Home 2017-08-28T17:57:09+05:30

The Rise of Mobile Malware

Mobile malware, as its name implies, is specialized malicious software crafted specifically to infiltrate mobile devices such as smartphones and tablets, with the intent of compromising sensitive user data. The [...]

Fake WinRAR proof-of-concept exploit drops VenomRAT malware

An imitation proof-of-concept (PoC) exploit targeting a WinRAR RCE vulnerability that was recently patched has been discovered on GitHub, with the intention of spreading the VenomRAT malware to unsuspecting users. [...]

Mastodon Vulnerabilities and Critical Zero-Day in TrendMicro’s Apex One Addressed: CVE-2023-41179, CVE-2023-42451, CVE-2023-42452

Mastodon has taken action to resolve two vulnerabilities, specifically CVE-2023-42451 and CVE-2023-42452. Additionally, a zero-day vulnerability, denoted as CVE-2023-41179, has been swiftly addressed in TrendMicro’s Endpoint Security product, Apex One. [...]

Nest devices can now only join one speaker group at a time

Google has confirmed that due to a recent court ruling, it is currently not possible to simultaneously use your Nest devices in multiple rooms. In a forum post, a Nest [...]

Within the Code of a Fresh XWorm Variant

XWorm is a recent addition to the remote access trojan family, quickly establishing itself as one of the most enduring global threats. Since its initial detection by researchers in 2022, [...]

The new Android banking trojan is based on ERMAC

A recent analysis of the Android banking trojan Hook has uncovered its foundation in its predecessor, ERMAC. Hook : New Android banking trojan In January 2023, ThreatFabric initially identified Hook, [...]

Uncommon AWS Services Targeted by New AMBERSQUID Cryptojacking Operation

An innovative cloud-native cryptojacking campaign has targeted lesser-known Amazon Web Services (AWS) offerings like AWS Amplify, AWS Fargate, and Amazon SageMaker, with the intent of clandestinely mining cryptocurrency. New AMBERSQUID [...]

LockBit Attack Fails, 3AM Ransomware Steps In as Plan B

Researchers have recently uncovered a novel ransomware variant known as 3AM. Their inquiry unveiled that the initial documented instance of this ransomware emerged when malicious actors replaced it with LockBit [...]

By | September 18th, 2023|BOTNET, Compromised, Exploitation, malicious cyber actors, Ransomware|0 Comments

Free Download Manager site has been redirecting Linux users to malware for years ChatGPT

The Free Download Manager website has been consistently redirecting Linux users to malware-infected destinations over an extended period! An incident report highlights an attack on the Free Download Manager supply [...]

Notepad++ 8.5.7 addresses critical security vulnerabilities

"The latest release, Notepad++ version 8.5.7, includes security updates to address several buffer overflow vulnerabilities identified in the previous version." Notepad++ Notepad++ is a widely-used, free source code editor with [...]

A Modular Malware Loader, HijackLoader, Gaining Prominence in the World of Cybercrime

"HijackLoader, a recently emerged malware loader, is rapidly gaining popularity within the cybercriminal community for distributing a range of payloads, which include DanaBot, SystemBC, and RedLine Stealer." More about HijackLoader [...]

How to make sure you don’t lose important emails in Gmail

Secure Entry in Gmail is a crucial mode that enables users to safeguard against missing essential emails. This feature empowers users to designate specific email addresses and domains within Gmail, [...]

Akira Ransomware Attacks Exploit Zero-Day Cisco ASA Vulnerability

In recent updates, there have been emerging reports about threat actors associated with the Akira ransomware focusing their attention on Cisco VPNs that do not employ multi-factor authentication (MFA). This [...]

Alert for Mac Users: A Malvertising Campaign spreads Atomic Stealer macOS Malware

A fresh malvertising campaign has come to light, disseminating an updated variant of macOS stealer malware known as Atomic Stealer (AMOS). This discovery suggests active maintenance by its author. Atomic [...]

Mirai botnet: New version financially infects Android TV boxes

A recently updated variant of the Mirai botnet malware is now targeting Android TV set-top boxes, which are widely utilized by millions of users for streaming, with a particular emphasis [...]

A new Python variant of the Chaes Malware is focusing on the banking and logistics sectors.

The banking and logistics sectors are currently facing an assault from an updated version of malware known as Chaes. Chaes Malware In early 2022, Avast conducted an analysis that unveiled [...]

Zero-Day Alert: Latest Android Patch Update Addresses Actively Exploited Vulnerability with New Fix

Google has released its monthly security patches for Android to tackle various vulnerabilities, one of which is a zero-day bug that may have been exploited in real-world scenarios. Latest Android [...]

By | September 6th, 2023|google, Security Advisory, Security Update, Tips, vulnerability, Zero Day Attack|0 Comments

Recent BLISTER Malware Update Boosting Stealthy Network Intrusion

"In the ongoing SocGholish infection chains, a revised BLISTER malware loader is now deployed to distribute Mythic, an open-source command-and-control (C2) framework. Elastic Security Labs researchers Salim Bitam and Daniel [...]

VIPRE research on spam and phishing emails

Based on a report from VIPRE, the use of malicious links in phishing emails reached 85%, and there was a 30% increase in spam emails from the first quarter to [...]

Reported ransomware attacks have targeted LogicMonitor customers, leading to security breaches

Today, LogicMonitor, a network monitoring company, confirmed that certain users of its SaaS platform have been impacted by cyberattacks. Ransomware attacks have targeted LogicMonitor customers While LogicMonitor has yet to [...]

Chinese APT Uses Fake Messenger Apps to Spy on Android Users

In the coming years, Signal's applications became compromised, while Telegram, containing the BadBazaar spyware, was uploaded to Google Play and Samsung Galaxy Store by the Chinese hacking group known as [...]

DarkGate malware activity is increasing

A recently detected malspam campaign has been identified as distributing a readily available malware known as DarkGate. DarkGate malware "In a report published last week, Telekom Security stated that the [...]

The emerging ransomware collective “Ransomed” has adopted a novel extortion strategy.

Dubbed "Ransomed," this group was initially identified by cybersecurity analyst and blogger Flashpoint on August 15th. The group has established a dedicated Telegram channel and is also showcasing a prominent [...]

