Found 5714 bookmarks
Newest
Android TV Boxes Infected with Backdoors, Compromising Home Networks
Android TV Boxes Infected with Backdoors, Compromising Home Networks
  • Cybersecurity Firm Human Security has discovered malware on dozens of streaming devices and iOS/Android apps. A huge number of Android TV boxes contain malware capable of conducting ad fraud, creating fake accounts, and selling access to home networks. Researchers found that the malware they have dubbed Badbox is not only tricky to detect but difficult to remove as well. Android TV box users must prefer installing apps from reliable sources and keep their devices up-to-date. Human Security has already shared details of its findings with concerned law enforcement agencies.
#hackread#EN#2023#Human-Security#AndroidTV#box#malware#Badbox
·hackread.com·
Android TV Boxes Infected with Backdoors, Compromising Home Networks
X-Force uncovers global NetScaler Gateway credential harvesting campaign
X-Force uncovers global NetScaler Gateway credential harvesting campaign
In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related incident response engagements were associated with the use of stolen credentials.
#securityintelligence#EN#2023#NetScaler#Gateway#CVE-2023-3519#credential#harvesting#campaign
·securityintelligence.com·
X-Force uncovers global NetScaler Gateway credential harvesting campaign
n their push for AI-generated content, tech companies are dancing on the edge between fucking around and finding out.
n their push for AI-generated content, tech companies are dancing on the edge between fucking around and finding out.
Tech companies continue to insist that AI-generated content is the future as they release more trendy chatbots and image-generating tools. But despite reassurances that these systems will have robust safeguards against misuse, the screenshots speak for themselves.
#vice#2023#EN#AI-generated#safeguards#misuse#AI
·vice.com·
n their push for AI-generated content, tech companies are dancing on the edge between fucking around and finding out.
Google Online Security Blog: Expanding our exploit reward program to Chrome and Cloud
Google Online Security Blog: Expanding our exploit reward program to Chrome and Cloud
In 2020, we launched a novel format for our vulnerability reward program (VRP) with the kCTF VRP and its continuation kernelCTF. For the first time, security researchers could get bounties for n-day exploits even if they didn’t find the vulnerability themselves. This format proved valuable in improving our understanding of the most widely exploited parts of the linux kernel. Its success motivated us to expand it to new areas and we're now excited to announce that we're extending it to two new targets: v8CTF and kvmCTF.
#googleblog#EN#2023#exploit#reward#program#bugbounty
·security.googleblog.com·
Google Online Security Blog: Expanding our exploit reward program to Chrome and Cloud
Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Several new Mirai variant families were widely deployed in September 2023, among which hailBot, kiraiBot and catDDoS are the most active.
#nsfocusglobal#EN#2023#analysis#Mirai#catDDoS#hailBot#kiraiBot
·nsfocusglobal.com·
Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
The evolutionary tale of a persistent Python threat 
The evolutionary tale of a persistent Python threat 
Since early April 2023, an attacker has been relentlessly deploying hundreds of malicious packages through various usernames, accumulating nearly 75,000 downloads. Our team at Checkmarx’s Supply Chain Security has been on this malicious actor’s trail since early April, documenting each step of its evolution. We have been actively observing an attacker who seems to be evermore refining their craft. 
#checkmarx#EN#2023#Supply-chain-attack#malicious#packages#Python
·checkmarx.com·
The evolutionary tale of a persistent Python threat 
Ransomware Negotiation: Dos and Don’ts!
Ransomware Negotiation: Dos and Don’ts!
Double extortion ransomware attacks have reached very high numerical values. One of the key elements, when suffering such an attack, concerns the negotiation that can be initiated (not always!) with the ransomware gang. The analysis, carried out by the SEC4U team, of hundreds of negotiations makes it possible to apply a scientific approach to this
#neteye-blog#EN#2023#ransomchats#negotiation#negotiator#ransomware#ransomware-double-extortion#ransomware-negotiation#blue-team#sec4u
·neteye-blog.com·
Ransomware Negotiation: Dos and Don’ts!
NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry
NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry
"We must build a robust understanding of AI vulnerabilities, foreign intelligence threats to these AI systems and ways to counter the threat in order to have AI security," Gen. Paul Nakasone said. "We must also ensure that malicious foreign actors can't steal America’s innovative AI capabilities to do so.”
#breakingdefense#EN#2023#AI#NSA#hub#vulnerabilities#intelligence#Nakasone#US
·breakingdefense.com·
NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry