Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: Remote attackers gain control of the infected systemsSeverity Level: Critical FortiGuard Labs recently identified the use of a Russian-language Word document equipped with a malicious macro in the ongoing Konni campaign. Despite the document’s creation date of September, ongoing activity on the campaign’s C2 server is evident in […]
The official Twitter account for Bloomberg Crypto was hacked and used to redirect users to a phishing website. The hackers created a fake Bloomberg Discord server and prompted visitors to verify their accounts through a deceptive link.
Users are advised to avoid exposing Azure CLI output in logs, regularly rotate keys and secrets, and review best practices for securing Azure Pipelines and GitHub Actions to prevent accidental exposure of sensitive information.
Certain devices’ SSH connections can be snooped on, allowing attackers to impersonate the equipment and observe users’ login details and activities. The vulnerability is caused by errors in signature generation.
When users click on the ad, they are redirected to a fake Windows news site, where they are prompted to download a digitally signed CPU-Z installer. This installer contains a malicious PowerShell script known as the ‘FakeBat’ malware loader.
Signal is testing a new feature that allows users to conceal their phone numbers by using public usernames. The feature is currently being tested in a separate staging environment and users can access it by installing pre-beta builds.
Royal Mail jeopardizes users with open redirect flaw Pierluigi Paganini November 08, 2023 Royal Mail has left an open redirect vulnerability on one of its sites, exposing its customers to phishing attacks and malware infections. The centuries-old Royal Mail is the largest courier company in the UK, boasting twice the market share of Amazon. The […]
These policies will also require MFA for per-user MFA users for all cloud apps and for high-risk sign-ins. The policies will be gradually added to eligible Microsoft tenants, and administrators will have 90 days to review and enable them.
The fake Ledger Live app on the Microsoft Store deceived users into downloading malware, which stole their Bitcoin and Ethereum funds. Hackread.com has been actively following the cryptocurrency space as it has lately been a prominent target of scams and cyberattacks. Hackers are eyeing the crypto industry to steal valuable assets and even NFTs. For […]