Learn what LinkedIn Smart Links are and how they're being used to bypass email security gateways. Get up-to-date information on this credential phishing threat
Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack
During the month of September, an attacker operating under the pseudonym "kohlersbtuh15", attempted to exploit the open-source community by uploading a series of malicious packages to the PyPi package manager. Based on the names of these packages and the code contained within them, it appears that this attacker targeted developers that use Aliyun services (Alibaba Cloud), telegram, and AWS.
Discover the latest waves of the ongoing Balada Injector malware campaign targeting unpatched tagDiv premium WordPress themes. Dive into the technical details of the injected scripts, explore their functionality, and understand the potential threats they pose to site administrators.
The Predator Files: European Spyware Consortium Supplied Despots and Dictators
The Intellexa Alliance is the name of the shady group of European companies that supplies dictators and despots with cyberweapons. The mass spyware attacks have also been lucrative for some in Germany.
HTTP/2 Rapid Reset: deconstructing the record-breaking attack
This post dives into the details of the HTTP/2 protocol, the feature that attackers exploited to generate the massive Rapid Reset attacks, and the mitigation strategies we took to ensure all our customers are protected
There is no shortage of researchers and industry titans willing to warn us about the potential destructive power of artificial intelligence. Reading the headlines, one would hope that the rapid gains in AI technology have also brought forth a unifying realization of the risks—and the steps we need to take to mitigate them.
Les hôpitaux de Vittel et Neufchâteau victimes d'une cyberattaque
C'est le black-out informatique au centre hospitalier de l'Ouest vosgien. Les établissements de Vittel et Neufchâteau ont été victimes d'une cyberattaque dans la nuit de vendredi à samedi. Les urgences restent maintenues, mais les activités programmées sont suspendues jusqu'à lundi inclus.
23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews
At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.
90s Vulns In 90s Software (Exim) - Is the Sky Falling?
A few days ago, ZDI went public with no less than six 0days in the popular mail server Exim. Ranging from ‘potentially world-ending' through to ‘a bit of a damp squib’, these bugs were apparently discovered way back in June 2022 (!) - but naturally got caught up in the void between the ZDI and Exim for quite some time. Mysterious void.
Android TV Boxes Infected with Backdoors, Compromising Home Networks
Cybersecurity Firm Human Security has discovered malware on dozens of streaming devices and iOS/Android apps. A huge number of Android TV boxes contain malware capable of conducting ad fraud, creating fake accounts, and selling access to home networks. Researchers found that the malware they have dubbed Badbox is not only tricky to detect but difficult to remove as well. Android TV box users must prefer installing apps from reliable sources and keep their devices up-to-date. Human Security has already shared details of its findings with concerned law enforcement agencies.
X-Force uncovers global NetScaler Gateway credential harvesting campaign
In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related incident response engagements were associated with the use of stolen credentials.
n their push for AI-generated content, tech companies are dancing on the edge between fucking around and finding out.
Tech companies continue to insist that AI-generated content is the future as they release more trendy chatbots and image-generating tools. But despite reassurances that these systems will have robust safeguards against misuse, the screenshots speak for themselves.
Google Online Security Blog: Expanding our exploit reward program to Chrome and Cloud
In 2020, we launched a novel format for our vulnerability reward program (VRP) with the kCTF VRP and its continuation kernelCTF. For the first time, security researchers could get bounties for n-day exploits even if they didn’t find the vulnerability themselves. This format proved valuable in improving our understanding of the most widely exploited parts of the linux kernel. Its success motivated us to expand it to new areas and we're now excited to announce that we're extending it to two new targets: v8CTF and kvmCTF.
Genetics firm 23andMe says user data stolen in credential stuffing attack
23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack.
Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Several new Mirai variant families were widely deployed in September 2023, among which hailBot, kiraiBot and catDDoS are the most active.
The evolutionary tale of a persistent Python threat
Since early April 2023, an attacker has been relentlessly deploying hundreds of malicious packages through various usernames, accumulating nearly 75,000 downloads. Our team at Checkmarx’s Supply Chain Security has been on this malicious actor’s trail since early April, documenting each step of its evolution. We have been actively observing an attacker who seems to be evermore refining their craft.
Double extortion ransomware attacks have reached very high numerical values. One of the key elements, when suffering such an attack, concerns the negotiation that can be initiated (not always!) with the ransomware gang. The analysis, carried out by the SEC4U team, of hundreds of negotiations makes it possible to apply a scientific approach to this
CVE: Zero-Day Privilege Escalation in Confluence Server & Data Center
On 10/4/2023, Atlassian published a security advisory on CVE-2023-22515, a privilege escalation vulnerability affecting Confluence Server & Data Center.
Sony confirms data breach impacting thousands in the U.S.
Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.
CVE-2023-4911: Looney Tunables - Local Privilege Escalation in the glibc’s ld.so
The Qualys Threat Research Unit (TRU) has discovered a buffer overflow vulnerability in GNU C Library's dynamic loader's processing of the GLIBC_TUNABLES…