'

News Alert: 1inch partners with Blockaid to enhance Web3 security through the 1inch Shield

Dubai, UAE, June 20, 2024, CyberNewsWire — 1inch, a leading DeFi aggregator that provides advanced security solutions to users across the entire space, has announced today the launch of the 1inch Shield. This solution, that is offering enhanced protection against a wide range of potential threats, was completed in partnership with Blockaid, a major provider of … Read more

Decipher Podcast: Metin Kortak

Decipher Podcast: Metin Kortak

Below is a lightly edited transcript from the podcast conversation. Lindsey O’Donnell Welch: This is Lindsey O’Donnell Welch with Decipher and I’m here today with Metin Kortak, CISO with Rhymetec. Thank you so much for coming on today. It’s really nice to speak to you? Metin Kortak: Thank you very much for having me. Lindsey … Read more

Categories duo

News Alert: INE Security lays out strategies for optimizing security teams to mitigate AI risks

Cary, NC, June 20, 2024, CyberNewsWire — 2024 is rapidly shaping up to be a defining year in generative AI. While 2023 saw its emergence as a potent new technology, business leaders are now grappling with how to best leverage its transformative power to grow efficiency, security, and revenue. With the near-universal integration of AI … Read more

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the “Facebook” module (pkfacebook) from Promokit.eu for PrestaShop. The vulnerability, CVE-2024-36680, allows a guest to perform SQL injection attacks on affected module versions. CVE-2024-36680 – Vulnerability Details The vulnerability stems from the Ajax script, which contains a sensitive SQL call that can be executed with a trivial HTTP … Read more

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user information, including names and financial details, is vulnerable to exploitation by criminals.  The leaked information can be used for phishing attacks, financial fraud, and even harassment, as these illegal OTT services often operate under the radar. This makes it difficult to … Read more

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart from typical Distributed Denial of Service (DDoS) botnets. Discovered by the XLab Cyber Threat Insight Analysis (CTIA) system on May 20, 2024, Zergeca has already demonstrated its potential to cause significant disruption. This article delves into the intricate details of Zergeca, … Read more

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to execute arbitrary code on the server. An attacker can exploit these vulnerabilities by sending a specially crafted email to an administrator.  When the administrator views the email while logged into the admin panel, the attacker can inject malicious scripts and gain … Read more

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and valuable information, including API keys, logins, and other useful data kept within these storage solutions. These storage solutions’ centralized and often inadequately protected nature makes them exceptional targets for the threat actors. Cybersecurity analysts at DATADOG Security Labs discovered that hackers … Read more

Hackers Weaponizing Windows Shortcut Files for Phishing

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs, folders, or websites. Created automatically during shortcut creation or manually by users, LNK files contain the target location and other information useful for threat intelligence.  It includes details like the machine identifier where the LNK was built, volume labels, and drive … Read more

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as an executable disguised as a Word document attached to phishing emails.  It uses evasion techniques to avoid detection and analysis. Then it downloads a malicious payload through an HTTPS request, as the loader is signed with an expired legitimate certificate or … Read more

Chinese UNC3886 Actors Exploiting VMware, Fortinet 0-days For Spying

In 2021, UNC3886, a suspected China nexus cyber espionage actor, was found to be targeting strategic organizations on a large scale, utilizing multiple vulnerabilities in FortiOS and VMware to install backdoors on the infected machines. Fortinet and VMware have released patches to fix the vulnerabilities. However, further investigations on the threat actor’s attack vector revealed … Read more

Cyber A.I. Group Announces the Engagement of Walter L. Hughes as Chief Executive Officer

Cyber A.I. Group, Inc., an early stage cybersecurity, A.I. and IT services company, announced today the engagement of Walter L. Hughes as Chief Executive Officer. The announcement was made by A.J. Cervantes, Jr., Executive Chairman of Cyber A.I. Group and Chairman of Trilogy Capital Group, LLC, Cyber A.I.’s founding shareholder.  Walter Hughes has had an … Read more