Stephanie Adlam

Windows SmartScreen Vulnerability Exploited to Spread Phemedrone Stealer

A once-patched vulnerability in Microsoft Windows Defender SmartScreen has resurfaced again

The malicious campaign exploits the CVE-2023-36025 vulnerability in Microsoft Windows Defender SmartScreen to spread Phemedrone Stealer. It utilizes intricate evasion techniques to bypass traditional security measures and target sensitive user information. Phemedrone Stealer Campaign Exploits CVE-2023-36025 Trend Micro researchers uncovered a malware campaign exploiting the CVE-2023-36025 vulnerability in Microsoft Windows Defender SmartScreen. This campaign involves… Continue reading Windows SmartScreen Vulnerability Exploited to Spread Phemedrone Stealer

Cisco Unity Connection Vulnerability Enables Root Access

Cisco patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices.

Cisco has recently addressed a significant security vulnerabilit in its Unity Connection softwarey, identified as CVE-2024-20272. This flaw poses a critical risk as it allows unauthenticated attackers to gain root privileges on affected systems. The update is already available and is recommended for installation as soon as possible. Vulnerability in Cisco Unity Connection Allows for… Continue reading Cisco Unity Connection Vulnerability Enables Root Access

Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild

A combo of two zero-day vulnerabilities in ICS poses a threat to the clients

Ivanti issued an alert about its Connect Secure VPN appliances. Advanced threat actors are exploiting two zero-day vulnerabilities in cyberattacks, possibly including state-sponsored groups. That is yet another vulnerability in Ivanti software. Ivanti Connect Secure Zero-Day Exploited Ivanti, a prominent software company, recently issued a critical alert concerning its Connect Secure VPN appliances. These devices… Continue reading Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild

Water Curupira Hackers Spread PikaBot in Email Spam

Water Curupira group started spreading Pikabot malware, targeting victims with deceptive emails for data breaches.

Notorious group known as Water Curupira has unleashed a new wave of threats through their sophisticated malware, Pikabot. This menacing campaign, primarily spread through email spam, highlights an alarming escalation in cyber attacks. It targets unsuspecting victims with deceptive emails, leading to unauthorized access and potential data breaches. Water Curupira’s Email Spam Campaigns Water Curupira,… Continue reading Water Curupira Hackers Spread PikaBot in Email Spam

NoaBot Botnet: The Latest Mirai Offspring

Mirai-based NoaBot botnet deploys cryptominers on Linux servers

A new botnet called NoaBot emerged in early 2023. It reportedly targets SSH servers for cryptocurrency mining using the Mirai platform. On top of the Mirai’s functionality, it brings several detection evasion tricks. NoaBot Involved in Crypto Mining Cybersecurity experts have discovered a new botnet called NoaBot. It has been active since at least the… Continue reading NoaBot Botnet: The Latest Mirai Offspring

PUABundler:Win32/CandyOpen Analysis & Removal Guide

CandyOpen is a malware used to download unwanted software

PUABundler:Win32/CandyOpen is an unwanted program that acts as a browser hijacker and can download junk apps to your system. Specifically, it points at a thing known as OpenCandy adware, that is known for its indecent behavior. Let’s break it down and see what the PUABundler/Candyopen on a real-world example. What is PUABundler:Win32/CandyOpen? As I’ve said… Continue reading PUABundler:Win32/CandyOpen Analysis & Removal Guide

Apache OFBiz Vulnerability Exposes Millions of Systems

SonicWall detects zero-day AuthBIZ flaw in Apache OFBiz

The cyber world has been rattled by the recent discovery of a critical zero-day vulnerability in Apache OFBiz, known as CVE-2023-51467. Researchers at SonicWall unveiled this flaw, which poses a significant threat by enabling attackers to bypass authentication and carry out a Server-Side Request Forgery (SSRF). The vulnerability is severe, with a CVSS score of… Continue reading Apache OFBiz Vulnerability Exposes Millions of Systems

YouTube Videos Promote Software Cracks With Lumma Stealer

YouTube has taken the baton for spreading malware in warez

Researchers have discovered a cybersecurity threat that targets users through YouTube videos. These videos offer pirated software but are being used to distribute malware, specifically Lumma stealer. YouTube Videos Promoting Malware Concerning a development in the cybersecurity world, researchers have identified a new threat targeting freeloaders via YouTube videos. These videos are seemingly harmless and… Continue reading YouTube Videos Promote Software Cracks With Lumma Stealer

Two Adobe ColdFusion Vulnerabilities Exploited in The Wild

CISA reports about two vulnerabilities in ColdFusion that are actively exploited in cyberattacks

Two vulnerabilities in Adobe ColdFusion are exploited in real-world attacks, the Cybersecurity & Infrastructure Security Agency (CISA) warns. Both issues are related to the possibility of arbitrary code execution, caused by poor validation of deserialized data. Adobe released patches for both of these vulnerabilities back in mid-July 2023, when they were originally detected. ColdFusion ACE… Continue reading Two Adobe ColdFusion Vulnerabilities Exploited in The Wild

Tortilla (Babuk) Ransomware Decryptor Available

Cisco Talos and Avast Threat Labs elaborated a decryptor for Tortilla ransomware

On January 9, 2024, Avast and Cisco Talos announced the release of a free decryptor for one of the Babuk ransomware variants – Tortilla. Analysts ensure that all the victims of the said threat actor can use the decryptor to get their files back. That is the second ransomware strain to get the decryptor in… Continue reading Tortilla (Babuk) Ransomware Decryptor Available