Microsoft Monthly Security Update (May 2023)
Updated Source and Related Links.CVE-2023-24955 vulnerability is exploited in the wild. In a network-based attack, an authenticated attacker as a Site...
News
Ongoing Malware Campaign Targeting WordPress Websites
There are reports of an ongoing malware campaign, Sign1, targeting WordPress sites. The campaign entails attackers gaining access to WordPress...
Free Vpn Apps On Google Play Turned Android Phones Into Proxies
Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices...
Finland Confirms Apt31 Hackers Behind 2021 Parliament Breach
Image: Midjourney The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State...
Themoon Malware Infects 6 000 Asus Routers In 72 Hours For Proxy Service
A new variant of "TheMoon" malware botnet has been spotted infecting thousands of outdated small office and home office (SOHO)...
Hackers Exploit Ray Framework Flaw To Breach Servers Hijack Resources
A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing...
Germany Warns Of 17k Vulnerable Microsoft Exchange Servers Exposed Online
The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed...
700 Cybercrime Software Turns Raspberry Pi Into An Evasive Fraud Tool
Cybercriminals are selling custom Raspberry Pi software called 'GEOBOX' on Telegram, which allows inexperienced hackers to convert the mini-computers into...
US-CERT Vulnerability Summary for the Week of March 18, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
New Zenhammer Memory Attack Impacts Amd Zen Cpus
Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map...
New Mfa Bypassing Phishing Kit Targets Microsoft 365 Gmail Accounts
Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and...
Us Sanctions Apt31 Hackers Behind Critical Infrastructure Attacks
The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security (MSS) as cover in attacks...
Us Sanctions Crypto Exchanges Used By Russian Darknet Market Banks
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned three cryptocurrency exchanges for working with OFAC-designated Russian...
Hackers Poison Source Code From Largest Discord Bot Platform
The Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to infect developers...
Cisa Urges Software Devs To Weed Out Sql Injection Vulnerabilities
CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to...
Panera Bread Experiencing Nationwide It Outage Since Saturday
Since Saturday, U.S. food chain giant Panera Bread has been experiencing a nationwide outage that has impacted its IT systems,...
F5 Products Denial of Service Vulnerability
A vulnerability was identified in F5 Products. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted...
Over 100 Us And Eu Orgs Targeted In Strelastealer Malware Attacks
A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to...
Remote Monitoring Management Software Used In Phishing Attacks
Remote Monitoring & Management (RMM) software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today,...
Massive Utility Scam Campaign Spreads Via Online Ads
For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their...
One Year Later Rhadamanthys Is Still Dropped Via Malvertising
It was just a little over a year ago that the Rhadamanthys stealer was first publicly seen distributed via malicious...
Ransomware Review February 2024
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on...
Stopping A Targeted Attack On A Managed Service Provider Msp With Threatdown Mdr
In late January 2024, the ThreatDown Managed Detection and Response (MDR) team found and stopped a three-month long malware campaign...
Fakebat Delivered Via Several Active Malvertising Campaigns
February was a particularly busy month for search-based malvertising with the number of incidents we documented almost doubling. We saw...
