The popular VPNLab.net used by malicious actors to deploy ransomware has been taken offline following a coordinated law enforcement operation. Europol stated that it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 thus rendering it inoperable as part of a disruptive action that took place […]
Europol Shuts Down VPNLab Popularly Used By Cybercriminals Read More »
Three WordPress plugins have been discovered to be affected with a security shortcoming which gives a malicious actor the opportunity to take over vulnerable websites. An attacker could update arbitrary site options on a vulnerable site, provided they could trick a site administrator into clicking a link or doing a thing. Tracked as CVE-2022-0215, the
Researchers Discover 3 WordPress Plugins Leaving 84,000 Websites Vulnerable To Attack Read More »
Security flaws have been uncovered in a networking component in Garrett Metal Detectors which could allow remote attackers bypass authentication requirements, tamper with metal detector configurations and even execute arbitrary code on the devices. Cisco Talos noted in a disclosure publicized that “An attacker could manipulate this module to remotely monitor statistics on the metal
Garrett Walk-Through Metal Detector Vulnerability Discovered Read More »
Aquatic Panda a China-based targeted intrusion has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Crowdstrike a cybersecurity firm stated that the infiltration which was foiled was aimed at an unnamed “large academic institution”. The
Chinese Hackers Target Academic Institution Using Log4Shell Exploit Read More »
A new malware called PseudoManyscrypt has been observed attacking industrial and government organizations including enterprises in the military-industrial complex and research laboratories. The name is derived from its similarities to the Manuscrypt malware which is part of trhe Lazarus APT groups attack toolset and the series of intrusion was first detected in June 2021. It
New PseudoManuscrypt Malware Currently Infecting Computers Read More »
Facebook now Meta has announced plans to expand its bug bounty program to start rewarding valid reports of scraping vulnerabilities across its platforms as well as include reports of scraping data sets that are available online. “We know that automated activity designed to scrape people’s public and private data targets every website or service,” said
Facebook to Reward Hackers for Reporting Data Scraping Bugs and Scraped Datasets. Read More »
Multiple security vulnerabilities have been addressed in the recent Microsoft Patch Tuesday updates. This updates deals with but not limited to actively exploited flaw that is being abused to deliver Emotet, TrickBot or Bazaloader malware payloads. This release fixes a total of 67 flaws bringing the total number of bugs patched by the company this
Microsoft Releases Windows Update to Patch Zero Day Used to Spread Emotet Malware Read More »
QNAP the Network-attached storage (NAS) appliance maker has released a new advisory warning of a cryptocurrency mining malware targeting devices. This is a bitcoin miner which target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named ‘[oom_reaper]’ could occupy around 50% of the total CPU usage,” the Taiwanese
Another Bitcoin Mining Malware Targets QNAP NAS Devices Read More »
Microsoft has announced the seizure of 42 domains used by Nickel a China-based cyber espionage group which has its sights on organizations in the U.S. and 28 other countries. Nickel has targeted organizations in both private and public sectors including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, Europe
Malicious Web Domain Used By Chinese Hackers Seized by Microsoft Read More »
A new form of malware hits E-commerce platforms in the U.S., Germany and France this malware is said to be targeting Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions. Sansec Threat Research team have stated in a recent report that “this novel code injects itself into a
Researchers Discover Payment Data Stealing Malware Hiding in Nginx Process Read More »
