Phishing Attack Uses Google & WhatsApp Links
Overview of the Threat Cybersecurity experts have recently identified a novel phishing campaign that cleverly exploits Google Drawings and WhatsApp-generated shortened URLs to deceive users into handing over sensitive personal information. This new tactic highlights the ever-evolving nature of…
0 Comments4 Minutes
Hackers Exploit Roundcube Webmail Flaws
Security Concerns in Roundcube Webmail Security experts have discovered several vulnerabilities in the Roundcube webmail program that could allow attackers to inject malicious JavaScript into a user’s browser, leading to the theft of sensitive data from their account. You might be…
0 Comments4 Minutes
Major Vulnerability in Rockwell Devices
Overview of the Vulnerability A significant security flaw has been identified in Rockwell Automation’s ControlLogix 1756 devices, which could allow unauthorized access to system programming and configuration via the common industrial protocol (CIP). This vulnerability, labeled CVE-2024-6242,…
0 Comments4 Minutes
Google Chrome’s Latest Security for Cookies
New Challenges for Attackers In a recent update, Chrome has introduced a new security measure that complicates life for attackers. “Since the app-bound service operates with system-level privileges, hackers now need more than just a malicious app to infiltrate a system,” explained…
0 Comments3 Minutes
Over a Million Domains Exposed to Hijacking
What is the Sitting Ducks Attack? A recent investigation by Infoblox and Eclypsium has uncovered a major vulnerability in over a million domains, exposing them to a method known as the Sitting Ducks attack. This technique, actively exploited by more than a dozen cybercriminal groups linked to…
0 Comments4 Minutes
DigiCert to Revoke more than 85K SSL/TLS Certificates
DigiCert to Revoke Certain SSL/TLS Certificates Due to Domain Validation Issue Summary of the Issue DigiCert has announced that it will revoke a subset of SSL/TLS certificates within 24 hours due to an error in their domain validation process. The company identified that it had not properly…
0 Comments4 Minutes
New Mandrake Spyware Version on Google Play Store
Mandrake Spyware Resurfaces in Google Play Store Apps A sophisticated Android spyware known as Mandrake has been detected in five applications available on the Google Play Store. This spyware remained undetected for two years before being discovered. According to Kaspersky, these infected apps…
0 Comments4 Minutes
Chrome Adds Password Verification for Archive Scans
Google Chrome has introduced new alerts to help users identify and avoid dangerous downloads. These improved warning messages are designed to provide quick and clear information about the potential risks of downloaded files. You might be interested in: MacOS Users Face New Threat from BeaverTail…
0 Comments4 Minutes
Videos Used to Spread Malware via Telegram
A significant security issue, dubbed EvilVideo, was discovered in Telegram’s Android app. This flaw allowed attackers to send harmful files disguised as seemingly harmless videos. Discovery and Resolution Timeline On June 6, 2024, the exploit was listed for sale on an underground forum for an…
0 Comments6 Minutes
FrostyGoop: A New Threat to Industrial Control Systems
In January, a devastating cyber attack targeted an energy company in Lviv, Ukraine, marking the first known use of a new malware specifically designed to harm Industrial Control Systems (ICS). The industrial cybersecurity firm Dragos has identified this malware as FrostyGoop. Discovered in April…
0 Comments4 Minutes