Malicious Campaigns Exploit Weak Kubernetes Clusters for Crypto Mining
Exposed Kubernetes (K8s) clusters are being exploited by malicious actors to deploy cryptocurrency miners and other backdoors. Cloud security firm...
OSINT
New Report Exposes Vice Society’s Collaboration with Rhysida Ransomware
Tactical similarities have been unearthed between the double extortion ransomware group known as Rhysida and Vice Society, including in their...
LockBit 3.0 Ransomware Victim: unitycouncil[.]org
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Microsoft Releases Patches for 74 New Vulnerabilities in August Update
Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for...
New Android 14 Security Feature: IT Admins Can Now Disable 2G Networks
Google has introduced a new security feature in Android 14 that allows IT administrators to disable support for 2G cellular...
Daily Vulnerability Trends: Wed Aug 09 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2023-39526PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10,...
To SOC or not to SOC ?
To SOC or not to SOC ? So, you are implementing a large digital project, and have followed the GOV.UK...
Spotlight on shadow IT
Spotlight on shadow IT ‘Shadow IT’ (also known as ‘grey IT’) is the name given to those unknown IT assets...
Abyss Ransomware Victim: www[.]tractrad[.]com
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Abyss Ransomware Victim: www[.]arb[.]ch
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Abyss Ransomware Victim: www[.]brockhouse[.]co[.]uk
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Abyss Ransomware Victim: www[.]stri[.]se
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Clop ransomware now uses torrents to leak data and evade takedowns
The Clop ransomware gang has once again altered extortion tactics and is now using torrents to leak data stolen in...
Colorado Department of Higher Education warns of massive data breach
The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering...
New acoustic attack steals data from keystrokes with 95% accuracy
A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes...
UK Electoral Commission data breach exposes 8 years of voter data
The UK Electoral Commission disclosed a massive data breach exposing the personal information of anyone who registered to vote in...
Tesla infotainment jailbreak unlocks paid features, extracts secrets
Researchers from the Technical University of Berlin have developed a method to jailbreak the AMD-based infotainment systems used in all...
Hackers increasingly abuse Cloudflare Tunnels for stealthy connections
Hackers are increasingly abusing the legitimate Cloudflare Tunnels feature to create stealthy HTTPS connections from compromised devices, bypass firewalls, and...
Google Play apps with 2.5M installs load ads when screen’s off
The Google Play store was infiltrated by 43 Android applications with 2.5 million installs that secretly displayed advertisements while a...
North Korean hackers ‘ScarCruft’ breached Russian missile maker
The North Korean state-sponsored hacking group ScarCruft has been linked to a cyberattack on the IT infrastructure and email server...
Microsoft Office update breaks actively exploited RCE attack chain
Microsoft today released a defense-in-depth update for Microsoft Office that prevents exploitation of a remote code execution (RCE) vulnerability tracked...
New Inception attack leaks sensitive data from all AMD Zen CPUs
Researchers have discovered a new and powerful transient execution attack called 'Inception' that can leak privileged secrets and data using...
Microsoft Visual Studio Code flaw lets extensions steal passwords
Microsoft's Visual Studio Code (VS Code) code editor and development environment contains a flaw that allows malicious extensions to retrieve...
Interpol takes down 16shop phishing-as-a-service platform
A joint operation between Interpol and cybersecurity firms has led to an arrest and shutdown of the notorious 16shop phishing-as-a-service...
