A recently discovered Python script has been flagged as a potential cybersecurity threat due to its use of a clever anti-analysis trick. This script, which has a low detection rate on VirusTotal (4/59), uses the tkinter library to create a…
Tag: Cyber Security News
Elon Musk’s DOGE Website Database Vulnerability Let Anyone Make Entries Directly
A website launched by Elon Musk’s Department of Government Efficiency (DOGE) has been found to have a significant security vulnerability, allowing unauthorized users to directly modify its content. The vulnerability discovered by two web development experts arises from the website’s…
Lazarus Group Infostealer Malwares Attacking Developers In New Campaign
The notorious Lazarus Group, a North Korean Advanced Persistent Threat (APT) group, has been linked to a sophisticated campaign targeting software developers. This campaign involves the use of infostealer malware, designed to steal sensitive information from developers’ systems. The attack…
XELERA Ransomware Attacking Job Seekers With Weaponized Word Documents
Job seekers have become the target of a sophisticated ransomware campaign in a recent cybersecurity threat, and this campaign dubbed as “XELERA.” This campaign uses fake job offers from the Food Corporation of India (FCI) to lure victims into opening…
Lazarus Group Using New Malware Tactic To Attack Developers Globally
The notorious Lazarus Group in a recent escalation of cyber threats linked to North Korea, has unveiled a sophisticated new tactic to target developers worldwide. This campaign, dubbed “Operation Marstech Mayhem,” involves the deployment of an advanced malware implant known…
EarthKapre APT Drops Weaponized PDF to Compromise Windows Systems
A highly sophisticated cyber espionage group known as EarthKapre, also referred to as RedCurl, has been identified targeting private-sector organizations, particularly those in the Law Firms & Legal Services industry. The eSentire Threat Response Unit (TRU) uncovered the group’s recent…
North Korean IT Workers Infiltrate International Companies To Plant Backdoors on Systems
North Korean IT workers have been infiltrating international companies by securing remote positions under false identities. This tactic not only violates international sanctions but also poses significant cybersecurity risks, including data theft and the installation of backdoors on compromised systems.…
Apache Fineract SQL Injection Vulnerability Let Inject Malicious Data
A critical SQL injection vulnerability has been identified in Apache Fineract, an open-source core banking software widely used for financial services. This flaw, tracked as CVE-2024-32838, affects versions 1.4 through 1.9 and has been classified as important, with a CVSS…
NVIDIA Container Toolkit Vulnerability Let Attackers Execute Code
NVIDIA has released a security update to address a critical vulnerability in its NVIDIA Container Toolkit and NVIDIA GPU Operator, which could allow attackers to execute arbitrary code, escalate privileges, and gain access to the host file system. This vulnerability…
CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) has released twenty new Industrial Control Systems (ICS) advisories, aimed at addressing critical vulnerabilities in industrial systems. The advisories cover a wide range of ICS products from prominent vendors such as Siemens, ORing,…