Digital Risk Protection

Digital Risk Protection Page 1

Malwarebytes Flags Google YouTube Malicious App

Malwarebytes mistakenly flags Google and YouTube as malicious

Numerous users reported that they had experienced inaccessibility to websites and services on Google and YouTube. Malwarebytes admitted and addressed the inconvenience after unintentionally flagging both platforms as malicious. The incident resulted in the massive distribution of malware notifications, indicating that all websites from google subdomains contained malware. An affected user stated that Malwarebytes might...
Continue Reading
GIFShell Attack Software Exploit MS Teams Chat App Messaging

GIFShell attack tool utilised to exploit the MS Teams

Researchers have identified a newly discovered malicious technique called GIFShell after abusing the MS Teams. Based on reports, the tool’s operators could use this strategy to deploy phishing attacks and perform commands through GIFs. The primary component of the attack is a GIFShell that could enable an actor to manifest a reverse shell. The reverse...
Continue Reading
Xalan-J Flaw Vulnerability Cyberattackers Arbitrary Code Execution

The Xalan-J flaw could grant attackers arbitrary code execution

A crucial flaw in Xalan-J could enable malicious entities to run arbitrary code execution. Xalan-J is an Apache project utilised by several SAML implementations. The Extensible Stylesheet Language Transformations (XSLT) is a markup language that can change XML documents into other formats, such as HTML. In addition, Xalan-J is a Java version implementation of an...
Continue Reading
Air Gap Systems New Threats GAIROSCOPE Attack Vector ETHERLED

Air-gapped systems face new threats circulating in the wild

According to a cybersecurity threat report, cyberattacks against air-gapped systems have increased significantly this year. The advisory revealed that removable devices such as hard drives, memory cards, and USB drives were responsible for over 50% of cyberattacks this year. The report became worrying for researchers as the attack has risen by more than 20% since...
Continue Reading
Cyberattacks Microsoft Excel 2022 Threat Actors Macro

Cyberattacks utilising Microsoft Excel have dropped for 2022

New studies reveal that Microsoft Excel being utilised for cybercriminal activities, such as malware propagation, has dramatically declined since July this year. Researchers focusing on this study explained that from June to the end of July, cyberattacks utilising Excel have dropped by about 9.3%. According to experts, the findings could likely be due to Microsoft’s...
Continue Reading
Linux Kernel Cyber Threat DirtyCred Vulnerability Exploit Dirty Pipe Security Flaw

Linux Kernel will face a new threat with DirtyCred vulnerability

A new threat advisory for Linux users has been released, emphasising the existence of the DirtyCred vulnerability. Many researchers believed this flaw would be Dirty Pipe’s successor – the most destructive exploit against the Linux kernel. Based on reports, DirtyCred’s exploitation methods are more standard but effective than Dirty Pipe’s. Moreover, the method of its...
Continue Reading
Evil PLC attack Threat Campaign PLC Programmable Logic Controller Industrial Infiltration Vulnerability

Evil PLC attack, a threat campaign that weaponises PLCs

A newly discovered threat campaign called Evil PLC attack infiltrates engineering workstations using weaponised Programmable Logic Controllers. This threat campaign was initiated by threat actors who were fancied with PLC since it can cause disruption, damage, and changes to processes it controls. The Evil PLC attack affects several industrial automation firms such as Emerson, B&R,...
Continue Reading
Malicious Browser Extension Exploit Adware Malware DealPlay Spoofing

Malicious browser extensions impacted millions of people this year

Recent cybersecurity research revealed that millions of users are affected by malicious browser extensions. The study tallied nearly seven million users, of whom 70% were affected by obfuscated adware containing malicious ads. The telemetry data collected showed a report of more than 1.3 million attempts by users to install malicious extensions in the first half...
Continue Reading
Fake DDoS Protection Pages Wordpress Unaware Users Infection

Fake DDoS protection pages could infect unaware users

Several WordPress websites can infect malware after threat actors display fake Cloudflare DDoS protection pages. Distributed Denial-of-Service (DDoS) protection pages are affiliated with browser checks run by CDN/WAF services, verifying whether the website visitor is a legitimate user or a bot. DDoS protection pages are associated with browser checks performed by WAF/CDN services, verifying whether...
Continue Reading
Amazon Android Mobile App Ring Critical Vulnerability Privacy Flaw Security Camera Alarm System

Amazon Android app ‘Ring’ found with a critical privacy flaw

Amazon Android app, ‘Ring,’ used for monitoring one’s properties from any place, was found with a high-severity flaw that hackers could abuse to steal saved camera recordings, potentially compromising people’s privacy. With over 10 million downloads from users worldwide, the flaw in the Amazon Android app could have exposed people’s privacy to hackers, assuming that...
Continue Reading
1 2 3 28