Category

Uncategorized
Zyxel Vulnerability
Zyxel recently addressed several critical security vulnerabilities across a range of its networking devices, including a particularly severe flaw identified as CVE-2024-7261. This vulnerability is an OS command injection issue, which received a CVSS v3 score of 9.8, placing it in the “critical” category. The flaw stems from improper input validation in the “host” parameter...
Read More
Blackbyte Ransomware
The BlackByte ransomware group, a significant and persistent threat in the ransomware-as-a-service (RaaS) ecosystem, has introduced a new iteration of its encryptor, further intensifying its attacks on organizations globally. Believed to be a splinter group from the infamous Conti gang, BlackByte’s recent activities demonstrate its relentless evolution and strategic shift in targeting methodologies. Cisco Talos,...
Read More
Cybersecurity Exploit PWA Apps to Steal Banking Credentials
Cybercriminals have adopted a sophisticated new tactic that uses Progressive Web Applications (PWAs) to impersonate legitimate banking apps, enabling them to steal credentials from iOS and Android users. These PWAs, which are cross-platform web applications that mimic native apps, allow attackers to bypass security restrictions, evade detection, and gain access to sensitive device permissions without...
Read More
Microsoft Office Macos
Recent discoveries by cybersecurity researchers at Cisco Talos highlight critical vulnerabilities in Microsoft’s popular macOS applications, posing significant security risks despite Microsoft labeling them as low-severity threats. Attackers could exploit these flaws to gain unauthorized access to a user’s microphone, camera, sensitive data, and even escalate privileges. Although these issues affect apps like Word, Excel,...
Read More
Windows Malware Smart App
Cybersecurity researchers from Elastic Security Labs have uncovered significant vulnerabilities in Windows SmartScreen and Smart App Control (SAC). These flaws can potentially allow cybercriminals to execute malicious applications on Windows devices without triggering security warnings. Windows SmartScreen and Smart App Control Overview Windows SmartScreen, integrated into the Microsoft Edge browser, helps protect users against phishing...
Read More
SharpRhino Malware
Hunters International, a formidable ransomware-as-a-service (RaaS) group, has deployed a sophisticated new remote access trojan (RAT) known as SharpRhino. Quorum Cyber researchers who discovered the new malware report that this malware, written in C#, specifically targets IT professionals by impersonating the legitimate Angry IP Scanner tool through typosquatting domains. Hunters International uses this approach to...
Read More
CVE-2024-38112 flaw Void Banshee
Cybersecurity experts at Trend Micro have discovered a critical remote code execution (RCE) vulnerability, identified as CVE-2024-38112, within the Microsoft MHTML protocol handler. This vulnerability, dubbed ZDI-CAN-24433, was reported to Microsoft and later patched. However, the advanced persistent threat (APT) group Void Banshee actively exploited it. Exploitation by Void Banshee Void Banshee, known for targeting...
Read More
Exim, the widely used Mail Transfer Agent (MTA) on Unix-like operating systems, faces a critical vulnerability, CVE-2024-39929, with a CVSS score of 9.1. This vulnerability affects Exim releases up to and including version 4.97.1. It allows remote attackers to bypass security filters, delivering malicious executable attachments directly to user inboxes. Immediate action is required to...
Read More
Vidar Stealer Infections
In June 2024, eSentire’s Threat Response Unit (TRU) identified a significant case involving a Vidar Stealer infection. This infection began when a victim searched online for solutions to a Windows Update Error code such as 0x80070643. During their search, they landed on a site named PCHelper Wizards, which offered a supposedly simple fix through a...
Read More
In early June 2024, a hacker known as “Sp1d3r” listed a database for sale on the dark web, claiming it contained data from the Los Angeles Unified School District (LAUSD) stolen from their Snowflake account. Pricing the database at $150,000, Sp1d3r included sensitive information such as student names, addresses, family details, demographics, financial records, grades,...
Read More
Crown Equipment Corporation, one of the largest forklift manufacturers in the world, employing 19,600 people and having 24 manufacturing plants in 14 locations worldwide, recently confirmed a significant cyberattack that disrupted its operations for weeks. The Attack and Immediate Response On June 9th, Crown Equipment’s network was breached by an international cybercriminal organization. The company’s...
Read More
A recent cyberattack on CDK Global has caused a significant disruption in car dealerships across the United States. This cyber incident has brought thousands of car dealerships to a standstill, impacting their operations severely. Here is a detailed account of what transpired and the implications for the affected businesses. The Scope of the Attack CDK...
