Home 2017-08-28T17:57:09+05:30

Attackers Exploit Critical Zero-Day Vulnerability in MOVEit Transfer

A critical vulnerability in Progress Software's MoveIt Transfer is under exploitation, according to a report from Rapid7. The zero-day vulnerability, which Progress disclosed Wednesday, is a SQL injection flaw that could [...]

CVE-2023-33733: RCE Vulnerability in ReportLab Python Library

A technical write-up for a ReportLab vulnerability are now available. The vulnerability tracked as CVE-2023-33733. Recently, during an audit of a web application, the application was found to employ the ReportLab Python library [...]

LEVERAGING CHATGPT TO STRENGTHEN YOUR CYBERSECURITY

ChatGPT (generative pre-trained transformer) is an AI-powered chatbot created by Open AI and designed to produce human-like text and interact with users in a conversational way. While ChatGPT is technically a [...]

By | June 1st, 2023|Security Advisory, Security Update, Tips|0 Comments

Android trojan “DogeRAT” targets Indian users, stealing personal and financial information

An open-source Android virus known as DogeRAT (Remote Access Trojan) has been discovered by CloudSEK, an AI cybersecurity company.  The malware is distributed via social media and messaging platforms masquerading as legitimate apps, such [...]

Android apps with SpinOk spyware module installed over 421,000K times

A new Android malware – SpinOk – distributed as an advertisement SDK has been discovered in several apps – many of which were previously listed on Google Play and have [...]

Critical Vulnerabilities in D-Link Products

D-Link has fixed two critical vulnerabilities in the D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code. D Link is a popular brand [...]

Zyxel firewalls are affected by two security flaws

Zyxell has released a security advisory for multiple buffer overflow vulnerabilities. Exploitation of these vulnerabilities could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on [...]

Google’s New ZIP Domain Could Be Used for Phishing and Malware Attacks

Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence. Google released its new TLDs in early May, which are [...]

Luxottica Data Leak Exposes Over 70M Customers’ Data

Luxottica, the world’s largest eyewear company, has revealed that it was the victim of a major cyber attack. The attack exposed the personal information of over 70 million customers on hacking forums. Luxottica [...]

GUI-vil’s Strategies in AWS Compromises

Researchers have been tracking a financially motivated threat group known as GUI-vil (aka p0-LUCR-1), based in Indonesia, which engages in unauthorized cryptocurrency mining. GUI-vil's GUI-vil is a financially motivated threat group sourcing from [...]

BlackCat ransomware is using signed Microsoft kernel drivers to avoid detection

Research has revealed how the Russian gang's malware remains hidden in systems and gets around end-point security. BlackCat ransomware An end-point security evasion technique by ransomware gang BlackCat has been uncovered by [...]

Vulnerability in KeePass Password Manager Permits Retrieving Master Password (CVE-2023-32784)

A proof-of-concept (PoC) has been made available for a security flaw in the KeePass password manager that could be used to recover a victim’s master password in cleartext in certain [...]

IcedID Macro Attacks Deploy Nokoyawa Ransomware

Malicious actors frequently resort to alternative techniques to gain initial access, such as employing diverse file formats and payloads. It is important to highlight that they still actively use VBA macros embedded [...]

Live Speech & Personal Voice: Apple’s two useful features for speech impaired people

Apple announced that it will make available new important "Accessibility functions"At iOS 17 that will be released this year, and two of the most important are “Live Speech" and "personal voice". Both functions [...]

CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules

The threat actors behind the CopperStealer malware re-emerged in March and April 2023 with two new campaigns designed to deliver two new payloads called CopperStealth and CopperPhish. Trend Micro is [...]

Discord reveals data breach after worker hack

Top streaming service Discord has suffered a minor cybersecurity incident in which potentially sensitive and personal user data was exposed.  Discord is a platform for people with similar interests to [...]

Critical Privilege Escalation in Essential Addons for Elementor Plugin

WordPress plugins allow organizations to quickly extend the functionality of their websites without requiring any coding or advanced technical skills. But they have also been the biggest source of risk [...]

RapperBot Crew Drops DDoS/CryptoJacking Botnet Collab

New samples of it RapperBot botnet malware, reviewed by experts security, they have added cryptomining capabilities to mine cryptocurrency from hacked machines with Intel x64. RapperBot The RapperBot campaign is bringing in some fresh talent [...]

New PhaaS ‘Greatness’ Simplifies Microsoft 365 Phishing Attacks

A Phishing-as-a-Service (PhaaS) platform called “Greatness” has seen a spike in activity as it targets organizations using Microsoft 365 in the United States, Canada, the United Kingdom, Australia and South [...]

Magecart malware strikes e-commerce websites again and again

Shopping cart malware, known as Magecart, is still one of the most popular tools in the attacker's toolbox, and despite efforts to mitigate and eliminate its presence, it remains fully [...]

Malware Attacks From SmokeLoader And RoarBAT, CERT-UA Warns

Based on the Computer Emergency Response Team of Ukraine (CERT-UA), the SmokeLoader malware is now being spread via a phishing campaign using lures centered around invoices. A ZIP folder containing [...]

FluHorse malware attacks Android phones stealing personal data including passwords

A new Android malware named “FluHorse” has been discovered, targeting users in East Asia with malicious apps that mimic legitimate versions. According to Check Point Research, these malicious apps are [...]

New KEKW malware infects open source Python Wheel files

The KEKW malware employs a malicious function known as system_information() to gather a wide range of system-related data from infected machines. Python PYPI The Python Package Index (PyPI) is a [...]

Cisco Phone Adapters Flaw Let Attackers Execute Arbitrary Code

Cisco SPA112 2-Port Phone Adapters have been reported to be vulnerable to arbitrary code execution via a malicious firmware upgrade. Cisco has classified this vulnerability as Critical, with a CVSS Score as [...]

New ‘Cactus’ Ransomware Encrypts Itself to Evade Detection

A novel ransomware strain dubbed ‘Cactus’ has been found to be exploiting vulnerabilities in Fortinet VPN devices to gain initial access to corporate or other large-scale networks. What is Cactus Ransomware? Cactus, [...]

