Repojacking: Thousands of Go Module Repositories Compromised on GitHub Main Points New research shows over 15,000 Go module repositories on GitHub are susceptible to an attack known as repojacking. Over 9,000 of these repositories are vulnerable due to changes in GitHub usernames, as divulged by Jacob Baines, CTO at VulnCheck. There are more than 6,000
Read More
Main Points: – An unidentified threat actor launched a cyber attack on a US aerospace organization. – BlackBerry’s research team is monitoring the operation named as “AeroBlade”. – The origin and success of the attack remain hidden. – The attacker deployed spear-phishing as an infiltration strategy. The Cyber Invasion from Unknown Heights In an uncharted
Read More
Microsoft Detects Cyber Intrusion: A Chilly Forest Blizzard Warning Main Points Microsoft has reported a crucial security flaw in its Outlook email service which has been exploited by a Kremlin-backed cyber criminal group known as Forest Blizzard. The tech behemoth has linked the infiltration to Forest Blizzard, also identified as Strontium or APT28. Sweating the
Read More
New Bluetooth Attacks Undermine Previously Trusted Technology Recent investigations have unveiled several fresh attacks that violate Bluetooth Classic’s promises of forward and future confidentiality, leading to adversary-in-the-middle (AitM) situations amid paired peers. These problems, grouped under the name “BLUFFS,” influence Bluetooth Core Specification 4.2 through 5.4. An identifying label, CVE-2023-24023, aids in tracking these issues,
Read More
New P2PInfect Botnet Variant Discovered: A Real Nuisance for IoT Devices – Cybersecurity researchers have identified a new variant of botnet, known as P2PInfect. – This fresh outbreak is designed to target routers and IoT devices. – Unearthed by Cado Security Labs, it’s built for Microprocessor without Interlocked Pipelined Stages (MIPS) computer architecture. – MIPS
Read More
Seasonal Housekeeping: Time to Tidy up User Roles and Privileges Employ the end-of-year lull to review and adjust user roles and permissions in your software suite. Removing excess or unnecessary users can save on exorbitant license fees. Maintaining a clean user inventory significantly bolsters the security of your SaaS applications. Proper management of user roles
Read More
The Firmware Fiasco: LogoFAIL plunges UEFI Code into Vulnerability UEFI Code Vulnerabilities Pray tell, did you hear about the firmware that hit a brick wall? It asked UEFI here? (UEFI, just so we get our puns right, sounds like ‘wifey’, okay?) Alright, enough with the chuckles. So, firmware gurus uncovered high-impact vulnerabilities in the Unified
Read More
The Invasion of the Cyber Bot: Microsoft Alarms Users About CACTUS Ransomware and DanaBot Attacks Microsoft’s Threat Intelligence team is sounding the alarm about a new wave of CACTUS ransomware attacks. The ransomware utilizes insidious malvertising lures to deploy DanaBot as an initial access vector for its attacks. These DanaBot infections result in “hands-on-keyboard activity”
Read More
Global Organizations Become New Hunting Grounds for Agent Racoon Global organizations, particularly in the Middle East, Africa and U.S., have met with a new and unidentified cyber threat—Agent Racoon. The malware, Agent Racoon, uses the .NET framework and banks heavily on the domain name service (DNS) protocol to create covert channels and equip the backdoor
Read More
IXPLORE: Russian “Tech Wiz” Found Guilty in US for Developing and Deploying Malware _MAIN POINTS_ – The U.S. Department of Justice announces the conviction of Vladimir Dunaev, a Russian national tied to TrickBot malware. – Dunaev, 40, was arrested in South Korea in September 2021, with extradition to the U.S. occurring the following month. –
Read MoreNo products in the cart.