Home 2017-08-28T17:57:09+05:30

BadPack Malware for Android Infects APK Installers

New research reveals a novel approach to hiding malware in APK installers. Adversaries manipulate the file header to circumvent protection and make analysis much more difficult. The peak usage of [...]

By | July 21st, 2024|Android malware, BOTNET, Compromised, Malware, Tips|0 Comments

Hackers Claim Dettol Data Breach Affects 453,646 Users

Threat actor ‘Hana’ claims to have breached Dettol India, affecting 453,646 users, according to a FalconFeedsio post on X. Dettol Data Breach The post reveals that the breach exposed user [...]

CrowdStrike Update Leads to Widespread Windows BSOD Crashes

A recent CrowdStrike update has caused widespread Blue Screen of Death (BSOD) errors on Windows machines. The issue affects multiple versions of the company’s sensor software, prompting an urgent investigation [...]

By | July 19th, 2024|Internet Security, Security Advisory, Security Update, windows|0 Comments

New TE.0 HTTP Request Smuggling Vulnerability Affects Google Cloud Websites

HTTP Request Smuggling exploits differences in how web servers and intermediaries handle HTTP request sequences. Attackers craft malicious requests to manipulate the processing order, potentially leading to unauthorized access, security [...]

ShadowRoot Ransomware Targets Businesses with Weaponized PDFs

X-Labs identified ransomware targeting Turkish businesses through PDF attachments in emails from the internet[.]ru domain. These PDFs contain links that download exe payloads, encrypting files with the ".shadowroot" extension. This [...]

By | July 17th, 2024|Ransomware, Security Advisory, Security Update, Tips|0 Comments

Poco RAT uses 7zip files via Google Drive for attacks

In early 2024, Cofense researchers discovered Poco RAT, a malware specifically targeting Spanish-speaking individuals in the mining industry. It spreads through Google Drive-hosted 7zip archives, effectively masking its malicious activities. [...]

HardBit Ransomware Evades Detection with Passphrase Protection

In 2022, HardBit Ransomware 4.0 emerged, differing from typical groups by avoiding leak sites and double extortion. Their tactics include data theft, encryption, and ransom demands with additional threats. Cybereason [...]

By | July 17th, 2024|Ransomware, Security Advisory, Security Update, Tips|0 Comments

Pinterest Data Leak: Hackers Claim Access to 60M Records

Pinterest, with over 518 million users, faces a potential data leak. Hacker "Tchao1337" claims to have leaked 60 million rows of user data on a forum. The 1.59 GB database [...]

Juniper Junos Flaw Allows Full ‘Root’ Access to Attackers

Hackers target Juniper Junos due to its extensive use in business networking, making it a prime target for accessing valuable systems. Its prominence in large organizations means successful breaches can [...]

FishXProxy amplifies phishing attacks with cunning and deceptive tactics

Imagine receiving an email that appears completely legitimate. This is the deceptive capability of the new FishXProxy Phishing Kit, an advanced toolkit emerging from underground cybercrime circles. FishXProxy bypasses traditional [...]

Hackers Using ClickFix Tactics to Deploy Malware

McAfee Labs researchers have identified a sophisticated malware delivery method, "ClickFix," using advanced social engineering to trick users into executing malicious scripts, leading to severe security breaches. This article explores [...]

Microsoft Patches 3 Critical Vulnerabilities in July Update

Microsoft's July security update addresses 142 vulnerabilities, including one already being exploited. This update is part of Microsoft's regular "Patch Tuesday" release. MICROSOFT FIXES 3 CRITICAL FLAWS IN PATCH TUESDAY [...]

Chinese APT40 Exploits New Vulnerabilities Within Hours

International cybersecurity agencies have issued a warning about APT40, a PRC state-sponsored cyber group linked to the Ministry of State Security. Based in Hainan Province, APT40 has targeted global organizations, [...]

By | July 10th, 2024|Security Advisory, Security Update, Tips, vulnerability|0 Comments

Eldorado Ransomware Targets Windows and Linux Systems

Ransomware-as-a-service (RaaS) has evolved into a sophisticated, enterprise-like model. From 2022 to 2023, ransomware ads on the dark web increased by 50%, with 27 identified ads. The RAMP forum became [...]

Jenkins Script Console used for cryptocurrency mining attacks by hackers

Researchers discovered that attackers can exploit improperly configured Jenkins Script Console for criminal activities like cryptocurrency mining. "Misconfigurations, such as weak authentication settings, expose the '/script' endpoint," noted Trend Micro's [...]

Ghostscript Rendering Platform Flaw Enables Remote Code Execution

A critical vulnerability, CVE-2024-29510, has been discovered in the Ghostscript rendering platform. This format string flaw affects versions up to 10.03.0, allowing attackers to bypass the -dSAFER sandbox and execute [...]

By | July 9th, 2024|RCE Flaw, Security Advisory, Security Update, vulnerability|0 Comments

Info-Stealing Malware Posing as Accessibility Tools and Chrome Extensions

The first half of 2024 has witnessed a notable surge in info-stealing malware masquerading as AI tools and Chrome extensions. This trend underscores cybercriminals' growing sophistication and adaptability, leveraging emerging [...]

Orcinius Trojan Targets Users Through Dropbox & Google Docs

A new multi-stage trojan, "Orcinius," exploits Dropbox and Google Docs. It starts with an Excel spreadsheet containing a 'VBA stomping' macro. When executed, this macro hooks into Windows, enabling the [...]

ScreenConnect Remote Access Client Exploited by Hackers to Deploy AsyncRAT

eSentire’s Threat Response Unit (TRU) has uncovered a sophisticated campaign in which threat actors exploit the ScreenConnect remote access client to deliver the AsyncRAT trojan, revealing the evolving tactics of [...]

Hackers Exploit Twilio API to Verify MFA Phone Numbers

A vulnerability in an unauthenticated endpoint allowed threat actors to identify phone numbers associated with Authy accounts. The endpoint has since been secured to prevent unauthorized access. Although there is [...]

FakeBat Malware Targets AnyDesk, Zoom, Teams & Chrome

Hackers are targeting and weaponizing AnyDesk, Zoom, Teams, and Chrome due to their widespread use across multiple sectors, providing access to sensitive information. Cybersecurity researchers at Sekoia have identified FakeBat [...]

RegreSSHion OpenSSH Vulnerability Enables RCE

A newly discovered OpenSSH vulnerability, dubbed regreSSHion, allows remote attackers to gain root privileges on Linux systems using the glibc library. This flaw lets unauthenticated attackers execute arbitrary code and [...]

CapraRAT Mimics Popular Apps to Attack Android Users

Transparent Tribe (aka APT36), active since 2016, uses social engineering to target Indian government and military personnel. Recently, their CapraRAT has been mimicking popular Android apps to attack Android users, [...]

Google Offers $250,000 for Full VM Escape Zero-Day Vulnerability

Google has launched kvmCTF, a new vulnerability reward program targeting the Kernel-based Virtual Machine (KVM) hypervisor. Announced in October 2023, this initiative underscores Google's commitment to securing key technologies like [...]

