Researchers detected IMPERIAL KITTEN, an adversary with ties to Iran, conducting strategic web compromise (SWC) operations with a focus on transportation, logistics, and technology firms. The adversary, who has been operating since at least 2017, has been reported to have…
Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
10 Best Unified Endpoint Management Tools – 2024
Managing a diverse range of devices, including desktops, mobile devices, and Internet of Things (IoT) devices, is an essential aspect of modern businesses. To efficiently handle these devices, a set of best Unified Endpoint Management Tools (UEM) technologies provide an…
Serbian National Pleads Guilty For Operating a Darknet Website
After being apprehended by the US government, a Serbian citizen confessed to placing multiple orders on the Monopoly drugs market, which operates on the darknet. The individual in question has admitted to engaging in the illicit purchase of drugs through…
Chinese APT Infrastructure Mimics Cloud Backup Services
Cambodian government entities were discovered to be targeted and compromised by Chinese APT actors. The threat actors are using the infrastructure to masquerade as a cloud backup service. The infrastructure also exhibits several malicious nature and persistent connections. China has…
Microsoft Authenticator New Feature Blocks Malicious Notification by Default
In an age where online threats loom large, safeguarding our personal and professional accounts has never been more critical. With hackers tirelessly attempting to breach security barriers, the need for robust identity verification methods has become paramount. In response to…
IBM Unveils Cloud-Native QRadar SIEM to Maximize Power of SOC Professionals
IBM has recently announced the launch of its Cloud-Native SIEM solution, which is designed to enhance the scale, speed, and flexibility of security teams. With this new offering, organizations can benefit from improved threat detection and response capabilities, empowering them…
Burp Suite 2023.10.3.4 Released – What’s New!
Burp Suite 2023.10.3.4 is the name of the newest version of Burp Suite, which was just published by the PortSwigger developers. The Burp Suite is a cybersecurity tool that is used for evaluating the security of online applications. It performs…
Sapphire Sleet Hackers Attacking LinkedIn Users Based on Their Expertise
In a recent development, cybersecurity experts have identified a significant shift in the tactics employed by Sapphire Sleet, a notorious threat actor known for cryptocurrency theft through social engineering. Microsoft’s threat intelligence team has been closely monitoring Sapphire Sleet, a…
SysAid IT Service Software 0-day Exploited to Deploy Cl0p Ransomware
SysAid On-Prem software has been reported with a 0-day vulnerability determined during an incident response investigation. According to Microsoft, attackers are exploiting this zero-day vulnerability to infiltrate corporate servers, to steal sensitive data and deploy the notorious Clop ransomware. This…
Sapphire Sleet Hackers Attacking Linkedin Users Based on their Expertise
In a recent development, cybersecurity experts have identified a significant shift in the tactics employed by Sapphire Sleet, a notorious threat actor known for cryptocurrency theft through social engineering. Microsoft’s threat intelligence team has been closely monitoring Sapphire Sleet, a…
Russian Hackers Hijacked Power Station Circuit Breakers Using LotL Technique
In a recent and alarming development, the notorious Russia-linked threat actor Sandworm executed a sophisticated cyber-physical attack targeting a critical infrastructure organization in Ukraine. The incident, responded to by cybersecurity firm Mandiant, unfolded as a multi-event assault, showcasing a novel…
BlueNoroff Hackers Attacking Apple Users with New macOS Malware
A new malware variant is distributed by BlueNordoff APT group, a financially motivated threat group targeting cryptocurrency exchanges, venture capital firms, and banks. This new campaign has similar characteristics to their RustBucket campaign. BlueNoroff was first discovered in early 2014…
Hackers Actively Exploiting Big-IP and Citrix Vulnerabilities
Experts issued security alerts concerning the ongoing exploitation of Big-IP (CVE-2023-46747, CVE-2023-46748) and Citrix (CVE-2023-4966) vulnerabilities. The publicly available Proof of Concepts (POCs) for these vulnerabilities were rapidly circulated in cybercrime forums. Over 20,000 “Netscaler” instances and 1,000 “Big IP”…
Buffer Overflow Flaws in Trusted Platform Modules Allow Malicious Commands
Trusted Computing Group’s Trust Platform Module 2.0 reference library specification has been discovered with two buffer overflow vulnerabilities that threat actors can exploit to access read-only sensitive data or overwrite normally protected data, which is only available to the TPM.…
New Gootloader Malware Abuses RDP to Spread Rapidly
Hackers target Remote Desktop Protocol (RDP) via malware because it provides them with remote access to a victim’s computer or network, allowing them to:- Cybersecurity researchers at IBM X-Force affirmed recently that in place of conventional frameworks like CobaltStrike, the…
WhatsApp New Privacy Feature Let Users Hide Location During Calls
WhatsApp has begun to roll out the ‘Protect IP Address in Calls’ feature, which conceals your IP address during calls. Upon using this feature, all your calls will be relayed through WhatsApp’s servers, protecting your IP address and preventing other…
