Emerging Threats

KCodes NetUSB kernel Vulnerability Exposed Millions of Routers

KCodes NetUSB kernel Vulnerability Exposed Millions of Routers

Cybersecurity researchers have detailed a high severity vulnerability in KCodes NetUSB allowing remote code execution that has impacted millions of router devices.  On Tuesday, SentinelOne published an analysis of the bug, tracked as CVE-2021-45388 and deemed critical by the research team. KCodes NetUSB is a Linux kernel module that enables devices on a local network …

KCodes NetUSB kernel Vulnerability Exposed Millions of Routers Read More »

Zimbra flaw lets attackers access the mail servers

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails of all employees. Zimbra, an open-source webmail platform used by more than 200,000 enterprises, contained a pair of vulnerabilities that, if combined, allowed unauthenticated attackers to gain control of Zimbra servers. …

Zimbra flaw lets attackers access the mail servers Read More »

Researchers bypass Windows Hello Biometrics Safeguards

Researchers bypass Windows Hello Biometrics Safeguards

Researchers have shown that it is possible to spoof and get through the Windows Hello facial recognition system used for passwordless logins on personal computers. A vulnerability in Microsoft’s Windows 10 password-free authentication system has been uncovered that could allow an attacker to spoof an image of a person’s face to trick the facial recognition …

Researchers bypass Windows Hello Biometrics Safeguards Read More »

Attackers abusing website's contact form to deliver malware

Attackers abusing website’s contact form to deliver malware

Microsoft is warning businesses to beware of cybercriminals using company website contact forms to deliver the IcedID info-stealing banking trojan in email with Google URLs to employees. “The emails instruct recipients to click a link to review supposed evidence behind their allegations, but are instead led to the download of IcedID, an info-stealing malware,” the company’s threat …

Attackers abusing website’s contact form to deliver malware Read More »

Microsoft releases tool for Exchange Server hacks

Microsoft releases tool for Exchange Server hacks

Microsoft has released a one-click mitigation tool as a stop-gap for IT admins who still need to apply security patches to protect their Exchange servers. This month, Microsoft disclosed that four zero-day vulnerabilities were being actively used in attacks against Microsoft Exchange. These vulnerabilities are collectively known as ProxyLogon and are being used by threat …

Microsoft releases tool for Exchange Server hacks Read More »

DNSpooq allows attackers to poison DNS cache records

DNSpooq allows attackers to poison DNS cache records

Network administrators have requested that they use the latest Dnsmasq updates to prevent new DNSpooq attacks. Security experts today revealed details about seven vulnerabilities affecting the most popular DNS software package in networking equipment, such as routers and access points. Weaknesses followed as DNSpooq, impact on Dnsmasq, DNS transfer client for NIX applications. Dnsmasq is …

DNSpooq allows attackers to poison DNS cache records Read More »

Hackers demand ransom after a cyber attack on the laboratory in Antwerp

Hackers demand ransom after a cyber attack on the laboratory in Antwerp

Hoboken’s medical laboratory, Het Algemeen Medisch Laboratorium (AML), was the victim of a cyber attack on Monday. The hackers blocked all the computers in the laboratory and demanded a ” ransom ” to free the network, Het Gazet van Antwerpen reported on Tuesday. The laboratory performs around 3,000 corona tests per day, which represents around 5% of …

Hackers demand ransom after a cyber attack on the laboratory in Antwerp Read More »

Multi-platform card skimmer found on BigCommerce, Shopify stores

Multi-platform card skimmer found on BigCommerce, Shopify stores

While generally designed to target one kind of e-commerce platform, this new kind of net metering malware may assume the checkout procedure on stores utilizing multiple online shop management methods by injecting a malicious voucher page. Displays errors as a diversion This brand new skimmer (also called a Magecart script) may additionally abuse hosted e-commerce …

Multi-platform card skimmer found on BigCommerce, Shopify stores Read More »

New ModPipe malware Aims hospitality, Resort point of sale systems

New ModPipe malware Aims hospitality, Resort point of sale systems

The backdoor was made to goal PoS devices actively employed by tens of thousands of resorts and restaurants. A brand new Point-of-Sale (PoS) malware is targeting apparatus utilized by”hundreds of thousands” of associations in the hospitality industry, scientists have warned. Dubbed ModPipe, the malware is managed to harvest sensitive data in PoS devices running Oracle …

New ModPipe malware Aims hospitality, Resort point of sale systems Read More »

Nine cyber Offenders arrested in a police raid

Nine cyber Offenders arrested in a police raid

Throughout the constant action being taken by the authorities to preventing cybercrime, the authorities obtained a major success last night. Police Captain Ashwini Kumar Sinha obtained a police team headed by trainee IPS Kapil Chaudhary, cyber police station in-charge Kalim Ansari, Puni Sangeeta Kumari based on confidential data obtained and conducted independent raids from Mohanpur, …

Nine cyber Offenders arrested in a police raid Read More »