Blog
North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware
MISTPEN is a trojanized version of a legitimate Notepad++ plugin that allows the threat actor to download and execute files from a command-and-control server. The threat group constantly enhances its malware, making it harder to detect and analyze.
North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware
MISTPEN is a trojanized version of a legitimate Notepad++ plugin that allows the threat actor to download and execute files from a command-and-control server. The threat group constantly enhances its malware, making it harder to detect and analyze.
North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware
A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity cluster is being...
Why Pay A Pentester?
The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the grandmaster Garry Kasparov in 1997, only to be stunned when the machine claimed victory. Fast forward to today, would we...
Red Hat OpenShift Receives Patches for Two Critical Flaws
Red Hat OpenShift, a popular hybrid cloud platform with robust security features, is facing two critical vulnerabilities: CVE-2024-45496 (CVSS 9.9) and CVE-2024-7387 (CVSS 9.1).
Construction Companies Potentially Vulnerable Through Accounting Software
Cybersecurity firm Huntress reported that attackers search for publicly accessible installations of Foundation software on the internet and then attempt to gain administrative access by trying combinations of default usernames and passwords.
Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing
Google has announced that it's rolling out a new set of features to its Chrome browser that gives users more control over their data when surfing the internet and protects against online threats. "With the newest version of Chrome, you can take advantage of our...
Critical Flaws Found in VICIdial Contact Center Suite, PoC Published
Two critical vulnerabilities, CVE-2024-8503 (SQL Injection) and CVE-2024-8504 (Privilege Escalation), have been uncovered in the VICIdial Contact Center Suite, posing a major risk for call centers globally.
GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging
The GSM Association, the governing body that oversees the development of the Rich Communications Services (RCS) protocol, on Tuesday, said it's working towards implementing end-to-end encryption (E2EE) to secure messages sent between the Android and iOS ecosystems....
Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution
Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow...
FREE GUIDE