software vulnerability

China-Linked Hackers Target Myanmar’s Top Ministries with Backdoor Blitz

Jan 30, 2024 by iHash Leave a Comment

Jan 30, 2024NewsroomMalware / Cyber Espionage The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans. The findings come from CSIRT-CTI, which said the activities took place in November 2023 and January 2024 after … [Read more...] about China-Linked Hackers Target Myanmar’s Top Ministries with Backdoor Blitz

Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords

Jan 29, 2024 by iHash Leave a Comment

Jan 29, 2024NewsroomVulnerability / NTML Security A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file. The issue, tracked as CVE-2023-35636 (CVSS score: 6.5), was addressed by the tech giant as part of its Patch Tuesday updates for December 2023. "In an … [Read more...] about Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

Jan 27, 2024 by iHash Leave a Comment

Jan 27, 2024NewsroomMalware / Software Update Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin American-based financially motivated threat actor. The campaign … [Read more...] about AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

Perfecting the Defense-in-Depth Strategy with Automation

Jan 26, 2024 by iHash Leave a Comment

Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart — a multi-layered approach with strategic redundancy and a blend of passive … [Read more...] about Perfecting the Defense-in-Depth Strategy with Automation

Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

Jan 26, 2024 by iHash Leave a Comment

Jan 26, 2024NewsroomMalvertising / Phishing-as-a-service Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote … [Read more...] about Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

SystemBC Malware’s C2 Server Analysis Exposes Payload Delivery Tricks

Jan 25, 2024 by iHash Leave a Comment

Jan 25, 2024NewsroomRemote Access Trojan Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC. "SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP," Kroll said in an … [Read more...] about SystemBC Malware’s C2 Server Analysis Exposes Payload Delivery Tricks

Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters

Jan 24, 2024 by iHash Leave a Comment

Jan 24, 2024NewsroomCloud Security / Kubernetes Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters … [Read more...] about Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters

VexTrio: The Uber of Cybercrime

Jan 23, 2024 by iHash Leave a Comment

The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio as part of a massive "criminal affiliate program," new findings from Infoblox reveal. The latest development demonstrates the "breadth of their activities and depth of their connections within the cybercrime industry," the company said, … [Read more...] about VexTrio: The Uber of Cybercrime

NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers

Jan 22, 2024 by iHash Leave a Comment

Jan 22, 2024NewsroomBrowser Security / Cyber Threat Cybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts. The malware, named NS-STEALER, is propagated via ZIP archives masquerading as cracked software, Trellix security researcher Gurumoorthi Ramanathan said in … [Read more...] about NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

Jan 20, 2024 by iHash Leave a Comment

Jan 20, 2024NewsroomZero Day / Cyber Espionage An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. "UNC3886 has a track record of utilizing zero-day vulnerabilities to complete … [Read more...] about Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

« Previous Page

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54