Urgent update of Google Chrome to fix vulnerability.
On Monday, Google issued emergency patches to address a newly discovered zero-day vulnerability in the Chrome web browser. This critical flaw, identified as CVE-2024-4761, affects the V8 JavaScript and WebAssembly engine and has already been exploited by malicious actors in the wild. Initially…
0 Comments4 Minutes
Malicious Python Package Mimics Requests Logo for Sliver C2.
A malicious Python package that appears to be a spin-off of the popular requests library has been discovered by cybersecurity experts to be hiding a Golang version of the Sliver command-and-control (C2) framework behind a PNG image of the project’s logo. Requests-darwin-lite is the package…
0 Comments4 Minutes
LockBit Ransomware Shut Down
As part of a special task force known as Operation Cronos, the U.K. National Crime Agency (NCA) announced on Tuesday that it had obtained LockBit’s source code along with a wealth of information about its operations and those of its associates. “Some of the data on LockBit’s…
0 Comments8 Minutes
Hijack Loader Malware Utilizes Process Hollowing
A recent version of the Hijack Loader Malware has been seen to use a fresh set of anti-analysis methods to evade detection. “These improvements try to make the malware more stealthy, so it stays undetected for longer periods of time,” Zscaler ThreatLabz researcher Muhammad Irfan V A…
0 Comments4 Minutes
IMPORTANT! Google Simplifies Two-Factor Authentication
Google announced on Monday that it’s streamlining two-factor authentication (2FA) for customers using Workspace and personal accounts. Also known as 2-Step Verification (2SV), it enhances the security of users’ accounts by helping prevent unauthorized access in case passwords are…
0 Comments5 Minutes
Multiple Flaws Affect Xiaomi’s Android Devices
Various security vulnerabilities have been discovered within Android-based apps and system components installed on Xiaomi smartphones. According to a report from mobile security firm Oversecured “The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with…
0 Comments4 Minutes
Cybersecurity Monitoring Service: Your Digital Guardian
Cybersecurity monitoring services act as the eyes and ears of your IT environment, continuously scanning for anomalies that could indicate a potential security breach. By integrating advanced technologies and expert insights, these services provide a proactive approach to security, ensuring that…
0 Comments17 Minutes
CISA Alerts on GitLab Password Reset Exploit
Due to ongoing exploitation in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a significant vulnerability affecting GitLab to its Known Exploited Vulnerabilities (KEV) database. Tracked as CVE-2023-7028 (CVSS score: 10.0), this critical vulnerability could…
0 Comments4 Minutes
U.S. government issues critical infrastructure AI security recommendations.
The U.S. government has recently issued new security rules aimed at safeguarding critical infrastructure from potential threats posed by A.I. technology. “These guidelines are informed by the whole-of-government effort to assess A.I. risks across all sixteen critical infrastructure sectors…
0 Comments5 Minutes
Sandbox Escape Vulnerabilities in Judge0 Open Systems to Takeover
The Judge0 open-source online code execution system has several severe security issues that could be exploited to execute code on the target system. The three serious issues allow an “adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host…
0 Comments4 Minutes