Hackers Exploiting Confluence Flaw to Deploy Ransomware
Hackers actively target Confluence flaws because it is a widely used collaboration and documentation platform, making it a valuable target for gaining unauthorized access to sensitive information or spreading malware. Exploiting vulnerabilities in Confluence can lead to:- These things make…
Storage And Backup Cyber Resiliency – CISOs Guide 2024
CISOs rely on information about security from across the organization, particularly from the various IT departments. Unfortunately, the information being fed to CISOs about cybersecurity risk is incomplete. There is a blind spot present—a gaping hole. Data about the security…
Ransomware Actors Exploiting Legitimate System Tools to Gain Access – FBI
Ransomware attacks are on the rise, causing organizations to lose millions of dollars, restricting them from accessing their data, and possibly disclosing personal information. According to the FBI Private Industry Notification, ransomware attackers have recently been taking advantage of flaws in…
Android Security Updates: 2023 – 37 Vulnerabilities Patched Including RCE, DOS
Android has fixed 37 vulnerabilities that were impacting its devices with the release of its November 2023 security updates. Most of the flaws included information disclosure, elevation of privilege, denial of service, and remote code execution. These updates address major…
Iranian APT Hackers Attacking Education & Tech Sectors to Steal Sensitive Data
Cybersecurity researchers link attackers to the Iranian-backed APT group “Agonizing Serpens,” which has upgraded its capabilities and uses various tools to bypass security measures. Hackers target and steal sensitive data for various reasons, including: They may sell the stolen data…
QNAP OS Command Injection Vulnerability Let Attackers Execute Malicious Commands
Two critical OS command injection flaws have been discovered in multiple QNAP products, which include QTS, Multimedia Console, Media Streaming add-on, QuTS Hero, and QuTScloud. These vulnerabilities existed in the QTS operating system and applications on network-attached storage (NAS) devices,…
What is Network Detection and Response (NDR)?
In the ever-evolving digital world, organizations must safeguard their networks and sensitive data against sophisticated cyber threats. Have you ever heard NDR in relation to cybersecurity? Whether you have or not, do you know what is network detection and response?.…
Veeam Critical Flaws Let Attackers Execute Remote Code and Steal NTLM Hashes
Veeam, a Global Leader in Data Protection, issued hotfixes to address four vulnerabilities affecting the Veeam ONE IT infrastructure monitoring and analytics platform. Two vulnerabilities are classified as ‘critical,’ while the other two are classified as ‘medium severity’ flaws. The critical flaws allow remote…
Top 6 Cybersecurity Incident Response Phases – 2024
Modern security tools continue to improve in their ability to defend organizations’ networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as…
Hackers Actively Exploiting Linux Privilege Escalation Flaw to Attack Cloud Environments
Linux Privilege Escalation flaw is one of the highly critical flaws as it can allow an attacker to gain elevated privileges on a system, potentially leading to full control. Hackers typically exploit these vulnerabilities by crafting malicious code or commands…
Corrupt Police Imprisoned for Revealing Investigation Secrets to Criminal
Natalie Mottram, a 25-year-old intelligence analyst who worked for Cheshire Police and the North West Regional Organised Crime Unit (ROCU), has been given a prison sentence of three years and nine months for her role in a serious security breach. …
Socks5Systemz Proxy Hacked 10,000+ Systems World Wide
Proxy services let users rent IP addresses and provide online anonymity by disguising their traffic as regular IP addresses while hiding the true source or origin. Bitsight researchers recently found a new malware sample distributed by the following two loaders:-…
‘Crypto King’ Sam Bankman-Fried Pleads Guilty Multi-billion Dollar Fraud
Sam Bankaman-Fried, the founder and CEO of the largest cryptocurrency exchange, has recently pleaded guilty to charges of fraud and money laundering. This news has sent shockwaves through the cryptocurrency community, as Bankaman-Fried was highly regarded and his exchange was…
Arid Viper Steals Sensitive Data From Android’s & Deploy Other Malware
According to recent reports, Arabic-speaking Android users have been targeted with spyware by the “Arid Viper” threat actor, also known as APT-C-23, Desert Falcon, or TAG-63). This threat actor has been using counterfeit dating apps designed to exfiltrate data from…
Top 5 Kubernetes Vulnerabilities – 2023
Kubernetes is a popular open-source platform for managing containerized workloads and services. It’s a system that simplifies a wide array of deployment, scaling, and operations tasks, but it’s not without its risks. Just as any other software or platform, Kubernetes…
Hackers Hijacking Facebook Accounts with Malware via Facebook Ads
Social media platforms offer financially motivated threat actors opportunities for large-scale attacks by providing a vast user base to target with:- These platforms allow attackers to exploit trust and personal information shared by users, making it easier to craft convincing…
New Common Vulnerability Scoring System (CVSS) v4.0 Released – What’s New!