A Single-Click Security Vulnerability Found in Zimbra Collaboration Suite: CVE-2023-41106

Within the realm of digital communication and collaboration, the Zimbra Collaboration Suite has long stood as a dependable companion. Nevertheless, a cloud of doubt has been cast upon its security [...]

ALPHV ransomware: New data leak API as a new extortion strategy

The ALPHV ransomware group, known as BlackCat, aims to intensify ransom payment pressure on victims by offering an API for their leak site, thereby amplifying the exposure of their attacks. [...]

NEW STUDY SHEDS LIGHT ON ADHUBLLKA RANSOMWARE NETWORK

Cybersecurity analysts have revealed an intricate network of interconnected ransomware variants, all of which can be traced back to a shared origin: the Adhubllka ransomware family. Researchers found a fresh [...]

Roblox Game Developers Facing Threat from Over a Dozen Malicious npm Packages

Since the beginning of August 2023, over twelve malicious packages have been found in the npm package repository. These packages have the ability to install an open-source information stealer named [...]

Scarab Ransomware Deployed Worldwide Via Spacecolon Toolset

"Cybersecurity experts at ESET reveal the discovery of a malevolent toolkit called Spacecolon, which has been utilized to propagate various strains of the Scarab ransomware across numerous victim organizations worldwide." [...]

New variant of XLoader macOS Malware masquerading as OfficeNote app

A fresh iteration of the XLoader malware targeting macOS disguises itself under the name 'OfficeNote' productivity application. XLoader macOS Emerging onto the scene in 2020, XLoader inherits its legacy from [...]

Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware

The Bronze Starlight hacking group has ingeniously employed a legitimate Ivacy VPN code-signing certificate to focus on the Southeast Asian gambling sector. Employing a legitimate certificate offers a significant advantage [...]

Hackers Can Exploit New WinRAR Vulnerability to Gain PC Control

A security vulnerability of significant severity has been revealed in the WinRAR utility, posing a potential risk for threat actors to execute remote code on Windows systems. Logged under CVE-2023-40477 [...]

BlackCat’s Sphynx ransomware integrates Impacket, RemCom

A new iteration of the BlackCat ransomware was recently unveiled by Microsoft's researchers. Termed 'Sphynx', this variant incorporates the Impacket networking framework and the Remcom hacking tool. These additions empower [...]

Researchers Detect Vulnerabilities in PowerShell Gallery Enabling Supply Chain Attacks

Malicious actors could exploit existing vulnerabilities within the PowerShell Gallery to execute supply chain attacks targeting users of the registry. "Aqua security researchers, including Mor Weinberger, Yakir Kadkoda, and Ilay [...]

Ivanti Avalanche Critical Buffer Overflow Vulnerabilities: CVE-2023-32560

Two significant security flaws, designated as CVE-2023-32560, have been unearthed in Ivanti Avalanche. This enterprise mobility management (EMM) solution is tasked with the management, monitoring, and security of diverse mobile [...]

MaginotDNS: DNS cache poisoning attacks

Researchers from UC Irvine and Tsinghua University have created a potent cache poisoning attack named "MaginotDNS." This attack focuses on Conditional DNS (CDNS) resolvers and has the potential to compromise [...]

Gafgyt: Exploits five year old flaw in EoL Zyxel

Fortinet has raised an alert regarding the Gafgyt botnet malware, which is currently targeting a vulnerability in the Zyxel EoL router. This vulnerability occurs during the router's final phase and [...]

Lapsus$: How They Hacked Some of the Biggest Targets

The amateur hacker group Lapsus$—mostly teenagers with limited technical training—has skillfully breached major targets like Microsoft, Okta, Nvidia, and Globant. The government is studying their methods to enhance cybersecurity. The [...]

Microsoft Patch Tuesday August: Warns of 2 zero-days

Microsoft introduces the August 2023 Patch Tuesday update, encompassing 87 security enhancements addressing 23 vulnerabilities. Among these are two vulnerabilities currently under active exploitation. The update also tackles twenty-three instances [...]

Suspected Vietnamese hacker targets Chinese, Bulgarian organizations with new ransomware

Since June 4, 2023, an unidentified threat actor has been employing a Yashma ransomware variant to target entities in English-speaking countries, Bulgaria, China, and Vietnam. Experts from Cisco Talos said [...]

QakBot Malware Operators Ramp Up C2 Network with 15 New Servers

As of late June 2023, the QakBot (aka QBot) malware operators have established 15 new command-and-control (C2) servers. The findings come as a follow-up to Team Cymru's previous malware infrastructure [...]

“Critical Remote Code Execution (RCE) Vulnerability (CVE-2023-39143) in PaperCut Application Servers”

PaperCut NG and PaperCut MF are widely adopted software solutions for managing print services on servers. CVE-2023-39143 is a path traversal vulnerability in PaperCut NG and PaperCut MF versions before [...]

Critical Microsoft Power Platform Vulnerability: Proactive Security Methods to Prevent Exploitation

Microsoft addressed a critical vulnerability in its Power Platform after criticism for a delayed response. Tenable reported the vulnerability on March 30, 2023, and an official fix was issued in [...]

Fake VMware vConnector package detected in PyPI

IT professionals were targeted by a malicious package named "VMConnect," which impersonated the VMware vSphere connector module "vConnector" and was uploaded to the Python Package Index (PyPI). Fake VMware vConnector [...]

Malicious apps employ sneaky versioning techniques to evade detection by Google Play Store scanners.

Threat actors use versioning to bypass Google Play Store's malware detection and target Android users. In its August 2023 Threat Horizons Report shared with The Hacker News, Google Cybersecurity Action [...]

NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets

Palo Alto Networks Unit 42 found a new phishing campaign distributing a Python variant of NodeStealer. The code aims to seize Facebook business accounts and steal cryptocurrency funds. The threat [...]

A new attack significantly affects AI chatbots

The Chat GPT and other AI models have undergone numerous modifications to prevent malicious users from exploiting them to generate spam, hate speech, sharing personal information, or providing instructions for [...]

