Police Linked to Hacking Campaign to Frame Indian Activists
New details connect police in India to a plot to plant evidence on victims' computers that led to their arrest.
Zimbra Email - Stealing Clear-Text Credentials via Memcache injection
We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.
Alphv-BlackCat non è più solo darkweb, pubblica anche su Internet "in chiaro"
La nuova funzione implementata ieri da BlackCat, esporrà le vittime colpite anche su Internet, con una diffusione più massiccia e pubblica dei dati rubati, con nome di dominio autentico intestato alla vittima stessa
Ransomware Group Debuts Searchable Victim Data
Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group,…
Cloudflare mitigates 26 million request per second DDoS attack
Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record.
A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys
Hertzbleed attack targets power-conservation feature found on virtually all modern CPUs.
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
Vulnerability discovered in Apple M1 chip
MIT CSAIL boffins devise PACMAN attack to let existing exploits avoid pointer authentication
Researchers: Wi-Fi Probe Requests Expose User Data
A group of academic researchers from the University of Hamburg in Germany has discovered that mobile devices leak identifying information about their owners via Wi-Fi probe requests.
SeaFlower 藏海花 A backdoor targeting iOS web3 wallets
Confiant monitors 2.5+ billion ads per day via 110+ integrations in the advertising stack. This provides great visibility on malicious activity infiltrating the ad stack and the broader Internet. And that includes all the web3 malicious activity funneling thru it. The variety and the range of our detection enable Confiant to detect unique malicious activity as soon as it surfaces. SeaFlower is an example of this unique cluster of malicious activities targeting web3 wallet users that we will document in this blog post.
Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera
The IRAY A8Z3 thermal camera for industrial application, manufactured by Infiray/IRay Technologies is affected by multiple vulnerabilities.
Lyceum .NET DNS Backdoor
The Lyceum APT group is targeting Middle East organizations with DNS hijacking attack using a new .NET-based malware.
ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat
Earlier this year Malwarebytes released its 2022 Threat Review, a review of the most important threats and cybersecurity trends of 2021, and what they could mean for 2022. Among other things it covers the year’s alarming rebound in malware detections, and a significant shift in the balance of email threats.
Ucraina, oltre 100 attacchi cyber della guerra hanno avuto impatti in Europa
Il calcolo è dell'Agenzia comunitaria per la sicurezza informatica. Gli effetti sono moderati ma attenzione sempre più alta sulla supply chain. Al via un indice sulle difese cibernetiche degli Stati dell'Unione
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
Symbiote is a new Linux malware we discovered that acts in a parasitic nature, infecting other running processes to inflict damage on machines.
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system
EXCLUSIVE: U.S. Government Ordered Travel Companies To Spy On Russian Hacker For Years And Report His Whereabouts Every Week
Critics say the government isn’t doing enough to inform the public about such secretive surveillance.
Microsoft Diagnostic Tool "DogWalk" Package Path Traversal Gets Free Micropatches (0day/WontFix)
With the "Follina" / CVE-2022-30190 0day still hot, i.e., still waiting for an official fix while apparently already getting exploited by nation-backed attackers, another related unfixed vulnerability in Microsoft's Diagnostic Tool (MSDT) bubbled to the surface. In January 2020, security researcher Imre Rad published an article titled "The trouble with Microsoft’s Troubleshooters," describing a method for having a malicious executable file being saved to user's Startup folder, where it would subsequently get executed upon user's next login. What the user has to do for this to happen is open a "diagcab" file...
DOJ, FBI shut down marketplace for stolen Social Security numbers - The Record by Recorded Future
The Justice Department, IRS and FBI seized and shut down a popular marketplace used by cybercriminals to buy stolen Social Security numbers and other sensitive personal information. The SSNDOB Marketplace – which the DOJ said generated more than $19 million in sales revenue – was shut down in coordination with law enforcement agencies in Cyprus and Latvia. Seizure orders were executed against several domains associated with SSNDOB including ssndob.ws, ssndob.vip, ssndob.club, and blackjob.biz.
Russian Cyberattack Hits Wales-Ukraine Football Broadcast
The broadcast of the Football World Cup 2022 qualifier game between Wales and Ukraine on Sunday was interrupted in Ukraine by a cyberattack that targeted OLL.TV...
SVCReady: A New Loader Gets Ready
Don’t let cyber threats get the best of you. Read our post, SVCReady: A New Loader Gets Ready, to learn more about cyber threats and cyber security.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F22512649%2Facastro_210512_1777_deepfake_0001.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Liveness tests used by banks to verify ID are ‘extremely vulnerable’ to deepfake attacks
Deepfakes will make financial fraud easier.
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability.
Smartphones Blur the Line Between Civilian and Combatant
In Ukraine, civilians are valiantly assisting the army via apps—and challenging a tenet of international law in the process.
TrustPid is another worrying, imperfect attempt to replace tracking cookies
German ISPs are working on the introduction of TrustPid. A supercookie that is intended to replace tracking cookies.
Horde Webmail - Remote Code Execution via Email
We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email
Analysis and Attribution of the Eternity Ransomware: Timeline and Emergence of the Eternity Group
XVigil discovered a financially motivated threat actor group, dubbed Eternity group, actively operating on the internet, selling worms, stealers, DDoS tools, and ransomware builders.
Anonymous Hacktivists Leak 1TB of Top Russian Law Firm Data
Anonymous has struck Russia again by leaking 1TB of data from a leading Russian law firm identified as Rustam Kurmaev and Partners (RKP Law).
Put an io_uring on it: Exploiting the Linux Kernel - Blog |
At Grapl we believe that in order to build the best defensive system we need to deeply understand attacker behaviors. As part of that goal we're investing in offensive security research. Keep up with our blog for new research on high risk vulnerabilities, exploitation, and advanced threat tactics.
Deadly secret: Electronic warfare shapes Russia-Ukraine war
KYIV, Ukraine (AP) — On Ukraine’s battlefields , the simple act of powering up a cellphone can beckon a rain of deathly skyfall. Artillery radar and remote controls for unmanned aerial vehicles may also invite fiery shrapnel showers.