The Security Blog From Gridinsoft
GoFetch Vulnerability in Apple Silicon Uncovered
Researchers uncovered a vulnerability in Apple Silicon processors, dubbed GoFetch. It allows attackers to extract secret keys from Mac computers…
STRRAT and Vcurms Malware Abuse GitHub for Spreading
A new phishing campaign has recently been discovered that uses GitHub to deliver Remote Access Trojans (RAT) STRRAT and Vcurms…
Fujitsu Hacked, Warns of Data Leak Possibility
Fujitsu, one of the world’s leading IT companies, reports uncovering the hack in their internal network. The company discovered malware…
Fortinet RCE Vulnerability Affects FortiClient EMS Servers
Fortinet disclosed a critical vulnerability affecting FortiClient EMS products in March 2024. This vulnerability, categorized as an SQL injection, poses…
Adobe Reader Infostealer Plagues Email Messages in Brazil
A recent email spam campaign reportedly spreads infostealer malware under the guise of Adobe Reader Installer. Within a forged PDF…
Over 178,000 SonicWall Firewalls are Vulnerable to DoS and RCE
Recent research uncovers a significant portion of SonicWall firewall instances being susceptible to attacks. In particular, two vulnerabilities are able to cause remote code execution (RCE) and DoS attacks. Unfortunately,…
9 PixieFail Vulnerabilities Discovered in TianoCore’s EDK II
A chain of 9 vulnerabilities in UEFI’s Preboot Execution Environment (PXE), dubbed PixieFail, was uncovered in a recent research. As the network boot process is a rather novice attack vector,…
New Google Chrome 0-day Vulnerability Exploited, Update Now
In the most recent release notes, Google reports about a new 0-day vulnerability that is already exploited in the wild. The update fixes the issue, but the very fact of…
Novice FBot Stealer Targets Cloud Services
Researchers report about a new malware strain dubbed FBot. This Python-based malicious program appears to be a unique tool in cybercriminals’ arsenal. Its uniqueness is due to its targeting of…
AzorUlt Stealer Is Back In Action, Uses Email Phishing
Cybersecurity experts have stumbled upon the eight-year-old Azorult malware. This malware steals information and collects sensitive data, and has been down since late 2021. But will the old dog keep…
Remcos RAT Targets South Korean Users Through Webhards
An infamous Remcos RAT reportedly started targeting South Korean users through the files shared on Webhards platform. By baiting users with cracked software and adult content, hackers manage to install…
GitLab Zero-Click Account Hijack Vulnerability Revealed
On January 11, 2024, GitLab released an update with the official warning regarding the critical security violation fix. The vulnerability allows the user to send the account password reset form…
Windows SmartScreen Vulnerability Exploited to Spread Phemedrone Stealer
The malicious campaign exploits the CVE-2023-36025 vulnerability in Microsoft Windows Defender SmartScreen to spread Phemedrone Stealer. It utilizes intricate evasion techniques to bypass traditional security measures and target sensitive user…
Cisco Unity Connection Vulnerability Enables Root Access
Cisco has recently addressed a significant security vulnerabilit in its Unity Connection softwarey, identified as CVE-2024-20272. This flaw poses a critical risk as it allows unauthenticated attackers to gain root…
Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild
Ivanti issued an alert about its Connect Secure VPN appliances. Advanced threat actors are exploiting two zero-day vulnerabilities in cyberattacks, possibly including state-sponsored groups. That is yet another vulnerability in…
Water Curupira Hackers Spread PikaBot in Email Spam
Notorious group known as Water Curupira has unleashed a new wave of threats through their sophisticated malware, Pikabot. This menacing campaign, primarily spread through email spam, highlights an alarming escalation…
NoaBot Botnet: The Latest Mirai Offspring
A new botnet called NoaBot emerged in early 2023. It reportedly targets SSH servers for cryptocurrency mining using the Mirai platform. On top of the Mirai’s functionality, it brings several…