Officers have made two arrests in connection with using a “text message blaster,” believed to have been used to send thousands of smishing messages posing as banks and other official organizations. These messages targeted unsuspecting members of the public. Unprecedented…
Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Free Android VPNs Suffering Encryption Failures, New Report
VPN apps for Android increase privacy and security over the internet since connection data is encrypted, consequently making it impossible for hackers or other parties to access communication data. They also help unblock region-restricted content through IP address hiding, support…
Poc Exploit Released For Veeam Authentication Bypass Vulnerability
A proof-of-concept (PoC) exploit has been released for a critical authentication bypass vulnerability in Veeam Backup Enterprise Manager. The vulnerability, identified as CVE-2024-29849, has a CVSS score of 9.8, indicating its high severity. This article delves into the details of…
ALPHV Ransomware Deployment Started With RDP Access And ScreenConnect Installations
Ransomware is used by hackers to abuse victims’ data, locking it until a ransom is paid. This method of cyber attack is profitable as it takes advantage of data’s proximity and vitality to individuals and companies, so they have no…
Duckduckgo Launches Anonymous AI Chatbots
DuckDuckGo has unveiled a new feature, AI Chat, which offers users an anonymous way to access popular AI chatbots. This innovative service includes models like OpenAI’s GPT 3.5 Turbo, Anthropic’s Claude 3 Haiku, and two open-source models, Meta Llama 3…
Beware of Fake KMSPico Activators that Deliver Vidar Stealer Malware
Researchers detected an attack involving a fake KMSPico activator tool, which delivered Vidar Stealer through several events. The attack leveraged Java dependencies and a malicious AutoIt script to disable Windows Defender and decrypt the Vidar payload via the shellcode. The…
GoldPickaxe iOS Malware Harvests Facial Recognition Data & Bank Accounts
Due to the growing popularity of Apple devices, cybercriminals are increasingly targeting iOS and macOS with malware. The App Store is no longer secure, and iCloud is a new target, as Apple’s allowance of third-party app stores in Europe is…
Sticky Werewolf Weaponizing LNK Files Group Attacking To Attack Organizations
Sticky Werewolf, a cyber threat group, has shifted its targeting strategy from sending phishing emails with download links to malicious files to using archive attachments containing LNK files, which act as shortcuts to malicious executables hosted on WebDAV servers. When…
Muhstik Malware Attacking Apache RocketMQ To Execute Remote Code
Apache RocketMQ platform is a widely used messaging system that handles high volumes of data and critical operations, often attracting hackers. Exploiting the vulnerabilities in RocketMQ allows attackers to disrupt communications, access sensitive information, and potentially gain control over the…
North Korean Kimsuky Attacking Arms Manufacturer In Europe
The North Korean state-sponsored group known as Kimsuky has launched a sophisticated cyber-espionage campaign targeting a prominent weapons manufacturer in Western Europe. This attack released on LinkedIn, discovered on May 16, 2024, underscores the growing threat state-sponsored cyber actors pose…
Hacktivist Groups Attacking Industrial Control Systems To Disrupt Services
Hacktivist groups are increasingly targeting critical infrastructure’s Operational Technology (OT) systems, motivated by geopolitical issues that, unlike traditional website defacements, can disrupt essential services and endanger public safety. The success of high-profile attacks on Industrial control systems (ICS) by groups…
SPECTR Malware Attacking Defense Forces of Ukraine With a batch script
The government computer emergency response team of Ukraine, CERT-UA, in direct cooperation with the Cyber Security Center of the Armed Forces of Ukraine (CCB), has detected and investigated the activity of the UAC-0020 (Vermin) group, aimed at the Defense Forces…
300+ Times Downloaded Package from PyPI Contains Wiper Components
ReversingLabs researchers recently uncovered a malicious open-source package named xFileSyncerx on the Python Package Index (PyPI). This package, which had been downloaded nearly 300 times, contained separate malicious “wiper” components. Initially, it raised concerns about being an open-source supply chain…
Tenable Acquires Eureka Security To Provide Data Security Across Infrastructure
Tenable® Holdings, Inc., a leading Exposure Management company, has announced a definitive agreement to acquire Eureka Security, Inc., a prominent provider of data security posture management (DSPM) for cloud environments. This strategic acquisition aims to bolster Tenable’s cloud security capabilities,…
Microsoft Details On Using KQL To Hunt For MFA Manipulations
