exploit

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

Jul 20, 2024 by iHash Leave a Comment

Jul 20, 2024NewsroomMalware / IT Outage Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix. The attack chains involve … [Read more...] about Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

Apr 6, 2024 by iHash Leave a Comment

Apr 06, 2024NewsroomSkimmer / Threat Intelligence Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code … [Read more...] about Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

Jan 11, 2024 by iHash Leave a Comment

Jan 11, 2024NewsroomVulnerability / Cyber Attack Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe … [Read more...] about New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

Jan 3, 2024 by iHash Leave a Comment

Jan 03, 2024NewsroomMalware / Data Theft Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and cookie generation, enabling threat … [Read more...] about Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.

Nov 29, 2023 by iHash Leave a Comment

Nov 29, 2023NewsroomCyber Attack / Hacking The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that it's responding to a cyber attack that involved the active exploitation of Unitronics programmable logic controllers (PLCs) to target the Municipal Water Authority of Aliquippa in western Pennsylvania. The attack has been attributed to an Iranian-backed … [Read more...] about Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.

What is a zero-click exploit?

Nov 16, 2023 by iHash Leave a Comment

Some people believe that if you don’t click on dangerous links, open suspicious files, or install programs from untrusted sources, you don’t have to worry about malware infections. Unfortunately, this isn’t entirely true. There are so-called zero-click exploits that don’t require any actions of the targeted user. Creating zero-click exploits requires both serious expertise and … [Read more...] about What is a zero-click exploit?

PoC Exploit Released for Critical VMware Aria’s SSH Auth Bypass Vulnerability

Sep 3, 2023 by iHash Leave a Comment

Sep 03, 2023THNNetwork Security / Vulnerability Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication … [Read more...] about PoC Exploit Released for Critical VMware Aria’s SSH Auth Bypass Vulnerability

Falcon Complete: Zero-Day Exploit Case Study

Aug 22, 2023 by iHash Leave a Comment

CrowdStrike Counter Adversary Operations is committed to analyzing active exploitation campaigns and detecting and blocking zero-days to protect our customers. In July 2023, the CrowdStrike Falcon® Complete managed detection and response (MDR) team discovered an unknown exploit kit leveraging a still-unknown vulnerability affecting the Windows Error Reporting (WER) component. … [Read more...] about Falcon Complete: Zero-Day Exploit Case Study

Data Exfiltration for MOVEit Transfer Exploit

Jun 19, 2023 by iHash Leave a Comment

Summary Points Organizations around the globe continue to experience the fallout of the MOVEit Transfer exploit CVE-2023-34362 CrowdStrike incident responders have identified evidence of mass file exfiltration from the MOVEit application, as a result of the webshell activity on compromised MOVEit systems Data exfiltration activity can be identified by analyzing the MOVEit … [Read more...] about Data Exfiltration for MOVEit Transfer Exploit

Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

Apr 12, 2023 by iHash Leave a Comment

Apr 12, 2023Ravie LakshmananPatch Tuesday / Software Updates It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. … [Read more...] about Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

« Previous Page

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54