Several security vulnerabilities were recently addressed by Canonical in both Graphviz and the Linux kernel of Ubuntu. Recent discoveries include null pointer dereference vulnerabilities in Graphviz and improper handling of indirect branch prediction isolation between L1 and L2 VMs in the KVM VMX implementation of the Linux kernel. Affected packages Here below, we have mentioned all the … [Read more...]
Explosive USB Drive Bomb that Gets Detonated when Plugged into Computer
Journalists across Ecuador were targeted using a novel bomb resembling a USB drive. Once inserted into a computer, these devices detonate. According to a report from CBS News, over five Ecuadorian journalists, they received a USB letter bomb from Quinsaloma. The letters represented “a new escalation in violence against the press, said Fundamedios NGO, and called for “immediate intervention … [Read more...]
6 Best Free Malware Analysis Tools to Break Down the Malware Samples – 2023
The malware analysis tools simply allow us to know in a quick and effective way, what actions a threat makes in the system. In this way, you can easily collect all the information about the created files, network connections, changes in the registry, etc. Hence, to achieve this goal, there are a lot of resources and tools available that simply provide the possibility to analyze a threat … [Read more...]
New Android Banking Malware Attacking Over 400 Financial Apps
Several threat actors have already been exploiting a newly discovered Android banking trojan, dubbed Nexus, to penetrate 450 financial applications and steal data. While this malware was identified by cybersecurity analysts at Italian cybersecurity firm, Cleafy, they affirmed that it is still in its early development stages. However, ATO attacks against banking portals and … [Read more...]
CISA Released a New Tool to Detect Hacking Activity in Microsoft Cloud Environments
As part of its ongoing efforts to protect Microsoft cloud environments against malicious activity, CISA recently introduced an open-source incident response tool called the “Untitled Goose Tool.” This Python-based utility tool was developed in collaboration with Sandia, a national laboratory of the United States Department of Energy. Following are the environments from which telemetry … [Read more...]
Microsoft Teams, Virtualbox, Tesla Zero-Days Exploited – Pwn2Own Day Two
At Pwn2Own Vancouver 2023 Day 2, for 10 unique zero-day exploits, the participants received $475,000 of cash prizes. The Tesla Model 3, the Microsoft Teams communication platform, the Oracle VirtualBox virtualization platform, and the Ubuntu Desktop operating system were all on the list of targets that were hacked. Thomas Imbert made the first demonstration (@masthoon), and Thomas … [Read more...]
Windows 11, Tesla, macOS & Ubuntu Desktop Hacked – Pwn2Own Day One
On the first day, Pwn2Own Vancouver 2023 hacking challenge participants compromised Windows 11, Tesla, macOS, and Ubuntu Desktop. AbdulAziz Hariri of Haboob SA, who completed his attack against Adobe Reader utilizing a 6-bug logic chain leveraging many failed fixes that escaped the sandbox and overcame a banned API list, gave the first demonstration of the day. 5 Master of Pwn points and … [Read more...]
ChatGPT Privacy Bug Exposes Chat Histories to Other Users
A severe flaw recently affecting ChatGPT, an artificial intelligence chatbot developed by OpenAI, exposed chat history and consequently caused an outage. After observing Chinese characters in the title of their conversation history, a ChatGPT user on Reddit first reported the error. As some users could view the history of other users’ conversations, this flaw has raised questions about … [Read more...]
Hackers Attack Administrative Organizations Using PowerMagic and CommonMagic Malware
Significant numbers of cyberattacks are executed in a political or geopolitical context that Kaspersky researchers and the international community are identifying. In recent weeks, reports have surfaced of attacks carried out by an advanced threat actor using a previously unknown malicious framework, CommonMagic, and a new backdoor, PowerMagic. At least one malware piece has been used as … [Read more...]
Hackers Attack .NET Developers Using Malicious NuGet Repository Packages
There is a concerning trend among cybercriminals targeting individuals working with the .NET framework using a sneaky tactic called typosquatting. This involves creating fake packages that mimic the names of legitimate software and distributing them through the popular NuGet repository. Cybersecurity researchers Natan Nehorai and Brian Moussalli from JFrog have detected this ongoing … [Read more...]
