Uncategorized

Cisco, the prominent networking company, has taken swift action to address a significant security issue impacting its Unified Communications Products. This vulnerability poses a serious risk, as it could potentially lead to remote code execution on targeted devices. In response, Cisco strongly encourages users to promptly update their systems with the latest software release in […]

Imagine opening a simple office document and unknowingly letting a computer virus into your system. Researchers at Fortinet found a seemingly normal document that was hiding a nasty surprise: a type of computer virus called FAUST ransomware. This virus is a cousin of the already known Phobos ransomware, which has been causing trouble since 2019 […]

Introduction An unidentified cybercrime group, going by the name ‘Bigpanzi,’ has been quietly making a substantial income by infecting Android TV and eCos set-top boxes worldwide since at least 2015. According to researchers at Qianxin Xlabs in Beijing, this threat group manages a large botnet with around 170,000 active bots every day. However, they’ve identified […]

Imagine you’re sifting through your inbox on a busy Monday morning. Amidst the usual mix of internal communications and project updates, you spot an email from your Human Resources department about your 401(k) plan. It mentions critical updates and requests your immediate attention. Before you click on any links or respond, pause and consider: Could […]

In the year 2023, a total of 26,447 vulnerabilities were disclosed, marking an increase of over 1500 from the preceding year. This information is derived from the most recent report by the Qualys Threat Research Unit (TRU), released recently. Notably, less than 1% of these vulnerabilities are considered high-risk and are actively exploited by ransomware, […]

Ransomware attacks are a big problem in the ever-changing world of online security. One particular concern is Ransomware-as-a-Service (RaaS), a trend that’s making cybercrime more accessible to people with limited technical skills. Traditionally, ransomware involves encrypting a victim’s files, making them inaccessible until a ransom is paid. However, modern attackers often go a step further. […]

A new report highlights innovative ways that cyber threats can exploit vulnerabilities in Google Workspace and the Google Cloud Platform. These methods, if exploited by malicious actors, could lead to ransomware attacks, data theft, and password recovery breaches. According to Martin Zugec, the Technical Solutions Director at Bitdefender, the threat begins with compromising a single […]

Security experts have recently uncovered a significant number of vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers, raising concerns about their potential exploitation by threat actors. This discovery reveals a severe risk in the digital landscape, as attackers, even without privileged access, could exploit these vulnerabilities to seize complete control of devices […]

1Password, a widely used password management solution, recently identified suspicious activity within its Okta instance, which occurred on September 29. The incident was associated with a support system breach but, reassuringly, no user data was compromised. Pedro Canahuati, the Chief Technology Officer (CTO) of 1Password, promptly responded to this security concern. He stated, “We immediately […]

Over the preceding two months, malevolent actors have exploited a vulnerability in the HTTP/2 web communication protocol, rendering web application servers, load balancers, and web proxies susceptible to distributed denial-of-service (DDoS) attacks of an unprecedented magnitude. Major cloud infrastructure providers like Google, AWS, and Cloudflare, as well as web server vendors, have been collaborating on […]

A newly emerged software vulnerability, dubbed as ‘Looney Tunables‘ and cataloged under CVE-2023-4911, is causing a stir in the Linux community. The bug has opened up avenues for local attackers to gain root access on major Linux distros, thereby raising serious concerns about system integrity and security. The new Linux vulnerability, known as ‘Looney Tunables‘, […]

As the world of cybersecurity constantly evolves, so do the strategies employed by cybercriminals. A recent adaptation, coined as the “ZeroFont Phishing Technique“, has been making waves in the cybersecurity landscape. Hackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned by security tools in […]

In August 2024, the internationally acclaimed manufacturer of cleaning products, Clorox, experienced a significant cyber-attack. The aftermath of this breach resulted in a slew of operational disruptions, extending beyond the initial incident and deeply affecting the company’s first quarter results in 2024. The Unveiling of the Cyber Attack According to a recent SEC filing, Clorox […]

As technology continues to evolve, so do the methods of cybercriminals. The latest threat to emerge is a new version of the Xenomorph banking Trojan, which has set its sights on over 35 well-established financial institutions across the U.S. and various digital cryptocurrency wallets. Understanding the Xenomorph Banking Trojan Xenomorph, an offshoot of the infamous […]

JPCERT, Japan’s computer emergency response team, has recently uncovered a new sophisticated ‘MalDoc in PDF’ cyberattack. This attack, detected in July 2023, cleverly evades detection by concealing malicious Word files within PDF documents. The file analyzed by JPCERT makes use of polyglots to confuse analysis tools and evade detection. While most scanning engines and tools […]

In the ever-evolving landscape of cyber threats, cybersecurity experts are raising concerns about a newly discovered malware strain known as “Whiffy Recon.” This sophisticated malware, uncovered by researchers from Secureworks Counter Threat Unit (CTU), leverages Wi-Fi scanning and Google’s geolocation API to triangulate the location of infected devices. With the capability to continuously track compromised […]

The PowerShell Gallery, a central repository maintained by Microsoft for sharing and acquiring PowerShell code, has recently faced heightened scrutiny due to a series of active vulnerabilities that pose a significant risk of supply chain attacks against its users. These flaws, uncovered by security researchers from Aqua, have shed light on potential weaknesses in the […]

The utilization of ransomware is continuously advancing as cybercriminals discover novel methods to exploit vulnerabilities and optimize their financial gains. An exemplification of this is the Clop ransomware gang, which has recently adapted its tactics by resorting to torrents to disclose stolen data from its victims. By employing this approach, Clop aims to surmount the […]

In our ever-more interconnected world, web applications have become indispensable to our daily lives. They empower us with online shopping, banking, and so much more. However, it is vital to protect the sensitive data handled by these applications from unauthorized access. A recent advisory from the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber […]

A new backdoor malware has been discovered that is believed to have been created using the leaked CIA’s Hive malware. The discovery was made by researchers at the cybersecurity firm, Symantec, who have been monitoring the use of the Hive malware since it was leaked in 2017. The new backdoor, named “Honeycomb,” has been found […]