Fruity Trojan: Uses deceptive software installers to spread the Remcos RAT

Cybercriminals are fabricating counterfeit websites containing software installers that have been infected with a downloader malware named Fruity. Their objective is to deceive unsuspecting users into unwittingly downloading this trojan, [...]

Flipper Zero: Now has an app store for third-party applications

The Flipper Zero team recently introduced "Flipper Apps," its very own mobile app store. This new store enables mobile users to easily install 3rd party applications, expanding the capabilities of [...]

WordPress Ninja Forms: Flaw in plugin allows data theft

The renowned WordPress form plugin, Ninja Forms, has been identified to have three vulnerabilities that might grant unauthorized privileges to malicious users and enable them to extract personal data. On [...]

Lazarus: They hijack Microsoft’s IIS servers to distribute malware

Lazarus, a state-backed North Korean hacker group, targets Windows Internet Information Service (IIS) web servers to use them as a platform for distributing malware. IIS serves as Microsoft's web server [...]

Azimut: Italian Asset Manager victim of ransomware attack

Azimuth Group, an Italian asset management company, oversees a substantial portfolio of over $87.2 billion in assets. It has recently made a strong statement, affirming that it will not yield [...]

Microsoft: Stolen key gave access to cloud services

Wiz security researchers have revealed that Chinese hackers, known as Storm-0558, successfully stole Microsoft's consumer signing key. With this key, the hackers gained access to breached accounts on Exchange Online [...]

Estée Lauder: Hacked by two ransomware gangs

Estee Lauder has recently experienced a significant ransomware breach, joining the list of prominent companies targeted by attackers. Two groups have claimed responsibility for compromising the firm's security. The Estée [...]

Mallox ransomware exploits weak MS-SQL servers to breach networks

New findings from Palo Alto Networks Unit 42 reveal that in 2023, Mallox ransomware activities have surged by an alarming 174% compared to the previous year. Mallox ransomware According to [...]

BundleBot malware steals sensitive information

The cybersecurity landscape has been recently shaken by the emergence of BundleBot, a sophisticated malware strain that leverages advanced . NET file development techniques to facilitate the unauthorized extraction of [...]

Adobe: Urgent patch fixes ColdFusion zero-day

Adobe has addressed three vulnerabilities in ColdFusion, including a zero-day vulnerability. Adobe fixed three vulnerabilities in ColdFusion, their web application development platform. One of these vulnerabilities was a zero-day, and [...]

“Blackhat AI Module ‘WormGPT’ Attracts 5,000 Subscribers in a Few Days”

Artificial Intelligence (AI) has introduced revolutionary advances, including generative AI, which shows great potential for creative use. However, the emergence of tools like WormGPT has raised concerns about its implications. [...]

Turla: Targets Exchange servers with new DeliveryCheck backdoor malware

Microsoft and the Ukrainian CERT issued a warning about Russian state hacking group Turla launching new attacks. The targets include the defense industry and Microsoft Exchange servers, exploiting a new [...]

Critical and High Vulnerabilities in Citrix ADC and Citrix Gateway (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467)

Citrix ADC and Citrix Gateway, renowned for their role in facilitating secure application delivery and remote access solutions, have unfortunately been discovered to possess critical vulnerabilities. These vulnerabilities present substantial [...]

AVrecon malware infects 70.000 Linux routers to create botnet

AVrecon malware infects 70,000 Linux routers, forming a botnet for bandwidth theft and a hidden residential proxy service. AVrecon malware Recently, a Linux-based Remote Access Trojan (RAT) was brought to [...]

Gamaredon hackers steal data in less than an hour after the breach

The Computer Emergency Response Team (CERT-UA) of Ukraine has issued a warning regarding the rapid actions of the hackers known as Gamaredon. They possess the ability to swiftly pilfer data [...]

Zimbra to admins: Manually patch this zero-day vulnerability

Zimbra Collaboration Suite (ZCS) has issued an urgent advisory, urging administrators to apply a manual patch for a zero-day vulnerability. This vulnerability is actively exploited by attackers to target and [...]

Fake PoC for a Linux Kernel vulnerability on GitHub contains malware

A fake PoC about a Linux kernel vulnerability on GitHub exposed researchers to malware. A backdoor with a "sly" persistence method has been found in a proof-of-concept (PoC) on GitHub, [...]

Triada Malware: Infects Android devices via fake Telegram app

The Triada malware infiltrates Android devices through a counterfeit Telegram app. Thankfully, the version of Telegram infected with the Triada malware is disseminated exclusively through third-party stores, rather than the [...]

Critical Auth Bypass Vulnerabilities: SonicWall Urges Immediate Patching for GMS/Analytics

SonicWall has issued an urgent warning to its customers, urging them to promptly patch several critical vulnerabilities that are affecting the company's Global Management System (GMS) firewall management and Analytics [...]

Microsoft’s July 2023 Patch Tuesday Fixes Five Zero-Days, Nine Critical Vulnerabilities

Today, Microsoft Corp. released software updates to address a total of 130 security vulnerabilities in its Windows operating systems and related software. These updates include fixes for at least five [...]

Critical RCE Vulnerability in ShareFile: PoC Exploit Available

Recently, a critical vulnerability was discovered in ShareFile, a cloud-based file sharing application. This vulnerability, identified as CVE-2023-24489, enables unauthenticated individuals to perform arbitrary file uploads and execute remote code [...]

MOVEit Transfer customers are being warned to fix a new, critical flaw

Progress is notifying customers about a newly discovered critical SQL injection vulnerability, identified as CVE-2023-36934, in its MOVEit Transfer software. MOVEit Transfer The software at the center of the recent [...]

Rekoobe Malware: Targets vulnerable Linux servers

Rekoobe, a backdoor malware, specifically targets vulnerable Linux servers commonly utilized by the Chinese APT31. Rekoobe Malware Since 2015, Rekoobe has remained active, and in 2018, updated versions of the [...]

Microsoft Teams: The TeamsPhisher tool exploits its bug

The "TeamsPhisher" cybersecurity tool provides a means for both pen testers and malicious actors to send harmful files directly to a Teams user via an external account or tenant Attackers [...]

