Numerous users reported that they had experienced inaccessibility to websites and services on Google and YouTube. Malwarebytes admitted and addressed the inconvenience after unintentionally flagging both platforms as malicious. The incident resulted in the massive distribution of malware notifications, indicating that all websites from google subdomains contained malware. An affected user stated that Malwarebytes might...Continue Reading
Researchers have identified a newly discovered malicious technique called GIFShell after abusing the MS Teams. Based on reports, the tool’s operators could use this strategy to deploy phishing attacks and perform commands through GIFs. The primary component of the attack is a GIFShell that could enable an actor to manifest a reverse shell. The reverse...Continue Reading
A crucial flaw in Xalan-J could enable malicious entities to run arbitrary code execution. Xalan-J is an Apache project utilised by several SAML implementations. The Extensible Stylesheet Language Transformations (XSLT) is a markup language that can change XML documents into other formats, such as HTML. In addition, Xalan-J is a Java version implementation of an...Continue Reading
According to a cybersecurity threat report, cyberattacks against air-gapped systems have increased significantly this year. The advisory revealed that removable devices such as hard drives, memory cards, and USB drives were responsible for over 50% of cyberattacks this year. The report became worrying for researchers as the attack has risen by more than 20% since...Continue Reading
New studies reveal that Microsoft Excel being utilised for cybercriminal activities, such as malware propagation, has dramatically declined since July this year. Researchers focusing on this study explained that from June to the end of July, cyberattacks utilising Excel have dropped by about 9.3%. According to experts, the findings could likely be due to Microsoft’s...Continue Reading
A new threat advisory for Linux users has been released, emphasising the existence of the DirtyCred vulnerability. Many researchers believed this flaw would be Dirty Pipe’s successor – the most destructive exploit against the Linux kernel. Based on reports, DirtyCred’s exploitation methods are more standard but effective than Dirty Pipe’s. Moreover, the method of its...Continue Reading
A newly discovered threat campaign called Evil PLC attack infiltrates engineering workstations using weaponised Programmable Logic Controllers. This threat campaign was initiated by threat actors who were fancied with PLC since it can cause disruption, damage, and changes to processes it controls. The Evil PLC attack affects several industrial automation firms such as Emerson, B&R,...Continue Reading
Recent cybersecurity research revealed that millions of users are affected by malicious browser extensions. The study tallied nearly seven million users, of whom 70% were affected by obfuscated adware containing malicious ads. The telemetry data collected showed a report of more than 1.3 million attempts by users to install malicious extensions in the first half...Continue Reading
Several WordPress websites can infect malware after threat actors display fake Cloudflare DDoS protection pages. Distributed Denial-of-Service (DDoS) protection pages are affiliated with browser checks run by CDN/WAF services, verifying whether the website visitor is a legitimate user or a bot. DDoS protection pages are associated with browser checks performed by WAF/CDN services, verifying whether...Continue Reading
Amazon Android app, ‘Ring,’ used for monitoring one’s properties from any place, was found with a high-severity flaw that hackers could abuse to steal saved camera recordings, potentially compromising people’s privacy. With over 10 million downloads from users worldwide, the flaw in the Amazon Android app could have exposed people’s privacy to hackers, assuming that...Continue Reading
