Found 6312 bookmarks
Custom sorting
Cybercriminals impersonate OpenAI in large-scale phishing attack
Cybercriminals impersonate OpenAI in large-scale phishing attack
Since the launch of ChatGPT, OpenAI has sparked significant interest among both businesses and cybercriminals. While companies are increasingly concerned about whether their existing cybersecurity measures can adequately defend against threats curated with generative AI tools, attackers are finding new ways to exploit them. From crafting convincing phishing campaigns to deploying advanced credential harvesting and malware delivery methods, cybercriminals are using AI to target end users and capitalize on potential vulnerabilities. Barracuda threat researchers recently uncovered a large-scale OpenAI impersonation campaign targeting businesses worldwide. Attackers targeted their victims with a well-known tactic — they impersonated OpenAI with an urgent message requesting updated payment information to process a monthly subscription.
#barracuda#EN#2024#phishing#ChatGPT#OpenAI#large-scale#impersonation
·blog.barracuda.com·
Cybercriminals impersonate OpenAI in large-scale phishing attack
Malicious NPM Packages Target Roblox Users with Data-Stealing Malware
Malicious NPM Packages Target Roblox Users with Data-Stealing Malware
A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber. "This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem, and using readily available commodity malware, public platforms like GitHub for hosting malicious executables, and communication channels like Discord and Telegram for C2 operations to bypass traditional security measures," Socket security researcher Kirill Boychenko said in a report shared with The Hacker News.
#thehackernews#EN#2024#Malicious#NPM#Packages#Roblox
·thehackernews.com·
Malicious NPM Packages Target Roblox Users with Data-Stealing Malware
Canadian Suspect Arrested Over Snowflake Customer Breach and Extortion Attacks
Canadian Suspect Arrested Over Snowflake Customer Breach and Extortion Attacks
Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander "Connor" Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the U.S.
#thehackernews#EN#Snowflake#Connor#Moucka#busted#arrested#Judische#Waifu
·thehackernews.com·
Canadian Suspect Arrested Over Snowflake Customer Breach and Extortion Attacks
Government of Canada orders the wind up of TikTok Technology Canada, Inc. following a national security review under the Investment Canada Act
Government of Canada orders the wind up of TikTok Technology Canada, Inc. following a national security review under the Investment Canada Act
“As a result of a multi-step national security review process, which involves rigorous scrutiny by Canada’s national security and intelligence community, the Government of Canada has ordered the wind up of the Canadian business carried on by TikTok Technology Canada, Inc. The government is taking action to address the specific national security risks related to ByteDance Ltd.’s operations in Canada through the establishment of TikTok Technology Canada, Inc. The decision was based on the information and evidence collected over the course of the review and on the advice of Canada’s security and intelligence community and other government partners.
#Canada#EN#2024#order#TikTok#national-security#ByteDance#Government#intelligence#wind-up
·canada.ca·
Government of Canada orders the wind up of TikTok Technology Canada, Inc. following a national security review under the Investment Canada Act
Gootloader’s Pivot from SEO Poisoning: PDF Converters Become the New Infection Vector
Gootloader’s Pivot from SEO Poisoning: PDF Converters Become the New Infection Vector
Three weeks ago, Gootloader samples suddenly dried up. This has happened before, so I switched VPNs and tried new locations—coffee shops, friends’, and family’s Wi-Fi networks—but still couldn’t re…
#gootloader.wordpress.com#EN#2024#Pivot#SEO#Gootloader#Poisoning#PDF#Converters
·gootloader.wordpress.com·
Gootloader’s Pivot from SEO Poisoning: PDF Converters Become the New Infection Vector
A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities – Mickey's Blogs – Exploring the world with my sword of debugger :)
A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities – Mickey's Blogs – Exploring the world with my sword of debugger :)
A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities This is a blog post for my presentation at the conference POC2024. The slides are uploaded here. In the macOS system, most processes are running in a restricted sandbox environment, whether they are Apple’s own services or third-party applications. Consequently, once an attacker gains Remote Code Execution (RCE) from these processes, their capabilities are constrained. The next step for the attacker is to circumvent the sandbox to gain enhanced execution capabilities and broader file access permissions. But how to discover sandbox escape vulnerabilities? Upon reviewing the existing issues, I unearthed a significant overlooked attack surface and a novel attack technique. This led to the discovery of multiple new sandbox escape vulnerabilities: CVE-2023-27944, CVE-2023-32414, CVE-2023-32404, CVE-2023-41077, CVE-2023-42961, CVE-2024-27864, CVE-2023-42977, and more.
#jhftss#EN#2024#macOS#research#vulnerabilies#Sandbox#Escapes#CVE-2023-27944#CVE-2023-32414#CVE-2023-32404#CVE-2023-41077#CVE-2023-42961#CVE-2024-27864#CVE-2023-42977
·jhftss.github.io·
A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities – Mickey's Blogs – Exploring the world with my sword of debugger :)
The story behind HISAA
The story behind HISAA
Health care breaches lead to legislation Highlights of the new standard include: Performing and documenting a security risk analysis of exposure Documentation of a business continuity plan (BCP) Stress test of resiliency and documentation of any planned changes to the BCP A signed statement by both the CEO and CISO of compliance * A third-party audit to certify compliance (no later than six months after enactment)
#theregister#EN#2024#HISAA#standard#legal#US#health#legislation
·theregister.com·
The story behind HISAA
SmokeBuster Tool
SmokeBuster Tool
  • ThreatLabz has developed a tool named SmokeBuster to detect, analyze, and remediate infections. SmokeBuster supports 32-bit and 64-bit instances of SmokeLoader and versions 2017-2022. The tool is compatible with Windows 7 to Windows 11. SmokeLoader is a malware downloader that originated in 2011. The malware is primarily designed to deliver second-stage payloads, which include information stealers and ransomware. Despite a major disruption by Operation Endgame in May 2024, SmokeLoader continues to be used by numerous threat groups largely due to numerous cracked versions publicly available on the internet. The last four versions of SmokeLoader contain coding flaws that significantly impact an infected system’s performance.
#zscaler#EN#2024#tool#SmokeBuster#SmokeLoader#Operation-Endgame
·zscaler.com·
SmokeBuster Tool
Censorship Attack against the Tor network
Censorship Attack against the Tor network
In the last few days, many Tor relay operators - mainly hosting relay nodes on providers like Hetzner - began receiving abuse notices. All the abuses reported many failed SSH login attempts - part of a brute force attack - coming from their Tor relays. Tor relays normally only transport traffic between a guard and an exit node of the Tor network, and per-se should not perform any SSH connections to internet-facing hosts, let alone performing SSH brute force attacks.
#osservatorionessuno#EN#2024#Tor#network#spoofing#attack#relays#SSH
·osservatorionessuno.org·
Censorship Attack against the Tor network