A vulnerability, CVE-2024-38856, has been discovered in Apache OFBiz that allows unauthenticated remote code execution. A patch is currently available, and the developer heavily recommends installing it, as hackers will not hesitate exploiting the issue after the disclosure. Considering the high CVSS score of the flaw, not much more motivation should be given. Critical Apache… Continue reading Apache OFBiz RCE Vulnerability Discovered, Patch Now
Tag: Cybersecurity
Ubiquiti G4 Vulnerability Discovered, Allowing for DDoS Attacks
Researchers found a flaw in Ubiquiti G4 Wi-Fi cameras, that exposes the selection of important chunks of information. They suppose a similar vulnerability was used back in 2019 to perform DoS attacks on a massive number of cameras. But despite Ubiquiti claims about fixing the issue, there are still enough devices susceptible to the issue.… Continue reading Ubiquiti G4 Vulnerability Discovered, Allowing for DDoS Attacks
Eriakos Scam in Facebook Ads Targets Personal and Banking Data
Fraudsters are using fake websites and Facebook Ads to steal users’ financial data. Researchers named the campaign Eriakos after the CDN that fraudsters used in all campaigns. Facebook Ads Steal Credit Card Information On April 17, 2024, specialists from Recorded Future discovered a fraudulent campaign with Chinese origins that had targeted Facebook users. They named… Continue reading Eriakos Scam in Facebook Ads Targets Personal and Banking Data
BangBros Leak Exposes 12 Million User Records
BangBros, a studio and platform specializing in adult content, leaked information about the users registered on their website. The database was discovered by researchers, and according to their report, it contains 12 million records of sensitive information. Further checks show that there is barely a possibility of this DB not belonging to the company. BangBros… Continue reading BangBros Leak Exposes 12 Million User Records
Fake Google Authenticator Abuses Google Ads, Spreads Malware
Cybercriminals promote a fake Google Authenticator page through ads in Google Search. According to the report, they use a tricky scheme to hide the fraudulent domain and make the ad contain a genuine URL. The resulting page, which looks exactly like the original Google Authenticator one, downloads a malicious file. Fake Google Authenticator Downloading Page… Continue reading Fake Google Authenticator Abuses Google Ads, Spreads Malware
Gh0st RAT Malware Attacks Chinese Users Via Fake Chrome Page
Attackers are using a new loader, Gh0stGambit, to spread Gh0st RAT malware to Chinese users. A Google Chrome phishing download site is being used for that purpose, copying the design of the genuine page. That is, in fact, the part of the campaign that attracted the attention of cybersecurity experts. Gh0st RAT Trojan Targets Chinese… Continue reading Gh0st RAT Malware Attacks Chinese Users Via Fake Chrome Page
2024 Olympic Cyberattack Risks: What Should We Expect
The Olympic Games is a massive sporting event that attracts billions of people worldwide. But where there are thousands of people – fans and supporters; there are also cybercriminals. Such events have always caused a spike in the number of cyberattacks of different kinds. In this post, we will discuss exactly this – risks of… Continue reading 2024 Olympic Cyberattack Risks: What Should We Expect
India Post SMS Phishing Targets Mobile Users in India
Massive complaints come from Indian users regarding a new wave of SMS phishing scams, particularly targeting iPhones. They mimic delivery notification messages from India Post, one of the major postal services in the country. Fraudsters try stealing user credentials associated with that service, which may be the fuel of further scams. Fraudsters Impersonate India Post… Continue reading India Post SMS Phishing Targets Mobile Users in India
Docker Engine Authentication Bypass Vulnerability Exploited
Attackers are actively exploiting a critical vulnerability in the Docker Engine that may allow for authentication bypass in a chain attack. This vulnerability allows attackers to bypass AuthZ authorization plugins, effectively mutilating any auth control. For this and several other reasons, the flaw got the max severity score possible (10.0). Critical Docker Engine Flaw Allows… Continue reading Docker Engine Authentication Bypass Vulnerability Exploited
Hamster Kombat Players Targeted in a New Malware Spreading Scheme
Players of Hamster Kombat have become prime targets for scammers promoting phishing schemes aimed at those looking for easy earnings. Malicious actors steal confidential data and infect inattentive players with malware. Due to the technical aspects of Hamster Kombat, these fraudulent schemes are highly successful. Hamster Kombat Tap-Game Players Targeted in Malware Spreading ESET researchers… Continue reading Hamster Kombat Players Targeted in a New Malware Spreading Scheme