The Downfall of QakBot: A Rock and a ‘Hard Drive’ Place To kick things off, let’s set the scene with an article’s main points: – The Operation Duck Hunt, a collaborative law enforcement initiative, has taken down QakBot, a significant Windows malware family. – QakBot is suspected to have compromised over 700,000 computers worldwide, aiding
Read More
Danger in the Inbox: DarkGate Malware Surge Noted • Newly observed malspam campaign is utilising off-the-shelf DarkGate malware. • Sped-up activities attributed to the fact that the software’s developer has taken to renting out the malware to selected affiliates- as per Telekom Security’s recent report. • Current findings build onto previous reports from security experts.
Read More
New Global Espionage Campaign Exposed: UNC4841 Main Points: Suspected Chinese-linked hacking group exploits a zero-day flaw in Barracuda Networks Email Security Gateway to carry out a global espionage campaign The group has hit the government, military, defense and aerospace, high-tech industry, and telecom sectors Mandiant tracks the activity of the highly efficient and relentless threat
Read More
Risks from various siloed security scanning tools require labor-intensive steps for risk mitigation. Security teams, often strained for resources, find this process inefficiency grievous. A new study reveals how the use of technology can help address this inefficiency. A Labor-Intensive Job As any security guru would quip, “Too many tools and risks to manage! It’s
Read More
Does Your Citrix NetScaler Tick like a Time Bomb? Danger is knocking at the door of the internet’s unpatched Citrix NetScaler systems. As drunken sailors on a sinking ship, yet unidentified threat actors seem to be targeting these systems in what smells like a potential ransomware attack. This new exploit “recipe” is akin to a
Read More
Microsoft Rings Alarm Bells on Cybercrimes: Rise in ‘Adversary-in-the-Middle’ Phishing Techniques and Phishing-as-a-Service Models Here are the primary talking points: Microsoft alerting about the growth in AiTM (adversary-in-the-middle) phishing methods, driven by the increasingly prevalent phishing-as-a-service (PhaaS) cybercrime business model. The technology leader has observed an upswing in PhaaS platforms capable of AiTM, as well
Read More
Microsoft Embraces “Lost and Found” in Cybersecurity: The Abandoned URL Case Summary of Main Points A case of privilege escalation has been discovered linked to a Microsoft Entra ID application The cybersecurity flaw was due to an abandoned reply URL that could be exploited by attackers An attacker could utilize this URL to redirect authorization
Read More
– Developers targeted in software supply chain attacks. – Malicious packages discovered on Rust programming language’s crate registry. – Libraries uploaded between August 14 and 16, 2023. – Published by a user named “amaperf.” – Names of the packages are not disclosed, as they have been taken down. A New Twist in Cyber Crime –
Read More
Cyber Attacks: Web Applications’ Biggest Nightmare • Rising Trend of Cyber Attacks on E-commerce Platforms With e-commerce becoming the new shop around the corner, businesses are finding more omnichannel ways to sell. But just like a “for sale” sign tempts shoplifters, this digital evolution is attracting some invisible threats, aka the cyber-attackers. Seems like these
Read More
An Updated KmsdBot Botnet Malware Targets IoT Devices An updated version of KmsdBot botnet malware is now aiming at vulnerable Internet of Things (IoT) devices, extending both its functionality and its scope of attack. Security analyst Larry W. Cashdollar at Akamai revealed in a recent analysis that the malware now incorporates support for Telnet scanning
Read MoreNo products in the cart.