22Articles
6Categories
2023-09-02Date
⚠️ VULNERABILITY DISCLOSURE 4[−]
2 SepUpdate: Exploit Released for Critical VMware SSH Authentication Bypass VulnerabilityThe proof-of-concept (PoC) exploit targets all Aria Operations for Networks versions from 6.0 to 6.10, and it was developed and released by Summoning Team vulnerability researcher Sina Kheirkhah.BLEEPINGCOMPUTER.COM
2 SepChrome extensions can steal plaintext passwords from websitesA team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code. [...]BLEEPINGCOMPUTER.COM
2 SepYes, there's an npm package called @(-.-)/env and some others like itStrangely named npm packages like -, @!-!/-, @(-.-)/env, and --hepl continue to exist on the internet's largest software registry. While not all of these may necessarily pose an obvious security risk, some were named before npm enforced naming guidelines and could potentially bre…BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 3[−]
2 SepOkta Warns of Social Engineering Attacks Targeting Super Administrator PrivilegesIdentity services provider Okta on Friday warned of social engineering attacks orchestrated by threat actors to obtain elevated administrator permissions. “In recent weeks, multiple US-based Okta customers have reported a consistent pattern of social engineering attacks against I…THEHACKERNEWS.COM
2 SepCISA Report on Notorious Chisel Android Malware that Steals Data and Monitors TrafficWith the rise of new technological innovations and security mechanisms, threat actors are also upgrading their skills and evolving rapidly.  These evolutions have resulted in an alarming increase in the quick growth of Android malware. Recently, CISA (The United States’ Cybe…GBHACKERS.COM
2 SepOkta Warns of Social Engineering Attacks Targeting Super Administrator PrivilegesCentral to the attacks is a commercial phishing kit called 0ktapus, which offers pre-made templates to create realistic fake authentication portals and ultimately harvest credentials and MFA codes. It also has a built-in C2 channel via Telegram.THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 3[−]
2 SepThreat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld RansomwareCybersecurity firm Securonix, which has dubbed the campaign DB#JAMMER, said it stands out for the way the toolset and infrastructure are employed against poorly secured Microsoft SQL servers.THEHACKERNEWS.COM
2 SepPennsylvania School District to Stay Open Despite Ransomware AttackOn Thursday, the Chambersburg Area School District published a message on its website and social media channels announcing that it had become yet another K-12 school district attacked by a ransomware gang.THERECORD.MEDIA
2 SepFreecycle users told to change passwords after data breachFreecycle, an online community that encourages sharing unwanted items with eachother than chucking them in the bin or taking them to landfill, has told users to change their passwords after it suffered a data breach.GRAHAMCLULEY.COM
🕵️ THREAT INTELLIGENCE 5[−]
2 SepPromptmap – Tool to Test Prompt Injection Attacks on ChatGPT InstancesPrompt injection refers to a technique where users input specific prompts or instructions to influence the responses generated by a language model like ChatGPT. However, threat actors mainly use this technique to mod the ChatGPT instances for several malicious purposes. It has se…GBHACKERS.COM
2 SepAnnoying Apple Fans: The Flipper Zero Bluetooth Prank Revealedsubmitted by L4s to secops 1 points | 0 comments https://techryptic.github.io/2023/09/01/Annoying-Apple-Fans/ Annoying Apple Fans: The Flipper Zero Bluetooth Prank Revealed::undefinedTECHRYPTIC.GITHUB.IO
2 SepNmap 7.94 Released: What’s New!The latest version of Nmap, 7.94, was released on its 26th birthday. The most significant upgrade was the migration of Zenmap and Ndiff from Python 2 to Python 3 across all platforms. This new version of Nmap 7.94 was upgraded with more than a number of improvements, fixed some o…GBHACKERS.COM
2 SepVMConnect Supply Chain Attack PersistsReversingLabs identified three new malicious Python packages on PyPI, which are linked to a previously discovered VMConnect campaign. Analysis of the packages reveals similarities to previous supply chain attacks attributed to the Lazarus Group. To protect against such threats, o…CYWARE.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
📡 INFOSEC NEWS 6[−]
2 SepWhat is the origin of passwords submitted to honeypots?, (Sat, Sep 2nd)We use passwords just about everywhere in our daily lives. It&#;x26;#;39;s difficult to think of an online service where we don&#;x26;#;39;t have a need to enter some kind of credentials to access our content. DShield honeyp…ISC.SANS.EDU
2 SepMaker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposedA company that makes a chastity device for people with a penis that can be controlled by a partner over the internet exposed users’ email addresses, plaintext passwords, home addresses and IP addresses, and — in some cases — GPS coordinates, due to several flaws in its servers, a…TECHCRUNCH.COM
2 SepNew ‘YouPorn’ sextortion scam threatens to leak your sex tapeA new sextortion scam is making the rounds that pretends to be an email from the adult site YouPorn, warning that a sexually explicit video of you was uploaded to the site and suggesting you pay to have it taken down. [...]BLEEPINGCOMPUTER.COM
2 SepFake YouPorn extortion scam threatens to leak your sex tapeA new sextortion scam is making the rounds that pretends to be an email from the adult site YouPorn, warning that a sexually explicit video of you was uploaded to the site and suggesting you pay to have it taken down. [...]BLEEPINGCOMPUTER.COM