Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer

16/01/2025 0 Comments 0 tags

Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. “In both campaigns, attackers hid

Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions

16/01/2025 0 Comments 0 tags

Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that’s designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration. “A simple misconfiguration

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

16/01/2025 0 Comments 0 tags

Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

16/01/2025 0 Comments 0 tags

You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for

Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager

16/01/2025 0 Comments 0 tags

Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure.

Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws

16/01/2025 0 Comments 0 tags

Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the

Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99

15/01/2025 0 Comments 0 tags

The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver

Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes

15/01/2025 0 Comments 0 tags

Cybersecurity researchers have alerted to a new malvertising campaign that’s targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google.

The High-Stakes Disconnect For ICS/OT Security

15/01/2025 0 Comments 0 tags

Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn’t just ineffective—it’s high risk. In the rapidly evolving

Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool

15/01/2025 0 Comments 0 tags

As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a