Feb 21, 2025Ravie LakshmananNetwork Security / Vulnerability Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part…
Hackers are actively trying to simultaneously exploit three vulnerabilities in unpatched Palo Alto Networks firewall appliances. These flaws, all affecting Palo Alto’s PAN-OS web management interface, include CVE-2025-0108, an authentication bypass, CVE-2025-0111, an authenticated file read vulnerability, and CVE-2024-9474, a…
Security researchers have observed a sharp rise in mobile phishing attacks, known as “mishing,” with activity peaking in August 2024 at over 1000 daily attack records. The report, published by Zimperium zLabs, also found that 16% of all mobile phishing…
Feb 20, 2025Ravie LakshmananCybercrime / Malware A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation. “The legitimate application used in the attack,…
Cyber professionals working across the US West Coast are the highest paid in North America with an average base salary of $200,000 per annum. This marks a huge $49,000 difference compared to the next highest earning region in North America.…
The payment card industry has set a critical deadline for businesses handling cardholder data or processing payments- by March 31, 2025, DMARC implementation will be mandatory! This requirement highlights the importance of preventative measures against email fraud, domain spoofing, and…
A new malware campaign targeting freelance developers has been using deceptive job advertisements to trick them into downloading malicious software disguised as legitimate tools. The campaign primarily spreads through GitHub repositories and relies on freelancers’ eagerness to secure remote work…
Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret. The activity, linked to North Korea, has been codenamed DeceptiveDevelopment, which overlaps with clusters tracked…
Infostealers became one of the “most significant initial access vectors” in the threat landscape last year, with one threat intelligence company claiming to find over 330 million compromised credentials linked to the malware. Israeli firm Kela revealed the findings in…
Feb 20, 2025Ravie LakshmananRansomware / Vulnerability A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker…
All Rights Reserved. Kowatek Blog by IWUCHI
Home | About Us | Disclaimer | Privacy Policy | Contact Us
