No recent events yet!
Several critical zero-day and high severity vulnerabilities have been reported in Mozilla products including the Google Chrome browser. Attackers could leverage these vulnerabilities to run arbitrary code, circumvent security measures, or cause crashes on vulnerable systems. Nonetheless, Mozilla and Google have issued security updates to address the discovered vulnerabilities. As a result, users are advised to upgrade their products to the latest versions as recommended.
There is a concerning development involving a new StrelaStealer malware campaign that has affected numerous organizations with most recent cases occurring in the United States and Europe, highlighting the necessity for Nigerian organizations to remain vigilant, as reports indicate widespread propagation. This campaign is specifically designed to target email account credentials. The sectors most heavily targeted by this campaign include finance, legal services, manufacturing, government agencies, utilities, and energy, among others. The potential consequences of these attacks are severe, ranging from data theft to financial losses and other forms of fraudulent activity. Therefore, it emphasizes the critical need for proactive measures to be taken to prevent such attacks from compromising our critical information infrastructures.
A new variant of Infostealer Malware with upgraded modular capabilities, known as BunnyLoader 3.0 (Player_Bunny), has been discovered in the wild, posing a serious threat due to its enhanced capabilities for stealing information, credentials, digital currency, and delivering additional malware payloads. The third version of the information-stealing malware-as-a-service threat has more data theft modules, stronger keylogging features, smaller payloads, and improved stealth. Aside from its unique denial-of-service capabilities, BunnyLoader 3.0 has separate binaries for modules involved in DoS, keylogging, clipping, and data exfiltration. This emphasizes the need of putting safeguards in place to prevent this threat.
Security researchers have revealed a new tactics deployed by cyber criminals to hack Windows systems. The elaborate attack campaign nicknamed DEEP#GOSU, is likely associated with the group tracked as Kimsuky. This campaign is an eight-stage attack chain that employs the use of PowerShell and VBScript malware to infect Windows systems and harvest sensitive information, with implications for data and financial losses. Users of Windows system are therefore advised to take proactive steps provided herein to mitigate the threats.
Recent security updates revealed the existence of two exploited zero-day vulnerabilities and six serious vulnerabilities in various Microsoft products. According to reports, these vulnerabilities could allow attackers to circumvent security measures, gain unauthorised access, and execute malicious code on vulnerable computers, resulting in additional attacks. As a result, Microsoft has released new security patches to fix the weaknesses, which include five critical vulnerabilities and numerous more. In light of the foregoing, users are encouraged to take immediate action to mitigate the threats.
