaces in a new campaign focusing on the hospitality sector.

QakBot malware has re-emerged in phishing campaigns, following a disruption of the botnet by law enforcement during the summer. In August, a multinational law enforcement initiative named Operation Duck Hunt [...]

FortiGuard Releases Security Updates for Critical Vulnerabilities

FortiGuard unveiled security updates on December 12, 2023, to mitigate multiple critical vulnerabilities present in its FortiOS, FortiPAM, FortiMail, FortiNDR, FortiRecorder, FortiSwitch, and FortiVoice products. Exploiting these vulnerabilities could potentially [...]

Google Will Block Third-Party Cookies for All Chrome Users by the Second Half of 2024

On Thursday, Google declared its plans to initiate testing of a new feature named "Tracking Protection" from January 4, 2024. This testing phase will involve 1% of Chrome users and [...]

116 Malicious Packages Detected in PyPI Repository, Targeting Windows and Linux Operating Systems

Security experts have uncovered a collection of 116 malicious packages within the Python Package Index (PyPI) repository, specifically crafted to compromise Windows and Linux systems through a tailored backdoor. ESET [...]

Enhancing Android Security: Google Implements Clang Sanitizers to Safeguard Against Cellular Baseband Vulnerabilities

Google Emphasizes Clang Sanitizers in Strengthening Android's Cellular Baseband Security and Mitigating Vulnerabilities What are Clang sanitizers? Clang sanitizers constitute a suite of tools designed for the static analysis of [...]

APPLE RELEASED IOS 17.2 TO ADDRESS A DOZEN OF SECURITY FLAWS

iOS 17.2 and iPadOS 17.2 have been launched by the company, featuring enhancements that resolve twelve security vulnerabilities. Among these, the most critical is a memory corruption issue located within [...]

21 Security Flaws Found to Affect Over 86,000 Sierra AirLink Routers

Researchers Uncover 21 New Sierra Vulnerabilities Affecting Over 86,000 Exposed Online Devices. Sierra AirLink Routers Users of Sierra AirLink routers face potential threats, including remote code execution, unauthorized access, cross-site [...]

Microsoft Issues Warning on COLDRIVER: Ongoing Evolution in Evasion and Credential Theft Strategies

COLDRIVER, the threat actor, persists in carrying out credential theft operations targeting entities strategically significant to Russia, concurrently enhancing its capabilities to evade detection. Microsoft Issues Warning on COLDRIVER The [...]

Atlassian Deploys Crucial Software Updates to Mitigate Remote Code Execution Vulnerabilities

Atlassian has issued software patches to rectify four critical vulnerabilities in its software. Successful exploitation of these flaws could lead to remote code execution. The following is a list of [...]

Apple Addresses Exploited Zero-Day Vulnerabilities with Emergency Security Update: CVE-2023-42916, CVE-2023-42917

Apple responded to the active exploitation of two zero-day vulnerabilities in the wild by swiftly issuing emergency security updates. Identified as CVE-2023-42916 and CVE-2023-42917, these vulnerabilities specifically impact the WebKit [...]

Qlik Sense Vulnerabilities Exploited in Ransomware Attacks

There's evidence of a CACTUS ransomware campaign exploiting recently revealed security vulnerabilities in Qlik Sense, a cloud analytics and business intelligence platform. This exploitation serves as a means to gain [...]

Google Introduces RETVec: Gmail’s Latest Safeguard Against Spam and Malicious Emails

Google has unveiled RETVec (Resilient and Efficient Text Vectorizer), a new multilingual text vectorizer designed to enhance Gmail's capability in detecting potentially harmful content, including spam and malicious emails. According [...]

Exploitation Attempts Observed for Critical ownCloud Vulnerability (CVE-2023-49103)

The cybersecurity community has expressed concerns as they've detected exploitative activities focusing on ownCloud, leveraging the CVE-2023-49103 vulnerability. The spotlight is on ownCloud, a well-known open-source file server recognized for [...]

Ensuring Your Security During Black Friday and Cyber Monday 2023

Annually, the holiday season kicks off with the significant retail shopping events in the U.S., Black Friday and Cyber Monday, occurring on the Friday and Monday following Thanksgiving. Anticipated to [...]

