exploits

  • Blog
    digitpatrox1 day ago
    13

    Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection

    This Motorola Moto G Power 5G shows the midnight blue color option. Image: Amazon New Android malware is using Microsoft’s .NET MAUI to fly under the radar in a new cybersecurity dust-up this week. Disguised as actual services such as banking and social media apps targeting Indian and Chinese-speaking users, the malware is designed to gain access to sensitive information.…

    Read More »
  • Blog
    digitpatrox4 days ago
    25

    Healthcare systems are rife with exploits — and ransomware gangs have noticed

    Healthcare organizations are facing serious threats from ransomware groups, with nearly nine-in-ten (89%) found to have medical devices that are vulnerable to exploits. That’s according to research from Claroty, which examined the state of security among healthcare organizations — and the diagnosis isn’t good. The report found that effectively all (99%) of healthcare organizations have at least one known, actively…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    42

    New SuperBlack ransomware exploits Fortinet auth bypass flaws

    A new ransomware operator named ‘Mora_001’ is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. The two vulnerabilities, both authentication bypasses, are CVE-2024-55591 and CVE-2025-24472, which Fortinet disclosed in January and February, respectively. When Fortinet first disclosed CVE-2024-55591 on January 14, they confirmed it had been exploited as a zero-day, with Arctic…

    Read More »
  • Blog
    digitpatroxFebruary 24, 2025
    45

    Exploits for unpatched Parallels Desktop flaw give root on Macs

    Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices. Parallels Desktop is a virtualization software that allows Mac users to run Windows, Linux, and other operating systems alongside macOS. It is very popular among developers, businesses, and casual users who need Windows applications on…

    Read More »
  • Blog
    digitpatroxFebruary 4, 2025
    65

    Ransomware group Akira exploits victims following IT provider breach – 60 and counting

    After an attack on a yet-unknown IT provider, Akira has started extorting the victims of the breach. On Friday, Akira uploaded its first batch of 34 victims. Today, it’s uploaded another 26. Here’s what we know about the victims so far: Three attacks appear to be confirmed/connected to breaches from 2024 37 victims are from the United States, four are…

    Read More »
  • Blog
    digitpatroxJanuary 11, 2025
    79

    New Web3 attack exploits transaction simulations to steal crypto

    Threat actors are employing a new tactic called “transaction simulation spoofing” to steal crypto, with one attack successfully stealing 143.45 Ethereum, worth approximately $460,000. The attack, spotted by ScamSniffer, highlights a flaw in transaction simulation mechanisms used in modern Web3 wallets, meant to safeguard users from fraudulent and malicious transactions. How the attack works Transaction simulation is a feature that allows…

    Read More »
  • Blog
    digitpatroxJanuary 8, 2025
    103

    New Mirai botnet targets industrial routers with zero-day exploits

    A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices. Exploitation of previously unknown vulnerabilities started in November 2024, according to Chainxin X Lab researchers who monitored the botnet’s development and attacks. One of the security issues is CVE-2024-12856, a vulnerability in Four-Faith industrial routers…

    Read More »
  • Blog
    digitpatroxJanuary 3, 2025
    80

    New DoubleClickjacking attack exploits double-clicks to hijack accounts

    A new variation of clickjacking attacks called “DoubleClickjacking” lets attackers trick users into authorizing sensitive actions using double-clicks while bypassing existing protections against these types of attacks. Clickjacking, also known as UI redressing, is when threat actors create malicious web pages that trick visitors into clicking on hidden or disguised webpage elements. The attacks work by overlaying a legitimate webpage in…

    Read More »
  • Blog
    digitpatroxDecember 24, 2024
    79

    New botnet exploits vulnerabilities in NVRs, TP-Link routers

    A new Mirai-based botnetis actively exploiting a remote code execution vulnerability that has not received a tracker number and appears to be unpatched in DigiEver DS-2105 Pro NVRs. The campaign started in October and targets multiple network video recorders and TP-Link routers with outdated firmware. One of the vulnerabilities used in the campaign was documented by TXOne researcher Ta-Lun Yen and presented last…

    Read More »
  • Blog
    digitpatroxDecember 2, 2024
    118

    BootKitty UEFI malware exploits LogoFAIL to infect Linux systems

    The recently uncovered ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaw, tracked as CVE-2023-40238, to target computers running on vulnerable firmware. This is confirmed by firmware security firm Binarly, which discovered LogoFAIL in November 2023 and warned about its potential to be used in actual attacks. Bootkitty and LogoFAIL connection Bootkitty was discovered by ESET, who published a report last…

    Read More »
Load More
Back to top button
close