Malware Spreading via Binance Smart Contracts Blockchain

Cybercriminals are exploiting Binance smart contracts as intermediary C2 servers, favoring them due to their resilience against takedowns. Initially used for deploying infostealers, these smart contracts have potential applications for [...]

New GrimResource Attack Technique Exploits MMC and DLL Flaw

A new malicious code execution technique, GrimResource, targets Microsoft Management Console. Attackers exploit an old cross-site scripting vulnerability to bypass defenses and deploy malware to endpoints. GrimResource Attack Technique On [...]

Critical OpenSSH Flaw Puts Millions of Linux Servers at Risk

A critical vulnerability in OpenSSH, affecting versions 8.5p1 to 9.7p1, has been discovered, potentially exposing millions of Linux systems to arbitrary code execution attacks. This flaw in the sshd(8) component [...]

Beware of the “TRANSLATEXT” Chrome Extension from North Korean Hackers

Hackers exploit Chrome extensions to embed malware, gather personal data, display pop-ups, change URLs, and manipulate the browser. Zscaler ThreatLabz detected new activity by Kimsuky, a North Korean state-sponsored APT [...]

Xeno RAT is actively targeting users via GitHub repositories and .gg domains.

Threat actors leverage RATs for sustained access to compromised systems, facilitating prolonged espionage and exploitation. North Korean hackers and other threat actors targeting the gaming community are distributing XenoRAT via [...]

PoC Released for SQL Injection in Fortra FileCatalyst

A PoC exploit for the SQL Injection vulnerability CVE-2024-5276 in Fortra FileCatalyst Workflow has been released, affecting versions up to 5.1.6 Build 135. CVE-2024-5276 The SQL Injection vulnerability, discovered on [...]

Critical Vulnerability in MOVEit Transfer Allowed Hackers to Access Files

A critical vulnerability, CVE-2024-5806, in MOVEit Transfer software poses severe risks to organizations relying on it for secure data transfers. This flaw, found in versions 2023.0.0 to 2023.0.10, 2023.1.0 to [...]

Threat Actor Claims Zero-Day Sandbox Escape and RCE in Chrome Browser

A threat actor has publicly claimed a zero-day vulnerability in the widely-used Google Chrome browser. The account MonThreat, known for credible cybersecurity disclosures, made this claim via a tweet. All [...]

Linux LPE Zero-Day Exploit via GRUB Bootloader

A new threat actor has surfaced, claiming a zero-day vulnerability in the Linux GRUB bootloader for local privilege escalation (LPE). This has sparked considerable concern in the cybersecurity community, with [...]

SneakyChef and SugarGhost, newly identified RAT malware strains

Talos Intelligence has uncovered a sophisticated cyber campaign orchestrated by the threat actor SneakyChef. This operation utilizes the SugarGh0st RAT and other malware to target government agencies, research institutions, and [...]

Microsoft Power BI Vulnerability Exposes Organizations’ Sensitive Data

A Microsoft Power BI vulnerability allows unauthorized access to sensitive data in reports, affecting tens of thousands of organizations and exposing employee, customer, and confidential information. Attackers can exploit this [...]

New Linux Variant of RansomHub Targets ESXi Systems

Hackers frequently target ESXi systems due to their extensive use in managing enterprise virtualized infrastructure, making them attractive targets. Exploiting security flaws in ESXi, threat actors can deploy ransomware and [...]

New Security Flaw Enables Access to Microsoft Corporate Email Accounts

A new security flaw allows attackers to impersonate Microsoft corporate email accounts, increasing phishing risks. Discovered by researcher Vsevolod Kokorin (Slonser), the bug remains unpatched by Microsoft. Kokorin revealed the [...]

Hackers Use Progressive Web Apps to Steal Passwords

Hackers are increasingly exploiting Progressive Web Apps (PWAs) for sophisticated phishing attacks to steal user credentials, as highlighted by security researcher mr.d0x. PWAs, built using HTML, CSS, and JavaScript, offer [...]

Hackers Use Windows Installer (MSI) Files to Spread Malware

Cybersecurity researchers have uncovered a sophisticated malware campaign by the Void Arachne group, targeting Chinese-speaking users with malicious Windows Installer (MSI) files. Void Arachne targets Chinese-speaking users using SEO poisoning [...]

Chrome Security Update: Fixes for Six Vulnerabilities

Google has released a new Chrome browser update, version 126.0.6478.114/115 for Windows and Mac, and 126.0.6478.114 for Linux. This update, rolling out over the coming days and weeks, addresses multiple [...]

Hackers are using new techniques to target Docker API

The Spinning YARN attackers have initiated a fresh cryptojacking campaign, focusing on publicly exposed Docker Engine hosts. They utilize new binaries like chkstart for remote access with payload execution, exeremo [...]

Hidden Backdoor in D-Link Routers Lets Attackers Log in as Admin

A critical vulnerability in several D-Link wireless router models allows unauthenticated attackers to gain administrative access. The CVE-2024-6045 vulnerability has a high severity CVSS score of 8.8. All about the [...]

Lumma Stealer Spreads Through Fake Browser Updates Using ClearFake

Recent research uncovered websites deploying Lumma Stealer disguised as browser updates. These sites, posing as tutorial pages with legitimate-looking guides, open a malicious JS iframe using the ClearFake framework. Some [...]

Microsoft Patches Critical MSMQ Flaw

On Patch Tuesday, June 11, 2024, Microsoft fixed numerous flaws, including a remote code execution vulnerability in Microsoft Message Queuing (MSMQ) affecting various Windows and Windows Server versions, even those [...]

By | June 14th, 2024|BOTNET, Exploitation, Microsoft, vulnerability|0 Comments

Beware: WARMCOOKIE Backdoor Knocking at Your Inbox

WARMCOOKIE is a new Windows backdoor delivered via a phishing campaign called REF6127. It can take screenshots, deliver additional payloads, and fingerprint systems. "This malware is a serious threat, enabling [...]

0-Day Vulnerability in 10,000 Web Apps Exploited with XSS Payloads

A significant vulnerability, CVE-2024-37629, has been discovered in SummerNote 0.8.18, allowing Cross-Site Scripting (XSS) via the Code View function. Summernote is a JavaScript library for creating WYSIWYG editors online. An [...]

Hackers Exploit Linux SSH Services to Deploy Malware

SSH and RDP provide remote server access (Linux and Windows respectively) for administration. Both protocols are vulnerable to brute-force attacks if strong passwords and access controls are not used. Attackers [...]

Critical Flaw in Apple Ecosystems Allows Unauthorized Access

Hackers target Apple due to its large user base and wealthy customers, including business people and managers with important information. Despite strong security measures, Apple remains a target because valuable [...]

SSLoad Malware Utilizes MSI Installer to Initiate Delivery Chain

Malware distributors exploit MSI installers because Windows OS inherently trusts them to run with administrative rights, bypassing security controls. This makes MSI files a convenient method for disseminating ransomware, spyware, [...]

Biometric Terminal Exposed to QR Code SQL Injection Vulnerability

A popular ZKTeco biometric terminal has critical vulnerabilities, including an SQL injection flaw via QR codes. This discovery raises serious concerns about the security of widely used biometric access control [...]