Sandworm Attackers Use WinRAR to Wipe Data from Government Devices

Sandworm (UAC-0165), a Russian hacking group, has been linked to an attack on Ukrainian state networks that involved wiping data from government devices using WinRAR, according to an advisory from the Ukrainian [...]

Windows admins can sign up for “known issue” email alerts

The Windows Known Issue Email Alerts is a new feature recently introduced. The Email Alerts for Windows known issue was the highly-requested feature for IT administrators who are responsible for [...]

South Korean Lures Used to Deploy ROKRAT Malware

The North Korean threat actor known as APT37 has been observed changing deployment methods and using South Korean foreign and domestic affairs-themed lures with archives containing Windows shortcut (LNK) files [...]

New LOBSHOT Malware Deployed Via Google Ads

Cybersecurity researchers have discovered a new malware, called ‘LOBSHOT,’ distributed through Google ads. What is LOBSHOT Malware ? The ads, which promoted the legitimate AnyDesk remote management software, led users [...]

Global Malverposting Campaign Infecting Over 500,000 Devices

A recent ‘malverposting’ campaign linked to a Vietnamese threat actor has been ongoing for months and is estimated to have infected over 500,000 devices worldwide in the past three months alone. [...]

How to Use GitHub Desktop in Windows 10 and 11

Git and GitHub are essential tools for developers. However, the learning curve to adapting git version control into your daily workflow can be difficult at first. Newbie developers are often [...]

Atomic macOS Malware Steals Auto-fills, Passwords, Cookies, Wallets

Recently, the cybersecurity researchers at Cyble discovered a new macOS malware, ‘Atomic’ (aka ‘AMOS’), sold for $1,000/month on private Telegram channels. Buyers pay a high price to receive a DMG [...]

RTM Locker Ransomware Variant Targeting ESXi Servers

RTM Locker ransomware-as-a-service operators have now turned their attention to Linux, network-attached storage devices and ESXi hosts. Since 2015, the RTM cybercrime group has been involved in financial fraud, using [...]

Clop and LockBit Ransomware Gangs Target PaperCut Servers

Microsoft has recently revealed that the Clop and LockBit ransomware gangs are responsible for the attacks on PaperCut servers, exploiting vulnerabilities to steal corporate data. In April, two vulnerabilities, CVE-2023-27350 and CVE-2023-27351, were [...]

VMware Resolves Crucial Pwn2Own Zero-Day Exploit Chain

To address zero-day vulnerabilities that might be used to achieve code execution on computers using unpatched versions of VMware’s Workstation and Fusion software hypervisors, the company has provided security upgrades. [...]

Evasive Panda’s Malicious Campaign Exploits Software Update Channels

Evasive Panda's malicious campaign uses the update channels of legitimate Chinese applications to deliver their infamous backdoor, MgBot malware, to unsuspecting victims. Researchers at ESET have recently uncovered a new cyber attack [...]

Code Insight – VirusTotal Launched AI-Powered Malware Analysis Features

An AI-powered code analysis feature was recently launched by VirusTotal, dubbed “Code Insight.” Google Cloud Security AI Workbench’s Sec-PaLM large language model (LLM), optimized for security use cases, powers VirusTotal’s latest [...]

Yellow Pages Canada confirms cyberattack as BlackBasta leaks its data

Yellow Pages Group, a Canadian directory publisher has confirmed to BleepingComputer that it has been hit by a cyber attack. Yellow Pages Data Leaked Black Basta ransomware and extortion gang [...]

New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks

The Service Location Protocol (SLP) is intended to allow the automated discovery of shared services within a local area network (LAN) without the need for prior configuration on the part [...]

Finding Decoy Dog Toolkit via Anomalous DNS Traffic

The ‘Decoy Dog’ malware toolkit, aimed at enterprises, was uncovered recently by the security analysts at Infoblox by analyzing 70 billion DNS records and traffic that differs from typical online [...]

Bumblebee malware: Distributed via Google Ads and used for ransomware attacks

The bumblebee malware, first spotted last year targeting enterprise users is now distributed via SEO poisoning and Google Ads, which promote popular software such as Zoom, Cisco AnyConnect, the Chat GPT and Citrix Workspace. Bumblebee malware [...]

EvilExtractor Stealer Malware Attacks Peaked in March 2023

The attack tool known as Evil Extractor and developed by a company called Kodex as an “educational tool,” has been used by threat actors to target Windows-based machines. What Is [...]

LockBit ransomware encryptors found targeting Mac devices

Researchers at MalwareHunterTeam uncovered a ZIP archive on VirusTotal that was found to contain encryptors for devices running macOS.  What is LockBit ransomware? LockBit is the name of a ransomware targeting Mac [...]

New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware

Researchers are seeing a “significant increase” in attacks deploying the Qakbot malware, which have targeted victims in Germany, Argentina, Italy, Algeria, Spain, the U.S. and other countries with emails containing [...]

How to install the Android 14 Beta on Google Pixel

After a few early developer previews, the Android 14 Beta program has officially arrived. Here’s how to get Android 14 on your Google Pixel smartphone. To enjoy the benefits of [...]

Kyocera: Exploited to distribute malware

The Kyocera Android print app is vulnerable to unauthorized manipulation, providing malicious applications the opportunity to download and potentially install malware on vulnerable people Appliances. The security flaw has been tracked as CVE-2023-25954. Specifically, [...]

Hacked sites are spreading malware using fake Chrome updates

Hackers are once again using fake Google Chrome updates as means to infect unsuspecting users with malware. According to NTT security analyst Rintaro Koike, the attack starts off with the threat [...]

Two New Emergency Patches from Apple

Apple just issued a short, sharp series of security fixes for Macs, iPhones and iPads. The following list of devices has reportedly had the issues fixed, according to the tech [...]

Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the [...]

Microsoft and SAP Release Security Updates to Address Critical Vulnerabilities

The most important of the new notes deals with two critical vulnerabilities in SAP Diagnostics Agent that could be exploited to execute commands on all monitored SAP systems. The bugs [...]

