BOCRA website




GIFShell attack creates reverse shell using Microsoft Teams GIFs

                                                     LATEST CYBER HACKS 


Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin

On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, including theme files, pages, posts, widgets, users, and media files.


North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US energy companies

Security researchers have linked a new cyber espionage campaign targeting U.S., Canadian and Japanese energy providers to the North Korean state-sponsored Lazarus hacking group.


DangerousSavanna' Hackers Targeted Financial Institutions in Africa For Two Years

A persistent cyber–attack campaign has emerged targeting major financial institutions in French–speaking African countries and has been active over the last two years.



Firmware bugs in many HP computer models left unfixed for over a year

A set of six high-severity firmware vulnerabilities impacting a broad range of HP devices used in enterprise environments are still waiting to be patched, although some of them were publicly disclosed since July 2021.


ManageEngine vulnerability posed code injection risk for password management software

 A vulnerability in ManageEngine could allow an attacker to execute arbitrary code on affected installations of some of its password and access management tools. ManageEngine offers enterprise IT management software for service management, operations management, Active Directory, and security, and is used by 280,000 organizations in 190 countries.



Lampion malware returns in phishing attacks abusing WeTransfer

The Lampion malware is being distributed in greater volumes lately, with threat actors abusing WeTransfer as part of their phishing campaigns.

WeTransfer is a legitimate file-sharing service that can be used free of charge, so it's a no-cost way to bypass security software that may not raise alerts about the URLs used in emails.


Bumblebee malware adds post-exploitation tool for stealthy infections

A new version of the Bumblebee malware loader has been spotted in the wild, featuring a new infection chain that uses the PowerSploit framework for stealthy reflective injection of a DLL payload into memory.



Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group

Microsoft's threat intelligence division on Wednesday assessed that a subgroup of the Iranian threat actor tracked as Phosphorus is conducting ransomware attacks as a "form of moonlighting" for personal gain.


                               GENERAL NEWS


The Advantages of Threat Intelligence for Combating Fraud

Leveraging threat intelligence to combat nation state espionage threats is a common practice for cybersecurity teams. However, outside of common types of fraud seen in darkweb or closed forums, the same threat intelligence often is not leveraged to combat enterprise fraud. 


Windows 11 22H2: Here are the new features coming later this month

Windows 11 version 22H2 aka Sun Valley 2 is set to launch later this month. Unlike the original Windows 11 release, it won't be a massive update with radical design changes.