CVSS (Common Vulnerability Scoring System) is vital for supplier-consumer interaction, offering a numerical score to assess security vulnerabilities’ technical severity that helps in guiding the following entities:- CVSS scores interpret the following qualitative ratings for prioritizing vulnerability management and enhancing…
Accenture Acquires Leading Spanish Cybersecurity Firm Innotec Security
Accenture, the global technology services and consulting giant, has announced the acquisition of Innotec Security, a leading cybersecurity-as-a-service provider based in Spain. The deal, which was made public on November 2, 2023, is a strategic move by Accenture to enhance…
DarkGate, Which Abused Microsoft Teams, Now Leverages MSI Files
A new wave of cyberattacks has been discovered by Netskope Threat Labs, involving the use of SharePoint as a delivery platform for the notorious DarkGate malware. This alarming trend is driven by an attack campaign that exploits vulnerabilities in Microsoft…
Multiple Cisco Services Engine Flaws Let Attackers Upload Arbitrary Files
Multiple vulnerabilities have been discovered in the Cisco Services Engine associated with Arbitrary File Upload and Denial of Service assigned with CVEs CVE-2023-20195, CVE-2023-20196, and CVE-2023-20213. The severity for these vulnerabilities ranges between 4.3 (Medium) and 4.7 (Medium). These vulnerabilities…
Why Storage And Backup Are Cybersecurity’s Weakest Links? – Top 5 Reasons
A lot of money is being spent to protect the enterprise against intrusion. Ransomware protection is currently in the spotlight – and with good reason. But organizations also invest heavily in technologies such as Zero Trust Network Access (ZTNA), Secure…
Cisco AnyConnect SSL VPN Flaw Let Remote Attacker Launch DoS Attack
A vulnerability of medium severity, identified as CVE-2023-20042, with a CVSS score of 6.8, was found in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defence (FTD) Software. This vulnerability could potentially…
Top 3 Cyber Threats That Attack Banks in 2023 – Counter Them With Any.Run Sandbox
Bank robbers of today are nothing like their counterparts of the past. Modern-day Bonnie and Clyde operate remotely, carrying out their operations from hundreds of miles away, simply using their laptops. On top of that, every year, the barrier of…
Hackers Attacking Blockchain Engineers with Novel macOS Malware
The frequency of hackers exploiting macOS flaws varies over time, but Apple continuously releases security updates to patch vulnerabilities. While macOS is generally considered more secure than some other operating systems but, it is not immune to exploitation, and hackers…
Uncovering Prolific Puma, Massive Domain Generator & URL Shortener
Hackers can exploit Massive Domain Generator and URL Shortener services by creating large numbers of deceptive or malicious domains and using URL shorteners to hide the true destination of links. This can be used for the following illicit purposes:- Recently,…
Hackers Deliver Malicious DLL Files Chained With Legitimate EXE Files
Hackers opt for DLL hijacking as a technique to exploit vulnerable applications because it allows them to load malicious code by tricking a legitimate application into loading a malicious DLL. This can give them unauthorized access and control over a…
Hackers Weaponize HWP Documents to Attack National Defense and Press Sectors
HWP documents are primarily associated with the Hangul Word Processor software used in South Korea. Hackers may opt for HWP documents to target National Defense and Press Sectors because they exploit vulnerabilities in this specific file format and software, which…
F5 Warns of Active Attacks Targeting BIG-IP SQL injection vulnerability
F5 Networks has issued a security alert about a severe vulnerability in its BIG-IP Configuration utility, identified as CVE-2023-46748. This vulnerability is an authenticated SQL injection flaw that allows attackers with network access to execute arbitrary system commands. F5 Networks…
CitrixBleed Vulnerability Widely Exploited, Primarily by a Ransomware Gang
At the end of October, AssetNote released a proof-of-concept for the CVE-2023–4966 associated with sensitive information disclosure for Citrix Netscaler ADC devices and was given a severity rating of 9.4 (Critical). After the release of PoC, there seems to be…
Hackers Abuse NuGet Packages to Deliver SeroXen RAT
The NuGet package manager, which .NET developers widely use, has been under attack by a series of malicious activities, according to a report by cybersecurity firm ReversingLabs. The report, which follows previous investigations on npm, PyPI, and RubyGems ecosystems, shows…
Atlassian Urged Customers to Fix Critical Confluence Security Flaw Right Away!