Balada Injector malware campaign: It has infected 1 million WordPress sites

A cyber attack campaign targeting WordPress websites has recently caused significant concern, with experts estimating that up to one million websites may have been compromised.  Sucuri has reported that the Balad Injector campaign [...]

FusionCore – An Emerging Malware-as-a-Service Group in Europe

An up-and-coming cybercrime group, FusionCore, is likely composed of English-speaking European teenagers with distinct skills. All about FusionCore Malicious activities associated with a new and upcoming cybercrime group, dubbed FusionCore, [...]

New Rilide Malware Strikes Chromium-Based Browsers to Steal Cryptocurrency

Researchers discovered a new malware that fakes legitimate Google Drive extensions to inject malicious scripts and steal cryptocurrency. The new Rilide malware targets Chromium-based browsers like Google Chrome, Microsoft Edge, [...]

ALPHV Ransomware Affiliate targets vulnerable backup installations to gain initial access

Mandiant has identified a new affiliate of ALPHV (BlackCat ransomware), identified as UNC4466, that targets publicly exposed Veritas Backup Exec installations that are vulnerable to CVE-2021-27876, CVE-2021-27877, and CVE- 2021-27878 [...]

CryptoClippy: New Clipper malware targets Portuguese crypto users

Portuguese users should be wary of CryptoClippy, a new form of malware targeting them in a malvertising campaign. This malware is capable of stealing cryptocurrency if unsuspecting users are not [...]

By | April 7th, 2023|BOTNET, Compromised, Exploitation, Malware, Targeted Attacks|0 Comments

New Rorschach Ransomware: The Fastest Encryptor

A sophisticated and fast ransomware family, dubbed Rorschach, has emerged in the threat landscape. The ransomware was spotted for the first time when deployed against a U.S.-based company. Its uniqueness [...]

Hackers Exploit WinRAR SFX Archives to Install Backdoors Undetected

Threat actors exploit WinRAR self-extracting (SFX) archives containing decoy files by adding malicious functionality to install backdoors in target systems without detection.  SFX archives, which have been used for legitimate purposes, are [...]

New AlienFox toolkit steals credentials for 18 cloud services

A recently discovered comprehensive toolset dubbed AlienFox toolkit is circulating on Telegram.  It’s a modular set of tools that enables malicious actors to scan for poorly configured servers, potentially leading [...]

QNAP Issues Urgent Warning to Customers Regarding Critical Linux Vulnerability

QNAP, a manufacturer of network-attached storage (NAS) systems, issued a warning to its users regarding a critical vulnerability that can be exploited through the Sudo program for Linux.  CVE-2023-22809 The [...]

Microsoft Bing Search Results Altered Through AAD Misconfiguration

Recently, cybersecurity company Wiz discovered a misconfiguration issue in Azure Active Directory (AAD) that resulted in unauthorized access to several applications, which could have also led to a Bing.com takeover. What is [...]

Mélofée: The latest malware targeting Linux servers

The malware may be linked to another state-sponsored APT group called Earth Berberoka (or GamblingPuppet), which mainly targets gambling websites in China. ExaTrack, a cybersecurity company based in France, recently [...]

Researchers warn of two new variants of potent IcedID malware loader

New IcedID variants found without the usual bank fraud feature. Instead, they appear to be aiming to install additional malware on infected devices. Proofpoint has specified two new versions of [...]

Card Skimming Attack Targets WooCommerce Websites

Online transactions ease our daily lives but also pose a serious risk to both businesses and their customers. Magecart attacks are one of them. Magecart is a type of malware that can [...]

SharePoint Phishing Scam Targets 1600 Across US, Europe

A new Phishing campaign based on legitimate servers from the Microsoft SharePoint platform aims at least 1600 people throughout the Europe, the USA and other areas around the world using one native notification mechanism. Kaspersky security researchers described the findings in [...]

Nexus Android Malware targets customers of 450 financial institutions worldwide

The recently evolved version of Nexus has targeted more than 450 banks and cryptocurrency services. Multiple threat actors are already found to be using Nexus to conduct fraudulent campaigns. About [...]

The new HinataBot botnet could launch massive DDoS attacks

Researchers have discovered a new DDoS botnet capable of launching attacks with data volumes reaching several Tbps. Akamai said the malware itself was christened “Hinata” by its author after a character [...]

SAP Fixes Multiple Critical Vulnerabilities on March 2023 Patch Day

SAP has recently fixed 19 vulnerabilities as part of its March 2023 patch day. Five vulnerabilities are rated critical and have also been labeled “hot news” by the vendor. The critical vulnerabilities [...]

Android malware “FakeCalls” targets financial firms in South Korea

A new Android vishing (voice phishing) malware tool called “FakeCalls” has been detected targeting victims in South Korea by impersonating 20 leading financial institutions in the region. Dubbed “FakeCalls” by the Check [...]

Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection

A piece of malware designed to load Cobalt Strike beacons onto victim machines has been traced back to both Chinese and Russian threat actors. SILKLOADER Malware Finnish security vendor WithSecure claimed in [...]

Microsoft fixes Windows zero-day exploited in ransomware attacks

Microsoft fixed zero-day vulnerability that malicious actors were exploiting to bypass its anti-malware service windows smart screen based on cloud and deliver ransomware payloads Magniber without any warning. About CVE-2023-23397 “CVE-2023-23397 is a critical EOP Vulnerability [...]

GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks

A recently identified Golang-based botnet is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services, Palo Alto Networks reports. How GoBruteforcer works and what devices it targets Cybersecurity researchers [...]

Clop ransomware: Breached companies via GoAnywhere MFT zero-day

The gang behind it Clop ransomware has begun extorting companies whose data were stolen thanks to the use of a zero-day vulnerability in your file sharing solution Fortra GoAnywhere MFT. The Clop ransomware gang, responsible for [...]

Xenomorph Android malware: Now stealing data from 400 banks

A new version of the Xenomorph Android malware has been released with increased malicious capabilities, such as the Automatic Transfer System framework and the ability to steal credentials from 400 [...]

