24Articles
6Categories
2023-11-25Date
⚠️ VULNERABILITY DISCLOSURE 7[−]
25 NovBryce Case Jr. AKA YTCracker - The Original Digital Gangstersubmitted by c0mmando to netsec 1 points | 0 comments https://yewtu.be/watch?v=hFS7xONBJSE Bryce Case Jr., aka YTCracker, is a hacker, musician, also a self-identified member of the hacker group Anonymous. Bryce has been called “The Original Digital Gangster” for his early adopti…YEWTU.BE
25 NovMirai malware infects routers and cameras for new botnetsubmitted by c0mmando to netsec 1 points | 1 comments https://www.theregister.com/2023/11/23/zeroday_routers_mirai_botnet/ Akamai has uncovered two zero-day bugs capable of remote code execution, both being exploited to distribute the Mirai malware and built a botnet army for dis…THEREGISTER.COM
25 NovPotentially hundreds of UK law firms affected by cyberattack on IT provider CTSsubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/uk-cyberattack-msp-cts-law-firms CTS, a managed service provider (MSP) for law firms in the United Kingdom, is “urgently investigating” a cyberattack that has disrupted its services — potentially leavin…THERECORD.MEDIA
25 NovSerbian civilians targeted with Pegasus on eve of national electionssubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/serbian-civilians-targeted-with-pegasus Two Serbians were the targets of failed spyware attacks in August, according to a report released Tuesday by a Belgrade-based digital freedom organization. Apple …THERECORD.MEDIA
25 NovWarning: 3 Critical Vulnerabilities Expose ownCloud Users to Data BreachesThe maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files. A brief description of the vulnerabilities is as follows - Disclosure of sensitive credential…THEHACKERNEWS.COM
25 NovApp Used by Hundreds of Schools Leaking Children’s DataThe leaked data poses a significant threat to children, as it can be exploited by malicious actors for extortion, impersonation, identity theft, fraud, and even potential child abuse.SECURITYAFFAIRS.COM
📢 SECURITY ADVISORIES 2[−]
25 NovNew 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan GovernmentAn unspecified government entity in Afghanistan was targeted by a previously undocumented web shell called HrServ in what’s suspected to be an advanced persistent threat (APT) attack. The web shell, a dynamic-link library (DLL) named “hrserv.dll,” exhibits “sophisticated features…THEHACKERNEWS.COM
25 NovThe RAT King “NetSupport RAT” is Back in Action Via fake browser updatesIn the perpetually evolving realm of cybersecurity, the reawakening of NetSupport RAT, a Remote Access Trojan (RAT), casts a looming shadow that beckons the attention of vigilant security professionals. This insidious malware, initially conceived as a bona fide remote administrat…GBHACKERS.COM
🔥 INCIDENT REPORTING 6[−]
25 NovNorth Korean attack on CyberLink impacted devices around the world, Microsoft sayssubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/north-korea-attack-cyberlink-microsoft Microsoft has uncovered a supply chain attack by North Korean hackers who attached a malicious file to a legitimate photo and video editing application installer. …THERECORD.MEDIA
25 NovVanderbilt University Medical Center Investigating Cybersecurity IncidentThe hospital system was added to the leak site of the Meow ransomware gang. VUMC has confirmed the incident but has not provided details on when it occurred or the effects of the attack.THERECORD.MEDIA
25 NovCritical Vulnerabilities Expose ownCloud Users to Data BreachesThe three critical vulnerabilities include disclosure of sensitive credentials and configuration, authentication bypass using pre-signed URLs, and subdomain validation bypass.THEHACKERNEWS.COM
25 NovGeneral Electric investigates claims of cyberattack, data theftGeneral Electric is investigating claims that a threat actor breached the company's development environment in a cyberattack and leaked allegedly stolen data. [...]BLEEPINGCOMPUTER.COM
25 NovGeneral Electric investigates claims of cyber attack, data theftGeneral Electric is investigating claims that a threat actor breached the company's development environment in a cyberattack and leaked allegedly stolen data. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 4[−]
25 NovOVA Files, (Sat, Nov 25th)I had to figure out when a OVA file was published (for a virtual machine). The Open Virtualization Format (OVF) is the standard for these files. ISC.SANS.EDU
25 NovTowards Greater Accountability: A Proposal for CA Issuance Decision Logssubmitted by kpw to cybersecurity 1 points | 0 comments https://unmitigatedrisk.com/?p=731UNMITIGATEDRISK.COM
25 NovWhat Does a Former Black Hat Hacker Carry Everyday?submitted by c0mmando to netsec 1 points | 0 comments https://yewtu.be/watch?v=7MIoFxwawc0YEWTU.BE
🌐 CYBER THREAT LANDSCAPE 1[−]
25 NovAtomic Stealer malware strikes macOS via fake browser updatesThe 'ClearFake' fake browser update campaign has expanded to macOS, targeting Apple computers with Atomic Stealer (AMOS) malware. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 4[−]
25 NovCrypto Investor Losses Near $1M in Rug Pull SchemeThe recently identified scam involved the creation of counterfeit tokens and manipulated trading activities to attract investors before swiftly withdrawing liquidity and causing substantial losses.INFOSECURITY-MAGAZINE.COM
25 NovWireshark 4.2.0 Released, (Sat, Nov 25th)About 10 days ago, new versions of Wireshark were released. ISC.SANS.EDU