Atlassian has been reported with a critical vulnerability in their Confluence Software, which several organizations have widely adopted. The CVE for this vulnerability has been assigned as CVE-2023-22518, and the severity has been given as 9.1 (Critical). Atlassian has addressed…
Prepare Your Employees to Withstand a Zero-Day Cyber Attack: 5 Key Strategies
Imagine walking into work one morning to find your company’s network completely crippled. Servers are down, workstations display ransomware notices, and critical data has been encrypted or deleted. Total operational paralysis. This is the potential aftermath of a devastating zero-day…
Hackers Abuse Google Search Ads to Deploy Bonanza Malware
Cybercriminals are resorting to unscrupulous tactics to deploy Bonanza malware by exploiting Google Search Ads. The hackers are taking advantage of the search engine’s advertising mechanism to spread the malicious software, putting unsuspecting users at risk of cyber attacks. This…
Hacker Jailed for Stealing $1 Million Via SIM Swapping Attacks
A young man from Orlando, Florida, has been handed a 30-month prison sentence for his role in a cybercrime scheme that stole nearly $1 million in cryptocurrency from unsuspecting victims. As part of a group of hackers, Jordan Dave Persad,…
Proofpoint to Acquire AI Email Security Firm Tessian
Proofpoint, an enterprise security company, has entered into a definitive agreement to acquire Tessian, a leading provider of email security solutions. The acquisition is aimed at enhancing the existing email security offerings of Proofpoint and preventing misdirected emails and data…
ServiceNow Misconfigurations Lead to Leak of Sensitive Data
ServiceNow has been alerted to a potential misconfiguration concern that might impact the security of its platform. The company is actively addressing the issue and working towards a resolution. The issue involves Access Control Lists (ACLs), which are used to…
The Risk of RBAC Vulnerabilities – A Prevention Guide
Role-Based Access Control (RBAC) is a security paradigm focused on assigning system access to users based on their organizational role. It’s a sophisticated approach of ensuring that only the right people can access the right information at the right time.…
Hackers Deliver Remcos RAT as Weaponized PDF Payslip Document
AhnLab Security Emergency Response Center (ASEC) has recently revealed a disturbing case of Remcos RAT, a malicious software that can remotely access and manipulate infected machines. The attackers behind this malware used a clever email scam that pretended to be…
F-Secure Eyes $9.5M in Cost Savings With Layoffs
F-Secure has recently implemented organizational changes in order to pursue strategic growth initiatives and meet its financial targets. These changes likely involve adjustments to the company’s structure, processes, and resources to ensure they are better aligned with their goals and…
Hackers Abusing OAuth Token to Take Over Millions of Accounts
A new OAuth vulnerability has been discovered in three of the major extensions such as Grammarly, Vidio, and Bukalapak. These applications use the OAuth protocol for their authentication, which is vulnerable to an authentication token-stealing attack. OAuth is an authentication…
XWorm Sold Malware-as-a-service Opens Vast Hacking Opportunities
XWorm is a RAT (Remote Access Trojan), a malware-as-a-service. It was first discovered in July 2022 and is known to have originated from the ex-USSR. The malware is capable of multiple things, such as stealing sensitive data and cryptocurrency, launching…
Raven: Open-source CI/CD Pipeline Vulnerability Scanner Tool
Cycode is excited to introduce Raven, a state-of-the-art security scanner for CI/CD pipelines. Raven stands for Risk Analysis and Vulnerability Enumeration for CI/CD Pipeline Security, and it is now available as an open-source tool on GitHub. This innovative solution will…
D-LINK SQL Injection Vulnerability Let Attacker Gain Admin Privileges
A security flaw called SQL injection has been uncovered in the D-Link DAR-7000 device. SQL injection is a malicious attack that exploits vulnerabilities in web applications to inject malicious SQL statements and gain unauthorized access to the database. This technique…
VMware Tools Flaw Let Attackers Escalate Privileges
Two high vulnerabilities have been discovered in VMware Tools, which were assigned with CVE-2023-34057 and CVE-2023-34058. These vulnerabilities were associated with Local Privilege Escalation and SAML Token Signature Bypass. The severities of these vulnerabilities are 7.5 (High) and 7.8 (High),…
