Blog

The state-sponsored Lazarus group has been using a new strategy called Bring Your Own Vulnerable Driver (BYOVD) attack. The group was observed using a vulnerability in the Dell firmware driver to install a Windows rootkit. The high-severity flaw is tracked… Continue Reading

Optus disclosed a data leak involving nearly 2.1 million customer records. Customers' personal information, including identification numbers, was revealed. The leak was caused by a data breach confirmed by Optus in late September, during which they were double… Continue Reading

Every day brings new trends and threats with it. To keep yourself, your devices, and your business safe, it is advisable to be aware of changes in the cyber landscape. Podcasts are a simple and effective… Continue Reading

The Comm100 Live Chat application was subject to a supply chain attack in the very last days of September. A trojanized installer was used in the attack, which led to the distribution of a JavaScript… Continue Reading

Last week, notorious ransomware gangs made a splash again by targeting US critical infrastructures. One of the threat actors that victimized the defense and education sectors were the BlackCat group, also known as ALPHV, and… Continue Reading

Threat actors related to SolarMarker strike with watering hole attacks as a new method of delivering malware rather than the previously used SEO poisoning method. In this new approach, they used fake Google Chrome updates… Continue Reading

Security experts caution about actively exploited zero-day vulnerabilities in Microsoft Exchange servers. The flaws could allow remote code execution in fully patched servers.  The two flaws are tracked by Zero Day Initiative as ZDI-CAN-18333 (CVSS score: 8.8)… Continue Reading

The cracked version of Brute Ratel C4 (BRC4) is currently being distributed on hacker platforms for free. Posts spreading it have been seen in multiple hacking forums and Telegram and Discord channels. Post about cracked… Continue Reading

WhatsApp's September security update fixes two high-severity flaws that could result in remote code execution. The flaws affect WhatsApp and WhatsApp Business versions before 2.22.16.12 in iOS and Android operating systems.  To see which version is currently… Continue Reading

Hackers frequently look for ways to trick users and organizations, as the weakest link in security is the human factor. This makes phishing one of the most common entry attacks. During the last two months,… Continue Reading

Data exfiltration malware Exmatter, previously associated with the BlackMatter ransomware gang, now has data corruption capabilities. This could signify a new strategy ransomware affiliates may use in the future. Although BlackMatter affiliates have been using… Continue Reading

Threat actors started utilizing PowerPoint presentations as a code execution method and delivering Graphite malware in targeted attacks. APT28 (Fancy Bear), a threat actor group linked to Russia, has recently been seen using the method… Continue Reading

Microsoft SQL database servers are the target of a new ransomware attack campaign called FARGO ransomware. FARGO, also known as TargetCompany, aims to double-extort victims.  This year's ransomware attacks against MS-SQL instances included dropping Cobalt Strike… Continue Reading

Sophos released a patch for a flaw discovered in their firewall product. Tracked as CVE-2022-3236 (CVSS score: 9.8), the vulnerability allows code injection in the User Portal and Webadmin components, which could result in remote code execution.… Continue Reading

E-commerce platform Magento has become a frequent target for hackers. More attempts have been made to exploit CVE-2022-24086 since its proof-of-concept was made available. The critical vulnerability is present in Magento 2, and it allows unauthenticated attackers to execute… Continue Reading

CISA has added a new critical vulnerability to its Known Exploited Vulnerabilities Catalog. The flaw exists in several ManageEngine products from Zoho and can lead to remote code execution on unpatched instances. The flaw, identified as CVE-2022-35405,… Continue Reading

A flaw in the Python tarfile module has gone unfixed for 15 years. 350,000 open-source projects are considered vulnerable. The flaw is tracked as CVE-2007-4559; it is a directory traversal vulnerability that allows to read and… Continue Reading

Unpatched Atlassian Confluence Server instances are vulnerable to a critical RCE flaw. The flaw, tracked as CVE-2022-26134 (CVSS score: 9.8), is actively exploited by hackers for crypto mining purposes.  The vulnerability, once exploited, could result in various attack… Continue Reading

Evgeny Gaevoy, the CEO of Wintermute, said earlier today that the company had been hacked and had lost $162.2 million in DeFi operations.  The Profanity tool was used to create the compromised Wintermute wallet. Wintermute… Continue Reading

Cobalt Strike 4.7.1 out-of-band update fixed an issue in version 4.7 that the affected users reported. There was no workaround for the problem. A vulnerability revealed soon after the 4.7 release was also addressed by… Continue Reading