Can web browsers protect us, even if it is HTTPS? Maybe yes, but not with the novel BitB attack, which fakes us by a popup SSO window to phish the credentials for Google, Facebook, and Microsoft. Before clicking wily-nily on…
Researchers have identified that the actors behind the Gh0stCringe remote access trojan are targeting Microsoft SQL and MySQL database servers. Gh0stCringe, which is thought to be active since 2018, is a known variant of Gh0st RAT malware. A recent report…
Five new vulnerabilities have been found in Dell BIOS; if the vulnerabilities are successfully exploited, the systems can have codes executed remotely. The Dell vulnerability is another firmware vulnerability recently uncovered in Insyde Software’s InsydeH2O and HP Unified Extensible Firmware…
Social engineering attacks have been using romantic traps and cryptocurrency tricks to lure victims into installing duplicate apps. These attacks use legitimate iOS features like TestFlight and Web Clips to get into the system. Sophos, a cybersecurity company, has called…
Attackers can exploit a previously unknown security vulnerability in the Kubernetes container engine CRI-O labelled cr8escape. The attacker can exploit the vulnerability to escape the container and get root access to the host. “Invocation of CVE-2022-0811 can allow an attacker…
Researchers from cybersecurity firm Abnormal Security observed threat actors spreading the BazarLoader/BazarBackdoor malware via website contact forms rather than typical phishing emails to evade detection by security software. The backdoor malware is developed by the TrickBot group and has been…
The maintainers of OpenSSL have dispatched patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates. Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue stems from parsing a…
Researchers have found seven new security vulnerabilities in an open-source database management system solution called ClickHouse. The vulnerabilities could be exploited to strike the servers, leak memory contents, and execute arbitrary code. “The vulnerabilities require authentication, but can be triggered…
Checkmarx rolled out its UK report; the report states around 45% of organisations had to put up with at least two security breaches because of a vulnerable application. Further, 34% of the organisations that had a cybersecurity breach relating to…
Emotnet trojan, one of the most infamous malware campaigns, has rekindled and is causing more damage than ever. In January 2021, law enforcement authorities globally had curbed the trojan’s operations by pulverising its C2 infrastructures. What appeared as the end…
