Feeling Enchanted? Be Wary Of The OAuth Magic! User-friendly OAuth protocols can seem like tech magic for account creation and accessibility Unfortunately, users often misunderstand the implications of the permissions they grant This lack of understanding opens a window for misuse and manipulation by malicious actors The Glamour of OAuth: Breezing Through Account Creation Just
Read More
Malware-Infected Machines Turned Into Proxy Exit Nodes Threat actors are using malware-infected machines, Windows and macOS, for proxy server applications and turning them into exit nodes to reroute proxy requests. The company delivering this proxy service runs more than 400,000 proxy exit nodes, but it’s unclear how many have been taken over by the malware.
Read More
The Hiatus of HiatusRAT: Reloaded and Reconnaissance-ing The threat actors responsible for the HiatusRAT malware have resurfaced, focusing their attention towards organizations based in Taiwan and a U.S. military procurement system. These threat actors have been recompiling malware samples for varying architectures. The remodeled malware artifacts have allegedly been hosted on newly fabricated virtual private
Read More
Updated “WoofLocker” Software Creates Technical Support Scams • Cybersecurity professionals have made note of an updated version of the advanced fingerprinting and redirection toolkit named WoofLocker. • This complex traffic redirection blueprint was first documented by Malwarebytes in January 2020. • It leverages JavaScript embedded in compromised websites to conduct anti-bot and web traffic filtering
Read More
Juniper Networks Squashes Four Critical Bugs in Junos OS, Dad-jokes Included Main Points Juniper Networks released an “out-of-cycle” security update to fix flaws in Junos OS. The vulnerabilities impact the J-Web component, potentially leading to remote code execution. The bugs have a cumulative 9.8 CVSS rating, labeling them as Critical. All versions of Junos OS
Read More
APK Files Dodge Detection with Uncommon Compression Methods: A Sneaky Tech Tale Here’s the key points: – Threat actors are using unfamiliar compression methods in Android Package (APK) files to slip past malware analysis. – These findings are courtesy of the good folks at Zimperium, who identified 3,300 such artifacts in the wild. – Apart
Read More
14 Cybercriminal Suspects Nabbed in Pan-African Operation INTERPOL and AFRIPOL’s Coordinated Cyber Haul In a “virtual” lockdown of a different kind, a coordinated law enforcement operation engaging 25 African countries has zapped 14 suspected cybercriminals into digital handcuffs. Announced on a Friday that’s good for everyone but the hackers, this operation was spearheaded by none
Read More
Microsoft Detects A New Spin On BlackCat Ransomware Overview: – Microsoft has discovered a new version of the BlackCat ransomware, also known as ALPHV and Noberus – This version has embedded tools like Impacket and RemCom, which are used for lateral movement and remote code execution – The Impacket tool can be used for the
Read More
Google Chrome’s Upcoming Feature: Keeping Users in the Loop of Removed Extensions • Google has plans to integrate a new feature in its Chrome web browser designed to alert the user when an installed extension has been removed from the Chrome Web Store. • The feature is ready to be released with Chrome 117. •
Read More
Under The Radar: The NoFilter Attack Exploits Windows Filtering Platform (WFP) Main Points: A new attack method dubbed ‘NoFilter’ has been exposed, which can abuse the Windows Filtering Platform (WFP) for privilege escalation in Windows OS. Ron Ben Yizhak, a security researcher from Deep Instinct, highlighted that administrative privileges are insufficient for a hacker aiming
Read MoreNo products in the cart.