New StackRot Linux kernel flaw allows privilege escalation

Recent reports have brought to light crucial technical details regarding a critical vulnerability impacting various versions of the Linux kernel. This vulnerability, known as "StackRot" (CVE-2023-3269), can be triggered with [...]

DDoSia Attack Tool Upgraded with Encryption, Concealed Targeting

A new version of the DDoSia attack tool has been released by the threat actors, featuring an updated mechanism for obtaining the list of targets. This enhancement enables the tool [...]

WordPress plugin gives hackers admin access to your site

A vulnerability found in the Ultimate Member plugin has the potential to exploit thousands of WordPress sites, putting them at risk. However, implementing a quick fix can prevent your site [...]

BlackCat Ransomware Gang to Launch Malicious WinSCP Ads

The BlackCat ransomware group launched a malvertising campaign to push Cobalt Strike. They put up advertisements to attract people to fake WinSCP pages. Instead of the application, the victims download [...]

Modified Telegram app with malware that puts your data at risk found

Cybersecurity researchers recently uncovered a concerning discovery regarding a modified iteration of the widely-used messaging application, Telegram, specifically designed for Android devices. This modified version has been identified as malicious, [...]

New Malware by Lazarus-Backed Andariel Group Exploits Log4j

Last year, the North Korean hacking group Andariel utilized a previously undisclosed malware named EarlyRat to carry out attacks exploiting the Log4j Log4Shell vulnerability. Lazarus-Backed Andariel Group Exploits Log4j During [...]

Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data

Security researchers have recently discovered ThirdEye, an information stealer designed for Windows operating systems. This stealthy malware is capable of collecting sensitive data from computers that have been infected. ThirdEye [...]

Android malware Fluhorse targets credit cards

Cybersecurity experts have recently disclosed the intricate workings of Fluhorse, an Android malware family. The malware "represents a significant change, as it embeds malicious components directly into Flutter's code," Fortinet [...]

Akira ransomware: Linux version targets VMware ESXi servers

Akira, a ransomware operation, has recently shifted its focus from Windows systems to VMware ESXi virtual machines, utilizing a Linux encryptor to carry out the encryption process. The double extortion [...]

Arcserve: Fixed critical vulnerability in UDP software

Arcserve has recently launched a security update to resolve a severe authentication bypass vulnerability known as CVE-2023-26258, in their ArcServe UDP Backup software. Arcserve UDP Arcserve UDP is a data [...]

Windows malware spreads through infected Super Mario game

A trojanized installer for the popular Super Mario 3: Mario Forever game for Windows has been discovered, posing a serious risk to unwary players. This modified version of the game [...]

Vulnerabilities Identified and Patched in BIND 9 DNS Software

The BIND 9 DNS software suite, an integral part of the Domain Name System (DNS), has recently received updates to neutralize three high-priority vulnerabilities. This could potentially induce significant service interruptions. The [...]

Powerful JavaScript Dropper PindOS distributes Bumblebee and IcedID malware

A new strain of the JavaScript dropper has been observed delivering next-stage payloads such as Bumblebee and IcedID. Both Bumblebee and IcedID serve as loaders, acting as vectors for other [...]

The IDOR Vulnerability in Microsoft Teams

Cybersecurity researchers have recently informed that a vulnerability in the latest version of Microsoft Teams allows attackers to inject malware into any organization's network. All about the Vulnerability External Tenants in Microsoft [...]

Chinese APT15 hackers use new Graphican backdoor

The Chinese hackers which are tracked as APT15 are involved in a new campaign that uses a backdoor with the name "Graphican". The campaign was active from late 2022 to early 2023. Graphican backdoor The team [...]

Android malware GravityRAT steals your WhatsApp backups

ESET researchers have identified an updated version of Android GravityRAT spyware being distributed as the messaging apps BingeChat and Chatico.  GravityRAT GravityRAT is a remote access tool known to be [...]

Infostealer malware has stolen 101.000 ChatGPT accounts

More than 101.000 ChatGPT user accounts have been stolen by infostealer malware over the past year, according to data from the dark web market. Infostealer malware  Infostealer malware has led [...]

SeroXen Malware Latest to Deploy BatCloak Evasion Tool

Security researchers warn that malware developers are adopting a handy obfuscation tool to get malware past antiviruses. SeroXen Malware Latest SeroXen is a fileless Remote Access Trojan (RAT) that excels [...]

The rise of phishing scams and how to avoid them.

Cybersecurity scams continue to be on the rise. As scammers get smarter, it’s important to stay up to date on the latest trends. One of the best things you can [...]

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992)

Zyxel has released firmware patches for a critical vulnerability (CVE-2023-27992) in some of its consumer network attached storage (NAS) devices. About CVE-2023-27992 CVE-2023-27992 is an OS command injection flaw that could be triggered [...]

New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions

A new stealer malware is on the rise, designed to obtain user credentials to help attackers penetrate specific environments and obtain other information of financial value. This spyware also targets Steam, [...]

What Is the Principle of Least Privilege (POLP)?

The principle of least privilege (POLP), also named the “principle of least authority” (POLA) or “the principle of minimal privilege” (POMP), stands for a cybersecurity best practice based upon granting [...]

New Diicot group targets SSH servers with brute-force malware

Diicot shares its new name with the Romanian anti-terrorist police unit and uses the same style of messaging and imagery. Diicot Threat Agent Diicot, previously known as Mexals, is a [...]

Fake zero-day PoC exploits on GitHub spread Windows and Linux malware

Researchers detected fake company accounts on GitHub linked to a deceitful cybersecurity company. These accounts are promoting harmful repositories on the code hosting service. These malicious exploits are promoted by purported [...]

Gamaredon: Uses PowerShell USB malware to drop backdoors

Russia-linked state-sponsored cyber-espionage group Gamaredon (Armageddon, UAC-0010) continues its relentless attacks against government entities, and organizations in Ukraine's military and security intelligence sectors, using updated malware tools, according to a [...]

New Golang-based Skuld Malware Stealing Discord and Browser Data from Windows PCs

A new Golang-based information stealer called Skuld has compromised Windows systems across Europe, Southeast Asia, and the U.S. What is Skuld Malware ? The Purpose of Skuld malware tried to steal sensitive [...]

Hackers use BatCloak to make their malware completely undetectable

A fully undetectable (FUD) malware obfuscation engine called BatCloak has been used to deploy various malwastrains since September 2022, persistently evading detection by antiviruses. BatCloak Researchers at Trend Micro describe [...]

Fortinet Patches Critical FortiGate SSL VPN Vulnerability

Fortinet has patched a critical flaw in its Fortigate devices, with admins urged to apply firmware updates as a matter of urgency.  The flaw is a critical pre-authentication remote code [...]

Google Switches Email Authentication Method Following Exploitation by Scammers

Gmail is tightening its implementation of an email security protocol after a researcher discovered a flaw allowing brands to be impersonated. Gmail’s system uses Brand Indicators for Message Identification (BIMI) as well [...]

Cisco Addresses High-Severity Bug in Secure Client Software

Cisco has recently fixed a high-severity vulnerability found in its Cisco Secure Client (previously known as AnyConnect Secure Mobility Client) software. This issue could have allowed attackers to escalate their [...]

New PowerDrop Malware Targets U.S. Aerospace Industry

A new PowerShell malware script, named “PowerDrop”, has been discovered to be used in attacks targeting the US aerospace defense industry. Researchers have determined that the malware consists of a novel combination [...]

New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency

A recent malware campaign has been discovered that exploits the Satacom downloader as a means to deploy discreet malware capable of stealing cryptocurrency by using a deceptive extension for Chromium-based [...]

Cyclops Ransomware group offers a multiplatform Info Stealer

The Cyclops group has developed multi-platform ransomware that can infect Windows, Linux, and macOS systems. The Cyclops group actively promotes their offerings on hacker forums and seeks a share of the profits [...]

Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors

TrueBot downloader trojan botnet activity has increased significantly in the past month, researchers say. What is TrueBot? Truebot is a downloader malware. As such, its main goal is to infect systems, [...]

Google fixes new zero-day vulnerability in Chrome browser

Yesterday, Google addressed another zero-day vulnerability affecting Google Chrome. The Flashpoint Intel Team quickly published an alert to VulnDB customers and have been closely tracking the vulnerability since.Yesterday, Google addressed another zero-day vulnerability affecting Google Chrome. [...]

WordPress: Automatic update to fix vulnerability in Jetpack plugin

The popular and one of the most-used WordPress plugins, Jetpack recently addressed a critical security issue. Despite no active exploitation, WordPress force installed Jetpack plugin updates to websites to patch [...]

Gigabyte Firmware Code Injection: Persistent Backdoor Leads to Supply Chain Risks

Cybersecurity firm Eclypsium has uncovered a potential backdoor in Gigabyte systems, raising concerns about the security of the technology supply chain. Gigabyte Firmware Code Injection Researchers from Eclypsium have discovered this vulnerable [...]

Attackers Exploit Critical Zero-Day Vulnerability in MOVEit Transfer

A critical vulnerability in Progress Software's MoveIt Transfer is under exploitation, according to a report from Rapid7. The zero-day vulnerability, which Progress disclosed Wednesday, is a SQL injection flaw that could [...]

CVE-2023-33733: RCE Vulnerability in ReportLab Python Library

A technical write-up for a ReportLab vulnerability are now available. The vulnerability tracked as CVE-2023-33733. Recently, during an audit of a web application, the application was found to employ the ReportLab Python library [...]

LEVERAGING CHATGPT TO STRENGTHEN YOUR CYBERSECURITY

ChatGPT (generative pre-trained transformer) is an AI-powered chatbot created by Open AI and designed to produce human-like text and interact with users in a conversational way. While ChatGPT is technically a [...]

By | June 1st, 2023|Security Advisory, Security Update, Tips|0 Comments

Android trojan “DogeRAT” targets Indian users, stealing personal and financial information

An open-source Android virus known as DogeRAT (Remote Access Trojan) has been discovered by CloudSEK, an AI cybersecurity company.  The malware is distributed via social media and messaging platforms masquerading as legitimate apps, such [...]

Android apps with SpinOk spyware module installed over 421,000K times

A new Android malware – SpinOk – distributed as an advertisement SDK has been discovered in several apps – many of which were previously listed on Google Play and have [...]

Critical Vulnerabilities in D-Link Products

D-Link has fixed two critical vulnerabilities in the D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code. D Link is a popular brand [...]

Zyxel firewalls are affected by two security flaws

Zyxell has released a security advisory for multiple buffer overflow vulnerabilities. Exploitation of these vulnerabilities could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on [...]

Google’s New ZIP Domain Could Be Used for Phishing and Malware Attacks

Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence. Google released its new TLDs in early May, which are [...]

Luxottica Data Leak Exposes Over 70M Customers’ Data

Luxottica, the world’s largest eyewear company, has revealed that it was the victim of a major cyber attack. The attack exposed the personal information of over 70 million customers on hacking forums. Luxottica [...]

GUI-vil’s Strategies in AWS Compromises

Researchers have been tracking a financially motivated threat group known as GUI-vil (aka p0-LUCR-1), based in Indonesia, which engages in unauthorized cryptocurrency mining. GUI-vil's GUI-vil is a financially motivated threat group sourcing from [...]

BlackCat ransomware is using signed Microsoft kernel drivers to avoid detection

Research has revealed how the Russian gang's malware remains hidden in systems and gets around end-point security. BlackCat ransomware An end-point security evasion technique by ransomware gang BlackCat has been uncovered by [...]

Vulnerability in KeePass Password Manager Permits Retrieving Master Password (CVE-2023-32784)

A proof-of-concept (PoC) has been made available for a security flaw in the KeePass password manager that could be used to recover a victim’s master password in cleartext in certain [...]

IcedID Macro Attacks Deploy Nokoyawa Ransomware

Malicious actors frequently resort to alternative techniques to gain initial access, such as employing diverse file formats and payloads. It is important to highlight that they still actively use VBA macros embedded [...]

Live Speech & Personal Voice: Apple’s two useful features for speech impaired people

Apple announced that it will make available new important "Accessibility functions"At iOS 17 that will be released this year, and two of the most important are “Live Speech" and "personal voice". Both functions [...]

CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules

The threat actors behind the CopperStealer malware re-emerged in March and April 2023 with two new campaigns designed to deliver two new payloads called CopperStealth and CopperPhish. Trend Micro is [...]

Discord reveals data breach after worker hack

Top streaming service Discord has suffered a minor cybersecurity incident in which potentially sensitive and personal user data was exposed.  Discord is a platform for people with similar interests to [...]

Critical Privilege Escalation in Essential Addons for Elementor Plugin

WordPress plugins allow organizations to quickly extend the functionality of their websites without requiring any coding or advanced technical skills. But they have also been the biggest source of risk [...]

RapperBot Crew Drops DDoS/CryptoJacking Botnet Collab

New samples of it RapperBot botnet malware, reviewed by experts security, they have added cryptomining capabilities to mine cryptocurrency from hacked machines with Intel x64. RapperBot The RapperBot campaign is bringing in some fresh talent [...]

New PhaaS ‘Greatness’ Simplifies Microsoft 365 Phishing Attacks

A Phishing-as-a-Service (PhaaS) platform called “Greatness” has seen a spike in activity as it targets organizations using Microsoft 365 in the United States, Canada, the United Kingdom, Australia and South [...]

Magecart malware strikes e-commerce websites again and again

Shopping cart malware, known as Magecart, is still one of the most popular tools in the attacker's toolbox, and despite efforts to mitigate and eliminate its presence, it remains fully [...]

Malware Attacks From SmokeLoader And RoarBAT, CERT-UA Warns

Based on the Computer Emergency Response Team of Ukraine (CERT-UA), the SmokeLoader malware is now being spread via a phishing campaign using lures centered around invoices. A ZIP folder containing [...]

FluHorse malware attacks Android phones stealing personal data including passwords

A new Android malware named “FluHorse” has been discovered, targeting users in East Asia with malicious apps that mimic legitimate versions. According to Check Point Research, these malicious apps are [...]

New KEKW malware infects open source Python Wheel files

The KEKW malware employs a malicious function known as system_information() to gather a wide range of system-related data from infected machines. Python PYPI The Python Package Index (PyPI) is a [...]

Cisco Phone Adapters Flaw Let Attackers Execute Arbitrary Code

Cisco SPA112 2-Port Phone Adapters have been reported to be vulnerable to arbitrary code execution via a malicious firmware upgrade. Cisco has classified this vulnerability as Critical, with a CVSS Score as [...]

New ‘Cactus’ Ransomware Encrypts Itself to Evade Detection

A novel ransomware strain dubbed ‘Cactus’ has been found to be exploiting vulnerabilities in Fortinet VPN devices to gain initial access to corporate or other large-scale networks. What is Cactus Ransomware? Cactus, [...]

Sandworm Attackers Use WinRAR to Wipe Data from Government Devices

Sandworm (UAC-0165), a Russian hacking group, has been linked to an attack on Ukrainian state networks that involved wiping data from government devices using WinRAR, according to an advisory from the Ukrainian [...]

Windows admins can sign up for “known issue” email alerts

The Windows Known Issue Email Alerts is a new feature recently introduced. The Email Alerts for Windows known issue was the highly-requested feature for IT administrators who are responsible for [...]

South Korean Lures Used to Deploy ROKRAT Malware

The North Korean threat actor known as APT37 has been observed changing deployment methods and using South Korean foreign and domestic affairs-themed lures with archives containing Windows shortcut (LNK) files [...]

New LOBSHOT Malware Deployed Via Google Ads

Cybersecurity researchers have discovered a new malware, called ‘LOBSHOT,’ distributed through Google ads. What is LOBSHOT Malware ? The ads, which promoted the legitimate AnyDesk remote management software, led users [...]

Global Malverposting Campaign Infecting Over 500,000 Devices

A recent ‘malverposting’ campaign linked to a Vietnamese threat actor has been ongoing for months and is estimated to have infected over 500,000 devices worldwide in the past three months alone. [...]

How to Use GitHub Desktop in Windows 10 and 11

Git and GitHub are essential tools for developers. However, the learning curve to adapting git version control into your daily workflow can be difficult at first. Newbie developers are often [...]

Atomic macOS Malware Steals Auto-fills, Passwords, Cookies, Wallets

Recently, the cybersecurity researchers at Cyble discovered a new macOS malware, ‘Atomic’ (aka ‘AMOS’), sold for $1,000/month on private Telegram channels. Buyers pay a high price to receive a DMG [...]

RTM Locker Ransomware Variant Targeting ESXi Servers

RTM Locker ransomware-as-a-service operators have now turned their attention to Linux, network-attached storage devices and ESXi hosts. Since 2015, the RTM cybercrime group has been involved in financial fraud, using [...]

Clop and LockBit Ransomware Gangs Target PaperCut Servers

Microsoft has recently revealed that the Clop and LockBit ransomware gangs are responsible for the attacks on PaperCut servers, exploiting vulnerabilities to steal corporate data. In April, two vulnerabilities, CVE-2023-27350 and CVE-2023-27351, were [...]

VMware Resolves Crucial Pwn2Own Zero-Day Exploit Chain

To address zero-day vulnerabilities that might be used to achieve code execution on computers using unpatched versions of VMware’s Workstation and Fusion software hypervisors, the company has provided security upgrades. [...]

Evasive Panda’s Malicious Campaign Exploits Software Update Channels

Evasive Panda's malicious campaign uses the update channels of legitimate Chinese applications to deliver their infamous backdoor, MgBot malware, to unsuspecting victims. Researchers at ESET have recently uncovered a new cyber attack [...]

Code Insight – VirusTotal Launched AI-Powered Malware Analysis Features

An AI-powered code analysis feature was recently launched by VirusTotal, dubbed “Code Insight.” Google Cloud Security AI Workbench’s Sec-PaLM large language model (LLM), optimized for security use cases, powers VirusTotal’s latest [...]

Yellow Pages Canada confirms cyberattack as BlackBasta leaks its data

Yellow Pages Group, a Canadian directory publisher has confirmed to BleepingComputer that it has been hit by a cyber attack. Yellow Pages Data Leaked Black Basta ransomware and extortion gang [...]