It is difficult to secure cloud accounts from threat actors who exploit multi-factor authentication (MFA) settings. Threat actors usually alter compromised users’ MFA attributes by bypassing the requirements, disabling MFA for others, or enrolling rogue devices in the system. They…
Fog Ransomware Attacking Windows Servers Administrators To Steal RDP Logins
A new ransomware variant dubbed ‘Fog’ has been spotted targeting US businesses in the education and recreation sectors. Forensic data revealed that threat actors accessed victim environments using compromised VPN credentials. Notably, two different VPN gateway providers were used for…
UNC1151 Hackers Weaponizing Excel Documents To Attack Windows Machine
Mandiant identified a UNC1151 information campaign targeting Ukraine, Lithuania, Latvia, and Poland with disinformation, as CRIL linked a recent malicious XLS campaign to UNC1151. The attackers used spam emails with Excel documents containing VBA macros that dropped LNK and DLL…
Hackers Attacking Banking Customers Using Phishing-As-A-Service V3B Toolkit
A cybercriminal group is selling and distributing a sophisticated phishing kit called “V3B” through Phishing-as-a-Service (PhaaS) and self-hosting methods, which targets EU banking customers and is designed to steal login credentials and one-time codes (OTPs) through social engineering tactics. Launched…
Python Developers Beware! Russian Hackers Targeting You With Malicious Packages
A malicious Python package named “crytic-compilers” was identified on PyPI. Masquerading as a legitimate library for intelligent contract compilation, it mimicked the name and versioning scheme of the real “crytic-compile” tool. The imposter package infiltrated popular development environments by appearing…
Parrot Security OS 6.1 Released – What’s New
The Parrot Security team has officially announced the release of Parrot OS 6.1, the latest version of their popular Linux distribution tailored for security professionals, ethical hackers, and privacy enthusiasts. This new release brings a range of enhancements, updated tools,…
Apple Refused to Pay $1 Million Bounty to Kaspersky Lab for iOS Zero-days
Apple has refused to pay Kaspersky Lab a reward for discovering critical vulnerabilities in iOS that allowed attackers to install spyware on any iPhone. According to RTVI, the vulnerabilities were reported to Apple in 2023, and under the Apple Security…
Buffalo Man Pleads Guilty To Buying Stolen Data From Genesis Market
Buffalo, N.Y. — U.S. Attorney Trini E. Ross announced today that Wul Isaac Chol, 27, of Buffalo, NY, pleaded guilty before the U.S. District Judge John L. Sinatra, Jr. to possessing 15 or more unauthorized access devices intending to defraud.…
Kali Linux 2024.2 Released With New Hacking Tools
The Kali Linux team has announced the release of Kali Linux 2024.2, the latest version of their popular penetration testing and security auditing Linux distribution. Kali Linux is one of the most powerful Debian-based Linux distributions, developed and maintained by…
Chinese Hackers Attacking Government Organization In Southeast Asia
Sophos Managed Detection and Response (MDR) has uncovered a sophisticated, long-running cyberespionage campaign dubbed “Crimson Palace,” attributed to Chinese state-sponsored actors. The operation targeted a high-profile government organization in Southeast Asia, with activities spanning from early 2022 to April 2024.…
Beware Of Phishing Emails Prompting Execution Via Paste (CTRL+V)
Phishing attackers are distributing malicious HTML files as email attachments, containing code designed to exploit users by prompting them to directly paste and execute the code, which leverages social engineering, as users are tricked into running the malicious code themselves…
361 Million Unique Email Credentials Leaked On Telegram Channels
Last week, a security researcher sent me 122GB of data scraped out of thousands of Telegram channels. It contained 1.7k files with 2B lines and 361M unique email addresses, of which 151M had never been seen in Have I Been…
Threat Actors Weaponize Excel Files To Attack Windows Machines
Attackers are using malicious Excel files with VBA macros to deploy DLLs and ultimately install Cobalt Strike on compromised Windows machines, which use obfuscation and target specific processes to avoid detection by antivirus software. The attacks appear to target Ukrainian…
Microsoft Details AI Jailbreaks And How They Can Be Mitigated
Generative AI systems comprise several components and models geared to enhancing human interactions with the system. However, while being as realistic and useful as possible, these models are protected by defense layers against generating misuse or inappropriate content against the…
How Hackers Using Packers To Hide Malware & Bypass Defenses
Hackers use packers maliciously to make their code difficult to recognize, as most antivirus programs are coded to be able to recognize these packers. The packers initialize and encrypt the original malware payload into a new form, which is hard…
Darkcrystal RAT Malware Attacking Government Officials Via Signal Messenger
Cybersecurity experts have discovered that the widely used messaging application Signal is being exploited to deliver DarkCrystal RAT malware to high-profile targets, including government officials, military personnel, and representatives of defense enterprises in Ukraine. The Infection Process According to a…
Command Senior Chief Convicted For Setting Up Wi-Fi On US Navy Combat Ship
The former command senior chief of the littoral combat ship Manchester’s gold crew, Senior Chief Grisel Marrero, has been convicted at a court-martial for installing an unauthorized Wi-Fi system aboard the ship and subsequently lying about it to her superiors.…
Developers Beware Of Malicious npm Package Delivers Sophisticated RAT
Hackers have multiple reasons for abusing malicious npm packages, as they can first use popular open-source libraries as a medium for distributing malware or backdoors without the users’ knowledge. Secondly, allow threat actors to penetrate into developers’ and agencies’ networks…
Developers Beware Of Malicious npm Package That Delivers Sophisticated RAT
Hackers have multiple reasons for abusing malicious npm packages, as they can first use popular open-source libraries as a medium for distributing malware or backdoors without the users’ knowledge. Secondly, allow threat actors to penetrate into developers’ and agencies’ networks…
Ransomware Group Creation Touched Yearly All Time High
The ransomware landscape is rapidly diversifying in 2024, with a surge in new extortion groups as established attackers continue to target large companies. A record number of smaller groups are emerging—22 in just five months compared to 22 in a…
Russian Hackers In Attempt To Distrupt The 2024 Paris Olympic Games
Russia is intensifying disinformation campaigns against France, President Macron, the IOC, and the 2024 Paris Olympics, blending decades-old tactics with AI, as the Microsoft Threat Analysis Center (MTAC) identifies two primary goals: tarnishing the IOC’s reputation and fostering expectations of…
Zyxel NAS Devices Vulnerability Let Attackers Execute Code Remotely
Zyxel has released patches addressing critical command injection and remote code execution vulnerabilities in two of its NAS products, NAS326 and NAS542, which have reached end-of-vulnerability support. Users are strongly advised to install these patches to ensure optimal protection. What…
Underground Ransomware Continues to Attack Industries Of Various Sizes
Over the past year, the ransomware actor known as “Underground” has been less active than other groups, yet they remain a threat in the cybersecurity landscape. Despite their reduced activity, Underground continues to target industries of various sizes, causing substantial…
CarnavalHeist Weaponizing Word Documents To Steal Login Credentials
Hackers take advantage of Word documents as weapons due to their widespread use and trust. This is facilitated by the ease with which users can be deceived into opening them. These documents may have macros or exploits that are dangerous…
8220 Gang Exploiting Oracle WebLogic Server Flaw To Deploy Cryptominer
The Oracle WebLogic Server vulnerabilities enable hackers to access unauthorized systems that are used for business data and applications. This can enable threat actors to bring in external programs and complete system control, consequently assuming admin privileges. The end result…
Hugging Face Hack: Spaces Secrets Exposed
Hugging Face, a leading AI and machine learning platform, has reported unauthorized access to its Spaces platform, explicitly targeting Spaces secrets. This breach has raised concerns about the security of sensitive information and the potential impact on users. Unauthorized Access…
Critical wpDataTables Vulnerability Let Attackers Perform SQL Injection
A critical security vulnerability has been discovered in the wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin, a popular plugin used by WordPress websites to create dynamic tables and charts. The vulnerability, CVE-2024-3820, allows attackers to perform…
Threat Actors Claiming Breach Of Heineken Employees Data
Threat actors have claimed responsibility for a data breach involving Heineken employees. The news broke through a post on the social media platform tweeted by the account DarkWebInformer, which specializes in monitoring and reporting on dark web activities. Details of…
ELLIO and ntop partnership to boost high-speed network traffic monitoring with real-time data on opportunistic scans, botnets, and mass attacks
ELLIO, a provider of real-time, highly accurate intelligence for filtering of unwanted network traffic and cybernoise, and ntop, a provider of open-source and commercial high-speed traffic monitoring applications, have announced a partnership to enhance visibility into malicious traffic originating from…