Proof-of-Concept released for critical Microsoft Word RCE bug

A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available. Joshua [...]

Google Is Giving VPN Access to Every Google One Subscriber

Google is announcing more features that are being expanded to include all Google One subscribers.  What is the new addition ? The new additions include VPN access for every Google [...]

Dangerous emotet botnet resumes email activity

Successful compromises by the notorious Emotet malware are occurring again. After several months of inactivity, the botnet resumed its email activity on 07.03.2023.  Emotet is one of the most well-known [...]

The rise of phishing scams and how to avoid them

Cybersecurity scams continue to be on the rise. As scammers get smarter, it’s important to stay up to date on the latest trends. One of the best things you can [...]

Apple iOS 16.4: new features!

Apple is in the process of being finalized iOS 16.4 for its official public release this spring! If all goes according to plan, users can expect access to a variety of new and [...]

Google announces new features for Android and Wear OS

Google has announced a slew of new features for Android, Chromebook and Wear OS that are designed to improve connectivity, productivity and accessibility.  Google new features: Once you install the latest update [...]

DoppelPaymer ransomware: Two key gang members targeted by authorities

An international law enforcement operation has led to the arrests of suspected core members of the prolific DoppelPaymer ransomware operation. The operation included "raids" on many locations in the two countries during the past [...]

Aruba Networks fixes six critical vulnerabilities in ArubaOS

Aruba Networks has issued a security advisory addressing six critical vulnerabilities that exist in various versions of its proprietary operating system – ArubaOS. Aruba Networks, formerly known as Aruba Wireless [...]

Bitdefender releases MortalKombat decryptor to help recover your files

Cybersecurity company Bitdefender has recently announced the release of a new decryptor for the MortalKombat ransomware. The decryptor is now available for download and can help victims of ransomware to recover [...]

New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware

Exfiltrator-22 is a new post-exploitation kit that can spread ransomware undetected. Researchers speculate that the creators of this kit are former LockBit 3.0 affiliates, experts in anti-analysis and defense evasion. [...]

Critical vulnerabilities in Houzez WordPress theme lead to privilege escalation attacks

Two critical severity vulnerabilities in the Houzez theme and plugin for WordPress are actively being exploited to hijack websites. The vulnerabilities, tracked as CVE-2023-26540 and CVE-2023-26009 are both privilege escalation flaws having a CVSS [...]

Beware! New WhiteSnake Malware Attack Windows & Linux Users

The Cyber Research and Intelligence Labs have recently identified a novel malware variant known as the “White Snake” Stealer, which has the potential to cause significant harm to computer systems [...]

Hydrochasma hackers target medical research labs

A new threat actor has been seen targeting shipping companies and medical laboratories in Asia with phishing emails. Dubbed "Hydrochasma" by Symantec cybersecurity researchers, the threat actor appears to have had [...]

VMware Fixes Critical Vulnerability in Carbon Black App Control (CVE-2023-20858)

VMware has fixed a critical vulnerability (CVE-2023-20858) in Carbon Black App Control, its enterprise solution for preventing untrusted software from executing on critical systems and endpoints. Affected Carbon Black App [...]

Exploit released for critical Fortinet RCE flaws, patch now

Security researchers have released a proof-of-concept exploit for a critical vulnerability (CVE-2022-39952) in Fortinet's FortiNAC network access control suite. The vulnerability has been detected in FortiNAC versions 9.4.0, 9.2.0 through [...]

New Stealc malware emerges with a wide set of stealing capabilities

A new information stealer advertised as "Stealc" has been discovered by Sekoia researchers. Security researchers at cyber threat intelligence company SEKOIA spotted the new strain in January and noticed it started to gain tractionin [...]

Samsung has created a zero-click antivirus for messages

Samsung has introduced a new Message Guard security feature for its Galaxy range of smartphones and tablets that can better protect users against “zero-click” cyberattacks disguised as image attachments in [...]

By | February 21st, 2023|Internet Security, Mobile Security, Security Advisory, Security Update, Tips|0 Comments

GODADDY CLAIMS HACKERS STOLE SOURCE CODE AND PUT MALWARE ON ITS SERVERS

GoDaddy, a web hosting company, has disclosed that during a multi-year period, hackers broke into its systems, planted malware on its network, and stole some of its source code. The [...]

Fuser-master: Compromises WordPress Sites

WordPress is an immensely popular content management system (CMS) powering over 43% of all websites. Many webmasters will monetize their sites by running ads and need to draw particular attention to [...]

Microsoft Exchange ProxyShell flaws exploited in new crypto-mining attack

ProxyShellMiner is being distributed to Windows endpoints by a very elusive malware operation, according to Morphisec. ProxyshellMiner Malware ProxyShell is the name of three Exchange vulnerabilities discovered and fixed by [...]

Cloudflare Thwarts Largest DDoS Attack on Record: 71M Requests

Cloudflare stated that it had managed to mitigate multiple “hyper-volumetric” DDoS attacks that originated from more than 30,000 IP addresses. The 71 rps attack is 35% higher than the previous DDoS attack [...]

Microsoft Patch Tuesday February: Fixes over 75 vulnerabilities

Microsoft released it Patch Tuesday for February 2023 correcting over 75 security vulnerabilities, which include all three zero-day bugsthat have been used in attacks. Five of the others flaws which earned a 9.8 CVSS score [...]

RedEyes: Uses M2RAT malware to steal data from Windows and phones

RedEyes Hacking Group (aka APT37), a threat group known for its cyber espionage activities, has recently adopted a new tactic in its efforts to collect intelligence from targeted individuals.  This [...]

MortalKombat ransomware: Targets systems in the US

Hackers running a new financially motivated campaign are using a variant of the Xortist ransomware called 'MortalKombat', along with the Laplas clipper in cyberattacks. How it targets ? Infected computers [...]

7 Types of Social Engineering Attacks Targeting You

Social engineering has been an observable phenomenon since the beginning of history. People with something to gain have always found avenues to manipulate others’ fears or willingness to trust. In [...]

