exploit

  • Blog
    digitpatrox3 days ago
    14

    Chinese hackers exploit Fortinet VPN zero-day to steal credentials

    Chinese threat actors use a custom post-exploitation toolkit named ‘DeepData’ to exploit a zero-day vulnerability in Fortinet’s FortiClient Windows VPN client that steal credentials. The zero-day allows the threat actors to dump the credentials from memory after the user authenticated with the VPN device Volexity researchers report that they discovered this flaw earlier this summer and reported it to Fortinet, but…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    44

    Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day

    The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. Kaspersky discovered the attacks on May 13, 2024, and reported the Chrome zero-day flaw to Google. Google issued a fix for CVE-2024-4947 on May 25, with Chrome version 125.0.6422.60/.61. Lazarus tank games Kaspersky discovered the…

    Read More »
  • Blog
    digitpatroxOctober 22, 2024
    38

    Hackers exploit Roundcube webmail flaw to steal email, credentials

    Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union. An attack was discovered by Russian cybersecurity company Positive Technologies in September, but the researchers determined that the threat actor activity had started in June. Roundcube Webmail is an…

    Read More »
  • Blog
    digitpatroxOctober 13, 2024
    51

    Iranian hackers now exploit Windows flaw to elevate privileges

    The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region. In these attacks, spotted by Trend Micro researchers, OilRig deployed a novel backdoor, targeting Microsoft Exchange servers to steal credentials, and also exploited the Windows CVE-2024-30088 flaw to elevate their…

    Read More »
  • Blog
    digitpatroxOctober 10, 2024
    42

    Akira and Fog ransomware now exploit critical Veeam RCE flaw

    Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. Code White security researcher Florian Hauser found that the security flaw, now tracked as CVE-2024-40711, is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit in low-complexity attacks. Veeam disclosed the…

    Read More »
  • Blog
    digitpatroxOctober 9, 2024
    50

    Palo Alto Networks warns of firewall hijack bugs with public exploit

    Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls. The flaws were found in Palo Alto Networks’ Expedition solution, which helps migrate configurations from other Checkpoint, Cisco, or supported vendors. They can be exploited to access sensitive data, such as user credentials, that can help…

    Read More »
  • Blog
    digitpatroxOctober 3, 2024
    47

    Critical Ivanti RCE flaw with public exploit now used in attacks

    CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks. Ivanti EPM is an all-in-one endpoint management solution that helps admins manage client devices on various platforms, including Windows, macOS, Chrome OS, and IoT operating systems. Tracked as CVE-2024-29824, this SQL Injection vulnerability in…

    Read More »
  • Blog
    digitpatroxSeptember 27, 2024
    61

    Hackers are using a ChromeLoader exploit to set up fake companies and malware-ridden websites

    A large ChromeLoader campaign that uses valid ‘code-signing’ certificates to bypass Windows security policies has been identified by an HP Wolf Security report. Threat actors using the ChromeLoader exploit may also be setting up fake companies in a bid to validate certificates for bogus PDF reader websites, the report noted. In signing the installation file with valid code signing certificates,…

    Read More »
  • Blog
    digitpatroxAugust 30, 2024
    71

    Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs

    Volt Typhoon, a Chinese state-sponsored hacking group, has been caught exploiting a zero-day vulnerability in Versa Director servers, used by managed service providers and internet service providers. CVE-2024-39717 was added to CISA’s “Known Exploited Vulnerabilities Catalog” on Aug. 23 after Lumen Technologies discovered its active exploitation. Data from Censys shows that there are 163 devices in the U.S., Philippines, Shanghai,…

    Read More »
  • Blog
    digitpatroxAugust 30, 2024
    69

    North Korean hackers exploit Chrome zero-day to deploy rootkit

    North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. “We assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain,” Microsoft said on Friday, attributing the attacks…

    Read More »
Load More
Back to top button
close