π¨ Cyber Threat Alert: #DarkGate Malware via Microsoft Teams π¨ β οΈ New Campaign Exposed Hackers are leveraging Microsoft Teams for social engineering, targeting users with the DarkGate malwareβa potent Remote Access Trojan (RAT) linked to credential theft, keylogging, screen captures, and more.
π The Attack Flow: 1οΈβ£ Email Bombing: Thousands of emails to overwhelm the victim. 2οΈβ£ Teams Call Impersonation: Attackers pretend to be external suppliers. 3οΈβ£ #AnyDesk Installation: Victims are tricked into installing remote access software. 4οΈβ£ Payload Delivery: #DarkGate is deployed via #AutoIt scripts for espionage and theft.
π‘οΈ How to Stay Safe: β Enable Multi-Factor Authentication (MFA). β #Allowlist approved remote tools; block unverified apps. β Vet third-party support providers thoroughly. β Monitor for phishing emails, especially with QR codes, PDFs, or fake Microsoft 365 links.
π Broader Threats: Phishing is evolvingβexploiting trust in platforms like YouTube, #Docusign, Cloudflare, and even global events. Emotional lures + fake domains = growing risks.
π‘ Stay vigilant! Cybersecurity starts with awareness and robust protection measures.
#CyberAlert of the day π¨ GitLab Security Update: Critical Vulnerabilities Fixed π
π’ GitLab has released 17.6.2, 17.5.4, and 17.4.6 for CE & EE, addressing severe flaws that could lead to:
πΉ Account takeovers
πΉ Denial of service (DoS)
πΉ Information disclosure
π‘ Key Vulnerabilities:
π΄ CVE-2024-11274 (CVSS 8.7): NEL header injection via Kubernetes proxy β Session data exfiltration.
π΄ CVE-2024-8233 (CVSS 7.5): Unauthenticated requests to diff-files β DoS risk.
π Other Issues:
β CI_JOB_TOKEN misuse β Unauthorized session access.
β Open redirects, path traversal β Phishing & data leaks.
β XSS & HTML Injection β Exploits without CSP.
π§ Action Required:
GitLab urges all users to update immediately to secure systems. π Read more and Follow @GHak2learn27752 0xHackthelearning in twitter for more updates.
Hak2learn g
Why is it recommended to add a salt (a random string of characters) to a password before hashing it?
8 months ago | [YT] | 0
View 1 reply
Hak2learn g
π¨ Cyber Threat Alert: #DarkGate Malware via Microsoft Teams π¨
β οΈ New Campaign Exposed
Hackers are leveraging Microsoft Teams for social engineering, targeting users with the DarkGate malwareβa potent Remote Access Trojan (RAT) linked to credential theft, keylogging, screen captures, and more.
π The Attack Flow:
1οΈβ£ Email Bombing: Thousands of emails to overwhelm the victim.
2οΈβ£ Teams Call Impersonation: Attackers pretend to be external suppliers.
3οΈβ£ #AnyDesk Installation: Victims are tricked into installing remote access software.
4οΈβ£ Payload Delivery: #DarkGate is deployed via #AutoIt scripts for espionage and theft.
π‘οΈ How to Stay Safe:
β Enable Multi-Factor Authentication (MFA).
β #Allowlist approved remote tools; block unverified apps.
β Vet third-party support providers thoroughly.
β Monitor for phishing emails, especially with QR codes, PDFs, or fake Microsoft 365 links.
π Broader Threats:
Phishing is evolvingβexploiting trust in platforms like YouTube, #Docusign, Cloudflare, and even global events. Emotional lures + fake domains = growing risks.
π‘ Stay vigilant! Cybersecurity starts with awareness and robust protection measures.
#CyberSecurity #Phishing #DarkGate #MicrosoftTeams #StaySafe
8 months ago | [YT] | 0
View 0 replies
Hak2learn g
What type of database service is Amazon DynamoDB?
#AWS
8 months ago | [YT] | 0
View 1 reply
Hak2learn g
Which AWS service is used for container orchestration in a non-serverless architecture?
#AWS #container
8 months ago | [YT] | 0
View 0 replies
Hak2learn g
#CyberAlert of the day
π¨ GitLab Security Update: Critical Vulnerabilities Fixed π
π’ GitLab has released 17.6.2, 17.5.4, and 17.4.6 for CE & EE, addressing severe flaws that could lead to:
πΉ Account takeovers
πΉ Denial of service (DoS)
πΉ Information disclosure
π‘ Key Vulnerabilities:
π΄ CVE-2024-11274 (CVSS 8.7): NEL header injection via Kubernetes proxy β Session data exfiltration.
π΄ CVE-2024-8233 (CVSS 7.5): Unauthenticated requests to diff-files β DoS risk.
π Other Issues:
β CI_JOB_TOKEN misuse β Unauthorized session access.
β Open redirects, path traversal β Phishing & data leaks.
β XSS & HTML Injection β Exploits without CSP.
π§ Action Required:
GitLab urges all users to update immediately to secure systems. π
Read more and Follow @GHak2learn27752 0xHackthelearning in twitter for more updates.
8 months ago | [YT] | 0
View 0 replies