Cyber Security News
Pumakit – Sophisticated Linux Rootkit That Persist Even After Reboots
Pumakit is a sophisticated rootkit that leverages system call interception to manipulate file and network activity. It ensures persistence through kernel-level embedding that allows for continued operation after reboots. By...
Cyber Security News
Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration
wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By manipulating its capabilities, attackers can execute arbitrary commands, download malicious...
Cyber Attack
TWELVE Threat Attacks Windows To Encrypt Then Deleting Victims’ Data
The threat actor, formed in 2023, specializes in ransomware attacks targeting Russian government organizations. It encrypts and deletes victim data, exfiltrates sensitive information, and...
CVE/vulnerability
ToddyCat APT Abuses SMB, Exploits IKEEXT A Exchange RCE To Deploy ICMP Backdoor
ToddyCat is an APT group that has been active since December 2020, and primarily it targets the government and military entities in Europe and...
CVE/vulnerability
PKfail, Critical Firmware Supply-Chain Issue Let Attackers Bypass Secure Boot
Hackers often attack secure boot during the boot process to execute unauthorized code, which gives them the ability to bypass a system's security measures.By...
Cyber Security News
HardBit Ransomware Using Passphrase Protection To Evade Detection
In 2022, HardBit Ransomware emerged as version 4.0. Unlike typical ransomware groups, this ransomware doesn't use leak sites or double extortion.Their tactics include data...
CVE/vulnerability
Chinese APT40 Is Ready To Exploit New Vulnerabilities Within Hours Of Release
Multiple international cybersecurity agencies jointly warn of a PRC state-sponsored cyber group, linked to the Ministry of State Security and known by various names...
AWS
Hackers Attacking Vaults, Buckets, And Secrets To Steal Data
Hackers target vaults, buckets, and secrets to access some of the most classified and valuable information, including API keys, logins, and other useful data...
CVE/vulnerability
SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files
SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a threat actor to read sensitive files on the host machine.This...
Cyber Attack
Cyber Attack Defenders Up For Battle: Huge Uptick In Timely Detections
Attackers are employing evasion techniques to bypass detection and extend dwell time on compromised systems. This is achieved by targeting unmonitored devices, leveraging legitimate...
CVE/vulnerability
Windows MagicDot Path Flaw Lets Attackers Gain Rootkit-Like Abilities
A new vulnerability has been unearthed, allowing attackers to gain rootkit-like abilities on Windows systems without requiring administrative privileges.Dubbed "MagicDot," this vulnerability exploits the...