August 19, 2024 at 05:32PM Microsoft apps for macOS have been found vulnerable to library injection attacks, enabling malicious actions without user interaction. Researchers at Cisco Talos identified that these apps, including Outlook, Teams, PowerPoint, and more, disable library validation, allowing attackers to gain unauthorized access. Despite being alerted, Microsoft has categorized the issue as … Read more
August 9, 2024 at 12:14AM Earth Baku (associated with APT41) has expanded its reach from the Indo-Pacific to Europe, the Middle East, and Africa since late 2022. This advanced threat actor targets countries such as Italy, Germany, UAE, and Qatar, using public-facing applications like IIS servers for initial access and deploying advanced malware toolsets such … Read more
August 6, 2024 at 05:18PM A study by Elastic Security reveals that reputation-based security controls are less effective at safeguarding organizations against unsafe web applications and content than commonly believed. Attackers have developed techniques like reputation hijacking, reputation seeding, and maliciously signed malware tools to bypass these mechanisms. The study recommends using behavior analysis tools … Read more
August 1, 2024 at 05:15AM A malvertising campaign targeting social media pages was discovered, with threat actors utilizing fake AI photo editor websites to execute credential theft. By hijacking and renaming social media pages to mimic legitimate AI photo editors, the threat actors post malicious links to phishing websites. These websites prompt users for their … Read more
July 14, 2024 at 11:37AM Cloudflare’s 2024 Application Security report highlights the rapid weaponization of proof-of-concept exploits, with attackers acting as quickly as 22 minutes after publication. The report identifies the most targeted CVEs, emphasizing the need for AI assistance to develop effective detection rules. Additionally, the report reveals a significant increase in DDoS traffic, … Read more
March 28, 2024 at 12:38PM Cisco has released recommendations to address password-spraying attacks targeting Remote Access VPN services on Cisco Secure Firewall devices, which are believed to be part of reconnaissance activity. The company suggests indicators of compromise for detection and blocking, such as abnormal authentication requests and inability to establish VPN connections. Security researcher … Read more
March 21, 2024 at 12:02PM The Sign1 malware campaign has infected over 39,000 websites, injecting malicious scripts into WordPress sites by exploiting vulnerabilities or using brute force attacks. The malware uses time-based randomization and dynamic URLs to evade detection, redirects visitors to scam sites, and has evolved to become more resilient. Website owners are advised … Read more
March 4, 2024 at 09:47AM The National Intelligence Service (NIS) of South Korea has warned of increased cyber espionage attacks by North Korean hackers targeting domestic semiconductor manufacturers. The attacks exploit known vulnerabilities in internet-exposed servers to steal sensitive data. South Korean chipmakers, including Samsung Electronics and SK Hynix, are crucial in the global semiconductor … Read more