Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting

by | Jan 16, 2025 | Uncategorized

The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims’ WhatsApp accounts, signaling a departure from its longstanding tradecraft in a likely attempt to evade detection. “Star Blizzard’s...

Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action

by | Jan 16, 2025 | Uncategorized

The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up with it all can feel like trying to juggle chainsaws while riding a...

Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer

by | Jan 16, 2025 | Uncategorized

Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. “In both campaigns, attackers hid malicious code in images they uploaded to archive[.]org, a...

Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions

by | Jan 16, 2025 | Uncategorized

Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that’s designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration. “A simple misconfiguration in on-premise applications can override...

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

by | Jan 16, 2025 | Uncategorized

Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a...