Sekoia.io and Intrinsec analyzed the Quad7 (7777) botnet, which uses TCP port 7777 on infected routers to carry out brute-force attacks on Microsoft 365 accounts. Attacks were detected on 0.11% of monitored accounts. Key insights highlighted by researchers: Botnet Evolution: Quad7 has been active for a long time and continues …

A threat actor has announced a new DDoS tool called Cliver, which offers strong attack methods for disrupting web services, including HTTP/2 and TLS floods, Cloudflare bypass, and browser emulation for bypassing CAPTCHA. The threat actor shared more information in a FAQ section. Cliver is a strong Layer 7 (L7) …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The vulnerabilities are listed below – CVE-2012-4792 (CVSS score: 9.3) – Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.3) – Twilio Authy Information Disclosure …

CISCO fixed a vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem). The vulnerability could allow an attacker without authentication to change the password of any user, even administrative users. The problem is caused by not implementing the password-change process correctly. An attacker could take advantage …

Malyasian National Cyber Security Agency (Nacsa) is investigating a possible data breach that exposed the data of four million U Mobile subscribers. The data, which claimed to contain personal information like names, addresses, MyKad numbers, andThe data, which may include personal information like names, addresses, MyKad numbers, and mobile phone …

APT17 has recently been seen attacking Italian companies and government organizations. They are using a modified version of a well-known malware called 9002 RAT. Two targeted attacks occurred on June 24 and July 2, 2024, according to an analysis by Italian cybersecurity company TG Soft published last week. “The first …

Ivanti fixed a SQL Injection vulnerability in its Endpoint Management software. This vulnerability, designated as CVE-2024-37381, could have allowed authenticated attackers on the same network to run any code on affected systems. The EPM software is used in many industries to manage different device platforms such as Windows, macOS, Chrome …

The Indian Computer Emergency Response Team (CERT-In) has warned Adobe users about a high-risk cybersecurity issue. Adobe recently found serious security problems in various versions of their software, including Adobe Premiere Pro, Adobe InDesign, and Adobe Bridge. CERT-In classifies the vulnerabilities as “HIGH” severity and advises users to act quickly …

Kaspersky is offering free security products and safety tips for six months to consumers in the United States. The company decided to close its business and lay off employees in the U.S. after the U.S. government added Kaspersky to the Entity List, a catalog of “foreign individuals, companies, and organizations …

A massive cyber heist has hit at India’s Nainital Bank’s Noida branch, where over ₹16 crore was stolen after hackers accessed the servers and transferred the money to 89 different accounts. Cybercriminals hacked the bank’s RTGS channel by stealing the manager’s login details and stole ₹16.5 crore from June 16 …