New Rust-based SysJoker backdoor linked to Hamas hackers

SysJoker, a multi-platform malware, has been identified in a novel iteration, showcasing a comprehensive code overhaul implemented in the Rust programming language. All about SysJoker Intezer initially documented SysJoker as [...]

CISA Alert: Serious Vulnerabilities in Adobe ColdFusion (CVE-2023-44350, CVE-2023-44351, CVE-2023-44353 and More)

An alert has been released by CISA regarding several vulnerabilities affecting Adobe ColdFusion. The alert emphasizes that the vulnerabilities, if exploited, may give threat actors control over the affected systems. [...]

DarkGate and PikaBot Malware Resurrect QakBot’s Techniques in New Phishing Assaults

Phishing campaigns distributing malware families like DarkGate and PikaBot are employing tactics reminiscent of attacks associated with the now-defunct QakBot trojan. Cofense, in a report shared with The Hacker News, [...]

Six Steps to Safeguard Small Businesses Against Cyberattacks

Successful management of cyber risks in small businesses centers on adherence to workplace regulations and the attainment of robust security measures. Cyber security and data privacy protection concept with icon [...]

MySQL: Servers Targeted by DDoS-as-a-Service, Ddostf

Malicious cyber actors exploit MySQL servers through a botnet known as 'Ddostf,' utilizing it as a DDoS-as-a-Service platform available for lease by other cybercriminals. AhnLab's ASEC researchers identified the mentioned [...]

Zimbra Zero-Day Exploited to Hack Government Emails

Four distinct groups exploited a zero-day vulnerability in the Zimbra Collaboration email software in real-world attacks, aiming to illicitly acquire email data, user credentials, and authentication tokens. Zimbra Zero-Day Exploited [...]

Critical CVE-2023-34060 Vulnerability in VMware Cloud Director Appliance: CISA Advises Immediate Patching

VMware has just released an advisory (VMSA-2023-0026) addressing a critical authentication bypass vulnerability found in the VMware Cloud Director Appliance (VCD Appliance). Designated as CVE-2023-34060, this vulnerability presents a substantial [...]

Google Warns of Malicious Exploitation of Bard by Fraudster

Google Files Lawsuit Against Fraudsters Exploiting Bard's Genetics Artificial Intelligence Hype to Deceptively Distribute Malware. Today, a lawsuit was filed in California, asserting that individuals, seemingly based in Vietnam, are [...]

OracleIV DDoS Botnet Malware Targets Docker Engine API Instances

The OracleIV botnet malware employs various strategies, with a central emphasis on executing DDoS attacks through floods utilizing UDP and SSL protocols. OracleIV DDoS Botnet Malware Targets Docker Engine Cado [...]

Microsoft warns LinkedIn users of fake skills assessment portals

A sub-cluster of the notorious Lazarus Group has created deceptive infrastructure mimicking skills assessment portals for inclusion in its social engineering campaigns. Microsoft has linked the observed activity to a [...]

BiBi-Windows Wiper: Targets Windows in Pro-Hamas attacks

Cybersecurity researchers have issued a warning about a Windows variant of a malware called BiBi-Windows Wiper. This malware has been observed targeting Linux systems in cyber attacks specifically aimed at [...]

GootBot: New dangerous variant of GootLoader malware

The latest iteration of GootLoader malware, known as GootBot, enables lateral movement within compromised systems while successfully evading detection. As per IBM X-Force researchers, the inclusion of a custom bot [...]

New Variant of BlueNoroff Malware Targets Mac Users

"Researchers Discover BlueNoroff RustBucket Malware Variant Targeting MacOS" - A recent report from Jamf Threat Labs sheds light on the ongoing evolution of this attack and its potential targets. "RustBucket, [...]

SecuriDropper: New DaaS service installs malware on Android

A recently emerged business offering a "Dropper-as-a-Service" (DaaS) known as "SecuriDropper" bypasses Android's "Restricted Settings" function to install malware on devices and gain access to Accessibility Services. SecuriDropper "Restricted Settings" [...]

