Emerging HanGhost Loader Malware Targets Corporate Finance and Operations A new malware campaign centered around the HanGhost loader is making waves, specifically targeting corporate environments. This malicious initiative primarily aims at employees involved in payment processing, logistics, and contract management. With a stealthy approach designed to evade detection, HanGhost seeks…
Date: Sep 01, 2025
Category: Cybersecurity News / Hacking
In the evolving landscape of cybersecurity, threats often stem from interconnected vulnerabilities rather than isolated attacks. A single overlooked update or misused account can lead to significant breaches. This week’s updates illustrate how attackers are merging tactics, leveraging stolen access, unpatched software, and innovative methods to escalate from minor entry points to major risks. For security professionals, the takeaway is clear: the real threat often lies in the interplay of various small vulnerabilities rather than a single, major flaw.
WhatsApp Addresses Actively Exploited Vulnerability — WhatsApp has patched a security issue affecting its messaging applications for Apple iOS and macOS, which appears to have been exploited alongside a recently reported Apple flaw in targeted zero-day attacks. The vulnerability, identified as CVE-2025-55177, involves inadequate authorization for linked device synchronization messages. The Meta-owned company…
Weekly Cybersecurity Recap: WhatsApp Exploit, Docker Vulnerability, Salesforce Breach, and More In today’s interconnected digital landscape, cybersecurity incidents are increasingly characterized by a complex web of vulnerabilities rather than isolated threats. Recent events underscore the necessity for vigilance; a single overlooked update or compromised account can create a precarious situation,…
Date: Sep 01, 2025
Category: Cybersecurity News / Hacking
In the evolving landscape of cybersecurity, threats often stem from interconnected vulnerabilities rather than isolated attacks. A single overlooked update or misused account can lead to significant breaches. This week’s updates illustrate how attackers are merging tactics, leveraging stolen access, unpatched software, and innovative methods to escalate from minor entry points to major risks. For security professionals, the takeaway is clear: the real threat often lies in the interplay of various small vulnerabilities rather than a single, major flaw.
WhatsApp Addresses Actively Exploited Vulnerability — WhatsApp has patched a security issue affecting its messaging applications for Apple iOS and macOS, which appears to have been exploited alongside a recently reported Apple flaw in targeted zero-day attacks. The vulnerability, identified as CVE-2025-55177, involves inadequate authorization for linked device synchronization messages. The Meta-owned company…
Millions of HP, Samsung, and Xerox Printers Vulnerable Due to 16-Year-Old Security Flaw
July 20, 2021
A serious security vulnerability has come to light in a software driver used by HP, Xerox, and Samsung printers, lingering undetected since 2005. Assigned CVE-2021-3438 (CVSS score: 8.8), this issue involves a buffer overflow in the “SSPORT.SYS” print driver installer, which could allow for remote privilege escalation and arbitrary code execution. Hundreds of millions of printers worldwide may be affected, although there is currently no evidence of real-world exploitation. The vulnerability, first identified by SentinelLabs researchers on February 18, 2021, was disclosed in an advisory in May, noting its potential to elevate privileges in certain HP LaserJet and Samsung printer models. Fixes for the impacted devices were made available on May 19, 2021.
Longstanding Security Flaw in Printer Software Puts Millions at Risk On July 20, 2021, cybersecurity experts disclosed a critical vulnerability that has affected millions of printers globally. This issue stems from a software driver utilized by HP, Xerox, and Samsung printers, remaining undetected since its inception in 2005. Designated as…
Millions of HP, Samsung, and Xerox Printers Vulnerable Due to 16-Year-Old Security Flaw
July 20, 2021
A serious security vulnerability has come to light in a software driver used by HP, Xerox, and Samsung printers, lingering undetected since 2005. Assigned CVE-2021-3438 (CVSS score: 8.8), this issue involves a buffer overflow in the “SSPORT.SYS” print driver installer, which could allow for remote privilege escalation and arbitrary code execution. Hundreds of millions of printers worldwide may be affected, although there is currently no evidence of real-world exploitation. The vulnerability, first identified by SentinelLabs researchers on February 18, 2021, was disclosed in an advisory in May, noting its potential to elevate privileges in certain HP LaserJet and Samsung printer models. Fixes for the impacted devices were made available on May 19, 2021.
