In a major international operation codenamed “Operation Destabilise,” law enforcement agencies have successfully dismantled sophisticated Russian money laundering networks that served cybercriminals, drug traffickers, and sanctioned Russian elites worldwide. The operation, led by the National Crime Agency (NCA), exposed two primary Russian-speaking networks known as Smart and TGR, which … [Read more...]
Hackers Exploit Docker Remote API Servers To Inject Gafgyt Malware
The Gafgyt malware (often referred to as Bashlite or Lizkebab) has expanded its attack scope by targeting publicly exposed Docker Remote API servers. Gafgyt malware, also known as Bashlite, and Mirai have targeted millions of vulnerable IoT devices in recent years. The new finding of this malware attacking Docker Remote API servers indicates a significant change in its behavior. To … [Read more...]
SolarWinds Platform XSS Vulnerability Let Attackers Inject Malicious Code
A critical security vulnerability has been recently disclosed by SolarWinds in its Platform product, a major player in IT management software. The flaw, identified as CVE-2024-45717, allows authenticated attackers to inject malicious code through a cross-site scripting (XSS) vulnerability. This vulnerability potentially helps the threat actors in compromising the integrity and … [Read more...]
HR & IT-Related Phishing Emails Are Top-Clicked Among Phishing Email Types
Phishing emails masquerading as HR and IT-related communications are the most likely to be clicked on by employees as unveiled in a recent study, posing a significant cybersecurity risk to organizations across various industries. The 2024 Phishing by Industry Benchmarking Report, conducted by KnowBe4, analyzed data from over 54 million simulated phishing tests. While these tests are … [Read more...]
HackSynth An Autonomous Penetration Testing Framework For Simulating Cyber-Attacks
The introduction of HackSynth marks a significant advancement in the field of autonomous penetration testing. Developed by researchers at Eotvos Lorand University, HackSynth leverages Large Language Models (LLMs) to autonomously conduct penetration tests, simulating cyber-attacks to identify vulnerabilities in systems without human intervention. HackSynth’s architecture is built around two … [Read more...]
Cloudflare Developer Domains Abused For Cyber Attacks
Cloudflare developer domains are actively abused by the threat actors for several illicit malicious purposes, as reported by the security analysts at FORTRA. Recent investigations have uncovered a significant surge in attacks targeting Cloudflare Pages and Cloudflare Workers, two popular platforms used by developers for web deployment and serverless computing. The abuse of Cloudflare’s … [Read more...]
New TLDs Like .shop, .top And .xyz Attracting Phishers
A significant surge in phishing attacks has been unveiled by a recent study conducted by Interisle Consulting, with a nearly 40% increase in the year ending August 2024. The research highlights that much of this growth is concentrated in a small number of new generic top-level domains (gTLDs), such as .shop, .top, and .xyz. These new gTLDs, which command just 11% of the market for new … [Read more...]
Google Chrome Type Confusion Vulnerability Let Attackers Execute Remote Code
A high-severity type confusion vulnerability in the V8 JavaScript engine of Google Chrome was recently discovered by independent researchers. As a result of this discovery, Google Chrome users are urged to update their browsers immediately. The flaw, identified as CVE-2024-12053, could allow attackers to execute remote code on affected systems, potentially leading to system compromise and … [Read more...]
PoC Exploit Released For Progress WhatsUp Gold Vulnerability
A critical security flaw in Progress WhatsUp Gold, a popular network monitoring tool, has been exposed with the release of a proof-of-concept (PoC) exploit. The vulnerability, identified as CVE-2024-8785, affects versions of WhatsUp Gold prior to 24.0.1 and poses a significant risk to organizations using the affected software. The security issue is a registry overwrite remote code execution … [Read more...]
MobSF Vulnerability Let Attackers Inject Malicious Scripts
A critical security flaw has been discovered in Mobile Security Framework (MobSF), a popular pen-testing and malware analysis tool, potentially exposing users to significant risks. The vulnerability, identified as CVE-2024-53999, allows attackers to execute malicious scripts through a Stored Cross-Site Scripting (XSS) attack in the application’s “Diff or Compare” functionality. The issue … [Read more...]
