Recent Surge in Memcached-Based DDoS Attacks Targets Major Online Services A new report indicates a dramatic rise in cyber attacks leveraging Memcached reflections, sparking concern across the cybersecurity community. In just ten days, nearly 15,000 attacks have targeted 7,131 unique online entities, marking one of the largest spikes in DDoS…
Kaspersky researchers have uncovered a sophisticated advanced persistent threat (APT) group that has remained under the radar since at least 2012, using complex techniques that have allowed them to execute extensive cyber intrusions. This group has leveraged a sophisticated malware variant known as **Slingshot**, which has reportedly compromised hundreds of…
New Cybersecurity Vulnerability Discovered in MOVEit Transfer Application Progress Software announced on Thursday that a newly identified security vulnerability, tracked as CVE-2023-35708, affects its MOVEit Transfer application. This revelation comes amidst ongoing cyber extortion efforts by the Cl0p ransomware group, targeting various companies utilizing this application. The vulnerability presents an…
On Wednesday, Apple announced a comprehensive series of updates for its iOS, iPadOS, macOS, watchOS, and Safari browser, addressing vulnerabilities that were stated to be actively exploited in the wild. Among these updates are two critical zero-day flaws involved in a mobile surveillance effort dubbed Operation Triangulation, which has been…
A new report has unveiled a previously undocumented malware variant, named EarlyRat, which has been utilized by the North Korean-aligned threat actor known as Andariel in targeted phishing campaigns. This addition enhances Andariel’s already diverse toolkit, marking a notable shift in their operational capabilities. Kaspersky’s latest findings reveal that Andariel…
Recent findings from cybersecurity firm Mandiant reveal significant zero-day vulnerabilities in Windows Installers associated with Atera’s remote monitoring and management software. These vulnerabilities could potentially be exploited to initiate privilege escalation attacks against affected systems. Identified on February 28, 2023, these vulnerabilities have been allocated the identifiers CVE-2023-26077 and CVE-2023-26078.…
Recent developments reveal a significant cyber breach affecting ASUS customers, attributed to a sophisticated supply chain attack. Kaspersky, a Russian cybersecurity company, disclosed parts of this incident last week, though it withheld the complete list of hardcoded MAC addresses embedded in the malicious code targeting specific users. In lieu of…
A recent phishing campaign has surfaced, utilizing a Russian-language Microsoft Word document as a vehicle for deploying malware designed to extract sensitive data from compromised Windows systems. This attack has been linked to a threat actor known as Konni, which exhibits connections to the North Korean cyber espionage group identified…
A former contractor for the U.S. National Security Agency (NSA), Nghia Hoang Pho, has pleaded guilty to unlawfully taking classified documents home, which were subsequently compromised by Russian hackers. This incident has reignited concerns over data security within sensitive government operations. According to a statement from the U.S. Justice Department,…
