Some of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII, including username, email, and passwords

we’re studying the ConfuserEx1 obfuscation mechanism of a Ginzo .NET sample. This class of obfuscator is known as code flatteners. We describe how it can dealt with it using a Python script within IDA Pro2, a famous reverse-engineering tool.

Revolut is sending out notices of a data breach to a small percentage of impacted users, informing them of a security incident where an unauthorized third party accessed internal data.

Users often store passwords in third-party software for convenience – but credential gathering techniques can target this behavior.

We uncovered a campaign on the Microsoft Edge home page where malicious ads are luring victims into tech support scams.

In the context of an internationally coordinated operation against a ransomware group, the Zurich Public Prosecutor’s Office is leading criminal proceedings against an accused person. At the same time, cyber investigators of the Zurich Cantonal Police have been intensively analysing the data storage devices seized from that person in the past months. This analysis has revealed numerous private keys. They enable the aggrieved companies to recover their encrypted data.

A massive GTA VI leak appears to line up with previous reports.

Updates on security incident

Here are two proof-of-concepts for CVE-2022-26766 (CoreTrust allows any root certificate) and CVE-2022-26763 (IOPCIDevice::_MemoryAccess not checking bounds at all), two issues discovered by @LinusHenze and patched in macOS 12.4 / iOS 15.5.

The company said on Thursday that it was looking into the scope of the apparent hack.

Its targets include not only Israel but at least one NATO member

The attackers are working on a number of malware threats, some of which have been used in attacks while others are in pre-deployment or testing stages. Symantec, by Broadcom Software, has gained insight into the current activities of a group we call Webworm. The group has developed customized versions of three older remote access Trojans (RATs), including Trochilus, Gh0st RAT, and 9002 RAT. At least one of the indicators of compromise (IOCs) observed by Symantec was used in an attack against an IT service provider operating in multiple Asian countries, while others appear to be in pre-deployment or testing stages.

An unusual malicious bundle (a collection of malicious programs distributed in the form of a single installation file, self-extracting archive or other file with installer-type functionality) recently caught our eye. Its main payload is the widespread RedLine stealer. Discovered in March 2020, RedLine is currently one of the most common Trojans used to steal passwords and credentials from browsers, FTP clients and desktop messengers. It is openly available on underground hacker forums for just a few hundred dollars, a relatively small price tag for malware.

In August 2022, the Vectra Protect team identified an attack path that enables malicious actors with file system access to steal credentials for any Microsoft Teams user who is signed in.

Traffickers in Southeast Asia force thousands of people into perpetrating cyberscams that defraud Americans out of millions of dollars. Here’s how they do it.