Mozi malware botnet: Disabled by mysterious kill-switch

The Mozi malware operation came to a sudden halt in August when an unidentified individual delivered a payload on September 27, 2023, triggering a kill-switch that effectively disabled all the [...]

Arid Viper target Android users with spyware

The hacking group known as Arid Viper (also identified as APT-C-23, Desert Falcon, or TAG-63) is purportedly responsible for a distribution campaign involving Android spyware. This spyware specifically targets Arabic-speaking [...]

Malicious NuGet Packages Caught Distributing SeroXen RAT Malware

Cybersecurity experts have discovered a fresh batch of malicious packages distributed through the NuGet package manager, employing a less conventional technique for deploying malware. The software supply chain security firm [...]

Lazarus hackers targeted a software vendor using known vulnerabilities

A recent cyber campaign attributed to the Lazarus hackers from North Korea appears to have focused on a specific vendor's software, which remains unidentified. It's reported that these hackers exploited [...]

Critical Vulnerability in F5 BIG-IP Configuration Utility Allows Request Smuggling, Leads to RCE: CVE-2023-46747

A critical vulnerability, known as CVE-2023-46747, has been uncovered in F5 BIG-IP products, allowing unauthenticated remote code execution. This vulnerability is rated at a high CVSS score of 9.8, prompting [...]

Safari Vulnerability Exposes Apple iPhones and Macs Powered by A and M-Series CPUs to Security Risks

A team of researchers has developed an innovative side-channel attack called iLeakage, which takes advantage of a vulnerability in Apple's A- and M-series CPUs found in iOS, iPadOS, and macOS [...]

Backdoor planted on hacked Cisco IOS XE devices altered to evade detection

The backdoor infiltrated Cisco devices by exploiting two zero-day flaws in IOS XE software has been altered by the threat actor to evade detection through previous fingerprinting techniques. "Examination of [...]

iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation

The TriangleDB implant, designed for infiltrating Apple iOS devices, incorporates four distinct modules: one for capturing audio from the device's microphone, another for extracting data from the iCloud Keychain, a [...]

SolarWinds: Serious RCE vulnerabilities discovered

Security researchers have uncovered three critical remote code execution (RCE) vulnerabilities within the SolarWinds Access Rights Manager (ARM) product. These vulnerabilities could potentially be exploited by remote attackers to run [...]

Zero-Day Vulnerabilities in Citrix NetScaler and WinRAR Are Under Active Exploitation (CVE-2023-4966, CVE-2023-38831)

Threat actors are currently exploiting critical vulnerabilities in Citrix NetScaler and WinRAR, posing a significant risk to a variety of targets, including government organizations. In a recent report, researchers exposed [...]

SpyNote: Android spyware records your calls

Security researchers conducted an analysis of the Android trojan called SpyNote, revealing numerous spyware capabilities associated with it. SpyNote: Android spyware F-Secure reports that the trojan in question is typically [...]

Fake browser updates are used to distribute malware

Cybercriminals are increasingly employing counterfeit browser updates that imitate genuine notifications from Google Chrome, Mozilla Firefox, and Microsoft Edge to distribute malware on victims' computers. Fake browser updates A recent [...]

Microsoft: New bug bounty program for AI-powered Bing

Microsoft has unveiled a fresh bug bounty program that centers around enhancing the AI-powered Bing experience, offering researchers compensation of up to $15,000. Within the framework of this novel Bing [...]

‘Rapid Reset’ DDoS Attacks Rise: October 2023 Patch Tuesday Has Arrived (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487)

In October 2023, Microsoft unveiled its latest Patch Tuesday, addressing a comprehensive 103 security vulnerabilities. Within this count, 12 have received a critical rating, while three zero-day vulnerabilities are currently [...]

Google Expands Bug Bounty Program With Chrome, Cloud CTF Events

Google's research team introduced the v8CTF, a capture-the-flag (CTF) challenge centered around the V8 JavaScript engine used in the Chrome browser. This initiative can be considered an extension of the [...]

Formbook is a highly prevalent malware strain

The September 2023 Global Threat Index from Check Point cybersecurity researchers has unveiled notable shifts in the cybersecurity threat landscape. Within the report, a prominent focus is placed on a [...]

The importance of email marketing for businesses

In the contemporary era dominated by technology and social media, email marketing continues to stand out as a highly effective promotional technique for businesses. Despite the growing prominence of social [...]

Exploits released for Linux flaw giving root on major distros

Online, proof-of-concept exploits have emerged for a critical vulnerability in GNU C Library's dynamic loader, granting local attackers root privileges on prominent Linux distributions. Exploits released for Linux flaw Named [...]

Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems

Cisco has issued updates to rectify a critical security vulnerability affecting Emergency Responder, which permits unauthorized remote attackers to access vulnerable systems through the use of hardcoded credentials. Cisco Releases [...]

Increased number of victims reported to “leak sites” of ransomware gangs

According to the "2023 State of the Threat" report by Her Secureworks, the number of victims reported on ransomware leak sites by criminal gangs reached exceptionally high levels from March [...]

EvilProxy: Phishing Microsoft 365 via indeed.com open redirect

A recent phishing campaign dubbed "EvilProxy" has come to light, with its sights set on the Microsoft 365 accounts of top-level executives within US-based organizations. This campaign takes advantage of [...]

Lazarus hackers breach aerospace company with new LightlessCan malware

The Lazarus hacking group, associated with North Korea, launched a cyberattack on a Spanish aerospace company by enticing its employees with bogus job offers, eventually infiltrating the corporate network through [...]

Cisco: Prompts administrators to patch an IOS zero-day

On Wednesday, Cisco issued a warning to its customers, urging them to address a zero-day vulnerability in IOS and IOS XE systems, which can be exploited by malicious users. Cisco: [...]

Zanubis: The Android banking trojan gets even more dangerous

The Android banking Trojan Zanubis has adopted a new disguise, posing as the official application of the Peruvian government organization SUNAT (Superintendencia Nacional de Aduanas y de Administración Tributaria), thereby [...]

Hackers are actively exploiting an Openfire flaw

Malicious actors are actively taking advantage of a critical vulnerability in Openfire messaging servers, using it to encrypt server data with ransomware and deploy cryptocurrency miners. Cybercriminals are currently exploiting [...]

Researchers uncover a thriving underground economy for malware targeting IoT devices

Researchers have exposed a robust clandestine ecosystem focused on crafting malware for IoT device exploitation. Researchers at Kaspersky have detected a flourishing underground marketplace on the dark web, featuring zero-day [...]

ZenRAT Malware Uncovered in Bitwarden Impersonation

A recently discovered malware variant named ZenRAT has surfaced, camouflaged within fraudulent Bitwarden installation bundles. ZenRAT Malware Proofpoint has uncovered ZenRAT, a modular remote access trojan (RAT) that specifically targets [...]

Xenomorph Android malware: Targets users of banks and crypto wallets in the US

Researchers have uncovered a new distribution campaign for the Xenomorph malware, focusing on Android users in the United States, Canada, Spain, Italy, Portugal, and Belgium. The cybersecurity firm's analysts at [...]

Stealth Falcon hackers are using the new Deadglyph malware

A recently discovered backdoor malware, known as "Deadglyph," has been detected in a cyberattack targeting a government agency in the Middle East. This malicious software has been linked to the [...]

The Rise of Mobile Malware

Mobile malware, as its name implies, is specialized malicious software crafted specifically to infiltrate mobile devices such as smartphones and tablets, with the intent of compromising sensitive user data. The [...]

Fake WinRAR proof-of-concept exploit drops VenomRAT malware

An imitation proof-of-concept (PoC) exploit targeting a WinRAR RCE vulnerability that was recently patched has been discovered on GitHub, with the intention of spreading the VenomRAT malware to unsuspecting users. [...]

Mastodon Vulnerabilities and Critical Zero-Day in TrendMicro’s Apex One Addressed: CVE-2023-41179, CVE-2023-42451, CVE-2023-42452

Mastodon has taken action to resolve two vulnerabilities, specifically CVE-2023-42451 and CVE-2023-42452. Additionally, a zero-day vulnerability, denoted as CVE-2023-41179, has been swiftly addressed in TrendMicro’s Endpoint Security product, Apex One. [...]