U.S. Defense Officials at Risk of Cyber Espionage Through Social Media Platforms
May 16, 2013
Recently, I undertook a fascinating study on the role of social media in the military sector. The widespread adoption of these platforms makes them extremely appealing to governments and intelligence agencies. Social media has significant potential for exploitation in critical areas, including military and defense.
Modern social networks are extensively utilized by various governments, with the U.S., China, and Russia leading the way. Additionally, emerging cyber powers like Iran and North Korea are increasingly interested in utilizing these platforms.
Governments primarily use social media for purposes such as Psychological Operations (PsyOps), Open Source Intelligence (OSINT), cyber espionage, and offensive strategies.
On May 10th, the Illinois Air National Guard’s 183rd Fighter Wing issued a notice in their monthly Falcon View newsletter, highlighting the risks associated with social networking sites.
Potential Cyber Espionage Threats Targeting U.S. Department of Defense Officials via Social Media May 16, 2013 Recent investigations have highlighted an alarming trend in the military sector: U.S. Department of Defense officials are increasingly at risk of cyber espionage facilitated through social networking platforms. Given the extensive use of social…
U.S. Defense Officials at Risk of Cyber Espionage Through Social Media Platforms
May 16, 2013
Recently, I undertook a fascinating study on the role of social media in the military sector. The widespread adoption of these platforms makes them extremely appealing to governments and intelligence agencies. Social media has significant potential for exploitation in critical areas, including military and defense.
Modern social networks are extensively utilized by various governments, with the U.S., China, and Russia leading the way. Additionally, emerging cyber powers like Iran and North Korea are increasingly interested in utilizing these platforms.
Governments primarily use social media for purposes such as Psychological Operations (PsyOps), Open Source Intelligence (OSINT), cyber espionage, and offensive strategies.
On May 10th, the Illinois Air National Guard’s 183rd Fighter Wing issued a notice in their monthly Falcon View newsletter, highlighting the risks associated with social networking sites.
Security Flaw Discovered in TotalRecall Could Compromise User Data Recent findings by security researcher Alex Hagenah have exposed a critical vulnerability in Microsoft’s TotalRecall application, highlighting potential risks in user data protection. According to Hagenah, while the security surrounding the Recall database itself is robust, the process that handles data…
Date: September 2, 2025
Categories: Financial Fraud / Endpoint Protection
The threat actor known as Silver Fox has been linked to the exploitation of a previously undetected vulnerable driver associated with WatchDog Anti-malware. This attack, classified as a Bring Your Own Vulnerable Driver (BYOVD) incident, aims to neutralize security solutions on compromised systems.
The specific driver involved, “amsdk.sys” (version 1.0.600), is a 64-bit, validly signed Windows kernel device driver believed to be based on the Zemana Anti-Malware SDK. According to an analysis by Check Point, “This driver, created using the Zemana Anti-Malware SDK, was Microsoft-signed, not included in the Microsoft Vulnerable Driver Blocklist, and evaded detection by community initiatives such as LOLDrivers.”
The attack employs a dual-driver approach, utilizing a known vulnerable Zemana driver (“zam.exe”) for Windows 7 systems, while leveraging the undetected WatchDog driver for Windows 10 and 11 environments. The WatchDog Anti-malware driver has been identified as containing multiple vulnerabilities.
Silver Fox Exploits Microsoft-Signed WatchDog Driver for ValleyRAT Malware Deployment In a concerning development within the cybersecurity landscape, the threat actor operating under the alias Silver Fox has been linked to the exploitation of an undisclosed vulnerable driver associated with WatchDog Anti-malware. This activity represents a sophisticated Bring Your Own…
Date: September 2, 2025
Categories: Financial Fraud / Endpoint Protection
The threat actor known as Silver Fox has been linked to the exploitation of a previously undetected vulnerable driver associated with WatchDog Anti-malware. This attack, classified as a Bring Your Own Vulnerable Driver (BYOVD) incident, aims to neutralize security solutions on compromised systems.
The specific driver involved, “amsdk.sys” (version 1.0.600), is a 64-bit, validly signed Windows kernel device driver believed to be based on the Zemana Anti-Malware SDK. According to an analysis by Check Point, “This driver, created using the Zemana Anti-Malware SDK, was Microsoft-signed, not included in the Microsoft Vulnerable Driver Blocklist, and evaded detection by community initiatives such as LOLDrivers.”
The attack employs a dual-driver approach, utilizing a known vulnerable Zemana driver (“zam.exe”) for Windows 7 systems, while leveraging the undetected WatchDog driver for Windows 10 and 11 environments. The WatchDog Anti-malware driver has been identified as containing multiple vulnerabilities.