New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks

The Service Location Protocol (SLP) is intended to allow the automated discovery of shared services within a local area network (LAN) without the need for prior configuration on the part [...]

Finding Decoy Dog Toolkit via Anomalous DNS Traffic

The ‘Decoy Dog’ malware toolkit, aimed at enterprises, was uncovered recently by the security analysts at Infoblox by analyzing 70 billion DNS records and traffic that differs from typical online [...]

Bumblebee malware: Distributed via Google Ads and used for ransomware attacks

The bumblebee malware, first spotted last year targeting enterprise users is now distributed via SEO poisoning and Google Ads, which promote popular software such as Zoom, Cisco AnyConnect, the Chat GPT and Citrix Workspace. Bumblebee malware [...]

EvilExtractor Stealer Malware Attacks Peaked in March 2023

The attack tool known as Evil Extractor and developed by a company called Kodex as an “educational tool,” has been used by threat actors to target Windows-based machines. What Is [...]

LockBit ransomware encryptors found targeting Mac devices

Researchers at MalwareHunterTeam uncovered a ZIP archive on VirusTotal that was found to contain encryptors for devices running macOS.  What is LockBit ransomware? LockBit is the name of a ransomware targeting Mac [...]

New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware

Researchers are seeing a “significant increase” in attacks deploying the Qakbot malware, which have targeted victims in Germany, Argentina, Italy, Algeria, Spain, the U.S. and other countries with emails containing [...]

How to install the Android 14 Beta on Google Pixel

After a few early developer previews, the Android 14 Beta program has officially arrived. Here’s how to get Android 14 on your Google Pixel smartphone. To enjoy the benefits of [...]

Kyocera: Exploited to distribute malware

The Kyocera Android print app is vulnerable to unauthorized manipulation, providing malicious applications the opportunity to download and potentially install malware on vulnerable people Appliances. The security flaw has been tracked as CVE-2023-25954. Specifically, [...]

Hacked sites are spreading malware using fake Chrome updates

Hackers are once again using fake Google Chrome updates as means to infect unsuspecting users with malware. According to NTT security analyst Rintaro Koike, the attack starts off with the threat [...]

Two New Emergency Patches from Apple

Apple just issued a short, sharp series of security fixes for Macs, iPhones and iPads. The following list of devices has reportedly had the issues fixed, according to the tech [...]

Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the [...]

Microsoft and SAP Release Security Updates to Address Critical Vulnerabilities

The most important of the new notes deals with two critical vulnerabilities in SAP Diagnostics Agent that could be exploited to execute commands on all monitored SAP systems. The bugs [...]

Balada Injector malware campaign: It has infected 1 million WordPress sites

A cyber attack campaign targeting WordPress websites has recently caused significant concern, with experts estimating that up to one million websites may have been compromised.  Sucuri has reported that the Balad Injector campaign [...]

FusionCore – An Emerging Malware-as-a-Service Group in Europe

An up-and-coming cybercrime group, FusionCore, is likely composed of English-speaking European teenagers with distinct skills. All about FusionCore Malicious activities associated with a new and upcoming cybercrime group, dubbed FusionCore, [...]

New Rilide Malware Strikes Chromium-Based Browsers to Steal Cryptocurrency

Researchers discovered a new malware that fakes legitimate Google Drive extensions to inject malicious scripts and steal cryptocurrency. The new Rilide malware targets Chromium-based browsers like Google Chrome, Microsoft Edge, [...]

ALPHV Ransomware Affiliate targets vulnerable backup installations to gain initial access

Mandiant has identified a new affiliate of ALPHV (BlackCat ransomware), identified as UNC4466, that targets publicly exposed Veritas Backup Exec installations that are vulnerable to CVE-2021-27876, CVE-2021-27877, and CVE- 2021-27878 [...]

CryptoClippy: New Clipper malware targets Portuguese crypto users

Portuguese users should be wary of CryptoClippy, a new form of malware targeting them in a malvertising campaign. This malware is capable of stealing cryptocurrency if unsuspecting users are not [...]

By | April 7th, 2023|BOTNET, Compromised, Exploitation, Malware, Targeted Attacks|0 Comments

New Rorschach Ransomware: The Fastest Encryptor

A sophisticated and fast ransomware family, dubbed Rorschach, has emerged in the threat landscape. The ransomware was spotted for the first time when deployed against a U.S.-based company. Its uniqueness [...]

Hackers Exploit WinRAR SFX Archives to Install Backdoors Undetected

Threat actors exploit WinRAR self-extracting (SFX) archives containing decoy files by adding malicious functionality to install backdoors in target systems without detection.  SFX archives, which have been used for legitimate purposes, are [...]

New AlienFox toolkit steals credentials for 18 cloud services

A recently discovered comprehensive toolset dubbed AlienFox toolkit is circulating on Telegram.  It’s a modular set of tools that enables malicious actors to scan for poorly configured servers, potentially leading [...]

QNAP Issues Urgent Warning to Customers Regarding Critical Linux Vulnerability

QNAP, a manufacturer of network-attached storage (NAS) systems, issued a warning to its users regarding a critical vulnerability that can be exploited through the Sudo program for Linux.  CVE-2023-22809 The [...]

Microsoft Bing Search Results Altered Through AAD Misconfiguration

Recently, cybersecurity company Wiz discovered a misconfiguration issue in Azure Active Directory (AAD) that resulted in unauthorized access to several applications, which could have also led to a Bing.com takeover. What is [...]

Mélofée: The latest malware targeting Linux servers

The malware may be linked to another state-sponsored APT group called Earth Berberoka (or GamblingPuppet), which mainly targets gambling websites in China. ExaTrack, a cybersecurity company based in France, recently [...]

Researchers warn of two new variants of potent IcedID malware loader

New IcedID variants found without the usual bank fraud feature. Instead, they appear to be aiming to install additional malware on infected devices. Proofpoint has specified two new versions of [...]

Card Skimming Attack Targets WooCommerce Websites

Online transactions ease our daily lives but also pose a serious risk to both businesses and their customers. Magecart attacks are one of them. Magecart is a type of malware that can [...]