Nest devices can now only join one speaker group at a time

Google has confirmed that due to a recent court ruling, it is currently not possible to simultaneously use your Nest devices in multiple rooms. In a forum post, a Nest [...]

Within the Code of a Fresh XWorm Variant

XWorm is a recent addition to the remote access trojan family, quickly establishing itself as one of the most enduring global threats. Since its initial detection by researchers in 2022, [...]

The new Android banking trojan is based on ERMAC

A recent analysis of the Android banking trojan Hook has uncovered its foundation in its predecessor, ERMAC. Hook : New Android banking trojan In January 2023, ThreatFabric initially identified Hook, [...]

Uncommon AWS Services Targeted by New AMBERSQUID Cryptojacking Operation

An innovative cloud-native cryptojacking campaign has targeted lesser-known Amazon Web Services (AWS) offerings like AWS Amplify, AWS Fargate, and Amazon SageMaker, with the intent of clandestinely mining cryptocurrency. New AMBERSQUID [...]

LockBit Attack Fails, 3AM Ransomware Steps In as Plan B

Researchers have recently uncovered a novel ransomware variant known as 3AM. Their inquiry unveiled that the initial documented instance of this ransomware emerged when malicious actors replaced it with LockBit [...]

By | September 18th, 2023|BOTNET, Compromised, Exploitation, malicious cyber actors, Ransomware|0 Comments

Free Download Manager site has been redirecting Linux users to malware for years ChatGPT

The Free Download Manager website has been consistently redirecting Linux users to malware-infected destinations over an extended period! An incident report highlights an attack on the Free Download Manager supply [...]

Notepad++ 8.5.7 addresses critical security vulnerabilities

"The latest release, Notepad++ version 8.5.7, includes security updates to address several buffer overflow vulnerabilities identified in the previous version." Notepad++ Notepad++ is a widely-used, free source code editor with [...]

A Modular Malware Loader, HijackLoader, Gaining Prominence in the World of Cybercrime

"HijackLoader, a recently emerged malware loader, is rapidly gaining popularity within the cybercriminal community for distributing a range of payloads, which include DanaBot, SystemBC, and RedLine Stealer." More about HijackLoader [...]

How to make sure you don’t lose important emails in Gmail

Secure Entry in Gmail is a crucial mode that enables users to safeguard against missing essential emails. This feature empowers users to designate specific email addresses and domains within Gmail, [...]

Akira Ransomware Attacks Exploit Zero-Day Cisco ASA Vulnerability

In recent updates, there have been emerging reports about threat actors associated with the Akira ransomware focusing their attention on Cisco VPNs that do not employ multi-factor authentication (MFA). This [...]

Alert for Mac Users: A Malvertising Campaign spreads Atomic Stealer macOS Malware

A fresh malvertising campaign has come to light, disseminating an updated variant of macOS stealer malware known as Atomic Stealer (AMOS). This discovery suggests active maintenance by its author. Atomic [...]

Mirai botnet: New version financially infects Android TV boxes

A recently updated variant of the Mirai botnet malware is now targeting Android TV set-top boxes, which are widely utilized by millions of users for streaming, with a particular emphasis [...]

A new Python variant of the Chaes Malware is focusing on the banking and logistics sectors.

The banking and logistics sectors are currently facing an assault from an updated version of malware known as Chaes. Chaes Malware In early 2022, Avast conducted an analysis that unveiled [...]

Zero-Day Alert: Latest Android Patch Update Addresses Actively Exploited Vulnerability with New Fix

Google has released its monthly security patches for Android to tackle various vulnerabilities, one of which is a zero-day bug that may have been exploited in real-world scenarios. Latest Android [...]

By | September 6th, 2023|google, Security Advisory, Security Update, Tips, vulnerability, Zero Day Attack|0 Comments

Recent BLISTER Malware Update Boosting Stealthy Network Intrusion

"In the ongoing SocGholish infection chains, a revised BLISTER malware loader is now deployed to distribute Mythic, an open-source command-and-control (C2) framework. Elastic Security Labs researchers Salim Bitam and Daniel [...]

