Nov 22, 2023NewsroomAuthentication Security / Windows A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws were discovered by researchers at hardware and software product security and offensive research firm Blackwing Intelligence, who found […]
Estimated reading time: 13 minutes SEQRITE Labs APT-Team has discovered multiple campaigns of APT SideCopy, targeting Indian government and defense entities in the past few months. The threat group is now exploiting the recent WinRAR vulnerability CVE-2023-38831 (See our advisory for more details) to deploy AllaKore RAT, DRat and additional payloads. The compromised domains, used […]
Nov 06, 2023NewsroomCyber Attack / Online Security Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure. The tool, called Google Calendar RAT (GCR), employs Google Calendar Events for C2 using a Gmail account. It was first published to GitHub in June […]
Nov 06, 2023NewsroomCyber Attack / Online Security Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure. The tool, called Google Calendar RAT (GCR), employs Google Calendar Events for C2 using a Gmail account. It was first published to GitHub in June […]
Multiple Czech Republic government websites were disrupted earlier this week due to a denial-of-service (DDoS) attack. The police force and Prague Airport websites were also disrupted as a result of the cyber attack. The sites were down for around two hours on Tuesday, October 24. The website of the Crimea Platform, an international summit taking […]
Software maker Adobe on Tuesday released fixes for at least 13 security vulnerabilities in multiple product lines, warning that critical flaws in Adobe Commerce and Photoshop will require immediate attention. As part of its scheduled batch of Patch Tuesday updates, Adobe documented at least 10 serious flaws in Adobe Commerce and Magento Open Source, a product line […]
The campaign leverages multiple vulnerabilities, including command injection, remote code execution, and arbitrary command execution, to gain control of targeted devices and incorporate them into the botnet.
A previously unknown advanced persistent threat (APT) group used custom malware and multiple publicly available tools to target a number of organizations in the manufacturing, IT, and biomedical sectors in Taiwan. A government agency located in the Pacific Islands, as well as organizations in Vietnam and the U.S., also appear to have been hit as […]
Server and computer hardware giant Supermicro has released updates to address multiple vulnerabilities in Baseboard Management Controllers (BMC) IPMI firmware. The issues (tracked as CVE-2023-40284 to CVE-2023-40290) could allow remote attackers to gain root access to the BMC system, firmware supply chain security firm Binarly, which identified the bugs, explains. A special chip on server […]