Ferrari Hacked – Attackers Stolen Payment Data & Demand For Ransom
Recently, the renowned manufacturer of sports cars Company “Ferrari” from Italy reported that a ransomware attack targeted their IT systems and accessed or stole sensitive data. The company stated that customer contact information might have been compromised and that the attackers demanded a ransom for not disclosing the data. Ferrari Took Swift Action. As soon as Ferrari received … [Read more...]
Meta Manager Was Hacked By Surveillance-For-Hire Software for Around One Year
A U.S. and Greek national, Artemis Seaford, who worked for Meta’s trust and safety team while headquartered in Greece, was subjected to a year-long wiretap by the Greek national intelligence service and compromised using a strong cyber espionage tool. It shows that the illegal use of spyware is expanding beyond authoritarian governments’ use against journalists and opposition figures. It has … [Read more...]
Bitcoin ATMs Hacked – Attackers Exploiting a 0-Day Vulnerability in Its Platform
General Bytes, a Prague-based company, announced on 18 March that it had received a hacker warning saying it had remotely uploaded a Java application to its management platform to steal user information and funds in a hot wallet. It is believed that the attacker could identify several CAS services running on port 7741 by scanning the IP address space of Digital Ocean, including the General … [Read more...]
Red Team vs Blue Team Operations : How Does it Works?
Security is a multifaceted field with multiple roles for carrying out diverse operations. In this article, we demystify the concept of the red and blue teams in security. First, why do we need to bifurcate security roles for two teams on Penetration Testing? Simply put, a company’s security responsibilities are so wide that it’s impossible to be an expert in every field. In an attempt … [Read more...]
RAT Developer Arrested for Hacking Over 10,000 Computers
An investigative team from the Ukrainian National Cyber Police has arrested the 25-year-old developer of RAT malware, which infected over 10,000 computers while posing as a game application. Employees of the Department for Countering Cybercrime of the Khmelnytskyi region were able to expose the 25-year-old offender by investigating the cybercrime he committed. The investigative … [Read more...]
Google Uncovers 18 Zero-Day Vulnerabilities in Samsung’s Exynos Chipsets
The Project Zero team at Google has recently found and reported 18 zero-day vulnerabilities in Samsung’s Exynos chipsets, which are mainly used in:- Mobile devices Wearables Automobiles Among the 18 zero-day vulnerabilities, four vulnerabilities were classified as the most serious, as they enabled remote code execution (RCE) over the internet to the baseband. Project Zero … [Read more...]
U.S Federal Agency Hacked – Attackers Exploited Telerik Vulnerability in IIS Server
A joint operation conducted by DHS, FCEB, and CISA Identified multiple attempts of a cyber attack on the U.S. Government IIS Server by exploiting a .NET deserialization Telerik Vulnerability. Multiple hackers group initiated this attack, including APT actors. The successful exploitation of the vulnerability lets attackers execute an arbitrary code remotely on the federal civilian executive … [Read more...]
Hackers Exploiting Microsoft Outlook Privilege Escalation Flaw in The Wild
In response to the discovery of a critical vulnerability in Microsoft Outlook, CVE-2023-23397, actively exploited in the wild by the threat actors, Cisco Talos urges all Outlook users to update their email clients as soon as possible after the vulnerability has been discovered. While Microsoft later determined that the activities resulted from Russian-based actors, and they were being used in … [Read more...]
Weaponized Telegram and WhatsApp Apps Attack Android & Windows Users
ESET Research discovered the first incidence of clippers present in messaging apps. Several fake Telegram and WhatsApp websites have been found, mostly targeting Android and Windows users with trojanized versions of these instant messaging services. Notably, the majority of the harmful apps that researchers found are clippers, a type of malware that steals or alters the contents of … [Read more...]
Hackers Exploiting Silicon Valley Bank (SVB) Collapse to Launch Cyber-Attacks
The failure of Silicon Valley Bank (SVB) on March 10, 2023, as a result of a bank run on its deposits, is expected to have a significant impact on this society because SVB had previously been the preferred banking partner for many businesses globally. This failure was the second-biggest in American history and the greatest bank failure since the financial crisis of 2007–2008. “The collapse … [Read more...]
- « Previous Page
- 1
- …
- 76
- 77
- 78
- 79
- 80
- …
- 82
- Next Page »