Tag: Cybersecurity

2 Citrix RCE Under Active Exploitation, CISA Notifies

Two Citrix vulnerabilities are exploited and must be patched within seven days.

CISA has given a timeframe of one to three weeks to fix three vulnerabilities related to Citrix NetScaler and Google Chrome. These zero-day vulnerabilities were actively used in cyber attacks. 2 Citrix RCEs Exploited In The Wild, CISA Urges to Update Wednesday, January 17, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding… Continue reading 2 Citrix RCE Under Active Exploitation, CISA Notifies

LockBit Ransomware Uses Resume Word Files to Spread

LockBit ransomware group is back to utilizing Word files to distribute the payload.

A recent investigation by ASEC reveals the new tactics of an infamous LockBit ransomware. “Post-paid pentesters” started masquerading as innocuous summaries in Word documents. Ironically, this similar tactic is reminiscent of its past modus operandi. This clever tactic allows the ransomware to infiltrate systems unnoticed. LockBit Ransomware in action The LockBit ransomware, known for its… Continue reading LockBit Ransomware Uses Resume Word Files to Spread

Over 178,000 SonicWall Firewalls are Vulnerable to DoS and RCE

SonicWall's series 6 and 7 NGFWs have two unauthenticated DoS vulnerabilities with potential for remote code execution.

Recent research uncovers a significant portion of SonicWall firewall instances being susceptible to attacks. In particular, two vulnerabilities are able to cause remote code execution (RCE) and DoS attacks. Unfortunately, no official patches are available at the moment, forcing clients to seek a workaround. Uncovering the Flaws The vulnerabilities in question are primarily two stack-based… Continue reading Over 178,000 SonicWall Firewalls are Vulnerable to DoS and RCE

9 PixieFail Vulnerabilities Discovered in TianoCore’s EDK II

A newly discovered set of vulnerabilities touches a wide selection of hardware and firmware developers

A chain of 9 vulnerabilities in UEFI’s Preboot Execution Environment (PXE), dubbed PixieFail, was uncovered in a recent research. As the network boot process is a rather novice attack vector, only a few vulnerabilities received high severity status. Nonetheless, their sheer volume, along with the location in rather sensitive places, can create a mess if… Continue reading 9 PixieFail Vulnerabilities Discovered in TianoCore’s EDK II

What are Facebook Job Scams and How to Avoid Them?

A new wave of scams hits Facebook, trying to lure out personal information under the guise of job offers

Facebook is probably the most widely used social media globally. Unfortunately, it has also become a hub for scammers to target unsuspecting users. Among them, fake job scams appear to be on an uptrend. What they are, and how to avoid them – I am going to cover those questions in this post. What is… Continue reading What are Facebook Job Scams and How to Avoid Them?

New Google Chrome 0-day Vulnerability Exploited, Update Now

Google released a new patch that fixes 3 vulnerabilities; one among them is already exploited

In the most recent release notes, Google reports about a new 0-day vulnerability that is already exploited in the wild. The update fixes the issue, but the very fact of it being exploited means it should be implemented as soon as possible. It appears to be the first 0-day exploit in Chrome browser in 2024.… Continue reading New Google Chrome 0-day Vulnerability Exploited, Update Now

Novice FBot Stealer Targets Cloud Services

Emerging FBot stealer, a beginner's tool, targets cloud platforms, exploiting vulnerabilities for data theft.

Researchers report about a new malware strain dubbed FBot. This Python-based malicious program appears to be a unique tool in cybercriminals’ arsenal. Its uniqueness is due to its targeting of web and cloud services. Deeper analysis reveals that it was potentially made for a specific cybercrime group or for the use in specific attacks. FBot… Continue reading Novice FBot Stealer Targets Cloud Services

AzorUlt Stealer Is Back In Action, Uses Email Phishing

Once-forgotten malware is back in business

Cybersecurity experts have stumbled upon the eight-year-old Azorult malware. This malware steals information and collects sensitive data, and has been down since late 2021. But will the old dog keep up to new tricks? Azorult Malware Resurfaces After 2 Years A recent research in the cyber threat landscape has brought to light concerning news about… Continue reading AzorUlt Stealer Is Back In Action, Uses Email Phishing

Remcos RAT Targets South Korean Users Through Webhards

A new wave of Remcos RAT spreading targets people from South Korea

An infamous Remcos RAT reportedly started targeting South Korean users through the files shared on Webhards platform. By baiting users with cracked software and adult content, hackers manage to install a malicious script that in turn downloads and runs the dangerous remote access trojan. Remcos RAT Uses Webhards to Spread Recent research of South Korean… Continue reading Remcos RAT Targets South Korean Users Through Webhards

GitLab Zero-Click Account Hijack Vulnerability Revealed

GitHub developers release a fix to the critical account hijack vulnerability

On January 11, 2024, GitLab released an update with the official warning regarding the critical security violation fix. The vulnerability allows the user to send the account password reset form to an unverified email address, effectively granting a stranger access to the repository. Almost all 16.x versions of their software package is susceptible to the… Continue reading GitLab Zero-Click Account Hijack Vulnerability Revealed