Recent Security News

  • DarkGate Malware Exploits Recently Patched Microsoft Flaw in Zero-Day Attack

    March 14, 2024 at 01:21AM In mid-January 2024, a DarkGate malware campaign leveraged a Microsoft Windows security flaw, leading to attacks targeting financial institutions. The flaw, CVE-2024-21412, was fixed in February 2024, but not before being exploited in conjunction with Google Ads open redirects. This tactic allowed threat actors to distribute malicious software installers, resulting…

    Read More

  • Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

    March 14, 2024 at 01:21AM Fortinet warns of critical flaw (CVE-2023-48788) in FortiClientEMS and two other bugs in FortiOS and FortiProxy, with a 9.3 CVSS score. Exploitation could result in unauthorized code execution. Upgrade affected versions as per the advisory. No current active exploitation, but immediate patching is crucial due to prior abuse of unpatched…

    Read More

  • 150K+ UAE Network Devices & Apps Found Exposed Online

    March 14, 2024 at 01:05AM The UAE’s increasing adoption of IT and operational technology has expanded its attack surface, leading to nearly 155,000 vulnerable assets due to misconfigurations and insecure applications. CPX’s “State of the UAE Cybersecurity Report 2024” emphasizes the need for a unified approach to improve national infrastructure and cybersecurity, amidst growing threats…

    Read More

  • Hackers abuse Windows SmartScreen flaw to drop DarkGate malware

    March 13, 2024 at 05:26PM The DarkGate malware exploits Windows Defender SmartScreen vulnerability, allowing attackers to automatically install fake software. Microsoft fixed the flaw in mid-February, but DarkGate operators are still using it to infect targeted systems. The attack involves malicious emails with PDF attachments, using open redirects to bypass security checks. Once executed, the…

    Read More

  • Yacht Retailer MarineMax Files ‘Cyber Incident’ with SEC

    March 13, 2024 at 04:59PM MarineMax disclosed a “cybersecurity incident” to the SEC, reporting a third-party’s unauthorized access to its information systems. Despite the disruption, the company stated the incident had not materially impacted its operations, with no sensitive data compromised. The investigation is ongoing, and law enforcement has been notified. The company filed a…

    Read More