EmailGPT Vulnerability Exposes Sensitive Data to Attackers

A new prompt injection vulnerability, CVE-2024-5184, has been found in EmailGPT, the service and Chrome plugin that assists Gmail users in composing emails with OpenAI's GPT model. This vulnerability allows [...]

PoC Exploit Released for Veeam Authentication Bypass Flaw

A PoC exploit has been released for the critical Veeam Backup Enterprise Manager authentication bypass vulnerability, CVE-2024-29849, with a CVSS score of 9.8. This article explores the vulnerability, exploit, and [...]

Muhstik Malware Attacks Apache RocketMQ for Remote Code Execution

Apache RocketMQ, a widely used messaging system for handling high volumes of data and critical operations, often attracts hackers. Exploiting RocketMQ vulnerabilities allows attackers to disrupt communications, access sensitive information, [...]

Fog Ransomware Targets Windows Servers Admins for RDP Logins

The new 'Fog' ransomware targets US education and recreation businesses. Attackers used compromised VPN credentials from two different providers to access victim environments. They employed pass-the-hash attacks on administrator accounts [...]

Cisco Webex Meetings Flaw Enables Unauthorized Access

Cisco disclosed a major security vulnerability in its Webex Meetings platform, affecting some customers in its Frankfurt data center since early May 2024. The vulnerability in Cisco Webex Meetings, found [...]

Caution: Phishing Emails Urging Execution via Paste (CTRL+V)

Phishing attackers distribute email attachments with malicious HTML files designed to exploit users into running the code by prompting them to paste and execute it, leveraging social engineering. A phishing [...]

Security Vulnerability in Zyxel NAS Devices Enables Remote System Takeover

Zyxel has identified and released security patches for critical vulnerabilities affecting their NAS326 and NAS542 devices. These vulnerabilities, known as command injection and remote code execution, could allow attackers to [...]

Hackers Use Cracked MS Office Versions to Deliver Malware

In South Korea, attackers distribute malware disguised as cracked software, including RATs and crypto miners, and register themselves with the Task Scheduler for persistence. Even after initial removal, the Task [...]

FlyingYeti Uses WinRAR Flaw for Malware Attacks

Since Russia's invasion of Ukraine on February 24, 2022, tensions have been high globally. Following the invasion, Ukraine imposed a moratorium on utility service evictions and terminations for unpaid debt, [...]

Citrix Workspace App Lets Attackers Elevate Privileges from User to Root

A critical vulnerability in the Citrix Workspace app for Mac, tracked as CVE-2024-5027, could allow attackers to elevate privileges from a local authenticated user to root. This poses a significant [...]

Cybercriminals are Using Microsoft Office Documents to Spread Malware in Business Environments

Microsoft Office provides tools for creating professional reports, college essays, CVs, and notes on Office 365. It offers text and data editing features, including macros and Python scripting in Excel, [...]

Foxit PDF Reader and Editor Flaw Enables Privilege Escalation

A new privilege escalation vulnerability (CVE-2024-29072, severity 8.2 High) has been discovered in multiple versions of Foxit PDF Reader for Windows. Foxit has fixed the issue and published a security [...]

New Embargo Ransomware Discovered, Potential ALPHV Rebirth

A new ransomware strain called Embargo, written in Rust, has surfaced with its Darknet infrastructure. Using double extortion tactics, it resembles the recently seized ALPHV group. The novice gang already [...]

TP-Link Archer C5400X Router Flaw Allows Remote Hacking

Hackers frequently target routers, the gateways connecting devices and networks to the internet, because they are often neglected for security updates. Cybersecurity researchers at OneKey recently discovered a flaw in [...]

Hackers Can Exploit Apple’s Wi-Fi Positioning System to Track Users Globally

A recent study by University of Maryland security researchers revealed a major privacy vulnerability in Apple’s Wi-Fi Positioning System (WPS). This flaw allows hackers to globally track Wi-Fi access points [...]

PoC Exploit Out for Critical Git RCE Vulnerability

A critical vulnerability in Git, known as CVE-2024-32002, has recently emerged, posing substantial risks to users of this popular version control system. This vulnerability facilitates remote code execution (RCE) during [...]

GHOSTENGINE Malware Exploits Drivers to Terminate EDR Agents

Researchers discovered REF4578, an intrusion set that exploits vulnerable drivers to disable EDRs for crypto mining and deploys the GHOSTENGINE malware. GHOSTENGINE manages the machine’s modules, primarily using HTTP to [...]

Microsoft Reveals New Windows 11 Features for Enhanced Security

Microsoft is focusing on security in Windows, introducing Secured-Core PCs against hardware to cloud attacks and expanding passwordless options with passkeys for better identity protection. Passkeys are safeguarded by Windows [...]

Zabbix SQL Injection Vulnerability Leads to Remote Code Execution

Zabbix, a widely used network monitoring tool in corporate IT infrastructure globally, is susceptible to SQL injection attacks. The vulnerability, identified as CVE-2024-22120, affects all versions from 6.0 onwards and [...]

Recent Linux Backdoor Targets Linux Users

Recently, cybersecurity researchers at Symantec uncovered a fresh Linux backdoor actively targeting users through installation packages. All about Linux Backdoor Symantec revealed a new Linux backdoor dubbed Linux.Gomir, attributed to [...]

Apple Safari Zero-Day Flaw Exploited at Pwn2Own: Urgent Patch Required

Apple has rolled out security updates to tackle a zero-day vulnerability in its Safari web browser, exploited during this year's Pwn2Own Vancouver hacking contest. Known as CVE-2024-27834, this issue has [...]

Wireshark 4.2.5 Release: What’s New!

Wireshark, the leading network protocol analyzer, has just released version 4.2.5, introducing numerous new features and enhancements. This update aims to elevate user experience and offer more robust tools for [...]

Millions of IoT Devices Vulnerable to Attacks, Posing Risk of Full Takeover

Researchers have uncovered four significant vulnerabilities in the ThroughTek Kalay Platform, utilized by 100 million IoT-enabled devices. ThroughTek Kalay's widespread influence underscores the need to safeguard homes, businesses, and integrators. [...]

New Google Chrome Zero-day Being Exploited in the Wild—Patch Immediately!

Google has released a critical security update for its Chrome browser upon uncovering a zero-day vulnerability actively exploited by attackers. Tracked as CVE-2024-4761, the flaw impacts the V8 JavaScript engine, [...]

Hackers Utilize Word Files to Distribute DanaBot Malware

Recent email campaigns distribute DanaBot malware through two document types: those exploiting equation editor and those with external links. Attackers send emails disguised as job applications with a malicious Word [...]

iTunes for Windows Vulnerability Enables Malicious Code Execution

iTunes has an arbitrary code execution vulnerability, potentially enabling attackers to execute malicious code. Apple has issued a security advisory to address this. The company stated it won't discuss or [...]

Proof-of-Concept (PoC) Released for Critical PuTTY Private Key Recovery Vulnerability

Security researchers have published a Proof-of-Concept (PoC) exploit for a critical vulnerability in the widely used PuTTY SSH and Telnet client. The flaw, CVE-2024-31497, permits attackers to recover private keys [...]