Read More
In February 2024, EclecticIQ cybersecurity researchers discovered phishing campaigns targeting financial institutions using embedded QR codes in PDF attachments to redirect victims to phishing URLs. Recently, these campaigns have begun using a Phishing-as-a-Service (PhaaS) platform known as ONNX Store, which now targets both Microsoft 365 and Office 365 email accounts.  The platform enables phishing attacks...
Read More
Overview of BadSpace Malware BadSpace is a sophisticated Windows backdoor malware that attackers deliver through compromised websites, especially those built on WordPress. This malware uses a multi-stage attack chain involving infected websites, command-and-control (C2) servers, fake browser updates, and a JScript downloader to infiltrate victims’ systems. Infection Chain: How BadSpace Infiltrates Systems According to German...
Read More
A new, highly sophisticated phishing campaign has been detected by Trustwave that leverages HTML attachments to exploit the Windows search protocol, delivering malware through batch files hosted on remote servers. This article summarizes the mechanisms of the attack, mitigation measures, and insights into preventing such threats. Phishing Campaign Overview Researchers at Trustwave cybersecurity firm have...
Read More
Cybersecurity researchers at eSentire have uncovered a sophisticated phishing attack leveraging the More_Eggs malware, disguised as job resumes. This tactic, identified over two years ago, continues to threaten organizations significantly. Recently, attackers targeted an unnamed company in the industrial services sector, underscoring the ongoing evolution of cyber threats and the need for heightened vigilance among...
Read More
Cybersecurity researchers at ThreatFabric have uncovered a macOS variant of the LightSpy spyware, previously known for targeting iOS and Android devices. This development highlights the extensive reach and sophistication of this surveillance tool. LightSpy, a modular framework, has evolved to infiltrate various platforms, posing significant threats to user privacy and security. Origins and Evolution First reported...
Read More
Advance Auto Parts, a major U.S. automotive aftermarket parts provider, has fallen victim to a significant data breach. Cybercriminals, operating under the handle “Sp1d3r,” claim to have stolen 3 terabytes of data from the company’s Snowflake cloud storage account. The stolen dataset, now being offered for sale at $1.5 million, includes vast amounts of sensitive...
Read More
RansomHub, a nascent yet prolific ransomware-as-a-service (RaaS) operation, has recently come into the limelight due to its rapid rise and significant impacts. Cybersecurity researchers have traced its origins back to the now-defunct Knight ransomware, itself a rebrand of the Cyclops ransomware. RansomHub has a short history and operated mainly as a data theft and extortion...
Read More
In today’s interconnected digital world, cyber attacks have become an ever-present threat targeting individuals, businesses, and governments alike. Understanding the different types of cyber attacks is crucial for organizations and individuals to effectively mitigate risks and protect themselves against potential breaches. Here, we delve into 20 of the most common types of cyber attacks with...
Read More
Okta, a leading cybersecurity company specializing in identity and access management, has issued a warning about ongoing credential stuffing attacks targeting its Customer Identity Cloud (CIC) feature, particularly its cross-origin authentication. These attacks have been observed since April 15, 2024, affecting numerous customers. Credential stuffing is a type of cyber attack where threat actors use...
Read More
Microsoft has recently unveiled a new North Korean state-aligned threat actor named Moonstone Sleet, previously known as Storm-1789. This group is implicated in a series of sophisticated cyber attacks, blending traditional techniques with innovative methodologies to target various sectors, including software, IT, education, and defense. Moonstone Sleet’s operations highlight the evolving landscape of cyber threats...
Read More
The digital landscape is rapidly evolving, bringing both unprecedented opportunities and new threats. Among the most concerning of these threats is the Distributed Denial of Service (DDoS) attack, particularly a novel variant known as DNSBomb discovered by researchers from the Tsinghua University in Beijing, China. This powerful and practical pulsing DoS attack exploits DNS queries...
Read More
In February 2024, U.S. pharmaceutical giant Cencora, formerly known as AmerisourceBergen, suffered a significant cyberattack leading to a major data breach. The attack compromised the personal and highly sensitive medical information of individuals associated with eight prominent drug companies that partner with Cencora for pharmaceutical and business services. Details of the Data Breach The data...
