'

Citrix Warns of Critical NetScaler Console Flaw

Citrix Warns of Critical NetScaler Console Flaw

Citrix has fixed a critical-severity vulnerability in NetScaler Console, its cloud-based monitoring and management product, which if exploited could give attackers unauthorized access to sensitive data. The flaw (CVE-2024-6235), which scores 9.4 out of 10 on the CVSS scale, stems from improper authentication and could be exploited with an attacker that has access to a … Read more

Categories duo

New OpenSSH CVE-2024-6409 Flaw Emerges

New OpenSSH CVE-2024-6409 Flaw Emerges

Some versions of OpenSSH contain a serious vulnerability–distinct from CVE-2024-6387 disclosed last week–that can potentially remote code execution. The bug was discovered during the analysis of the other OpenSSH flaw last month, but was not disclosed at the same time because some of the affected vendors did not have a fix ready in time. The … Read more

Categories duo

US, Australian Governments: APT40 Poses Ongoing Threat

US, Australian Governments: APT40 Poses Ongoing Threat

Agencies in the U.S., Australia and a number of other countries are warning of the ongoing threat posed by the PRC state-sponsored group known as APT40, which they said has repeatedly targeted Australian networks and government agencies, as well as private sector organizations globally. Tuesday’s joint advisory by the U.S., Australia, UK, Canada and New … Read more

Categories duo

New Eldorado Ransomware Attacking Windows And Linux Systems

New Eldorado Ransomware Attacking Windows And Linux Systems

Ransomware-as-a-service (RaaS) has evolved into sophisticated enterprise-like model. From 2022 to 2023, ransomware programs advertised on the dark web increased by half, with 27 ads identified. The RAMP forum was made the main hub of hiring for ransomware. Attacks published on specific leak sites rose by a margin of 74% which reached 4,583 in 2023. … Read more

Passkeys Available for Passkeys high-risk Users in the Advanced Protection Program

Passkeys Available for Passkeys high-risk Users in the Advanced Protection Program

Google has announced the integration of passkeys into its Advanced Protection Program (APP). This development aims to provide an easier and more secure alternative to traditional passwords, enhancing protection against common cyber threats such as phishing, malware, and unauthorized data access. What is a Passkey? Passkeys represent a revolutionary step forward in digital security. Unlike … Read more

Chinese APT40 Is Ready To Exploit New Vulnerabilities Within Hours Of Release

Chinese APT40 Is Ready To Exploit New Vulnerabilities Within Hours Of Release

Multiple international cybersecurity agencies jointly warn of a PRC state-sponsored cyber group, linked to the Ministry of State Security and known by various names like  APT40, Leviathan.  The group, based in Hainan Province, has targeted organizations globally, including in Australia and the US.  The Australian authorities recently released an advisory that provides case studies of … Read more

Scammers Offering Fraud-as-a-service to Other Scammers to Drain Victims Funds

Scammers Offering Fraud-as-a-service to Other Scammers to Drain Victims Funds

Scammers no longer need to possess technical expertise or devise intricate fraud schemes. The rise of Fraud-as-a-Service (FaaS) has revolutionized scam execution, making it easier for even inexperienced fraudsters to prey on unsuspecting victims. This article delves into the workings of a sophisticated scam gang specializing in classifieds-website scams. It highlights the gang’s roles and … Read more

U.S. Disrupts AI-Powered Russian State-Sponsored Hackers Bot Farm

U.S. Disrupts AI-Powered Russian State-Sponsored Hackers Bot Farm

In collaboration with international partners, the U.S. Federal Bureau of Investigation (FBI) and the Cyber National Mission Force (CNMF) have successfully disrupted a sophisticated AI-powered bot farm operated by Russian state-sponsored hackers. The bot farm, known as Meliorator, was used to disseminate disinformation and influence public opinion across various countries, including the United States. This … Read more

Microsoft Patch Tuesday, July 2024 Edition

Microsoft Patch Tuesday, July 2024 Edition

Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users. The first Microsoft zero-day this month is CVE-2024-38080, a bug in the Windows Hyper-V component … Read more

How to Unearth Ransomware, Infostealer Trends From Malicious Domain Data

How to Unearth Ransomware, Infostealer Trends From Malicious Domain Data

Ben Nahorney, threat intelligence analyst with Cisco, gives an inside look at Cisco’s “Cyber Threat Trends Report: From Trojan Takeovers to Ransomware Roulette” and talks about how his team digs into malicious DNS activity to unearth new insights about threat actor activity involving information stealers, ransomware and trojans. Below is a lightly edited transcript of … Read more

Categories duo

Universal Code Execution Vulnerability In Browsers Puts Millions Of Users At Risk

Universal Code Execution Vulnerability In Browsers Puts Millions Of Users At Risk

Hackers remotely execute malicious code on a compromised device or server by exploiting the Universal Code Execution vulnerability. Through this vulnerability, threat actors can inject codes into server-side interpreter languages such as Java, Python, and PHP. Hacking into this security flaw can steal information, divert money to other accounts, perform surveillance, and even severely affect … Read more