exploit

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

Jan 3, 2024 by iHash Leave a Comment

Jan 03, 2024NewsroomMalware / Data Theft Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and cookie generation, enabling threat … [Read more...] about Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.

Nov 29, 2023 by iHash Leave a Comment

Nov 29, 2023NewsroomCyber Attack / Hacking The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that it's responding to a cyber attack that involved the active exploitation of Unitronics programmable logic controllers (PLCs) to target the Municipal Water Authority of Aliquippa in western Pennsylvania. The attack has been attributed to an Iranian-backed … [Read more...] about Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.

What is a zero-click exploit?

Nov 16, 2023 by iHash Leave a Comment

Some people believe that if you don’t click on dangerous links, open suspicious files, or install programs from untrusted sources, you don’t have to worry about malware infections. Unfortunately, this isn’t entirely true. There are so-called zero-click exploits that don’t require any actions of the targeted user. Creating zero-click exploits requires both serious expertise and … [Read more...] about What is a zero-click exploit?

PoC Exploit Released for Critical VMware Aria’s SSH Auth Bypass Vulnerability

Sep 3, 2023 by iHash Leave a Comment

Sep 03, 2023THNNetwork Security / Vulnerability Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication … [Read more...] about PoC Exploit Released for Critical VMware Aria’s SSH Auth Bypass Vulnerability

Falcon Complete: Zero-Day Exploit Case Study

Aug 22, 2023 by iHash Leave a Comment

CrowdStrike Counter Adversary Operations is committed to analyzing active exploitation campaigns and detecting and blocking zero-days to protect our customers. In July 2023, the CrowdStrike Falcon® Complete managed detection and response (MDR) team discovered an unknown exploit kit leveraging a still-unknown vulnerability affecting the Windows Error Reporting (WER) component. … [Read more...] about Falcon Complete: Zero-Day Exploit Case Study

Data Exfiltration for MOVEit Transfer Exploit

Jun 19, 2023 by iHash Leave a Comment

Summary Points Organizations around the globe continue to experience the fallout of the MOVEit Transfer exploit CVE-2023-34362 CrowdStrike incident responders have identified evidence of mass file exfiltration from the MOVEit application, as a result of the webshell activity on compromised MOVEit systems Data exfiltration activity can be identified by analyzing the MOVEit … [Read more...] about Data Exfiltration for MOVEit Transfer Exploit

Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

Apr 12, 2023 by iHash Leave a Comment

Apr 12, 2023Ravie LakshmananPatch Tuesday / Software Updates It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. … [Read more...] about Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack

Mar 18, 2023 by iHash Leave a Comment

Mar 18, 2023Ravie LakshmananNetwork Security / Cyber Espionage The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors … [Read more...] about Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack

Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit

Jan 11, 2023 by iHash Leave a Comment

The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with one of the vulnerabilities also listed as publicly known at the time of release. Separately, the Windows maker … [Read more...] about Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit

Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware

Oct 21, 2022 by iHash Leave a Comment

A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines. "The attacker intends to utilize a victim's resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency," Fortinet FortiGuard Labs … [Read more...] about Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware

« Previous Page

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54