Malicious PyPi packages contained the W4SP Stealer malware

Five malicious packages were found on the Python Package Index (PyPI), stealing passwords, Discord authentication cookies, and cryptocurrency wallets from unsuspecting developers. Having already been acquired by hundreds of software [...]

Patch Released for CVE-2023-25194 RCE Vulnerability in Apache Kafka

A vulnerability addressed by the latest update for Apache Kafka is an unsafe Java deserialization issue that could be exploited to execute code remotely, with authentication. CVE-2023-25194 Tracked as CVE-2023-25194, Apache Kafka [...]

Linux Variant of Cl0p Ransomware Emerges

Cl0p has been one of the most active ransomware families over the past several years, targeting numerous private and public organizations globally, in sectors such as aerospace, energy, education, finance, [...]

ESXiArgs Ransomware Attack Targets VMware Servers Worldwide

The vulnerability, tracked as CVE-2021-21974, is caused by a stack overflow issue in the OpenSLP service that unauthenticated threat actors in low-complexity attacks can exploit.  What is ESXiArgs Ransomware ? ESXiArgs is a [...]

Clop ransomware for Linux: Flaw allows file recovery

The Clop ransomware operation now also uses a variant of the malware that only targets Linux servers, but a flaw in the encryption system allows victims to recover their files [...]

Google Fi data breach let hackers perform SIM swapping

Google Fi, Google’s U.S.-only telecommunications and mobile internet service, has notified customers that personal data was exposed by a data breach at one of its primary network providers. Some of [...]

New HeadCrab Malware Hijacks 1,200 Redis Servers

Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed “HeadCrab”, designed to build a botnet that mines Monero cryptocurrency. New HeadCrab Malware ? [...]

Hackers Use New IceBreaker Malware to Breach Gaming Companies

Hackers have been targeting online gaming and gambling companies with what appears to be a previously unseen backdoor that researchers have named IceBreaker.  Researchers at incident response firm Security Joes believe [...]

New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices

A new exploit called ‘Sh1mmer’ can be used to “unenrolling” enterprise-managed Chromebooks to install apps and bypass device restrictions. What is SH1MMER Exploit? SH1MMER (Shady Hacking 1nstrument Makes Machine Enrollment [...]

Attacks Targeting Realtek SDK Vulnerability Ramping Up

Palo Alto Networks warns of an increase in cyberattacks targeting CVE-2021-35394, a remote code execution (RCE) vulnerability in the Realtek Jungle SDK. The first in-the-wild attacks targeting CVE-2021-35394 were observed days after [...]

Yandex Code Repositories Leaked Allegedly by Former Employee

The threat actor has dumped a whopping 44.7 GB worth of Yandex data, including its source code repository, on a popular hacker forum. Yandex Code Repositories The source code repository [...]

VMware Patches Critical RCE Vulnerabilities in vRealize Log Insight

VMware addresses multiple vulnerabilities, including two rated as critical, in the vRealize Log Insight product. The vRealize Log Insight by VMware is a virtual appliance that allows administrators to gather [...]

Remote Code Execution Vulnerability in Microsoft Teams

Researchers discovered an RCE vulnerability in Microsoft Teams during Pwn2Own 2022. The application is used by a wide range of people, including professionals, and an exploit could cause significant harm to its [...]

Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware

A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) [...]

Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud

Two new vulnerabilities have been found in the Galaxy App Store application allowing local attackers to install arbitrary applications or execute JavaScript by launching a specific web page. The findings [...]

CISA Warns for Vulnerabilities in Industrial Control Systems (ICS)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released several Industrial Control Systems (ICS) advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The [...]

New Backdoor Created Using Leaked CIA’s Hive Malware Discovered in the Wild

Netlab recently released a report confirming that this sample was adapted from the leaked Hive project server source code from the U.S. CIA. This new variant of the HIVE kit, [...]

Attackers Infected a CircleCI Employee with Malware to Steal Customer Session Tokens

Software development service CircleCI has revealed that a recently disclosed data breach was the result of information stealer malware being deployed on an engineer’s laptop. How its infected? According to [...]

RAT malware campaign tries to evade detection using polyglot files

Operators of the StrRAT and Ratty distant entry trojans (RAT) are operating a brand new marketing campaign utilizing polyglot MSI/JAR and CAB/JAR information to evade detection from safety instruments. What [...]

Cacti Patched CVE-2022-46169 Critical RCE Vulnerability

Open-source, web-based network monitoring and graphing tool Cacti received an update recently to fix a critical-severity security vulnerability that enabled executing arbitrary code on a server running Cacti.  CVE-2022-46169 It is an open-source, web-based network [...]

Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App

A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes. What is Threema? Threema's end-to-end inner protocol, the one [...]

Microsoft ends Windows 7 extended security updates on Tuesday

Windows 7 Professional and Enterprise editions will no longer receive extended security updates for critical and important vulnerabilities starting Tuesday, January 10, 2023.  Alongside this, the Redmond company encourages Windows [...]

Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors

Organisations that fell victim to Andromeda, a commodity malware that dates back 12 years, seem to be at risk of compromise by the Moscow-backed advanced persistent threat (APT) group tracked variously [...]

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

South African threat actors known as 'Automated Libra' has been improving their techniques to make a profit by using cloud platform resources for cryptocurrency mining. PURPLEURCHIN first came to light [...]

Synology Fixes a Max Severity RCE Vulnerability in VPN Server Products

"Taiwan-based NAS maker Synology has addressed a maximum (10/10) severity vulnerability affecting routers configured to run as VPN servers.The vulnerability, tracked as CVE-2022-43931, was discovered internally by Synology's Product Security Incident [...]

RCE Vulnerability (CVE-2022-45359) in Yith WooCommerce Gift Cards Plugin Exploited in Attacks

Hackers are actively exploiting a critical vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), affecting the WordPress plugin YITH WooCommerce Gift Cards Premium. CVE-2022-45359 Vulnerability The CVE-2022-45359 vulnerability allows unauthenticated attackers to upload [...]

