While currently used to push adware, the campaign can redirect users to other types of malware, such as banking trojans to steal credentials and financial information or ransomware.
The vulnerability stemmed from incomplete input validation of user-supplied .tar files as it pertains to the names of the files contained within the archive.
As exploits against vulnerabilities increase overall, Palo Alto Networks' research unit has observed a jump in attempts to mimic ChatGPT through squatting domains.
Vehicle data and customer information were exposed for over eight years due to a cloud misconfiguration at Toyota Motor that impacted over 260,000 customers.
The biggest victim of the cryptocurrency hack on Atomic Wallet was an individual who reportedly lost $7.95 million in Tether.
North Korean hackers stole more virtual currency in 2022 than in any previous year, with estimates ranging from $630 million to over $1 billion — reportedly doubling Pyongyang’s total cybertheft proceeds in 2021.
Microsoft 365 suffered another outage on Monday, preventing users from accessing Microsoft 365 apps.
A network security review of Micron products sold in China has revealed that these products pose a significant security risk to the country’s key information infrastructure supply chain.
Cybercrime gang Lemon Group has managed to get malware known as Guerrilla preinstalled on the devices.
Mikhail Pavlovich Matveev is charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers.
Financially motivated threat actor UNC3944 is using phishing and SIM swapping attacks to take over Microsoft Azure admin accounts and gain access to virtual machines (VM), according to cybersecurity firm Mandiant.
Lancefly has been deploying the Merdoor backdoor in highly targeted attacks since 2018 to establish persistence, execute commands, and perform keylogging on corporate networks.
The exploitation of the vulnerability leads to a cross-site scripting (XSS) attack in which a threat actor can inject malicious scripts, redirects, advertisements, and other forms of URL manipulation into a victim site.
While the attacks have not been attributed to any specific threat actor, it is likely that a Russian group is responsible for the attacks, according to researchers at Bitdefender.
Payouts from ransomware victims declined by 38% in 2022, which has prompted hackers to adopt more professional and corporate tactics to ensure higher returns.
