VMware Exploited Attacks Target vRealize Flaw
VMware revised a two-week-old security advisory to alert customers that a now-patched serious vulnerability permitting remote code execution is being actively exploited in attacks. “VMware has confirmed that CVE-2023-20887 has been exploited in the wild,” the company said today. This notification comes after several warnings from cybersecurity firm GreyNoise, the first of which was given one […]
Protecting Your Website: Preventing Cuba Ransomware Attacks
Introduction In today’s digital landscape, protecting your website from cyber threats is important. Ransomware assaults, in particular, have emerged as a significant danger to enterprises worldwide. One such gang strain that has been wreaking havoc is the Cuba Gang. In this post, we will look into the complexities of Cuba Ransomware Group and its style […]
A Russian Cybercriminal Group Storm-0978 RomCom
Introduction: In the world of hacking, one group is well-known for doing bad things and getting a lot of attention for it. RomCom, also called Storm-0978, is a group of cybercriminals based in Russia that has become a major threat in the digital world. This piece will look at the inner workings of RomComs and […]
Exploit Zero-Day target NATO summit attacks
Zero-Day Target NATO Summit Microsoft disclosed today a zero-day security bug in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents In this article, we will discuss a critical security flaw that has recently been disclosed by Microsoft. This zero-day vulnerability, tracked as CVE-2023-36884, affects multiple […]
Siemens Energy confirms data breach after MOVEit data-theft attack
Siemens Energy, a Munich-based energy technology company, has confirmed that data was stolen in a recent cyberattack. The attack utilized the Clop ransomware and exploited a zero-day vulnerability in the MOVEit Transfer platform. Siemens Energy is a global company with a significant presence in the energy sector. It employs around 91,000 people and generates an […]
Major Vulnerability in Google’s Cloud SQL Service Exposes Sensitive Information
A newly discovered security hole in the Cloud SQL service on Google Cloud Platform (GCP) allows hackers to exploit and steal sensitive information. The vulnerability allowed a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container. According to the firm Dig, this allowed unauthorized access to internal […]
Attention Apple Users: Critical Security Alert! The 3 Zero-Day Vulnerabilities Uncovered
On Thursday, Apple released security updates across its various platforms, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari. These updates were aimed at addressing three newly discovered zero-day vulnerabilities that are currently being actively exploited by malicious actors. Let’s take a closer look at the three security flaws: CVE-2023-32409: This vulnerability resides in WebKit and […]
NPM Packages for Node.js Hiding Dangerous TurkoRat Malware
The security landscape continues to evolve, with threat actors constantly devising new methods to exploit vulnerabilities. In recent news, the npm package repository has fallen victim to two malicious packages that harbored an open source information stealer malware known as TurkoRat. These packages, named nodejs-encrypt-agent and nodejs-cookie-proxy-agent, were downloaded approximately 1,200 times before being identified […]
Effective Strategies to Minimize Vulnerabilities in the Manufacturing Attack Surface
Operational Technology (OT) environments with their Information Technology (IT) counterparts. This convergence has revolutionized the way machinery is connected to digital systems and data, resulting in a more efficient and streamlined manufacturing process. The introduction of computer systems dedicated to managing and monitoring industrial devices and machines has further facilitated this transformation, effectively bridging the […]
Android Cybercrime Syndicate Pre-Infected 8.9 Million: Unveiling a Global Threat
A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks. “The infection turns these devices into mobile proxies, tools for stealing and selling SMS messages, social media and online messaging accounts and monetization via advertisements and click fraud,” cybersecurity […]