Read More
A malicious crypto mining campaign codenamed ‘REF4578,’ has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner. Researchers at the cybersecurity firms Elastic Security Labs and Antiy have underlined the unusual sophistication of these crypto-mining attacks in separate reports and shared detection rules to help...
Read More
With the rise of artificial intelligence, new features are continually being introduced to enhance user experience. The new Microsoft’s Recall feature, which captures screenshots of your active screen every few seconds and analyzes them using AI, exemplifies this trend by promising to enhance productivity with innovative AI-driven functionalities. However, despite its groundbreaking potential, this technology...
Read More
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a significant security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog. This action underscores the critical nature of the vulnerability, which has already seen active exploitation in the wild. The flaw, identified as CVE-2023-43208, has a serious impact due to...
Read More
In a landmark case, The U.S. Department of State and U.S. Department of Justice have charged an Arizona woman, Christina Chapman, and an Ukranian man who, along with three unidentified foreign nationals, allegedly assisted North Korean IT workers in remotely working for US companies under false US identities. This scheme facilitated foreign IT workers in...
Read More
A newly discovered vulnerability in the IEEE 802.11 WiFi standard, known as CVE-2023-52424, poses significant risks to network security. This flaw, dubbed the SSID Confusion attack, allows malicious actors to trick devices into connecting to less secure networks, thereby enabling eavesdropping type of attacks. The SSID Confusion Attack Researchers have identified a critical design flaw...
Read More
Cybercriminals have now identified a new vector for ransomware attacks by leveraging the Windows Quick Assist feature. Consequently, this emerging threat, primarily driven by a group known as Storm-1811, employs sophisticated social engineering techniques to deploy the notorious Black Basta ransomware. Therefore, understanding these tactics and implementing effective cybersecurity measures are crucial to mitigating these...
Read More
As digital transformation accelerates, the sophistication of cyber threats has also increased. Recent discoveries by Check Point Research have brought to light a significant vulnerability in Foxit PDF Reader, a popular software used by over 700 million users worldwide. This flaw has been exploited by threat actors to deliver malware via booby-trapped PDF documents. Overview...
Read More
In today’s digital landscape, cybercriminals continuously adapt their tactics to exploit vulnerabilities and gain unauthorized access to sensitive information. One emerging threat is AI-powered vishing (voice phishing) and deepfake phishing attacks. Utilizing machine learning algorithms, these sophisticated attacks can deceive even the most cautious individuals. AI-Powered Phishing Attacks Phishing traditionally involves deceptive emails, messages, or...
Read More
Federal agencies and cybersecurity experts have issued urgent warnings about the Black Basta ransomware group, which has targeted over 500 organizations across North America, Europe, and Australia since April 2022. This ransomware-as-a-service (RaaS) operation has breached numerous private industry and critical infrastructure sectors, causing severe disruptions and significant financial losses. One of the most notable...
Read More
The increasing prevalence of identity document fraud, especially in today’s digital landscape, has made it essential for the implementation of advanced verification systems to thwart fraudulent activities. As of 2023, the most prevalent method of such fraud was the “document image-of-image” technique, identified in 63% of all rejected IDs. This type of fraud involves using...
Read More
The security flaw known as “TunnelVision,” officially registered under CVE-2024-3661, represents a significant threat to the integrity of VPN (Virtual Private Network) communications. This vulnerability leverages a DHCP (Dynamic Host Configuration Protocol) option, specifically the classless static route option 121, to manipulate VPN traffic. This manipulation occurs when an attacker sets up a rogue DHCP...
Read More
Ascension, one of the largest private healthcare systems in the United States, experienced significant disruptions in its clinical operations due to a suspected cybersecurity incident. This major nonprofit health system, which operates 140 hospitals and 40 senior care facilities across 19 states including the District of Columbia, reported unusual activity on its technology networks on...
Read More
Nearly 52,000 instances of Tinyproxy, a popular open-source HTTP and HTTPS proxy server, are currently exposed to a severe security threat identified as CVE-2023-49606. This critical remote code execution (RCE) vulnerability affects primarily Tinyproxy services that are widely used by small businesses, public WiFi providers, and individual users who favor its efficiency and minimal resource...
Read More
Cybersecurity researchers at the Symantec Threat Hunter Team, part of Broadcom, have noticed a troubling trend where multiple hacking collectives, including APT28, REF2924, Red Stinger, Flea, APT29, and OilRig, are increasingly exploiting Microsoft Graph API for malicious activities. These groups have been using Microsoft’s cloud services, like OneDrive, to host their command-and-control (C2) infrastructure, effectively...