DDoS-as-a-Service Botnet Backed by Mirai Attacking Gaming Community
DDoS-as-a-Service botnets are used by hackers to facilitate the most easily and cheaply launch of devastating distributed denial-of-service (DDoS) attacks. Purposely, these botnets are made up of hacked devices that can be rented or leased to cause service disruptions or…
Hackers Weaponizing MS Office-Cracked Versions to Deliver Malware
Attackers in South Korea are distributing malware disguised as cracked software, including RATs and crypto miners, and registering themselves with the Task Scheduler to ensure persistence. Even after removing the initial malware, the Task Scheduler triggers PowerShell commands to download…
FlyingYeti Exploits WinRAR Vulnerability For Targeted Malware Attacks
Ever since Russia’s invasion of Ukraine on February 24, 2022, there have been heavy tensions between the nations and worldwide. After this incident, Ukraine imposed an eviction and termination moratorium on utility services for unpaid debt, ending in January 2024.…
LilacSquid Hackers Attacking IT Industries To Harvest Confidential Data
Hackers target IT industries as they hold valuable data, possess critical infrastructure, and often have access to sensitive information from various sectors. Compromising IT companies can provide hackers with high-impact opportunities for espionage, financial gain, and disruption of essential services.…
Hackers Exploiting Stored XSS Vulnerabilities in WordPress Plugins
In recent cyberattacks, hackers are actively exploiting stored cross-site scripting (XSS) vulnerabilities in various WordPress plugins. According to Fastly reports, these vulnerabilities, identified as CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000, are targeted due to inadequate input sanitization and output escaping, allowing attackers…
VirusTotal Celebrates 20th Anniversary, What’s Next?
VirusTotal, a leading online service for analyzing files and URLs for viruses, worms, trojans, and other malicious content, is celebrating its 20th anniversary. Since its inception in 2004, VirusTotal has become an indispensable tool for cybersecurity professionals and enthusiasts worldwide.…
Beware of Fake Browser Updates That Deliver Bitrat & Lumma Stealer
eSentire’s Threat Response Unit (TRU) uncovered a sophisticated malware campaign involving fake browser updates. This campaign has been responsible for delivering two dangerous malware variants:BitRAT and Lumma Stealer. The attackers use fake update mechanisms to trick users into downloading malicious…
Progress Telerik Report Server Flaw Let Attackers Bypass Authentication
A new vulnerability related to authentication bypass was discovered in the Progress Telerik Report server. The CVE for this vulnerability has been assigned CVE-2024-4358, and its severity has been given as 9.8 (Critical). This vulnerability exists in Telerik Report Server…
CryptoChameleon Kit With Group of Tools Propagate Phishing Quickly into Infrastructure
CryptoChameleon, a phishing tool detected in February 2024, was developed by someone anonymous and is used by threat actors to collect personal data such as usernames and passwords of mobile phone users. A thorough investigation has exposed many CryptoChameleon fast-flux…
Spring Cloud Data Flow Let Attackers Compromise The Server
A critical vulnerability has been discovered in Spring Cloud Data Flow, a microservices-based platform for streaming and batch data processing in Cloud Foundry and Kubernetes. The flaw, identified in the Skipper server component, allows attackers to compromise the server by…
Okta Warns Credential Stuffing Attacks Targeting Customer Identity Cloud
Okta, a leading identity and access management company, has warned about credential stuffing attacks targeting its Customer Identity Cloud (CIC). The company has identified that threat actors are exploiting the cross-origin authentication feature within CIC. As part of its Okta…
Hackers Claiming Shell Data Breach On Popular Hacking Forum
In a shocking revelation, a threat actor has allegedly leaked sensitive data belonging to Shell, one of the world’s leading energy companies. According to a tweet from Data Web Informer, the May 2024 data was posted on a popular hacking…
Researchers Exploited Nexus Repository Using Directory Traversal Vulnerability
Hackers target and exploit GitHub repositories for a multitude of reasons and illicit purposes. The widespread use of GitHub and the diverse range of codebases hosted on the platform make it an attractive target for threat actors seeking valuable information…
DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn
Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting malware through harmful sites, and flooding DNS servers with fake requests such as DDoS. DNS is everywhere and is a basic part of internet communication, making…
CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily
Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS) attacks are actively exploited by hackers. Sometimes, DDoS attacks are used as a distraction from other criminal activities, for extortion, to gain a competitive advantage, or…
PoC Exploit Released For macOS Privilege Escalation Vulnerability
A new vulnerability has been discovered in macOS Sonoma that is associated with privilege escalation. This vulnerability has been assigned with CVE-2024-27842 and the severity is yet to be categorized. This vulnerability exists in the Universal Disk Format (UDF) filesystem…
GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials
GNOME desktop manager was equipped with a new feature which allowed remote users to create graphical sessions on the system by configuring the system daemon. This daemon runs as a dedicated “gnome-remote-desktop” and also provides a D-bus interface on the…
Kesakode: A Remote Hash Lookup Service To Identify Malware Samples
Today marks a significant milestone for Malcat users with the release of version 0.9.6, introducing Kesakode, a remote hash lookup service. This innovative tool is tightly integrated into Malcat’s UI and is designed to match known functions, strings, and constant…
Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks
A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software’s web-based management interface. This vulnerability could potentially allow authenticated, remote attackers to conduct SQL injection attacks on affected systems. This vulnerability, tracked as CVE-2024-20360, poses significant risks,…
Hackers Exploit WordPress Plugin to Steal Credit Card Data
Hackers have exploited an obscure WordPress plugin to inject malware into websites, specifically targeting WooCommerce online stores to steal credit card information. This alarming trend highlights the persistent threat cybercriminals pose and the need for robust security measures in the…
Google Patches Chrome Zero-Day: Type Confusion in V8 JavaScript
Google has released a patch for a zero-day exploit in its Chrome browser. The vulnerability, identified as CVE-2024-5274, involves a confusion issue in the V8 JavaScript engine, which could allow attackers to execute arbitrary code on affected systems. CVE-2024-5274 –…
Hackers Created Rogue VMs in Recent MITRE’s Cyber Attack
State-sponsored hackers recently exploited vulnerabilities in MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). They used rogue virtual machines (VMs) to evade detection and maintain persistence in a cyberattack. The attack, attributed to a China-linked group tracked as UNC5221, underscores…
Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program
In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing ZIP and RAR attachments to distribute SMOKELOADER malware. The most recent attacks involve emails that carry Microsoft Access files and ZIP archives that, when opened, install…
Chinese Hackers Stay Hidden On Military And Government Networks For Six Years
Hackers target military and government networks for varied reasons, primarily related to spying, which involves interference in the functioning of critical infrastructure. This is mainly because these networks hold sensitive data and command systems that if tampered with can be…
NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers
Zero Trust Maturity measures the extent to which an organization has adopted and implemented the Zero Trust security model. It calculates how fully a company has adopted Zero Trust’s foundational concepts, such as stringent authentication of each user, device, and…
Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities
The scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining attacks in the cloud. Unlike on-premises infrastructure, whereby it is difficult to scale up resources, cloud environments enable attackers to deploy resources for cryptomining rapidly, making…
Microsoft Warns Of Storm-0539’s Aggressive Gift Card Theft
Gift cards are attractive to hackers since they provide quick monetization for stolen data or compromised systems. Reselling gift cards is simple, and they can also be converted into money, which makes them a comparatively risk-free means of ensuring threat…
DNSBomb : A New DoS Attack That Exploits DNS Queries
A new practical and powerful Denial of service attack has been discovered that exploits DNS queries and responses. This new attack has been termed “DNSBomb,” which transforms different security mechanisms employed by DNS, including reliability enhancement, security protection, timeout, query…
Malicious PyPI & NPM Packages Attacking MacOS Users
Cybersecurity researchers have identified a series of malicious software packages targeting MacOS users. These packages, found on the Python Package Index (PyPI) and NPM, have been meticulously analyzed to uncover their malicious intent and sophisticated attack mechanisms. GuardDog: The Sentinel…
Beware Of HTML That Masquerade As PDF Viewer Login Pages