July 21, 2021
Recent findings have uncovered a local privilege escalation vulnerability in Microsoft’s Windows 10 and the soon-to-be-released Windows 11, enabling users with limited permissions to access critical system files. This loophole, referred to as “SeriousSAM,” allows unauthorized individuals to potentially reveal the operating system installation password and decrypt private keys.
According to a vulnerability note from the CERT Coordination Center (CERT/CC), since Windows 10 build 1809, non-administrative users have had access to the SAM, SYSTEM, and SECURITY registry hive files, which could lead to local privilege escalation (LPE). The affected operating system configuration files include:
c:\Windows\System32\config\samc:\Windows\System32\config\systemc:\Windows\System32\config\securityMicrosoft, which has assigned the identifier CVE-2021-36934 to this vulnerability, has acknowledged the issue but has not yet released a patch.
New Windows and Linux Vulnerabilities Grant Attackers Elevated System Privileges July 21, 2021 Recent discoveries have unveiled significant local privilege escalation vulnerabilities affecting Microsoft’s Windows 10 and the soon-to-be-released Windows 11. These flaws allow users with limited permissions to gain access to critical system files, creating avenues for attackers to…
July 21, 2021
Recent findings have uncovered a local privilege escalation vulnerability in Microsoft’s Windows 10 and the soon-to-be-released Windows 11, enabling users with limited permissions to access critical system files. This loophole, referred to as “SeriousSAM,” allows unauthorized individuals to potentially reveal the operating system installation password and decrypt private keys.
According to a vulnerability note from the CERT Coordination Center (CERT/CC), since Windows 10 build 1809, non-administrative users have had access to the SAM, SYSTEM, and SECURITY registry hive files, which could lead to local privilege escalation (LPE). The affected operating system configuration files include:
c:\Windows\System32\config\samc:\Windows\System32\config\systemc:\Windows\System32\config\securityMicrosoft, which has assigned the identifier CVE-2021-36934 to this vulnerability, has acknowledged the issue but has not yet released a patch.
Significant Cyber Espionage Campaign Targeting Pakistan Linked to India
May 20, 2013
Cybersecurity researchers have uncovered a series of information-stealing malware attacks aimed at Pakistan that are believed to originate from India. Norman Shark, a leader in malware analysis solutions for enterprises, service providers, and government agencies, has released a report detailing a complex cyber-attack infrastructure traced back to India.
This ongoing campaign, attributed to private threat actors over three years, shows no direct evidence of state involvement. The primary aim of the extensive command-and-control network appears to be intelligence gathering from both national security targets and private sector companies.
Attackers exploited vulnerabilities in Microsoft software, deploying malware known as HangOver onto their targets, the majority of which were located in Pakistan. A total of 511 infections related to this campaign have been identified. HangOver is capable of installing keyloggers and capturing screenshots, among other functionalities.
Significant Cyber Espionage Campaign Targeting Pakistan Linked to India May 20, 2013 Cybersecurity experts have uncovered a sophisticated family of malware designed for information theft, predominantly targeting Pakistan, and traced its origins to India. In a comprehensive report released by Norman Shark, a global leader in malware analysis for enterprises,…
Significant Cyber Espionage Campaign Targeting Pakistan Linked to India
May 20, 2013
Cybersecurity researchers have uncovered a series of information-stealing malware attacks aimed at Pakistan that are believed to originate from India. Norman Shark, a leader in malware analysis solutions for enterprises, service providers, and government agencies, has released a report detailing a complex cyber-attack infrastructure traced back to India.
This ongoing campaign, attributed to private threat actors over three years, shows no direct evidence of state involvement. The primary aim of the extensive command-and-control network appears to be intelligence gathering from both national security targets and private sector companies.
Attackers exploited vulnerabilities in Microsoft software, deploying malware known as HangOver onto their targets, the majority of which were located in Pakistan. A total of 511 infections related to this campaign have been identified. HangOver is capable of installing keyloggers and capturing screenshots, among other functionalities.
OpenAI Unveils Cybersecurity Strategy and GPT-5.4-Cyber Model Amid Industry Developments OpenAI announced an important development in its cybersecurity strategy on Tuesday with the introduction of GPT-5.4-Cyber, a model tailored for digital security professionals. This launch arrives shortly after competitor Anthropic disclosed the limited private release of its new Claude Mythos…