FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

Perfecting the Defense-in-Depth Strategy with Automation

By: The Hacker News
Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart β€” a multi-layered approach with strategic redundancy and a blend of passive and active security

Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs

By: Newsroom
Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it's currently beginning to notify them. The development comes a day after Hewlett Packard Enterprise (HPE) revealed that it had been the victim of an attack perpetrated by a hacking crew

Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024

By: The Hacker News
The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform's surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team. Discover the full scope of digital threats in the Axur Report 2023/2024. Overview

New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits

By: Newsroom
A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation. Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader's icon and name masquerades as the legitimate CherryTree note-taking application to dupe potential victims

Kasseika Ransomware Using BYOVD Trick to Disarm Security Pre-Encryption

By: Newsroom
The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. The tactic allows "threat actors to terminate antivirus processes and services for the deployment of ransomware," Trend

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits

By: Newsroom
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. The development arrives as the vulnerabilities β€“ an authentication bypass

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack

By: Newsroom
Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments. The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as Midnight Blizzard (formerly

Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts

By: Newsroom
High-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K., and the U.S. have been targeted by an Iranian cyber espionage group called Mint Sandstorm since November 2023. The threat actor "used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files," the

Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials

By: Newsroom
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the AndroxGh0st malware are creating a botnet for "victim identification and exploitation in target networks." A Python-based malware, AndroxGh0st was first documented by Lacework in December 2022, with the malware

Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims

By: Newsroom
The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 and 2023. The scheme β€œleveraged high-quality phishing pages to lure unsuspecting users into connecting their cryptocurrency wallets with the attackers’ infrastructure that spoofed Web3 protocols to trick victims into authorizing transactions,”

Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

By: Newsroom
Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. β€œPhemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord,” Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun said. β€œIt also

Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families

By: Newsroom
As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023. "These families allow the threat actors to circumvent authentication and provide backdoor access to these devices," Mandiant said in an

Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO

By: The Hacker News
Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just a luxury but a necessity. In this context, Mike Tyson's famous adage, "Everyone has a plan until they get punched in

Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload

By: Newsroom
Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection rules,"

Mandiant's X Account Was Hacked Using Brute-Force Attack

By: Newsroom
The compromise of Mandiant's X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to a drainer-as-a-service (DaaS) group. "Normally, [two-factor authentication] would have mitigated this, but due to some team transitions and a change in X's 2FA policy, we were not adequately protected," the threat intelligence firm said 

Free Decryptor Released for Black Basta and Babuk's Tortilla Ransomware Victims

By: Newsroom
A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest the threat actor behind the operations. The encryption key has also been shared with Avast,

CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack

By: Newsroom
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.

Alert: Water Curupira Hackers Actively Distributing PikaBot Loader Malware

By: Newsroom
A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. β€œPikaBot’s operators ran phishing campaigns, targeting victims via its two components β€” a loader and a core module β€” which enabled unauthorized remote access and allowed the execution of arbitrary commands through an established connection with

Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy

By: The Hacker News
Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, β€œonly 59% of organizations say their cybersecurity strategy has changed over the past two years.” This stagnation in strategy adaptation can be traced back to several key issues. Talent Retention Challenges: The cybersecurity field is rapidly advancing, requiring a

The Definitive Enterprise Browser Buyer's Guide

By: The Hacker News
Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore,

New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections

By: Newsroom
Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11. The approach "leverages executables commonly found in the trusted WinSxS folder and exploits them via the classic DLL

Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks

By: Newsroom
Nation-state actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines. South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky. β€œA notable point about attacks that

Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities

By: Newsroom
Indian government entities and the defense sector have been targeted by a phishing campaign that's engineered to drop Rust-based malware for intelligence gathering. The activity, first detected in October 2023, has been codenamed Operation RusticWeb by enterprise security firm SEQRITE. "New Rust-based payloads and encrypted PowerShell commands have been utilized to exfiltrate

Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector

By: Newsroom
Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach Sandstorm (formerly Holmium), which is also known as APT33, Elfin, and Refined Kitten. "

Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication

By: Newsroom
Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. "Representing a restructured and enhanced iteration of its predecessor, this evolved Chameleon variant excels in executing Device Takeover (DTO) using the accessibility service, all while expanding its targeted region,

Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware

By: Newsroom
Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.8), a memory corruption vulnerability in Office's

Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts

By: The Hacker News
Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. "Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive, and Discord to host second stage malware and sidestep detection tools," ReversingLabs researcher Karlo Zanki&nbsp

8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware

By: Newsroom
The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers. "This vulnerability allows remote authenticated

Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide

By: Newsroom
The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. "Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations in North

Top 7 Trends Shaping SaaS Security in 2024

By: The Hacker News
Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of their software in the cloud.  These applications contain a wealth of data, from minimally sensitive general

Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges

By: Newsroom
The developers of the information stealer malware known as Rhadamanthys are actively iterating on its features, broadening its information-gathering capabilities and also incorporating a plugin system to make it more customizable. This approach not only transforms it into a threat capable of delivering "specific distributor needs," but also makes it more potent, Check Point said&

CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats

By: Newsroom
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging manufacturers to get rid of default passwords on internet-exposed systems altogether, citing severe risks that could be exploited by malicious actors to gain initial access to, and move laterally within, organizations. In an alert published last week, the agency called out Iranian threat actors affiliated with

New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks

By: Newsroom
A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen Technologies, the malicious network is an amalgamation of two complementary activity

Reimagining Network Pentesting With Automation

By: The Hacker News
Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. Yet, business leaders and IT pros have misconceptions about this process, which impacts their security posture and decision-making.  This blog acts as a quick guide on network penetration testing, explaining what it is, debunking common myths and reimagining its role in

New Pierogi++ Malware by Gaza Cyber Gang Targeting Palestinian Entities

By: Newsroom
A pro-Hamas threat actor known as Gaza Cyber Gang is targeting Palestinian entities using an updated version of a backdoor dubbed Pierogi. The findings come from SentinelOne, which has given the malware the name Pierogi++ owing to the fact that it's implemented in the C++ programming language unlike its Delphi- and Pascal-based predecessor. "Recent Gaza Cybergang activities show

Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders

By: Newsroom
The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company ESET. The attacks also involved the use of an updated version of a known OilRig downloader

Reimagining Network Pentesting With Automation

By: The Hacker News
Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. Yet, business leaders and IT pros have misconceptions about this process, which impacts their security posture and decision-making.  This blog acts as a quick guide on network penetration testing, explaining what it is, debunking common myths and reimagining its role in

Microsoft Takes Legal Action to Crack Down on Storm-1152's Cybercrime Network

By: Newsroom
Microsoft on Wednesday said it obtained a court order to seize infrastructure set up by a group called Storm-1152 that peddled roughly 750 million fraudulent Microsoft accounts and tools through a network of bogus websites and social media pages to other criminal actors, netting the operators millions of dollars in illicit revenue. "Fraudulent online accounts act as the gateway to a host of

BazaCall Phishing Scammers Now Leveraging Google Forms for Deception

By: Newsroom
The threat actors behind the BazaCall call back phishing attacks have been observed leveraging Google Forms to lend the scheme a veneer of credibility. The method is an "attempt to elevate the perceived authenticity of the initial malicious emails," cybersecurity firm Abnormal Security said in a report published today. BazaCall (aka BazarCall), which was first

How to Analyze Malware’s Network Traffic in A Sandbox

By: The Hacker News
Malware analysis encompasses a broad range of activities, including examining the malware's network traffic. To be effective at it, it's crucial to understand the common challenges and how to overcome them. Here are three prevalent issues you may encounter and the tools you'll need to address them. Decrypting HTTPS traffic Hypertext Transfer Protocol Secure (HTTPS), the protocol for secure

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing

By: Newsroom
Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. "Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity," the Microsoft Threat Intelligence team said in an

New MrAnon Stealer Malware Targeting German Users via Booking-Themed Scam

By: Newsroom
A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures. "This malware is a Python-based information stealer compressed with cx-Freeze to evade detection," Fortinet FortiGuard Labs researcher Cara Lin said. "MrAnon Stealer steals its victims' credentials, system

Researchers Unmask Sandman APT's Hidden Link to China-Based KEYPLUG Backdoor

By: Newsroom
Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that's known to use a backdoor referred to as KEYPLUG. The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that the adversary's Lua-based malware LuaDream and KEYPLUG have

Playbook: Your First 100 Days as a vCISO - 5 Steps to Success

By: The Hacker News
In an increasingly digital world, no organization is spared from cyber threats. Yet, not every organization has the luxury of hiring a full-time, in-house CISO. This gap in cybersecurity leadership is where you, as a vCISO, come in. You are the person who will establish, develop, and solidify the organization's cybersecurity infrastructure, blending strategic guidance with actionable

Douglas-042 - Powershell Script To Help Speed ​​Up Threat Hunting Incident Response Processes

By: Zion3R


DOUGLAS-042 stands as an ingenious embodiment of a PowerShell script meticulously designed to expedite the triage process and facilitate the meticulous collection of crucial evidence derived from both forensic artifacts and the ephemeral landscape of volatile data. Its fundamental mission revolves around providing indispensable aid in the arduous task of pinpointing potential security breaches within Windows ecosystems. With an overarching focus on expediency, DOUGLAS-042 orchestrates the efficient prioritization and methodical aggregation of data, ensuring that no vital piece of information eludes scrutiny when investigating a possible compromise. As a testament to its organized approach, the amalgamated data finds its sanctuary within the confines of a meticulously named text file, bearing the nomenclature of the host system's very own hostname. This practice of meticulous data archival emerges not just as a systematic convention, but as a cornerstone that paves the way for seamless transitions into subsequent stages of the Forensic journey.


Content Queries

  • General information
  • Accountand group information
  • Network
  • Process Information
  • OS Build and HOTFIXE
  • Persistence
  • HARDWARE Information
  • Encryption information
  • FIREWALL INFORMATION
  • Services
  • History
  • SMB Queries
  • Remoting queries
  • REGISTRY Analysis
  • LOG queries
  • Instllation of Software
  • User activity

Advanced Queries

  • Prefetch file information
  • DLL List
  • WMI filters and consumers
  • Named pipes

Usage

Using administrative privileges, just run the script from a PowerShell console, then the results will be saved in the directory as a txt file.

$ PS >./douglas.ps1

Advance usage

$ PS >./douglas.ps1 -a


Video




N. Korea's Kimsuky Targeting South Korean Research Institutes with Backdoor Attacks

By: Newsroom
The North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors on compromised systems. "The threat actor ultimately uses a backdoor to steal information and execute commands," the AhnLab Security Emergency Response Center (ASEC) said in an

Ransomware-as-a-Service: The Growing Threat You Can't Ignore

By: The Hacker News
Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This alarming development has transformed the cybercrime landscape, enabling individuals with limited technical expertise to carry out devastating attacks.

Microsoft Warns of COLDRIVER's Evolving Evasion and Credential-Stealing Tactics

By: The Hacker News
The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities. The Microsoft Threat Intelligence team is tracking under the cluster as Star Blizzard (formerly SEABORGIUM). It's also called Blue Callisto, BlueCharlie (or TAG-53),

Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defense'

By: The Hacker News
Humans are complex beings with consciousness, emotions, and the capacity to act based on thoughts. In the ever-evolving realm of cybersecurity, humans consistently remain primary targets for attackers. Over the years, these attackers have developed their expertise in exploiting various human qualities, sharpening their skills to manipulate biases and emotional triggers with the objective of

Building a Robust Threat Intelligence with Wazuh

By: The Hacker News
Threat intelligence refers to gathering, processing, and analyzing cyber threats, along with proactive defensive measures aimed at strengthening security. It enables organizations to gain a comprehensive insight into historical, present, and anticipated threats, providing context about the constantly evolving threat landscape. Importance of threat intelligence in the cybersecurity ecosystem

Sierra:21 - Flaws in Sierra Wireless Routers Expose Critical Sectors to Cyber Attacks

By: Newsroom
A collection of 21 security flaws have been discovered in Sierra Wireless AirLink cellular routers and open-source software components like TinyXML and OpenNDS. Collectively tracked as Sierra:21, the issues expose over 86,000 devices across critical sectors like energy, healthcare, waste management, retail, emergency services, and vehicle tracking to cyber threats, according

Scaling Security Operations with Automation

By: The Hacker News
In an increasingly complex and fast-paced digital landscape, organizations strive to protect themselves from various security threats. However, limited resources often hinder security teams when combatting these threats, making it difficult to keep up with the growing number of security incidents and alerts. Implementing automation throughout security operations helps security teams alleviate

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

By: Newsroom
New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.8)

Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats

By: The Hacker News
The U.S. Department of Justice (DOJ) and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting this long-running threat, concerns have arisen as it appears that Qakbot may still pose a danger in a reduced form. This article discusses the aftermath of the takedown, provides mitigation

Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan

By: Newsroom
A suspected Chinese-speaking threat actor has been attributed to a malicious campaign that targets the Uzbekistan Ministry of Foreign Affairs and South Korean users with a remote access trojan called SugarGh0st RAT. The activity, which commenced no later than August 2023, leverages two different infection sequences to deliver the malware, which is a customized variant of Gh0st RAT&nbsp

Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks

By: The Hacker News
The most recent Gcore Radar report and its aftermath have highlighted a dramatic increase in DDoS attacks across multiple industries. At the beginning of 2023, the average strength of attacks reached 800 Gbps, but now, even a peak as high as 1.5+ Tbps is unsurprising. To try and break through Gcore’s defenses, perpetrators made two attempts with two different strategies.

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

By: Newsroom
Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are described below - CVE-2023-42916 - An out-of-bounds read issue that could be exploited to

7 Uses for Generative AI to Enhance Security Operations

By: The Hacker News
Welcome to a world where Generative AI revolutionizes the field of cybersecurity. Generative AI refers to the use of artificial intelligence (AI) techniques to generate or create new data, such as images, text, or sounds. It has gained significant attention in recent years due to its ability to generate realistic and diverse outputs. When it comes to security operations, Generative AI can

Discover Why Proactive Web Security Outsmarts Traditional Antivirus Solutions

By: The Hacker News
In a rapidly evolving digital landscape, it's crucial to reevaluate how we secure web environments. Traditional antivirus-approach solutions have their merits, but they're reactive. A new report delves into the reasons for embracing proactive web security solutions, ensuring you stay ahead of emerging threats.  To learn more, download the full report here. The New Paradigm If you’ve

DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software

By: Newsroom
A variant of a ransomware strain known as DJVU has been observed to be distributed in the form of cracked software. "While this attack pattern is not new, incidents involving a DJVU variant that appends the .xaro extension to affected files and demanding ransom for a decryptor have been observed infecting systems alongside a host of various commodity loaders and infostealers," Cybereason
❌