North Korean hackers exploit Chrome zero-day to deploy rootkit
North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel…
Author: Cybernoz
The Dumbest Thing In Security: Worst Phishing Test EVER
Employee cybersecurity training programs and phishing tests are usually a good thing for cyber preparedness, but one university went way too far and wound up…
HackerOne’s Commitment to Learning and Development
HackerOne is committed to providing comprehensive learning and development opportunities to fuel our competitive edge and cultivate a highly skilled and deeply motivated workforce. Why…
New Voldemort malware abuses Google Sheets to store stolen data
A new malware campaign is spreading a previously undocumented backdoor named “Voldemort” to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia. As…
Making Progress and Losing Ground
As an industry and a society, we are finally making progress in protecting both our digital and physical identities. The good news is that many…
Seven Deadly Myths of DDoS Protection
Myth (noun). 1. an ancient story or set of stories, especially explaining the early history of a group of people or about natural events and…
Iranian cybercriminals are targeting WhatsApp users in spear phishing campaign
An Iranian state-sponsored group often referred to as Iran’s Islamic Revolutionary Guard Corps (IRGC) is making headlines again this season as Meta disclosed that the…
APT-C-60 Exploits WPS Office Zero-Day
A sophisticated cyberespionage campaign targeting East Asian countries has been uncovered, with the APT-C-60 group exploiting a zero-day vulnerability in WPS Office to deploy the…
Evolution of Attack Surface Management
The Early Days: Basic Asset Management While it was not called ASM, the concept of managing attack surface management began with basic asset management practices…
Iranian Hackers Attacking US Organizations To Deploy Ransomware
As of August 2024, Iran-based cyber actors continue to exploit U.S. and foreign organizations across multiple sectors. The primary sectors targeted are education, finance, healthcare,…
Durex data breach leaks sensitive details of customers
Durex India, a se$ual wellness brand that sells condoms and intimate products has fallen prey to a cyber attack leaking sensitive details of its customers.…
Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns
Aug 30, 2024Ravie LakshmananCryptojacking / Vulnerability Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server…