Gatekeeper Bypass: Malicious Apps Could Slip Through macOS Defenses
A new report from Unit 42 researchers has uncovered significant weaknesses in macOS’s Gatekeeper security mechanism, which could allow malicious applications to bypass Apple’s verification process and...
View ArticleCritical Flaw in Synology Camera Firmware Expose Devices to RCE and DoS Attacks
Synology has issued a security advisory, Synology-SA-24:17, warning of critical vulnerabilities in several of its camera firmware products, including Synology Camera BC500, TC500, and CC400W. The...
View ArticleBeware of Fake Google Meet Invites: ClickFix Campaign Spreading Infostealers
A new and dangerous social engineering tactic, dubbed ClickFix, has emerged as a significant cybersecurity threat in 2024, according to a recent report from the Sekoia Threat Detection &...
View ArticleCVE-2024-10025 (CVSS 9.1): Critical Flaw in SICK Products Exposes Systems to...
A newly disclosed vulnerability in multiple SICK products, tracked as CVE-2024-10025, has raised significant cybersecurity concerns across industries relying on the company’s automation and sensor...
View ArticleVulnhuntr: A Tool for Finding Exploitable Vulnerabilities with LLMs and...
In today’s ever-evolving cybersecurity landscape, identifying vulnerabilities in codebases is critical for maintaining secure software and infrastructure. Vulnhuntr, an open-source tool available on...
View ArticleIcePeony – A New China-Nexus APT Group Targeting Asian Nations
A previously unknown China-nexus advanced persistent threat (APT) group, identified as “IcePeony,” according to a recent report from the nao_sec Cyber Security Research Team. This group, active since...
View ArticleDevelopers Targeted: North Korean Hackers Deploy “BeaverTail” Malware via NFTs
eSentire’s Threat Response Unit (TRU) uncovers a sophisticated phishing campaign using a fake NFT project to lure unsuspecting software developers. In a recent report, eSentire’s Threat Response Unit...
View ArticleDucktail & Quasar RAT: Vietnamese Threat Actors Target Meta Ads Professionals
In a sophisticated attack campaign recently uncovered by Cyble Research and Intelligence Lab (CRIL), digital marketing professionals, particularly those specializing in Meta (Facebook and Instagram)...
View ArticleSupply Chain Weakness: Crypt Ghouls Exploit Contractors to Deploy Ransomware
Kaspersky Labs has identified a new cybercriminal group dubbed Crypt Ghouls, responsible for a series of ransomware attacks against Russian businesses and government agencies. The group’s modus...
View ArticleBeast Ransomware: RaaS Platform Targets Windows, Linux, and VMware ESXi
In a recent analysis by Cybereason, security researcher Mark Tsipershtein delves into the intricacies of Beast Ransomware, a Ransomware-as-a-Service (RaaS) platform that has been actively targeting...
View ArticleCVE-2024-21216 (CVSS 9.8): Oracle WebLogic Flaw That Could Give Attackers...
Oracle has recently rolled out its October 2024 Critical Patch Update (CPU), addressing 329 vulnerabilities across a variety of products. Among these are five severe vulnerabilities within the Oracle...
View ArticleGHOSTPULSE Evolves: Malware Now Hides in Image Pixels, Evading Detection
Elastic Security Labs has recently uncovered a significant evolution in the tactics of the GHOSTPULSE malware family, also known as HIJACKLOADER or IDATLOADER. In their latest report, Elastic Security...
View ArticleMicrosoft Windows Flaw: CVE-2024-30090 PoC Exploit Published, Posing SYSTEM...
Security researcher Angelboy (@scwuaptx) with DEVCORE has identified a privilege escalation vulnerability in Microsoft’s Kernel Streaming service. The vulnerability, tracked as CVE-2024-30090 and...
View ArticleCisco Investigates Potential Data Exposure, Confirms No Breach of Internal...
Cisco Systems is currently investigating an alleged unauthorized access to data housed on a public-facing DevHub environment. While initial reports suggested a potential breach of Cisco’s internal...
View ArticleCVE-2024-9537 (CVSS 9.8): Critical Zero-Day in ScienceLogic EM7 Leads to...
Rackspace, a leading provider of managed cloud services, announced a security incident related to a zero-day vulnerability discovered in a third-party utility bundled with the ScienceLogic EM7 (SL1)...
View ArticleVOIDMAW: A New Bypass Technique for Memory Scanners
As malware detection techniques evolve, so do the methods attackers use to evade them. VOIDMAW is an innovative memory scanning bypass technique that can effectively hide problematic code from...
View ArticleMaaS in Action: How Lumma Stealer Employs Advanced Delivery Techniques
Malware-as-a-service (MaaS) offerings have become an increasingly dangerous tool for cybercriminals. Among these threats is Lumma Stealer, a sophisticated information-stealing malware that Vishwajeet...
View ArticleAkira Ransomware Exploit CVE-2024-40766 in SonicWall SonicOS
The notorious Akira ransomware group continues to adapt and refine its methods, solidifying its position as one of the most significant threats in the cyber landscape. According to a recent... The post...
View ArticleBianLian Ransomware Gang Claims Attack on Boston Children’s Health...
Boston Children’s Health Physicians (BCHP), an organization comprising over 300 physicians across 60 regional offices in New York and Connecticut, has confirmed a significant data breach that...
View ArticleBumblebee Loader Resurfaces with New Infection Chain
In a recent report from Leandro Fróes, Senior Threat Research Engineer at Netskope, a new infection chain linked to the Bumblebee loader has been uncovered. First discovered by Google’s Threat... The...
View Article