F5 releases security advisory for multiple vulnerabilities including K000132893: GRUB2 vulnerability CVE-2022-28733. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may be smaller than the size needed. This issue causes an out-of-bands …
Read More »
2024 strong start
Google’s Mandiant recover its x (twitter) account after hacked
Google’s cybersecurity firm Mandiant get back its x (twitter) account after being taken over by someone sharing links to a cryptocurrency platform. On Wednesday afternoon around 3:30 pm EST, the scammar took the control over mandiant’s x account, renamed it as phantom and tweeted out links to a company called …
Read More »Daily Cybersecurity update, January 03, 2024
The European Central Bank will test 109 banks in Europe for their resilience against cyberattacks using simulated disruptive cyberattacks. Snappfood, an Iranian online food delivery service, reported to suffer a major data breach. The hacker group “irleaks” revealed the breach and said they took 3TB of personal data from millions …
Read More »
Shadowserver report
Nearly 11 million SSH servers vulnerable to Terrapin attacks
Around 11 million SSH servers are at risk from the Terrapin attack, which can compromise the security of certain SSH connections. This constitutes roughly 52% of all scanned samples in the IPv4 and IPv6 space monitored by Shadoserver. The Terrapin attack, created by researchers from Ruhr University Bochum in Germany, …
Read More »
Check now it
CISA Adds Two known Critical Vulnerabilities to Watchlist for 2024
CISA added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog for January 2024 due to evidence of ongoing exploitation. They are the Google Chromium WebRTC Heap Buffer Overflow Vulnerability (CVE-2023-7024) and the Spreadsheet::ParseExcel Remote Code Execution Vulnerability (CVE-2023-7101). In December 2023, Google released an update to fix a vulnerability …
Read More »
European Central Bank (ECB) has announced
ECB to test over 100 European banks cyber resiliency
The European Central Bank (ECB) will test over 100 European banks on their ability to respond to and recover from cyber-attacks. The European Union’s central bank will perform its first cyber resilience stress test on 109 banks under its supervision in 2024. The test will evaluate the banks’ capacity to …
Read More »
Have a quick check
X (twitter) gold accounts flood dark web to sell
Cybercriminals have increased the sale of new or stolen Gold checkmarked accounts from the X/Twitter platform. These accounts are being used by threat actors to share links to malware on the social media site, making it appear as a post from a trusted source. Researchers at CloudSEK in Singapore have …
Read More »
Across 61 countries
29 malware families target 1,800 banking apps worldwide
The research uncovered that 29 malware families targeted 1,800 banking applications across 61 countries last year. In comparison, the 2022 report uncovered 10 prolific malware families targeting 600 banking apps. Traditional banking apps are the main target, with 1,103 compromised apps, accounting for 61% of the total. FinTech and Trading …
Read More »
iOS and macOS vulnerability, CVE-2023-41974
PoC published, $70K bounty to reveal CVE-2023-41974 Flaw
A PoC code has been released for the a serious vulnerability, CVE-2023-41974, on iOS and macOS. This vulnerability can be used to gain full control of a mobile device by exploiting a critical issue in the kernel, giving an application access to run any code with kernel privileges. This discovery …
Read More »Black Basta Ransomware decryptor released
Security researchers have released new tools to help Black Basta ransomware victims recover their files. SR Labs, based in Berlin, recently shared on GitHub that the tools take advantage of a flaw in the encryption algorithm. Basta uses ChaCha to encrypt victim files by XORing with a keystream in 64-byte …
Read More »