A Comic Twist on Cybersecurity: The Advent of Malicious Generative AI Main Points: Recent emergence of malicious Generative AI Threat of FraudGPT and WormGPT to digital security The complex nature of Generative AI fraud Exploring the messaging around these artificial entities AI Evolves: Rise of the Dark ‘Bots Here’s some next-level tech gossip. Just when
Read More
Main Points Industrial cellular routers from Milesight have a high-severity flaw which may be actively targeted by cyber attackers. The findings were disclosed by VulnCheck. The vulnerability, labelled as CVE-2023-43261 with a CVSS score of 7.5, is an issue of information disclosure. Routers affected include models UR5X, UR32L, UR32, UR35, and UR41 before version 35.3.0.7.
Read More
The Ukrainian Telecom Outages – Cyber Trickery Unravelled The CERT-UA disclosed interference by threat actors in 11 different telecom service providers between May and September 2023. The activity, referred to as UAC-0165, led to service interruptions for a significant number of customers. The attack model included an initial ‘reconnaissance phase’. Unfolding the Telecom Outages in
Read More
Cisco Broadcasts a Warning of Active Exploitation Cisco alerts users about a critical, yet to be patched, security flaw affecting the IOS XE software, currently being exploited in real time. This zero-day vulnerability, buried in the web UI feature, has been allotted the identifier CVE-2023-20198 and scores a perfect 10.0 on the CVSS scale, the
Read More
Audit: WinRAR Security Loophole Exploited by Pro-Russian Hacking Groups Main Points: Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility. The vulnerability has been used as part of a phishing campaign which is designed to harvest credentials from compromised systems. The attack uses malicious archive files that exploit a
Read More
Exploring SpyNote: The Android Banking Trojan that Peeks into Your Digital Wallet Key Takeaways: SpyNote is a prevailing Android banking Trojan, oozing with information-gathering features. Primarily, it spreads through SMS phishing campaigns. Potential victims accidentally install the app by clicking an embedded link from deceptive texts. Cybersecurity firm F-Secure’s analysis reveals the Trojan’s invasive action
Read More
SaaS Security Unplugged: The Root and Branch of Configuration Management Main points in the article: – The origin of SaaS Security found in configuration management – 35% of all security breaches stem from misconfigured security settings – The expansion of initial access vectors to SaaS data in the past three years – Introduction of new
Read More
Signal App Waves Off Alleged Vulnerability Claims Main Points Signal, the encrypted messaging platform, has rejected viral reports of an alleged zero-day flaw in its software. In its investigation, Signal found no evidence to show that this vulnerability is real. The information regarding the alleged vulnerability hasn’t been shared through Signal’s official reporting platforms. Signal’s
Read More
EtherHiding: Binance’s Smart Chain Contracts Turned Evil Main Points: Threat actors have been observed using Binance’s Smart Chain (BSC) contracts to serve malicious code, in an action termed as the “next level of bulletproof hosting.” Guardio Labs detected the activity two months ago and has since codenamed it EtherHiding. The said activity is a novel
Read More
Harvesting Trouble: Exploiting the Critical Flaw in Citrix NetScaler ADC and Gateway Devices Main Points: – Discovery of a critical flaw in Citrix NetScaler ADC and Gateway devices. – Threat actors are exploiting this flaw to conduct a credential harvesting campaign. – The flaw was uncovered by IBM X-Force last month. – Adversaries are using
Read MoreNo products in the cart.