Two recently identified ransomware gangs are using payloads that contain almost identical code, suggesting that the groups’ affiliates are using shared infrastructure. The groups, named HellCat and Morpheus, emerged in mid to late 2024. SentinelOne researchers also identified similarities in…
Jan 24, 2025Ravie LakshmananBiometric / Mobile Security Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations. “When you turn on Identity Check, your device…
Jan 24, 2025Ravie LakshmananVulnerability / JavaScript The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.…
Jan 23, 2025Ravie LakshmananVulnerability / Network Security SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. The vulnerability,…
Jan 23, 2025Ravie LakshmananMalware / Enterprise Security Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the activity is so…
Donald Trump has used his presidential powers to pardon convicted felon Ross Ulbricht, the founder of notorious dark web marketplace Silk Road. Ulbricht was sentenced to life in prison in 2015, on charges related to distributing narcotics, engaging in a…
Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover…
Cisco has warned about a new privilege escalation vulnerability in its Meeting Management tool that could allow a remote attacker to gain administrator privileges on exposed instances. The vulnerability, CVE-2025-20156, was disclosed by Cisco on January 22 and is awaiting…
Jan 23, 2025Ravie LakshmananPhishing / Malware Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. “The campaign is global, with Netskope Threat Labs tracking victims targeted…
Threat actors have been actively exploiting chained vulnerabilities in Ivanti Cloud Service Appliances (CSA), significantly amplifying the impact of their cyber-attacks. The vulnerabilities—CVE-2024-8963, CVE-2024-9379, CVE-2024-8190 and CVE-2024-9380—were leveraged in September 2024 to breach systems, execute remote code (RCE), steal credentials…
All Rights Reserved. Kowatek Blog by IWUCHI
Home | About Us | Disclaimer | Privacy Policy | Contact Us