CISA Releases Guidance For Network Monitoring to Detect Malicious Cyber Actors
The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners, has released crucial guidance for monitoring networks and hardening devices. This initiative comes in response to a widespread cyber espionage campaign attributed to a People’s Republic of China (PRC)-affiliated … [Read more...]
Authorities Dismantle MATRIX Secret Chat Service Used by Cybercriminals
A joint investigation team (JIT) involving French and Dutch authorities, with support from Eurojust and Europol, has successfully dismantled an encrypted messaging service known as MATRIX. This operation, which took place on December 3, 2024, marks a pivotal moment in the ongoing effort to disrupt the communication channels exploited by criminal syndicates for illegal activities. The MATRIX … [Read more...]
Veeam Service Provider RCE Vulnerability Let Attackers Execute Arbitrary Code
Veeam, a leading provider of backup and disaster recovery solutions, has disclosed two significant vulnerabilities affecting its Service Provider Console (VSPC), including a critical remote code execution (RCE) flaw. The vulnerabilities discovered during internal testing impact VSPC version 8.1.0.21377 and all earlier versions, including builds 8 and 7. The most severe vulnerability tracked … [Read more...]
Storm-1811 Hackers Exploits RMM Tools to Deliver Black Basta Ransomware
Storm-1811, a financially driven threat actor that employs social engineering techniques, has recently been observed exploiting RMM tools to distribute the Black Basta ransomware. The threat actor exploits the client management tool, Microsoft Quick Assist, with the intention of delivering Black Basta ransomware as the ultimate payload over the network. Quick Assist is an application that … [Read more...]
SmokeLoader Malware Attacking Windows Users Exploiting XLS And DOC Vulnerabilities
The notorious SmokeLoader malware has been identified targeting firms in Taiwan, including those in manufacturing, healthcare, information technology, and other industries. SmokeLoader is renowned for its adaptability and sophisticated evasion strategies, and it can carry out a variety of attacks due to its modular structure. In this case, SmokeLoader performs the attack directly by … [Read more...]
Cisco Confirms Active Exploitation Of Cisco XSS VPN Vulnerability
Cisco has confirmed that a decade-old cross-site scripting (XSS) vulnerability in its Adaptive Security Appliance (ASA) Software is currently being actively exploited in the wild. The vulnerability, identified as CVE-2014-2120, affects the WebVPN login page and could allow unauthenticated, remote attackers to conduct XSS attacks against users of the WebVPN service. Originally disclosed in … [Read more...]
Hackers Allegedly Claims Breach of EazyDiner Reservation Platform
A prominent restaurant reservation platform, EazyDiner has reportedly fallen victim to a significant data breach. Hackers claim to have accessed and leaked sensitive customer information, potentially compromising the privacy and security of numerous users. The alleged cyberattack has exposed a range of sensitive user data, including: Names Email addresses Phone … [Read more...]
Salesforce Applications Vulnerability Let Attackers Takeover The Accounts
A recent penetration test conducted on Salesforce Communities revealed critical vulnerabilities that could allow attackers to take over user accounts. The security assessment, performed on multiple Salesforce instances, uncovered several issues related to misconfigured objects and broken access controls. The investigation found that many standard and custom Salesforce objects were improperly … [Read more...]
Apple Employee Suing Company For Monitoring Employee Personal Devices
A current Apple employee has filed a lawsuit against the Apple, accusing the company of invasive surveillance practices that extend into workers’ personal lives. The lawsuit, filed in California state court on Sunday, December 1, 2024, alleges that Apple systematically violates employee privacy rights and imposes restrictive policies on speech and activity. Amar Bhakta, a digital advertising … [Read more...]
TP-Link Archer Zero-Day Vulnerability Let Attackers Inject Malicious Commands
A critical zero-day vulnerability has been discovered in TP-Link Archer, Deco, and Tapo series routers, potentially allowing attackers to inject malicious commands and fully compromise affected devices. This vulnerability, present in both old and recent firmware versions up to November 4th, 2024, highlights significant security concerns for users of these popular router models. The … [Read more...]