Cyber Security BlogsGitLab addressed two critical flaws impacting both the Community and Enterprise Edition, including a critical zero-click account hijacking vulnerability GitLab has released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset.

Cyber Security Blogs In a domain traditionally lauded for its technical prowess, the emergence of soft skills as a critical factor might seem counterintuitive. Yet, as cyber threats continue to evolve in sophistication, industry experts are acknowledging the indispensable role these skills play. Cybersecurity is no longer solely about firewalls and encryption. It’s a critical

Cyber Security BlogsThe Shift from RSS Feeds in Data Extortion ALPHV ransomware has gained attention recently due to its distinctive and unconventional methods deployed on its leak sites. Recently ALPHV ransomware released a Python crawler designed to synchronize their leak posts and attachments with any database. The crawler has a feature that ensures that only

Cyber Security BlogsCookie Stealer Leveraging Telegram for Data Exfiltration   Microsoft’s Visual Studio is a highly popular Integrated Development Environment (IDE) that empowers developers to create diverse applications. However, the software’s widespread usage has attracted the attention of cybercriminals, leading them to craft nefarious schemes aimed at deceiving and victimizing unsuspecting users. In response to

Cyber Security Blogs Q2-2023 Ransomeware Report ATLANTA, July 20, 2023: Cyble, the Y Combinator-backed leader in AI-powered global cyber threat intelligence, today announced the release of its much-awaited Q2-2023 Ransomware Report, an exhaustive resource offering critical insights into the ever-evolving global ransomware landscape Within the 38-page report, organizations will gain valuable insights into critical aspects, including the

Cyber Security BlogsNew Ransomware Strain Sets Sights on Cryptocurrency Users   New programming languages often have fewer security measures and less mature detection mechanisms than well-established ones. Threat Actors (TAs) often attempt to bypass traditional security defenses and avoid detection by using a less-known programming language. NIM, a programming language specifically created for efficient execution

Cyber Security BlogsStealer impersonating Solution File (.sln) via a fake GitHub repo GitHub is a web platform that facilitates version control and collaboration for software development projects. This enables users to store and manage their source code repositories, track code modifications, and collaborate with others on the same project. While GitHub serves as a hosting

Cyber Security BlogsOver 130K PV Measuring and Diagnostics Solutions exposed over the Internet With its increasing prominence and global adoption, green energy has emerged as a potential target for attackers, posing concerns for both State and Private entities in the near future. With the increasing adoption of renewable energy sources such as solar, wind, and

Cyber Security BlogsKey Takeaways The blog delves into a new infection approach to disseminating the SectopRAT final payload. Providing insight into LummaC stealer and its method of procuring the Amadey bot malware. The Amadey bot replicates itself to ensure persistence, generating an LNK file within the startup folder directory. Upon being started, this LNK file

Cyber Security BlogsKey Takeaways The blog highlights a new infection chain for distributing AgenTesla RAT. It involves a spam email with a CPL file that, when executed, downloads a PowerShell script that injects AgentTesla malware in exe and MSbuild.exe. The PowerShell scripts use obfuscated binary strings to hide malicious code. For persistence, malicious VB Scripts