Security researchers have been observing an increasing exploitation of regsvr32.exe, which is a Windows living-off-the-land binary, shortly known as LOLBin. Some of the analyzed malware samples belong to Qbot and Lokibot, according to Uptycs researchers. Threat Actors Abusing Regsvr32 What…
Currently, active campaigns against Android users are carrying FluBot and Medusa banking trojans. Both trojans are using the same distribution mechanism in a simultaneous attack campaign. The discovery comes from security researchers at ThreatFabric. Medusa and FluBot Trojans Working Together…
CVE-2022-24348 is a high-severity security vulnerability in Argo CD that could enable threat actors to access a victim’s application-development environments, making it possible to harvest passwords, API keys, tokens, among other sensitive details. CVE-2022-24348 in Argo CD Needs Immediate Patching…
According to an alert released by CISA (U.S. Cybersecurity and Infrastructure Agency), federal agencies should immediately address CVE-2022-21882, a Win32k Elevation of Privilege vulnerability. CVE-2022-21882 Elevation of Privilege Windows Vulnerability The Windows flaw could be exploited by threat actors to…
Security researchers recently uncovered a malicious campaign using SEO poisoning to trick potential victims into downloading the BATLOADER malware. The attackers used created malicious sites packed with keywords of popular software products, and used search engine optimization poisoning to make…
Wormhole is the latest cryptocurrency platform to be hacked in a $322 million heist. Hackers successfully exploited a vulnerability in the platform and stole approximately $322 million worth of Ether. The attack occurred on February 2 and affected the Wormhole…
At least 23 new security vulnerabilities were discovered in various implementations of UEFI (Unified Extensible Firmware Interface) firmware implemented by multiple vendors, such as HP, Lenovo, Juniper Networks, and Fujitsu. The flaws are located in Insyde Software’s InsydeH2O UEFI firmware,…
Deadbolt ransomware recently compromised more than 3,600 QNAP network-attached storage (NAS) devices. As a result of the attack, all data located on the devices has been encrypted by Deadbolt, which is a new strain of ransomware. Deadbolt Ransomware Hits QNAP…
CVE-2021-44142 Samba Flaw CVE-2021-44142 is one of several vulnerabilities detected in Samba versions before 4.13.17. The vulnerability is related to an out-of-bounds heap read/write issue in the VFS module. This module, known as vfs_fruit, provides compatibility with Apple SMB clients.…
Security researcher Ryan Pickren recently discovered and reported to Apple a set of macOS vulnerabilities that exposed Safari browser. 4 New Zero-Days Reported to Apple The researcher’s hack “successfully gained unauthorized camera access by exploiting a series of issues with…
A new malicious campaign targeting Android users via a trojan app has been detected in the wild. The payload of the campaign is the Vultur trojan that harvests banking credentials, among other malicious activities. The culprit, a malicious two-factor authentication…
Apple recently released new versions of its operating systems – iOS 15.3 and macOS Monterey 12.2, which contained a number of fixes, including two zero-days. CVE-2022-22587 The first zero-day is related to memory corruption, and could allow a malicious app…
CVE-2021-4034 PolKit Vulnerability CVE-2021-4034 is a new vulnerability detected in PolKit, a component for controlling system-wide privileges in Unix-like operating systems. The vulnerability was discovered in Polkit’s pkexec, a SUID-root program installed by default on every major Linux distribution. The…
Cybersecurity researchers detected a previously unknown macOS malware, codenamed DazzleSpy by ESET and MACMA by Google. The attack itself is based on a WebKit exploit used to compromise Mac users. The payload appears to be a new malware family, specifically…
BRATA is the name of an Android banking trojan that security researchers have been observing for a while. In a new report compiled by cybersecurity firm Cleafy, new information about the banker has been revealed. Threat actors have been using…
Two vulnerabilities were discovered in Control Web Panel (CWP) – a widely-used web hosting management platform utilized by more than 200,000 servers. The flaws could allow code execution as root on Linux servers, and were discovered by Octagon Network researcher…
Security researchers discovered a new malware packer and loader. Dubbed DTPacker, the payload decoding uses a fixed password that contains former U.S. president Donald Trump’s name, according to Proofpoint. A notable element of the attacks associated with DTPacker is that…
A new high severity vulnerability in the Rust programming language has been reported. The flaw could be exploited to purge files and directories from an exposed system without the need of authorization. “The Rust Security Response WG was notified that…
Security researchers recently spotted a new modular stealer written in .NET and capable of exfiltrating cryptocurrency wallets, including Atomic, Exodus, Ethereum, Jazz, Bitcoin, and Litecoin wallets. The malicious campaign, targeting Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South…
There’s a new ransomware family spotted in the wild. Called White Rabbit, the ransomware was noticed by Trend Micro researchers in silent attacks against a US bank in December 2021. It appears that the threat uses a page from the…
