admin

  • Blog
    digitpatrox1 week ago
    27

    DPRK hackers dupe targets into typing PowerShell commands as admin

    North Korean state actor ‘Kimsuky’ (aka ‘Emerald Sleet’ or ‘Velvet Chollima’) has been observed using a new tactic inspired from the now widespread ClickFix campaigns. ClickFix is a social engineering tactic that has gained traction in the cybercrime community, especially for distributing infostealer malware. It involves deceptive error messages or prompts that direct victims to execute malicious code themselves, often…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    35

    Laravel admin package Voyager vulnerable to one-click RCE flaw

    Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. The issues remain unfixed and can be exploited against an authenticated Voyager user that clicks on a malicious link. Vulnerability researchers at SonarSource, a code quality and security company, say that they tried to report the flaws to the Voyager maintainers…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    36

    Hackers use Windows RID hijacking to create hidden admin account

    A North Korean threat group has been using a technique called RID hijacking that tricks Windows into treating a low-privileged account as one with administrator permissions. The hackers used a custom malicious file and an open source tool for the hijacking attack. Both utilities can perform the attack but researchers at South Korean cybersecurity company AhnLab say that there are differences. How RID…

    Read More »
  • Blog
    digitpatroxJanuary 17, 2025
    55

    Microsoft expands testing of Windows 11 admin protection feature

    Microsoft has expanded its Windows 11 administrator protection tests, allowing Insiders to enable the security feature from the Windows Security settings. First introduced in October in a preview build for Windows 11 Insiders in the Canary Channel, admin protection uses a hidden, just-in-time elevation mechanism and Windows Hello authentication prompts that only unlock admin rights when needed to block access…

    Read More »
  • Blog
    digitpatroxJanuary 14, 2025
    57

    Stolen Path of Exile 2 admin account used to hack player accounts

    Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November. The breached admin account allowed the threat actors to change the passwords of other accounts, with many losing their in-game purchases, including valuable items…

    Read More »
  • Blog
    digitpatroxDecember 10, 2024
    80

    Microsoft 365 outage takes down Office web apps, admin center

    Microsoft is investigating a widespread and ongoing Microsoft 365 outage impacting Office web apps and the Microsoft 365 admin center. Since this incident started hours ago, Downdetector has received user reports complaining about problems connecting to Outlook, OneDrive, and other Office 365 apps and services. Affected customers see “We’re experiencing a service outage. All of your open files have been…

    Read More »
  • Blog
    digitpatroxNovember 18, 2024
    83

    Microsoft 365 Admin portal abused to send sextortion emails

    The Microsoft 365 Admin Portal is being abused to send sextortion emails, making the messages appear trustworthy and bypassing email security platforms. Sextortion emails are scams claiming that your computer or mobile device was hacked to steal images or videos of you performing sexual acts. The scammers then demand from you a payment of $500 to $5,000 to prevent them…

    Read More »
  • Blog
    digitpatroxNovember 17, 2024
    93

    Security plugin flaw in millions of WordPress sites gives admin access

    A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin ‘Really Simple Security’ (formerly ‘Really Simple SSL’), including both free and Pro versions. Really Simple Security is a security plugin for the WordPress platform, offering SSL configuration, login protection, a two-factor authentication layer, and real-time vulnerability detection. Its free version alone is used in over four million websites. Wordfence,…

    Read More »
  • Blog
    digitpatroxOctober 31, 2024
    106

    800,000 users exposed in Landmark Admin data breach

    Insurance administrative services company Landmark Admin is warning 800,000 people that their sensitive data has been exposed, following a cyber attack earlier this year. According to the firm’s filing with the Attorney General of Maine, the breach involved an extremely broad range of personal data, including full names and addresses, Social Security numbers, tax identification numbers, drivers’ license numbers, and…

    Read More »
  • Blog
    digitpatroxOctober 27, 2024
    110

    Insurance admin Landmark says data breach impacts 800,000 people

    Insurance administrative services company Landmark Admin warns that a data breach impacts over 800,000 people from a May cyberattack. Landmark Admin is a third-party administrator for insurance companies, offering back-office services like new business processing and claims administration for large insurance carriers. Some insurance carriers working with Landmark Admin include American Monumental Life Insurance Company, Pellerin Life Insurance Company, American Benefit Life…

    Read More »
Load More
Back to top button
close