VIPRE research on spam and phishing emails

Based on a report from VIPRE, the use of malicious links in phishing emails reached 85%, and there was a 30% increase in spam emails from the first quarter to [...]

Reported ransomware attacks have targeted LogicMonitor customers, leading to security breaches

Today, LogicMonitor, a network monitoring company, confirmed that certain users of its SaaS platform have been impacted by cyberattacks. Ransomware attacks have targeted LogicMonitor customers While LogicMonitor has yet to [...]

Chinese APT Uses Fake Messenger Apps to Spy on Android Users

In the coming years, Signal's applications became compromised, while Telegram, containing the BadBazaar spyware, was uploaded to Google Play and Samsung Galaxy Store by the Chinese hacking group known as [...]

DarkGate malware activity is increasing

A recently detected malspam campaign has been identified as distributing a readily available malware known as DarkGate. DarkGate malware "In a report published last week, Telekom Security stated that the [...]

The emerging ransomware collective “Ransomed” has adopted a novel extortion strategy.

Dubbed "Ransomed," this group was initially identified by cybersecurity analyst and blogger Flashpoint on August 15th. The group has established a dedicated Telegram channel and is also showcasing a prominent [...]

A Single-Click Security Vulnerability Found in Zimbra Collaboration Suite: CVE-2023-41106

Within the realm of digital communication and collaboration, the Zimbra Collaboration Suite has long stood as a dependable companion. Nevertheless, a cloud of doubt has been cast upon its security [...]

ALPHV ransomware: New data leak API as a new extortion strategy

The ALPHV ransomware group, known as BlackCat, aims to intensify ransom payment pressure on victims by offering an API for their leak site, thereby amplifying the exposure of their attacks. [...]

NEW STUDY SHEDS LIGHT ON ADHUBLLKA RANSOMWARE NETWORK

Cybersecurity analysts have revealed an intricate network of interconnected ransomware variants, all of which can be traced back to a shared origin: the Adhubllka ransomware family. Researchers found a fresh [...]

Roblox Game Developers Facing Threat from Over a Dozen Malicious npm Packages

Since the beginning of August 2023, over twelve malicious packages have been found in the npm package repository. These packages have the ability to install an open-source information stealer named [...]

Scarab Ransomware Deployed Worldwide Via Spacecolon Toolset

"Cybersecurity experts at ESET reveal the discovery of a malevolent toolkit called Spacecolon, which has been utilized to propagate various strains of the Scarab ransomware across numerous victim organizations worldwide." [...]

New variant of XLoader macOS Malware masquerading as OfficeNote app

A fresh iteration of the XLoader malware targeting macOS disguises itself under the name 'OfficeNote' productivity application. XLoader macOS Emerging onto the scene in 2020, XLoader inherits its legacy from [...]

Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware

The Bronze Starlight hacking group has ingeniously employed a legitimate Ivacy VPN code-signing certificate to focus on the Southeast Asian gambling sector. Employing a legitimate certificate offers a significant advantage [...]

Hackers Can Exploit New WinRAR Vulnerability to Gain PC Control

A security vulnerability of significant severity has been revealed in the WinRAR utility, posing a potential risk for threat actors to execute remote code on Windows systems. Logged under CVE-2023-40477 [...]

BlackCat’s Sphynx ransomware integrates Impacket, RemCom

A new iteration of the BlackCat ransomware was recently unveiled by Microsoft's researchers. Termed 'Sphynx', this variant incorporates the Impacket networking framework and the Remcom hacking tool. These additions empower [...]

Researchers Detect Vulnerabilities in PowerShell Gallery Enabling Supply Chain Attacks

Malicious actors could exploit existing vulnerabilities within the PowerShell Gallery to execute supply chain attacks targeting users of the registry. "Aqua security researchers, including Mor Weinberger, Yakir Kadkoda, and Ilay [...]

Ivanti Avalanche Critical Buffer Overflow Vulnerabilities: CVE-2023-32560

Two significant security flaws, designated as CVE-2023-32560, have been unearthed in Ivanti Avalanche. This enterprise mobility management (EMM) solution is tasked with the management, monitoring, and security of diverse mobile [...]