PyTorch Machine Learning Framework Compromised with Malicious Dependency

The PyTorch team has issued a warning to users who installed PyTorch-nightly over the holidays, advising them to uninstall the framework and the counterfeit 'torchtriton' dependency. Originally developed and released [...]

Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities

Two critical vulnerabilities tracked as CVE-2022-27510 and CVE-2022-27518 still affect thousands of Citrix Application Delivery Controller (ADC) and Gateway devices, NCC Group’s Fox IT team said in a blog post. [...]

APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector

In July 2022, Microsoft made a crucial development to its Office software that blocks macros in Office files attached to email messages. While this block only applies to new versions of [...]

Critical Linux Kernel Vulnerability Let Attackers Execute Remote Code

A critical remote code execution vulnerability (CVE-2022-47939) has been identified in the ksmbd module of the Linux kernel. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux [...]

PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware

PrivateLoader is an active malware in the loader market, used by multiple threat actors to deliver various payloads, mainly information stealer.  The pay-per-install (PPI) malware downloader service PrivateLoader is being used to [...]

GuLoader Malware Utilizing New Techniques to Evade Security Software

Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader.  GuLoader malware GuLoader  is a first-stage trojan designed to infect a system and drop a final payload. Typically other trojans or [...]

CVE-2022-47633 Vulnerability Allows Attackers to Bypass Kyverno Signature Verification

The vulnerability could let attackers introduce malicious code into cloud production environments.  Kyverno’s admission controller offers a signature verification mechanism to ensure that only signed container images can enter a Kubernetes cluster.  The [...]

Vice Society Ransomware Attackers Adopt Robust Encryption Methods

SentinelLabs disclosed that the Vice Society group has adopted a new custom-branded ransomware payload in recent intrusions, dubbed ‘PolyVice,’ which implements an encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms. Vice [...]

LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen

LastPass has confirmed that cybercriminals stole its customers’ encrypted password vaults, which store its customers’ passwords and other secrets, in a data breach earlier this year. LastPass revealed that this repository of customer [...]

ProxyNotShell Vulnerabilities Being Actively Exploited (CVE-2022-41040 and CVE-2022-41082)

Reports says, the zero-day vulnerabilities CVE-2022-41040 and CVE-2022-41082, dubbed ProxyNotShell, are still being actively exploited.  ProxyNotShell vulnerabilities are exploited by adversaries for remote code execution (RCE) in vulnerable Exchange servers in the wild. [...]

Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems

Researchers at Trend Micro have been tracking Raspberry Robin since September and are warning the worm is notable for its 10 layers of obfuscation and its ability to deploy a [...]

Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users

The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called BrasDex that has been observed targeting Brazilian users. What is BrasDex? BraDex is [...]

Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware

Cybersecurity researchers at ReversingLabs have discovered a new malicious package, named ‘SentinelOne,’ on the Python Package Index (PyPI) repository that impersonates a legitimate software development kit (SDK) for SentinelOne. The [...]

Apple patches active exploit vulnerability for iPhones

Apple has confirmed that an iPhone software update it released two weeks ago fixed a zero-day security vulnerability that it now says was actively exploited. The update, iOS 16.1.2, landed on [...]

Microsoft Reevaluates SPNEGO NEGOEX Vulnerability CVE-2022-37958 as Critical

A critical remote code execution vulnerability has been discovered in the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism). CVE-2022-37958 The Vulnerability CVE-2022-37958, has been rated as having a CVSS score [...]

Microsoft CVE-2022-44693: Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft on Tuesday released patches for 48 vulnerabilities in seven Microsoft product families. This includes 6 Critical-class issues affecting Microsoft Dynamics, SharePoint, and Windows. Of the 53 patches released in [...]

Fortinet Released Patch for FortiOS SSL-VPN RCE Vulnerability CVE-2022-42475

Fortinet has released a patch for a critical zero-day security vulnerability affecting its FortiOS SSL-VPN product. The vulnerability could lead to remote code execution and is actively exploited. CVE-2022-42475 CVE-2022-42475 is a heap-based buffer overflow vulnerability in [...]

Amazon ECR Public Gallery flaw could have wiped or poisoned any image

Security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited according to cloud security firm Lightspin. Amazon ECR Public Gallery The Amazon [...]

MegaRAC flaws, IP leak impact multiple server brands

Research team has found three different vulnerabilities in the MegaRAC Baseboard Management Controller (BMC) software. CVE-2022-40259 and CVE-2022-40242 vulnerabilities have CVSS scores of 9.8, while the CVE-2022-2827 vulnerability has a CVSS score of 7.5 on the National Vulnerability [...]

Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware

A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed CHAOS. The potency of the Chaos malware stems from [...]

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver

Secureworks Counter Threat Unit (CTU) researchers are investigating the Drokbk malware, which is operated by a subgroup of the Iranian government-sponsored COBALT MIRAGE threat group. Drokbk Malware The Drokbk malware was detected [...]

Researchers Uncover Darknet Service Allowing Hackers to Trojonize Legit Android Apps

Researchers have shed mild on a new hybrid malware campaign targeting the two Android and Windows running programs in a bid to broaden its pool of victims. “This campaign resulted [...]

Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware

Lazarus hacking group spreads malware using a fake cryptocurrency app called BloxHolder. This made-up brand pretends to offer cryptocurrency applications, tricking users to install AppleJeus malware. AppleJeus malware AppleJeus malware, [...]

New Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network

 Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software. It contains several modules, [...]

Critical Ping bug potentially allows remote hack of FreeBSD systems

A critical stack-based buffer overflow bug, tracked as CVE-2022-23093, in the ping service can allow to take over FreeBSD systems. CVE-2022-23093 The vulnerability exists due to a boundary error within the pr_pack() [...]

GoTo’s Cloud Storage and Dev Environment Breached by Hackers

GoTo, maker of the popular virtual meeting and desktop-sharing software, and its affiliate LastPass confirmed on Wednesday that their shared cloud-storage service was hit by unknown hackers. Remote access company [...]

LastPass breach affects customer data—but not passwords

Password manager LastPass has told customers that some of their information has been accessed in a cybersecurity breach, but says passwords remain safe. LastPass owner LogMeIn stresses that customer passwords have [...]

Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days

Google researchers said on Wednesday they have linked a Barcelona, Spain-based IT company to the sale of advanced software frameworks that exploit vulnerabilities in Chrome, Firefox, and Windows Defender. According [...]

ManageEngine Vulnerability (CVE-2022-40300)

ManageEngine recently patched a SQL injection vulnerability bug in their Password Manager Pro, PAM360, and Access Manager Plus products. CVE-2022-40300 A remote attacker can exploit the vulnerability by sending a [...]

Google discovers Windows exploit framework used to deploy spyware

A Spanish company that offers “tailor made Information Security Solutions” may have exploited vulnerabilities in Chrome, Firefox and the Microsoft Defender antivirus program to deploy spyware, researchers with Google’s Threat [...]

Windows 11 is getting a VPN status indicator in the taskbar

Microsoft already released the big Windows 11 update for the year, 22H2, but the company isn’t slowing down on development. A new feature is now in testing that aims to [...]

Hackers Using Trending TikTok ‘Invisible Challenge’ to Spread Malware

Hackers are always coming up with clever ways to exploit the latest trends, and the latest example leverages a popular TikTok challenge to trick unsuspecting users into installing malware on their devices. The trend, [...]

Amazon addresses vulnerability affecting AWS AppSync

Researchers from security company Datadog discovered a cross-tenant vulnerability in a popular Amazon Web Services (AWS) tool, which Amazon has now addressed. What does the vulnerability do ? The bug allows attackers [...]

Patch now! Google Chrome’s GPU code has a zero-day

Google has released an important update to Chrome web browser that fixes another zero-day vulnerability.  CVE-2022-413 The high-severity flaw has been in existence since 2022 and has been misused by [...]

WhatsApp data leak: 500 million user records for sale

The latest WhatsApp data leak has reportedly affected as many as 80 countries, including Russia, Italy, Egypt, Brazil, Spain, and more. The list also includes India. Threat actor claims there [...]

Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware

Researchers at SEKOIA identified 7 traffers teams on Dark Web forums that announced the availability of the Aurora Stealer in their arsenal, a circumstance that confirms the increased popularity of [...]

Ducktail Malware Operation Evolves with New Malicious Capabilities

A Vietnam-based hacking operation dubbed "Ducktail" is targeting individuals and companies operating on Facebook's Ads and Business platform. Ducktail Ducktail has been around since 2021, and is attributed to a [...]

Google Chrome extension used to steal cryptocurrency, passwords

A Google Chrome extension named "VenomSoftX" is being used to steal cryptocurrency from wallets and breach passwords. The malware has been tracked over 93,000 times so far in 2022. What does VenomSoftX do? [...]

New AXLocker Ransomware Steals Victims’ Discord Tokens

Security researchers have warned of a new ransomware variant that not only encrypts the victim’s files but also attempts to steal data by enabling a Discord account takeover (ATO). AXlocker [...]

Notorious Emotet Malware Returns With High-Volume Malspam Campaign

The Emotet malware-delivery botnet is back after a short hiatus, quickly ramping up the number of malicious emails it's sending and sporting additional capabilities, including changes to its binary and [...]

Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign

Security researchers have uncovered a sophisticated phishing campaign using tens of thousands of malicious domains to spread malware and generate advertising revenue. Fangxiao Fangxiao- The threat actor has been active [...]

North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor

North Korea-linked APT Lazarus is using a new version of the DTrack backdoor to attack organizations in Europe and Latin America, Kaspersky researchers warn. What is Dtrack backdoor? DTrack allows criminals to upload, [...]

F5 Released Hotfixes for BIG-IP and iControl REST Vulnerabilities

The vulnerability CVE-2022-41622 makes BIG-IP and BIG-IQ vulnerable to unauthenticated remote code execution (RCE) via cross-site request forgery due to Big-IP’s SOAP API lacking CSRF protection and other protective measures. CVE-2022-41622 and CVE-2022-41800 Vulnerabilities An attacker may trick [...]

Critical vulnerability in Spotify’s Backstage discovered, patched

A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is all [...]

Windows Kerberos authentication breaks after November updates

Microsoft on Sunday reported that after installing updates released on the most recent Patch Tuesday on Nov. 8, security teams might have issues with Kerberos authentication on Windows Servers with [...]

Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign

Security researchers have spotted an intriguing malware campaign designed to increase the search engine rankings of spam websites under the control of threat actors. Over 15,000 WordPress and other sites have [...]

New “Earth Longzhi” APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders

A new APT group, Earth Longzhi, reportedly targeted organizations in East Asia, Southeast Asia, and Ukraine using a Cobalt Strike loader. The group, active since at least 2020, is considered [...]

Warning: New Massive Malicious Campaigns Targeting Top Indian Banks’ Customers

Trend Micro researchers observed an uptick in attacks targeting bank customers in India, the common entry point being a text message with a phishing link. The SMS content urges the [...]

Several Cyber Attacks Observed Leveraging IPFS Decentralized Network

A new web3 technology is being abused widely by threat actors, according to security researchers from tech giant Cisco. What is IPFS ? The InterPlanetary File System (IPFS) is a [...]

Microsoft November 2022 Patch Tuesday Fixed 11 Critical Vulnerabilities and 6 Zero-Days

Microsoft November 2022 Patch Tuesday has been released with patches for a total of 68 vulnerabilities, which include 6 actively exploited zero days and 11 critical vulnerabilities. Microsoft has fixed [...]

New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader

Threat actors have developed a new approach to deceive cryptocurrency users. They are using Laplas Clipper, a new feature-rich clipboard stealer that allows hackers to gain more control and insights [...]

Experts Find URLScan Security Scanner Inadvertently Leaks Sensitive URLs and Data

Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable on urlscan.io, a security tool used to analyze URLs. What is urlscan.io? [...]

