Polymath Central

Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

December 12, 2024

A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a multi-year international exercise…

Cybersecurity

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

December 11, 2024

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in…

Cybersecurity

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

December 11, 2024

A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions.…

Cybersecurity

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

December 11, 2024

Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing…

Cybersecurity

Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

December 11, 2024

Cybersecurity researchers have flagged a “critical” security vulnerability in Microsoft’s multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim’s…

Cybersecurity

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

December 11, 2024

A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations…

Cybersecurity

What is Nudge Security and How Does it Work?

December 11, 2024

In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has…

Cybersecurity

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

December 11, 2024

Cybersecurity researchers have discovered a novel surveillance program that’s suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from…

Cybersecurity

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

December 11, 2024

Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited…

Cybersecurity

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

December 11, 2024

The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who…