'Operation Digital Eye' Attack Targets European IT Orgs
A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.
Python Crypto Library Updated to Steal Private Keys
Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean
Ivanti warns of three more CSA zero-days exploited in attacks
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.
Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers
Security researchers have detailed and published a PoC exploit code for a critical vulnerability, designated as CVE-2024-38077 (CVSS 9.8)
Exploiting pfsense Remote Code Execution – CVE-2022-31814
Greetings everyone, In this write-up, we will be exploring the interesting exploitation that has been done against the pfsense CVE-2022-31814. What is pfsense? pfSense software is a FreeBSD-based operating system designed to install and configure a firewall that can be easily configured via the web interface and installed on any PC. With all of the
Critical Cisco bug lets hackers add root users on SEG devices
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. Tracked as CVE-2024-20401, this arbitrary file write security flaw in the SEG content scanning and message filtering features is caused by an absolute path traversal weakness that allows replacing any file on the underlying operating system.
Cybercriminals who breached Nvidia issue one of the most unusual demands ever
Chipmaker has until Friday to comply or see its crown-jewel source code released.
Malware now using stolen NVIDIA code signing certificates
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.
Cybercriminals who breached Nvidia issue one of the most unusual demands ever
Chipmaker has until Friday to comply or see its crown-jewel source code released.
Malware now using stolen NVIDIA code signing certificates
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.
Cybercriminals who breached Nvidia issue one of the most unusual demands ever
Chipmaker has until Friday to comply or see its crown-jewel source code released.
Malware now using stolen NVIDIA code signing certificates
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.
Cybercriminals who breached Nvidia issue one of the most unusual demands ever
Chipmaker has until Friday to comply or see its crown-jewel source code released.
Malware now using stolen NVIDIA code signing certificates
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.
Binance Code and Internal Passwords Exposed on GitHub for Months
A takedown request said the GitHub account was “hosting and distributing leaks of internal code which poses significant risk to BINANCE.”
Cybercriminals who breached Nvidia issue one of the most unusual demands ever
Chipmaker has until Friday to comply or see its crown-jewel source code released.
Malware now using stolen NVIDIA code signing certificates
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.
Qlik Sense Remote Code Execution Technical Exploitation -
Deep technical details of how we combined HTTP request tunneling and path traversal vulnerabilities to permit unauthorized RCE in Qlik Sense.
Cybercriminals who breached Nvidia issue one of the most unusual demands ever
Chipmaker has until Friday to comply or see its crown-jewel source code released.
Malware now using stolen NVIDIA code signing certificates
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.
CVE-2023-38146: Arbitrary Code Execution via Windows Themes
This is a fun bug I found while poking around at weird Windows file formats. It's a kind of classic Windows style vulnerability featuring broken signing, sketchy DLL loads, file races, cab files, and Mark-of-the-Web silliness. It was also my first experience submitting to the MSRC Windows bug bounty since leaving Microsoft in April of 2022.
Code Vulnerabilities Put Proton Mails at Risk
The Sonar Research team discovered critical code vulnerabilities in Proton Mail, Skiff and Tutanota. This post covers the technical details of the XSS vulnerability in Proton Mail.
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent
The Qualys Threat Research Unit (TRU) has discovered a remote code execution vulnerability in OpenSSH's forwarded ssh-agent. This vulnerability allows a remote…
BlackLotus UEFI Bootkit Source Code Leaked on GitHub
The source code for the BlackLotus UEFI bootkit has been shared publicly on GitHub, albeit with several modifications compared to the original malware. Designed specifically for Windows, the bootkit emerged on hacker forums in October last year, being advertised with APT-level capabilities such as secure boot and user access control (UAC) bypass and the ability to disable security applications and defense mechanisms on victim systems.
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may exploit to bypass existing security controls. In this blog post, our team is detailing on a comprehensive research specifically focused on process injection techniques utilized by attackers to deceive robust security products integrated into the security stack, such as EDRs and XDRs. Throughout the blog post, we will delve into various process injection techniques e
Cybercriminals who breached Nvidia issue one of the most unusual demands ever
Chipmaker has until Friday to comply or see its crown-jewel source code released.
Malware now using stolen NVIDIA code signing certificates
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.
Malicious App Developer Remains on Google Play
A report shows four Bluetooth-centered apps by the same developer have been downloaded 1 million times combined while containing malicious code.
Intel Confirms Alder Lake BIOS Source Code Leak
Intel confirms that 6GB of proprietary BIOS source code for its Alder Lake processors was leaked to the public.
Cybercriminals who breached Nvidia issue one of the most unusual demands ever
Chipmaker has until Friday to comply or see its crown-jewel source code released.