Robin Banks Phishing Service for Cybercriminals Returns with Russian Server

A phishing-as-a-service (PhaaS) platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. DDoS-Guard takes over from Cloudflare after the latest caused a [...]

Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers

A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 (aka Carbanak) group. Black Basta has [...]

OpenSSL Announced Two High-Severity Vulnerabilities Are Fixed

OpenSSL released patches for two vulnerabilities that have caused widespread concern among cybersecurity experts and researchers over the last week and a half. OpenSSL is a commonly used code library [...]

Emotet botnet starts blasting malware again after 5 month break

The malicious program operators have been silent for five months and have now again started to spam emails with malicious programs after the vacation. Emotet is the malware typically spread [...]

A New Rising Social Engineering Trend: Callback Phishing

Callback phishing emerged as a hybrid social engineering technique that combines phishing and vishing. The phishing technique used to steal sensitive data or transmit harmful packages via email and vishing. Malicious attachments [...]

Fodcha DDoS Botnet Resurfaces with New Capabilities

Researchers have discovered a new version of the Fodcha DDoS botnet, featuring upgrades to deter analysis by security researchers and the ability to inject ransom demands into packets. Fodecha DDOS [...]

Actively exploited Windows MoTW zero-day gets unofficial patch

A free unofficial patch is available for a Mark-of-the-web (MoTW) security vulnerability impacting Windows 10 and 11, Bleeping Computer reports. The actively exploited zero-day flaw lets files signed with malformed signatures [...]

Chrome issues urgent zero-day fix – update now!

Google has announced an update for Chrome issues that fixes an in-the-wild exploit. Mitigation for chrome issues If you’re a Chrome user on Windows, Mac, or Linux, you should update as soon [...]

Newly Unsealed Indictment Charges the Operator of Raccoon Infostealer

U.S. officials have charged a Ukrainian national over his alleged role in the Raccoon Infostealer malware-as-a-service operation that infected millions of computers worldwide. The U.S. Department of Justice accused Sokolovsky [...]

By | October 28th, 2022|infostealer, Malware, Security Advisory, Security Update|0 Comments

Microsoft links Raspberry Robin worm to Clop ransomware attacks

Microsoft has discovered recent activity that links the Raspberry Robin worm to human-operated ransomware attacks.  The experts noticed that threat actors tracked as DEV-0950 used Clop ransomware to encrypt the network of organizations previously [...]

Windows 10 KB5018482 update released with nineteen improvements

Despite the release of Windows 11 this early October, there have been updates for Windows 10, still. There are 19 improvements released in the KB5018482 Preview cumulative update for Windows [...]

By | October 27th, 2022|Security Advisory, Security Update, Tips, windows|0 Comments

Apple Releases Patch for Exploited Zero-Day

Apple on Monday disclosed and patched a kernel-level zero-day vulnerability affecting many of its iOS devices. The severity of the flaw is unknown, and the bug was submitted by an [...]

By | October 27th, 2022|apple, Malware, Security Advisory, Security Update, vulnerability|0 Comments

22 Years Old Vulnerability in SQLite Allows Arbitrary Code Execution

The security expert Andreas Kellas detailed a high-severity vulnerability, tracked as CVE-2022-35737 (CVSS score: 7.5), in the SQLite database library, which was introduced in October 2000. The CVE-2022-35737 flaw is an integer [...]

SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan

SideWinder, a prolific nation-state actor mainly known for targeting Pakistan military entities, compromised the official website of the National Electric Power Regulatory Authority (NEPRA) to deliver a tailored malware called WarHawk. [...]

New Prestige Ransomware Targeting Polish and Ukrainian Organizations

The Prestige ransomware first appeared in the threat landscape on October 11 in attacks occurring within an hour of each other across all victims. A notable feature of this campaign [...]

Venus Ransomware targets publicly exposed Remote Desktop services

The malicious actors behind the relatively new Venus ransomware are hacking publicly exposed Remote Desktop Services to encrypt Windows devices. Venus Ransomware The Venus Ransomware seems to have started operating [...]

New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos

Telecommunications and IT company providers in the Middle East and Asia are currently being specific by a beforehand undocumented Chinese-talking menace team dubbed WIP19. "Throughout this activity, the threat actor [...]

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

A beforehand undocumented command-and-manage (C2) framework dubbed Alchimist is most likely currently being used in the wild to focus on Windows, macOS, and Linux devices. The Alchimist C2 can generate [...]

Aruba Released Patches for EdgeConnect’s Critical Vulnerabilities

Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator that can be exploited by remote attackers to compromise the vulnerable host. According to the company, a network-based attacker [...]

Critical RCE Vulnerability with Max CVSS Score in VM2 Sandbox Library

A critical vulnerability in vm2 might let a remote attacker bypass the sandbox environment and execute shell commands on the device hosting the sandbox.  About the Vulnerability The most widely used Javascript sandbox library is vm2, which receives [...]

By | October 12th, 2022|Security Advisory, Security Update, Tips, vulnerability|0 Comments

Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs

Microsoft released fixes for a Windows zero-day and a publicly disclosed vulnerability on October Patch Tuesday but security updates for two Exchange Server zero-days discovered last month are still in [...]

By | October 12th, 2022|Microsoft, Security Advisory, Security Update|0 Comments

Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky

A brand new piece of analysis has detailed the more and more refined nature of the malware toolset employed by a sophisticated persistent risk (APT) group named Earth Aughisky. Earth Aughisky [...]

Unpatched RCE Vulnerability in Zimbra Actively Exploited

Zimbra-CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation. The vulnerability is due to the method (cpio) in which Zimbra’s antivirus [...]

By | October 10th, 2022|Security Advisory, Security Update, vulnerability|0 Comments

LilithBot Malware, a new MaaS offered by the Eternity Group

Zscaler researchers linked a recently discovered sample of a new malware called LilithBot to the Eternity group. What is LilithBot Malware? LilithBot, a multipurpose malware sample, was found by ThreatLabz. Further investigation [...]