BattlEye Vulnerability: “BannleEye” Exploit Allows Arbitrary Banning Users
A critical vulnerability in BattlEye (BE), a widely used anti-cheat system, has been disclosed, potentially jeopardizing the security of user accounts across several prominent online games. The...
View ArticleEarly Cascade Injection: A Novel Evasion Technique
A new stealthy process injection method, called Early Cascade Injection, has been introduced by security researcher Guido Miggelenbrink from Outflank. This cutting-edge technique offers a new layer of...
View ArticleCritical EoP Flaw in Microsoft’s Remote Registry: Researcher Publishes PoC...
Akamai researcher Stiv Kupchik published the technical details and a proof-of-concept (PoC) exploit code for a critical Elevation of Privilege (EoP) vulnerability, CVE-2024-43532, in Microsoft’s Remote...
View ArticleOneDev DevOps Platform Patches Critical Security Flaw Exposing Sensitive Data...
A critical security vulnerability (CVE-2024-45309) has been discovered and patched in OneDev, a popular open-source DevOps platform. This vulnerability could have allowed unauthenticated attackers to...
View ArticleExposed Docker APIs Under Attack: New Malware Campaign Deploys “perfctl”
A newly discovered cyberattack campaign has been targeting exposed Docker Remote API servers to deploy the perfctl malware, a malicious software designed to infiltrate and compromise systems by...
View ArticleTapioca Foundation Offers $1M Bounty After $4.7M DeFi Heist
The Tapioca Foundation, a cryptocurrency project, has fallen victim to a sophisticated social engineering attack, resulting in the theft of $4.7 million. The attack, which occurred on October 18,...
View ArticleInside China’s State-Sponsored Hacking Competitions: Talent Spotting and...
A new report by the Atlantic Council sheds light on China’s sophisticated and highly structured Capture the Flag (CTF) competition framework, which is helping the country become a global leader... The...
View ArticleCryptojacking Alert: Hackers Exploit gRPC and HTTP/2 to Deploy Miners
Trend Micro researchers have uncovered a new and unconventional method used by cybercriminals to deploy the SRBMiner cryptominer on Docker remote API servers. This attack leverages the gRPC protocol...
View ArticleMeta Combats Scams and Account Takeovers with Facial Recognition
Meta announced new measures to combat scams and improve account security on its platforms, Facebook and Instagram. In a recent post, Meta detailed how it’s leveraging facial recognition technology...
View ArticleDark Web Anti-Bot Services Enable Phishing Pages to Bypass Google’s “Red Page”
In a recent report by SlashNext, cybercriminals are increasingly leveraging anti-bot services available on the dark web to bypass Google’s “Red Page” warnings. Phishing has long been a favored...
View ArticleHardcoded Cloud Credentials Found in Popular Mobile Apps: A Major Security Flaw
In a recent report by Symantec, a critical security issue has been uncovered in several widely-used mobile applications across both Android and iOS platforms. These apps have been found to... The post...
View ArticleVirtual Hard Drives: The New Bypass for Secure Email Gateways and Antivirus...
In a recent report by Kahng An, part of the Cofense Intelligence Team, a critical vulnerability in the detection capabilities of Secure Email Gateways (SEGs) and antivirus (AV) scanners was... The post...
View ArticleUrgent Security Update: Guix System Patches Critical Vulnerability
A critical security vulnerability has been discovered in the widely-used Guix system, particularly affecting the guix-daemon. This flaw could allow local users to escalate privileges, potentially...
View Article1,700 Banks, 45 Countries: Grandoreiro Trojan Expands its Reach
In a recent report by Kaspersky Labs, the notorious Grandoreiro banking trojan has once again made headlines, evolving into a significant global financial threat. Originating in Brazil, this trojan,...
View ArticleRed Hat Warns of Privilege Escalation Flaw CVE-2024-9050 in...
A newly discovered vulnerability in the libreswan client plugin for NetworkManager could allow attackers to gain root access on Red Hat Enterprise Linux 9 systems. Red Hat has issued a... The post Red...
View ArticleResearcher Details 0-Day Flaw CVE-2024-44068 in Samsung Exynos Processors
Samsung has released a critical security patch to address CVE-2024-44068, a high-severity vulnerability impacting devices equipped with Exynos processors. Discovered by Xingyu Jin of Google, this...
View ArticleChrome Patches Multi Vulnerabilities in Latest Stable Release
Google has rolled out a crucial update to its Chrome browser, addressing three high-severity security flaws that could be exploited by attackers. The update, versions 130.0.6723.69/.70 for Windows and...
View ArticleGoogle Messages Rolls Out New Protections Against Scams and Sensitive Content
Google is bolstering the security of its Messages app with a suite of new features designed to combat scams, warn about dangerous links, and give users more control over sensitive... The post Google...
View ArticleGitLab Security Alert: CVE-2024-8312 and CVE-2024-6826 Patched
GitLab has issued a security update to address two significant vulnerabilities affecting multiple versions of its Community Edition (CE) and Enterprise Edition (EE) software. Users are strongly urged...
View ArticleFake Crypto Game Hides Chrome Zero-Day CVE-2024-4947 Attack by Lazarus APT
Kaspersky Labs has uncovered a sophisticated campaign by the Lazarus APT group, utilizing a fake cryptocurrency game to lure unsuspecting investors and infect their systems with malware. The attackers...
View Article