November, 2021 - SLYTECH

Microsoft Windows OS Gets Affected by Unpatched Unauthorized File Read Vulnerability

Leave a Comment / Uncategorized, Vulnerabilities / Sly Uduosa

The Windows Security Vulnerability (CVE-2021-24084) which allows disclosure and Local Privilege Escalation (LPE) on vulnerable systems has received a follow up patch after the last patch failed to solve the problem. But as observed by Naceri in June 2021, not only could the patch be bypassed to achieve the same objective, the researcher this month […]

Microsoft Windows OS Gets Affected by Unpatched Unauthorized File Read Vulnerability Read More »

Hackers Attack Panasonic Leaving Possibilities Of A Large Data Breach

Leave a Comment / Data Breach / Sly Uduosa

Panasonic has disclosed a security breach wherein unauthorized third-party broke into its network and accessed data from its file servers. Panasonic in a short statement published on November 26 had stated that “As the result of an internal investigation, it was determined that some data on a file server had been accessed during the intrusion,”.

Hackers Attack Panasonic Leaving Possibilities Of A Large Data Breach Read More »

GoDaddy Suffers Massive Data Breach of 1 Million WordPress Customers Data

Leave a Comment / Data Breach / Sly Uduosa

GoDaddy on Monday suffered a data breach which resulted in the unauthorized access of data belonging to 1.2 million active and inactive customers which makes this the third security incident to happen since 2018. It stated in its filing to U.S. Securities and Exchange Commision (SEC) that a malicious third-party gained access to its Managed

GoDaddy Suffers Massive Data Breach of 1 Million WordPress Customers Data Read More »

Hackers Making Attempt At Exploiting New Windows Installer Zero-Day Vulnerability

Leave a Comment / Vulnerabilities / Sly Uduosa

Hackers are putting in efforts to exploit a recently disclosed privilege escalation vulnerability in order to execute arbitrary codes on fully-patched systems. Tracked as CVE-2021-42379 the elevation of privilege flaw affects Windows Installer software component and was originally resolved as part of Microsoft’s Patch Tuesday updates for November 2021. Researchers have indicated that it was

Hackers Making Attempt At Exploiting New Windows Installer Zero-Day Vulnerability Read More »

Credential Theft Campaign Linked To North Korean Hackers

Leave a Comment / Cyber Attacks / Sly Uduosa

Enterprise security firm Proofpoint has linked TA406, a North Korean threat actor to a wave of credential theft campaigns targeting research, education and government with two of the attacks aimed at distributing malware which could be used for intelligence gathering. TA406 also known as Kimsuky came into operations as early as 2012 emerging as one

Credential Theft Campaign Linked To North Korean Hackers Read More »

RedCurl The Corporate Espionage Hacker Group Returns

Leave a Comment / Cyber Attacks / Sly Uduosa

After a seven month hiatus, the Russian-speaking cyber-espionage group RedCurl returns. With their arrival on the scene, the group has targeted 4 companies including a large retail store in Russia as well as improving on its toolset in an attempt to thwart analysis and antivirus detection. The group became active in November 2018 with attacks

RedCurl The Corporate Espionage Hacker Group Returns Read More »

Conti Ransomware Group Secrets Exposed

Leave a Comment / Cyber Attacks / Sly Uduosa

The dark web payment portal operated by Conti the ransomware group has gone down in what appears to be a shift to a new infrastructure after details of inner working of the group was made public. According to MalwareHunterTeam, “while both the clearweb and Tor domains of the leak site of the Conti ransomware gang

Conti Ransomware Group Secrets Exposed Read More »

FBI Releases Alert on Currently Exploited FatPipe VPN Zero-Day Bug

Leave a Comment / Vulnerabilities / Sly Uduosa

The FBI has disclosed that a yet to be identified threat actor has been exploiting a previously known weakness in the FatPipe MPVPN networking devices at least since May 2021 using it to obtain initial foothold as well as maintain persistent access into the vulnerable networks. This allowed APT actors to gain unrestricted file upload

FBI Releases Alert on Currently Exploited FatPipe VPN Zero-Day Bug Read More »

Microsoft Discloses 6 Iranian Hacking Groups Turning to Ransomware

Leave a Comment / Cyber Attacks / Sly Uduosa

There has been an increase in the adoption of ransomware as a means of generating revenue for nation-state operators with affiliations with Iran. So far, six threat actors with the West Asian country have been discovered deploying ransomware to achieve their strategic objectives, researchers from Microsoft Threat Intelligence Center (MSTIC) revealed, adding that the ransomware

Microsoft Discloses 6 Iranian Hacking Groups Turning to Ransomware Read More »

Cybersecurity Agencies Release Warnings on Exploitation of Microsoft, Fortinet Flaws by Iranian Hackers

Leave a Comment / Vulnerabilities / Sly Uduosa

A joint advisory warning of active exploitation of Fortinet and Microsoft Exchange Proxyshell has been released by cybersecurity agencies from Australia, U.S and the U.K. Iranian state-sponsored actors are believed to be behind this attacks and are leveraging multiple Fortinets FortiOS vulnerabilities dating back to March 2021 as well as a a remote code execution

Cybersecurity Agencies Release Warnings on Exploitation of Microsoft, Fortinet Flaws by Iranian Hackers Read More »