A critical vulnerability has been identified in the TeamViewer Client for macOS. If exploited, this flaw could allow attackers to escalate their privileges on the system, posing a severe security risk to users. The issue has been addressed in the latest software version, but it sheds light on the ongoing challenges of maintaining digital security in an ever-evolving threat … [Read more...]
Agenda Ransomware Attacking VMWare vCenter & ESXi servers WorldWide
Agenda ransomware group, also known by its aliases Qilin and Water Galura, has been ramping up its attacks globally. This nefarious group has focused on the United States, Argentina, Australia, and Thailand, and it has been targeting industries critical to the economy, such as finance and law. However, a recent trend has emerged: Agenda is setting its sights on a new, highly critical … [Read more...]
Google Revealed Kernel Address Sanitizer to Harden Android Firmware & Beyond
Google has unveiled its latest initiative the implementation of the Kernel Address Sanitizer (KASan) to enhance firmware security. This development comes as the focus on lower-level firmware security intensifies, given its critical role in device security. Traditionally, this area has received less scrutiny than Android userspace and kernel security. However, Google’s proactive … [Read more...]
BlueDucky: A New Tool Exploits Bluetooth Vulnerability With 0-Click Code Execution
A new tool dunned BlueDucky, automating the exploitation of a critical Bluetooth pairing vulnerability that allows for 0-click code execution on unpatched devices. This revelation comes on the heels of Marc Newlin’s January 2024 publication of a proof of concept script, which targets a Bluetooth vulnerability identified as CVE-2023-45866. The vulnerability, as detailed by Newlin, enables … [Read more...]
7 Chinese Govt Hackers Charged for 14-year hack campaign
The US Department of Justice (DOJ) has unsealed an indictment charging seven Chinese nationals with computer hacking and wire fraud conspiracies. These individuals are accused of being part of a hacking group known as APT31, which the DOJ alleges is linked to China’s Ministry of State Security (MSS). Over 10,000 malicious emails impacted thousands of victims across multiple … [Read more...]
macOS Flaw Let Attackers Escalate Privilege & Gain Root Access
A critical flaw impacting macOS has been uncovered that gives unauthorized users, including those with guest access, the capacity to escalate privileges and take complete root control of the system. According to the security researcher Yann Gascuel of Alter Solutions, the core of CVE-2023-42931 is the exploitation of the “diskutil” command line utility, which allows local users, including … [Read more...]
Adobe ColdFusion Flaw Let Attackers Gain Access to Sensitive Files – PoC Released
Adobe has addressed a critical vulnerability in its ColdFusion software, which could have allowed attackers to read files arbitrarily from the system. The flaw, identified as CVE-2024-20767, has been patched, but the details surrounding the vulnerability shed light on the potential risks to sensitive information.The vulnerability in question, CVE-2024-20767, was discovered in how Adobe ColdFusion … [Read more...]
CISA & FBI : Hackers Exploiting SQL Injection Flaws To Hack Servers
CISA and the FBI released the Secure by Design Alert to address SQL injection vulnerabilities in software that affect thousands of organizations. A persistent class of defects in commercial software solutions is SQL injection, or SQLi, vulnerabilities. Even though SQL vulnerabilities have been known about and documented for a decade now, and there are workable mitigations available, … [Read more...]
New Zealand Parliamentary Network Hacked by Chinese Hackers
New Zealand has joined the United Kingdom in strongly condemning the People’s Republic of China (PRC) for its state-backed cyber activities, which have recently targeted democratic institutions, including the UK’s Electoral Commission and Members of Parliament. This stance against cyber-enabled espionage reflects a growing concern over the integrity of democratic processes … [Read more...]
Metasploit Framework 6.4 Released: What’s New
The latest release from Metasploit, Framework 6.4, is a testament to this ongoing battle. It brings a host of new features and improvements to the forefront of cybersecurity.It has been a little over a year since Metasploit released version 6.3, and the team at Rapid7 has not been idle. The new 6.4 version of the Metasploit Framework introduces significant enhancements and new capabilities, … [Read more...]
