July 11, 2024 at 01:54AM Multiple threat actors are exploiting a recently disclosed security flaw in PHP (CVE-2024-4577) to deliver remote access trojans, cryptocurrency miners, and DDoS botnets. Users are advised to update their PHP installations. Additionally, DDoS attacks increased 20% year-over-year, with China being the most targeted country. Follow for more exclusive content. Based … Read more
July 10, 2024 at 07:48AM Russian government-backed threat actors have utilized the Meliorator software’s artificial intelligence features to create fake online personas and disseminate disinformation about multiple countries. This tool allows the mass creation of seemingly authentic social media accounts and the perpetuation of false narratives. The US has seized domain names used for this … Read more
July 9, 2024 at 11:13AM The joint advisory from international cybersecurity agencies and law enforcement warns of Chinese state-sponsored APT40’s cyberespionage attacks. APT40, known by various aliases, targets government and private entities in the US and Australia. They exploit vulnerabilities in public-facing infrastructure and edge networking devices and utilize hijacked SOHO routers for launching attacks. … Read more
July 9, 2024 at 08:13AM Researchers found that misconfigured Jenkins Script Console instances can be exploited for criminal activities, like cryptocurrency mining. Attackers can gain remote code execution and misuse sensitive data. The console lacks administrative controls and can be accessed over the internet due to misconfigurations. Safeguards include proper configuration, robust authentication, and restriction … Read more
July 8, 2024 at 05:41PM Threat actors leaked 39,000 print-at-home tickets for 150 upcoming concerts and events, including artists like Pearl Jam and Foo Fighters. This was part of an ongoing extortion campaign against Ticketmaster, demanding millions in ransom. Ticketmaster claims their anti-fraud measures make the leaked data useless, but hackers argue that the barcodes … Read more
June 30, 2024 at 10:35AM Fake IT support sites are promoting malicious PowerShell “fixes” to infect devices with information-stealing malware, targeting common Windows errors like the 0x80070643 error. Threat actors are creating fake videos and sites, with YouTube channels being hijacked to add legitimacy. Users should be cautious and seek fixes from trusted sources to … Read more
June 27, 2024 at 06:45AM Threat actors are exploiting the 2024 Olympics to lure victims into investing in ICO scams, using AI-generated images for fake ICO websites. With a surge in cybercriminals targeting major events, potential investors are at risk of losing money as scams promise returns but vanish, leaving victims with worthless assets. The … Read more
June 26, 2024 at 06:57AM Between 2021 and 2023, threat actors with ties to China and North Korea have conducted ransomware attacks targeting government and critical infrastructure sectors worldwide. Cybersecurity firms linked these attacks to groups including ChamelGang and state-sponsored entities. The use of ransomware in cyber espionage operations blurs the lines between cybercrime and … Read more
June 25, 2024 at 07:51AM Threat actors are using a novel attack technique, named GrimResource, to exploit a vulnerability in Microsoft Management Console (MMC) using maliciously crafted .MSC files. This technique allows for arbitrary code execution and has been used by the Kimsuky hacking group. The approach bypasses security measures and can lead to system … Read more
June 24, 2024 at 03:06PM A novel command execution technique, ‘GrimResource,’ leverages an unpatched Windows XSS flaw and specially crafted MSC files to deploy malware. This technique successfully evades detection and current antivirus engines. The attack begins with a malicious MSC file exploiting a known XSS vulnerability, ultimately leading to the deployment of Cobalt Strike … Read more