Exploits
LockBit Ransomware Affiliates Leverage Citrix Bleed Vulnerability (CVE-2023-4966)
Citrix Bleed is being leveraged by LockBit ransomware affiliates to compromise organizations using CVE-2023-4966 ...
Impact of Badbox and Peachpit Malware on Android Devices
Explores the Badbox and Peachpit malware on Android devices and home networks which granted illegitimate users backdoor access ...
RunC Flaw Exploits: Prevent Hackers From Gaining Host Access
In recent developments, security researchers have unveiled a series of high-severity vulnerabilities, collectively named ‘Leaky Vessels,’ or the RunC flaw exploits impacting key container infrastructure components such as Docker and runC. These ...
PolyCrypt Runtime Crypter Being Sold On Cybercrime Forums
We discuss the use of crypters and more specifically Polycrypt and how it can be used to evade detection and infect victims ...
New iPhone Exploit Uses Four Zero-Days
Kaspersky researchers are detailing “an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky.” It’s a zero-click exploit ...
Shield Your Device: Mitigating Bluetooth Vulnerability Risks
In the ever-evolving landscape of cybersecurity, a significant Bluetooth security flaw has emerged, posing a threat to devices operating on Android, Linux, macOS, and iOS. Tracked as CVE-2023-45866, this flaw allows threat ...
CACTUS Qlik Ransomware: Vulnerabilities Exploited
A cyberattack campaign dubbed the CACTUS Qlik Ransomware has become prominent in ransomware attacks on BI systems. Researchers have warned of threat actors exploiting three Qlik security vulnerabilities to target different organizations ...
New Windows/Linux Firmware Attack
Interesting attack based on malicious pre-OS logo images: LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible ...
Active Exploitation of High-Severity SLP Vulnerability
CISA has put a spotlight on a high-severity Service Location Protocol (SLP) vulnerability. CISA has bumped it up to the Known Exploited Vulnerabilities catalog. Why the fuss? Well, there’s evidence of bad ...
Atom Keylogger – The Budget Friendly Malware For Aspiring Cybercriminals
Atom Keylogger is an inexpensive and easy-to-use keylogging tool being sold on cybercrime forums that records keystrokes and other user activity ...