Windows Drive-By RCE Haunts.!
A drive-by remote code execution (RCE) vulnerability in Windows 10 that can be triggered simply by clicking a malicious URL could allow attackers full access to a victim’s files and…
Posted inSecurity
Emotet Directs Cobalt Strike Now !
Emotet now directly installs the Cobalt Strike Beacon, giving threat actors immediate network access and making ransomware attacks imminent. Ironically, Emotet is a malware that spreads by spam emails containing…
Grafana Vulnerability
Open-source analytics and interactive visualization solution Grafana received an emergency update today to fix a high-severity, zero-day vulnerability that enabled remote access to local files. Grafana 8.3.1, 8.2.7, 8.1.8, and…
NodeBB Vulnerability Could Lead RCE
Researchers have recently discovered critical flaws in the open source forum platform NodeBB might allow attackers to steal sensitive information and get access to admin accounts. On GitHub, NodeBB is…
CEELoader added to Nobelium Arsenal
Researchers have identified two distinct clusters of activity, tracked UNC3004 and UNC2652, that were associated with the Russia-linked Nobelium APT group (aka UNC2452). The NOBELIUM APT is the threat actor…
Posted inSecurity
Microsoft Seizes Cyber Espionage Domain
Microsoft has seized 42 domains being used by a Chinese cyber espionage group that has targeted organizations in the U.S. and other countries.The group, called “Nickel” by Microsoft but better…
XS-Leaks in Modern Browsers
Researchers have discovered 14 new types of cross-site data leakage attacks against a number of modern web browsers, including Tor Browser, Mozilla Firefox, Google Chrome, Microsoft Edge, Apple Safari, and…
Malicious Holiday Transactions has seen a Sharp Spike !
Between Thanksgiving and Cyber Monday, 17.46% of all global e-commerce transactions were potentially fraudulent, a report reveals. Those numbers were slightly higher in the U.S. where 19.66% were suspected fraudulent. The number of…