Author: Mash

The latest P2Pinfect botnet variants are targeting devices with 32-bit MIPS processors, commonly found in routers and IoT devices. Discovered [...]

• News

Posted on December 6, 2023 by Mash

LogoFAIL is a set of security vulnerabilities impacting image-parsing components within UEFI code across different vendors. These vulnerabilities pose a [...]

• News

Posted on December 2, 2023 by Mash

Google released security updates for Chrome, addressing seven issues, including a high-severity zero-day vulnerability (CVE-2023-6345) in the Skia 2D graphics [...]

• News

Posted on December 1, 2023 by Mash

Recent reports indicate that Google Drive users are experiencing the sudden disappearance of their most recent files stored in the [...]

• News

Posted on November 29, 2023 by Mash

A newly identified Mirai-based malware botnet named 'InfectedSlurs' is leveraging two zero-day remote code execution (RCE) vulnerabilities to infect routers [...]

• News

Posted on November 24, 2023 by Mash

The Lumma information-stealer malware, also known as 'LummaC2,' is now promoting a new feature that supposedly enables cybercriminals to revive [...]

• News

Posted on November 23, 2023 by Mash

The Kinsing malware operator is currently taking advantage of the critical CVE-2023-46604 vulnerability in the Apache ActiveMQ open-source message broker [...]

• News

Posted on November 21, 2023 by Mash

Another Russian state-sponsored hacking group, APT29, also known as UNC3524, NobleBaron, Dark Halo, NOBELIUM, Cozy Bear, CozyDuke, and SolarStorm, is [...]

• News

Posted on November 20, 2023 by Mash

Microsoft has made Windows 11 Moment 4 mandatory through the latest update (KB5032190) on Patch Tuesday. This update introduces features [...]

• News

Posted on November 18, 2023 by Mash

The WP Fastest Cache WordPress plugin, utilized by over a million sites to enhance page speed and user experience, is [...]

• News

Posted on November 16, 2023 by Mash

Malicious actors exploit Ethereum's 'Create2' function to evade wallet security alerts and compromise cryptocurrency addresses, resulting in a theft of [...]

• News

Posted on November 15, 2023 by Mash

A zero-day vulnerability in SysAid's service management software is being exploited by threat actors, identified as Lace Tempest (a.k.a. Fin11 [...]

• News

Posted on November 10, 2023 by Mash

The GootLoader malware has evolved with a new variant called GootBot, designed to enable lateral movement on compromised systems and [...]

• News

Posted on November 10, 2023 by Mash

The North Korean-backed group BlueNorOff, known for targeting cryptocurrency exchanges and financial institutions, is using new macOS malware called ObjCShellz [...]

• News

Posted on November 9, 2023 by Mash

Apple's "Find My" network, initially designed to help users locate lost Apple devices, can be exploited by malicious actors to [...]

• News

Posted on November 6, 2023 by Mash

Four zero-day vulnerabilities in Microsoft Exchange have been revealed, allowing remote attackers to execute arbitrary code and access sensitive data. [...]

• News

Posted on November 5, 2023 by Mash

A recently identified malware called 'KandyKorn' for macOS has emerged in a cyber campaign associated with the North Korean hacking [...]

• News

Posted on November 4, 2023 by Mash

Mozi, a prominent DDoS malware botnet that surfaced in 2019, predominantly attacking IoT devices, lost activity in August. Then, on [...]

• News

Posted on November 3, 2023 by Mash

Czech cybersecurity company, Avast, confirmed its antivirus SDK wrongly flagged a Google Android app as malware on Huawei, Vivo, and [...]

• News

Posted on November 2, 2023 by Mash

On October 25th, hackers stole $4.4 million in cryptocurrency using compromised LastPass databases to obtain private keys and passphrases. This [...]

• News

Posted on November 1, 2023 by Mash

Microsoft provided a fix for a known Microsoft 365 issue causing 'Something Went Wrong [1001]' sign-in errors and rendering desktop [...]

• News

Posted on October 29, 2023 by Mash

Pwn2Own Toronto 2023 ended with researchers earning $1,038,500 for 58 zero-day exploits targeting various consumer products from October 24 to [...]

• News

Posted on October 29, 2023 by Mash

StripedFly, a highly sophisticated cross-platform malware, went unnoticed by cybersecurity experts for five years, infecting over a million Windows and [...]

• News

Posted on October 28, 2023 by Mash

The Matrix open standard and real-time communication protocol team has launched version 2 with group VoIP encryption, faster loading times, [...]

• News

Posted on October 25, 2023 by Mash

1Password, a widely-used password manager for over 100,000 businesses, faced a security incident when hackers infiltrated its Okta ID management [...]

• News

Posted on October 25, 2023 by Mash

Google is preparing to test a "IP Protection" feature in Chrome, which hides users' IP addresses with proxy servers to [...]

• News

Posted on October 24, 2023 by Mash

A cyber threat actor is using fake LinkedIn posts and direct messages to trick people into downloading info-stealing malware, such [...]

• News

Posted on October 22, 2023 by Mash

The BlackCat/ALPHV ransomware operation recently incorporated a novel tool called 'Munchkin.' This tool harnesses virtual machines for surreptitious deployment of [...]

• News

Posted on October 21, 2023 by Mash

Amazon now offers passkey support for passwordless login, enhancing security by using biometrics or PINs linked to devices like phones [...]

• News

Posted on October 20, 2023 by Mash

Discord remains a hotspot for hackers, including APT groups, who use it to distribute malware, steal data, and target critical [...]

• News

Posted on October 18, 2023 by Mash

Between July and September, DarkGate malware attacks leveraged compromised Skype accounts to infect targets via messages with VBA loader script [...]

• News

Posted on October 16, 2023 by Mash

Hackers are exploiting LinkedIn Smart Links for phishing attacks to steal Microsoft account credentials. Smart Links are part of LinkedIn's [...]

• News

Posted on October 13, 2023 by Mash

A zero-day DDoS technique called 'HTTP/2 Rapid Reset' broke records in magnitude since August. Amazon, Cloudflare, and Google jointly reported [...]

• News

Posted on October 12, 2023 by Mash

Multiple Balada Injector campaigns have infected over 17,000 WordPress sites using known premium theme plugin vulnerabilities. Discovered in December 2022 [...]

• News

Posted on October 10, 2023 by Mash

The Chrome team is enhancing user experience with a new "Organize Tabs" feature, located at the top left corner, near [...]

• News

Posted on October 10, 2023 by Mash

Over the past six months, a complex malicious campaign has emerged, planting info-stealing packages on open-source platforms with 75,000 downloads. [...]

• News

Posted on October 6, 2023 by Mash

A recent Linux vulnerability, dubbed 'Looney Tunables' (CVE-2023-4911), allows local attackers to obtain root privileges by exploiting a buffer overflow [...]

• News

Posted on October 5, 2023 by Mash

'BunnyLoader' is a newly discovered fileless loader malware. It can steal clipboard contents, execute payloads, record keystrokes, steal data and [...]

• News

Posted on October 4, 2023 by Mash

The LostTrust ransomware operation is suspected to have rebranded from MetaEncryptor, employing nearly identical data leak sites and encryption methods. [...]

• News

Posted on October 3, 2023 by Mash

Hackers can exploit logic flaws in Cloudflare's Firewall and DDoS prevention, potentially undermining its protection. This poses a significant threat [...]

• News

Posted on October 1, 2023 by Mash