Office of The CISO Knowledge Base

Category: News

  • Chinese Hackers Exploit Fortinet Vulnerability To Commit Espionage

    A medium-severity security vulnerability in Fortinet FortiOS has been exploited in a zero-day attack, with a suspected Chinese hacking group behind the operation. Threat intelligence company Mandiant linked the activity to a broader campaign aiming to deploy backdoors in Fortinet and VMware solutions for persistent access to targeted environments. The firm is tracking this malicious…

  • Microsoft March 2023 Patch Tuesday

    On Tuesday, Microsoft issued updates to address at least 74 security vulnerabilities in its Windows operating systems and software. Among these, two flaws are already being actively exploited, with one particularly severe vulnerability found in Microsoft Outlook that can be exploited without any user involvement. The Outlook vulnerability (CVE-2023-23397) affects all Microsoft Outlook versions from…

  • Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection

    According to a report by Finnish cybersecurity firm WithSecure, Chinese and Russian cybercriminals have been using a new piece of malware called SILKLOADER to load Cobalt Strike onto infected machines. The malware employs DLL side-loading techniques to deliver commercial adversary simulation software. With the increased detection capabilities against Cobalt Strike, threat actors are seeking alternative…

  • Google Finds 18 Critical Security Vulnerabilities in Samsung Exynos Chips

    According to a recent report, Google has discovered 18 severe security vulnerabilities in Samsung’s Exynos chips, some of which can be remotely exploited without user interaction to completely compromise a phone. These zero-day vulnerabilities affect a broad range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with…

  • Websites that look like Telegram and WhatsApp Sites Stealing Crypto

    According to a new analysis by ESET researchers Lukáš Štefanko and Peter Strýček, copycat websites for popular instant messaging apps like Telegram and WhatsApp are being used to distribute trojanized versions, infecting Android and Windows users with cryptocurrency clipper malware. The malware is designed to target victims’ cryptocurrency funds, with several targeting cryptocurrency wallets. While…

  • GoLang-Based HinataBot Exploiting Router and Server Flaws

    A new botnet named HinataBot, which is based on the Golang programming language, has been found exploiting known vulnerabilities to compromise routers and servers for launching distributed denial-of-service (DDoS) attacks. According to a technical report by Akamai, the botnet’s name is inspired by a character from the anime series Naruto, with filenames like “Hinata-<OS>-<Architecture>.” The…

  • CISOs are Stressed and Burned Out

    Employee well-being has become a primary focus for many businesses. Even before the pandemic, the C-suite was acutely aware of how employee mental health impacts business outcomes. But for cybersecurity professionals, stress has always been a part of the job. A new survey revealed that one of the most concerning aspects of employee mental health…

  • BlackLotus – First EUFI Bootkit Malware To Bypass Windows 11 Secure Boot

    The Slovak cybersecurity company ESET has discovered the first publicly known malware capable of bypassing Secure Boot defenses in Unified Extensible Firmware Interface (UEFI) bootkits, called BlackLotus. The bootkit is capable of running on fully updated Windows 11 systems, disabling OS-level security mechanisms, and deploying arbitrary payloads during startup with high privileges. According to ESET,…

  • Cybercriminals Targeting Law Firms With GootLoader and FakeUpdates

    The following article was originally published on The Hacker News on March 1st, 2023, and discusses the recent targeting of law firms by cybercriminals using GootLoader and FakeUpdates malware. Six law firms have fallen victim to two separate cyber threats, which utilized GootLoader and FakeUpdates (also known as SocGholish) malware, between January and February of…

  • Microsoft Exchange Admins Told to Expand Antivirus Scanning

    According to a recent article published on Help Net Security, Microsoft has advised Exchange administrators to expand the scope of antivirus scanning on Exchange servers. Attackers frequently target Microsoft Exchange servers due to their sensitive corporate information, including employee information that could be used for spear-phishing attacks. Microsoft recommends using antivirus software, specifically Microsoft Defender,…