MaginotDNS: DNS cache poisoning attacks

Researchers from UC Irvine and Tsinghua University have created a potent cache poisoning attack named "MaginotDNS." This attack focuses on Conditional DNS (CDNS) resolvers and has the potential to compromise [...]

Gafgyt: Exploits five year old flaw in EoL Zyxel

Fortinet has raised an alert regarding the Gafgyt botnet malware, which is currently targeting a vulnerability in the Zyxel EoL router. This vulnerability occurs during the router's final phase and [...]

Lapsus$: How They Hacked Some of the Biggest Targets

The amateur hacker group Lapsus$—mostly teenagers with limited technical training—has skillfully breached major targets like Microsoft, Okta, Nvidia, and Globant. The government is studying their methods to enhance cybersecurity. The [...]

Microsoft Patch Tuesday August: Warns of 2 zero-days

Microsoft introduces the August 2023 Patch Tuesday update, encompassing 87 security enhancements addressing 23 vulnerabilities. Among these are two vulnerabilities currently under active exploitation. The update also tackles twenty-three instances [...]

Suspected Vietnamese hacker targets Chinese, Bulgarian organizations with new ransomware

Since June 4, 2023, an unidentified threat actor has been employing a Yashma ransomware variant to target entities in English-speaking countries, Bulgaria, China, and Vietnam. Experts from Cisco Talos said [...]

QakBot Malware Operators Ramp Up C2 Network with 15 New Servers

As of late June 2023, the QakBot (aka QBot) malware operators have established 15 new command-and-control (C2) servers. The findings come as a follow-up to Team Cymru's previous malware infrastructure [...]

“Critical Remote Code Execution (RCE) Vulnerability (CVE-2023-39143) in PaperCut Application Servers”

PaperCut NG and PaperCut MF are widely adopted software solutions for managing print services on servers. CVE-2023-39143 is a path traversal vulnerability in PaperCut NG and PaperCut MF versions before [...]

Critical Microsoft Power Platform Vulnerability: Proactive Security Methods to Prevent Exploitation

Microsoft addressed a critical vulnerability in its Power Platform after criticism for a delayed response. Tenable reported the vulnerability on March 30, 2023, and an official fix was issued in [...]

Fake VMware vConnector package detected in PyPI

IT professionals were targeted by a malicious package named "VMConnect," which impersonated the VMware vSphere connector module "vConnector" and was uploaded to the Python Package Index (PyPI). Fake VMware vConnector [...]

Malicious apps employ sneaky versioning techniques to evade detection by Google Play Store scanners.

Threat actors use versioning to bypass Google Play Store's malware detection and target Android users. In its August 2023 Threat Horizons Report shared with The Hacker News, Google Cybersecurity Action [...]

NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets

Palo Alto Networks Unit 42 found a new phishing campaign distributing a Python variant of NodeStealer. The code aims to seize Facebook business accounts and steal cryptocurrency funds. The threat [...]

A new attack significantly affects AI chatbots

The Chat GPT and other AI models have undergone numerous modifications to prevent malicious users from exploiting them to generate spam, hate speech, sharing personal information, or providing instructions for [...]

Fruity Trojan: Uses deceptive software installers to spread the Remcos RAT

Cybercriminals are fabricating counterfeit websites containing software installers that have been infected with a downloader malware named Fruity. Their objective is to deceive unsuspecting users into unwittingly downloading this trojan, [...]

Flipper Zero: Now has an app store for third-party applications

The Flipper Zero team recently introduced "Flipper Apps," its very own mobile app store. This new store enables mobile users to easily install 3rd party applications, expanding the capabilities of [...]

WordPress Ninja Forms: Flaw in plugin allows data theft

The renowned WordPress form plugin, Ninja Forms, has been identified to have three vulnerabilities that might grant unauthorized privileges to malicious users and enable them to extract personal data. On [...]

Lazarus: They hijack Microsoft’s IIS servers to distribute malware

Lazarus, a state-backed North Korean hacker group, targets Windows Internet Information Service (IIS) web servers to use them as a platform for distributing malware. IIS serves as Microsoft's web server [...]

