CISA has issued a warning that a high-severity SLP vulnerability is now being actively exploited.
On Wednesday, the United States Cybersecurity and Infrastructure Security Agency (CISA) issued a stark warning, adding a high-severity vulnerability in the Service Location Protocol (SLP) to its roster of Known Exploited Vulnerabilities (KEV). The agency cited compelling evidence of ongoing…
0 Comments4 Minutes
Deceptive Tactics through a Fake Windows News Portal
Recent findings reveal a novel malvertising strategy employing counterfeit websites masquerading as legitimate Windows news portals. The primary objective is to propagate a malevolent installation of CPU-Z, a widely recognized system benchmarking utility. [FREE E-BOOK] The Definite Blueprint for…
0 Comments5 Minutes
A new type of GootLoader malware is hard to catch and spreads quickly.
Researchers have discovered that non-privileged attackers are exploiting as many as 34 distinct Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers with vulnerabilities, enabling them to achieve complete control over the associated devices and execute any desired code on the…
0 Comments4 Minutes
Google’s Security Measures Fall Short Against SecuriDropper
Cybersecurity experts have discovered a new Android Dropper-as-a-Service (DaaS) named SecuriDropper, which successfully bypasses Google’s latest security protocols, enabling the delivery of malware. Dropper malware for Android serves as a means to deliver a payload to an already compromised…
0 Comments4 Minutes
Researchers Uncover Vulnerabilities in 34 Windows Drivers
Researchers have discovered that non-privileged attackers are exploiting as many as 34 distinct Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers with vulnerabilities, enabling them to achieve complete control over the associated devices and execute any desired code on the…
0 Comments3 Minutes
F5 warns of active attacks that take advantage of a BIG-IP vulnerability
F5 is alerting the public about an active misuse of a critical security vulnerability in BIG-IP, all within a week of the flaw’s public disclosure. The continued exploitation of this vulnerability, resulting in the execution of arbitrary system commands as part of an attack chain, is the…
0 Comments4 Minutes
Infected NuGet Packages Unearthed Distributing the SeroXen Remote Administration Tool
Within the realm of information security, diligent researchers have unveiled a fresh wave of malicious packages distributed via the NuGet package manager. These packages employ a less recognized malware distribution strategy. [FREE E-BOOK] The Definite Blueprint for Cybersecurity in Manufacturing…
0 Comments4 Minutes
Hackers Infecting Windows PCs with GHOSTPULSE via MSIX App Packages
A recently unveiled cyber assault campaign has uncovered a new threat in the form of GHOSTPULSE, a novel malware loader. This threat is spreading by mimicking MSIX Windows program package files of popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex. These…
0 Comments4 Minutes
VMware Releases Critical Patch for Remote Code Execution Vulnerability in vCenter Server
VMware has taken swift action to address a critical vulnerability in the vCenter Server that could potentially lead to remote code execution on vulnerable systems. The discovery of this flaw was made by VMware itself, and the company has promptly responded by issuing crucial security updates. An…
0 Comments3 Minutes
Critical Flaws Discovered in OAuth Platforms: Grammarly, Vidio, and Bukalapak
The Open Authorization (OAuth) implementation in well-known web services, such as Grammarly, Vidio, and Bukalapak, has come under scrutiny due to critical security issues. These vulnerabilities extend from previous shortcomings identified in Booking.com and Expo. [FREE E-BOOK] The Definite…
0 Comments4 Minutes