Exim Mail Transfer Agent: A Spotlight on Security Vulnerabilities – A series of security vulnerabilities have been reported in the Exim mail transfer agent. – Successful exploitation of these vulnerabilities could lead to information disclosure and remote code execution. – These flaws were initially reported anonymously in June 2022. – The most critical vulnerability is
Read More
Meet ASMCrypt: DoubleFinger’s “Evolved” Sibling in the Malware Family Main Points Threat actors are selling a new crypter and loader called ASMCrypt ASMCrypt is described as an evolved version of the known malware, DoubleFinger This type of malware aims to load the final payload undetected by antivirus/endpoint detection and response (AV/EDR) An analysis of this
Read More
North Korean Lazarus Group Sneaks into Spanish Aerospace Company with A Little “Meta-Recruiting” Digital Espionage Targets Spanish Aerospace Firm Throwing a different kind of punch, the infamous North Korea-linked group known as the Lazarus Group hit the world’s cyber stage in another notorious role. This time, they made their cyber theatrical debut as a recruiter—artfully
Read More
Sleep easy, or not: The Quantum Cryptography Conundrum Introduction: The Cryptosecurity Night Owl While most of us are still grappling with basic cyber hygiene, the juggernaut of post-quantum cryptography is hurtling towards us. It’s kind of like becoming a parent for the first time – you really don’t understand what’s coming until it’s there, waking
Read More
Beware Bing: Malware-Toting Ads Hitchhike On Microsoft’s AI Chatbot – Malware is being spread through ads appearing on Microsoft Bing’s AI Chatbot. – Users searching for popular tools have been led to malicious sites from Bing Chat conversations. – This discovery was reported by Malwarebytes. If you’re chatting with Bing, be wary of ad-toting hitchhikers.
Read More
Progress Software has released patches for a critical security hole and seven other vulnerabilities in WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. The major flaw, tracked as CVE-2023-40044, boasts a full-blown CVSS score of 10.0, suggesting maximum severity. All versions of the software are vulnerable to this flaw. WS_FTP
Read More
Beware: Cisco dials up warning on software vulnerability Cisco has found attempts to exploit a vulnerability in its IOS Software and IOS XE Software. The vulnerability, tracked as CVE-2023-20109, has a CVSS score of 6.6 and is considered medium severity. All versions of the software with the GDOI or G-IKEv2 protocol enabled are impacted. Dialling
Read More
Thieves in the Codehouse: Github Accounts Hijacked in New Malicious Campaign Here are the key takeaways: – A new malicious campaign is hijacking GitHub accounts and inserting malicious code. – The cunning culprits disguise this code as Dependabot contributions. – The objective is to pilfer passwords from unsuspecting developers. – This hazardous code exports the
Read More
Summary: Cybersecurity agencies in Japan and U.S. warn of attacks by Chinese state-backed hacking group. The group, known as BlackTech, is accused of tampering with branch routers to infiltrate networks . This ongoing threat creates a cybersecurity concern in both corporate and national security. A Proactive Warning from U.S and Japanese Cybersecurity Agencies Grab your
Read More
Changing Tides in Browser Security Main Points: The landscape of browser security has evolved substantially in the past decade. Once considered a gold standard, Browser Isolation is less effective in today’s SaaS-centric world. Browser Isolation limitations include degraded browser performance and inability to address evolving threats. Browser Security: An Evolution Story Remember when “Spy vs
Read MoreNo products in the cart.