Malicious Android Apps on Google Play With Over 2 Million Installs
On Google Play, several new malicious apps with over 2 million installations have been found to display intrusive advertisements to users. Once installed, these trojans attempted to conceal themselves from users of Android smartphones. According to detection statistics collected by…
Firefox Memory Corruption Flaw Let Attacker Execute Arbitrary Code
Mozilla Firefox 119 was released with updates for 11 vulnerabilities, including three issues of high severity, seven issues of moderate severity, and one issue of low severity. Particularly, the browser update also fixes several memory safety flaws that are classified as CVE-2023-5730…
Octo Tempest Attacking Organizations to Steal Financial Data
Microsoft has been closely monitoring the Octo Tempest, a significant financial threat organization. This threat group employs various strategies and TTPs for worldwide extortion, making it one of the most sophisticated financial threat groups. Octo Tempest, a native English-speaking group…
DUCKTAIL Malware Employs LinkedIn Messages to Execute Attacks
LinkedIn messages were used as a way to launch identity theft attacks in a malicious campaign that Cluster25 detected. They send messages from hacked accounts with PDF files that look like job offers. But these files have links to dangerous…
Authorities Seize 17 North Korean Hacker Websites Used for Scamming
The U.S. Government just took down 17 hackers’ websites from the Democratic People’s Republic of Korea (DPRK). These hackers were using these sites to cheat businesses in the U.S. and abroad. It’s great to see that action is being taken…
Indian National Arrested for Stealing $150,000 via Computer Hacking
A cybercriminal from India was taken into custody for utilizing computer hacking to steal a sum of $150,000 from an elderly woman. A computer hacker is an individual with exceptional proficiency in computer technology, who is highly skilled in discovering…
Spain Arrests 34 Cybercriminals Who Stole Data of 4 Million People
Law enforcement officials have successfully apprehended a notorious criminal organization responsible for perpetrating computer scams and stealing sensitive data belonging to more than four million individuals. Law enforcement officials arrested a criminal organization consisting of 34 cybercriminals. During the operation,…
SEIKO Cyber Attack: Customers Personal Data Exposed
SEIKO Group Corporation (SGC) has announced that they suffered a cyber attack that exposed customer data. The attack lasted for several months and was ransomware that accessed SEIKO’s servers without permission. The attack was discovered on July 28, 2023, and…
Citrix Bleed: PoC Released for Citrix NetScaler Zero-Day Vulnerability
Two vulnerabilities were disclosed by Citrix, which were CVE-2023-4966 and CVE-2023-4967, with critical and high severities, respectively. Of these two, CVE-2023-4966 has been released with a publicly available PoC. This vulnerability is associated with a sensitive information disclosure score of…
New Undetected Python-Based Info-stealer Offered Via Dedicated Website
Akira is an information stealer malware that was found in March 2023. This malware can steal sensitive information, including saved credentials and payment card details, usernames, system ID, hardware details, installed software, and network configurations. Once this information is extracted,…
Samsung Galaxy S23 Hacked at Pwn2Own Toronto 2023
Pwn2Own is a highly significant and influential annual hacking competition in the cybersecurity community. It serves as a platform for top researchers and hackers to demonstrate vulnerabilities in popular software and operating systems. The event plays a crucial role in…
Android Malware Masquerades as Chrome Browser Reads SMS & Intercepts Emails
Threat actors primarily target remote access and control of victims’ devices by employing deceptive tactics. They often create fake apps or pose as legitimate ones to trick users into downloading malicious software, compromising the targeted devices’ security and privacy. This…
Open Source Security: Trends and Predictions for 2024
Open source security refers to the practice of ensuring that open source software (OSS) is free from vulnerabilities that malicious actors could exploit. It involves auditing the code of open-source software, identifying and patching vulnerabilities, and continually monitoring for new…
Okta Support System Hacked, Users Sensitive Data Exposed
