Found 507 bookmarks
Custom sorting
Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification
Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification
Python’s e-mail libraries smtplib, imaplib, and poplib do not verify server certificates unless a proper SSL context is passed to the API. This leads to security problems.
#pentagrid#EN#Python#e-mail#libraries#smtplib#imaplib#poplib#SSL#insecure#analysis
·pentagrid.ch·
Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification
FakeUpdateRU Chrome Update Infection Spreads Trojan Malware
FakeUpdateRU Chrome Update Infection Spreads Trojan Malware
Learn about the fake Google Chrome update malware, a common form of website malware that tricks users into downloading a remote access trojan disguised as a browser update. Understand how it works, its impact on websites, and how to protect your site from such threats. Stay updated on the latest malware trends with Sucuri.
#sucuri#EN#2023#Google#Chrome#update#malware#fake#analysis
·blog.sucuri.net·
FakeUpdateRU Chrome Update Infection Spreads Trojan Malware
Another plastic surgery practice appears to have been hit — this time by Hunters International
Another plastic surgery practice appears to have been hit — this time by Hunters International
On October 17, the FBI issued a Public Service Announcement, Cybercriminals are Targeting Plastic Surgery Offices and Patients. Five days later, DataBreaches learned that there had been another attack on a plastic surgery practice where patient data had allegedly been stolen and is in danger of being leaked publicly. It would not be surprising if the FBI knew about the attack and that it was the impetus for the newly released PSA.
#databreaches#EN#2023#analysis#plastic-surgery#data-breaches#Hunters-International
·databreaches.net·
Another plastic surgery practice appears to have been hit — this time by Hunters International
90s Vulns In 90s Software (Exim) - Is the Sky Falling?
90s Vulns In 90s Software (Exim) - Is the Sky Falling?
A few days ago, ZDI went public with no less than six 0days in the popular mail server Exim. Ranging from ‘potentially world-ending' through to ‘a bit of a damp squib’, these bugs were apparently discovered way back in June 2022 (!) - but naturally got caught up in the void between the ZDI and Exim for quite some time. Mysterious void.
#labs.watchtowr#EN#2023#Exim#analysis#CVE-2023-42115
·labs.watchtowr.com·
90s Vulns In 90s Software (Exim) - Is the Sky Falling?
Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Several new Mirai variant families were widely deployed in September 2023, among which hailBot, kiraiBot and catDDoS are the most active.
#nsfocusglobal#EN#2023#analysis#Mirai#catDDoS#hailBot#kiraiBot
·nsfocusglobal.com·
Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials
New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials
Netskope Threat Labs is tracking a campaign that uses malicious Python scripts to steal Facebook users’ credentials and browser data. This campaign targets Facebook business accounts with bogus Facebook messages with a malicious file attached. The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology sectors.
#netskope#EN#2023#analysis#Python#NodeStealer#Facebook#Credentials#Login
·netskope.com·
New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials
CVE-2023-36844 And Friends: RCE In Juniper Devices
CVE-2023-36844 And Friends: RCE In Juniper Devices
As part of our Continuous Automated Red Teaming and Attack Surface Management technology - the watchTowr Platform - we're incredibly proud of our ability to discover nested, exploitable vulnerabilities across huge attack surfaces. Through our rapid PoC process, we enable our clients to understand if they are vulnerable to emerging
#labs.watchtowr#EN#2023#CVE-2023-36844#Juniper#RCE#analysis
·labs.watchtowr.com·
CVE-2023-36844 And Friends: RCE In Juniper Devices
Malware Execution Method Using DNS TXT Record
Malware Execution Method Using DNS TXT Record
AhnLab Security Emergency response Center (ASEC) has confirmed instances where DNS TXT records were being utilized during the execution process of malware. This is considered meaningful from various perspectives, including analysis and detection as this method has not been widely utilized as a means of executing malware.
#ASEC#EN#2023#DNS#TXT#malware#analysis
·asec.ahnlab.com·
Malware Execution Method Using DNS TXT Record
Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination
Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination
I stumbled upon an intriguing concept presented by Will Thomas (BushidoToken) in his blog post titled “Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz.” This concept revolves around utilizing stylometry to identify potential modifications in new ransomware variants based on existing popular strains. If you’re interested, you can read the blog post here. (Notably, Will Thomas also appeared on Dark Net Diaries, discussing his tracking of the Revil ransomware.)
#callyso0414#YUCA#medium#EN#2023#ransomware#logs#log#chats#Stylometric#Analysis
·medium.com·
Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID
Deep Instinct’s Threat Research Lab recently noticed a new strain of a JavaScript-based dropper that is delivering Bumblebee and IcedID. The dropper contains comments in Russian and employs the unique user-agent string “PindOS”, which may be a reference to current (and past) anti-American sentiment in Russia. Bumblebee is a malware loader first discovered in March 2022. It was associated with Conti group and was being used as a replacement for BazarLoader. It acts as a primary vector for multiple types of other malware, including ransomware. IcedID is a modular banking malware designed to steal financial information. It has been seen in the wild since at least 2017 and has recently been observed shifting some of its focus to malware delivery.
#deepinstinct#EN#2023#JavaScript#Dropper#PindOS#Bumblebee#analysis
·deepinstinct.com·
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID