Qlik Sense Vulnerabilities Exploited in Ransomware Attacks
There's evidence of a CACTUS ransomware campaign exploiting recently revealed security vulnerabilities in Qlik Sense, a cloud analytics and business intelligence platform. This exploitation serves as a means to gain [...]
Google Introduces RETVec: Gmail’s Latest Safeguard Against Spam and Malicious Emails
Google has unveiled RETVec (Resilient and Efficient Text Vectorizer), a new multilingual text vectorizer designed to enhance Gmail's capability in detecting potentially harmful content, including spam and malicious emails. According [...]
Exploitation Attempts Observed for Critical ownCloud Vulnerability (CVE-2023-49103)
The cybersecurity community has expressed concerns as they've detected exploitative activities focusing on ownCloud, leveraging the CVE-2023-49103 vulnerability. The spotlight is on ownCloud, a well-known open-source file server recognized for [...]
Ensuring Your Security During Black Friday and Cyber Monday 2023
Annually, the holiday season kicks off with the significant retail shopping events in the U.S., Black Friday and Cyber Monday, occurring on the Friday and Monday following Thanksgiving. Anticipated to [...]
New Rust-based SysJoker backdoor linked to Hamas hackers
SysJoker, a multi-platform malware, has been identified in a novel iteration, showcasing a comprehensive code overhaul implemented in the Rust programming language. All about SysJoker Intezer initially documented SysJoker as [...]
CISA Alert: Serious Vulnerabilities in Adobe ColdFusion (CVE-2023-44350, CVE-2023-44351, CVE-2023-44353 and More)
An alert has been released by CISA regarding several vulnerabilities affecting Adobe ColdFusion. The alert emphasizes that the vulnerabilities, if exploited, may give threat actors control over the affected systems. [...]
DarkGate and PikaBot Malware Resurrect QakBot’s Techniques in New Phishing Assaults
Phishing campaigns distributing malware families like DarkGate and PikaBot are employing tactics reminiscent of attacks associated with the now-defunct QakBot trojan. Cofense, in a report shared with The Hacker News, [...]
Six Steps to Safeguard Small Businesses Against Cyberattacks
Successful management of cyber risks in small businesses centers on adherence to workplace regulations and the attainment of robust security measures. Cyber security and data privacy protection concept with icon [...]
MySQL: Servers Targeted by DDoS-as-a-Service, Ddostf
Malicious cyber actors exploit MySQL servers through a botnet known as 'Ddostf,' utilizing it as a DDoS-as-a-Service platform available for lease by other cybercriminals. AhnLab's ASEC researchers identified the mentioned [...]
Zimbra Zero-Day Exploited to Hack Government Emails
Four distinct groups exploited a zero-day vulnerability in the Zimbra Collaboration email software in real-world attacks, aiming to illicitly acquire email data, user credentials, and authentication tokens. Zimbra Zero-Day Exploited [...]
Critical CVE-2023-34060 Vulnerability in VMware Cloud Director Appliance: CISA Advises Immediate Patching
VMware has just released an advisory (VMSA-2023-0026) addressing a critical authentication bypass vulnerability found in the VMware Cloud Director Appliance (VCD Appliance). Designated as CVE-2023-34060, this vulnerability presents a substantial [...]
Google Warns of Malicious Exploitation of Bard by Fraudster
Google Files Lawsuit Against Fraudsters Exploiting Bard's Genetics Artificial Intelligence Hype to Deceptively Distribute Malware. Today, a lawsuit was filed in California, asserting that individuals, seemingly based in Vietnam, are [...]
OracleIV DDoS Botnet Malware Targets Docker Engine API Instances
The OracleIV botnet malware employs various strategies, with a central emphasis on executing DDoS attacks through floods utilizing UDP and SSL protocols. OracleIV DDoS Botnet Malware Targets Docker Engine Cado [...]
Microsoft warns LinkedIn users of fake skills assessment portals
A sub-cluster of the notorious Lazarus Group has created deceptive infrastructure mimicking skills assessment portals for inclusion in its social engineering campaigns. Microsoft has linked the observed activity to a [...]
BiBi-Windows Wiper: Targets Windows in Pro-Hamas attacks
Cybersecurity researchers have issued a warning about a Windows variant of a malware called BiBi-Windows Wiper. This malware has been observed targeting Linux systems in cyber attacks specifically aimed at [...]
GootBot: New dangerous variant of GootLoader malware
The latest iteration of GootLoader malware, known as GootBot, enables lateral movement within compromised systems while successfully evading detection. As per IBM X-Force researchers, the inclusion of a custom bot [...]
New Variant of BlueNoroff Malware Targets Mac Users
"Researchers Discover BlueNoroff RustBucket Malware Variant Targeting MacOS" - A recent report from Jamf Threat Labs sheds light on the ongoing evolution of this attack and its potential targets. "RustBucket, [...]
SecuriDropper: New DaaS service installs malware on Android
A recently emerged business offering a "Dropper-as-a-Service" (DaaS) known as "SecuriDropper" bypasses Android's "Restricted Settings" function to install malware on devices and gain access to Accessibility Services. SecuriDropper "Restricted Settings" [...]
Mozi malware botnet: Disabled by mysterious kill-switch
The Mozi malware operation came to a sudden halt in August when an unidentified individual delivered a payload on September 27, 2023, triggering a kill-switch that effectively disabled all the [...]
Arid Viper target Android users with spyware
The hacking group known as Arid Viper (also identified as APT-C-23, Desert Falcon, or TAG-63) is purportedly responsible for a distribution campaign involving Android spyware. This spyware specifically targets Arabic-speaking [...]
Malicious NuGet Packages Caught Distributing SeroXen RAT Malware
Cybersecurity experts have discovered a fresh batch of malicious packages distributed through the NuGet package manager, employing a less conventional technique for deploying malware. The software supply chain security firm [...]
Lazarus hackers targeted a software vendor using known vulnerabilities
A recent cyber campaign attributed to the Lazarus hackers from North Korea appears to have focused on a specific vendor's software, which remains unidentified. It's reported that these hackers exploited [...]
Critical Vulnerability in F5 BIG-IP Configuration Utility Allows Request Smuggling, Leads to RCE: CVE-2023-46747
A critical vulnerability, known as CVE-2023-46747, has been uncovered in F5 BIG-IP products, allowing unauthenticated remote code execution. This vulnerability is rated at a high CVSS score of 9.8, prompting [...]
Safari Vulnerability Exposes Apple iPhones and Macs Powered by A and M-Series CPUs to Security Risks
A team of researchers has developed an innovative side-channel attack called iLeakage, which takes advantage of a vulnerability in Apple's A- and M-series CPUs found in iOS, iPadOS, and macOS [...]
Backdoor planted on hacked Cisco IOS XE devices altered to evade detection
The backdoor infiltrated Cisco devices by exploiting two zero-day flaws in IOS XE software has been altered by the threat actor to evade detection through previous fingerprinting techniques. "Examination of [...]
iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation
The TriangleDB implant, designed for infiltrating Apple iOS devices, incorporates four distinct modules: one for capturing audio from the device's microphone, another for extracting data from the iCloud Keychain, a [...]
SolarWinds: Serious RCE vulnerabilities discovered
Security researchers have uncovered three critical remote code execution (RCE) vulnerabilities within the SolarWinds Access Rights Manager (ARM) product. These vulnerabilities could potentially be exploited by remote attackers to run [...]
Zero-Day Vulnerabilities in Citrix NetScaler and WinRAR Are Under Active Exploitation (CVE-2023-4966, CVE-2023-38831)
Threat actors are currently exploiting critical vulnerabilities in Citrix NetScaler and WinRAR, posing a significant risk to a variety of targets, including government organizations. In a recent report, researchers exposed [...]
SpyNote: Android spyware records your calls
Security researchers conducted an analysis of the Android trojan called SpyNote, revealing numerous spyware capabilities associated with it. SpyNote: Android spyware F-Secure reports that the trojan in question is typically [...]
Fake browser updates are used to distribute malware
Cybercriminals are increasingly employing counterfeit browser updates that imitate genuine notifications from Google Chrome, Mozilla Firefox, and Microsoft Edge to distribute malware on victims' computers. Fake browser updates A recent [...]
User Submitted Posts: Vulnerability found in WordPress plugin
His team at Patch Stack recently uncovered a fresh vulnerability in the WordPress plugin "User Submitted Posts," affecting versions from 20230902 onwards. With over 20,000 active installations, this popular plugin [...]
Microsoft: New bug bounty program for AI-powered Bing
Microsoft has unveiled a fresh bug bounty program that centers around enhancing the AI-powered Bing experience, offering researchers compensation of up to $15,000. Within the framework of this novel Bing [...]
‘Rapid Reset’ DDoS Attacks Rise: October 2023 Patch Tuesday Has Arrived (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487)
In October 2023, Microsoft unveiled its latest Patch Tuesday, addressing a comprehensive 103 security vulnerabilities. Within this count, 12 have received a critical rating, while three zero-day vulnerabilities are currently [...]
Google Expands Bug Bounty Program With Chrome, Cloud CTF Events
Google's research team introduced the v8CTF, a capture-the-flag (CTF) challenge centered around the V8 JavaScript engine used in the Chrome browser. This initiative can be considered an extension of the [...]
Formbook is a highly prevalent malware strain
The September 2023 Global Threat Index from Check Point cybersecurity researchers has unveiled notable shifts in the cybersecurity threat landscape. Within the report, a prominent focus is placed on a [...]
The importance of email marketing for businesses
In the contemporary era dominated by technology and social media, email marketing continues to stand out as a highly effective promotional technique for businesses. Despite the growing prominence of social [...]
Exploits released for Linux flaw giving root on major distros
Online, proof-of-concept exploits have emerged for a critical vulnerability in GNU C Library's dynamic loader, granting local attackers root privileges on prominent Linux distributions. Exploits released for Linux flaw Named [...]
Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems
Cisco has issued updates to rectify a critical security vulnerability affecting Emergency Responder, which permits unauthorized remote attackers to access vulnerable systems through the use of hardcoded credentials. Cisco Releases [...]
Increased number of victims reported to “leak sites” of ransomware gangs
According to the "2023 State of the Threat" report by Her Secureworks, the number of victims reported on ransomware leak sites by criminal gangs reached exceptionally high levels from March [...]
EvilProxy: Phishing Microsoft 365 via indeed.com open redirect
A recent phishing campaign dubbed "EvilProxy" has come to light, with its sights set on the Microsoft 365 accounts of top-level executives within US-based organizations. This campaign takes advantage of [...]
Lazarus hackers breach aerospace company with new LightlessCan malware
The Lazarus hacking group, associated with North Korea, launched a cyberattack on a Spanish aerospace company by enticing its employees with bogus job offers, eventually infiltrating the corporate network through [...]
Cisco: Prompts administrators to patch an IOS zero-day
On Wednesday, Cisco issued a warning to its customers, urging them to address a zero-day vulnerability in IOS and IOS XE systems, which can be exploited by malicious users. Cisco: [...]
Zanubis: The Android banking trojan gets even more dangerous
The Android banking Trojan Zanubis has adopted a new disguise, posing as the official application of the Peruvian government organization SUNAT (Superintendencia Nacional de Aduanas y de Administración Tributaria), thereby [...]
Hackers are actively exploiting an Openfire flaw
Malicious actors are actively taking advantage of a critical vulnerability in Openfire messaging servers, using it to encrypt server data with ransomware and deploy cryptocurrency miners. Cybercriminals are currently exploiting [...]
Researchers uncover a thriving underground economy for malware targeting IoT devices
Researchers have exposed a robust clandestine ecosystem focused on crafting malware for IoT device exploitation. Researchers at Kaspersky have detected a flourishing underground marketplace on the dark web, featuring zero-day [...]
ZenRAT Malware Uncovered in Bitwarden Impersonation
A recently discovered malware variant named ZenRAT has surfaced, camouflaged within fraudulent Bitwarden installation bundles. ZenRAT Malware Proofpoint has uncovered ZenRAT, a modular remote access trojan (RAT) that specifically targets [...]
Xenomorph Android malware: Targets users of banks and crypto wallets in the US
Researchers have uncovered a new distribution campaign for the Xenomorph malware, focusing on Android users in the United States, Canada, Spain, Italy, Portugal, and Belgium. The cybersecurity firm's analysts at [...]
Stealth Falcon hackers are using the new Deadglyph malware
A recently discovered backdoor malware, known as "Deadglyph," has been detected in a cyberattack targeting a government agency in the Middle East. This malicious software has been linked to the [...]
The Rise of Mobile Malware
Mobile malware, as its name implies, is specialized malicious software crafted specifically to infiltrate mobile devices such as smartphones and tablets, with the intent of compromising sensitive user data. The [...]
Fake WinRAR proof-of-concept exploit drops VenomRAT malware
An imitation proof-of-concept (PoC) exploit targeting a WinRAR RCE vulnerability that was recently patched has been discovered on GitHub, with the intention of spreading the VenomRAT malware to unsuspecting users. [...]
Mastodon Vulnerabilities and Critical Zero-Day in TrendMicro’s Apex One Addressed: CVE-2023-41179, CVE-2023-42451, CVE-2023-42452
Mastodon has taken action to resolve two vulnerabilities, specifically CVE-2023-42451 and CVE-2023-42452. Additionally, a zero-day vulnerability, denoted as CVE-2023-41179, has been swiftly addressed in TrendMicro’s Endpoint Security product, Apex One. [...]
Nest devices can now only join one speaker group at a time
Google has confirmed that due to a recent court ruling, it is currently not possible to simultaneously use your Nest devices in multiple rooms. In a forum post, a Nest [...]
Within the Code of a Fresh XWorm Variant
XWorm is a recent addition to the remote access trojan family, quickly establishing itself as one of the most enduring global threats. Since its initial detection by researchers in 2022, [...]
The new Android banking trojan is based on ERMAC
A recent analysis of the Android banking trojan Hook has uncovered its foundation in its predecessor, ERMAC. Hook : New Android banking trojan In January 2023, ThreatFabric initially identified Hook, [...]
Uncommon AWS Services Targeted by New AMBERSQUID Cryptojacking Operation
An innovative cloud-native cryptojacking campaign has targeted lesser-known Amazon Web Services (AWS) offerings like AWS Amplify, AWS Fargate, and Amazon SageMaker, with the intent of clandestinely mining cryptocurrency. New AMBERSQUID [...]
LockBit Attack Fails, 3AM Ransomware Steps In as Plan B
Researchers have recently uncovered a novel ransomware variant known as 3AM. Their inquiry unveiled that the initial documented instance of this ransomware emerged when malicious actors replaced it with LockBit [...]
Free Download Manager site has been redirecting Linux users to malware for years ChatGPT
The Free Download Manager website has been consistently redirecting Linux users to malware-infected destinations over an extended period! An incident report highlights an attack on the Free Download Manager supply [...]
Notepad++ 8.5.7 addresses critical security vulnerabilities
"The latest release, Notepad++ version 8.5.7, includes security updates to address several buffer overflow vulnerabilities identified in the previous version." Notepad++ Notepad++ is a widely-used, free source code editor with [...]
A Modular Malware Loader, HijackLoader, Gaining Prominence in the World of Cybercrime
"HijackLoader, a recently emerged malware loader, is rapidly gaining popularity within the cybercriminal community for distributing a range of payloads, which include DanaBot, SystemBC, and RedLine Stealer." More about HijackLoader [...]
How to make sure you don’t lose important emails in Gmail
Secure Entry in Gmail is a crucial mode that enables users to safeguard against missing essential emails. This feature empowers users to designate specific email addresses and domains within Gmail, [...]
Akira Ransomware Attacks Exploit Zero-Day Cisco ASA Vulnerability
In recent updates, there have been emerging reports about threat actors associated with the Akira ransomware focusing their attention on Cisco VPNs that do not employ multi-factor authentication (MFA). This [...]
Alert for Mac Users: A Malvertising Campaign spreads Atomic Stealer macOS Malware
A fresh malvertising campaign has come to light, disseminating an updated variant of macOS stealer malware known as Atomic Stealer (AMOS). This discovery suggests active maintenance by its author. Atomic [...]
Mirai botnet: New version financially infects Android TV boxes
A recently updated variant of the Mirai botnet malware is now targeting Android TV set-top boxes, which are widely utilized by millions of users for streaming, with a particular emphasis [...]
A new Python variant of the Chaes Malware is focusing on the banking and logistics sectors.
The banking and logistics sectors are currently facing an assault from an updated version of malware known as Chaes. Chaes Malware In early 2022, Avast conducted an analysis that unveiled [...]
Zero-Day Alert: Latest Android Patch Update Addresses Actively Exploited Vulnerability with New Fix
Google has released its monthly security patches for Android to tackle various vulnerabilities, one of which is a zero-day bug that may have been exploited in real-world scenarios. Latest Android [...]
Recent BLISTER Malware Update Boosting Stealthy Network Intrusion
"In the ongoing SocGholish infection chains, a revised BLISTER malware loader is now deployed to distribute Mythic, an open-source command-and-control (C2) framework. Elastic Security Labs researchers Salim Bitam and Daniel [...]
VIPRE research on spam and phishing emails
Based on a report from VIPRE, the use of malicious links in phishing emails reached 85%, and there was a 30% increase in spam emails from the first quarter to [...]
Reported ransomware attacks have targeted LogicMonitor customers, leading to security breaches
Today, LogicMonitor, a network monitoring company, confirmed that certain users of its SaaS platform have been impacted by cyberattacks. Ransomware attacks have targeted LogicMonitor customers While LogicMonitor has yet to [...]
Chinese APT Uses Fake Messenger Apps to Spy on Android Users
In the coming years, Signal's applications became compromised, while Telegram, containing the BadBazaar spyware, was uploaded to Google Play and Samsung Galaxy Store by the Chinese hacking group known as [...]
DarkGate malware activity is increasing
A recently detected malspam campaign has been identified as distributing a readily available malware known as DarkGate. DarkGate malware "In a report published last week, Telekom Security stated that the [...]
The emerging ransomware collective “Ransomed” has adopted a novel extortion strategy.
Dubbed "Ransomed," this group was initially identified by cybersecurity analyst and blogger Flashpoint on August 15th. The group has established a dedicated Telegram channel and is also showcasing a prominent [...]
A Single-Click Security Vulnerability Found in Zimbra Collaboration Suite: CVE-2023-41106
Within the realm of digital communication and collaboration, the Zimbra Collaboration Suite has long stood as a dependable companion. Nevertheless, a cloud of doubt has been cast upon its security [...]
ALPHV ransomware: New data leak API as a new extortion strategy
The ALPHV ransomware group, known as BlackCat, aims to intensify ransom payment pressure on victims by offering an API for their leak site, thereby amplifying the exposure of their attacks. [...]
NEW STUDY SHEDS LIGHT ON ADHUBLLKA RANSOMWARE NETWORK
Cybersecurity analysts have revealed an intricate network of interconnected ransomware variants, all of which can be traced back to a shared origin: the Adhubllka ransomware family. Researchers found a fresh [...]
Roblox Game Developers Facing Threat from Over a Dozen Malicious npm Packages
Since the beginning of August 2023, over twelve malicious packages have been found in the npm package repository. These packages have the ability to install an open-source information stealer named [...]
Scarab Ransomware Deployed Worldwide Via Spacecolon Toolset
"Cybersecurity experts at ESET reveal the discovery of a malevolent toolkit called Spacecolon, which has been utilized to propagate various strains of the Scarab ransomware across numerous victim organizations worldwide." [...]
New variant of XLoader macOS Malware masquerading as OfficeNote app
A fresh iteration of the XLoader malware targeting macOS disguises itself under the name 'OfficeNote' productivity application. XLoader macOS Emerging onto the scene in 2020, XLoader inherits its legacy from [...]
Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware
The Bronze Starlight hacking group has ingeniously employed a legitimate Ivacy VPN code-signing certificate to focus on the Southeast Asian gambling sector. Employing a legitimate certificate offers a significant advantage [...]
Hackers Can Exploit New WinRAR Vulnerability to Gain PC Control
A security vulnerability of significant severity has been revealed in the WinRAR utility, posing a potential risk for threat actors to execute remote code on Windows systems. Logged under CVE-2023-40477 [...]
BlackCat’s Sphynx ransomware integrates Impacket, RemCom
A new iteration of the BlackCat ransomware was recently unveiled by Microsoft's researchers. Termed 'Sphynx', this variant incorporates the Impacket networking framework and the Remcom hacking tool. These additions empower [...]
Researchers Detect Vulnerabilities in PowerShell Gallery Enabling Supply Chain Attacks
Malicious actors could exploit existing vulnerabilities within the PowerShell Gallery to execute supply chain attacks targeting users of the registry. "Aqua security researchers, including Mor Weinberger, Yakir Kadkoda, and Ilay [...]
Ivanti Avalanche Critical Buffer Overflow Vulnerabilities: CVE-2023-32560
Two significant security flaws, designated as CVE-2023-32560, have been unearthed in Ivanti Avalanche. This enterprise mobility management (EMM) solution is tasked with the management, monitoring, and security of diverse mobile [...]
MaginotDNS: DNS cache poisoning attacks
Researchers from UC Irvine and Tsinghua University have created a potent cache poisoning attack named "MaginotDNS." This attack focuses on Conditional DNS (CDNS) resolvers and has the potential to compromise [...]
Gafgyt: Exploits five year old flaw in EoL Zyxel
Fortinet has raised an alert regarding the Gafgyt botnet malware, which is currently targeting a vulnerability in the Zyxel EoL router. This vulnerability occurs during the router's final phase and [...]
Lapsus$: How They Hacked Some of the Biggest Targets
The amateur hacker group Lapsus$—mostly teenagers with limited technical training—has skillfully breached major targets like Microsoft, Okta, Nvidia, and Globant. The government is studying their methods to enhance cybersecurity. The [...]
Microsoft Patch Tuesday August: Warns of 2 zero-days
Microsoft introduces the August 2023 Patch Tuesday update, encompassing 87 security enhancements addressing 23 vulnerabilities. Among these are two vulnerabilities currently under active exploitation. The update also tackles twenty-three instances [...]
Suspected Vietnamese hacker targets Chinese, Bulgarian organizations with new ransomware
Since June 4, 2023, an unidentified threat actor has been employing a Yashma ransomware variant to target entities in English-speaking countries, Bulgaria, China, and Vietnam. Experts from Cisco Talos said [...]
QakBot Malware Operators Ramp Up C2 Network with 15 New Servers
As of late June 2023, the QakBot (aka QBot) malware operators have established 15 new command-and-control (C2) servers. The findings come as a follow-up to Team Cymru's previous malware infrastructure [...]
“Critical Remote Code Execution (RCE) Vulnerability (CVE-2023-39143) in PaperCut Application Servers”
PaperCut NG and PaperCut MF are widely adopted software solutions for managing print services on servers. CVE-2023-39143 is a path traversal vulnerability in PaperCut NG and PaperCut MF versions before [...]
Critical Microsoft Power Platform Vulnerability: Proactive Security Methods to Prevent Exploitation
Microsoft addressed a critical vulnerability in its Power Platform after criticism for a delayed response. Tenable reported the vulnerability on March 30, 2023, and an official fix was issued in [...]
Fake VMware vConnector package detected in PyPI
IT professionals were targeted by a malicious package named "VMConnect," which impersonated the VMware vSphere connector module "vConnector" and was uploaded to the Python Package Index (PyPI). Fake VMware vConnector [...]
Malicious apps employ sneaky versioning techniques to evade detection by Google Play Store scanners.
Threat actors use versioning to bypass Google Play Store's malware detection and target Android users. In its August 2023 Threat Horizons Report shared with The Hacker News, Google Cybersecurity Action [...]
NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets
Palo Alto Networks Unit 42 found a new phishing campaign distributing a Python variant of NodeStealer. The code aims to seize Facebook business accounts and steal cryptocurrency funds. The threat [...]
A new attack significantly affects AI chatbots
The Chat GPT and other AI models have undergone numerous modifications to prevent malicious users from exploiting them to generate spam, hate speech, sharing personal information, or providing instructions for [...]
Fruity Trojan: Uses deceptive software installers to spread the Remcos RAT
Cybercriminals are fabricating counterfeit websites containing software installers that have been infected with a downloader malware named Fruity. Their objective is to deceive unsuspecting users into unwittingly downloading this trojan, [...]
Flipper Zero: Now has an app store for third-party applications
The Flipper Zero team recently introduced "Flipper Apps," its very own mobile app store. This new store enables mobile users to easily install 3rd party applications, expanding the capabilities of [...]
WordPress Ninja Forms: Flaw in plugin allows data theft
The renowned WordPress form plugin, Ninja Forms, has been identified to have three vulnerabilities that might grant unauthorized privileges to malicious users and enable them to extract personal data. On [...]
Lazarus: They hijack Microsoft’s IIS servers to distribute malware
Lazarus, a state-backed North Korean hacker group, targets Windows Internet Information Service (IIS) web servers to use them as a platform for distributing malware. IIS serves as Microsoft's web server [...]
Azimut: Italian Asset Manager victim of ransomware attack
Azimuth Group, an Italian asset management company, oversees a substantial portfolio of over $87.2 billion in assets. It has recently made a strong statement, affirming that it will not yield [...]
Microsoft: Stolen key gave access to cloud services
Wiz security researchers have revealed that Chinese hackers, known as Storm-0558, successfully stole Microsoft's consumer signing key. With this key, the hackers gained access to breached accounts on Exchange Online [...]
Estée Lauder: Hacked by two ransomware gangs
Estee Lauder has recently experienced a significant ransomware breach, joining the list of prominent companies targeted by attackers. Two groups have claimed responsibility for compromising the firm's security. The Estée [...]
Mallox ransomware exploits weak MS-SQL servers to breach networks
New findings from Palo Alto Networks Unit 42 reveal that in 2023, Mallox ransomware activities have surged by an alarming 174% compared to the previous year. Mallox ransomware According to [...]
BundleBot malware steals sensitive information
The cybersecurity landscape has been recently shaken by the emergence of BundleBot, a sophisticated malware strain that leverages advanced . NET file development techniques to facilitate the unauthorized extraction of [...]
Adobe: Urgent patch fixes ColdFusion zero-day
Adobe has addressed three vulnerabilities in ColdFusion, including a zero-day vulnerability. Adobe fixed three vulnerabilities in ColdFusion, their web application development platform. One of these vulnerabilities was a zero-day, and [...]
“Blackhat AI Module ‘WormGPT’ Attracts 5,000 Subscribers in a Few Days”
Artificial Intelligence (AI) has introduced revolutionary advances, including generative AI, which shows great potential for creative use. However, the emergence of tools like WormGPT has raised concerns about its implications. [...]
Turla: Targets Exchange servers with new DeliveryCheck backdoor malware
Microsoft and the Ukrainian CERT issued a warning about Russian state hacking group Turla launching new attacks. The targets include the defense industry and Microsoft Exchange servers, exploiting a new [...]
Critical and High Vulnerabilities in Citrix ADC and Citrix Gateway (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467)
Citrix ADC and Citrix Gateway, renowned for their role in facilitating secure application delivery and remote access solutions, have unfortunately been discovered to possess critical vulnerabilities. These vulnerabilities present substantial [...]
AVrecon malware infects 70.000 Linux routers to create botnet
AVrecon malware infects 70,000 Linux routers, forming a botnet for bandwidth theft and a hidden residential proxy service. AVrecon malware Recently, a Linux-based Remote Access Trojan (RAT) was brought to [...]
Gamaredon hackers steal data in less than an hour after the breach
The Computer Emergency Response Team (CERT-UA) of Ukraine has issued a warning regarding the rapid actions of the hackers known as Gamaredon. They possess the ability to swiftly pilfer data [...]
Zimbra to admins: Manually patch this zero-day vulnerability
Zimbra Collaboration Suite (ZCS) has issued an urgent advisory, urging administrators to apply a manual patch for a zero-day vulnerability. This vulnerability is actively exploited by attackers to target and [...]
Fake PoC for a Linux Kernel vulnerability on GitHub contains malware
A fake PoC about a Linux kernel vulnerability on GitHub exposed researchers to malware. A backdoor with a "sly" persistence method has been found in a proof-of-concept (PoC) on GitHub, [...]
Triada Malware: Infects Android devices via fake Telegram app
The Triada malware infiltrates Android devices through a counterfeit Telegram app. Thankfully, the version of Telegram infected with the Triada malware is disseminated exclusively through third-party stores, rather than the [...]
Critical Auth Bypass Vulnerabilities: SonicWall Urges Immediate Patching for GMS/Analytics
SonicWall has issued an urgent warning to its customers, urging them to promptly patch several critical vulnerabilities that are affecting the company's Global Management System (GMS) firewall management and Analytics [...]
Microsoft’s July 2023 Patch Tuesday Fixes Five Zero-Days, Nine Critical Vulnerabilities
Today, Microsoft Corp. released software updates to address a total of 130 security vulnerabilities in its Windows operating systems and related software. These updates include fixes for at least five [...]
Critical RCE Vulnerability in ShareFile: PoC Exploit Available
Recently, a critical vulnerability was discovered in ShareFile, a cloud-based file sharing application. This vulnerability, identified as CVE-2023-24489, enables unauthenticated individuals to perform arbitrary file uploads and execute remote code [...]
MOVEit Transfer customers are being warned to fix a new, critical flaw
Progress is notifying customers about a newly discovered critical SQL injection vulnerability, identified as CVE-2023-36934, in its MOVEit Transfer software. MOVEit Transfer The software at the center of the recent [...]
Rekoobe Malware: Targets vulnerable Linux servers
Rekoobe, a backdoor malware, specifically targets vulnerable Linux servers commonly utilized by the Chinese APT31. Rekoobe Malware Since 2015, Rekoobe has remained active, and in 2018, updated versions of the [...]
Microsoft Teams: The TeamsPhisher tool exploits its bug
The "TeamsPhisher" cybersecurity tool provides a means for both pen testers and malicious actors to send harmful files directly to a Teams user via an external account or tenant Attackers [...]
