AISURU Botnet Identified in Massive DDoS Attack on Steam
A massive, coordinated DDoS attack disrupted Steam services globally and the Perfect World Esports platform in China on the weekend of August 24-26, coinciding with the launch of the highly... The post...
View ArticleCyber Espionage Campaign Leverages Novel Tactics and “Voldemort” Malware to...
Proofpoint researchers have unearthed a suspected espionage campaign distributing custom malware dubbed “Voldemort.” This operation, impacting over 70 organizations worldwide, combines common and...
View ArticleQR Codes Coming to Linux Kernel Panics with 6.12 Release
In July, a Red Hat engineer developed an option for the Linux Kernel to display a QR code after a crash, inspired by the feature in systemd 255+ that shows... The post QR Codes Coming to Linux Kernel...
View ArticleProof-of-Concept Exploit Released for WhatsUp Gold Authentication Bypass...
Researcher Sina Kheirkhah of the Summoning Team has published the technical details and a proof-of-concept (PoC) exploit for a critical vulnerability, identified as CVE-2024-6670, affecting Progress...
View ArticleAttackers Turn Digital Analytics Tools into Weapons, Experts Warn
In a recent report, cybersecurity researchers from Mandiant and Google Cloud have shed light on the alarming trend of threat actors repurposing digital analytics and advertising tools for malicious...
View ArticleLatrodectus Malware Evolves: New Payload Features Enhance Evasion and Control
The notorious Latrodectus downloader malware, known for its similarities to IcedID and its use by prominent threat actors TA577 and TA578, has undergone a significant upgrade. Netskope Threat Labs...
View ArticleCVE-2024-45488: Flaw in Safeguard for Privileged Passwords Enables...
In a recent security bulletin, a critical vulnerability has been identified in One Identity’s Safeguard for Privileged Passwords, a key solution designed to protect and manage privileged credentials...
View ArticleCVE-2024-43044: Critical Jenkins Vulnerability Exposes Servers to RCE, PoC...
A security researcher from Conviso Labs published the technical details and a proof-of-concept (PoC) exploit for a critical CVE-2024-43044 vulnerability in Jenkin. Jenkins is integral to many...
View ArticleMicrosoft Renames Remote Desktop to ‘Windows App’ on macOS: Mac Users React...
For a long time, the responsibility for Windows Remote Desktop Protocol (RDP) connections has been handled by Microsoft Remote Desktop. However, Microsoft now plans to rename Remote Desktop to...
View ArticleInformation Stealer Malware on the Rise: ACSC Issues Urgent Cybersecurity...
The Australian Cyber Security Centre (ACSC) has issued a warning about the escalating threat of information stealer malware. This insidious type of malware is designed to siphon sensitive data from......
View ArticleWikiLoader Malware Evolves with SEO Poisoning, Targets GlobalProtect Users
In a recent investigation, the Unit 42 Managed Threat Hunting (MTH) team uncovered a sophisticated cyber campaign leveraging a unique variant of the WikiLoader malware. The attackers behind this...
View ArticleSLOW#TEMPEST Campaign: Securonix Uncovers Sophisticated Cobalt Strike Attack...
The Securonix Threat Research team has revealed a recently uncovered cyber espionage campaign, dubbed SLOW#TEMPEST that is specifically targeting Chinese-speaking users intending to deploy Cobalt...
View ArticlePublicly Exposed GenAI Development Services Raise Serious Security Concerns
A new report released by Legit Security has raised significant concerns about the security posture of publicly accessible GenAI development services. The research, focusing on vector databases and LLM...
View ArticleThe Escalating Threat of the EV Code Signing Certificate Black Market
The cybersecurity landscape is facing a growing threat from the illicit trade of Extended Validation (EV) code signing certificates, as revealed in a recent report by Intrinsec. These certificates,...
View ArticleMekotio Trojan: A PowerShell-Based Threat Targeting Victims with Stealth and...
The CYFIRMA Research and Advisory Team has identified a new and sophisticated cyber threat, dubbed the Mekotio Trojan. This malware leverages PowerShell, a powerful scripting language built into...
View ArticleAn Ongoing Social Engineering Campaign Targets 130+ US Organizations
A new wave of highly targeted cyberattacks is sweeping across the US, and it’s not your average phishing scam. The GuidePoint Research and Intelligence Team (GRIT) has uncovered a sophisticated... The...
View ArticleCVE-2024-8105: An UEFI Flaw Putting Millions of Devices at Risk
A significant vulnerability, CVE-2024-8105, dubbed PKfail, has surfaced within the UEFI ecosystem. With a CVSS score of 8.2, this flaw exposes critical UEFI security mechanisms to compromise, making...
View ArticleD-Link Won’t Fix 4 RCE Vulnerabilities in DIR-846W Router
Four severe security flaws have been found in the D-Link DIR-846W router, leaving users potentially exposed to remote attacks even after the device has reached its end-of-life. Security researchers...
View ArticleCVE-2024-7593 (CVSS 9.8): Critical Ivanti vTM Flaw Now Weaponized, PoC...
A critical authentication bypass vulnerability, tracked as CVE-2024-7593 (CVSS 9.8), in Ivanti’s Virtual Traffic Manager (vTM), is now significantly easier to exploit thanks to the release of public...
View ArticleCVE-2024-7261 (CVSS 9.8): Zyxel Patches Critical Vulnerability in Wi-Fi Devices
Zyxel, a prominent networking equipment manufacturer, has issued a security advisory urging users to promptly update their firmware to address a critical vulnerability affecting a range of their access...
View Article