Read More
Dropbox has confirmed a significant breach of its Dropbox Sign service (formerly HelloSign), which compromised a wide range of customer information, including emails, usernames, phone numbers, hashed passwords, and various authentication details like API keys, OAuth tokens, and multi-factor authentication setups. The breach, identified on April 24, 2024, also exposed the email addresses and names...
Read More
Microsoft-Windows-DOS-to-NT-path-Vulnerability
In a new research, SafeBreach’s Or Yair has unveiled significant security vulnerabilities in the Windows DOS-to-NT path conversion process. These findings, which Yair presented at the Black Hat Asia conference, illustrate how attackers could potentially achieve rootkit-like capabilities without requiring administrative permissions. Understanding the DOS-to-NT Path Conversion Vulnerability During a typical operation where a Windows...
Read More
last pass
LastPass is alerting its users to a malicious campaign employing the CryptoChameleon phishing kit, notorious for cryptocurrency theft. Researchers have identified CryptoChameleon as a sophisticated phishing kit initially used against Federal Communications Commission (FCC) employees through counterfeit Okta single sign-on (SSO) pages. Security experts at Lookout have found that this phishing kit has also compromised...
Read More
Ransomware as a service image
Since June 2023, cybersecurity observers have detected a surge in affordable ransomware offerings, termed “junk gun” ransomware, on the dark web. These tools are the product of independent developers and represent a shift away from the decade-long dominance of the ransomware-as-a-service (RaaS) model in the cybercriminal ecosystem. Sophos X-Ops has documented 19 distinct junk gun...
Read More
Brute Force Attack
Cisco Talos has issued a warning about a massive credential brute-force campaign that targets VPN and SSH services on devices worldwide. The campaign, which started on March 18, 2024, uses a mix of valid and generic employee usernames to crack the correct login credentials. Once the attackers gain access, they can hijack devices or infiltrate...
Read More
duo-two-factor-authentication
Cisco Duo recently warned that hackers breached the security of their telephony provider on April 1, 2024, stealing some customers’ VoIP and SMS logs used for multi-factor authentication (MFA) messages. This cyberattack targeted an unnamed provider that handles Cisco Duo’s SMS and VOIP MFA message services. Cisco Duo, a major multi-factor authentication and Single Sign-On...
Read More
Apple Cybersecurity Threat Mercenary Spyware
Apple has issued a warning to iPhone users across 92 countries about a mercenary spyware attack targeting their devices remotely. The company expresses high confidence in the warning and urges users to take immediate action. According to a notification shared, the spyware attempts to compromise iPhones linked to specific Apple IDs. The notification also refers...
Read More
Researchers have discovered a critical vulnerability in the Rust standard library, posing a significant threat to Windows users. The flaw, identified as CVE-2024-24576, could potentially allow attackers to stage command injection attacks on unsuspecting users. With a CVSS score of 10.0, the vulnerability’s severity is at its maximum, highlighting the urgent need for attention and...
Read More
Cybersecurity researchers recently uncovered a complex multi-stage attack that targets users with invoice-themed phishing emails to deploy a variety of malware, including Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a crypto wallet stealer. Attackers attach Scalable Vector Graphics (SVG) files to emails, which initiate the malware infection process upon opening, according to a technical...
Read More
The U.S. Department of Health and Human Services (HHS) has raised an alarm over an ongoing assault by cybercriminals targeting IT help desks in the Healthcare and Public Health (HPH) sector. These attackers, observed by the Health Sector Cybersecurity Coordination Center (HC3), wield sophisticated social engineering tactics to infiltrate the health sector’s defenses. Their strategy...
Read More
Cybercriminals are distributing a new multi-functional malware named Byakugan through fake Adobe Acrobat Reader installers. The attack begins with a PDF file in Portuguese that displays a blurry image and prompts users to download a fake Reader application to see the content more clearly. Fortinet FortiGuard Labs reported that clicking on the provided link downloads...
Read More
In the constantly changing world of cyber threats, thread hijacking stands out as a clever strategy that uses human curiosity to trap its victims. This advanced phishing technique takes control of ongoing email conversations, becoming a sinister threat that requires our immediate attention. By learning how these cyber predators operate, we can defend ourselves against...
Read More
1 2