Russian Government and IT Organizations Targeted in New Cyber Campaign In the world of cybersecurity, a new threat has emerged targeting the Russian government and IT organizations. This insidious campaign, dubbed EastWind, is designed to infiltrate systems and steal sensitive information. Spear-phishing tactics are being employed to deliver a slew of backdoors and trojans, posing…
Beware of Fake Libraries on PyPI In the vast world of coding, programmers often depend on libraries to streamline their work and enhance their projects. However, with convenience comes the risk of encountering malicious entities lurking in the shadows. A recent discovery by cybersecurity researchers has shed light on a fake package located on the…
Raziskovalci so preiskovali uporabo lažnih posodobitev iOS s strani zlonamernih akterjev za vzpostavitev trajnega dostopa do kompromitiranih naprav s celovito analizo življenjskega cikla napada, preučevanjem začetne kompromitacije naprave, operacij znotraj naprave, eksfiltracije podatkov in celotne grožnje. Študija poudarja edinstvene izzive varovanja mobilnih naprav v primerjavi s tradicionalnimi omrežnimi obrobji, izpostavljajoč potrebo po večplastnih obrambnih strategijah…
Unveiling Security Flaws in Google’s Quick Share Utility A recent discovery has revealed up to 10 security vulnerabilities within Google’s Quick Share data transfer utility for Android and Windows. These vulnerabilities could potentially be exploited to trigger a remote code execution (RCE) chain on systems where the Quick Share software is installed. Understanding the Quick…
Ongoing Malware Campaign Targets Google Chrome and Microsoft Edge Users In the ever-evolving landscape of cyber threats, a nefarious malware campaign has been making waves by targeting users of popular web browsers like Google Chrome and Microsoft Edge. This campaign involves the installation of rogue browser extensions through the distribution of a trojan via fake…
Unpatched Zero-Day Vulnerability in Microsoft Office Microsoft has recently revealed an unpatched zero-day vulnerability in its Office suite software that has the potential to expose sensitive information to malicious threat actors if successfully exploited. Tracked under the identifier CVE-2024-38200 with a severity score of 7.5 on the CVSS scale, this security flaw has been classified…
14. julija 2024 so raziskovalci na VirusTotal s pomočjo pravil za lovljenje VBA makrov identificirali zlonamerni dokument, zamaskiran kot PayPal potrdilo. Ob analizi so našli vdelane zlonamerne makre, ki so prenesli PowerShell nalagalnik z imenom ‘8eef4df388f2217caec3dc26.ps1’, ki je z uporabo reflektivnega nalaganja razširil ransomware. Povezava z ransomware skupinami kot NETWALKER nakazuje na sofisticiran napad, ki…
Critical Flaws Found in Amazon Web Services (AWS) Cybersecurity researchers recently uncovered several critical vulnerabilities in Amazon Web Services (AWS) that have the potential to cause significant damage if exploited successfully. These flaws pose a range of risks, from remote code execution to complete user takeover, granting attackers extensive administrative privileges and the ability to…
Microsoft Discloses Medium-Severity Security Flaws in OpenVPN Software Microsoft recently brought to light four medium-severity security vulnerabilities in the widely used OpenVPN software, an open-source tool known for its reliability in creating secure virtual private networks (VPNs). These vulnerabilities, if exploited in a specific sequence, could potentially lead to severe consequences such as remote code…
Cybersecurity Flaw Unveiled in Sonos Smart Speakers In a recent discovery by cybersecurity researchers, vulnerabilities have been exposed in Sonos smart speakers that could potentially allow malicious individuals to eavesdrop on users without their knowledge. These vulnerabilities have been identified as concerning weaknesses in the secure boot process of Sonos devices, enabling attackers to compromise…