Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using a new ‘Dependency Confusion’ vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. Click here for image...
Halogen is a tool to automate the creation of yara rules against image files embedded within a malicious document. Halogen help python3 halogen.py -husage: halogen.py [-h] [-f FILE] [-d DIR] [-n NAME] [–png-idat] [–jpg-sos]Halogen:...
Several Tibetan organizations were targeted in a cyber-espionage campaign by a state-backed hacking group using a malicious Firefox extension designed to hijack Gmail accounts and infect victims with malware. Click here for image source...
To make sure the attackers did not modify their code, Microsoft created CodeQL queries that were used to scan their codebase for malicious implants matching the SolarWinds IOCs. Click here for image source link...
Researchers have uncovered gaps in Amazon’s skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make...
Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. Click here for image source link and to read full...
This particular phishing attack appeared active in mid-December 2020 and has since stopped. The targets of these malicious emails mainly worked in the U.K. financial services sector, Cofense notes. Click here for image source...
After first learning of this attack from a post on Reddit, BleepingComputer was able to find numerous samples of the targeted attack uploaded to VirusTotal since February 2nd, 2021. Click here for image source...
CD Projekt Red has released a hotfix for Cyberpunk 2077 to fix a remote code execution vulnerability that could be exploited by third-party data file modifications and save games files. Click here for image...
Another malicious Chrome extension recently came into the limelight for its unique abusive strategy. The… Malicious Extension Exploited Chrome Sync Feature To Steal Users’ Data on Latest Hacking News. Click here for image source...
The good news is that the FCA blocked all of these malicious emails sent its way, although the real threat is not from mass automated campaigns but more highly targeted spear-phishing attempts. Click here...
As these ads look like legitimate campaigns for the company, including showing their standard URL when you hover over them, it is common for people to be tricked into clicking on them. Click here...
Indelible discovered the “PushBug” campaign, which is a highly resilient operation, spread across more than 100 domains and installing browser-based activity that is difficult to detect. Click here for image source link and to...
Cross-Site Scripting (XSS) is a single of the most perfectly acknowledged website software vulnerabilities. It even has a focused chapter in the OWASP Prime 10 venture and it is a highly chased vulnerability in...
With a significant person base, it will make it fairly easy for cybercriminals to publish destructive browser extensions that execute illicit routines, together with spying and information theft, between other individuals. Impression and Post...
The Cybersecurity and Infrastructure Safety Agency (CISA) unveiled a PowerShell-dependent device that can help detect probably compromised apps and accounts in Azure/Microsoft 365 environments. Impression and Article Resource link Read Additional on Pentesting Applications
