Stephanie Adlam

Two Adobe ColdFusion Vulnerabilities Exploited in The Wild

CISA reports about two vulnerabilities in ColdFusion that are actively exploited in cyberattacks

Two vulnerabilities in Adobe ColdFusion are exploited in real-world attacks, the Cybersecurity & Infrastructure Security Agency (CISA) warns. Both issues are related to the possibility of arbitrary code execution, caused by poor validation of deserialized data. Adobe released patches for both of these vulnerabilities back in mid-July 2023, when they were originally detected. ColdFusion ACE… Continue reading Two Adobe ColdFusion Vulnerabilities Exploited in The Wild

Tortilla (Babuk) Ransomware Decryptor Available

Cisco Talos and Avast Threat Labs elaborated a decryptor for Tortilla ransomware

On January 9, 2024, Avast and Cisco Talos announced the release of a free decryptor for one of the Babuk ransomware variants – Tortilla. Analysts ensure that all the victims of the said threat actor can use the decryptor to get their files back. That is the second ransomware strain to get the decryptor in… Continue reading Tortilla (Babuk) Ransomware Decryptor Available

OAuth2 Session Hijack Vulnerability: Details Uncovered

Crooks found an exploit that even changing your password doesn't solve the hack

A sophisticated exploit targeting Google’s OAuth2 authentication system was uncovered by Prisma threat actor. This exploit leverages undocumented functionalities within Google’s MultiLogin endpoint, enabling attackers to generate and maintain persistent Google cookies even after a password reset. OAuth2 Vulnerability Allows for Persistent Session Hijacking The attackers found a way to use specific components within the… Continue reading OAuth2 Session Hijack Vulnerability: Details Uncovered

xDedic Marketplace Members Detained In International Operations

The U.S. Department of Justice has ended the xDedic dark web marketplace investigation, charged 19 individuals

The infamous xDedic Marketplace, known for its illicit trade in compromised computers and personal data, has been effectively dismantled. 19 persons related to the marketplace were detained. The overall operation is the result of joint effort of law enforcement from 11 countries. xDedic’s Actors Face US Courts Although the actual seizure of xDedic happened almost… Continue reading xDedic Marketplace Members Detained In International Operations

Verified X/Twitter Accounts Hacked to Spread Cryptoscams

Attackers are targeting Twitter users from verified accounts

The trend of hacking official accounts to promote cryptocurrency fraud is gaining momentum. Over the past week, researchers have discovered an abnormal number of such incidents. X/Twitter Crypto Scams From Verified Accounts Today, we are witnessing an unpleasant trend: hackers increasingly target verified Twitter accounts. To be more specific, this refers to individuals who are… Continue reading Verified X/Twitter Accounts Hacked to Spread Cryptoscams

SMTP Smuggling is a New Threat to Email Security

A new exploitation technique known as SMTP smuggling has emerged, which can be maliciously utilized as a weapon.

A new SMTP Smuggling technique reportedly has the potential to bypass existing security protocols. Also it can enable attackers to send spoofed emails from seemingly legitimate addresses. This may breathe new life into email spam, despite its efficiency not decreasing throughout the last time. What is SMTP Smuggling? SMTP smuggling is a novice exploitation technique… Continue reading SMTP Smuggling is a New Threat to Email Security

Mandiant Account in X Hacked to Spread Cryptocurrency Scams

Cybersecurity company Mandiant, Google's subsidiary, got its X account hacked

The Twitter account of Google’s Mandiant cybersecurity service has been hacked to promote a cryptocurrency scam. It happens along with the massive spread of cryptocurrency drainer scams on different social media platforms. Mandiant has lost control of its X/Twitter account Early this morning Eastern Time, cybersecurity company Mandiant’s account on the social network X (formerly… Continue reading Mandiant Account in X Hacked to Spread Cryptocurrency Scams

Qualcomm RCE Vulnerabilities Expose Millions of Users

Chain of vulnerabilities discovered in Qualcomm chips

Vulnerability in several Qualcomm chipsets allows for remote code execution during the phone call. This and other vulnerabilities were uncovered in the latest security bulletin released by the chipmaker. The optimistic part here is that the company uncovered the flaws half a year ago, and arranged the fixes with the OEMs. RCE Vulnerability In Qualcomm… Continue reading Qualcomm RCE Vulnerabilities Expose Millions of Users

Black Basta Ransomware Free Decryptor Available

It is now possible to decrypt Black Basta ransomware, specifically its variants from November 2022 to December 2023

SRLabs researchers published a free decryptor for BlackBasta ransomware. They discovered the vulnerability in the way malware handles the encryption process and found the way to recover the encryption key and get the files back. The decryptor is called Black Basta Buster and is available for free on the devs’ GitHub page. Black Basta Decryptor… Continue reading Black Basta Ransomware Free Decryptor Available

Seven Common Types of Malware – Analysis & Description

Being aware of the types of malware is key to protecting your devices and systems from potential cyberattacks.

In the intricate landscape of cybersecurity, comprehending the various forms of malware is crucial. This article offers an in-depth look at the most pervasive malware types, from Loaders to Keyloggers. We’ll explore their mechanisms, impacts, and how they compromise digital security, providing you with the knowledge to better safeguard against these ever-evolving cyber threats. Let’s… Continue reading Seven Common Types of Malware – Analysis & Description