Fake Roblox packages target npm with Luna Grabber information-stealing malware
ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository. This latest campaign recalls a 2021 attack.
Genève: Un élu a farfouillé sans droit dans les fichiers de la justice
Le conseiller administratif d’une petite commune a été condamné pour violation du secret de fonction. Il avait utilisé son emploi au Pouvoir judiciaire pour se renseigner au sujet d’une plainte pénale.
#NoFilter - Abusing Windows Filtering Platform for Privilege Escalation
This blog is based on a session we presented at DEF CON 2023 on Sunday, August 13, 2023, in Las Vegas. Privilege escalation is a common attack vector in the Windows OS. There are multiple offensive tools in the wild that can execute code as “NT AUTHORITY\SYSTEM” (Meterpreter, CobaltStrike, Potato tools), and they all usually do so by duplicating tokens and manipulating services. This allows them to perform attacks like LSASS Shtinkering.
App Management is a new macOS security feature in Ventura introduced at WWDC last year: If an app is modified by something that isn't signed by the same development team and isn't allowed by an NSUpdateSecurityPolicy, macOS will block the modification and notify the user that an app wants to manage other apps. Clicking on the notification sends people to System Settings, where they can allow an app to update and modify other apps.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authe…
Ivanti warns of new actively exploited MobileIron zero-day bug
US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in the wild.
Brazilian hacker claims Bolsonaro asked him to hack into the voting system ahead of 2022 vote | AP News
A Brazilian hacker claimed at a congressional hearing Thursday that then-President Jair Bolsonaro wanted him to hack into the country’s electronic voting system to expose its alleged weaknesses ahead of the 2022 presidential election.
2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution
Data Theft Via MOVEit: 4.5 Million More Individuals Affected
The fallout from the Clop cybercrime group's mass theft of data from MOVEit servers continues to increase. Colorado's state healthcare agency alone is now notifying
Threat actors use beta apps to bypass mobile app store security
The FBI is warning of a new tactic used by cybercriminals where they promote malicious "beta" versions of cryptocurrency investment apps on popular mobile app stores that are then used to steal crypto.
New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode
Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and maintain access to an Apple device even when the victim believes it is offline. The method "tricks the victim into thinking their device's Airplane Mode works when in reality the attacker (following successful device exploit) has planted an artificial Airplane Mode which edits the UI to display Airplane Mode icon and cuts internet connection to all apps except the attacker application," Jamf Threat Labs researchers Hu Ke and Nir Avraham said in a report shared with The Hacker News.
Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign
Fox-IT (part of NCC Group) has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure (DIVD). An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing webshells on vulnerable NetScalers to gain persistent access. The adversary can execute arbitrary commands with this webshell, even when a NetScaler is patched and/or rebooted. At the time of writing, more than 1900 NetScalers remain backdoored. Using the data supplied by Fox-IT, the Dutch Institute of Vulnerability Disclosure has notified victims.
Des pirates informatiques s'emparent des données de 2800 policiers bernois
Une faille de sécurité dans une application utilisée par la police bernoise a entraîné une importante fuite de données. Des pirates ont pu s'emparer de l'identité et des numéros de téléphone de l'ensemble des 2800 employés de la police cantonale.
Scammers are hacking websites powered by WordPress and placing phishing pages inside hidden directories. We share some statistics and tips on recognizing a hacked site.
Users of cybercrime forums often fall victim to info-stealers, researchers find
After analyzing millions of computers infected with info-stealing malware, researchers at Hudson Rock said they identified 120,000 that contained credentials used for logging into cybercrime forums.
Karma Catches Up to Global Phishing Service 16Shop
You've probably never heard of "16Shop," but there's a good chance someone using it has tried to phish you. Last week, the international police organization INTERPOL said it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017…
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks
Recent findings by Aqua Nautilus have exposed significant flaws that are still active in the PowerShell Gallery's policy regarding package names and owners. These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package. Consequently, these flaws pave the way for potential supply chain attacks on the registry's vast user base.
