Tag: Cybersecurity

Apache OFBiz RCE Vulnerability Discovered, Patch Now

Another vulnerability that could cause trouble was discovered in Apache OFBiz

A vulnerability, CVE-2024-38856, has been discovered in Apache OFBiz that allows unauthenticated remote code execution. A patch is currently available, and the developer heavily recommends installing it, as hackers will not hesitate exploiting the issue after the disclosure. Considering the high CVSS score of the flaw, not much more motivation should be given. Critical Apache… Continue reading Apache OFBiz RCE Vulnerability Discovered, Patch Now

Ubiquiti G4 Vulnerability Discovered, Allowing for DDoS Attacks

An old vulnerability in Ubiquiti cameras appears to be still around

Researchers found a flaw in Ubiquiti G4 Wi-Fi cameras, that exposes the selection of important chunks of information. They suppose a similar vulnerability was used back in 2019 to perform DoS attacks on a massive number of cameras. But despite Ubiquiti claims about fixing the issue, there are still enough devices susceptible to the issue.… Continue reading Ubiquiti G4 Vulnerability Discovered, Allowing for DDoS Attacks

Eriakos Scam in Facebook Ads Targets Personal and Banking Data

Another online scam involving Facebook adverts

Fraudsters are using fake websites and Facebook Ads to steal users’ financial data. Researchers named the campaign Eriakos after the CDN that fraudsters used in all campaigns. Facebook Ads Steal Credit Card Information On April 17, 2024, specialists from Recorded Future discovered a fraudulent campaign with Chinese origins that had targeted Facebook users. They named… Continue reading Eriakos Scam in Facebook Ads Targets Personal and Banking Data

BangBros Leak Exposes 12 Million User Records

Unusual data leak from BangBros exposes 12M users

BangBros, a studio and platform specializing in adult content, leaked information about the users registered on their website. The database was discovered by researchers, and according to their report, it contains 12 million records of sensitive information. Further checks show that there is barely a possibility of this DB not belonging to the company. BangBros… Continue reading BangBros Leak Exposes 12 Million User Records

Fake Google Authenticator Abuses Google Ads, Spreads Malware

Hackers abuse Google Search Ads to deploy backdoors, pretending to be Google

Cybercriminals promote a fake Google Authenticator page through ads in Google Search. According to the report, they use a tricky scheme to hide the fraudulent domain and make the ad contain a genuine URL. The resulting page, which looks exactly like the original Google Authenticator one, downloads a malicious file. Fake Google Authenticator Downloading Page… Continue reading Fake Google Authenticator Abuses Google Ads, Spreads Malware

Gh0st RAT Malware Attacks Chinese Users Via Fake Chrome Page

Chinese malware targets Chinese users - a rather unusual thing to see

Attackers are using a new loader, Gh0stGambit, to spread Gh0st RAT malware to Chinese users. A Google Chrome phishing download site is being used for that purpose, copying the design of the genuine page. That is, in fact, the part of the campaign that attracted the attention of cybersecurity experts. Gh0st RAT Trojan Targets Chinese… Continue reading Gh0st RAT Malware Attacks Chinese Users Via Fake Chrome Page

2024 Olympic Cyberattack Risks: What Should We Expect

The biggest event of 2024. What can go wrong?

The Olympic Games is a massive sporting event that attracts billions of people worldwide. But where there are thousands of people – fans and supporters; there are also cybercriminals. Such events have always caused a spike in the number of cyberattacks of different kinds. In this post, we will discuss exactly this – risks of… Continue reading 2024 Olympic Cyberattack Risks: What Should We Expect

India Post SMS Phishing Targets Mobile Users in India

Cybercriminals send thousands of spam messages that mimic legit parcel delivery notifications

Massive complaints come from Indian users regarding a new wave of SMS phishing scams, particularly targeting iPhones. They mimic delivery notification messages from India Post, one of the major postal services in the country. Fraudsters try stealing user credentials associated with that service, which may be the fuel of further scams. Fraudsters Impersonate India Post… Continue reading India Post SMS Phishing Targets Mobile Users in India

Docker Engine Authentication Bypass Vulnerability Exploited

The old-new critical vulnerability was found in the Docker Engine

Attackers are actively exploiting a critical vulnerability in the Docker Engine that may allow for authentication bypass in a chain attack. This vulnerability allows attackers to bypass AuthZ authorization plugins, effectively mutilating any auth control. For this and several other reasons, the flaw got the max severity score possible (10.0). Critical Docker Engine Flaw Allows… Continue reading Docker Engine Authentication Bypass Vulnerability Exploited

Hamster Kombat Players Targeted in a New Malware Spreading Scheme

Another scam campaign based on Hamster Kombat

Players of Hamster Kombat have become prime targets for scammers promoting phishing schemes aimed at those looking for easy earnings. Malicious actors steal confidential data and infect inattentive players with malware. Due to the technical aspects of Hamster Kombat, these fraudulent schemes are highly successful. Hamster Kombat Tap-Game Players Targeted in Malware Spreading ESET researchers… Continue reading Hamster Kombat Players Targeted in a New Malware Spreading Scheme