Yesterday we reported the emergence of a new zero-day affecting Microsoft Office and other Microsoft products, dubbed Follina by researcher Kevin Beaumont. The issue exists in all currently supported Windows versions, and can be leveraged via Microsoft Office versions 2013…
Follina, now known as CVE-2022-30190 (mitigation is also available), is the name of a new zero-day in Microsoft Office that could be leveraged in arbitrary code execution attacks. The vulnerability was unearthed by the nao_sec research team, following the discovery…
A new distributed denial-of-service botnet has been detected in the wild. Update. According to a new research released by AT&T, EnemyBot is now quickly adopting “one-day vulnerabilities as part of its exploitation capabilities.” Services such as VMware Workspace ONE, Adobe…
Security researchers from cybersecurity firm Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software (OAS) Platform. Vulnerabilities in the Open Automation Software Platform (CVE-2022-26082) The vulnerabilities could be used in various attacks, including denial-of-service caused by improper authentication.…
A new research sheds light on a severe vulnerability that affects Quanta Cloud Technology servers. The vulnerability, known as Pantsdown and CVE-2019-6260, could cause malicious code execution attacks. According to Eclypsium researchers, the flaw was discovered in 2019, affecting multiple…
Beware a persistent and widespread browser hijacker capable of modifying browser settings and redirecting user traffic to advertisement sites. Security researchers are warning about an increase of ChromeLoader campaigns. The threat was first observed in early February, but is now…
Security researchers discovered a new ransomware family that targets Linux systems. Called Cheerscrypt, the ransomware targets VMware ESXi servers. It is noteworthy that last year two vulnerabilities in the VMWare ESXi product were included in the attacks of at least…
![Malicious Python Package [pymafka] Drops Cobalt Strike on macOS, Windows and Linux](https://cdn.sensorstechforum.com/wp-content/uploads/2022/03/advanced-persistent-threat-malware-backdoor-sensorstechforum-1024x585.jpg "Malicious Python Package [pymafka] Drops Cobalt Strike on macOS, Windows and Linux")
Security researchers detected a “mysterious” malicious Python package that downloads the Cobalt Strike malware on Windows, Linux, and macOS systems. Called “pymafka,” the package masquerades as the legitimate popular library PyKafka, a programmer-friendly Kafka client for Python. According to Sonatype…
Mozilla released a new version of its Firefox browser (100.0.2) fixing a set of two critical security vulnerabilities. The patches make this minor update quite significant in importance. Affected versions include Firefox, Firefox ESR, Firefox for Android, and Thunderbird (Firefox…
CVE-2021-22573 is a vulnerability in Google’s OAuth client for Java, with a severity score of 8.7 out of 10 on the CVSS scale. What Causes the CVE-2021-22573 Vulnerability? The vulnerability stems from the fact that “IDToken verifier does not verify…
UpdateAgent is a malware dropper with a well-built infrastructure targeting macOS systems, and it seems that it has been updated once again. According to Jamf Threat Labs, changes were implemented to the dropper, primarily focused on new executables written in…
macOS is generally believed to be bulletproof against malware attacks. Unfortunately, statistics reveal a different picture where Apple’s operating system is often found vulnerable. For instance, in 2017 security researchers detected an increase of 28.83 percent of total reported security…
A new report sheds some light on an extensive fake Android app campaign that distributes the Facestealer spyware. New Campaign of Fake Android Apps Delivers Facestealer Spyware First documented in July 2021, the malware is designed to steal logins and…
A zero-day vulnerability in Macs and Apple watches has been fixed. The vulnerability, assigned the CVE-2022-22675 number, could have been exploited in the wild, Apple said. The flaw was most probably used in targeted attacks. However, applying the update immediately…
Eternity Project is the name of a malware toolkit which is currently in active development and is being sold as malware-as-a-service. Researchers are still unaware of the threat actor selling the malware that enables amateur hackers to get hold of…
Security researchers have identified a malicious campaign against WordPress sites. The campaign uses known vulnerabilities in WordPress themes and plugins, and has affected thousands of websites. Malicious Campaign Compromises WordPress Sites: the Details According to data shared by PublicWWW, at…
HP has fixed two high-severity BIOS vulnerabilities in many of its PC and notebook products. The vulnerabilities, tracked as CVE-2021-3808 and CVE-2021-3809, could allow threat actors to run code with kernel privileges. This type of attack can be described as…
Security researchers say that the notorious ransomware REvil, also known as Sodinokibi, has returned after laying low for six months. The Return of REvil/Sodinokibi Ransowmare Gang According to Secureworks Counter Threat Unit (CTU) researchers, analysis of some recently uploaded to…
CVE-2022-29972 is a security vulnerability in Azure Synapse and Azure Data Factory pipelines that could let threat actors execute remote commands in the Integration Runtime Infrastructure (IR). Microsoft explains that the IR is a compute infrastructure utilized by Azure Data…
CVE-2022-1388 is a critical remote code execution vulnerability that affects F5 BIG-IP multi-purpose networking devices and modules. There are now warnings about in-the-wild exploit attempts weaponizing the vulnerability, in addition to an available PoC (proof of concept) developed by security…
