The GAZEploit Vulnerability: A Threat to Apple’s Vision Pro Headset Recently, a security loophole known as GAZEploit has surfaced, posing a risk to Apple’s Vision Pro mixed reality headset. This vulnerability, now under the CVE identifier CVE-2024-40865, once exploited, could provide cyber attackers with the means to extract data entered via the headset’s virtual keyboard….
Teen Arrested for Cyber Attack on Transport for London British authorities have made a significant breakthrough in a cyber attack case related to Transport for London (TfL). The arrest of a 17-year-old male from Walsall has been reported in connection with the incident. The U.K. National Crime Agency (NCA) released a statement mentioning that the…
Malicious Actors Exploit Progress Software WhatsUp Gold Security Flaws Recently, there has been a surge in opportunistic cyber attacks leveraging publicly available proof-of-concept (PoC) exploits targeting newly disclosed security vulnerabilities in Progress Software WhatsUp Gold. This activity, which began on August 30, 2024, just five hours after a PoC was made public for CVE-2024-6670 (scoring…
Clever Tricks of TrickMo: A New Android Banking Trojan In the ever-evolving world of cyber threats, the emergence of a new variant of the infamous Android banking trojan TrickMo has caught the attention of cybersecurity researchers. This updated version is equipped with a range of sophisticated capabilities aimed at bypassing security measures and duping users…
V svetu kibernetske varnosti je izbira pravega partnerja ključnega pomena za zaščito podjetij pred naraščajočimi grožnjami. Med najbolj prepoznavnimi imeni v tej industriji sta CrowdStrike in SentinelOne. Kljub temu, da obe podjetji ponujata napredne rešitve za zaščito pred zlonamernimi napadi, se mnoge stranke odločajo za CrowdStrike. V tem blogu bomo raziskali razloge, zakaj je CrowdStrike…
SCATTERED SPIDER, skupina za izsiljevalsko programsko opremo, izkorišča infrastrukturo v oblaku za ciljanje na sektorje zavarovalništva in financ s pomočjo taktik socialnega inženiringa, kot sta vishing in smishing, za prevaro tarč in pridobitev dostopa do njihovih sistemov. Skupina uporablja ukradene poverilnice, zamenjavo SIM kartic in orodja, ki so naravna za oblak, za vzdrževanje prisotnosti, saj…
GitLab Releases Security Updates to Address Critical Vulnerability GitLab, a popular DevOps platform, recently rolled out security updates to tackle 17 vulnerabilities, one of which has been classified as critical. This critical flaw, identified as CVE-2024-6678, has been assigned a CVSS score of 9.9 out of a possible 10.0. The vulnerability allows an attacker to…
Bank Customers in Central Asia targeted by Emerging Android Malware Bank customers in the Central Asia region have fallen prey to a new strain of Android malware known as Ajina.Banker. This malicious software, discovered by the Singapore-based cybersecurity firm Group-IB in November 2024, aims to steal financial information and intercept two-factor authentication (2FA) messages, posing…
1.3 Million Android TV Boxes Hit by New Malware Vo1d In a recent cyber incident, nearly 1.3 million Android-based TV boxes in 197 countries have fallen victim to a new malware strain called Vo1d, also known as Void. This malware acts as a backdoor, embedding its components in the system storage infrastructure. Once instructed by…
The Dangers of Internet-exposed Selenium Grid Instances A New Target for Bad Actors Selenium Grid, a powerful tool for running test cases in parallel across various browsers and versions, has recently become a prime target for cybercriminals. According to researchers Tara Gould and Nate Bill from Cado Security, these bad actors are exploiting internet-exposed Selenium…