abused
-
Image: MidjourneyAcronis warned customers to patch a critical Cyber Infrastructure security flaw that lets attackers bypass authentication on vulnerable servers using default credentials.
-
Cado Security researchers have recently unveiled several campaigns exploiting Cloudflare’s WARP service to attack vulnerable internet-facing services. WARP, a free VPN service designed to optimize user traffic, is being leveraged by attackers to mask their true origins and bypass security measures.
-
An unauthenticated endpoint vulnerability allowed threat actors to identify phone numbers associated with Authy accounts, which was identified, and the endpoint has been secured to prevent unauthorized access.
-
“The malicious code dynamically generates payloads based on HTTP headers, activating only on specific mobile devices, evading detection, avoiding admin users and delaying execution,” according to c/side.
-
In a recent investigation, Symantec’s Threat Hunter Team has identified evidence suggesting that the Black Basta ransomware group may have exploited a previously unknown vulnerability (CVE-2024-26169) in the Windows Error Reporting Service. This zero-day vulnerability, which allows for privilege escalation on compromised systems, was patched in March 2024. However, forensic analysis of an exploit tool…
-
WordPress Plugin abused to install e-skimmers in e-commerce sites
-
Hackers compromised a popular courtroom recording platform used across jails and prisons around the globe, to gain full control of systems through a backdoor implanted in a software update.
-
In-depth Academics have suggested that Apple’s Wi-Fi Positioning System (WPS) can be abused to create a global privacy nightmare.
-
Happy May Patch Tuesday. We’ve got a lot of vendors joining this month’s patchapalooza, which includes a handful of bugs that have been exploited — either in the wild or at Pwn2Own — and now fixed by Microsoft, Apple, Google and VMware.
-
JS Infection Chain After analysing the LNK execution chain, I started looking for more cases like these via related files on VirusTotal. I discovered initial infectors in various languages and for several target groups just by looking for archives that contain either the same g2m.dll[4] or the same decoy PDF[5] by hash.
-
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company.
-
Project management platform Monday.com has removed its “Share Update” feature after threat actors abused it in phishing attacks.
-
End of March, NetworkSecurityFish disclosed a vulnerability in various D-Link NAS devices [1]. The vulnerability allows access to the device using the user “messagebus” without credentials. The sample URL used by the PoC was:
-
A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. While most of the malware activity has been based around the Microsoft GitHub URLs, this “flaw” could be abused with any public repository on GitHub, allowing threat…
-
A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy. While most of the malware activity has been based around the Microsoft GitHub URLs, this “flaw” could be abused with any public repository on GitHub, allowing…
-
Threat actors are abusing the widely-used Windows remote desktop protocol (RDP) remote access feature in their attack chains at a rate unprecedented since the Covid-19 pandemic, according to new analysis released by Sophos in its latest Active Adversary Report, which explored over 150 incident response cases to which its X-Ops team responded during 2023.
-
JetBrains issued a warning on March 4, 2024 about two serious vulnerabilities in TeamCity server. The flaws can be used by a remote, unauthenticated attacker with HTTP(S) access to a TeamCity on-premises server to bypass authentication checks and gain administrative control of the TeamCity server.
-
Thousands of subdomains abused for phishing, the latest ransomware news and more.
-
Researchers in security are issuing warnings about threat actors misusing Google Cloud Run to spread large amounts of banking trojans, such as Astaroth, Mekotio, and Ousaban.
-
When Apple announced its own approach to CSAM scanning, many of us warned that the process used to check for child sexual abuse materials would ultimately be abused by repressive governments to scan for things like political protest plans.