The Peer-to-Peer Party is Getting Wild: P2PInfect Malware Spikes 600x in a Week The P2PInfect had a remarkable activity surge since late August 2023. The malware saw a whopping 600x jump between September 12th and 19th, 2023. The surge in activity coincided with a notable increase in P2PInfect variants seen in the wild. Developers of
Read More
Main Points: – Security teams face threats from third-party applications commonly installed by employees. – These apps are designed to link to a hub app like Salesforce, Google Workspace, or Microsoft 365. – The main security concerns arise from the permissions these third-party apps are granted, which potentially increases risk. Threats Looming from Third-Party Apps
Read More
**Main Points:** – China’s Ministry of State Security (MSS) accused the U.S. of hacking into Huawei’s servers and stealing critical data since 2009. – The accusations were posted in a message on WeChat. – This alleged activity occurred amid growing geopolitical tensions between China and the U.S. – The MSS claims that U.S. intelligence agencies
Read More
Dubbing the E-Crime Group: Unveiling the Elusive Gold Melody • A financially driven threat actor has been exposed as an initial access broker (IAB)—a kind of bouncer at the cybercrime club, deciding who gets passed the virtual velvet rope. • This group has been given the name “Gold Melody” by the SecureWorks Counter Threat Unit
Read More
– h1: Free Download Manager admits to 2020 security breach. – Malicious Linux software was distributed through the company’s website. – The hacker group was believed to be from Ukraine. – Only a select group of users were affected. h2: The Breach Revealed Tech tragedy alert: in the equivalent of leaving your garage door open
Read More
Watch Out Windows Users: Clever WinRAR Exploit Poses Real Danger A deceptive proof-of-concept (PoC) exploit for a recent WinRAR vulnerability is released, aiming to infect unsuspecting users with VenomRAT malware The phony WinRAR exploit is based on a publicly available PoC script for a SQL injection vulnerability found in Geoserver A Double-edged Sword: The Fake
Read More
Winding down the Dark Web: Finnish Authorities shut down PIILOPUOTI – Finnish authorities have successfully taken down PIILOPUOTI, a dark web marketplace notorious for illicit narcotics trade. – PIILOPUOTI has been in operation since May 2022, functioning as a hidden service within the encrypted TOR network. – According to the Finnish Customs agency, the site
Read More
Nagios XI Network Monitoring Software Plugs Security Holes Multiple security vulnerabilities discovered in Nagios XI network monitoring software. Vulnerabilities can result in privilege escalation and information disclosure. Four security flaws, tracked as CVE-2023-40931 through CVE-2023-40934, affect Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, these issues have been patched as
Read More
Email phishing campaigns target Chinese-language speakers – Several email phishing campaigns are predominantly targeting Chinese-language speakers. – Such attacks aim to propagate different malware families, including Sainbox RAT, Purple Fox, and a recently detected Trojan named ValleyRAT. – Proofpoint, an enterprise security company, has disclosed this trend, noting that the involved campaigns include Chinese-language lures
Read More
Modern web applications are modular and depend on third-party components, which can make them vulnerable. Vulnerabilities can be hidden within third-party components. Open-source tools, even the popular ones, can be a target of attacks. The Pitfall of Functionality: Modern Web Applications’ Vulnerability The thing about modern web applications is their comparable functionality to a Swiss
Read MoreNo products in the cart.