BOCRA website




Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included

                                                     LATEST CYBER HACKS 

Hackers deploy crypto drainers on thousands of WordPress sites

Almost 2,000 hacked WordPress sites now display fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that automatically steal funds.

Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack

Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday.


Researchers Discover LG Smart TV Vulnerabilities      Allowing Root Access

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices.

Telegram fixes Windows app zero-day used to launch  Python scripts

Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts.

Microsoft fixed two Zero-Day bugs exploited in malware attacks

Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues from Microsoft this year and the largest since at least 2017. The issues impact Microsoft Windows and Windows Components; Office and Office Components; Azure; .NET Framework and Visual Studio; SQL Server; DNS Server; Windows Defender; Bitlocker; and Windows Secure Boot. According to ZDI, three of these vulnerabilities were reported through their ZDI program.


FatalRAT Targets Cryptocurrency Users With DLL Side-loading Techniques

Researchers have discovered a sophisticated phishing campaign meticulously crafted to target cryptocurrency users. This elaborate scheme, equipped with the notorious FatalRAT along with supplementary malware like Clipper and Keylogger, was orchestrated by threat actors utilizing DLL side-loading techniques.

CL0P's Ransomware Rampage - Security Measures for 2024

Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the 'CryptoMix' ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to 2022.

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files

liblzma-sys, which has been downloaded over 21,000 times to date, provides Rust developers with bindings to the liblzma implementation, an underlying library that is part of the XZ Utils data compression software. The impacted version in question is 0.3.2.

                               GENERAL NEWS

Meta’s new AI-powered search bar starts showing up in Instagram

It seems that more and more companies are trying to leverage the power of AI and implement many AI tools into their products. Meta's  efforts to shower users of its social apps in generative AI-powered tools continue to with a brand news search bar in Instagram.

Cloudiway at Google Cloud Next 2024: Introduces Game-Changing Solutions for Team Collaboration Migration

Following the launch of its new version of Google Chat collaboration tools and the availability of its APIs, Google introduces its Key Partner Detection Program in 2023, selecting Cloudiway to integrate Google Chat into its migration tool suite.