General Security News
-
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many...
-
BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection
BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass...
-
Critical Linux Kernel Vulnerability Let Attackers Execute Arbitrary Code Remotely
SMB servers that have ksmbd enabled are vulnerable to hacking due to a major Linux kernel vulnerability (CVSS score of 10). KSMBD is a Linux...
-
Hackers Using Automated Attack to Exploit Exchange Server and SQL Injection Vulnerabilities
Recently, cybersecurity analysts at Prodraft’s threat intelligence team detected that the hacker group FIN7 was actively exploiting...
-
Facebook to Pay $725 Million to settle Lawsuit Over Cambridge Analytica Data Leak
Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725 million to settle a long-running class-action...
-
GuLoader Malware Utilizing New Techniques to Evade Security Software
Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security...
-
2022 Top Five Immediate Threats in Geopolitical Context
As we are nearing the end of 2022, looking at the most concerning threats of this turbulent year in terms of testing numbers offers a threat-based...
-
W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names
Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the goal of delivering...
-
FrodoPIR: New Privacy-Focused Database Querying System
The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called FrodoPIR....
-
Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials
A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials....
-
KmsdBot Botnet Leverages SSH to Compromise Systems and to Launch DDoS Attacks
Researchers from Akamai have continued to study the cryptomining botnet KmsdBot and have looked at its attack flow. It is believed that KmsdBot is...
-
OWASSRF – New Exploit Let Attacker Execute Remote Code on Microsoft Exchange Server
There is a new exploit chain dubbed, OWASSRF that threat actors are actively exploiting to gain arbitrary code execution through Outlook Web...