The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims’ accounts. “Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube,” ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using
Read More
Introduction Today’s digital world faces a rise in cyber-attacks and hackers are increasingly using steganography as a technique to trick internet users and bind malicious payloads in seemingly “safe” software, files, etc. to bypass security firewalls and scanners. The root “steganos” is Greek for “hidden/cover” and the root “graph” is Greek for “to write”, where
Read More
Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that’s designed to harvest sensitive information from compromised Android devices. According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and exfiltrate names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server. The activity
Read More
A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. “The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, with malicious scripts and uses Advanced Installer’s Custom
Read More
Our mission is to educate our customer base, build capacity in every country we operate in and make cyber security affordable to all