Google Chrome’s New Feature Alerts Users About Auto-Removal of Malicious Extensions
Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to alert...
News
New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools
Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds...
Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams
Back in January 2020, we blogged about a tech support scam campaign dubbed WoofLocker that was by far using the...
Thousands of Android APKs use compression trick to thwart analysis
Threat actors increasingly distribute malicious Android APKs (packaged app installers) that resist decompilation using unsupported, unknown, or heavily tweaked compression...
Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
Lax policies for package naming on Microsoft’s PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular...
Hackers ask $120,000 for access to multi-billion auction house
Hackers claim to have breached the network of a major auction house and offered access to whoever was willing to...
Phishing campaign steals accounts for Zimbra email servers worlwide
An ongoing phishing campaign has been underway since at least April 2023 that attempts to steal credentials for Zimbra Collaboration...
Triple Extortion Ransomware and the Cybercrime Supply Chain
Ransomware attacks continue to grow both in sophistication and quantity. 2023 has already seen more ransomware attacks involving data exfiltration...
Google Fixes 26 Bugs Amid Fake Update Warning
Google has released the latest version of its Chrome browser, addressing 26 vulnerabilities including eight critical flaws.Chrome 116 covers updates...
AnonFiles Shuts Down After Massive User Abuse
A popular anonymous file sharing service used by security researchers and threat actors has decided to close down, citing “extreme...
Critical Flaws in PowerShell Gallery Enable Malicious Exploits
Aqua Nautilus has uncovered critical vulnerabilities persisting within the PowerShell Gallery, resulting in a fertile ground for malicious actors to...
Phishing Spree Targets Zimbra Collaboration Account Holders
Cybersecurity researchers at ESET have exposed an ongoing mass-spreading phishing campaign that explicitly targets Zimbra Collaboration email server users. The...
CISA Launches Joint Initiative to Secure RMM Software
The US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled its Remote Monitoring and Management (RMM) Cyber Defense Plan. Created in...
CISA Urges Patching of Actively Exploited Citrix Bug
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that a Citrix flaw patched in June is being actively...
NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security
A previously undetected attack method called NoFilter has been found to abuse the Windows Filtering Platform (WFP) to achieve privilege...
US-CERT Vulnerability Summary for the Week of August 7, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info phoenixcontact -- wp_6xxx_series In PHOENIX CONTACTs WP 6xxx series web panels...
New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode
Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the...
Why You Need Continuous Network Monitoring?
Changes in the way we work have had significant implications for cybersecurity, not least in network monitoring. Workers no longer...
China-Linked Bronze Starlight Group Targeting Gambling Sector with Cobalt Strike Beacons
An ongoing cyber attack campaign originating from China is targeting the Southeast Asian gambling sector to deploy Cobalt Strike beacons...
New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities
A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of...
Malvertisers up their game against researchers
Threat actors constantly take notice of the work and takedown efforts initiated by security researchers. In this constant game of cat...
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks
An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The...
Google Introduces First Quantum Resilient FIDO2 Security Key Implementation
Google on Tuesday announced the first quantum resilient FIDO2 security key implementation as part of its OpenSK security keys initiative....
CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller...