Phishing attacks have evolved into increasingly sophisticated schemes to trick users into revealing their personal information. One such method that has gained prominence involves phishing emails masquerading as PDF viewer login pages. These deceptive emails lure unsuspecting users into entering their email addresses and passwords, compromising their online security. Forcepoint X-Labs has recently observed many phishing emails targeting various government departments in the Asia-Pacific (APAC)…
Operation SpecTor: Authorities Seized Dark Markets Offering Illicit Goods
Law enforcement agencies have successfully dismantled several dark web marketplaces offering illicit goods. Dubbed “Operation SpecTor,” this coordinated crackdown marks a significant victory in the ongoing battle against cybercrime and illegal online activities. This news was shared on the Dark…
Apple’s Wi-Fi Positioning Can Be System Abused To Track Users
A new study by researchers at the University of Maryland has uncovered a privacy vulnerability in Apple’s Wi-Fi Positioning System (WPS) that allows attackers to track users’ locations and movements globally. The findings raise serious concerns about the potential for…
Spyware App Found Running on Multiple US Hotel Check-In Computers
A consumer-grade spyware app named pcTattletale has been discovered running on the check-in systems of at least three Wyndham hotels across the United States. This alarming discovery was made by TechCrunch, which reported that the app stealthily captured screenshots of…
OpenText Acquires Cybersecurity MDR Platform for MSPs
OpenText, a leader in information management solutions, has announced the acquisition of Pillr technology, a cloud-native, multi-tenant Managed Detection and Response (MDR) platform designed for Managed Service Providers (MSPs). This strategic move aims to improve OpenText’s cybersecurity capabilities, enabling it…
Microsoft Replacing VBScript With JavaScript & PowerShell
Microsoft has shifted its scripting options for web development and task automation. The company is replacing VBScript with more advanced alternatives such as JavaScript and PowerShell to provide users with the most modern and efficient tools. This article explores what…
Ikaruz Red Team Leveraging LockBit Builder To Launch Ransomware Attacks
Hackers exploit ransomware as it enables them to extort money from victims by encrypting their data and demanding a ransom for its release. While this method is highly lucrative and often difficult to trace back to the perpetrators. Sentinel One…
Turla Hackers Leveraging Microsoft Build Engine To Deliver Malware Stealthily
Hackers exploit the Microsoft Build Engine because it can execute code and build applications. This engine provides an easy means for them to send harmful payloads using legitimate software development tools. Moreover, inside corporate environments, Build Engine’s trusted nature enables…
Stealerium Malware Targeting Wi-Fi Networks, Outlook to Steal Login Credentials
A new strain of malware known as Stealerium has been identified. It targets Wi-Fi networks and Microsoft Outlook to steal login credentials. This sophisticated malware poses a significant threat to individual users and organizations, highlighting the need for heightened vigilance…
Hackers Claiming Access to Qatar National Bank Database
A group of hackers has claimed to have accessed the database of Qatar National Bank (QNB), one of the largest financial institutions in the Middle East. The announcement was made via a post on Twitter by the account MonThreat. ANYRUN…
Cloud-Based Malware Attack Abusing Google Drive & Dropbox
A phishing email with a malicious zip attachment initiates the attack. The zip contains a single executable disguised as an Excel file using Left-To-Right Override characters (LTRO). LTRO makes the filename appears to have a harmless .xlsx extension (e.g., RFQ-101432620247flexe.xlsx)…
OmniVision Technologies Cyber Attack, Hackers Stolen Personal Data in Ransomware Attack
OmniVision Technologies, Inc. (OVT) recently disclosed a significant security breach that compromised its clients’ personal data. The company, known for its advanced digital imaging solutions, reported that the incident occurred between September 4, 2023, and September 30, 2023. During this…
Threat Actors Leverage Bitbucket Artifacts to Breach AWS Accounts
In a recent investigation into Amazon Web Services (AWS) security breaches, Mandiant uncovered a troubling scenario client-specific secrets were leaked from Atlassian’s code repository tool, Bitbucket, and exploited by threat actors to gain unauthorized access to AWS accounts. This revelation…
Critical Flaw In Confluence Server Let Attackers Execute Arbitrary Code
The widely used team workspace corporate wiki Confluence has been discovered to have a critical remote code execution vulnerability. This vulnerability has been assigned with CVE-2024-21683 with a severity of 8.3 (High). This vulnerability affects multiple versions of Confluence Data…
