Author: Admin
February 27, 2025Red LakshmananCriminal software / intelligence threats The new company focuses on the company in Taiwan with malicious software known as Winos 4.0 Within the framework of phishing emails, which are masked as the National Taxation Bureau of the country. A company found last month’s Fortinet Fortiguard Labs, notes out of previous attack chains that used malicious apps related to games. “The sender claimed that the malicious file was a list of enterprises planned for the tax inspection and asked the recipient to transfer the Treasury information,” the security researcher Pai Khan Liao – Note In a report that…
February 27, 2025Hacker NewsArtificial Intelligence / Browser Security Organizations are either already making Genai decisions, evaluating the strategies for integrating these instruments into their business plans, or both. For the management of informed decision-making and effective planning, the availability of rigid data is important-al-olive data remains surprisingly deficient. “Report on Enterprise Genai data safety”By Layerx gives unprecedented ideas about the practical application of AI tools in the workplace, emphasizing critical vulnerabilities. Fighting the real world’s telemetry from Enterprise Layerx, this report is one of the few reliable sources in which the generation is in detail. For example, this shows that…
February 27, 2025Red LakshmananMalicious software / network safety The actor of the threat, known as space pirates, was associated with a malicious company aimed at Russian information technology (IT) with previously unregistered malware programs called Luckystrike Agent. The activity was discovered in November 2024 by the solar, cybersecurity of the Russian state telecommunications company Rostelecom. This is the tracking activity under the name of Erudite Mogwai. The attacks are also characterized by the use of other tools such as Act Ratalso called Shadowpad Light and an individual version Associate utility call Stowawaypreviously used by other China groups. “Erudite Mogwai is…
February 27, 2025Red LakshmananVulnerability / safety network A new malware company focused on Edge device from Cisco, ASUS, Qnap and Synology was noted to redo them into a botnet called Polaredge at least from the end of 2023. French Cybersecurity Company SEKOIA – Note It observed unknown threats that use Cve-2013-20118 (CVSS rating: 6.5), a critical lack of security that affects Cisco Small Business RV016, RV042G, RV082, RV320 and RV325, which can lead to arbitrary commands on sensitive devices. The vulnerability remains unwavering due to the status of routers reaching the end of life (EOL). According to the softening, Cisco…
February 27, 2025Red LakshmananCybercrime / cryptocurrency The Federal Bureau of US Investigation (FBI) has officially linked A record of 1.5 billion BYBIT Hack to North Korean subjects threats as CEO Ben Zhou declared “War against Lazarus.” The agency stated that the Democratic People’s Republic of Korea (North Korea) is responsible for the theft of virtual assets from the cryptocurrency exchange, attributing it to a certain cluster, which it monitors as a Tradertraitor, which is also monitored as neffe wet, slow course and UNC4899. “Actors Tradertraitor are ongoing and transformed some stolen assets into bitcoin and other virtual assets divorced by…
February 26, 2025Red LakshmananEnterprise safety / vulnerability Cybersecurity and US Infrastructure Agency (CISA) accommodate Two safety deficiencies affecting the Microsoft Affiliate Center and Synacor Zimbra Cortoration Suite (ZCS) to their famous exploited vulnerabilities (Ship) A catalog based on evidence of active operation. Considered vulnerabilities following – Cve-2024-49035 (CVSS assessment: 8.7) – Incorrect vulnerability of access control at the Microsoft Affiliate Center, which allows the attacker to develop privileges. (Corrected in November 2024) Cve-2023-34192 (CVSS assessment: 9.0) – Vulnerability within the site (XSS) in Synacor ZCS, which allows a remote authentified attacker to perform an arbitrary code through the created scenario…
February 26, 2025Red LakshmananMalicious software / cryptocurrency Cybersecurity researchers have indicated the Python Python Package (Pypi) malicious Python library, which facilitates an unauthorized download of music from Music Streaming Service Deezer. In this package – Automslc, which is now loaded more than 104,000 times. For the first time published in May 2019, this Remains are available on Pypi from writing. “Although the Automslc that was downloaded More than 100,000 times supposed to offer musical automation and search metadata, it is hidden bypassing Deezer’s access restrictions, built up hard credentials and talking to the external team server and control (C2), “Socket…
The script (XSS) vulnerability in a virtual excursion was armed with angry actors to introduce malicious scenarios on hundreds of sites for the purpose of manipulating search results and faring the company advertising campaign. Safety Researcher Oleg Zaitsev in a report that is shared with Hacker News, said the company was named 360xss – More than 350 websites are affected, including state portals, US state -owned sites, US universities, large hotel networks, newsletters, car shows and several Fortune 500 companies. “It wasn’t just spam -operation,” – the researcher – Note. “It was an industrial abuse of trusted domains.” All these…
February 26, 2025Red LakshmananNetwork Security / Intelligence Threat On Tuesday, an emergency response group (Cert-Ua) warned an updated activity of an organized criminal group that it tracks both UAC-0173 Endkrat (AKA Darkcrystal rat). The Ukrainian cybersecurity administration stated that it had observed the last wave of the attack since mid -January 2025. The infection network uses phishing sheets to be sent on behalf of the Ministry of Justice of Ukraine, urging the recipients to download the executable file, which when launch leads to the deployment of malicious DCRAT software. Binary placed in R2 Cloudflare’s R2 Cloud storage service. “So, by…
February 26, 2025Hacker NewsPerson Protection / Password Security Passwords are rarely evaluated until safety violation; Suffice it to say that the importance of a strong password becomes clear only when colliding with the consequences of the weak. However, most end users do not know how vulnerable their passwords are to the most common password cutting methods. Below are three common password hacking methods and how to protect them. A rough force attack Bruth attacks are simple but highly effective methods of hacking passwords. These attacks include malicious subjects that use automated tools to systematically attempt each possible password combination through…