Saturday, February 15, 2025

Cyber Security News

Fake BSOD Attack Launched via Malicious Python Script

0
A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick to mimic a fake Blue Screen of Death (BSOD).The script,...
SocGholish Malware

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

0
A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using compromised websites to deliver malicious ZIP files disguised as legitimate...
Lazarus Group

Lazarus Group Targets Developers Worldwide with New Malware Tactic

0
North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign targeting software developers and cryptocurrency users.Dubbed Operation Marstech Mayhem,...
IT Workers

North Korean IT Workers Penetrate Global Firms to Install System Backdoors

0
In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global companies, posing as remote workers to introduce system backdoors and...
REF7707 Hackers

REF7707 Hackers Target Windows & Linux Systems with FINALDRAFT Malware

0
Elastic Security Labs has uncovered a sophisticated cyber-espionage campaign, tracked as REF7707, targeting entities across South America and Southeast Asia.Central to this operation...

NVIDIA Container Toolkit Vulnerable to Code Execution Attacks

0
NVIDIA has issued a critical security update to address a high-severity vulnerability discovered in the NVIDIA® Container Toolkit for Linux.The flaw, tracked as CVE-2025-23359, could...
Astaroth 2FA

Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins

0
A new phishing kit named Astaroth has emerged as a significant threat in the cybersecurity landscape by bypassing two-factor authentication (2FA) mechanisms.First advertised on...
SIEM as a Service

Recent News

Fake BSOD Attack Launched via Malicious Python Script

0
A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick to mimic a fake Blue Screen of Death (BSOD).The script,...

12,000+ KerioControl Firewalls Exposed to 1-Click RCE Attack

0
Cybersecurity researchers caution that over 12,000 instances of GFI KerioControl firewalls remain unpatched and vulnerable to a critical security flaw (CVE-2024-52875) that could be...

Windows 11 Compression Features Pose libarchive Security Threats

0
Microsoft's ongoing efforts to enhance user experience in Windows 11 have introduced native support for a variety of new archive formats via the KB5031455...

Massive Brute Force Attack Launched With 2.8 Million IPs To Hack VPN & Firewall...

0
Massive brute force attacks targeting VPNs and firewalls have surged in recent weeks, with cybercriminals using as many as 2.8 million unique IP addresses...

AMD Ryzen Flaw Enables Code Execution Through DLL Hijacking

0
A security vulnerability has been identified in the AMD Ryzenâ„¢ Master Utility, a performance-tuning tool for AMD Ryzenâ„¢ processors.This flaw, discovered by a security researcher, allows for privilege escalation and arbitrary...
SonicWall Firewalls

SonicWall Firewalls Exploit Hijack SSL VPN Sessions to Gain Networks Access

0
SonicWall firewalls running specific versions of SonicOS are vulnerable to a critical authentication bypass flaw, tracked as CVE-2024-53704, which allows attackers to hijack active...

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

0
United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all encrypted content stored in its iCloud service.The demand, issued...
I2P Network

Ratatouille Malware Bypass UAC Control & Exploits I2P Network to Launch Cyber Attacks

0
A newly discovered malware, dubbed "Ratatouille" (or I2PRAT), is raising alarms in the cybersecurity community due to its sophisticated methods of bypassing User Account...
Application Layer

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

0
A recent analysis of over one million malware samples by Picus Security has revealed a growing trend in the exploitation of application layer protocols...

How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities

What is Deep WebThe deep web, invisible web, or hidden web are parts of the World Wide Web whose contents are not indexed by...

How to Build and Run a Security Operations Center (SOC Guide) – 2023

Today’s Cyber security operations center (CSOC) should have everything it needs to mount a competent defense of the ever-changing information technology (IT) enterprise.This includes...

Network Penetration Testing Checklist – 2024

Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering open ports, troubleshooting live systems, and services, and grabbing system banners.The pen-testing helps...

Russian Hackers Bypass EDR to Deliver a Weaponized TeamViewer Component

TeamViewer's popularity and remote access capabilities make it an attractive target for those seeking to compromise systems for their gain.Threat actors target TeamViewer for...

Web Server Penetration Testing Checklist – 2024

Web server pentesting is performed under three significant categories: identity, analysis, and reporting vulnerabilities such as authentication weaknesses, configuration errors, and protocol relationship vulnerabilities. 1.  "Conduct a...

ATM Penetration Testing – Advanced Testing Methods to Find The Vulnerabilities

ATM Penetration testing, Hackers have found different approaches to hacking into ATM machines.Programmers are not restricting themselves to physical assaults, for example, money/card...

Operating Systems Can be Detected Using Ping Command

Operating Systems can be detected using Ping Command, Ping is a computer network administration software utility, used to find the Availability of a host...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code.Cloud computing is...

Web Application Penetration Testing Checklist – A Detailed Cheat Sheet

Web Application Pentesting is a method of identifying, analyzing, and Report the vulnerabilities which are existing in the Web application including buffer overflow, input...

Glossary