Found 3149 bookmarks
Custom sorting
XLoader Botnet: Find Me If You Can
XLoader Botnet: Find Me If You Can
In July 2021, CPR released a series of three publications covering different aspects of how the Formbook and XLoader malware families function. We described how XLoader emerged in the Darknet community to fill the empty niche after Formbook sales were abruptly stopped by its author. We did a deep technical analysis followed by a description of XLoader for macOS along with common points and differences in how both malware families conceal the heart of the whole operation, the Command-and-Control (C&C) infrastructure. However, the world does not stand still, and this applies to the malware cyber-world as well.
#checkpoint#EN#2022#XLoader#malware#Research
·research.checkpoint.com·
XLoader Botnet: Find Me If You Can
ICO fines facial recognition database company Clearview AI Inc more than £7.5m and orders UK data to be deleted
ICO fines facial recognition database company Clearview AI Inc more than £7.5m and orders UK data to be deleted
The Information Commissioner’s Office (ICO) has fined Clearview AI Inc £7,552,800 for using images of people in the UK, and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition. The ICO has also issued an enforcement notice, ordering the company to stop obtaining and using the personal data of UK residents that is publicly available on the internet, and to delete the data of UK residents from its systems.
#ico#EN#2022#UK#Clearview#fines#facial-recognition#privacy
·ico.org.uk·
ICO fines facial recognition database company Clearview AI Inc more than £7.5m and orders UK data to be deleted
Des chercheurs reprogramment un AirTag et pointent quelques trous dans la raquette d'Apple
Des chercheurs reprogramment un AirTag et pointent quelques trous dans la raquette d'Apple
Des chercheurs se sont penchés sur ce qui se cachait sous le capot des AirTags et ont voulu voir ce qu'il était possible de faire en bidouillant la petite balise connectée. Ils ont découvert quelques grosses faiblesses qu'Apple aura bien du mal à corriger, sauf en revoyant en profondeur son appareil. Leur compte rendu révèle que l'accessoire est sensible à une attaque par
#Igen#FR#2022#AirTag#hack#bidouille
·igen.fr·
Des chercheurs reprogramment un AirTag et pointent quelques trous dans la raquette d'Apple
Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?
Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?
User tracking technologies are ubiquitous on the web. In recent times web browsers try to fight abuses. This led to an arms race where new tracking and anti-tracking measures are being developed. The use of one of such evasion techniques, the CNAME cloaking technique is recently quickly gaining popularity. Our evidence indicates that the use of the CNAME scheme threatens web security and privacy systematically and in general
#lukaszolejnik#EN#2022#research#privacy#web-browser#web#w3c#consent#data-breach#gdpr#dns#cname#cloacking
·blog.lukaszolejnik.com·
Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?
Guerre en Ukraine : Anonymous déclare la cyberguerre à Killnet, un collectif de hackers pro-russes
Guerre en Ukraine : Anonymous déclare la cyberguerre à Killnet, un collectif de hackers pro-russes
En luttant contre le groupe Killnet, Anonymous espère réduire le nombre d'attaques en ligne portées par ce dernier à l'encontre des gouvernements de plusieurs pays membres de l'OTAN
#20minutesfr#FR#2022#Anonymous#Killnet#hacker#piratage#pirate#Guerre-en-Ukraine#Russie
·20minutes.fr·
Guerre en Ukraine : Anonymous déclare la cyberguerre à Killnet, un collectif de hackers pro-russes
New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message
New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message
Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code.
#thehackernews#EN#2022#XMPP#Zoom#CVE-2022-22784#CVE-2022-22785#CVE-2022-22786#CVE-2022-22787
·thehackernews.com·
New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message
PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables
PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables
This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.
#PyPI#ctx#PHP#supplychain#attack#sonatype#EN#2022#exfiltration#steal#Supply-chain-security
·blog.sonatype.com·
PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
This blog post describes an unchecked return value vulnerability found and exploited in September 2021 by Alex Plaskett, Cedric Halbronn and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group. We successfully exploited it at Pwn2Own 2021 competition in November 2021 when targeting the Western Digital PR4100.
#CVE-2022-23121#nccgroup#EN#2022#Netatalk#WesternDigital#vulnerability#AppleDouble
·research.nccgroup.com·
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices - Microsoft Security Blog
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices - Microsoft Security Blog
Observing a 254% increase in activity over the last six months from a versatile Linux trojan called XorDdos, the Microsoft 365 Defender research team provides in-depth analysis into this stealthy malware's capabilities and key infection signs.
#microsoft-security-blog#2022#EN#Linux#XorDdos#botnet#malware#stealthy
·microsoft.com·
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices - Microsoft Security Blog
Fears grow for smaller nations after ransomware attack on Costa Rica escalates
Fears grow for smaller nations after ransomware attack on Costa Rica escalates
The Russia-linked ransomware gang demanded $20 million in ransom — and the overthrow of Costa Rica's elected government. Where does that leave smaller, equally vulnerable nation states?
#cyberattacks#techcrunch#EN#2022#data-breaches#emsisoft#encryption#healthcare#Conti#law-enforcement#president#ransomware#Costarica
·techcrunch.com·
Fears grow for smaller nations after ransomware attack on Costa Rica escalates
Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes
Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes
On April 5, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of vulnerabilities in the Jupiter and JupiterX Premium themes and the required JupiterX Core companion plugin for WordPress, which included a critical privilege escalation vulnerability that allowed any user to become an administrator. The plugin developers quickly replied ...Read More
#Wordfence#2022#EN#JupiterX#Wordpress#theme#Privilege#CVE-2022-1654#CVE-2022-1656#CVE-2022-1657#CVE-2022-1658#CVE-2022-1659
·wordfence.com·
Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes