Wednesday, February 19, 2025

Cyber Security News

Russian Hackers Target Signal Messenger Users to Steal Sensitive Data

0
Russian state-aligned threat actors have intensified their efforts to compromise Signal Messenger accounts, targeting individuals of strategic interest, according to the Google Threat Intelligence...
XLoader Malware

Hackers Exploit Jarsigner Tool to Deploy XLoader Malware

0
Security researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a new campaign leveraging the legitimate JAR signing tool, jarsigner.exe, to distribute the XLoader...
Payment Card Data

Hackers Converting Stolen Payment Card Data into Apple & Google Wallets

0
Cybercriminal groups, primarily based in China, are leveraging advanced phishing techniques and mobile wallet technologies to convert stolen payment card data into fraudulent Apple...
Snake Keylogger

Snake Keylogger Targets Chrome, Edge, and Firefox Users in New Attack Campaign

0
A new variant of the Snake Keylogger, also known as 404 Keylogger, has been detected targeting users of popular web browsers such as Google...
UxCryptor Ransomware

Russian CryptoBytes Hackers Target Windows Machines with UxCryptor Ransomware

0
The SonicWall Capture Labs threat research team has identified continued activity from the Russian cybercriminal group CryptoBytes, which has been active since at least...
PowerShell Scripts

North Korean Hackers Leverage Dropbox and PowerShell Scripts to Breach Organizations

0
A recent cyberattack campaign, dubbed "DEEP#DRIVE," has been attributed to the North Korean Advanced Persistent Threat (APT) group, Kimsuky.The operation, targeting South Korean...
BlackLock Ransomware

BlackLock Ransomware Targets Windows, VMware ESXi, & Linux Environments

0
BlackLock ransomware, first identified in March 2024, has rapidly ascended the ranks of the ransomware-as-a-service (RaaS) ecosystem, becoming the seventh most prolific group on...
SIEM as a Service

Recent News

Xerox Printer Vulnerability Exposes Authentication Data Via LDAP and SMB

0
A critical security vulnerability in Xerox’s Versalink C7025 Multifunction Printer (MFP) has been uncovered, exposing enterprise networks to credential theft and lateral attacks.The flaw,...

Black-Hat SEO Poisioning Attacks Exploit Indian Government and Financial Websites

0
A sophisticated black-hat SEO poisoning campaign has compromised over 150 Indian government websites and financial institutions, redirecting millions of users to fraudulent gambling platforms...

Chrome Buffer Overflow Flaws Let Hackers Execute Arbitrary Code & Gain System Access

0
Google has rolled out an urgent security update for its Chrome browser, patching three vulnerabilities—including two critical heap buffer overflow flaws—that could enable attackers...

IDOR Vulnerability in ExHub Allows Attackers to Alter Hosting Configurations

0
A security researcher recently uncovered a high-risk Insecure Direct Object Reference (IDOR) vulnerability in ExHub, a cloud hosting and collaboration platform used by over...
Microsoft Graph API

New Malware Abuses Microsoft Graph API to Communicate via Outlook

0
A newly discovered malware, named FINALDRAFT, has been identified leveraging Microsoft Outlook as a command-and-control (C2) communication channel through the Microsoft Graph API.This...
Microsoft Key Management Service (KMS)

Russian Hackers Leverages Weaponized Microsoft Key Management Service (KMS) to Hack Windows Systems

0
In a calculated cyber-espionage campaign, the Russian state-sponsored hacking group Sandworm (APT44), linked to the GRU (Russia’s Main Intelligence Directorate), has been exploiting pirated...

90,000 WordPress Sites Exposed to Local File Inclusion Attacks

0
A critical vulnerability (CVE-2025-0366) in the Jupiter X Core WordPress plugin, actively installed on over 90,000 websites, was disclosed on January 6, 2025.The flaw...

Fake BSOD Attack Launched via Malicious Python Script

0
A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick to mimic a fake Blue Screen of Death (BSOD).The script,...
XCSSET Malware

New XCSSET Malware Targets macOS Users Through Infected Xcode Projects

0
Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking its first update since 2022.This sophisticated malware continues to...

How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities

What is Deep WebThe deep web, invisible web, or hidden web are parts of the World Wide Web whose contents are not indexed by...

How to Build and Run a Security Operations Center (SOC Guide) – 2023

Today’s Cyber security operations center (CSOC) should have everything it needs to mount a competent defense of the ever-changing information technology (IT) enterprise.This includes...

Network Penetration Testing Checklist – 2024

Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering open ports, troubleshooting live systems, and services, and grabbing system banners.The pen-testing helps...

Russian Hackers Bypass EDR to Deliver a Weaponized TeamViewer Component

TeamViewer's popularity and remote access capabilities make it an attractive target for those seeking to compromise systems for their gain.Threat actors target TeamViewer for...

Web Server Penetration Testing Checklist – 2024

Web server pentesting is performed under three significant categories: identity, analysis, and reporting vulnerabilities such as authentication weaknesses, configuration errors, and protocol relationship vulnerabilities. 1.  "Conduct a...

ATM Penetration Testing – Advanced Testing Methods to Find The Vulnerabilities

ATM Penetration testing, Hackers have found different approaches to hacking into ATM machines.Programmers are not restricting themselves to physical assaults, for example, money/card...

Operating Systems Can be Detected Using Ping Command

Operating Systems can be detected using Ping Command, Ping is a computer network administration software utility, used to find the Availability of a host...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code.Cloud computing is...

Web Application Penetration Testing Checklist – A Detailed Cheat Sheet

Web Application Pentesting is a method of identifying, analyzing, and Report the vulnerabilities which are existing in the Web application including buffer overflow, input...

Glossary