Cybersecurity Archives – Page 5 of 24

New Google Chrome 0-day Vulnerability Exploited, Update Now

Google released a new patch that fixes 3 vulnerabilities; one among them is already exploited

In the most recent release notes, Google reports about a new 0-day vulnerability that is already exploited in the wild. The update fixes the issue, but the very fact of it being exploited means it should be implemented as soon as possible. It appears to be the first 0-day exploit in Chrome browser in 2024.… Continue reading New Google Chrome 0-day Vulnerability Exploited, Update Now

Novice FBot Stealer Targets Cloud Services

Emerging FBot stealer, a beginner's tool, targets cloud platforms, exploiting vulnerabilities for data theft.

Researchers report about a new malware strain dubbed FBot. This Python-based malicious program appears to be a unique tool in cybercriminals’ arsenal. Its uniqueness is due to its targeting of web and cloud services. Deeper analysis reveals that it was potentially made for a specific cybercrime group or for the use in specific attacks. FBot… Continue reading Novice FBot Stealer Targets Cloud Services

AzorUlt Stealer Is Back In Action, Uses Email Phishing

Once-forgotten malware is back in business

Cybersecurity experts have stumbled upon the eight-year-old Azorult malware. This malware steals information and collects sensitive data, and has been down since late 2021. But will the old dog keep up to new tricks? Azorult Malware Resurfaces After 2 Years A recent research in the cyber threat landscape has brought to light concerning news about… Continue reading AzorUlt Stealer Is Back In Action, Uses Email Phishing

Remcos RAT Targets South Korean Users Through Webhards

A new wave of Remcos RAT spreading targets people from South Korea

An infamous Remcos RAT reportedly started targeting South Korean users through the files shared on Webhards platform. By baiting users with cracked software and adult content, hackers manage to install a malicious script that in turn downloads and runs the dangerous remote access trojan. Remcos RAT Uses Webhards to Spread Recent research of South Korean… Continue reading Remcos RAT Targets South Korean Users Through Webhards

GitLab Zero-Click Account Hijack Vulnerability Revealed

GitHub developers release a fix to the critical account hijack vulnerability

On January 11, 2024, GitLab released an update with the official warning regarding the critical security violation fix. The vulnerability allows the user to send the account password reset form to an unverified email address, effectively granting a stranger access to the repository. Almost all 16.x versions of their software package is susceptible to the… Continue reading GitLab Zero-Click Account Hijack Vulnerability Revealed

Cisco Unity Connection Vulnerability Enables Root Access

Cisco patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices.

Cisco has recently addressed a significant security vulnerabilit in its Unity Connection softwarey, identified as CVE-2024-20272. This flaw poses a critical risk as it allows unauthenticated attackers to gain root privileges on affected systems. The update is already available and is recommended for installation as soon as possible. Vulnerability in Cisco Unity Connection Allows for… Continue reading Cisco Unity Connection Vulnerability Enables Root Access

Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild

A combo of two zero-day vulnerabilities in ICS poses a threat to the clients

Ivanti issued an alert about its Connect Secure VPN appliances. Advanced threat actors are exploiting two zero-day vulnerabilities in cyberattacks, possibly including state-sponsored groups. That is yet another vulnerability in Ivanti software. Ivanti Connect Secure Zero-Day Exploited Ivanti, a prominent software company, recently issued a critical alert concerning its Connect Secure VPN appliances. These devices… Continue reading Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild

Water Curupira Hackers Spread PikaBot in Email Spam

Water Curupira group started spreading Pikabot malware, targeting victims with deceptive emails for data breaches.

Notorious group known as Water Curupira has unleashed a new wave of threats through their sophisticated malware, Pikabot. This menacing campaign, primarily spread through email spam, highlights an alarming escalation in cyber attacks. It targets unsuspecting victims with deceptive emails, leading to unauthorized access and potential data breaches. Water Curupira’s Email Spam Campaigns Water Curupira,… Continue reading Water Curupira Hackers Spread PikaBot in Email Spam

Apache OFBiz Vulnerability Exposes Millions of Systems

SonicWall detects zero-day AuthBIZ flaw in Apache OFBiz

The cyber world has been rattled by the recent discovery of a critical zero-day vulnerability in Apache OFBiz, known as CVE-2023-51467. Researchers at SonicWall unveiled this flaw, which poses a significant threat by enabling attackers to bypass authentication and carry out a Server-Side Request Forgery (SSRF). The vulnerability is severe, with a CVSS score of… Continue reading Apache OFBiz Vulnerability Exposes Millions of Systems

YouTube Videos Promote Software Cracks With Lumma Stealer

YouTube has taken the baton for spreading malware in warez

Researchers have discovered a cybersecurity threat that targets users through YouTube videos. These videos offer pirated software but are being used to distribute malware, specifically Lumma stealer. YouTube Videos Promoting Malware Concerning a development in the cybersecurity world, researchers have identified a new threat targeting freeloaders via YouTube videos. These videos are seemingly harmless and… Continue reading YouTube Videos Promote Software Cracks With Lumma Stealer