LockBit Hacker Sentenced To 4 Years Jail Plus Fined $860K
Recent reports about legal proceedings, a 34-year-old Russian-Canadian national, Mikhail Vasiliev, has been handed a sentence of almost four years in Canadian prison. Vasiliev’s involvement in the global ransomware scheme known as LockBit led to this outcome. The United States Department of Justice (DoJ) initially charged him with conspiring to ... Read More
Hackers Target Chinese With Notepad++ and Vnote Installers
In a recent revelation by cybersecurity experts at Kaspersky Labs, a concerning cyber threat has emerged targeting users of popular text editing software in China. This sophisticated attack involves the distribution of altered versions of well-known editors like Notepad++ and Vnote Installers, aimed at infiltrating users’ systems with harmful malware ... Read More
DarkGate Malware Campaign Exploits Patched Microsoft Flaw
The Zero Day Initiative (ZDI) by Trend Micro uncovered a phishing campaign that exploited a patched Microsoft flaw to infect devices with DarkGate malware. CVE-2024-21412 was the Microsoft patch that was exploited by using fake software installers. PDFs containing Google DoubleClick Digital Marketing (DDM) open redirects were used to lure ... Read More
ChatGPT Plugin Security Vulnerabilities Exploited By Hackers
In the realm of cybersecurity, constant vigilance is paramount as threat actors perpetually seek novel ways to exploit vulnerabilities. Recent research has shed light on a concerning trend: the potential misuse of third-party plugins associated with OpenAI’s ChatGPT platform. These ChatGPT plugin security vulnerabilities, intended to enhance user experience and ... Read More
Kubernetes RCE Vulnerability Allows Remote Code Execution
Tomer Peled, an Akamai cybersecurity security researcher, recently discovered a Kubernetes RCE vulnerability that allows threat actors to remotely execute code on Windows endpoints. Not only this but the threat actors can have full system privileges while executing the code. Peled explained how the Kubernetes volumes can be exploited, which ... Read More
Evasive Panda Cyber Attacks: Threat Actor Targets Tibetans
Cybersecurity experts at ESET have come across a malicious campaign that targets Tibetans in many countries by leveraging the website of a religious gathering. Evasive Panda cyber attacks are associated with a China-linked Advanced Persistent Threat (APT) actor. The development comes days after the MoqHao cybersecurity threat that was also ... Read More
Python Snake Info Stealer Spreading Via Facebook Messages
As per recent reports, threat actors are increasingly leveraging Facebook messages to distribute the Python Snake Info Stealer malware. Researchers have noticed that threat actors are using three variants of the information stealer. It’s worth mentioning here that two of these installers are regular Python scripts, whereas the third is ... Read More
Cisco VPN Hijacking Flaw In Secure Client Software Patched
In light of recent events, Cisco has released patches for two high-severity network vulnerabilities in its Secure Client. As per recent reports, vulnerabilities leading to the Cisco VPN hijacking flaw are being tracked as CVE-2024-20337 and CVE-2024-20338. These VPN security vulnerabilities have a severity score of 8.2 and 7.3, respectively. ... Read More
WordPress Brute-Force Attacks: Sites Used As Staging Ground
In a recent discovery by Sucuri, a concerning trend has emerged involving brute-force attacks on WordPress sites through malicious JavaScript injections. These WordPress brute-force attacks stand out for their stealthy approach. Security researcher Denis Sinegubko notes that these attacks specifically target WordPress websites through the browsers of unsuspecting site visitors ... Read More
CISA Adds JetBrains TeamCity Vulnerability To KEV Catalog
The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical JetBrains TeamCity vulnerability, emphasizing the urgent need for users to take preventive measures. The recently discovered flaw has been added to the Known Exploited Vulnerabilities (KEV) Catalog, with evidence of active exploitation. CISA Advisory On JetBrains TeamCity ... Read More