China-Linked ‘Muddling Meerkat’ Hijacks DNS to Map Internet on Global Scale

29/04/2024 0 Comments 0 tags

A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019. Cloud

Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023

29/04/2024 0 Comments 0 tags

Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as

Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM

29/04/2024 0 Comments 0 tags

It comes as no surprise that today’s cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic

Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover

29/04/2024 0 Comments 0 tags

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an “adversary

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

28/04/2024 0 Comments 0 tags

Identity and access management (IAM) services provider Okta has warned of a spike in the “frequency and scale” of credential stuffing attacks aimed at online services. These unprecedented attacks, observed

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

27/04/2024 0 Comments 0 tags

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which

Bogus npm Packages Used to Trick Software Developers into Installing Malware

27/04/2024 0 Comments 0 tags

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is

Severe Flaws Disclosed in Brocade SANnav SAN Management Software

26/04/2024 0 Comments 0 tags

Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

26/04/2024 0 Comments 0 tags

Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote

New ‘Brokewell’ Android Malware Spread Through Fake Browser Updates

26/04/2024 0 Comments 0 tags

Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. “Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware,”