BOCRA website




Old Windows ‘Mock Folders’ UAC bypass used to drop malware

                                                     LATEST CYBER HACKS 


Sandbox blockchain game breached to send emails linking to malware

The Sandbox blockchain game is warnings its community that a security incident caused some users to receive fraudulent emails impersonating the game, trying to infect them with malware.


Ransom House ransomware attack hit Hospital Clinic de Barcelona

On Sunday, a ransomware attack hit the Hospital Clinic de Barcelona, one of the main hospitals of the Catalan city. The attack crippled the center’s computer system, 150 nonurgent operations and up to 3,000 patient checkups were canceled due to the cyber attack.


Alleged security breach leaves millions of dollars missing from Flutterwave accounts

Last month, Flutterwave, Africa’s largest startup by private valuation, was involved in a hack that resulted in more than ₦2.9 billion (~$4.2 million) missing from its accounts, according to local tech publication Techpoint Africa.



Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack

The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is described as a command injection bug in the web-based management interface arising due to insufficient validation of user-supplied input.


Vulnerability in DJI drones may reveal pilot’s location

Serious security vulnerabilities have been identified in multiple DJI drones. These weaknesses had the potential to allow users to modify crucial drone identification details such as its serial number and even bypass security mechanisms that enable authorities to track both the drone and its pilot.


Proof-of-Concept released for critical Microsoft Word RCE bug

A proof-of-concept for CVE-2023-21716, a critical vulnerability in Microsoft Word that allows remote code execution, has been published over the weekend.



Ransomware Roundup – Sirattacker and ALC Ransomware

Sirattacker is one of the latest Chaos ransomware variants. It was first released in the middle of February 2023. Several versions of Chaos ransomware builders are available in Dark Web underground networks, which allow anyone to generate Chaos ransomware with custom configurations.


LockBit Introduces New Method to Bypass MOTW Protection

LockBit operators are riding high on success as they continue to exfiltrate data from high-profile organizations and add their names to its leak site. One of the significant reasons for this is attributed to the tactics and techniques adopted by the gang and one such evasion tradecraft has come to the notice of researchers.

                               GENERAL NEWS


Almost Half of Industrial Sector Computers Affected By Malware in 2022

Two out of every five (40.6%) operational technology (OT) computers used in industrial settings have been affected by malware in 2022.

The data comes from a report published earlier today by security researchers at  Kaspersky. The figures represent a 6% increase compared with the previous half of the year and almost 1.5 times more than in the second half of 2021.


The Role of Marketing and PR in Incident Response

Responding to a cyber incident requires teamwork across departments and disciplines. Technical incident responders must work to halt incoming attacks while the communications teams develop a public response. Clear communication is essential