Using Legitimate GitHub URLs for Malware
Interesting social-engineering attack vector: McAfee released a report on a new LUA malware loader distributed through what appeared to be…
Security
Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities
A financially motivated group named GhostR claims the theft of a sensitive database from World-Check and threatens to publish it.…
Wallarm’s Open Source API Firewall debuts at Blackhat Asia 2024 – Introduces Key New Features & Functionalities
Wallarm introduced its ongoing Open Source API Firewall project to the world at the recently concluded Blackhat Asia 2024 conference…
Windows DOS-to-NT flaws exploited to achieve unprivileged rootkit-like capabilities
Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve rootkit-like capabilities. SafeBreach researcher Or…
A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites
Japan’s CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads to the server. Japan’s…
Quick Byte: Top Cyber News of the Week (14th to 20th April, 2024)
India ranks 10th in cybercrime as per the recent “World Cybercrime Index” In the recently released “World Cybercrime… The post…
Akira ransomware received $42M in ransom payments from over 250 victims
Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments.…
DuneQuixote campaign targets the Middle East with a complex backdoor
Threat actors target government entities in the Middle East with a new backdoor dubbed CR4T as part of an operation…
Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free…
Critical CrushFTP zero-day exploited in attacks in the wild
Threat actors exploited a critical zero-day vulnerability in the CrushFTP enterprise in targeted attacks, Crowdstrike experts warn. CrushFTP is a…