Fortinet RCE Vulnerability Affects FortiClient EMS Servers

Critical vulnerability CVE-2023-48788 in FortiClient EMS, potentially allow remote code execution without authentication.

Fortinet disclosed a critical vulnerability affecting FortiClient EMS products in March 2024. This vulnerability, categorized as an SQL injection, poses a significant cybersecurity threat. Above all, it has the potential to allow remote attackers to execute arbitrary commands on administrative workstations. Fortinet SQLi Vulnerability Causes Remote Code Execution As I mentioned, the vulnerability is classified… Continue reading Fortinet RCE Vulnerability Affects FortiClient EMS Servers

Adobe Reader Infostealer Plagues Email Messages in Brazil

Frauds use forged PDF documents to deploy infostealers

A recent email spam campaign reportedly spreads infostealer malware under the guise of Adobe Reader Installer. Within a forged PDF document, there is a request to install Adobe Reader app, that triggers malware downloading and installation. Considering the language of the said documents, this malicious activity mainly targets Portugal and Brazil. Infostealer Spreads in Fake… Continue reading Adobe Reader Infostealer Plagues Email Messages in Brazil

Misleading:Win32/Lodi – Analysis and Removal

Win32/Lodi is a detection of scareware running in your system

Misleading:Win32/Lodi is Microsoft Defender’s detection of potentially dangerous software. It makes misleading or deceptive claims about files, registry entries or other items on your computer. Such programs are also known as scareware – software that tries to get you to pay money to fix non-existent problems or remove bogus viruses. In this article, I will… Continue reading Misleading:Win32/Lodi – Analysis and Removal

What is PUADlManager:Win32/OfferCore? Analysis and Removal

Win32/OfferCore brings numerous unwanted programs to your system

PUADlManager:Win32/OfferCore is a detection of Microsoft Defender related to bundled software, specifically to a piece of code that is used to create the bundle. OfferCore itself is not a specific program or application. Instead, it is an add-on used to package multiple software components into a single installer. Such components rarely include any useful applications… Continue reading What is PUADlManager:Win32/OfferCore? Analysis and Removal

LockBit Ransomware Taken Down by NCA

LockBit was considered the toughest nuts, but then law enforcements pulled a nutcracker

On February 19, 2024, LockBit ransomware was taken down by the UK National Crime Agency in cooperation with a selection of other law enforcement agencies. The banner typical for such takedowns now illustrates all the web assets of LockBit ransomware. There is quite a hope about the possible release of decryption keys and even a… Continue reading LockBit Ransomware Taken Down by NCA

MIT Hacked, Students’ Data Sold on the Darknet

Hackers publish a database full of info about the current - and past - students of MIT

On February 13, 2024, a post on a Darknet forum appeared, offering to purchase a large pack of data leaked from Massachusetts Institute of Technology (MIT). The hacker under the alias “Ynnian” claims that the leak happened this year, and consists mainly of students’ data. No pay is asked for this DB, hence the information… Continue reading MIT Hacked, Students’ Data Sold on the Darknet

Warzone RAT Dismantled, Members Arrested

International crackdown dismantles Warzone RAT, leading to key arrests in Malta and Nigeria.

In an international law enforcement operation, the U.S. Department of Justice continues its fight against cybercriminals. The operation dismantled a network that sold and supported the Warzone Remote Access Trojan (RAT). Also, this malware allowed cybercriminals to stealthily infiltrate victims’ computers, resulting in data theft and other malicious activities. Warzone RAT Masters Arrested and Charged… Continue reading Warzone RAT Dismantled, Members Arrested

HijackLoader Malware Comes With New Evasion Methods

New malware offers some really unique detection evasion techniques

The HijackLoader malware has added new defense evasion techniques. Other threat actors are increasingly using the malware to deliver payloads and tooling. The developer used a standard process hollowing technique coupled with a trigger that makes defense evasion stealthier. What is HijackLoader? According to the researchers’ report, the HijackLoader malware, or IDAT Loader, has recently… Continue reading HijackLoader Malware Comes With New Evasion Methods

New Fortinet VPN RCE Flaw Discovered, Patch ASAP

Critical vulnerability in Fortinet's SSL VPN poses a severe threat, enabling remote code execution by attackers.

Fortinet has issued a warning about a recently discovered critical vulnerability in its FortiOS SSL VPN system that could be actively exploited by attackers. The vulnerability in Fortinet network security solutions poses a significant threat to organizations. It allows unauthenticated attackers to gain remote code execution (RCE) capabilities through maliciously crafted requests. Fortinet VPN RCE… Continue reading New Fortinet VPN RCE Flaw Discovered, Patch ASAP

Ov3r_Stealer Steals Crypto and Credentials, Exploits Facebook Job Ads

Cybersecurity experts warn against a surge in fake Facebook job advertisements designed to spread Ov3r_Stealer malware.

A new Windows malware called Ov3r_Stealer is spreading through fake Facebook job ads, according to a report by Trustwave SpiderLabs. The malware is designed to steal sensitive information and crypto wallets from unsuspecting victims. Let’s delve into the mechanics of these deceptive ads, and Ov3r_Stealer. Ov3r_Stealer Abuses Facebook Job Ads Scammers use elaborate job ads… Continue reading Ov3r_Stealer Steals Crypto and Credentials, Exploits Facebook Job Ads