We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Cyber Attack

M&S 'truly sorry' as it pauses online and app orders following cyber attack
AppWizard
April 25, 2025

M&S ‘truly sorry’ as it pauses online and app orders following cyber attack

M&S is addressing a cyber incident affecting its operations, which has led to customer reports of payment difficulties and order delays. The retailer has implemented minor changes to store operations and has suspended contactless payments and click and collect services. Additionally, M&S has halted all orders through its website and mobile applications, while customers can still browse products online. A spokesperson stated that a team, supported by cyber experts, is working to restore online and app shopping. Customers are being kept informed, and the stores remain open.
PostgreSQL vulnerability exploited in US Treasury attack
Tech Optimizer
February 20, 2025

PostgreSQL vulnerability exploited in US Treasury attack

In December 2024, suspected state-sponsored Chinese hackers executed a sophisticated cyber attack on U.S. Treasury employees' workstations, utilizing a dual vulnerability strategy involving CVE-2024-12356 and CVE-2025-1094. CVE-2024-12356 is an unauthenticated command injection flaw in BeyondTrust Remote Support SaaS, while CVE-2025-1094 is a PostgreSQL zero-day vulnerability that allows SQL injection attacks through the psql tool. The PostgreSQL team released a fix for CVE-2025-1094 on February 13, 2025, and BeyondTrust issued patches in December 2024 to mitigate the vulnerabilities. PostgreSQL users are advised to upgrade to fixed versions: 17.3, 16.7, 15.11, 14.16, or 13.19, and BeyondTrust users should implement the December 2024 fix. Rapid7 has provided advisories and indicators of compromise related to these vulnerabilities.
LNK Files And SSH Commands: A New Cyber Attack Trend In 2024
Tech Optimizer
December 19, 2024

LNK Files And SSH Commands: A New Cyber Attack Trend In 2024

Cyber attackers are increasingly using malicious LNK files, which disguise themselves as harmless shortcuts, as an infection vector in 2024. Security experts, particularly Cyble Research and Intelligence Labs (CRIL), have noted a significant rise in this tactic. Attackers leverage LNK files to gain access to systems, triggering malicious actions that can deploy advanced malware. This method reflects a shift in attack vectors aimed at bypassing traditional security measures. One primary technique in these attacks is the exploitation of Living-off-the-Land Binaries (LOLBins), which are trusted system binaries manipulated to execute harmful commands without external malware. Attackers have refined their methods to evade detection by endpoint detection and response (EDR) solutions. Recent campaigns have incorporated SSH commands within malicious LNK files, allowing attackers to establish persistent connections and download malicious files from remote servers. This use of SSH is concerning as it is not typically associated with Windows systems, making it harder for conventional security measures to detect. Threat actors have also used SSH commands to execute malicious PowerShell or CMD commands indirectly through LNK files. For example, a malicious LNK file was found to trigger a PowerShell script that downloaded a malicious payload. Advanced Persistent Threat (APT) groups, known for their long-term cyber espionage, are increasingly utilizing these techniques, with groups like Transparent Tribe deploying stealer malware using similar methods. The combination of LNK files and SSH commands presents a significant threat to organizations, necessitating enhanced monitoring and detection systems to identify abnormal activities. Security teams must evolve EDR solutions to recognize malicious SSH and SCP activity, especially in environments where SSH is not commonly used. Additionally, organizations should restrict the use of legitimate SSH utilities and disable unnecessary features to minimize the attack surface.
Windows Warning As New 0-Click Backdoor Russian Cyber Attack Confirmed
Winsage
November 30, 2024

Windows Warning As New 0-Click Backdoor Russian Cyber Attack Confirmed

Security researchers have confirmed a cyber attack attributed to the Russian state-sponsored threat group RomCom, exploiting two zero-day vulnerabilities in Mozilla Firefox and Windows operating systems. The vulnerabilities are CVE-2024-9680, a use-after-free memory flaw in Firefox, and CVE-2024-49039, a privilege escalation flaw in Windows. The attack primarily affects users in Europe and North America and allows for the installation of a backdoor on Windows systems without user interaction. RomCom has expanded its focus to include industries such as pharmaceuticals, insurance, and legal sectors in the US and Germany. Mozilla and Microsoft have released patches to address these vulnerabilities, with Mozilla patching Firefox within a day and Microsoft addressing the Windows vulnerability in the latest Patch Tuesday updates. Experts warn that organizations must keep their software updated to mitigate ongoing risks from RomCom attackers.
New Trojan.AutoIt.1443 Hits 28,000 Users via Game Cheats, Office Tool
Tech Optimizer
October 23, 2024

