Vulnerability discovered in Apple M1 chip
MIT CSAIL boffins devise PACMAN attack to let existing exploits avoid pointer authentication
Researchers: Wi-Fi Probe Requests Expose User Data
A group of academic researchers from the University of Hamburg in Germany has discovered that mobile devices leak identifying information about their owners via Wi-Fi probe requests.
SeaFlower 藏海花 A backdoor targeting iOS web3 wallets
Confiant monitors 2.5+ billion ads per day via 110+ integrations in the advertising stack. This provides great visibility on malicious activity infiltrating the ad stack and the broader Internet. And that includes all the web3 malicious activity funneling thru it. The variety and the range of our detection enable Confiant to detect unique malicious activity as soon as it surfaces. SeaFlower is an example of this unique cluster of malicious activities targeting web3 wallet users that we will document in this blog post.
Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera
The IRAY A8Z3 thermal camera for industrial application, manufactured by Infiray/IRay Technologies is affected by multiple vulnerabilities.
Lyceum .NET DNS Backdoor
The Lyceum APT group is targeting Middle East organizations with DNS hijacking attack using a new .NET-based malware.
ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat
Earlier this year Malwarebytes released its 2022 Threat Review, a review of the most important threats and cybersecurity trends of 2021, and what they could mean for 2022. Among other things it covers the year’s alarming rebound in malware detections, and a significant shift in the balance of email threats.
Ucraina, oltre 100 attacchi cyber della guerra hanno avuto impatti in Europa
Il calcolo è dell'Agenzia comunitaria per la sicurezza informatica. Gli effetti sono moderati ma attenzione sempre più alta sulla supply chain. Al via un indice sulle difese cibernetiche degli Stati dell'Unione
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
Symbiote is a new Linux malware we discovered that acts in a parasitic nature, infecting other running processes to inflict damage on machines.
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system
EXCLUSIVE: U.S. Government Ordered Travel Companies To Spy On Russian Hacker For Years And Report His Whereabouts Every Week
Critics say the government isn’t doing enough to inform the public about such secretive surveillance.
Microsoft Diagnostic Tool "DogWalk" Package Path Traversal Gets Free Micropatches (0day/WontFix)
With the "Follina" / CVE-2022-30190 0day still hot, i.e., still waiting for an official fix while apparently already getting exploited by nation-backed attackers, another related unfixed vulnerability in Microsoft's Diagnostic Tool (MSDT) bubbled to the surface. In January 2020, security researcher Imre Rad published an article titled "The trouble with Microsoft’s Troubleshooters," describing a method for having a malicious executable file being saved to user's Startup folder, where it would subsequently get executed upon user's next login. What the user has to do for this to happen is open a "diagcab" file...
DOJ, FBI shut down marketplace for stolen Social Security numbers - The Record by Recorded Future
The Justice Department, IRS and FBI seized and shut down a popular marketplace used by cybercriminals to buy stolen Social Security numbers and other sensitive personal information. The SSNDOB Marketplace – which the DOJ said generated more than $19 million in sales revenue – was shut down in coordination with law enforcement agencies in Cyprus and Latvia. Seizure orders were executed against several domains associated with SSNDOB including ssndob.ws, ssndob.vip, ssndob.club, and blackjob.biz.
Russian Cyberattack Hits Wales-Ukraine Football Broadcast
The broadcast of the Football World Cup 2022 qualifier game between Wales and Ukraine on Sunday was interrupted in Ukraine by a cyberattack that targeted OLL.TV...
SVCReady: A New Loader Gets Ready
Don’t let cyber threats get the best of you. Read our post, SVCReady: A New Loader Gets Ready, to learn more about cyber threats and cyber security.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F22512649%2Facastro_210512_1777_deepfake_0001.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Liveness tests used by banks to verify ID are ‘extremely vulnerable’ to deepfake attacks
Deepfakes will make financial fraud easier.
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability.
Smartphones Blur the Line Between Civilian and Combatant
In Ukraine, civilians are valiantly assisting the army via apps—and challenging a tenet of international law in the process.
TrustPid is another worrying, imperfect attempt to replace tracking cookies
German ISPs are working on the introduction of TrustPid. A supercookie that is intended to replace tracking cookies.
Horde Webmail - Remote Code Execution via Email
We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email
Analysis and Attribution of the Eternity Ransomware: Timeline and Emergence of the Eternity Group
XVigil discovered a financially motivated threat actor group, dubbed Eternity group, actively operating on the internet, selling worms, stealers, DDoS tools, and ransomware builders.
Anonymous Hacktivists Leak 1TB of Top Russian Law Firm Data
Anonymous has struck Russia again by leaking 1TB of data from a leading Russian law firm identified as Rustam Kurmaev and Partners (RKP Law).
Put an io_uring on it: Exploiting the Linux Kernel - Blog |
At Grapl we believe that in order to build the best defensive system we need to deeply understand attacker behaviors. As part of that goal we're investing in offensive security research. Keep up with our blog for new research on high risk vulnerabilities, exploitation, and advanced threat tactics.
Deadly secret: Electronic warfare shapes Russia-Ukraine war
KYIV, Ukraine (AP) — On Ukraine’s battlefields , the simple act of powering up a cellphone can beckon a rain of deathly skyfall. Artillery radar and remote controls for unmanned aerial vehicles may also invite fiery shrapnel showers.
Zero-Day Exploitation of Atlassian Confluence
Over the Memorial Day weekend in the United States, Volexity conducted an incident response investigation involving two Internet-facing web servers belonging to one of its customers that were running Atlassian Confluence Server software. The investigation began after suspicious activity was detected on the hosts, which included JSP webshells being written to disk
Cyberattaques: «Il s'agit davantage de terrorisme que de crime organisé»
Les autorités russes vont relâcher les membres du gang de cybercriminels Revil, et même les embaucher pour leur propre compte. Stéphane Duguin, directeur du CyberPeace Institute de Genève, commente ce rebondissement
Over 18.8 million IPs vulnerable to Middlebox TCP reflection DDoS attacks
We recently began scanning for middlebox devices that are vulnerable to Middlebox TCP reflection, which can be abused for DDoS amplification attacks. Our results are now shared daily, filtered for your network or constituency in the new Vulnerable DDoS Middlebox report. We uncover over 18,800,000 IPv4 addresses responding to our Middlebox probes. In some cases the amplification rates can exceed 10,000!
Over 3.6 million exposed MySQL servers on IPv4 and IPv6
We have recently began scanning for accessible MySQL server instances on port 3306/TCP. These are instances that respond to our MySQL connection request with a Server Greeting. Surprisingly to us, we found around 2.3M IPv4 addresses responding with such a greeting to our queries. Even more surprisingly, we found over 1.3M IPv6 devices responding as well (though mostly associated with a single AS). IPv4 and IPv6 scans together uncover 3.6M accessible MySQL servers worldwide.
US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command
In an exclusive interview with Sky News, General Paul Nakasone confirmed for the first time that the US had "conducted a series of operations" in response to Russia's invasion of Ukraine.
Android FluBot enters Switzerland – SWITCH Security-Blog
FluBot is a new Android malware first discovered in December 2020. During the first few months, FluBot has been active in Spain, Hungary and Poland. Since then, the development of the malware advan…
Takedown of SMS-based FluBot spyware infecting Android phones
This technical achievement follows a complex investigation involving law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands and the United States, with the coordination of international activity carried out by Europol’s European Cybercrime Centre (EC3). The investigation is ongoing to identify the individuals behind this global malware campaign. Here is how FluBot worked First spotted...