The US-based software firm Okta has discovered malicious activity using a stolen credential to access Okta’s support case management system. An attacker was able to view sensitive files uploaded by Okta customers. According to the company’s public statement, the Auth0/CIC case…
Casio Hacked: Customers’ Personal Details Exposed
Casio Computer Co., Ltd. has apologized for a data leak due to unauthorized server access. The server contained the personal information of customers who registered for its educational web service, “ClassPad[.]net.” The leak affected customers both in Japan and abroad.…
Hackers Using Secure USB Drives to Attack Government Entities
An ongoing attack on government agencies in the APAC region has been claimed to have compromised a secure USB device with hardware encryption. The nation’s government agencies utilize these safe USB devices to transfer and save data between computer systems.…
Multiple SonicWall Vulnerabilities Resulted in a Firewall Crash
Multiple vulnerabilities were detected in the SonicOS Management web interface and the SSLVPN portal, resulting in a firewall crash. In a security alert that was just released by SonicWall, 9 vulnerabilities were patched. Organizations utilizing older SonicOS firmware releases are…
Synology NAS System Flaw Let Attackers Remotely Hijack the Admin Account
Synology DiskStation Manager (DSM) powers Synology NAS systems, offering remote file access and management. The DSM OS includes two default Linux users: ‘admin’ and ‘guest’ (usually disabled). A Synology NAS system flaw allowed attackers to hijack the admin account due…
Hackers Switching from Weaponized Office Documents to CHM & LNK Files
Malware distribution methods have changed significantly in the cyber threat landscape. Data analysis shows that Microsoft Office document files are no longer the preferred medium for delivering malware. Cybercriminals are using more complex and elusive methods, such as alternative file…
Hackers Deliver Weaponized Notepad++ Via Google Ads
Cybercriminals are known to exploit malicious advertising techniques for targeting the widely-used Notepad++ text editor for Windows. This could lead to the dissemination of ransomware and malware. In these malvertising efforts, threat actors take advantage of Google advertisements. According to…
Russian Hackers Bypass EDR to Deliver a Weaponized TeamViewer Component
TeamViewer’s popularity and remote access capabilities make it an attractive target for those seeking to compromise systems for their gain. Threat actors target TeamViewer for their illicit purposes because it is a widely used remote desktop software with potential security…
XorDDoS Infects Linux Devices and uses them to Carry out DDoS Attacks
A new campaign has been discovered that uses XorDDoS Trojan, which affects Linux systems and devices, turning them into zombies that can be controlled by threat actors remotely. Moreover, these compromised systems can later be used for DDoS(Distributed Denial-of-Service) attacks.…
Researchers Uncovered the Hack of a Private Power Station in Israel
In the continuing Israel-Palestine conflict, there has been a noticeable rise in hacktivist groups who are planning an unending attack against a variety of targets on both sides of the conflict. On October 8, the Cyber Av3ngers group revealed a…
Threat Actors Abuse Discord to Blend Within Organizations’ Network Traffic
Discord has become a household name in online gaming and digital communication. Gamers, friends, and families flock to this platform to chat, share, and collaborate. Discord is one of the most widely used communication tools worldwide, with millions of users.…
AgentTesla Stealer Delivered Via Weaponized PDF and CHM Files
AgentTesla, a notorious information stealer, is observed spreading via CHM and PDF Files, which covertly harvest critical information from the victim’s computer. The stealer has features including keylogging, clipboard data capture, file system access, and data transfer to a Command…
Microsoft to Kill NTLM and Expand Kerberos Authentication
In an ever-changing digital landscape, robust security measures are paramount. As Windows adapts to meet the evolving demands of our world, user authentication, a cornerstone of Windows security, undergoes significant transformation. Microsoft is actively working to enhance user authentication by bolstering…
Hackers Using Remote Admin Tools To Compromise Organizations With Ransomware
Cybercriminals behind the AvosLocker ransomware attack employed a tactic of infecting organizations through Open-Source Remote Administration Tools. This method allowed the malware to spread rapidly, potentially compromising sensitive data and systems across the affected networks. The FBI found a new…