New StackRot Linux kernel flaw allows privilege escalation
Recent reports have brought to light crucial technical details regarding a critical vulnerability impacting various versions of the Linux kernel. This vulnerability, known as "StackRot" (CVE-2023-3269), can be triggered with [...]
DDoSia Attack Tool Upgraded with Encryption, Concealed Targeting
A new version of the DDoSia attack tool has been released by the threat actors, featuring an updated mechanism for obtaining the list of targets. This enhancement enables the tool [...]
WordPress plugin gives hackers admin access to your site
A vulnerability found in the Ultimate Member plugin has the potential to exploit thousands of WordPress sites, putting them at risk. However, implementing a quick fix can prevent your site [...]
BlackCat Ransomware Gang to Launch Malicious WinSCP Ads
The BlackCat ransomware group launched a malvertising campaign to push Cobalt Strike. They put up advertisements to attract people to fake WinSCP pages. Instead of the application, the victims download [...]
Modified Telegram app with malware that puts your data at risk found
Cybersecurity researchers recently uncovered a concerning discovery regarding a modified iteration of the widely-used messaging application, Telegram, specifically designed for Android devices. This modified version has been identified as malicious, [...]
New Malware by Lazarus-Backed Andariel Group Exploits Log4j
Last year, the North Korean hacking group Andariel utilized a previously undisclosed malware named EarlyRat to carry out attacks exploiting the Log4j Log4Shell vulnerability. Lazarus-Backed Andariel Group Exploits Log4j During [...]
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
Security researchers have recently discovered ThirdEye, an information stealer designed for Windows operating systems. This stealthy malware is capable of collecting sensitive data from computers that have been infected. ThirdEye [...]
Android malware Fluhorse targets credit cards
Cybersecurity experts have recently disclosed the intricate workings of Fluhorse, an Android malware family. The malware "represents a significant change, as it embeds malicious components directly into Flutter's code," Fortinet [...]
Akira ransomware: Linux version targets VMware ESXi servers
Akira, a ransomware operation, has recently shifted its focus from Windows systems to VMware ESXi virtual machines, utilizing a Linux encryptor to carry out the encryption process. The double extortion [...]
Arcserve: Fixed critical vulnerability in UDP software
Arcserve has recently launched a security update to resolve a severe authentication bypass vulnerability known as CVE-2023-26258, in their ArcServe UDP Backup software. Arcserve UDP Arcserve UDP is a data [...]
Windows malware spreads through infected Super Mario game
A trojanized installer for the popular Super Mario 3: Mario Forever game for Windows has been discovered, posing a serious risk to unwary players. This modified version of the game [...]
Vulnerabilities Identified and Patched in BIND 9 DNS Software
The BIND 9 DNS software suite, an integral part of the Domain Name System (DNS), has recently received updates to neutralize three high-priority vulnerabilities. This could potentially induce significant service interruptions. The [...]
Powerful JavaScript Dropper PindOS distributes Bumblebee and IcedID malware
A new strain of the JavaScript dropper has been observed delivering next-stage payloads such as Bumblebee and IcedID. Both Bumblebee and IcedID serve as loaders, acting as vectors for other [...]
The IDOR Vulnerability in Microsoft Teams
Cybersecurity researchers have recently informed that a vulnerability in the latest version of Microsoft Teams allows attackers to inject malware into any organization's network. All about the Vulnerability External Tenants in Microsoft [...]
Chinese APT15 hackers use new Graphican backdoor
The Chinese hackers which are tracked as APT15 are involved in a new campaign that uses a backdoor with the name "Graphican". The campaign was active from late 2022 to early 2023. Graphican backdoor The team [...]
Android malware GravityRAT steals your WhatsApp backups
ESET researchers have identified an updated version of Android GravityRAT spyware being distributed as the messaging apps BingeChat and Chatico. GravityRAT GravityRAT is a remote access tool known to be [...]
Infostealer malware has stolen 101.000 ChatGPT accounts
More than 101.000 ChatGPT user accounts have been stolen by infostealer malware over the past year, according to data from the dark web market. Infostealer malware Infostealer malware has led [...]
SeroXen Malware Latest to Deploy BatCloak Evasion Tool
Security researchers warn that malware developers are adopting a handy obfuscation tool to get malware past antiviruses. SeroXen Malware Latest SeroXen is a fileless Remote Access Trojan (RAT) that excels [...]
The rise of phishing scams and how to avoid them.
Cybersecurity scams continue to be on the rise. As scammers get smarter, it’s important to stay up to date on the latest trends. One of the best things you can [...]
Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992)
Zyxel has released firmware patches for a critical vulnerability (CVE-2023-27992) in some of its consumer network attached storage (NAS) devices. About CVE-2023-27992 CVE-2023-27992 is an OS command injection flaw that could be triggered [...]
New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions
A new stealer malware is on the rise, designed to obtain user credentials to help attackers penetrate specific environments and obtain other information of financial value. This spyware also targets Steam, [...]
What Is the Principle of Least Privilege (POLP)?
The principle of least privilege (POLP), also named the “principle of least authority” (POLA) or “the principle of minimal privilege” (POMP), stands for a cybersecurity best practice based upon granting [...]
New Diicot group targets SSH servers with brute-force malware
Diicot shares its new name with the Romanian anti-terrorist police unit and uses the same style of messaging and imagery. Diicot Threat Agent Diicot, previously known as Mexals, is a [...]
Fake zero-day PoC exploits on GitHub spread Windows and Linux malware
Researchers detected fake company accounts on GitHub linked to a deceitful cybersecurity company. These accounts are promoting harmful repositories on the code hosting service. These malicious exploits are promoted by purported [...]
Gamaredon: Uses PowerShell USB malware to drop backdoors
Russia-linked state-sponsored cyber-espionage group Gamaredon (Armageddon, UAC-0010) continues its relentless attacks against government entities, and organizations in Ukraine's military and security intelligence sectors, using updated malware tools, according to a [...]
New Golang-based Skuld Malware Stealing Discord and Browser Data from Windows PCs
A new Golang-based information stealer called Skuld has compromised Windows systems across Europe, Southeast Asia, and the U.S. What is Skuld Malware ? The Purpose of Skuld malware tried to steal sensitive [...]
Hackers use BatCloak to make their malware completely undetectable
A fully undetectable (FUD) malware obfuscation engine called BatCloak has been used to deploy various malwastrains since September 2022, persistently evading detection by antiviruses. BatCloak Researchers at Trend Micro describe [...]
Fortinet Patches Critical FortiGate SSL VPN Vulnerability
Fortinet has patched a critical flaw in its Fortigate devices, with admins urged to apply firmware updates as a matter of urgency. The flaw is a critical pre-authentication remote code [...]
Google Switches Email Authentication Method Following Exploitation by Scammers
Gmail is tightening its implementation of an email security protocol after a researcher discovered a flaw allowing brands to be impersonated. Gmail’s system uses Brand Indicators for Message Identification (BIMI) as well [...]
Cisco Addresses High-Severity Bug in Secure Client Software
Cisco has recently fixed a high-severity vulnerability found in its Cisco Secure Client (previously known as AnyConnect Secure Mobility Client) software. This issue could have allowed attackers to escalate their [...]
New PowerDrop Malware Targets U.S. Aerospace Industry
A new PowerShell malware script, named “PowerDrop”, has been discovered to be used in attacks targeting the US aerospace defense industry. Researchers have determined that the malware consists of a novel combination [...]
New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency
A recent malware campaign has been discovered that exploits the Satacom downloader as a means to deploy discreet malware capable of stealing cryptocurrency by using a deceptive extension for Chromium-based [...]
Cyclops Ransomware group offers a multiplatform Info Stealer
The Cyclops group has developed multi-platform ransomware that can infect Windows, Linux, and macOS systems. The Cyclops group actively promotes their offerings on hacker forums and seeks a share of the profits [...]
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors
TrueBot downloader trojan botnet activity has increased significantly in the past month, researchers say. What is TrueBot? Truebot is a downloader malware. As such, its main goal is to infect systems, [...]
Google fixes new zero-day vulnerability in Chrome browser
Yesterday, Google addressed another zero-day vulnerability affecting Google Chrome. The Flashpoint Intel Team quickly published an alert to VulnDB customers and have been closely tracking the vulnerability since.Yesterday, Google addressed another zero-day vulnerability affecting Google Chrome. [...]
WordPress: Automatic update to fix vulnerability in Jetpack plugin
The popular and one of the most-used WordPress plugins, Jetpack recently addressed a critical security issue. Despite no active exploitation, WordPress force installed Jetpack plugin updates to websites to patch [...]
Gigabyte Firmware Code Injection: Persistent Backdoor Leads to Supply Chain Risks
Cybersecurity firm Eclypsium has uncovered a potential backdoor in Gigabyte systems, raising concerns about the security of the technology supply chain. Gigabyte Firmware Code Injection Researchers from Eclypsium have discovered this vulnerable [...]
Attackers Exploit Critical Zero-Day Vulnerability in MOVEit Transfer
A critical vulnerability in Progress Software's MoveIt Transfer is under exploitation, according to a report from Rapid7. The zero-day vulnerability, which Progress disclosed Wednesday, is a SQL injection flaw that could [...]
CVE-2023-33733: RCE Vulnerability in ReportLab Python Library
A technical write-up for a ReportLab vulnerability are now available. The vulnerability tracked as CVE-2023-33733. Recently, during an audit of a web application, the application was found to employ the ReportLab Python library [...]
LEVERAGING CHATGPT TO STRENGTHEN YOUR CYBERSECURITY
ChatGPT (generative pre-trained transformer) is an AI-powered chatbot created by Open AI and designed to produce human-like text and interact with users in a conversational way. While ChatGPT is technically a [...]
Android trojan “DogeRAT” targets Indian users, stealing personal and financial information
An open-source Android virus known as DogeRAT (Remote Access Trojan) has been discovered by CloudSEK, an AI cybersecurity company. The malware is distributed via social media and messaging platforms masquerading as legitimate apps, such [...]
Android apps with SpinOk spyware module installed over 421,000K times
A new Android malware – SpinOk – distributed as an advertisement SDK has been discovered in several apps – many of which were previously listed on Google Play and have [...]
Critical Vulnerabilities in D-Link Products
D-Link has fixed two critical vulnerabilities in the D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code. D Link is a popular brand [...]
Zyxel firewalls are affected by two security flaws
Zyxell has released a security advisory for multiple buffer overflow vulnerabilities. Exploitation of these vulnerabilities could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on [...]
Google’s New ZIP Domain Could Be Used for Phishing and Malware Attacks
Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence. Google released its new TLDs in early May, which are [...]
Luxottica Data Leak Exposes Over 70M Customers’ Data
Luxottica, the world’s largest eyewear company, has revealed that it was the victim of a major cyber attack. The attack exposed the personal information of over 70 million customers on hacking forums. Luxottica [...]
GUI-vil’s Strategies in AWS Compromises
Researchers have been tracking a financially motivated threat group known as GUI-vil (aka p0-LUCR-1), based in Indonesia, which engages in unauthorized cryptocurrency mining. GUI-vil's GUI-vil is a financially motivated threat group sourcing from [...]
BlackCat ransomware is using signed Microsoft kernel drivers to avoid detection
Research has revealed how the Russian gang's malware remains hidden in systems and gets around end-point security. BlackCat ransomware An end-point security evasion technique by ransomware gang BlackCat has been uncovered by [...]
Vulnerability in KeePass Password Manager Permits Retrieving Master Password (CVE-2023-32784)
A proof-of-concept (PoC) has been made available for a security flaw in the KeePass password manager that could be used to recover a victim’s master password in cleartext in certain [...]
IcedID Macro Attacks Deploy Nokoyawa Ransomware
Malicious actors frequently resort to alternative techniques to gain initial access, such as employing diverse file formats and payloads. It is important to highlight that they still actively use VBA macros embedded [...]
Live Speech & Personal Voice: Apple’s two useful features for speech impaired people
Apple announced that it will make available new important "Accessibility functions"At iOS 17 that will be released this year, and two of the most important are “Live Speech" and "personal voice". Both functions [...]
CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules
The threat actors behind the CopperStealer malware re-emerged in March and April 2023 with two new campaigns designed to deliver two new payloads called CopperStealth and CopperPhish. Trend Micro is [...]
Discord reveals data breach after worker hack
Top streaming service Discord has suffered a minor cybersecurity incident in which potentially sensitive and personal user data was exposed. Discord is a platform for people with similar interests to [...]
Critical Privilege Escalation in Essential Addons for Elementor Plugin
WordPress plugins allow organizations to quickly extend the functionality of their websites without requiring any coding or advanced technical skills. But they have also been the biggest source of risk [...]
RapperBot Crew Drops DDoS/CryptoJacking Botnet Collab
New samples of it RapperBot botnet malware, reviewed by experts security, they have added cryptomining capabilities to mine cryptocurrency from hacked machines with Intel x64. RapperBot The RapperBot campaign is bringing in some fresh talent [...]
Scammers Distribute Malware via Verified Account Ads on Facebook
Hackers have been detected breaking into popular verified Facebook pages and using them to run ads on the social media behemoth distributing malware. The threat actors behind the campaign compromised popular Facebook accounts, [...]
New PhaaS ‘Greatness’ Simplifies Microsoft 365 Phishing Attacks
A Phishing-as-a-Service (PhaaS) platform called “Greatness” has seen a spike in activity as it targets organizations using Microsoft 365 in the United States, Canada, the United Kingdom, Australia and South [...]
Magecart malware strikes e-commerce websites again and again
Shopping cart malware, known as Magecart, is still one of the most popular tools in the attacker's toolbox, and despite efforts to mitigate and eliminate its presence, it remains fully [...]
Malware Attacks From SmokeLoader And RoarBAT, CERT-UA Warns
Based on the Computer Emergency Response Team of Ukraine (CERT-UA), the SmokeLoader malware is now being spread via a phishing campaign using lures centered around invoices. A ZIP folder containing [...]
FluHorse malware attacks Android phones stealing personal data including passwords
A new Android malware named “FluHorse” has been discovered, targeting users in East Asia with malicious apps that mimic legitimate versions. According to Check Point Research, these malicious apps are [...]
New KEKW malware infects open source Python Wheel files
The KEKW malware employs a malicious function known as system_information() to gather a wide range of system-related data from infected machines. Python PYPI The Python Package Index (PyPI) is a [...]
Cisco Phone Adapters Flaw Let Attackers Execute Arbitrary Code
Cisco SPA112 2-Port Phone Adapters have been reported to be vulnerable to arbitrary code execution via a malicious firmware upgrade. Cisco has classified this vulnerability as Critical, with a CVSS Score as [...]
New ‘Cactus’ Ransomware Encrypts Itself to Evade Detection
A novel ransomware strain dubbed ‘Cactus’ has been found to be exploiting vulnerabilities in Fortinet VPN devices to gain initial access to corporate or other large-scale networks. What is Cactus Ransomware? Cactus, [...]
Sandworm Attackers Use WinRAR to Wipe Data from Government Devices
Sandworm (UAC-0165), a Russian hacking group, has been linked to an attack on Ukrainian state networks that involved wiping data from government devices using WinRAR, according to an advisory from the Ukrainian [...]
Windows admins can sign up for “known issue” email alerts
The Windows Known Issue Email Alerts is a new feature recently introduced. The Email Alerts for Windows known issue was the highly-requested feature for IT administrators who are responsible for [...]
South Korean Lures Used to Deploy ROKRAT Malware
The North Korean threat actor known as APT37 has been observed changing deployment methods and using South Korean foreign and domestic affairs-themed lures with archives containing Windows shortcut (LNK) files [...]
New LOBSHOT Malware Deployed Via Google Ads
Cybersecurity researchers have discovered a new malware, called ‘LOBSHOT,’ distributed through Google ads. What is LOBSHOT Malware ? The ads, which promoted the legitimate AnyDesk remote management software, led users [...]
Global Malverposting Campaign Infecting Over 500,000 Devices
A recent ‘malverposting’ campaign linked to a Vietnamese threat actor has been ongoing for months and is estimated to have infected over 500,000 devices worldwide in the past three months alone. [...]
How to Use GitHub Desktop in Windows 10 and 11
Git and GitHub are essential tools for developers. However, the learning curve to adapting git version control into your daily workflow can be difficult at first. Newbie developers are often [...]
Atomic macOS Malware Steals Auto-fills, Passwords, Cookies, Wallets
Recently, the cybersecurity researchers at Cyble discovered a new macOS malware, ‘Atomic’ (aka ‘AMOS’), sold for $1,000/month on private Telegram channels. Buyers pay a high price to receive a DMG [...]
RTM Locker Ransomware Variant Targeting ESXi Servers
RTM Locker ransomware-as-a-service operators have now turned their attention to Linux, network-attached storage devices and ESXi hosts. Since 2015, the RTM cybercrime group has been involved in financial fraud, using [...]
Clop and LockBit Ransomware Gangs Target PaperCut Servers
Microsoft has recently revealed that the Clop and LockBit ransomware gangs are responsible for the attacks on PaperCut servers, exploiting vulnerabilities to steal corporate data. In April, two vulnerabilities, CVE-2023-27350 and CVE-2023-27351, were [...]
VMware Resolves Crucial Pwn2Own Zero-Day Exploit Chain
To address zero-day vulnerabilities that might be used to achieve code execution on computers using unpatched versions of VMware’s Workstation and Fusion software hypervisors, the company has provided security upgrades. [...]
Evasive Panda’s Malicious Campaign Exploits Software Update Channels
Evasive Panda's malicious campaign uses the update channels of legitimate Chinese applications to deliver their infamous backdoor, MgBot malware, to unsuspecting victims. Researchers at ESET have recently uncovered a new cyber attack [...]
Code Insight – VirusTotal Launched AI-Powered Malware Analysis Features
An AI-powered code analysis feature was recently launched by VirusTotal, dubbed “Code Insight.” Google Cloud Security AI Workbench’s Sec-PaLM large language model (LLM), optimized for security use cases, powers VirusTotal’s latest [...]