Microsoft Edge Zero-Day Exploit Detected in Live Attacks

A zero-day vulnerability in Microsoft Edge, identified as CVE-2024-4671, has been actively exploited by malicious organizations, as reported. This security flaw originates from the Chromium engine, which powers the browser. [...]

Critical Cacti Vulnerability Enables Remote Code Execution by Attackers

Cacti, a widely used network monitoring tool, has released a critical security update addressing various vulnerabilities, notably CVE-2024-25641, rated with a high severity score of 9.1 on the CVSS scale, [...]

New F5 Next-Gen Manager Vulnerability Enables Attackers to Obtain Full Admin Control

Two critical vulnerabilities in F5 Next-Gen Big IP have been uncovered, enabling threat actors to attain full administrative control of the device and establish accounts on any F5 assets. These [...]

Dell Breached: Attackers Acquire Personal Information of 49 Million Customers

Dell Technologies recently disclosed a data breach involving a company portal containing limited customer information related to purchases, exposing names, physical addresses, and detailed order information such as service tags, [...]

CrushFTP vulnerability exploited in the wild to execute remote code

A critical vulnerability, CVE-2024-4040, has been actively exploited in the wild in CrushFTP. This flaw permits attackers to execute unauthenticated remote code on vulnerable servers. Versions of CrushFTP prior to [...]

Cyber attackers use weaponized shortcut files to distribute CHM malware

Hackers exploit weaponized shortcut files because they can execute malicious code without targeting specific users. Given their widespread usage and familiarity, shortcut files offer an effective platform for deploying malware. [...]

MorLock Ransomware Targets Organizations, Stealing Business Data

The MorLock ransomware group has escalated its assaults on Russian businesses, resulting in disruptions and financial setbacks. Identified at the start of 2024, this group has already infiltrated nine medium [...]

XSS Vulnerability in Yoast SEO Plugin Endangers Over 5 Million WordPress Websites

Security researcher Bassem Essam uncovered a critical cross-site scripting (XSS) vulnerability in the widely-used Yoast SEO WordPress plugin, potentially jeopardizing over 5 million websites. XSS Vulnerability in Yoast SEO Plugin [...]

Trend Micro Antivirus One Allowed Malicious Code Injection by Attackers

A major update for Trend Micro's Antivirus One software has been launched. This update tackles a critical vulnerability that could have allowed attackers to inject malicious code. The vulnerability, named [...]

MITRE Exposes Chinese Hackers’ Employment of ROOTROT Webshell in Network Breach

The MITRE Corporation, a non-profit organization managing research and development centers for the U.S. government, has revealed a recent infiltration by sophisticated nation-state hackers into one of its internal research [...]

By | May 7th, 2024|BOTNET, Compromised, malicious cyber actors, Tips, vulnerability|0 Comments

A novel Cuckoo malware strain is targeting macOS users

Researchers have unveiled a new malware strain named "Cuckoo," combining features of spyware and infostealers, designed to target both Intel and ARM-based Macs, employing advanced methods to extract sensitive data. [...]

ShadowSyndicate hackers exploit Aiohttp vulnerability for sensitive data theft

A directory traversal vulnerability (CVE-2024-23334) in aiohttp versions before 3.9.2 permits remote attackers to access sensitive files on the server by bypassing file reading validation within the root directory when [...]

ArubaOS Critical Vulnerability Allows Remote Code Execution by Attackers

Multiple vulnerabilities in ArubaOS affect HPE Aruba Networking devices, including Mobility Conductor, Mobility Controllers WLAN Gateways, and SD-WAN Gateways managed by Aruba Central. These vulnerabilities involve Unauthenticated Buffer Overflow (CVE-2024-26305, [...]

‘Cuttlefish’ Zero-Click Malware Pilfers Private Cloud Data

Cuttlefish is a recently discovered malware platform that has been active since at least July 2023. It specifically targets networking equipment such as enterprise-grade small office/home office routers. The latest [...]

Gemini 1.5 Pro: Your Exclusive New AI Malware Analyst

Gemini 1.5 Pro represents the latest iteration of the Gemini AI malware analysis platform, poised to revolutionize the cybersecurity landscape. Boasting innovative features, it empowers security teams to detect, investigate, [...]

New Android Malware Mimics Social Media Apps to Steal Sensitive Data

A new RAT malware targeting Android devices has been discovered, capable of executing additional commands compared to other RAT malware. It can also conduct phishing attacks by masquerading as legitimate [...]

Darkgate Malware Utilizes Autohotkey to Track Teams

Researchers have discovered a new infection chain linked to the DarkGate malware. This Remote Access Trojan (RAT), created with Borland Delphi, has been advertised as a Malware-as-a-Service (MaaS) product on [...]

LightSpy Malware Targets MacOS Devices

BlackBerry initially reported a new iOS LightSpy malware, but Huntress researchers discovered it as a macOS variant targeting Intel or Apple Silicon with Rosetta 2-enabled devices. This led to media [...]

New Android Trojan executes malicious commands on your phone

XLab researchers uncover "Wpeeper," a new Android malware infiltrating systems to execute various malicious commands, posing a serious threat to users. All about the new android trojan Wpeeper's distribution is [...]

Grafana Tool Vulnerability Enables SQL Injection by Attackers

A severe SQL injection vulnerability has been discovered in Grafana, a popular open-source platform extensively used for monitoring and observability. This flaw enables attackers with valid user credentials to execute [...]

PlugX USB Worm Infects Over 2.5 Million Devices

A new threat has surfaced, impacting millions of devices globally. The PlugX USB worm, a sophisticated malware, has infected over 2.5 million devices, posing a significant cybersecurity threat worldwide. The [...]

SSLoad Malware Combined with Tools Hijacks Entire Network Domain

The FROZEN#SHADOW attack campaign employs SSLoad malware alongside Cobalt Strike Implants to seize control of the entire network. Additionally, threat actors utilize Remote Monitoring and Management (RMM) software like ScreenConnect [...]

Cactus Ransomware Exploits Vulnerability in Qlik Servers

Since November 2023, the Cactus ransomware gang has been exploiting vulnerable Qlik Sense servers, leveraging multiple vulnerabilities including CVE-2023-41266 (Path Traversal), CVE-2023-41265 (HTTP Request Tunneling), and CVE-2023-48365 (Unauthenticated Remote Code [...]

Hackers exploit Autodesk Drive to host weaponized PDF files

Autodesk Drive serves as a cloud-based data-sharing platform for organizations, facilitating document and file sharing. It accommodates various file formats, including 2D and 3D data files such as PDFs, accessible [...]

GuptiMiner Exploits eScan to Distribute Miners and Backdoors

Avast researchers recently uncovered GuptiMiner, an aged malware. It leverages the eScan antivirus update system to surreptitiously implant backdoors and cryptocurrency mining software into users’ computers and extensive corporate networks. [...]

