EHA
Home Cyber Security News

Cyber Security News

HuntGPT

HuntGPT: AI-Based Intrusion Detection Tool

Critical infrastructure has become increasingly the target of cyberattacks, with anticipated yearly damages of $10.5 trillion USD by 2025, up from only $3 trillion USD in 2015. NIST introduced a Cybersecurity Framework in 2014...
New Android Banking Malware Pose as Government App to Target Users

New Android Banking Malware Pose as Government App to Target Users

Cybercriminals continue making malware for profit, with a recent report uncovering ASMCrypt in underground forums related to the DoubleFinger loader. In the cybercrime landscape, researchers at Securelist have also reported on new Lumma stealer and...
Apache NiFi RCE Vulnerability Let Attackers Exfiltrate Sensitive Data

Apache NiFi RCE Vulnerability Let Attackers Exfiltrate Sensitive Data

The widely used data integration tool Apache NiFi has been discovered to be susceptible to a critical security flaw tracked as CVE-2023-34468 that might allow remote code execution. Additionally, this significant issue might allow attackers to exfiltrate sensitive information, compromise...
BunnyLoader: The new Malware-as-a-Service (MaaS) Under Rapid Development

BunnyLoader: New Malware-as-a-Service (MaaS) Under Rapid Development

A new malware-as-a-service (MaaS) loader under the name “BunnyLoader” has been discovered to be sold in multiple hacking forums. This malware has multiple functionalities which include second-stage payload downloading and executing, browser credentials and...
Marvin Attack: 25-year-old RSA Decryption Vulnerability Disclosed

Marvin Attack: 25-year-old RSA Decryption Vulnerability Disclosed

A new type of vulnerability in the software implementation of PKCS#1 v1.5 padding scheme for RSA key exchange, which was previously confirmed to be susceptible, has been discovered and still can be exploited. This...
Microsoft Windows Server 2022 Vulnerability Let Attacker Launch DoS Attacks

Windows Server Running SMB over QUIC Let Attacker Launch DoS Attacks

QUIC, created by Google, is a modern transport layer protocol aimed at enhancing connection reliability and security while addressing latency and packet loss issues utilizing UDP. Microsoft's QUIC implementation is known as MsQuic, utilized for...
Malicious npm and PyPi Packages Exfiltrate SSH Keys From Server

Malicious npm and PyPi Packages Exfiltrate SSH Keys From Server

JavaScript and Python both have their own package repositories called npm (Node Package Manager) and PyPi (Python Package Index), respectively. They act as key centers for publishing and exchanging reusable code libraries and packages by...
$20M Offered By Russian Zero-Day Seller To Hack Android And iPhone devices

$20M Offered By Russian Zero-Day Seller To Hack Android And iPhone Devices

The Russian company Operation Zero is currently offering researchers $20 million in exchange for hacking tools that would enable its customers to take control of Android and iPhone devices. “By increasing the premium and providing...
New Ransomware Trend – Threat Actors Deploy Two Ransomware on Victims’ Networks

New Ransomware Trend – Threat Actors Deploy Two Ransomware on Victims’ Networks

The FBI alerts on rising ransomware trends and urges organizations to follow mitigation recommendations for minimizing ransomware risks and consequences. In July 2023, the FBI observed two ransomware trends, and here we have mentioned them:- Multiple...
Microsoft SharePoint Server Vulnerabilities Chained to Achieve Remote Code Execution

Microsoft SharePoint Server Vulnerabilities Chained to Achieve Remote Code Execution

Microsoft SharePoint Server was reported with two vulnerabilities, CVE-2023-29357 and CVE-2023-24955, which threat actors can use for achieving remote code execution (RCE) against Microsoft SharePoint Server. These vulnerabilities were discovered as part of the Zero...

Unified Endpoint Management

EHA

Managed WAF

Website

Latest News