Intel
The Apache Software Foundation (ASF) has released updates to address a severe SQL injection vulnerability in Apache Traffic Control, identified as CVE-2024-45387. Facing a critical Common Vulnerability Scoring System (CVSS) score of 9.9, this flaw impacts the robust Traffic Control solution, which allows operators to establish scalable and distributed
Cybersecurity experts have raised alarms about threat actors exploiting a newly uncovered vulnerability in Apache Struts—labeled CVE-2024-53677. This flaw carries a critical CVSS score of 9.5, underscoring its severity. Exploiting this vulnerability could allow attackers to upload harmful files, leading to potential remote code execution. According to an
Phishing attacks are evolving as cybercriminals find creative ways to infiltrate user inboxes. A recent campaign is exploiting Google Calendar invites and Google Drawings to deceitfully harvest user credentials while evading spam detection. Platform Abuse The tactic leverages Google Calendar invites, cleverly embedding phishing links within event descriptions or attachments.
The Russia-linked cyber espionage unit APT29—known by various aliases including Cozy Bear and Nobelium—has adapted red teaming tactics to perpetrate rogue RDP attacks. This campaign, primarily targeting governmental and academic sectors, marks a sophisticated step in the group's cyber activities. Cyber Group Identity APT29, also recognized
Recent discoveries have revealed a series of harmful Visual Studio Code (VSCode) extensions infiltrating the VSCode marketplace, designed to unleash heavily disguised PowerShell payloads. These attacks focus on software developers and the cryptocurrency sector, posing a significant risk through supply chain vulnerabilities. Timeline and Discovery According to a report by
The FBI has issued a warning regarding a new surge of HiatusRAT malware targeting internet-connected surveillance cameras and DVRs from Chinese brands. The alert, shared through a Private Industry Notification, outlines ongoing scanning campaigns exploiting these vulnerabilities. Emergence and Persistence HiatusRAT, which has been active since July 2022, gained traction
Security analysts have exposed a sophisticated phishing operation targeting an organization in Turkey's defense sector, showcasing the evolving strategies of the threat actor TA397, also known as "Bitter." Phishing Campaign Breakdown According to research by Proofpoint, the campaign utilized spear phishing techniques through emails containing RAR
A recently identified social engineering scheme has taken advantage of Microsoft Teams to distribute the notorious DarkGate malware. Researchers at Trend Micro, including Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta, revealed how attackers impersonate clients via Teams calls to gain unauthorized access to victims' systems. During these attacks, threat
A serious security flaw in Apache Struts 2, identified as CVE-2024-53677, is currently being exploited by attackers using public proof-of-concept exploits to locate susceptible devices. Apache Struts is a widely used open-source framework for Java-based web applications, utilized by industries such as government, finance, e-commerce, and aviation. Vulnerability Details The