Security Threat – Page 2

Fileless Malware Abuses Windows Event Logs

A sophisticated attack campaign was detected using a never-before-seen technique to stealthily plant fileless malware on targeted machines. Researchers revealed the newly adopted technique involves injecting shellcode directly into Windows event…

PravinKarthik May 8, 2022

Heroku detailed Investigation report on GitHub OAuth Token Theft

Salesforce platform-as-a-service provider Heroku has revealed that the April hack, which saw OAuth tokens for Microsoft GitHub integration downloaded by a threat actor, went further than initially thought, with customer…

PravinKarthik May 7, 2022

CISCO Patches VM Escape bug in its NFV Software

Administrators need to patch their Cisco Enterprise Network Function Virtualisation Infrastructure Software (NFVIS) to address several critical flaws, tracked as CVE-2022-20777 rated as 9.9 out of 10 CVSS. Attackers could…

PravinKarthik May 5, 2022

TLStrom 2.0 Affects Network Switches

Researchers have uncovered five critical vulnerabilities in the implementation of Transport Layer Security in network switches used in millions of enterprises, dubbed as TLStorm 2.0, a sequel to three vulnerabilities…

PravinKarthik May 4, 2022

Netatalk Vulnerability in Multiple NAS Devices

Users of Synology and QNAP NAS devices are advised to be on the lookout for patches for several critical vulnerabilities affecting Netatalk, an open-source implemention of the Apple Filing Protocol (AFP)…

PravinKarthik April 29, 2022

Bumblebee malware the new Sophisticated Buzz

Multiple waves of attacks are underway that feature a sophisticated new malware loader dubbed Bumblebee, stealthier by nature that fetches shellcode and second-stage tools, such as Cobalt Strike, Sliver, and Meterpreter possibly…

PravinKarthik April 29, 2022

Nimbuspwn from Linux Threatens

The Microsoft 365 Defender Research Team has discovered two Linux privilege escalation flaws tracked as CVE-2022-29799 and CVE-2022-29800 dubbed as Nimbuspwn, which can be exploited by attackers to conduct various…

PravinKarthik April 27, 2022

Java Digital Signature Bypass Vulnerability

Security researcher Khaled Nassar released a PoC code for a new digital signature bypass vulnerability, tracked as CVE-2022-21449 with CVSS score: 7.5 in Java. An unauthenticated attacker with network access via multiple…

PravinKarthik April 24, 2022