KrofekSecurity

Cybersecurity Alert: Malicious Python Packages Targeting Developers In a recent discovery, cybersecurity researchers have revealed a sneaky scheme involving malicious Python packages aimed directly at software developers. These deceptive packages masquerade as coding assessments, but in reality, they are designed to infiltrate systems and compromise security. The Setup: The discovery unfolded when researchers traced the…

Ivanti Addresses Critical Vulnerabilities in Endpoint Manager Ivanti recently issued software updates to tackle several security flaws affecting its Endpoint Manager (EPM) platform. Among these vulnerabilities are 10 critical threats that, if exploited, could potentially lead to remote code execution. One notable flaw is identified by the CVE-2024-29847 code, boasting a perfect 10.0 CVSS score….

Microsoft Unveils Patch Tuesday Updates for September 2024 On Tuesday, Microsoft revealed three new security weaknesses in the Windows platform that have fallen prey to active exploitation. These vulnerabilities have come to light as part of the Patch Tuesday update for September 2024. The Patch Tuesday release encompasses a comprehensive review of 79 vulnerabilities, bringing…

The Rise of CosmicBeetle and ScRansom The cybersecurity world is abuzz with the news of a new custom ransomware strain named ScRansom, unleashed by the notorious threat actor known as CosmicBeetle. CosmicBeetle has shifted gears and moved away from its previous ransomware tool, Scarab, to this new and improved version. Targeted Attacks on Small- and…

Shadow Apps: A Risky Business in IT Security In the realm of IT security, there exists a covert operation that goes by the name of Shadow IT. Within this clandestine network lies a particularly risky segment known as Shadow Apps. Imagine them as renegade software applications that enter the organization incognito, purchased without the blessing…

Introducing PIXHELL: A Cunning Side-Channel Attack A sneaky new side-channel attack named PIXHELL has emerged on the IT security scene, proving to be a formidable threat for air-gapped computers. The attack method cunningly breaches the “audio gap” that separates such computers from the outside world. By leveraging the noise emitted by the pixels on the…

Mustang Panda Upgrades Malware Arsenal for Data Exfiltration In the ever-evolving landscape of cyber threats, the threat actor known as Mustang Panda has been making strategic advancements in their malware arsenal. According to recent findings from Trend Micro, this group has been refining their tools to not only facilitate data exfiltration but also streamline the…