CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

Feb 28, 2023Ravie LakshmananSoftware Security / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 (CVSS score: 7.5), the issue impacts ZK Framework versions 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2, and 8.6.4.1, and allows threat actors to retrieve sensitive information via specially crafted requests.…
Read more

Shocking Findings from the 2023 Third-Party App Access Report

Spoiler Alert: Organizations with 10,000 SaaS users that use M365 and Google Workspace average over 4,371 additional connected apps. SaaS-to-SaaS (third-party) app installations are growing nonstop at organizations around the world. When an employee needs an additional app to increase their efficiency or productivity, they rarely think twice before installing.…
Read more

Dutch Police Arrest 3 Hackers Involved in Massive Data Theft and Extortion Scheme

Feb 27, 2023Ravie Lakshmanan The Dutch police announced the arrest of three individuals in connection with a “large-scale” criminal operation involving data theft, extortion, and money laundering. The suspects include two 21-year-old men from Zandvoort and Rotterdam and an 18-year-old man without a permanent residence.…
Read more

PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks

Feb 27, 2023Ravie LakshmananMalware / Cyber Attack The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. “This file is a legitimate open-source debugger tool for Windows that is generally used to examine kernel-mode and user-mode code, crash dumps, or CPU registers,” Trend Micro researchers Buddy Tancio, Jed Valderama, and Catherine Loveria said in a report published last week.…
Read more

PureCrypter Malware Targets Government Entities in Asia-Pacific and North America

Feb 27, 2023Ravie LakshmananRansomware / Cyber Attack Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. “The PureCrypter campaign uses the domain of a compromised non-profit organization as a command-and-control (C2) to deliver a secondary payload,” Menlo Security researcher Abhay Yadav said.…
Read more

ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks

Feb 27, 2023Ravie LakshmananBrowser Security / Malware A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format. “These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games,” AhnLab Security Emergency response Center (ASEC) said in a report last week.…
Read more

Google Teams Up with Ecosystem Partners to Enhance Security of SoC Processors

Feb 24, 2023Ravie LakshmananMobile Security / Firmware Google said it’s working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what’s called the application processor (AP), it’s just one of the many processors of a system-on-chip (SoC) that cater to various tasks like cellular communications and multimedia processing.…
Read more

Unique Visitors
» 6,294 Today
» 42,130 Yesterday
» 110,112 This Week
» 562,254 This Month
» 3,255,541 This Year
» 19,490,636 Total (since 2019-12-11)
» Record: 205,757 (2023-08-13)
Counter by DarkWeb.Solutions