Mar 18, 2024NewsroomVulnerability / Threat Mitigation Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. "A directory … [Read more...] about Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
tool
Microsoft Releases PyRIT – A Red Teaming Tool for Generative AI
Feb 23, 2024NewsroomRed Teaming / Artificial Intelligence Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI) systems. The red teaming tool is designed to "enable every organization across the globe to innovate responsibly with the latest … [Read more...] about Microsoft Releases PyRIT – A Red Teaming Tool for Generative AI
Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks
Feb 22, 2024NewsroomNetwork Security / Penetration Testing A recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig researcher Miguel Hernández … [Read more...] about Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks
Rhysida Ransomware Cracked, Free Decryption Tool Released
Feb 12, 2024NewsroomVulnerability / Data Recovery Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA). "Through a … [Read more...] about Rhysida Ransomware Cracked, Free Decryption Tool Released
PromCon Recap: Unveiling Perses, the GitOps-Friendly Metrics Visualization Tool
In the vibrant atmosphere of PromCon during the last week of September, attendees were treated to a plethora of exciting updates from the Prometheus universe. A significant highlight of the event has been the unveiling of the Perses project. With its innovative approach of dashboard as code, GitOps, and Kubernetes native features, Perses promises a revolutionary experience for … [Read more...] about PromCon Recap: Unveiling Perses, the GitOps-Friendly Metrics Visualization Tool
New OS Tool Tells You Who Has Access to What Data
Ensuring sensitive data remains confidential, protected from unauthorized access, and compliant with data privacy regulations is paramount. Data breaches result in financial and reputational damage but also lead to legal consequences. Therefore, robust data access security measures are essential to safeguard an organization's assets, maintain customer trust, and meet regulatory … [Read more...] about New OS Tool Tells You Who Has Access to What Data
Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks
Sep 09, 2023THNMalware / Hacking A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and … [Read more...] about Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks
New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks
Jul 15, 2023THNArtificial Intelligence / Cyber Crime With generative artificial intelligence (AI) becoming all the rage these days, it's perhaps not surprising that the technology has been repurposed by malicious actors to their own advantage, enabling avenues for accelerated cybercrime. According to findings from SlashNext, a new generative AI cybercrime tool called WormGPT … [Read more...] about New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks
DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors
The threat actors behind the DDoSia attack tool have come up with a new version that incorporates a new mechanism to retrieve the list of targets to be bombarded with junk HTTP requests in an attempt to bring them down. The updated variant, written in Golang, "implements an additional security mechanism to conceal the list of targets, which is transmitted from the … [Read more...] about DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors
Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration
Apr 17, 2023Ravie LakshmananRansomware / Cyber Attack Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. "Threat actors (TAs) using built-in data exfiltration methods like [living off the land binaries and … [Read more...] about Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration