As part of its ongoing efforts to protect Microsoft cloud environments against malicious activity, CISA recently introduced an open-source incident response tool called the “Untitled Goose Tool.” This Python-based utility tool was developed in collaboration with Sandia, a national laboratory of the United States Department of Energy. Following are the environments from which telemetry … [Read more...]
Microsoft Teams, Virtualbox, Tesla Zero-Days Exploited – Pwn2Own Day Two
At Pwn2Own Vancouver 2023 Day 2, for 10 unique zero-day exploits, the participants received $475,000 of cash prizes. The Tesla Model 3, the Microsoft Teams communication platform, the Oracle VirtualBox virtualization platform, and the Ubuntu Desktop operating system were all on the list of targets that were hacked. Thomas Imbert made the first demonstration (@masthoon), and Thomas … [Read more...]
Windows 11, Tesla, macOS & Ubuntu Desktop Hacked – Pwn2Own Day One
On the first day, Pwn2Own Vancouver 2023 hacking challenge participants compromised Windows 11, Tesla, macOS, and Ubuntu Desktop. AbdulAziz Hariri of Haboob SA, who completed his attack against Adobe Reader utilizing a 6-bug logic chain leveraging many failed fixes that escaped the sandbox and overcame a banned API list, gave the first demonstration of the day. 5 Master of Pwn points and … [Read more...]
ChatGPT Privacy Bug Exposes Chat Histories to Other Users
A severe flaw recently affecting ChatGPT, an artificial intelligence chatbot developed by OpenAI, exposed chat history and consequently caused an outage. After observing Chinese characters in the title of their conversation history, a ChatGPT user on Reddit first reported the error. As some users could view the history of other users’ conversations, this flaw has raised questions about … [Read more...]
Hackers Attack Administrative Organizations Using PowerMagic and CommonMagic Malware
Significant numbers of cyberattacks are executed in a political or geopolitical context that Kaspersky researchers and the international community are identifying. In recent weeks, reports have surfaced of attacks carried out by an advanced threat actor using a previously unknown malicious framework, CommonMagic, and a new backdoor, PowerMagic. At least one malware piece has been used as … [Read more...]
Hackers Attack .NET Developers Using Malicious NuGet Repository Packages
There is a concerning trend among cybercriminals targeting individuals working with the .NET framework using a sneaky tactic called typosquatting. This involves creating fake packages that mimic the names of legitimate software and distributing them through the popular NuGet repository. Cybersecurity researchers Natan Nehorai and Brian Moussalli from JFrog have detected this ongoing … [Read more...]
Ferrari Hacked – Attackers Stolen Payment Data & Demand For Ransom
Recently, the renowned manufacturer of sports cars Company “Ferrari” from Italy reported that a ransomware attack targeted their IT systems and accessed or stole sensitive data. The company stated that customer contact information might have been compromised and that the attackers demanded a ransom for not disclosing the data. Ferrari Took Swift Action. As soon as Ferrari received … [Read more...]
Meta Manager Was Hacked By Surveillance-For-Hire Software for Around One Year
A U.S. and Greek national, Artemis Seaford, who worked for Meta’s trust and safety team while headquartered in Greece, was subjected to a year-long wiretap by the Greek national intelligence service and compromised using a strong cyber espionage tool. It shows that the illegal use of spyware is expanding beyond authoritarian governments’ use against journalists and opposition figures. It has … [Read more...]
Bitcoin ATMs Hacked – Attackers Exploiting a 0-Day Vulnerability in Its Platform
General Bytes, a Prague-based company, announced on 18 March that it had received a hacker warning saying it had remotely uploaded a Java application to its management platform to steal user information and funds in a hot wallet. It is believed that the attacker could identify several CAS services running on port 7741 by scanning the IP address space of Digital Ocean, including the General … [Read more...]
Red Team vs Blue Team Operations : How Does it Works?
Security is a multifaceted field with multiple roles for carrying out diverse operations. In this article, we demystify the concept of the red and blue teams in security. First, why do we need to bifurcate security roles for two teams on Penetration Testing? Simply put, a company’s security responsibilities are so wide that it’s impossible to be an expert in every field. In an attempt … [Read more...]
RAT Developer Arrested for Hacking Over 10,000 Computers
An investigative team from the Ukrainian National Cyber Police has arrested the 25-year-old developer of RAT malware, which infected over 10,000 computers while posing as a game application. Employees of the Department for Countering Cybercrime of the Khmelnytskyi region were able to expose the 25-year-old offender by investigating the cybercrime he committed. The investigative … [Read more...]
Google Uncovers 18 Zero-Day Vulnerabilities in Samsung’s Exynos Chipsets
The Project Zero team at Google has recently found and reported 18 zero-day vulnerabilities in Samsung’s Exynos chipsets, which are mainly used in:- Mobile devices Wearables Automobiles Among the 18 zero-day vulnerabilities, four vulnerabilities were classified as the most serious, as they enabled remote code execution (RCE) over the internet to the baseband. Project Zero … [Read more...]
U.S Federal Agency Hacked – Attackers Exploited Telerik Vulnerability in IIS Server
A joint operation conducted by DHS, FCEB, and CISA Identified multiple attempts of a cyber attack on the U.S. Government IIS Server by exploiting a .NET deserialization Telerik Vulnerability. Multiple hackers group initiated this attack, including APT actors. The successful exploitation of the vulnerability lets attackers execute an arbitrary code remotely on the federal civilian executive … [Read more...]
Hackers Exploiting Microsoft Outlook Privilege Escalation Flaw in The Wild
In response to the discovery of a critical vulnerability in Microsoft Outlook, CVE-2023-23397, actively exploited in the wild by the threat actors, Cisco Talos urges all Outlook users to update their email clients as soon as possible after the vulnerability has been discovered. While Microsoft later determined that the activities resulted from Russian-based actors, and they were being used in … [Read more...]
Weaponized Telegram and WhatsApp Apps Attack Android & Windows Users
ESET Research discovered the first incidence of clippers present in messaging apps. Several fake Telegram and WhatsApp websites have been found, mostly targeting Android and Windows users with trojanized versions of these instant messaging services. Notably, the majority of the harmful apps that researchers found are clippers, a type of malware that steals or alters the contents of … [Read more...]
Hackers Exploiting Silicon Valley Bank (SVB) Collapse to Launch Cyber-Attacks
The failure of Silicon Valley Bank (SVB) on March 10, 2023, as a result of a bank run on its deposits, is expected to have a significant impact on this society because SVB had previously been the preferred banking partner for many businesses globally. This failure was the second-biggest in American history and the greatest bank failure since the financial crisis of 2007–2008. “The collapse … [Read more...]
Critical SAP Vulnerabilities Let Attackers Inject Code & Execute Commands
SAP provided security fixes for 19 vulnerabilities, five of which were classified as critical, affecting SAP Business Objects Business Intelligence Platform (CMC) and SAP NetWeaver. To reduce the dangers involved, the administrators should apply the patch immediately. The company has released security patches to address vulnerabilities in the SAP Business Objects Business Intelligence Platform … [Read more...]
ChatGPT Powered Polymorphic Malware Bypasses Endpoint Detection Filters
The number of monthly users of ChatGPT exceeded 100 million at the end of January, which sets a new record for the fastest-growing app since it was launched at the end of 2022. OpenAI’s ChatGPT is a natural language processing tool that uses AI to process text and is developed by OpenAI. However, recent research revealed that ChatGPT could build code that can be used maliciously. Jeff Sims, … [Read more...]
Kali Linux 2023.1 Released – New Kali Purple Added for Purple & Blue Teamers
A new distribution called “Kali Purple” was released recently by Offensive Security as part of the Kali Linux 2023.1 project for its 10th anniversary, and it’s the first version of 2023. Since the Kali Linux 2022.4 was released last year, This new version, Kali Purple is specially designed for defensive security, and it’s aimed at Blue and Purple team members. While Kali Linux is … [Read more...]
Hackers Abuse Google Search Ads to Deliver Vidar and Ursnif Malware
Recently, the cybersecurity researchers at eSentire have identified a shady piece of malware downloader, BatLoader, that has been engaged in a wicked campaign of exploiting Google Ads to distribute malicious secondary payloads such as:- Vidar Stealer Ursnif In this ongoing operation, there is a large variety of legitimate apps and newly registered websites that have been spoofed … [Read more...]
- « Previous Page
- 1
- …
- 82
- 83
- 84
- 85
- 86
- …
- 88
- Next Page »