New Trojan.AutoIt.1443 Hits 28,000 Users via Game Cheats, Office Tool

Cybersecurity experts from Dr.Web have discovered a cyber attack involving Trojan.AutoIt.1443, targeting approximately 28,000 users primarily in Russia and neighboring countries. The malware disguises itself as legitimate applications and is spread through deceptive links on platforms like GitHub and YouTube, leading to password-protected downloads that evade antivirus detection. Key components of the malware include UnRar.exe and scripts named Iun.bat and Uun.bat, which facilitate its installation while erasing traces of activity. The malware scans for debugging tools, establishes network access via Ncat, and manipulates the system registry to maintain persistence. Its operations include cryptomining using SilentCryptoMiner and cryptostealing through a clipper tool that swaps cryptocurrency wallet addresses. The campaign has affected users drawn to pirated software, highlighting the risks of downloading from unverified sources.
New ValleyRAT Malware Targets Chinese Windows Users in Multi-Stage Attack
Tech Optimizer
August 15, 2024

New ValleyRAT Malware Targets Chinese Windows Users in Multi-Stage Attack

A cyber campaign targeting Chinese Windows users has been identified, utilizing the ValleyRAT malware. The attack focuses on sectors such as e-commerce, finance, sales, and management. It begins with a lure that appears as a legitimate document, triggering Microsoft Office applications. The malware establishes itself by creating a mutex and altering registry entries while employing evasion techniques to avoid detection. It uses shellcode to load components into memory and communicates with a command-and-control server to download the ValleyRAT payload. This malware is attributed to the APT group "Silver Fox" and is capable of monitoring user activities, exfiltrating data, and executing various commands. The campaign specifically targets Chinese users with Chinese-language lures and avoids detection by popular Chinese antivirus solutions.
New Windows Cyber Attacks Confirmed—CISA Says Update By September 3
Winsage
August 14, 2024

New Windows Cyber Attacks Confirmed—CISA Says Update By September 3

Microsoft has released Patch Tuesday security updates addressing 90 vulnerabilities in the Windows ecosystem, including five critical zero-day vulnerabilities under active cyber attack. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included these vulnerabilities in the Known Exploited Vulnerabilities Catalog, requiring compliance by September 3. The five critical vulnerabilities are: 1. CVE-2024-38178: A memory corruption issue in the Windows scripting engine, allowing remote code execution, affecting Windows 10, Windows 11, and Windows Server 2012 and later, with a severity rating of 7.6. 2. CVE-2024-38213: A bypass of the Windows ‘Mark of the Web’ security feature, potentially allowing circumvention of SmartScreen protection, affecting Windows 10, Windows 11, and Windows Server 2012 and later. 3. CVE-2024-38193: An elevation of privilege vulnerability in the Windows ancillary function driver for WinSock, affecting Windows 10, Windows 11, and Windows Server 2008 and later, which could lead to SYSTEM privileges. 4. CVE-2024-38106: A Windows kernel elevation of privilege vulnerability affecting Windows 10, Windows 11, and Windows Server 2016 and later, arising from inadequate protection of sensitive data in memory. 5. CVE-2024-38107: A use-after-free elevation of privilege vulnerability in the Windows power dependency coordinator, affecting Windows 10, Windows 11, and Windows Server 2012 and later, which could lead to arbitrary code execution or system control.
Here's Hitachi Ventura's Response To Blue Screen Disruption In Windows
Winsage
July 23, 2024

Here’s Hitachi Ventura’s Response To Blue Screen Disruption In Windows

A series of global IT outages on July 19 caused disruptions across various sectors, emphasizing the importance of data protection and cyber resilience. Matthew, the Chief Technology Officer at Hitachi Vantara, highlighted the need for robust infrastructure and collaboration with hybrid cloud providers to establish a holistic data resilience strategy. Organizations should focus on restoring normal operations and use the incident as a catalyst for positive change to ensure systems can handle unexpected challenges.
Search