July 22, 2024 at 03:36AM The JavaScript downloader malware SocGholish is distributing a remote access trojan called AsyncRAT and the legitimate open-source project BOINC. BOINC is being abused to connect to malicious servers and evade detection. The cybersecurity firm believes these connections pose a high risk and could potentially be used for malicious commands or … Read more
July 18, 2024 at 03:30PM Cisco has issued a patch for a critical vulnerability, CVE-2024-20419, enabling unauthorized password changes. The CVSS rating of 10 underlines the severity, with low attack complexity and high product impact. SSM On-Prem and SSM Satellite are affected, and no workarounds exist. Users in sensitive sectors are urged to promptly apply … Read more
July 17, 2024 at 06:03AM Oracle announced 386 new security patches in its July 2024 Critical Patch Update (CPU), addressing over 260 unauthenticated, remotely exploitable vulnerabilities. The update includes roughly 240 unique CVEs, with notable patches for Communications and Financial Services Applications. Oracle urges customers to apply patches promptly to avoid exploitation as threat actors … Read more
July 16, 2024 at 10:10AM A massive ad fraud operation named Konfety has been uncovered, using hundreds of Google Play Store apps to engage in malicious activities. The campaign exploits a mobile advertising SDK associated with a Russia-based ad network, deploying “evil twin” versions of legitimate apps to commit ad fraud, monitor web searches, and … Read more
July 16, 2024 at 05:15AM The Void Banshee APT group was discovered exploiting a zero-day vulnerability in the Microsoft MHTML browser engine to distribute the Atlantida information stealer. It was used in a multi-stage attack chain via specially crafted internet shortcut files. The group targets organizations globally and has a history of information theft and … Read more
July 15, 2024 at 07:09AM Cybersecurity threat actors are exploiting the cyber ecosystem, offering services ranging from developing and selling infostealer malware to spreading and monetizing stolen data. Specialization and market evolution have lowered the barrier of entry, providing opportunities for anyone to profit from cybercrime. The pervasive problem calls for vigilance and proactive measures … Read more
July 14, 2024 at 11:37AM Cloudflare’s 2024 Application Security report highlights the rapid weaponization of proof-of-concept exploits, with attackers acting as quickly as 22 minutes after publication. The report identifies the most targeted CVEs, emphasizing the need for AI assistance to develop effective detection rules. Additionally, the report reveals a significant increase in DDoS traffic, … Read more
July 12, 2024 at 08:00AM A critical security issue in the Exim mail transfer agent has a 9.1 out of 10.0 CVSS score (CVE-2024-39929). Attackers can deliver malicious attachments to user inboxes, potentially compromising systems. Over 1.5 million Exim servers are vulnerable, primarily in the U.S., Russia, and Canada. It’s essential to apply the patches … Read more
July 11, 2024 at 10:48AM GitLab has released security updates to address six vulnerabilities in GitLab CE and EE, including a critical-severity bug (CVE-2024-6385) allowing an attacker to trigger a pipeline as another user. The updates also address a medium-severity bug and four low-severity flaws. Users are advised to update their instances promptly due to … Read more
July 11, 2024 at 10:36AM The Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch organization in early 2023. The red team mimicked the techniques, tradecraft, and behaviors of sophisticated threat actors to assess the organization’s security posture. The assessment revealed findings related to initial access, … Read more