Rank Math SEO Plugin Flaw Exposes 2M+ Websites to Cyber Attack
A significant vulnerability has been identified in the Rank Math SEO plugin for WordPress. This flaw, cataloged under CVE-2023-32600, exposes over two million websites to potential cyber-attacks, posing a severe security risk to online businesses and content creators reliant on this popular optimization tool. Understanding the Vulnerability: CVE-2023-32600 The core of the issue lies in … [Read more...]
Linux Admins Beware! Fake PuTTY Client That Rhadamanthys Stealer
PuTTY is among the most popular targets of hackers due to several reasons. Firstly, it is used for remote access to servers and systems at large, hence a great ground for infiltration. Exploiting vulnerabilities or misconfigurations in PuTTY can expose sensitive data or allow code execution on targeted machines. By hacking into PuTTY installs, hackers can set up persistent backdoors and … [Read more...]
TA450 Hackers Uses Embedded Links in PDF Attachments to Attack Windows
In a concerning development in cyber warfare, the Iran-aligned threat actor known as TA450, also recognized by aliases such as MuddyWater, Mango Sandstorm, and Static Kitten, has been reported to employ a new strategy in its phishing campaigns. Proofpoint researchers have identified a shift in the group’s tactics, which now involve embedding malicious links within PDF attachments sent to … [Read more...]
U.S. and UK Impose Sanctions on APT 31 Chinese Hackers for Cyber Attacks
In a significant move to counter cyber threats, the United States and the United Kingdom have imposed sanctions on a group of China-linked hackers accused of targeting critical infrastructure in the U.S. The coordinated action includes indictments, sanctions, and a rewards program aimed at curtailing the activities of these cyber operatives. The U.S. Department of Justice has unsealed … [Read more...]
Best Practices for Email Security Headers – 2024
Email hacking and fraud have become common these days. Cybercriminals can easily break into and take control of mail accounts if they are not protected. They can do so through phishing attacks, vulnerable apps, and data breaches. Globally, people send about 347.3 billion emails daily, all of which carry sensitive data. Online criminals send about 3.4 billion phishing emails daily, … [Read more...]
2 Firefox Zero-Days Exploited At Pwn2Own : Patch Now
Mozilla addresses two zero-day vulnerabilities that were recently exploited at the Pwn2Own Vancouver 2024 hacking contest in the Firefox web browser. The Pwn2Own Vancouver 2024 hacking competition was held this week, and Trend Micro’s Zero Day Initiative (ZDI) revealed that participants received $1,132,500 for exhibiting 29 distinct zero-days. The competition’s winner, researcher … [Read more...]
Critical OpenVPN Flaw Let Attackers Escalate Privilege
OpenVPN has released their new version 2.6.10 in which there have been several bug fixes and improvements specifically to the Windows Platform of the VPN application. Four vulnerabilities were also fixed as part of this update. One of these four vulnerabilities was a privilege escalation vulnerability (CVE-2024-27459) that could allow a threat actor to perform a stack overflow attack that … [Read more...]
Threat Actor Claims to Have 600,000 Passenger Data of Kuwait Airways
A threat actor has claimed responsibility for a massive data breach affecting Kuwait Airways. According to the hacker’s statement on a popular social media platform, the breach has compromised the personal information of over 600,000 passengers. The breach, described by cybersecurity experts as one of the largest in the aviation sector this year, reportedly includes sensitive passenger … [Read more...]
Beware of Ramadan & Eid Fitr Online Scams that Steal your Financial Data
As the holy month of Ramadan approaches, bringing a surge in online shopping and charitable giving, cybercriminals are ramping up their efforts to exploit the festive spirit. A recent study by Security has highlighted an increase in fraudulent activities targeting consumers in the Middle East, particularly in the Kingdom of Saudi Arabia (KSA), where consumer spending has topped $16 billion. … [Read more...]
Hackers Transform Raspberry Pi Into A Hacking Tool
GEOBOX is specialized software designed for Raspberry Pi devices that have been observed on the Dark Web being marketed as the next major development in fraud and anonymity technologies. Cybercriminals have managed to turn the popular geek-favorite device into a “plug-and-play” tool for digital deception. This allows the user to impersonate known Wi-Fi access points, spoof GPS … [Read more...]
- « Previous Page
- 1
- …
- 16
- 17
- 18
- 19
- 20
- …
- 88
- Next Page »