Cybersecurity News

Cybersecurity researchers at Proofpoint have uncovered a disturbing trend: cybercriminals are increasingly exploiting Cloudflare Tunnel functionality to distribute malware, particularly Remote Access Trojans (RATs). This development has raised concerns in the cybersecurity community and sparked criticism from Spamhaus regarding Cloudflare’s response to the issue. The Rise of Cloudflare Tunnel Abuse First observed in February 2023, … Read more

In a startling revelation for the cybersecurity community, a vulnerability discovered 18 years ago, dubbed “0.0.0.0 Day,” has resurfaced as a significant threat to popular web browsers. This long-standing flaw allows malicious websites to bypass security measures in Google Chrome, Mozilla Firefox, and Apple Safari, potentially compromising user data and system integrity. Understanding the 0.0.0.0 … Read more

Cybersecurity experts from Infoblox and Eclypsium have raised alarms about a widespread DNS attack known as “Sitting Ducks” or “Ducks Now Sitting” (DNS). This sophisticated attack vector poses a daily threat to over a million domains, with researchers confirming that cybercriminals have already successfully hijacked 35,000 domains using this method. Understanding the Sitting Ducks Attack … Read more

In a significant move to bolster cybersecurity, SAP has released its August 2024 patch set, addressing a total of 17 vulnerabilities across its software suite. The most critical among these is an authentication bypass flaw that could potentially allow remote attackers to completely compromise affected systems. Critical Authentication Bypass Vulnerability in SAP BusinessObjects The authentication … Read more

Microsoft has issued a critical security alert regarding a vulnerability affecting various versions of Office that could potentially expose NTLM hashes to remote attackers. This flaw, identified as CVE-2024-38200, poses a significant risk to organizations and individuals using affected Office products. Understanding the Vulnerability The vulnerability, classified as an information disclosure issue, allows unauthorized access … Read more

In a significant blow to cybercriminal operations, US and German law enforcement agencies have seized the domain of Cryptonator, a popular cryptocurrency wallet platform. The authorities allege that Cryptonator served as a hub for various illicit activities, including ransomware groups, darknet marketplaces, and other illegal services. The Rise and Fall of Cryptonator Launched in 2014, … Read more

In a significant development for digital content security, the popular browser extension Bypass Paywalls Clean (BPC) has been removed from GitHub, along with 3,879 related forks. This action, taken in response to a Digital Millennium Copyright Act (DMCA) complaint, highlights the ongoing tension between content creators and consumers in the digital age. The Rise and … Read more

In a significant move to bolster user privacy, Google is developing a new feature for its Chrome browser on Android devices. This innovation aims to protect sensitive information such as credit card details and passwords during screen sharing or recording sessions, addressing a critical vulnerability in mobile cybersecurity. Understanding the Current Privacy Concern Screen sharing … Read more

Cybersecurity experts have uncovered a new malicious tool called EDRKillShifter, employed by RansomHub ransomware operators to circumvent Endpoint Detection and Response (EDR) solutions. This sophisticated malware utilizes the increasingly prevalent Bring Your Own Vulnerable Driver (BYOVD) attack technique to elevate privileges, disable security measures, and seize control of target systems. Anatomy of EDRKillShifter: A Three-Stage … Read more

In a startling turn of events, the creator of the new infostealer malware Styx Stealer has inadvertently compromised their own computer, leaking sensitive data including client information, profits, nicknames, phone numbers, and email addresses. This incident, uncovered by Check Point analysts, serves as a stark reminder of the importance of robust cybersecurity practices, even for … Read more