Kaspersky Published a Report on Malicious Browser Extensions
Blog Malicious Browser Extensions Kaspersky’s report highlights the rise of malicious browser extensions that steal cryptocurrency and perform web injects. Kaspersky analyzed threat statistics by processing data voluntarily shared by its users for the period from January 2020 to June 2022. According to this data, during the first half of this year, 1,311,557 users tried to […]
Google Has Released an Update for the New Chrome Zero-Day Vulnerability
Blog Chrome Zero-Day Vulnerability Google has released security updates for many vulnerabilities, including the zero-day vulnerability for the Chrome browser. These defects are known to be actively exploited in the wild. Defined as a case of insufficient validation of untrusted inputs in Intents, the flaw is tracked with code CVE-2022-2856 (CVSS: N/A). The firm refrained […]
13 Organizations Targeted by Chinese-Linked APT41 and a New Wave of Cobalt Strike Infections
Blog APT41 APT41, one of the state-sponsored ex-hacker groups, breached government networks in six US states in March 2022, including by exploiting a vulnerability in a livestock management system, according to Mandiant researchers. Cybersecurity firm Group-IB’s investigations resulted in nearly 80 proactive notifications of APT41 attacks against their infrastructure to private and government organizations worldwide. […]
WordPress Sites Hacked with Fake Cloudflare DDoS Alerts
Blog WordPress Sites Hacked with Fake Cloudflare DDoS Alerts: Attackers are tricking users into downloading malware. WordPress Sites Hacked DDoS protection pages typically verify whether the site visitor is actually a human or part of a Distributed Denial of Service (DDoS) attack or other unwanted bot. Bad bots make up a large portion of web […]
CISA Warning Against Active Exploitation of Palo Alto Networks’ PAN-OS Vulnerability
Blog This blog is about CISA’s warning regarding the active exploitation of a Palo Alto Networks PAN-OS vulnerability. PAN-OS vulnerability. CISA added Palo Alto Networks PAN-OS to its Catalog of Known Exploited Vulnerabilities based on evidence of active exploitation This critical vulnerability is tracked with code CVE-2022-0028 (CVSS: 8.6 High). The vulnerability is the misconfiguration […]
Iranian Threat Actor MERCURY Exploits Log4j 2 Vulnerabilities in Unpatched Systems
Blog The Iranian threat actor MERCURY has been exploiting unpatched Log4j 2 vulnerabilities in SysAid applications to target organizations, highlighting the critical need for timely security updates. The Iranian threat actor MERCURY The Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team found that Iran-based threat actor MERCURY exploited Log4j 2 vulnerabilities in […]
LastPass Password Manager with 25 Million Users Hacked
Blog LastPass Password Manager Hacked, compromising encrypted password vaults and personal information of its 25 million users. LastPass Password Manager Hacked LastPass, one of the world’s largest password managers, has confirmed that it has been hacked. The company revealed that threat actors stole some of the company’s source code and some proprietary LastPass technical information. […]
The fake ‘Internet Download Manager’ Chrome Extension Has Been Downloaded Over 200,000 Times
Blog The fake ‘Internet Download Manager’ Chrome extension, masquerading as a legitimate tool, has been downloaded over 200,000 times. The fake Chrome extension The adware ‘Internet Download Manager’ Google Chrome extension has been installed by more than 200,000 users. According to reviews, this extension has been on the Chrome Web Store since June 2019. The […]
Chinese Threat Actors APT40 Targets Energy Sector in Australia and the South China Sea
Blog APT40, a Chinese state-sponsored hacking group, targets Energy Sector in Australia and the South China Sea. Chinese Threat Actors APT40 The Chinese state-owned threat actor, APT40, targets Australian government agencies, Australian media companies and manufacturers that maintain wind turbine fleets in the South China Sea. Cybersecurity firm Proofpoint, which works in collaboration with PwC, […]
The Importance of Attack Surface Management for Organizations
Blog Understand why attack surface management is crucial for organizations, focusing on how it helps identify, monitor, and secure exposed assets to mitigate potential cyber threats. The Importance of Attack Surface Management for Organizations Today, with the transition of organizations from traditional business processes to digital business processes, the likelihood of organizations facing the risk […]