Cthulhu Stealer malware aimed to take macOS user data
Researchers have discovered another data-seizing macOS malware, with "Cthulhu Stealer" sold to online criminals for just $500 a month.
From the Depths: Analyzing the Cthulhu Stealer Malware for macOS
Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named “Cthulhu Stealer”.
FIN7: The Truth Doesn't Need to be so STARK
First and foremost, our thanks go to the threat research team at Silent Push and the security team at Stark Industries Solutions (referred to as “Stark” from this point forwards) for their enthusiastic cooperation in the ‘behind the scenes’ efforts of this blog post.IntroductionIn our opening statement, we also introduce the subject of this post: the cross-team and cross-organization collaborative efforts of Silent Push, Stark, and Team Cymru in taking action against a common and well-known adve
Qilin ransomware caught stealing credentials stored in Google Chrome
Familiar ransomware develops an appetite for passwords to third-party sites
NGate Android malware relays NFC traffic to steal cash
ESET Research uncovers Android malware that relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F25584373%2F247226_AI_Pixel_Reality_CVirginia_3.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2){kind=tracking}
No one’s ready for this
With AI photo editing getting easy and convincing, the world isn’t prepared for an era where photographs aren’t to be trusted.
Security Advisory CVE-2024-40766
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
SolarWinds Trust Center Security Advisories | CVE-2024-28987
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
Windows 0-day was exploited by North Korea to install advanced rootkit
FudModule rootkit burrows deep into Windows, where it can bypass key security defenses.
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. #Admin #Cache #Computer #InfoSec #LiteSpeed #Plugin #Security #Takeover #Website #WordPress
Iran Reportedly Grapples With Major Cyberattack on Banking Systems
The last known cyberattack waged against Iranian infrastructure took place last December with blame placed on Israel and the US.
Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files To Target 110,000 Domains
A cloud extortion campaign exploited misconfigured AWS .env files to target 110,000 domains, stealing credentials and ransoming cloud storage data.
Microchip August 20, 2024
Chipmaker Microchip reveals cyber attack
Defense contractor gets hacked – what's the worst that could happen
MITRE Marks Major Milestone, Minting 400 CNAs as NVD Backlog Grows - Socket
MITRE has just minted its 400th CNA, as the NVD struggles to tame its backlog of CVEs awaiting analysis, which has increased by 30% since June.
Data Exfiltration from Slack AI via indirect prompt injection
This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation. This was responsibly disclosed to Slack (more details in Responsible Disclosure section at the end).
The Abuse of ITarian RMM by Dolphin Loader
Looking into the abuse of ITarian RMM and introducing Dolphin Loader
Toyota confirms breach after stolen data leaks on hacking forum
Toyota confirmed that its network was breached after a threat actor leaked an archive of 240GB of data stolen from the company's systems on a hacking forum.
Routers from China-based TP-Link a national security threat, US lawmakers claim
The two members of Congress called on the Commerce Department to investigate risks related to TP-Link routers amid concerns over state-backed Chinese hacking operations.
How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions
An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions.
Windows driver zero-day exploited by Lazarus hackers to install rootkit
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. #BYOVD #Bring #CVE-2024-38193 #Driver #Group #Lazarus #Microsoft #Own #Vulnerability #Your #Zero-Day
stardom dreams, stalking devices and the secret conglomerate selling both
people frequently reach out to me with companies to look into. usually it takes me about 10 minutes before i move on for one reason or another—it's not interesting for a story or has good security, for example. i didnt expect anything different when an acquaintance told me about Tracki, a self-proclaimed "world leader in GPS tracking" that they suspected could be used nefariously. at first glance, Tracki appeared to be a serious company, maybe even one that cared about security. we could never have guessed what was about to unfold before us. half a year into our investigation, we'd found it all: a hidden conglomerate posing as five independent companies, masked from governments and customers alike through the use of dozens of false identities, US letterbox companies, and an undeclared owner. a 90s phone sex scheme that, through targeting by one of hollywood's most notorious fixers, spiraled into a collection of almost a hundred domains advertising everything from online dating to sore throat remedies. a slew of device-assisted murder cases, on top of potential data breaches affecting almost 12 million users, ranging from federal government officials to literal infants. and most importantly, a little-known Snoop Dogg song. how in the world did we get here? starting our descent
Post-Quantum Cryptography Standards Officially Announced by NIST – a History and Explanation - SecurityWeek
NIST has formally published three post-quantum cryptography standards from the competition it held to develop cryptography able to withstand the anticipated quantum computing decryption of current asymmetric encryption.
Disrupting a covert Iranian influence operation
We banned accounts linked to an Iranian influence operation using ChatGPT to generate content focused on multiple topics, including the U.S. presidential campaign. We have seen no indication that this content reached a meaningful audience.
Beyond the wail: deconstructing the BANSHEE infostealer
The BANSHEE malware is a macOS-based infostealer that targets system information, browser data, and cryptocurrency wallets.
DDoS attack volume rises, peak power reaches 1.7 Tbps
The total number of DDoS attacks during H1 2024 amounted to 830,000, an increase of 46% when compared to H1 2023, according to Gcore.
Geopolitical Tensions Drive Explosion in DDoS Attacks
Radware found that Web DDoS attacks rose by 265% in H1 2024, driven by hacktivist groups amid rising geopolitical tensions
SolarWinds fixes critical RCE bug affecting all Web Help Desk versions
A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today.
Zabbix Server Vulnerability Lets Attacker Execute Arbitrary Code
A critical security vulnerability, identified as CVE-2024-22116, has been patched in Zabbix, a popular monitoring solution.
Ransomware attackers introduce new EDR killer to their arsenal
Sophos discovers the threat actors behind RansomHub ransomware using EDRKillShifter in attacks