Kaspersky recently reported that a number of iPhones connected to its network were compromised through an iOS vulnerability.  The attackers exploited iMessage’s zero-click exploits, allowing them to install malware on the devices without any user interaction.  Through the exploitation of a vulnerability, a message is delivered in a manner that triggers code execution without the … [Read more...]

A recently discovered vulnerability called “Migraine” is linked to macOS migration and poses a serious threat.  It enables attackers with root privileges to circumvent System Integrity Protection (SIP) on macOS, granting them unrestricted control over the compromised device. The security flaw, named “Migraine,” was identified by security researchers at Microsoft Threat Intelligence, … [Read more...]

Researchers at Varonis Threat Labs discovered that some Salesforce sites were improperly deactivated or unmaintained SalesforceGhost Sites. Threat actors can exfiltrate PII and business data by simply manipulating the host headers for these websites. Salesforce partners and customers are provided an option to create customized communities to help them collaborate. When these communities … [Read more...]

Businesses face significant hazards from ransomware attacks, which are capable of causing severe damage in a brief period. Over the past few years, numerous well-known companies, including CNA Financial, JBS Foods, and Colonial Pipeline, have fallen victim to such attacks, resulting in disruptions to insurance payments, food supplies, and fuel availability. These incidents have highlighted … [Read more...]

Network security is paramount in today’s digital landscape, where organizations face increasingly sophisticated threats. This guide presents a detailed Network Security checklist with examples to help you establish robust protection and minimize vulnerabilities. Network Security Musts: The 7-Point Checklist – Download Free – E-Book Network security Network Security Checklist With … [Read more...]

In May 2023, Huntress ThreatOps Center analysts detected a cryptocurrency miner (XMRig) on an endpoint, identified the miner’s associated site and wallet address by locating the config file, and validated the infection. The analyst observed activity on numerous infected endpoints, including the one they investigated, by accessing the miner’s website. Resource consumed Suspicious Windows … [Read more...]

For Windows, Mac, and Linux, Google has released Chrome 114 to the stable channel. The next few days/weeks will see the implementation of this.  According to the official statement, it fixes 16 security flaws. There are eight security issues with a high severity rating, four with a medium rating, and one with a low level. Since Google discovered them internally, the remaining security … [Read more...]

DogeRAT (Remote Access Trojan) is an open-source Android malware that targets a sizable customer base from various businesses, particularly banking, and entertainment.  CloudSEK’s TRIAD team detected it. Although this campaign primarily targeted consumers in India, it aims to be accessible to everyone. Specifics of the DogeRAT Android Malware The malware is being disseminated … [Read more...]

Offensive Security launched Kali Linux 2023.2, an updated Penetration testing distro with new features, hacking tools, and various updates. The Offensive Security team consistently releases new versions of Kali Linux each year, a Linux-based penetration testing and hacking distro. Kali Linux is packed with numerous Information Security tools specifically designed for a wide range of … [Read more...]

The AhnLab Security Emergency Response Center (ASEC) confirmed recent attacks on Windows IIS web servers by the nationally supported Lazarus group. Typically, threat actors exploit vulnerable web server versions to install web shells or execute malicious commands during their scans. Lazarus, a financially motivated hacking group, is believed to fund North Korea’s weapons development … [Read more...]

The recent discovery of a critical vulnerability in the NPU chipset by Tsinghua University and George Mason University researchers allows attackers to eavesdrop on data transmitted over 89% of real-world Wi-Fi networks by exploiting it. Hardware acceleration, such as using NPU chipsets in Wi-Fi networks, improves data transmission rate and reduces latency but also introduces security concerns … [Read more...]

A spyware-enabled Android app module that can gather details about files kept on devices and send them to attackers. Additionally, clipboard contents can be replaced and uploaded to a remote server. “This malicious SDK collects information on files stored on Android devices and can transfer them to attackers; it can also substitute and upload clipboard contents to a remote server,” Dr. Web … [Read more...]

Python Package Index (PyPI) has been used by several developers worldwide for creating a project or installing any other dependencies for their project. One of the important features of PyPI is that only the people who are linked with the project will be able to upload, delete or modify the project. However, PyPI has insisted its users enable 2FA by the end of 2023. This is because many of … [Read more...]

With your on-premise security solution comprising hardware, software, signatures, rules, and even machine learning, you may think your applications are fully protected. How do you know for sure that your apps are secured? And what if you’ve cloud-native apps? Can a legacy solution protect all these cloud apps from internal, external, and cloud security threats?  Cloud-based WAF bridges … [Read more...]

In February 2023, JPCERT/CC confirmed malware attacks on routers in Japan, specifically targeting Linux routers with a new Golang RAT known as GobRAT. The attacker exploits publicly accessible routers WEBUIs, leveraging potential vulnerabilities to infect them with the GobRAT ultimately. After an internet-exposed router is compromised, a loader script is deployed to deliver GobRAT, which … [Read more...]

Traditional perimeter-based security measures must be upgraded in an increasingly interconnected digital ecosystem where the frequency and sophistication of cyber attacks are increasing. Enterprises face the burden of protecting sensitive data and vital systems from continuous threats. In response to this evolving threat landscape, a paradigm shift has emerged in the field of cybersecurity, … [Read more...]

A Russian government-linked malware targeting power transmission was discovered recently by researchers at Mandiant during research, suggesting its potential use in training exercises for cyberattacks on electric grids. The malware COSMICENERGY, named by Google’s threat intelligence firm Mandiant, was uploaded to VirusTotal in December 2021 from Russia, but no evidence suggests its actual … [Read more...]

OAuth is the modern authentication mechanism most applications use to ease off the signing by creating a cross-allow application access delegation.  However, recent discoveries from Salt security state a security flaw in the Expo framework, which is used in developing high-quality native apps for platforms like iOS, Android, and web platforms. Critical OAuth Framework … [Read more...]

According to a report in the German newspaper Handelsblatt, Tesla Inc consumers made over 2,400 complaints about self-acceleration issues and 1,500 complaints about brake problems between 2015 and March 2022. Reports stated that a massive data dump based on a whistleblower’s breach of internal Tesla documents reveals that issues with Tesla’s automated driving system may be much more … [Read more...]

Getting around Windows XP’s activation scheme has never been an impossible challenge for individuals with adequate time, a sense of urgency, or moral flexibility. Newly activated Windows XP installations can now be safely and securely accomplished offline with the help of crack, granting the persisting Microsoft operating system a renewed lease of life over 21 years later. Cracking Windows … [Read more...]