Azimut: Italian Asset Manager victim of ransomware attack

Azimuth Group, an Italian asset management company, oversees a substantial portfolio of over $87.2 billion in assets. It has recently made a strong statement, affirming that it will not yield [...]

Microsoft: Stolen key gave access to cloud services

Wiz security researchers have revealed that Chinese hackers, known as Storm-0558, successfully stole Microsoft's consumer signing key. With this key, the hackers gained access to breached accounts on Exchange Online [...]

Estée Lauder: Hacked by two ransomware gangs

Estee Lauder has recently experienced a significant ransomware breach, joining the list of prominent companies targeted by attackers. Two groups have claimed responsibility for compromising the firm's security. The Estée [...]

Mallox ransomware exploits weak MS-SQL servers to breach networks

New findings from Palo Alto Networks Unit 42 reveal that in 2023, Mallox ransomware activities have surged by an alarming 174% compared to the previous year. Mallox ransomware According to [...]

BundleBot malware steals sensitive information

The cybersecurity landscape has been recently shaken by the emergence of BundleBot, a sophisticated malware strain that leverages advanced . NET file development techniques to facilitate the unauthorized extraction of [...]

Adobe: Urgent patch fixes ColdFusion zero-day

Adobe has addressed three vulnerabilities in ColdFusion, including a zero-day vulnerability. Adobe fixed three vulnerabilities in ColdFusion, their web application development platform. One of these vulnerabilities was a zero-day, and [...]

“Blackhat AI Module ‘WormGPT’ Attracts 5,000 Subscribers in a Few Days”

Artificial Intelligence (AI) has introduced revolutionary advances, including generative AI, which shows great potential for creative use. However, the emergence of tools like WormGPT has raised concerns about its implications. [...]

Turla: Targets Exchange servers with new DeliveryCheck backdoor malware

Microsoft and the Ukrainian CERT issued a warning about Russian state hacking group Turla launching new attacks. The targets include the defense industry and Microsoft Exchange servers, exploiting a new [...]

Critical and High Vulnerabilities in Citrix ADC and Citrix Gateway (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467)

Citrix ADC and Citrix Gateway, renowned for their role in facilitating secure application delivery and remote access solutions, have unfortunately been discovered to possess critical vulnerabilities. These vulnerabilities present substantial [...]

AVrecon malware infects 70.000 Linux routers to create botnet

AVrecon malware infects 70,000 Linux routers, forming a botnet for bandwidth theft and a hidden residential proxy service. AVrecon malware Recently, a Linux-based Remote Access Trojan (RAT) was brought to [...]

Gamaredon hackers steal data in less than an hour after the breach

The Computer Emergency Response Team (CERT-UA) of Ukraine has issued a warning regarding the rapid actions of the hackers known as Gamaredon. They possess the ability to swiftly pilfer data [...]

Zimbra to admins: Manually patch this zero-day vulnerability

Zimbra Collaboration Suite (ZCS) has issued an urgent advisory, urging administrators to apply a manual patch for a zero-day vulnerability. This vulnerability is actively exploited by attackers to target and [...]

Fake PoC for a Linux Kernel vulnerability on GitHub contains malware

A fake PoC about a Linux kernel vulnerability on GitHub exposed researchers to malware. A backdoor with a "sly" persistence method has been found in a proof-of-concept (PoC) on GitHub, [...]

Triada Malware: Infects Android devices via fake Telegram app

The Triada malware infiltrates Android devices through a counterfeit Telegram app. Thankfully, the version of Telegram infected with the Triada malware is disseminated exclusively through third-party stores, rather than the [...]

Critical Auth Bypass Vulnerabilities: SonicWall Urges Immediate Patching for GMS/Analytics

SonicWall has issued an urgent warning to its customers, urging them to promptly patch several critical vulnerabilities that are affecting the company's Global Management System (GMS) firewall management and Analytics [...]

Microsoft’s July 2023 Patch Tuesday Fixes Five Zero-Days, Nine Critical Vulnerabilities

Today, Microsoft Corp. released software updates to address a total of 130 security vulnerabilities in its Windows operating systems and related software.