By | April 25th, 2024|BOTNET, Compromised, Exploitation, IOC's, malicious cyber actors|0 Comments

CrushFTP Zero-Day Enables Attackers to Gain Complete Server Access

CrushFTP disclosed a zero-day vulnerability (CVE-2024-4040) affecting versions below 10.7.1 and 11.1.0, allowing remote attackers with low privileges to bypass the VFS sandbox and read arbitrary files on the underlying [...]

Critical Oracle VirtualBox vulnerability now has a PoC exploit released

Oracle VirtualBox had a critical vulnerability (CVE-2024-21111) allowing Privilege Escalation and Arbitrary File Move/Delete, rated 7.8 (High). Oracle promptly patched it and issued a security advisory. Oracle released a security [...]

Watch Out for Weaponized Zip Files Distributing WINELOADER Malware

Russian threat group APT29 targeted German political parties with a new backdoor, WINELOADER, via spear-phishing emails containing malicious links to ZIP files on compromised websites. These ZIP files deployed an [...]

PyPI Package Malware Targets Discord Users for Credential Theft

Hackers frequently exploit PyPI packages to inject malicious code into widely-used Python libraries, seeking vulnerabilities. Recently, FortiGuard Labs cybersecurity researchers uncovered a malicious PyPI package, "discordpy_bypass-1.7," targeting Discord users for [...]

Cerber Linux Ransomware Targets Atlassian Servers

Cybercriminals frequently deploy Linux ransomware in server environments, targeting organizations with critical data for potentially higher payouts. Cado Security Labs' cybersecurity analysts recently examined the Linux version of Cerber ransomware, [...]

Active Directory Security: 5 Critical Vulnerabilities to Monitor

Microsoft’s Active Directory (AD) acts as the backbone of your organization's network, regulating access to network and database sections to authorized users. A well-structured AD is crucial for safeguarding the [...]

Tor Browser 13.0: What’s New

Tor Browser 13.0.14 is now available, featuring crucial security enhancements for the widely-used privacy-centric web browser. Tor Browser is a web browser that focuses on privacy and anonymity by routing [...]

Surge in Zero-click Vulnerabilities: The Rise of ‘Mobile NotPetya’

The cybersecurity community warns of the rising threat of a "mobile NotPetya" event, a self-propagating mobile malware outbreak with potentially devastating consequences. This concern is fueled by the significant increase [...]

Hackers Customize LockBit 3.0 Ransomware for Global Organization Attacks

Hackers exploit LockBit 3.0 ransomware for its advanced encryption, successfully locking victims' files for ransom. Its stealthiness aids in unauthorized system access, enhancing deployment chances. Kaspersky Labs' cybersecurity researchers uncovered [...]

Recent SharePoint Method Enables Hackers to Evade Security Measures

Two recently discovered SharePoint techniques empower malicious actors to circumvent conventional security measures and extract sensitive data covertly, evading detection mechanisms. These techniques involve disguising illicit file downloads as innocuous [...]

LightSpy: Malware Threatening Android and iOS Users

A recently discovered malware dubbed LightSpy has been found to target both Android and iOS users. LightSpy, a modular malware implant, is engineered to penetrate mobile devices, posing a substantial [...]

Critical PAN-OS Command Injection Vulnerability Exploited

Palo Alto Networks alerts customers to a critical command injection vulnerability in PAN-OS GlobalProtect feature, scoring the maximum 10/10 on CVSS. Fixes are underway, the company reports. PAN-OS COMMAND INJECTION [...]

Hackers deploy malware-driven scans to uncover vulnerabilities

Hackers are employing malware-infected devices for scanning target networks rather than conducting direct scans. This strategy allows them to obscure their identity, circumvent geographical restrictions (geofencing), and expand their botnets. [...]

Critical vulnerabilities in LG TVs enable command execution

LG has addressed four critical vulnerabilities found in numerous TV models, dating back to 2023, which could grant control to malicious actors. Although attackers need to be on the same [...]

Microsoft’s latest Patch Tuesday addresses 149 security vulnerabilities

On April Patch Tuesday, Microsoft addressed 149 bugs, one of its largest security updates, spanning various products including Microsoft Office and SQL Server, with most vulnerabilities found in Windows and [...]

XZ Utils Backdoor Uncovered, Poses Threat to Linux Servers

Andres Freund discovered a backdoor in the liblzma library, part of the XZ data compression tool. The maintainer noticed a half-second delay in the updated version, leading to the flaw's [...]

Attackers Utilize Obfuscation Tools for Multi-Stage Malware Delivery via Invoice Phishing

Cybersecurity researchers uncover a complex multi-stage attack employing invoice-themed phishing decoys to distribute various malware, including Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a crypto wallet stealer. All about [...]

Two Zero-Day Android Flaws Exploited in Google Pixel

Google has revealed the detection of two Android zero-day security vulnerabilities in its Pixel smartphones, with patches already available as per the recent Pixel Update Bulletin. Even more concerning, the [...]

New E-Shopping Attack: Hijacking Users’ Banking Credentials

Since 2021, a fake e-shop scam campaign has targeted Southeast Asia, with increased activity observed by CRIL in September 2022, expanding from Malaysia to Vietnam and Myanmar. Attackers distribute a [...]

Critical OS Command Injection Vulnerability Discovered in Progress Flowmon

Progress Flowmon is a network monitoring and security solution developed by Progress, a software company. It is designed to provide visibility into network traffic, detect anomalies, and enhance network security [...]

Hackers are exploiting YouTube channels to steal your data

Cybercriminals are exploiting YouTube, a platform adored by millions, to orchestrate advanced malware attacks. These perpetrators, capitalizing on the allure of free software and video game enhancements, prey on unsuspecting [...]

StrelaStealer targets users to steal logins from Outlook and Thunderbird

A sophisticated variant of StrelaStealer malware, tailored for Spanish-speaking users, is targeting popular email clients Outlook and Thunderbird to pilfer email account credentials. StrelaStealer First detected in early November 2022, [...]

Microsoft introduces 5 new AI tools to be integrated with Azure AI.

Microsoft has rolled out new tools in Azure AI Studio to aid generative AI app developers in addressing quality and safety concerns linked with AI. These tools are either currently [...]

Patch immediately: Bitdefender Security Privilege Escalation Vulnerability

Bitdefender has patched a vulnerability across its popular products like Internet Security, Antivirus Plus, Total Security, and Antivirus Free, addressing potential privilege escalation issues. This vulnerability could grant attackers system [...]

Microsoft SharePoint vulnerability detected. Update now!

In late March 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert concerning the exploitation of a flaw in Microsoft SharePoint. Although detected in September 2023, active [...]

iPhone users, beware! Darcula phishing service targeting iMessage

Recently, cybersecurity analysts at Netcraft uncovered threat actors actively exploiting the Dracula phishing service to target USPS and global postal services via iMessage. IPhone Darcula Phishing Attack "Dracula" is an [...]

Wireshark 4.2.4 is now available: What’s New!

Wireshark continues to reign supreme, providing unmatched tools for troubleshooting, analysis, development, and education. The latest release, Wireshark 4.2.4, brings a plethora of fixes and updates, solidifying its status as [...]

