September 2022

Hackers Using PowerPoint Mouseover Trick to Infect System with Malware

Leave a Comment / Cyber Attacks /

A new code execution technique has been discovered to be used by the state-sponsored threat actor APT28 from Russia to spread malware. This technique takes use of mouse movement in phoney Microsoft PowerPoint slides. According to cybersecurity company Cluster25, the method “is meant to be activated when the user starts the presentation mode and moves […]

Hackers Using PowerPoint Mouseover Trick to Infect System with Malware Read More »

Critical WhatsApp Bugs Might Have Allowed Hackers Take Over Devices Remotely

Leave a Comment / Vulnerabilities /

Two vulnerabilities in WhatsApp’s messaging software for Android and iOS that might allow remote code execution on weak devices have been fixed with security updates. One of these involves WhatsApp’s serious integer overflow vulnerability CVE-2022-36934 (CVSS score: 9.8), which allows arbitrary code to be executed only by starting a video conversation. Prior to version 2.22.16.12,

Critical WhatsApp Bugs Might Have Allowed Hackers Take Over Devices Remotely Read More »

17-Year-Old Hacker Arrested in London On Suspicions of Uber and GTA 6 Attack

Leave a Comment / Reviews /

On Friday, the City of London Police announced that a 17-year-old Oxfordshire kid had been detained on suspicion of hacking. The City of London Police detained a 17-year-old in Oxfordshire on the evening of September 22, 2022, according to the report, which added that “he is still in police custody.” According to the department, the

17-Year-Old Hacker Arrested in London On Suspicions of Uber and GTA 6 Attack Read More »

Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident

Leave a Comment / Cyber Attacks /

Hackers have taken digital assets worth over $160 million from cryptocurrency trading company Wintermute in the latest crypto crime to attack the decentralised finance (DeFi) sector. Unauthorized transfers of USD Coin, Binance USD, Tether USD, Wrapped ETH, and 66 other cryptocurrencies to the attacker’s wallet were part of the hack. The business claimed that the

Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident Read More »

Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability

Leave a Comment / Vulnerabilities /

WPGateway, a premium WordPress plugin, has a zero-day vulnerability that is already being aggressively abused in the wild, giving bad actors the capability to entirely take over vulnerable websites. According to WordPress security firm Wordfence, the vulnerability, identified as CVE-2022-3180 (CVSS score: 9.8), is being exploited to install a malicious administrator user to websites using

Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability Read More »

U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks

Leave a Comment / Cyber Attacks /

Wide-ranging penalties against ten people and two organizations supported by Iran’s Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020 were announced on Wednesday by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC). According to the FBI, some of the individuals’ online activities can be attributed

U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks Read More »

New Malware Targeting YouTube Gamers Uncovered

Leave a Comment / Cyber Attacks /

Links to harmful password-protected archive files intended to install the RedLine Stealer malware and crypto miners on infected devices are being sent to gamers searching for cheats on YouTube. In a new report released today, Kaspersky security researcher Oleg Kupreev stated that “the videos sell cheats and crackers and provide advice on hacking popular games

New Malware Targeting YouTube Gamers Uncovered Read More »

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security

Leave a Comment / Cyber Attacks /

The criminal underworld is promoting a new phishing-as-a-service (PhaaS) toolkit called EvilProxy as a way for threat actors to get beyond the two-factor authentication (2FA) safeguards put in place against internet services. In a report published on Monday, Resecurity researchers stated that “EvilProxy actors are exploiting reverse proxy and cookie injection methods to overcome 2FA

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security Read More »

Shopify Caught Using Weak Password Policy Involved in Password Breaches

Leave a Comment / Data Breach /

According to a recent revelation, the Shopify customer-facing section of its website has extremely lax password requirements. The article claims that Shopify requires its users to create passwords that are at least five characters long and do not contain a space at the start or end. One billion passwords that were known to have been

Shopify Caught Using Weak Password Policy Involved in Password Breaches Read More »

Samsung Acknowledges Data Breach that Leaked Information About Some US Customers

Leave a Comment / Cyber Attacks /

This is the second time this year that South Korean chaebol Samsung has disclosed a cybersecurity incident that led to the unlawful access of certain customer information. Samsung stated in a notice that “in late July 2022, an unauthorized third-party obtained information from several of Samsung’s U.S. networks.” We discovered through our continuing investigation that

Samsung Acknowledges Data Breach that Leaked Information About Some US Customers Read More »