SharePoint Phishing Scam Targets 1600 Across US, Europe

A new Phishing campaign based on legitimate servers from the Microsoft SharePoint platform aims at least 1600 people throughout the Europe, the USA and other areas around the world using one native notification mechanism. Kaspersky security researchers described the findings in [...]

Nexus Android Malware targets customers of 450 financial institutions worldwide

The recently evolved version of Nexus has targeted more than 450 banks and cryptocurrency services. Multiple threat actors are already found to be using Nexus to conduct fraudulent campaigns. About [...]

The new HinataBot botnet could launch massive DDoS attacks

Researchers have discovered a new DDoS botnet capable of launching attacks with data volumes reaching several Tbps. Akamai said the malware itself was christened “Hinata” by its author after a character [...]

SAP Fixes Multiple Critical Vulnerabilities on March 2023 Patch Day

SAP has recently fixed 19 vulnerabilities as part of its March 2023 patch day. Five vulnerabilities are rated critical and have also been labeled “hot news” by the vendor. The critical vulnerabilities [...]

Android malware “FakeCalls” targets financial firms in South Korea

A new Android vishing (voice phishing) malware tool called “FakeCalls” has been detected targeting victims in South Korea by impersonating 20 leading financial institutions in the region. Dubbed “FakeCalls” by the Check [...]

Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection

A piece of malware designed to load Cobalt Strike beacons onto victim machines has been traced back to both Chinese and Russian threat actors. SILKLOADER Malware Finnish security vendor WithSecure claimed in [...]

Microsoft fixes Windows zero-day exploited in ransomware attacks

Microsoft fixed zero-day vulnerability that malicious actors were exploiting to bypass its anti-malware service windows smart screen based on cloud and deliver ransomware payloads Magniber without any warning. About CVE-2023-23397 “CVE-2023-23397 is a critical EOP Vulnerability [...]

GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks

A recently identified Golang-based botnet is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services, Palo Alto Networks reports. How GoBruteforcer works and what devices it targets Cybersecurity researchers [...]

Clop ransomware: Breached companies via GoAnywhere MFT zero-day

The gang behind it Clop ransomware has begun extorting companies whose data were stolen thanks to the use of a zero-day vulnerability in your file sharing solution Fortra GoAnywhere MFT. The Clop ransomware gang, responsible for [...]

Xenomorph Android malware: Now stealing data from 400 banks

A new version of the Xenomorph Android malware has been released with increased malicious capabilities, such as the Automatic Transfer System framework and the ability to steal credentials from 400 [...]

Proof-of-Concept released for critical Microsoft Word RCE bug

A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available. Joshua [...]

Google Is Giving VPN Access to Every Google One Subscriber

Google is announcing more features that are being expanded to include all Google One subscribers.  What is the new addition ? The new additions include VPN access for every Google [...]

Dangerous emotet botnet resumes email activity

Successful compromises by the notorious Emotet malware are occurring again. After several months of inactivity, the botnet resumed its email activity on 07.03.2023.  Emotet is one of the most well-known [...]

The rise of phishing scams and how to avoid them

Cybersecurity scams continue to be on the rise. As scammers get smarter, it’s important to stay up to date on the latest trends. One of the best things you can [...]

Apple iOS 16.4: new features!

Apple is in the process of being finalized iOS 16.4 for its official public release this spring! If all goes according to plan, users can expect access to a variety of new and [...]

Google announces new features for Android and Wear OS

Google has announced a slew of new features for Android, Chromebook and Wear OS that are designed to improve connectivity, productivity and accessibility.  Google new features: Once you install the latest update [...]

DoppelPaymer ransomware: Two key gang members targeted by authorities

An international law enforcement operation has led to the arrests of suspected core members of the prolific DoppelPaymer ransomware operation. The operation included "raids" on many locations in the two countries during the past [...]

Aruba Networks fixes six critical vulnerabilities in ArubaOS

Aruba Networks has issued a security advisory addressing six critical vulnerabilities that exist in various versions of its proprietary operating system – ArubaOS. Aruba Networks, formerly known as Aruba Wireless [...]

Bitdefender releases MortalKombat decryptor to help recover your files

Cybersecurity company Bitdefender has recently announced the release of a new decryptor for the MortalKombat ransomware. The decryptor is now available for download and can help victims of ransomware to recover [...]

New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware

Exfiltrator-22 is a new post-exploitation kit that can spread ransomware undetected. Researchers speculate that the creators of this kit are former LockBit 3.0 affiliates, experts in anti-analysis and defense evasion. [...]

Critical vulnerabilities in Houzez WordPress theme lead to privilege escalation attacks

Two critical severity vulnerabilities in the Houzez theme and plugin for WordPress are actively being exploited to hijack websites. The vulnerabilities, tracked as CVE-2023-26540 and CVE-2023-26009 are both privilege escalation flaws having a CVSS [...]

Beware! New WhiteSnake Malware Attack Windows & Linux Users

The Cyber Research and Intelligence Labs have recently identified a novel malware variant known as the “White Snake” Stealer, which has the potential to cause significant harm to computer systems [...]

Hydrochasma hackers target medical research labs

A new threat actor has been seen targeting shipping companies and medical laboratories in Asia with phishing emails. Dubbed "Hydrochasma" by Symantec cybersecurity researchers, the threat actor appears to have had [...]

VMware Fixes Critical Vulnerability in Carbon Black App Control (CVE-2023-20858)

VMware has fixed a critical vulnerability (CVE-2023-20858) in Carbon Black App Control, its enterprise solution for preventing untrusted software from executing on critical systems and endpoints. Affected Carbon Black App [...]

Exploit released for critical Fortinet RCE flaws, patch now

Security researchers have released a proof-of-concept exploit for a critical vulnerability (CVE-2022-39952) in Fortinet's FortiNAC network access control suite. The vulnerability has been detected in FortiNAC versions 9.4.0, 9.2.0 through [...]

New Stealc malware emerges with a wide set of stealing capabilities

A new information stealer advertised as "Stealc" has been discovered by Sekoia researchers. Security researchers at cyber threat intelligence company SEKOIA spotted the new strain in January and noticed it started to gain tractionin [...]

By