BIG-IP vulnerability

F5 warns of active attacks that take advantage of a BIG-IP vulnerability

F5 is alerting the public about an active misuse of a critical security vulnerability in BIG-IP, all within a week of the flaw’s public disclosure. The continued exploitation of this vulnerability, resulting in the execution of arbitrary system commands as part of an attack chain, is the…


0 Comments4 Minutes

seroxen

Infected NuGet Packages Unearthed Distributing the SeroXen Remote Administration Tool

Within the realm of information security, diligent researchers have unveiled a fresh wave of malicious packages distributed via the NuGet package manager. These packages employ a less recognized malware distribution strategy. [FREE E-BOOK] The Definite Blueprint for Cybersecurity in Manufacturing…


0 Comments4 Minutes

GHOSTPULSE

Hackers Infecting Windows PCs with GHOSTPULSE via MSIX App Packages

A recently unveiled cyber assault campaign has uncovered a new threat in the form of GHOSTPULSE, a novel malware loader. This threat is spreading by mimicking MSIX Windows program package files of popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex. These…


0 Comments4 Minutes

VMware

VMware Releases Critical Patch for Remote Code Execution Vulnerability in vCenter Server

VMware has taken swift action to address a critical vulnerability in the vCenter Server that could potentially lead to remote code execution on vulnerable systems. The discovery of this flaw was made by VMware itself, and the company has promptly responded by issuing crucial security updates. An…


0 Comments3 Minutes

OAuth Platforms

Critical Flaws Discovered in OAuth Platforms: Grammarly, Vidio, and Bukalapak

The Open Authorization (OAuth) implementation in well-known web services, such as Grammarly, Vidio, and Bukalapak, has come under scrutiny due to critical security issues. These vulnerabilities extend from previous shortcomings identified in Booking.com and Expo. [FREE E-BOOK] The Definite…


0 Comments4 Minutes

Cisco's Discovers A Second Zero-Day Vulnerability

Cisco’s Discovery: A Second Zero-Day Vulnerability Despite the Decline in Hacked Devices

Cisco, a cybersecurity industry leader, recently brought a troubling revelation to light—an additional zero-day vulnerability actively exploited in IOS XE. This discovery occurs alongside a noteworthy reduction in compromised devices. In a proactive move, Cisco issued a warning to its valued…


0 Comments6 Minutes

Google Play Protect

Real-Time Code-Level Scanning is Now Available for Android Malware Thanks to Google Play Protect

An update to Google’s Play Protect has been released, and the company has revealed that it will now offer real-time scanning at the code level. This will allow Google to combat newly discovered harmful apps before users download and install them on Android devices. “Google Play Protect…


0 Comments4 Minutes

Lazarus group

Lazarus Group Is Going After Defense Experts Using Bogus Interviews Conducted Through Trojanized VNC Apps.

As part of a long-running campaign known as Operation Dream Job, the Lazarus Group which has ties to North Korea and is also known as Hidden Cobra or TEMP. Hermit has been seen employing trojanized versions of Virtual Network Computing (VNC) software as lures to target individuals working in the…


0 Comments6 Minutes

SpyNote

Be Cautious of SpyNote, an Android Trojan That Records Both Audio and Phone Calls

The Android banking trojan known as SpyNote has been deconstructed, revealing its multifaceted information-gathering capabilities. According to F-Secure, the attack chains that deploy this spyware mainly propagate through SMS phishing operations. These chains are intricately designed to mislead…


0 Comments4 Minutes

WinRAR Vulnerability

Pro-Russian Hackers Exploiting New WinRAR Vulnerability in Phishing Campaign

In a targeted phishing campaign designed to extract sensitive credentials from compromised computers, pro-Russian hacking groups have leveraged a recently identified security flaw in the WinRAR archiving software, granting them unauthorized access to systems. “The attack involves the use of…


0 Comments6 Minutes