The BlackSuit ransomware group gains access through phishing campaigns, RDP, and vulnerability exploits, using tools like Chisel and Mimikatz for communication and credential theft.
Ronin Network was hacked, resulting in the withdrawal of $12 million by “white hat” hackers who returned the stolen funds. The hackers exploited an undocumented vulnerability on the Ronin bridge, withdrawing 4,000 ETH and 2 million USDC.
A security researcher at SafeBreach demonstrated at the Black Hat 2024 conference that two zero-day vulnerabilities can be exploited in downgrade attacks to revert fully updated Windows systems back to older versions, reintroducing vulnerabilities.
The last few years have seen more than a few new categories of security solutions arise in hopes of stemming a never-ending tidal wave of risks. One of these categories is Automated Security Validation (ASV), which provides the attacker’s perspective of exposures and equips security teams to continuously validate exposures, security measures, and remediation at […]
The SEC has closed its investigation into Progress Software’s handling of a zero-day flaw in MOVEit Transfer. Progress Software announced in a recent SEC filing that no enforcement action will be recommended by the Division of Enforcement.
Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions. The vulnerabilities are listed below – CVE-2024-38202 (CVSS score: 7.3) – Windows Update Stack Elevation of Privilege Vulnerability […]
So you want to be able to DJ like a pro, but it’s hard to know where to start, it’s hard to know what to practise, and it’s hard to know if you’re getting better. This proven five-step formula, first popularised in our book Rock The Dancefloor! (which has now reached its second edition and […]
Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information. “The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host […]
Roundcube’s vulnerabilities (CVE-2024-42009, CVE-2024-42008) allow attackers to compromise email accounts easily. The two cross-site scripting flaws could lead to the theft of emails, contacts, and passwords, and the sending of unauthorized emails.