Hackers Breached Western Sydney University Microsoft 365 & Sharepoint Environments
Western Sydney University has informed approximately 7,500 individuals today of an unauthorized access incident involving its IT network. The breach, first identified in January 2024, affected the University’s Microsoft Office 365 environment, including email accounts and SharePoint files. The earliest…
Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud
Memcyco Inc., provider of digital trust technology designed to protect companies and their customers from digital impersonation fraud, released its inaugural 2024 State of Website Impersonation Scams report. Notably, Memcyco’s research indicates that the majority of companies do not have…
North Korean Hackers Hijacked Military Officials Personal Email
North Korean hacking groups are suspected of hijacking the personal email accounts of high-ranking military officials. The Defense Ministry confirmed that a joint investigation is underway, involving both the police and military police. A dedicated task force has been established…
Microsoft Unveild New Windows 11 Features To Strengthen Security
Microsoft has been prioritizing security in Windows, as they introduced Secured-Core PCs to protect from hardware to cloud attacks and expanded passwordless offerings with passkeys for better identity protection. Passkeys are protected by Windows Hello technology, and to further enhance…
Critical Memory Corruption In Cloud Logging Infrastructure Enables Code Execution Attack
A new critical vulnerability has been discovered in Fluent Bit’s built-in HTTP server, which has been termed “Linguistic Lumberjack” (CVE-2024-4323). Exploiting this vulnerability can also lead to a denial of service, information disclosure, or remote code execution. Its severity has…
DoppelGänger Attack: Malware Routed Via News Websites And Social Media
A Russian influence campaign, DoppelGänger, leverages fake news websites (typosquatted and independent) to spread disinformation, undermining support for Ukraine. Structura and SDA are running the campaign, which started in May 2022 and targets France, Germany, and other countries. Inauthentic social…
Multiple Vulnerabilities in Honeywell VirtualUOC Let Attackers Execute Remote Code
Team82 has uncovered multiple critical vulnerabilities in Honeywell’s ControlEdge Virtual Unit Operations Center (UOC). These vulnerabilities within the EpicMo protocol implementation could potentially allow attackers to execute remote code without authentication. Honeywell has since addressed these issues, but the discovery…
Grandoreiro Malware Hijacks Outlook Client to Send Phishing Emails
X-Force identified a phishing campaign targeting Latin American users since March 2024, where emails impersonate legitimate entities like tax and utility services, urging recipients to click links for invoices or account statements. Clicking the link redirects users in specific countries…
Critical Memory Corruption In Cloud Logging Infrastructure Enables Code Execution Attack
Fluent Bit, a widely used open-source data collector and processor, has been found to have a major memory loss flaw. Many big cloud providers use Fluent Bit for their logging because it is easy to use and can be scaled…
PoC Exploit Released for QNAP QTS zero-day RCE Flaw
Researchers have shown a proof-of-concept (PoC) attack for a zero-day remote code execution (RCE) flaw in the QTS operating system from QNAP. Users of QNAP’s Network-Attached Storage (NAS) devices, which are common in both small and big business settings, are…
Critical Git Vulnerability Let Attackers Execute Remote Code : PoC Published
A critical remote code execution vulnerability has been discovered in the git clone which was assigned with CVE-2024-32002 and the severity has been given as 9.0 (Critical). This particular vulnerability existed in the clone command that is widely used. Git…
SWARM – Switchable Backdoor Attack Against Pre-trained Models
In the big data era, pre-training large vision transformer (ViT) models on massive datasets has become prevalent for enhanced performance on downstream tasks. Visual prompting (VP), introducing learnable task-specific parameters while freezing the pre-trained backbone, offers an efficient adaptation alternative…
Akira Ransomware Escalates Privilege To Exfiltrate Domain Controller Files
In a recent encounter, the Akira ransomware group exploited a novel privilege escalation technique, where the attackers infiltrated the victim’s virtual environment to steal the NTDS.dit file, a critical file containing domain user accounts and passwords stored on domain controllers. …
Financial Organizations Need To Disclose Data Breach Within 30-Days
The U.S. Securities and Exchange Commission (SEC) has made changes to Regulation S-P that require financial companies to report data leaks within 30 days. This is a big step toward protecting consumers. This new rule, which goes into force on…