Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool – OfficialSarkar

Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool – OfficialSarkar

Jul 24, 2024NewsroomCyber Espionage / Threat Intelligence The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell. The development marks the first time the adversary has been observed using the…

Telegram App Flaw Exploited to Spread Malware Hidden in Videos – OfficialSarkar

Telegram App Flaw Exploited to Spread Malware Hidden in Videos – OfficialSarkar

A zero-day security flaw in Telegram’s mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. The exploit appeared for sale for an unknown price in an underground forum on June 6, 2024, ESET said. Following responsible disclosure on June 26, the issue was addressed by Telegram…

How a Trust Center Solves Your Security Questionnaire Problem – OfficialSarkar

How a Trust Center Solves Your Security Questionnaire Problem – OfficialSarkar

Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products…

How to Reduce SaaS Spend and Risk Without Impacting Productivity – OfficialSarkar

How to Reduce SaaS Spend and Risk Without Impacting Productivity – OfficialSarkar

Jul 24, 2024The Hacker NewsSaaS Management / IT Governance There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and it’s incredibly easy (and tempting) for your workforce to adopt these tools without going through the…

CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices – OfficialSarkar

CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices – OfficialSarkar

Jul 24, 2024NewsroomSoftware Update / IT Outage Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week. “On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update…

CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List – OfficialSarkar

CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List – OfficialSarkar

Jul 24, 2024NewsroomVulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below – CVE-2012-4792 (CVSS score: 9.3) – Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.3) – Twilio Authy…

Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers – OfficialSarkar

Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers – OfficialSarkar

Jul 24, 2024NewsroomMalvertising / Threat Intelligence A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs said it detected the stealer campaign targeting Spain, Thailand, and the U.S. using booby-trapped files that…

Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware – OfficialSarkar

Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware – OfficialSarkar

Jul 23, 2024NewsroomCyber Espionage / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign targeting a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which was previously observed targeting…

Meta Given Deadline to Address E.U. Concerns Over ‘Pay or Consent’ Model – OfficialSarkar

Meta Given Deadline to Address E.U. Concerns Over ‘Pay or Consent’ Model – OfficialSarkar

Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its “pay or consent” advertising model or risk-facing enforcement measures, including sanctions. The European Commission said the Consumer Protection Cooperation (CPC) Network has notified the social media giant that the model adopted for Facebook and Instagram…

Chinese Hackers Target Taiwan and US NGO with MgBot Malware – OfficialSarkar

Chinese Hackers Target Taiwan and US NGO with MgBot Malware – OfficialSarkar

Jul 23, 2024NewsroomCyber Espionage / Chinese Hackers Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group “also engages in internal espionage,” Symantec’s Threat Hunter Team, part…