Security researchers at Palo Alto Networks’ Unit 42 have uncovered significant vulnerabilities in macOS’s Gatekeeper security mechanism. This discovery reveals how certain third-party applications and even some of Apple’s native
Uncategorized
Multiple Flaws Impacting Boot Chain Of Samsung Devices
The Android boot chain initiates with the “Boot ROM,” which initializes the “bootloader.” The bootloader then loads the kernel, which is responsible for managing system resources and launching the init process.
North Korean Hackers Exploited Internet Explorer Zero-Day Flaw
A joint report by AhnLab Security Emergency response Center (ASEC) and the National Cyber Security Center (NCSC) has revealed a new zero-day vulnerability (CVE-2024-38178) in Microsoft Internet Explorer (IE) being
Linux System ‘noexec’ Mount Flag Flaw Allows Malicious Code Execution
A recent discovery in the Linux ecosystem has unveiled a method to bypass the ‘noexec’ mount flag, enabling malicious code execution on systems that were previously thought to be secure.
Why Traditional Correlation Rules Aren’t Enough for Your SIEM – SOC Guide
If you’re managing an SIEM (Security Information and Event Management) system, you know how vital centralized threat detection is. SIEM collects and analyzes data from multiple sources—your firewalls, applications, servers—and
Threat Actors Abuse Genuine Code-Signing Certificates To Evade Detections
A code signing certificate is a digital certificate that allows software developers to sign their applications. This ensures both the “authenticity of the publisher” and the “integrity of the code.”HarfangLab
Hackers Abuse EDRSilencer Red Team Tool To Evade Detection
EDRSilencer is a tool designed to enhance data privacy and security by “silencing” or “blocking” unwanted data transmissions from endpoints. The tool is likely used in conjunction with EDR systems
Multiple Splunk Enterprise Vulnerabilities Let Attackers Execute Remote Code
Splunk has released patches for several high-severity vulnerabilities in its Enterprise product that could allow attackers to execute remote code on affected systems. The vulnerabilities impact multiple versions of Splunk
New Supply Chain Attack Leveraging Entry Points in PyPI, npm, Ruby Gems & NuGet
A sophisticated supply chain attack has been identified, leveraging entry points in popular open-source package repositories, including PyPI (Python), npm (JavaScript), Ruby Gems, and NuGet (.NET). This attack vector poses
CoreWarrior Malware Attacking Windows Machines With Self-replication Capabilities
Malware targeting Windows machines continues to be a significant threat. While these threats could be in various forms like viruses, worms, and ransomware. These malicious programs can infiltrate systems via
