A privilege escalation flaw has been discovered which could affect the online safety and privacy of LG laptop users. According to the online security expert who discovered the flaw, this loophole is relatively easy for hackers to take advantage of.

Security expert and researcher Jackson T. found the flaw while analyzing the LG Device Manager system and in doing so was able to track the flaw as CVE-2019-8372. At the time, Jackson was merely evaluating the LG Device Manager’s low-level hardware access Continue reading →

Cybersecurity experts have revealed a new IoT botnet, dubbed as Dark Nexus, that launches distributed denial-of-service (DDoS) attacks.

This is an emerging IoT type of botnet revealed by Bitdefender, and used to launch DDoS attacks.

The botnet working mechanism is spreading by exploiting and launching credential stuffing attacks against a wide range of IoT devices such as routers from ASUS, DLink, Dasan Zhone, thermal cameras, and video recorders.

Bitdefender revealed that ‘the scanners are used as a finite state machine that models Telnet protocol plus the other infection steps, the attacker provides commands basing on the output of previous commands’

The name itself “Dark Nexus” comes from strings which are printed on botnet banner, some experts have revealed that despite the originality of codes of botnet features they have some Continue reading →

Networking equipment giant Cisco on Monday confirmed they were the victim of a hacking attack on July 28, 2022 after the attackers managed to break into an employee’s personal Gmail account that contained passwords synced within their web browser systems.

“Starting access to the Cisco’s VPN system was achieved via the effectual compromise of one of their employee’s personal Gmail account,” Cisco Talos claimed in a detailed report. “The victim had enabled password syncing via Google Chrome and had stored their Cisco login infos in their browser, enabling these nots to synchronize to their Google account.”

The exposure comes as hackers associated with the AwakenCybers ransomware gang posted a list of files from their attack to their data leak website on August 9.

The breakout information, according to Talos, included the files saved inside a Box cloud storage folder that was connected with the hacked employee’s profile and is not believed to have included any valuable infos.

Apart from the credential theft, there was also another attack of phishing involved where the opponent resorted to methods like “vishing” (way of voice phishing) & multi-factor authentication attempt to trick a victim into providing access to their Continue reading →