KCodes NetUSB kernel Vulnerability Exposed Millions of Routers

KCodes NetUSB kernel Vulnerability Exposed Millions of Routers

Emerging Threats / By / January 11, 2022

Cybersecurity researchers have detailed a high severity vulnerability in KCodes NetUSB allowing remote code execution that has impacted millions of router devices.  On Tuesday, SentinelOne published an analysis of the bug, tracked as CVE-2021-45388 and deemed critical by the research team. KCodes NetUSB is a Linux kernel module that enables devices on a local network …

KCodes NetUSB kernel Vulnerability Exposed Millions of Routers Read More »

Security Researchers Find Bugs in URL Libraries Allow DoS, RCE, Spoofing & Many More

Security Researchers Find Bugs in URL Libraries Allow DoS, RCE, Spoofing & Many More

Malware and Vulnerabilities / By / January 11, 2022

Researchers discovered URL-parsing bugs that could impact several web apps. The cybersecurity experts noticed some vulnerabilities borne out of inconsistencies from the affected libraries. Eight different security vulnerabilities arising from inconsistencies among 16 different URL parsing libraries could allow denial-of-service (DoS) conditions, information leaks, and remote code execution (RCE) in various web applications, researchers are …

Security Researchers Find Bugs in URL Libraries Allow DoS, RCE, Spoofing & Many More Read More »

Researchers Find Abcbot Botnet Linked With the Xanthe Cryptomining malware

Researchers Find Abcbot Botnet Linked With the Xanthe Cryptomining malware

Trends, Reports, Analysis / By / January 10, 2022

Researchers at Cado security claim that the Abcbot botnet and Xanthe-based cryptojacking campaign have the same operator. New research into the infrastructure behind an emerging DDoS botnet named Abcbot has uncovered links with a cryptocurrency-mining botnet attack that came to light in December 2020. Researchers noted that Xanthe and Abcbot code samples are similar in …

Researchers Find Abcbot Botnet Linked With the Xanthe Cryptomining malware Read More »

NY AG notifies 17 companies of breaches, exposed 1.1M accounts

NY AG notifies 17 companies of breaches, exposed 1.1M accounts

Breaches and Incidents / By / January 6, 2022

Seventeen companies have been informed of cyberattacks that compromised user information by New York Attorney General Letitia James following an investigation into credential stuffing. More than 1 million customer accounts were compromised due to the attacks, which James said were previously undetected.  There have been more than 1.1 million online accounts compromised in a series of credential-stuffing …

NY AG notifies 17 companies of breaches, exposed 1.1M accounts Read More »

Hackers Exploiting Microsoft signature verification to drop Zloader Malware

Hackers Exploiting Microsoft signature verification to drop Zloader Malware

Computer, Internet Security / By / January 5, 2022

The Malsmoke hacking group is now abusing a vulnerability in Microsoft’s e-signature verification tool to deploy malware and steal user data. An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and a nine-year-old flaw concerning Microsoft’s digital signature verification to siphon user credentials and sensitive information. Zloader (aka Terdot and DELoader) is …

Hackers Exploiting Microsoft signature verification to drop Zloader Malware Read More »

Uber Ignores Security Flaw that Anyone Send Emails From Uber.com Domain

Uber Ignores Security Flaw that Anyone Send Emails From Uber.com Domain

Malware and Vulnerabilities / By / January 4, 2022

A significant security Flaw in Uber‘s email system that anyone can currently send an email from the Uber.com domain. No, Uber has not intentionally done so. It is, however, choosing to ignore the problem at the moment. These emails, which cannot be sent from Uber’s servers, seem legitimate to any email provider (because they technically are) …

Uber Ignores Security Flaw that Anyone Send Emails From Uber.com Domain Read More »

Shutterfly Suffers Conti Ransomware Attack

Shutterfly Suffers Conti Ransomware Attack

Breaches and Incidents / By / December 28, 2021

Photography company Shutterfly announced that it has been suffered from a ransomware attack that had impacted some services. In a statement, the company said portions of the Lifetouch and BorrowLenses business were affected. They experienced interruptions with Groovebook, manufacturing offices, and some corporate systems as well. “We engaged third-party cybersecurity experts, informed law enforcement, and …

Shutterfly Suffers Conti Ransomware Attack Read More »

Panasonic Suffers Data Breach After attackers access internal network

Panasonic Suffers Data Breach After attackers access internal network

Breaches and Incidents / By / November 30, 2021

Tech manufacturing giant Panasonic has confirmed that its network was accessed illegally this month during a cyberattack. Panasonic has disclosed a security breach wherein an unauthorized third party broke into its network and potentially accessed data from one of its file servers. The Japanese consumer electronics giant acknowledged the breach in a brief statement on Friday (November …

Panasonic Suffers Data Breach After attackers access internal network Read More »

Endpoint-Security

Unified endpoint management automation software to boost endpoint security

Computer, Internet Security / By / October 6, 2021

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process of protecting your endpoints, be it inside or outside the corporate network. This thwarts any deliberate exploitation via cyberattacks. You can easily protect your endpoints by employing endpoint security software, patching devices regularly, implementing proper security …

Unified endpoint management automation software to boost endpoint security Read More »

Attackers Using Morse Code in phishing campaign to Evade Detection

Attackers Using Morse Code in phishing campaign to Evade Detection

Threat Actors / By / August 13, 2021

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign. Microsoft also revealed the workings of a phishing attack group’s techniques that use a ‘jigsaw puzzle’ technique plus unusual features like Morse code dashes and dots to hide its attacks. In This Social-engineering campaign wherein the …

Attackers Using Morse Code in phishing campaign to Evade Detection Read More »