Apple Silicon Unveils GoFetch Vulnerability

Researchers have revealed a vulnerability in Apple Silicon processors called GoFetch, enabling attackers to extract secret keys from Mac computers during extensive cryptographic operations. Importantly, patching the flaw is virtually [...]

Apple ID Push Bombing Attack: Targeting Apple Users to Steal Passwords

Apple users are being targeted by a sophisticated phishing campaign aimed at seizing control of their Apple IDs through a method known as "push bombing" or "MFA fatigue" attack. This [...]

Hackers deploy weaponized PDF files to distribute Mispadu banking malware

Originally focused on Latin America, the banking trojan Mispadu has broadened its scope to Europe, employing phishing emails and malicious URLs to pilfer credentials. The attackers leverage these stolen credentials [...]

Watch out for free Android VPN apps that transform your device into proxies

Security specialists have unearthed a group of Android VPN apps that surreptitiously convert user devices into proxy nodes, possibly engaging in nefarious activities unbeknownst to users. This revelation has sparked [...]

Threat actors employ Tycoon 2FA kits to pilfer your data through deceptive login pages

Cybercriminals leverage 2FA (Two-Factor Authentication) phishing kits to bypass the added security layer provided by 2FA. These kits typically replicate genuine login interfaces and prompt users to input their credentials [...]

Attention Linux admins: Fake PuTTY client installing Rhadamanthys stealer detected!

A malvertising campaign distributing a fake PuTTY client has been discovered, aiming to deploy the dangerous Rhadamanthys stealer malware. Fake PuTTY client installing Rhadamanthys stealer This campaign cleverly exploits the [...]

Patch Now: Exploits Targeting 2 Firefox Zero-Days Unveiled at Pwn2Own

Mozilla has swiftly responded to two zero-day vulnerabilities exploited during the recent Pwn2Own Vancouver 2024 hacking contest in the Firefox web browser. During this week's Pwn2Own Vancouver 2024 hacking competition, [...]

New Sysrv Botnet Abuses Google Subdomain to Spread XMRig Miner

First identified in 2020, the Sysrv botnet leverages a Golang worm to infect devices, deploying cryptominers through network vulnerability exploits. New Sysrv Botnet Abuses Google Subdomain Continuously updated by its [...]

Over 170,000 GitHub accounts of Python developers hacked in supply chain attack.

Over 170,000 users have been affected by a sophisticated attack targeting the Python software supply chain. The Checkmarx Research team has discovered a multi-layered campaign exploiting fake Python infrastructure to [...]

DHCP Exploited for Privilege Escalation in Windows Domains

Security researchers have discovered a sophisticated method, named "DHCP Coerce," that exploits the Dynamic Host Configuration Protocol (DHCP) administrators group to escalate privileges within Windows domains. The vulnerability revolves around [...]

New Acoustic Keyboard Side Channel Attack Allows Theft of Sensitive Data

With the rise in digital device usage, personal data security has become increasingly important. Side-channel attacks exploit system side effects to gather information, with electronic emissions being a known vulnerability. [...]

Microsoft announces a significant domain change for Teams

In April 2023, Microsoft announced a multi-year initiative to unify authenticated, user-facing Microsoft 365 apps and services under a single domain: cloud.microsoft. As we prepare to migrate Teams, Outlook, and [...]

Androxgh0st exploits SMTP services to steal critical data

AndroxGh0st targets Laravel applications, scanning and extracting login credentials for AWS and Twilio from .env files. AndroxGh0st, previously identified as an SMTP cracker, utilizes multiple strategies including credential exploitation, web [...]

Operation PhantomBlu: Attackers Exploit Weaponized MS Office Doc to Breach Windows

Researchers at Perception Point have discovered a new malware campaign dubbed PhantomBlu, which targets US organizations. The campaign utilizes innovative methods to deploy the NetSupport RAT (Remote Access Trojan) by [...]

Critical RCE Vulnerability in Fortra FileCatalyst

A PoC has been published for a critical RCE vulnerability found in Fortra's FileCatalyst software. RCE Vulnerability in Fortra FileCatalyst Tracked as CVE-2024-25153, this vulnerability poses a severe threat to [...]

Discontinued WordPress Plugin Vulnerability Puts Websites at Risk of Cyber Attacks

A critical vulnerability was found in miniOrange's Malware Scanner and Web Application Firewall plugins, allowing unauthenticated attackers to gain admin access to WordPress sites. This highlights ongoing challenges for website [...]

Google Chrome will soon introduce real-time phishing protection features

Google has announced an upgrade to its Safe Browsing technology, enhancing Chrome users' protection against phishing, malware, and other malicious sites in real-time. This enhancement promises to revolutionize users' web [...]

A critical flaw in Zoom Clients allows attackers to escalate privileges

A vulnerability categorized as improper input validation was discovered in Zoom Clients for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. This flaw could potentially enable [...]

Hackers weaponize LNK files to deploy AutoIt malware

Hackers are using weaponized LNK files to deploy AutoIt malware, causing concern in the cybersecurity community. The LNK Malware Infection The infection chain starts with what appears to be a [...]

Hackers deploy TMChecker RAT to target popular VPN and mail servers

A new tool discovered on the Dark Web indicates a change in cybercriminal tactics for illicitly accessing corporate networks. TMChecker, recently uncovered by ReSecurity, is engineered to target remote-access services [...]

PixPirate, an Android banking malware

PixPirate, an Android banking malware, is pioneering stealth techniques to evade detection. IBM Trusteer researchers have unveiled its sophisticated methods, posing significant threats to financial institutions, especially in Brazil. What [...]

Adobe Reader Infostealer Spreads Through Email in Brazil

A recent email spam campaign is distributing infostealer malware disguised as an Adobe Reader Installer. The spam emails contain forged PDF documents prompting recipients to install Adobe Reader, which in [...]

The SSRF flaw in ChatGPT-Next-Web allowed attackers to gain unauthorized access.

In addition to ChatGPT and Gemini AI, two of the most popular publicly available Artificial Intelligence systems, there are numerous other standalone chatbot applications users can deploy and customize for [...]

BianLian Exploits TeamCity Vulnerability to Install Backdoors

The cybercriminal group BianLian, recognized for their ransomware assaults, has garnered attention from the information security community. Exploiting vulnerabilities within the JetBrains TeamCity platform, they executed multistage cyberattacks. Their modus [...]

Vulnerability in Over 150,000 Fortinet Devices Enables Remote Execution of Arbitrary Code by Hackers

A critical security flaw, identified as CVE-2024-21762, has been uncovered in Fortinet's FortiOS and FortiProxy secure web gateway systems, potentially affecting approximately 150,000 devices worldwide. The vulnerability permits unauthenticated remote [...]

Analysis and Description of Win32/Softcnapp Detection

PUA:Win32/Softcnapp is a generic detection name used by Microsoft Defender to identify unwanted programs. It can occasionally trigger false positive detections on legitimate applications, such as the desktop Viber client, [...]

