Specula Tool Turns Outlook Into A C2 Server By Leveraging Registry
Specula tool utilizes a Registry to turn Microsoft Outlook Into a C2 Server capable of executing arbitrary commands. Fundamentally, Specula is a C2 framework that…
Category: CyberSecurityNews
Weaponized Google Authenticator Via Google Ads Steals Sensitive Data
In recent days, threat actors have leveraged the popular Google Authenticator (a multi-factor authentication program) through Google ads, infecting devices with malware. In this instance,…
New SMS Stealer Infects Millions Of Android Users In 113 Countries
Since February 2022, a highly advanced Android malware campaign has been specifically designed to attack one-time passwords (OTPs), which are used for enterprise security breaches.…
Google Enhances Chrome Security to Prevention Users From Cookie Steal Malware
Google has introduced several measures to address this threat, including Safe Browsing download protection in Chrome, Device Bound Session Credentials, and account-based threat detection systems…
Critical OAuth Vulnerability Exposes 1 Million Sites to XSS Attacks
Security researchers have uncovered a critical vulnerability affecting over one million websites. The vulnerability combines OAuth implementation flaws with cross-site scripting (XSS) attacks. The vulnerability…
20,275 VMware ESXi Vulnerable Instances Exposed
Microsoft has issued a significant security alert regarding a vulnerability in VMware ESXi hypervisors, which ransomware operators have actively exploited. According to the Shadowserver Foundation,…
Google Releases Critical Security Update for Chrome
Google has rolled out a critical security update for its Chrome browser, addressing a severe flaw that could lead to browser crashes. The update, now…
Beware of Malicious Crypto Management App that Drains Your Wallet
Cryptocurrency scams are becoming increasingly sophisticated. This article delves into the intricacies of these scams, providing insights into how they operate and offering tips on…
Hackers Actively Exploiting GeoServer RCE Flaw, 6635 Servers Vulnerable
A critical vulnerability in GeoServer, an open-source Java-based software server, has put thousands of servers at risk. The flaw, CVE-2024-36401, allows unauthenticated users to execute…
Multiple SMTP Servers Vulnerable to Spoofing Attacks
A recent discovery has unveiled vulnerabilities in multiple hosted, outbound SMTP servers, allowing authenticated users and certain trusted networks to send emails with spoofed sender…
DDoS Attack Leads to Microsoft Azure Global Outage
On July 30, 2024, Microsoft experienced a significant global outage affecting its Azure cloud services and Microsoft 365 products. The incident, which lasted nearly 10…
Tycoon 2FA Phish-kit Exploits Amazon SES to Steal User Credentials
A sophisticated phishing campaign with Tycoon 2FA Phish-kit has been identified, leveraging Amazon Simple Email Service (SES) and a series of high-profile redirects to steal…