Stego, uBlock, PPTP, Log4J, Command Jacking, Windows 10, Feet, Josh Marpet, and More. – SWN #422
Stego, uBlock, PPTP, Log4J, Command Jacking, Windows 10, Feet, Josh Marpet, and More. – SWN #422 Source link
Android PINs exfiltrated by newly emergent TrickMo malware variants
BleepingComputer reports that Android PINs have been targeted for exfiltration by some of the 40 newly discovered TrickMo Android banking trojan variants, which have one-time password interception, data and credential theft, screen recording, accessibility service exploitation, and automated permission granting capabilities. Fake unlock screens have been utilized by the novel TrickMo variants to compromise Android users’ unlock patterns […]
Cisco claimed to be compromised by IntelBroker
Cisco had its systems purportedly compromised on Thursday by IntelBroker, which touted a significant data breach in a BreachForums post, Hackread reports. Aside from Cisco’s source code from GitHub, GitLab, and SonarQube, hard-coded credentials, confidential files, SSL certificates and private and public keys, API tokens and storage buckets, Jira tickets, and Docker builds, attackers were also able to […]
CISOs on AI: 7 key takeaways from security leaders at Elastic and Drata
Advancements in generative AI have created unprecedented challenges for CISOs, increasing the complexity of enterprise environments and helping malicious actors create more sophisticated attacks. Security leaders now face the unenticing task of mastering this evolving technology and adopting AI in their defense strategies, all while ensuring the security and privacy of AI tools. Data confirms […]
Separate health breaches impact over 500K
More than 500,000 individuals across the U.S. had their data compromised in separate data breaches against Texas-based healthcare billing services provider Gryphon Healthcare and California-based acute-care public hospital Tri-City Medical Center, according to SecurityWeek. Gryphon disclosed that infiltration of a customer’s systems in August resulted in the exfiltration of personal and sensitive details from 393,358 patients, […]
Jetpack patches critical bug that exposed data on 27M WordPress sites
Jetpack released a patch for a critical vulnerability that could let malicious users submit a specially crafted request to the WordPress server to then disclose data submitted by other users — a flaw that left sensitive personal information potentially exposed on 27 million websites. Owned by Automattic, the company behind WordPress, the Jetpack plug-in offers […]
ATM cash theft aimed by new FASTCash malware for Linux
Attacks with the new FASTCash malware for Linux have been launched by North Korean hackers against financial organizations’ Ubuntu 22.04 LTS-based payment switch systems to facilitate unauthorized ATM transactions, reports BleepingComputer. After being installed on a payment switch server’s running process through the ‘ptrace’ system call, FASTCash for Linux — which significantly resembled iterations of the […]
Marriott faces $52 million FTC fine and reprimand over data breaches
Editor’s note: This article originally appeared in our sister publication SC Magazine UK. Marriott and Starwood have been fined and told implement a comprehensive security program following three large data breaches. According to the FTC, the companies’ failure to implement reasonable data security led to three large data breaches from 2014 to 2020, impacting more than […]
Perl & PHP Vulns, Fuzzing & Parsers, Protecting Multi-Hosted Tenants, Secure Design – ASW #303
This article initially caught my attention just because of the fuzzing aspect. (I admittedly wasn’t familiar with Lima.) However, what really grabbed me was the tangent on not having one, but three YAML parsers included by the project. And then seeing that one of the parsers turns the YAML into JSON for processing and back […]
Ivanti CSA bugs leveraged in suspected nation-state attack
A trio of Ivanti Cloud Service Appliance zero-days has been conducted by a suspected state-sponsored threat operation in a bid to infiltrate targeted networks and conduct various malicious schemes. Source link
© Copyright 2024 CNB Tel. All rights reserved