By | March 11th, 2024|Internet Security, Microsoft, Security Advisory, Security Update, Tips|0 Comments

CHAVECLOAK Malware Exploits Windows Through Weaponized PDF File

CHAVECLOAK is a type of malware, specifically a banking trojan, known for targeting users, particularly in Brazil, with the intent of stealing sensitive financial information. CHAVECLOAK Malware Exploits Windows The [...]

Gitlab Authorization Bypass Vulnerability Enables Theft of Protected Variables

GitLab has released updated versions for its Community Edition (CE) and Enterprise Edition (EE) platforms, addressing critical vulnerabilities that enable attackers to bypass authorization mechanisms and access protected variables. Gitlab [...]

Web Server Compromised by Hackers for z0Miner Malware Deployment

The malicious actor, known as "z0miner," has been discovered targeting Korean WebLogic servers to disseminate various forms of malware, including miners, network utilities, and scripts for launching additional attacks. This [...]

Cybercriminals Exploiting iOS 0-day Vulnerability to Target iPhones – Update Immediately!

Two zero-day vulnerabilities have been uncovered in iOS and iPadOS 17.4 versions, enabling threat actors to circumvent memory protections and execute arbitrary kernel read and write operations on affected devices. [...]

WogRAT Malware Leverages Notepad Service to Target Windows & Linux Systems

Malware leverages the Notepad service to target systems like Windows and Linux, exploiting the ubiquity of Notepad across various operating systems. Malicious actors can exploit this tool via malware to [...]

TeamCity On-Premises Vulnerabilities Pose Risks to Supply Chains

Two fresh security vulnerabilities have surfaced in JetBrains TeamCity On-Premises, a prevalent CI/CD solution. Designated as CVE-2024-27198 and CVE-2024-27199, these vulnerabilities were first reported to JetBrains in February 2024 and [...]

Cybercriminals Employing Innovative DNS Hijacking Technique for Investment Scams

A recently identified DNS threat actor known as Savvy Seahorse is employing advanced tactics to lure victims into fraudulent investment platforms and pilfer their funds. According to a report released [...]

SMS Bombing: The Risks and Dangers of Text Message Attacks

In the realm of cybersecurity, SMS Bomber attacks are emerging as a modern threat with significant and concerning consequences. Many of us have experienced receiving SMS or calls from unknown [...]

Beware: Business Email Compromise (BEC) Attacks Threaten Organizations

The pandemic has spurred significant shifts in business models. With the rise of digital transformation, increased efficiency, and profitability, the threat landscape for organizations has evolved. Presently, with over 60% [...]

New Bifrost malware for Linux mimics VMware domain for evasion

A new Linux variant of Bifrost, called Bifrose, was detected employing a clever evasion tactic by utilizing a deceptive domain resembling the official VMware domain to avoid detection. What is [...]

Emerging Phishing Kit Exploits SMS and Voice Calls to Target Cryptocurrency Users

A newly discovered phishing kit has been observed impersonating the login pages of prominent cryptocurrency services as part of an attack cluster aimed primarily at mobile devices. Emerging Phishing Kit [...]

Hackers Exploit SVG Image Files for GUloader Malware Distribution

Cybercriminals are leveraging the flexibility of SVG (Scalable Vector Graphics) files for the dissemination of the GUloader malware. Hackers Exploit SVG Image Files for GUloader Malware GuLoader is notorious for [...]

Cybercriminals Exploit Weaponized ZIP Files to Acquire NTLM Hashes

Cyber adversaries utilize ZIP files as a means to weaponize them, leveraging the ease of concealing malicious payloads within compressed archives. This tactic poses a challenge for security systems, as [...]

Malicious npm Packages: North Korean Hackers Targeting Developers

Recent discoveries by Phylum indicate that a series of counterfeit npm packages identified on the Node.js repository are associated with state-sponsored actors from North Korea. Malicious npm Packages The packages [...]

SSH-Snake Malware: Stealing SSH Keys to Expand Network Spread

Threat actors exploit SSH credentials to gain unauthorized access to systems and networks, executing malicious activities by leveraging weak or compromised credentials. The misuse of SSH credentials offers a covert [...]

LiteSpeed Plugin Vulnerability Exposes 5 Million WordPress Sites to Risk

Researchers at Patchstack have issued a warning regarding an unauthenticated site-wide stored XSS vulnerability, identified as CVE-2023-40000, affecting the LiteSpeed Cache plugin for WordPress. LiteSpeed Plugin Vulnerability The LiteSpeed Cache [...]

Xeno RAT Exploits Windows DLL Search to Evade Detection

A newly identified, sophisticated malware coded in C# has emerged. Dubbed Xeno RAT, this malware boasts advanced features such as evasion tactics, payload generation, and an additional layer of threat [...]

Compromised PyPI Package Deploys NovaSentinel Stealer on Windows

Researchers uncovered an advanced cyberattack involving a dormant Python Package Index (PyPI) package called Django-log-tracker, which was unexpectedly updated to distribute the NovaSentinel stealer malware. This finding underscores a substantial [...]

LockBit Returns, Unveiling Fresh Claims and Victims

The narrative surrounding the takedown of the LockBit ransomware on February 19 is still evolving. Following nearly a week of silence and downtime, the notorious gang has resurfaced on a [...]

Microsoft Initiates Wi-Fi 7 Testing in Windows 11

Microsoft has commenced testing Wi-Fi 7 compatibility within the Windows 11 Insider Preview Build 26063. Initially available only in the Canary Channel, a potential expansion to Dev Channel users could [...]

Analysts Expose Apple’s Latest Zero-Click Shortcuts Vulnerability

Information has surfaced regarding a recently patched high-severity security vulnerability in Apple's Shortcuts app, allowing a shortcut to access sensitive device information without user consent. Apple's Latest Zero-Click Shortcuts Apple [...]

Multiple Cross-Site Scripting (XSS) Flaws in Joomla Could Result in Remote Code Execution

Five vulnerabilities have been discovered within the Joomla content management system that could be exploited to execute arbitrary code on vulnerable websites. Multiple Cross-Site Scripting (XSS) Flaws in Joomla The [...]

MrB Ransomware (.mrB Files) – Analysis & File Recovery

MrB ransomware, a variant of Dharma ransomware, was identified on February 21, 2024. It encrypts files with the extension ".mrB" and targets small businesses, demanding ransom solely for file decryption [...]

New Wi-Fi Authentication Bypass Vulnerabilities Pose Threat to Home and Enterprise Networks

Two recently discovered Wi-Fi authentication bypass vulnerabilities in open-source software could potentially expose numerous enterprise and home networks to attacks. New Wi-Fi Authentication Bypass Vulnerabilities Mathy Vanhoef, a professor at [...]

Critical Vulnerabilities in ConnectWise ScreenConnect, PostgreSQL JDBC, and VMware EAP

ConnectWise has remedied a critical vulnerability rated CVSS 10 in its ScreenConnect product, a desktop and mobile support software that offers fast and secure remote access solutions. ConnectWise has addressed [...]

Migo Malware: Targeting Redis Servers for Cryptocurrency Mining

A recent malware campaign has been detected, focusing on gaining initial access through Redis servers, aiming to mine cryptocurrency on compromised Linux hosts. What is Migo Malware? Migo Malware is [...]

Mastodon Security Flaw Enables Account Takeover

Cybersecurity experts have uncovered a critical vulnerability in the decentralized social network Mastodon, potentially enabling unauthorized access and account takeover. Fortunately, a fix is already available for this flaw. MASTODON [...]

Meta Warns of 8 Spyware Companies Targeting iOS, Android, and Windows Devices

Meta Platforms announced it has taken measures to combat malicious activities originating from eight firms in Italy, Spain, and the United Arab Emirates (UAE) engaged in the surveillance-for-hire industry. Meta [...]

SYSDF Ransomware: Analysis, .SYSDF File Recovery, and Removal Guide

SYSDF is a ransomware program belonging to the Dharma malware family. Typically targeting small businesses, it encrypts files and demands ransom payments for decryption. The ransomware was first identified by [...]

Ov3r_Stealer: Targeting Cryptocurrency and Credentials via Facebook Job Ads

"A recent report by Trustwave SpiderLabs reveals the emergence of Ov3r_Stealer, a Windows malware propagated through deceptive Facebook job advertisements. This malware is engineered to pilfer sensitive data and cryptocurrency [...]

Malicious ‘SNS Sender’ Script Exploits AWS for Mass Smishing Campaigns

A malicious Python script named SNS Sender is being promoted as a tool for threat actors to distribute bulk smishing messages by exploiting Amazon Web Services (AWS) Simple Notification Service [...]

Shim Bootloader Vulnerability Detected in Linux Systems

Security researchers have uncovered a critical vulnerability in Shim, a commonly used Linux bootloader. This flaw has the potential to enable attackers to execute malicious code and take control of [...]

Zoom patched seven vulnerabilities across Windows, iOS, and Android, including one critical flaw (CVE-2024-24691)

Zoom, the well-known video conferencing platform, recently patched 7 security vulnerabilities in a recent update. These vulnerabilities range in severity from medium to critical, and they affect a variety of [...]

Beware of Malicious Fake ChatGPT Apps

The public release of ChatGPT caused a sensation back in 2022, and it's fair to say it's been a game-changer. However, scammers often target platforms with large user bases. Fake [...]

HijackLoader Malware Introduces Fresh Evasion Techniques

The HijackLoader malware has incorporated additional defense evasion tactics. Increasingly, other threat actors are leveraging this malware for delivering payloads and tooling. The developer employed a standard process hollowing technique [...]

New Fortinet VPN RCE Vulnerability Uncovered: Apply Patch Immediately

Fortinet has issued a warning regarding a critical vulnerability found in its FortiOS SSL VPN system, which could be actively exploited by attackers. This vulnerability within Fortinet's network security solutions [...]

GitLab Security Flaw (CVE-2024-0402) Raises Concerns of File Overwrite Risk

In a recent security update, GitLab has released a patch addressing a critical vulnerability that could permit unauthorized users to overwrite files. This poses a risk of data corruption or [...]

A critical vulnerability in Apple iOS and macOS has been discovered and exploited

The Cybersecurity and Infrastructure Security Agency has identified a security flaw in Apple operating systems, specifically iOS and macOS, and has included it in the agency’s Known Exploited Vulnerabilities catalog. [...]

Kasseika Ransomware Exploits Vulnerable Antivirus Drivers

A recently discovered ransomware, named "Kasseika," employs Bring Your Own Vulnerable Driver tactics to incapacitate antivirus software prior to encrypting files. It is suspected that Kasseika may have been developed [...]

Discovery of Authentication Bypass Vulnerability in GoAnywhere MFT

Fortra has revealed a critical vulnerability in its GoAnywhere MFT (Managed File Transfer) software—an authentication bypass that poses a significant security risk. Exploiting this vulnerability successfully could enable attackers to [...]

Apple resolves the first zero-day bug exploited in attacks this year

Apple has issued security updates to tackle the first zero-day vulnerability of the year, which has been exploited in attacks and could affect iPhones, Macs, and Apple TVs. The zero-day [...]

GitHub Developer SSH Keys Targeted Through Malicious npm Packages

Security researchers recently discovered two new malicious packages on the npm open source package manager. These packages utilized GitHub to store stolen Base64-encrypted SSH keys taken from developer systems. Identified [...]

Active Exploitation of 2 Citrix Remote Code Execution (RCE) Vulnerabilities, CISA Issues Notification

CISA has set a deadline of one to three weeks for addressing three vulnerabilities associated with Citrix NetScaler and Google Chrome. These zero-day vulnerabilities have been actively exploited in cyber [...]

New Godzilla Web Shell Attacks Exploit Apache ActiveMQ Flaw

Cybersecurity researchers caution about a significant rise in threat actor activity exploiting a recently patched flaw in Apache ActiveMQ. This exploitation aims to deliver the Godzilla web shell on compromised [...]

LockBit Ransomware Uses Resume Word Files to Spread

An ASEC investigation has uncovered the latest tactics employed by the notorious LockBit ransomware. Under the guise of "post-paid pentesters," the ransomware now adopts the strategy of appearing as harmless [...]

Latest Docker Malware: CPU Theft for Crypto and Fake Website Traffic Generation

A recently launched campaign aimed at vulnerable Docker services installs both an XMRig miner and the 9hits viewer app on compromised hosts, enabling a dual monetization approach. 9hits functions as [...]

Critical Vulnerability: 178,000 SonicWall Firewalls at Risk of DoS and RCE

Recent research reveals a substantial number of vulnerable SonicWall firewall instances susceptible to remote code execution (RCE) and DoS attacks. Regrettably, no official patches are currently available, compelling clients to [...]

Atlassian’s Confluence Data Center and Server Affected by Critical RCE Vulnerability

Atlassian recommends that its customers update their Confluence Data Center and Server to safeguard against the exploitation of a critical vulnerability that has the potential to lead to Remote Code [...]

AzorUlt Stealer Resurfaces, Employing Email Phishing Tactics

Cybersecurity experts have rediscovered the eight-year-old Azorult malware, known for stealing information and harvesting sensitive data. The malware had been inactive since late 2021, prompting the question of whether this [...]

New Google Chrome 0-day Vulnerability Exploited

In the latest release notes, Google discloses a newly discovered 0-day vulnerability already being exploited in the wild. Although the update addresses the issue, the fact that it is actively [...]

Can Patches Prevent Zero-Day Attacks?

In recent years, zero-day exploits and attacks have emerged as prominent threats. Leveraging unknown vulnerabilities within software, these attacks are nearly impossible to detect and prevent. Zero-day attacks can result [...]

Windows SmartScreen Bypass Exploited by Information Stealer

The malicious campaign leverages the CVE-2023-36025 vulnerability in Microsoft Windows Defender SmartScreen to propagate Phemedrone Stealer. Employing sophisticated evasion techniques, it evades conventional security measures to target sensitive user information. [...]

Researchers identify FBot hacking tool hijacking cloud and payment services.

SentinelOne's malware hunters flagged a recently uncovered Python-based hacking tool employed by cybercriminals to hijack cloud platforms and payment services. FBot hacking tool hijacking cloud and payment services The tool, [...]