Researchers from Kaspersky Labs uncovered a new wave of 3CX supply chain attacks targeting cryptocurrency companies to implant Gopuram. A supply chain attack previously reported has been conducted via 3CXDesktopApp, a popular VoIP program and desktop client that allows users to Make calls, send voice messages, chat, schedule a video conference, and more. So far, 3CX supply chain … [Read more...]
Microsoft OneNote Security Blocks 120 File Extensions to Tighten Security
To better protect users, Microsoft has published detailed information on the dangerous embedded files that OneNote will soon block. “To help protect you and your recipients against computer viruses, Outlook blocks the sending and receiving of certain types of files (such as .exe and certain database files) as attachments,” Microsoft. Threat actors embed dangerous files and scripts in … [Read more...]
Western Digital Hacked – Hackers Breached The Network & Accessed The Data
Well-known Scandisk drive manufacturer Western Digital (WD) disclosed a data breach on its network in which attackers accessed multiple systems’ unauthorized data. WD is an American computer drive manufacturer and data storage company that produce and sell data storage devices, data center systems, and cloud storage services. Since it’s an ongoing … [Read more...]
Hackers Exploit Zimbra Vulnerability to Gain Access to Email Mailboxes
It has been observed by Proofpoint researchers that TA473, a newly minted APT actor, abuses publicly facing Zimbra-hosted webmail portals by exploiting a vulnerability found in Zimbra, which has been tracked as CVE-2022-27926. The sole goal of this activity is to gain unauthorized access to the following organizations that are involved in the Russia-Ukrainian … [Read more...]
Ransomware Groups Attacking Satellite and Space Industry
Ransomware groups and hacktivists are actively targeting satellite and space industries. SATCOM Networks and Space Industry Devices are becoming an increasingly important component of the Critical Infrastructure of any nation as they are increasingly integrated into the operations of the Space Industry. Since SATCOM services are becoming an increasingly critical part of business, it … [Read more...]
Italy Blocks ChatGPT Temporarily Over Privacy Concerns
According to the government’s privacy regulatory body, Italian authorities have recently placed a temporary hold on the ChatGPT due to concerns regarding data privacy. With the recent emergence of artificial intelligence chatbots, the Italian government is the first country from the Western region to take action against one of these bots, ChatGPT. As a result of the restriction, the web … [Read more...]
Hackers Exploiting WordPress Plugin with Over 11M Installs
One of the most popular WordPress plugins, Elementor Pro, used by over eleven million websites, is vulnerable to a high-severity vulnerability that hackers have actively exploited. More than 12 million sites powered by WordPress have been affected by the vulnerability, which carries a severity rating of 8.8 out of 10. Elementor Pro is a plugin that allows users to build professional-looking … [Read more...]
AlienFox – A Hacking Toolkit That Steals Credential From Multiple Cloud Services
A recently discovered comprehensive toolset dubbed AlienFox toolkit is circulating on Telegram. It’s a modular set of tools that enables malicious actors to scan for poorly configured servers, potentially leading to the theft of cloud-based email service credentials and authentication secrets. SentinelOne security researcher Alex Delamotte stated:- “A new trend in cyberattacks … [Read more...]
What are the Issues Facing CISOs Trying to Secure Their APIs?
In 2023, it has never been more critical for CISOs to secure API ecosystems. There are many advantages to APIs. The main benefit is the interconnectivity of separate services and the exchange of critical data with employees, partners, and customers. But the modern company has thousands of APIs. They’re changing very quickly too. APIs are a veritable goldmine for hackers because of the … [Read more...]
BingBang – A New Bing Vulnerability that Can be Exploited Without Executing a code
Azure Active Directory (AAD) has a new attack vector that affected Microsoft’s Bing.com, according to Wiz Research. A widespread AAD misconfiguration is the attack vector, making misconfigured apps vulnerable to intrusion. Microsoft’s AAD, a cloud-based identity and access management (IAM) service, is the standard authentication method for Azure App Services and Azure Functions … [Read more...]
New Malware Dubbed Mélofée Attacking Linux Servers
ExaTrack found a new undetected implant family called Mélofée that targets Linux systems. Three samples of the previously known malicious software, dating from the beginning of 2022, were found by analysts. Chinese state-sponsored APT groups, including the notorious Winnti group, are related to the malware. Capabilities of Mélofée Researchers analyzed this malware family’s … [Read more...]
Microsoft Introduces New GPT-4 Tool to The Cybersecurity Battlefield
Recently Microsoft launched Security Copilot which marks Microsoft’s continued attempt to embed AI-oriented features at a rapid pace and large scale to offer an end-to-end defense to cybersecurity experts. OpenAI’s latest generative artificial intelligence model GPT-4 is used by Security Copilot in its application. Cybersecurity analysts can use it to:- Evaluate risk exposure Respond to … [Read more...]
Europol Warns That Hackers Use ChatGPT to Conduct Cyber Attacks
Europol Innovation Lab recently conducted workshops with experts from Europol to investigate the potential for criminal abuse of language models like ChatGPT and their usefulness for investigators. In the Europol Innovation Lab, innovative solutions are developed for improving the way that law enforcement investigates, tracks, and disrupts terrorists and criminal organizations by making use of … [Read more...]
MacStealer – New macOS-Based Malware Steals Passwords, Cookies & Credit Cards From Browser
Uptycs threat research team recently discovered “MacStealer,” a new information-stealing malware designed to target Apple’s macOS operating system. It aims to steal various sensitive information, including credentials stored in the:- iCloud KeyChain Web browsers Cryptocurrency wallets Potentially sensitive files MacStealer is a malware-as-a-service (MaaS) distributed for … [Read more...]
Hackers Exploiting ChatGPT’s Popularity to Spread Malware via Hacked FB Accounts
Researchers recently conducted an investigation and uncovered alarming information regarding 13 Facebook pages and accounts. These pages and profiles have been compromised by the threat actors, and the most shocking thing about these pages and accounts, they have more than 500k active followers. These compromised pages/accounts were exploited by the threat actors with the help of ChatGPT to … [Read more...]
Linux Kernel Vulnerabilities in Ubuntu Let Hackers Launch DOS Attack & Execute Arbitrary Code
Several security vulnerabilities were recently addressed by Canonical in both Graphviz and the Linux kernel of Ubuntu. Recent discoveries include null pointer dereference vulnerabilities in Graphviz and improper handling of indirect branch prediction isolation between L1 and L2 VMs in the KVM VMX implementation of the Linux kernel. Affected packages Here below, we have mentioned all the … [Read more...]
Explosive USB Drive Bomb that Gets Detonated when Plugged into Computer
Journalists across Ecuador were targeted using a novel bomb resembling a USB drive. Once inserted into a computer, these devices detonate. According to a report from CBS News, over five Ecuadorian journalists, they received a USB letter bomb from Quinsaloma. The letters represented “a new escalation in violence against the press, said Fundamedios NGO, and called for “immediate intervention … [Read more...]
6 Best Free Malware Analysis Tools to Break Down the Malware Samples – 2023
The malware analysis tools simply allow us to know in a quick and effective way, what actions a threat makes in the system. In this way, you can easily collect all the information about the created files, network connections, changes in the registry, etc. Hence, to achieve this goal, there are a lot of resources and tools available that simply provide the possibility to analyze a threat … [Read more...]
New Android Banking Malware Attacking Over 400 Financial Apps
Several threat actors have already been exploiting a newly discovered Android banking trojan, dubbed Nexus, to penetrate 450 financial applications and steal data. While this malware was identified by cybersecurity analysts at Italian cybersecurity firm, Cleafy, they affirmed that it is still in its early development stages. However, ATO attacks against banking portals and … [Read more...]
CISA Released a New Tool to Detect Hacking Activity in Microsoft Cloud Environments
As part of its ongoing efforts to protect Microsoft cloud environments against malicious activity, CISA recently introduced an open-source incident response tool called the “Untitled Goose Tool.” This Python-based utility tool was developed in collaboration with Sandia, a national laboratory of the United States Department of Energy. Following are the environments from which telemetry … [Read more...]
- « Previous Page
- 1
- …
- 81
- 82
- 83
- 84
- 85
- …
- 88
- Next Page »