BOCRA website




Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack

                                                     LATEST CYBER HACKS 


Play ransomware gang hit Dutch shipping firm Royal Dirkzwager

The Play ransomware group hit the Dutch maritime logistics company Royal Dirkzwager. Royal Dirkzwager is specialized in optimizing shipping processes and managing maritime and logistic information flows.


Hackers post more stolen Minneapolis Public School data to dark web

Minneapolis Public Schools on Friday notified parents that hackers who stole district data in a recent system breach released that information onto the dark web, where users are untraceable.



Telerik Vulnerability Abused by Threat Actors - Warns  CISA

The exploitation of old vulnerabilities continues to be a major concern in the world of cybersecurity. Financially motivated hackers and APT threat actors have been found to be taking advantage of a three-year-old Telerik vulnerability, as revealed in a joint advisory  from the CISA, the FBI, and MS-ISAC.


Actively Exploited Microsoft Outlook Vulnerability Imperils Microsoft 365 Apps

The cyber-research community raises concerns over a vulnerability that puts the Microsoft 365 suite at risk. Earmarked CVE-2023-23397, the vulnerability allows an unauthenticated threat actor to obtain the user’s credentials by passing along a crafted email package. Research suggests that the bug, which was formally attributed to a Microsoft Outlook component, has a high ‘wormability’ factor, in most instances the user interaction phase being no longer necessary.



Researchers Shed Light on CatB Ransomware's Evasion Techniques

The threat actors behind the CatB ransomware operation have been observed using a technique called DLL search order hijacking to evade detection and launch the payload.


BianLian Ransomware Evolves into Pure Data Exfiltration-Focused Group

BianLian ransomware, an open-source ransomware first observed in July 2022, has shifted to a new operational tactic in the past few months. It is moving away from the encryption game to pressuring victims through legal and regulatory risks they may face as a result of the leak of their data.


Emotet malware now distributed in Microsoft OneNote files to evade defenses

The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets.

                               GENERAL NEWS


Meta Develops New Kill Chain Thesis

Facebook parent Meta has officially unveiled a ten-phase kill chain model that it believes will be more inclusive and more effective than the existing range of kill chain models. Cybersecurity theorists have long sought to understand the stages of an attack. The idea is simple: if you can recognize a stage in the attack process, you will be more able to disrupt the attack and protect your assets.


IT security spending to reach nearly $300 billion by 2026

Investments in hardware, software, and services related to cybersecurity are expected to reach nearly $300 billion in 2026, driven by the ongoing threat of cyberattacks, the demands of providing a secure hybrid work environment, and the need to meet data privacy and governance requirements.