Digital Risk Protection Page 1

Researchers have uncovered a new malicious entity called the Mimic ransomware that could leverage the APIs of the ‘Everything’ file search tool for Windows to scour targeted files for encryption. The newly discovered malware has seemingly targeted English and Russian-speaking individuals.   Emails are the primary vector of the Mimic ransomware to start its attack....Continue Reading

An alleged China-based hacking group exploited a critical flaw in Fortinet’s FortiOS SSL-VPN as a zero-day to drop the BOLDMOVE backdoor. The unidentified Chinese-speaking threat group targeted government entities in European countries and a Managed Service Provider (MSP) based in Africa. According to researchers, the abuse occurred in October last year, a couple of months...Continue Reading

A severe vulnerability found on Lexmark firmware could allow hackers to launch a remote code execution (RCE), which the printer manufacturing company immediately patched. Tracked as CVE-2023-23560, the Lexmark flaw is rated 9.0 in criticality. The flaw is also described as server-side request forgery (SSRF) in Lexmark devices’ Web services feature. It is an attack...Continue Reading

Researchers disrupted the Vastflux ad fraud operation that spoofed over 1,700 apps from 120 publishers, mainly for iOS. The ad fraud campaign was inspired by the vast ad-serving template and the fast flux security bypassing technique employed by hackers to obfuscate malicious code. Threat actors execute this evasion technique by quickly altering multiple IP addresses...Continue Reading

Researchers recently uncovered details about the Orcus RAT campaign that uses a cracked version of the Hangul Word processor to propagate. Hangul is a Korean word-processing program like MS Word. Orcus is a remote access trojan that enables its operators to control an infected system remotely. Researchers first discovered this malicious entity in April 2016,...Continue Reading

A threat actor called Lolip0p has uploaded three malicious packages to the Python Package Index (PyPI) repository containing code for deploying infostealer malware on targeted systems. The author uploaded the packages named ‘colorslib,’ ‘httpslib,’ and ‘libhttps’ earlier this month. Fortunately, all three packages are now removed from the repository.   The threat actor called Lolip0p...Continue Reading

The Cuba ransomware group have been using the BURNTCIGAR loader utility to install a malicious driver signed through MS certificate last month. Based on reports, Microsoft has disclosed that the culprit of the exploitation is targeting the flawed Exchange servers for a critical Server-Side Request Forgery (SSRF) vulnerability. Researchers initially revealed this vulnerability a couple...Continue Reading

A security researcher recently uncovered a critical vulnerability that threat actors abuse to target government systems. Tracked as CVE-2022-42475, the identified flaw has a CVSS score of 9.8 and is abused for taking over a targeted infrastructure. According to reports, numerous FortiOS versions were affected by the vulnerability’s abuse. Hackers have also found the flaw...Continue Reading

A recently fixed Chromium Browser flaw could have allowed threat actors to harvest files containing troves of data from users. Based on reports, the flaw existed in Google Chrome and Chromium-based browsers that hackers could have exploited before the patch. According to an investigation, the issue occurred from the method the browser communicated with symlinks...Continue Reading

Threat actors have found a way to exploit an error reporting tool on Windows to spread the Pupy RAT. Based on reports, the OS’ Windows Problem Reporting feature is used by the Pupy RAT operators to deliver malware on a targeted system. This attack has enabled hackers to infect targeted devices without raising suspicions or...Continue Reading