Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 34

Oct 19, 2023

The Most Popular IT Admin Password Is Totally Depressing

Posted by in category: cybercrime/malcode

After sifting through more than 1.8 million pages identified as admin portals, researchers made a disheartening discovery — 40,000 of them used “admin” as its password, making it the most popular credential used by IT administrators.

The research was conducted on 2023 passwords between January and September by a team with Outpost24, which also found an increased reliance on default passwords.

The top 10 passwords discovered by the analysis included common defaults and easy-to-guess options:

Oct 17, 2023

How Google Chrome Vulnerability can Put Millions of Users in Danger — Safeguard Your Data Now!

Posted by in categories: cybercrime/malcode, space

The digital realm, while offering boundless possibilities, is also a fertile ground for myriad cybersecurity threats. One such peril that has recently come to light is the User-After-Free vulnerability in Google Chrome, specifically identified as CVE-2023–5218. This vulnerability not only poses a significant threat to user data and system integrity but also opens a Pandora’s box of potential cyber-attacks and exploitations.

The User-After-Free vulnerability is a type of cybersecurity flaw that surfaces when a program continues to utilize memory space after it has been freed or deleted. This flaw allows attackers to execute arbitrary code or potentially gain unauthorized access to a system. CVE-2023–5218, identified within Google Chrome, was noted to be potentially exploitable to perform such malicious actions, thereby putting users’ data and privacy at substantial risk.

CVE-2023–5218 was unveiled to the public through various cybersecurity platforms and researchers who detected unusual activities and potential exploitation trails leading back to this particular flaw. This vulnerability was identified to be present in a specific Chrome component, prompting Google to release a flurry of updates and patches to mitigate the associated risks.

Oct 17, 2023

Silent Predator Unveiled: Decoding WebWyrm Stealthy Malware affecting 50 countries

Posted by in categories: cryptocurrencies, cybercrime/malcode, employment, evolution, finance, military

In the intricate landscape of global cybersecurity, Webwyrm malware has surfaced as a formidable adversary, casting its ominous shadow across 50 nations and leaving in its wake over 100,000 compromised victims. This insidious digital menace successfully emulates in excess of 1,000 reputable companies globally, with the ensuing potential financial fallout estimated to surpass a staggering $100 million. It is imperative for cybersecurity professionals and organizations alike to comprehend the multifaceted nature of this threat to devise and implement robust defensive strategies effectively.

In the dynamic realm of cyber threats, malicious actors incessantly refine their Tactics, Techniques, and Procedures (TTPs), exploiting extant vulnerabilities and augmenting the efficacy of their malicious campaigns. Webwyrm epitomizes this relentless pursuit of evolution, embodying a level of sophistication reminiscent of infamous cyber threats of yore, such as the notorious ‘Blue Whale Challenge.’

WebWyrm malware orchestrates a complex, deceptive narrative aimed at duping unsuspecting job seekers into relinquishing their cryptocurrency. Initiating contact predominantly via WhatsApp, the malefactors likely leverage data procured from employment portals to pinpoint and engage individuals predisposed to their deceptive overtures. Prospective victims are enticed with promises of lucrative weekly remuneration, ranging between $1200 and $1500, contingent upon the completion of daily task “packets” or “resets.”

Oct 14, 2023

Cybersecurity Builds Trust in Critical Infrastructure

Posted by in categories: cybercrime/malcode, economics, energy

Where reliability matters, as it does in energy, resilience against cyberattacks enhances a company’s reputation. Disruptions damage that reputation.


In 2021, a ransomware attack shut down Colonial Pipeline operations for six days. Gas shortages in the eastern US, economic turmoil, and eye-catching headlines resulted. Interest in cybersecurity for critical infrastructure intensified — and many leaders seemed to learn the wrong lesson.

Energy sector leaders often take cyber vulnerabilities seriously only after a significant breach. Experiencing a loss (or watching someone else’s) makes companies tighten cybersecurity to avoid similar losses. This pattern emphasizes the loss-avoidance aspects of cybersecurity. Yet thinking of cybersecurity solely as loss avoidance misses a key value generator cybersecurity provides: trust.

Continue reading “Cybersecurity Builds Trust in Critical Infrastructure” »

Oct 14, 2023

New AI algorithm promises defense against cyberattacks on robots

Posted by in categories: cybercrime/malcode, information science, internet, military, robotics/AI

The researchers tested their algorithm on a replica of a US Army combat ground vehicle and found it was 99% effective in preventing a malicious attack.

Australian researchers have developed an artificial intelligence algorithm to detect and stop a cyberattack on a military robot in seconds.


The research was conducted by Professor Anthony Finn from the University of South Australia (UniSA) and Dr Fendy Santoso from Charles Sturt University in collaboration with the US Army Futures Command. They simulated a MitM attack on a GVT-BOT ground vehicle and trained its operating system to respond to it, according to the press release.

Continue reading “New AI algorithm promises defense against cyberattacks on robots” »

Oct 14, 2023

Google deals a deadly blow to passwords, switches to passkey

Posted by in categories: cybercrime/malcode, internet

The tech giant is following Uber and eBay’s lead in ditching passwords and could have the greatest impact in making it happen.

The death of passwords is imminent and Google has taken a giant step in ensuring it by suggesting users switch to an easier option – passkeys. Starting immediately, Google users will be able to create passkeys and use them to sign in to their accounts, avoiding passwords when possible, the company said in a recent blog post.

Since the advent of the internet passwords have been the most hated component of the entire experience. Early on, users could get away with using simpler combinations of letters and numbers but as cybersecurity risks grew, passwords started becoming longer, tougher, and harder to remember.

Oct 13, 2023

Threat Report: High Tech Industry targeted the most with 46% of attack traffic tagged by NLX

Posted by in category: cybercrime/malcode

SQL Injection is still popular, but attackers are now leaning towards Traversal techniques!

Fastly’s Network Effect Threat Report sheds light on the latest attack traffic patterns & tactics.

Read:

Continue reading “Threat Report: High Tech Industry targeted the most with 46% of attack traffic tagged by NLX” »

Oct 13, 2023

DarkGate Malware Spreading via Messaging Services Posing as PDF Files

Posted by in category: cybercrime/malcode

🚨 Beware! DarkGate #malware is now spreading through instant messaging apps like Skype & #Microsoft Teams. Stay cautious and don’t open suspicious documents!

Oct 13, 2023

Adobe Acrobat Reader Vuln Now Under Attack

Posted by in category: cybercrime/malcode

Patch now if you haven’t already: Adobe Acrobat Reader exploits are in the wild. #Adobe


The Cybersecurity Infrastructure & Security Agency (CISA) this week added to its catalog of known exploited vulnerabilities an Adobe Acrobat Reader use-after-free bug.

Adobe Acrobat and Reader Document Cloud Versions 22.003.20282 and 22.003.20281 and earlier contain the flaw (CVE-2023–21608), as do Adobe Acrobat and Reader 20.005.30418 and earlier. The use-after-free vuln allows an attacker to remotely execute malicious code on a compromised account, and execute the exploit when a victim opens the rigged PDF file.

Continue reading “Adobe Acrobat Reader Vuln Now Under Attack” »

Oct 13, 2023

New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software

Posted by in category: cybercrime/malcode

🚨 Heads up! A new malware, ZenRAT, is posing as Bitwarden password manager installation packages.

Read:

Make sure to download software from trusted sources only.

Continue reading “New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software” »

Page 34 of 220First3132333435363738Last