14Articles
6Categories
2024-01-06Date
⚠️ VULNERABILITY DISCLOSURE 5[−]
6 JanIntro into CI/CD research that has lead to critical vulnerabilities in Google, Meta, Microsoft, Blockchains, and more.submitted by L4s to secops 1 points | 0 comments https://johnstawinski.com/2024/01/05/worse-than-solarwinds-three-steps-to-hack-blockchains-github-and-ml-through-github-actions/ Intro into CI/CD research that has lead to critical vulnerabilities in Google, Meta, Microsoft, Blockc…JOHNSTAWINSKI.COM
6 JanWeb3 Security Firm CertiK's X Account Hacked to Push Crypto DrainerThis incident is part of a larger-scale social engineering campaign targeting verified X accounts on Twitter, highlighting the vulnerability of high-profile accounts to cryptocurrency scams and phishing attacks.BLEEPINGCOMPUTER.COM
6 JanHackers Target Apache RocketMQ Servers Vulnerable to RCE AttacksAttackers can exploit these vulnerabilities to execute commands on vulnerable NameServer components of RocketMQ, highlighting the importance of upgrading to version 5.1.2/4.9.7 or above to mitigate the risk.BLEEPINGCOMPUTER.COM
6 JanWest Virginia City Latest Municipality Hit With CyberattackThe city of Beckley, West Virginia, is currently grappling with a cyberattack, which has disrupted their computer network and prompted investigations into the incident's source and impact.THERECORD.MEDIA
6 JanBest Data Lake Security Practices for 2024Data lakes are convenient. They provide storage for a seemingly endless stream of data integrated from versatile sources at a low cost. Lakes allow you to save different versions and copies of the same data in their raw, processed, or unstructured form — making them ideal for kee…GBHACKERS.COM
📢 SECURITY ADVISORIES 1[−]
6 JanSwatting: The New Normal in Ransomware Extortion TacticsExtortionists are resorting to swatting as a new tactic to pressure hospitals into paying ransom demands. Swatting involves making false reports to the police, resulting in heavily armed officers showing up at victims' homes.THEREGISTER.COM
🔥 INCIDENT REPORTING 2[−]
6 JanPro-Iranian Hacker Group Targeting Albania with No-Justice Wiper MalwareThe recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice. The findings come from cybersecurity company ClearSky, which said the Windows-based malware "crashes the operating system in a way that it can…THEHACKERNEWS.COM
6 JanSyrian Threat Group Peddles Destructive SilverRATA group known as Anonymous Arabic, with links to Turkey and Syria, is behind a sophisticated remote access Trojan called SilverRAT. They plan to release an updated version that can control compromised Windows systems and Android devices.DARKREADING.COM
🕵️ THREAT INTELLIGENCE 2[−]
6 JanIranian APT Used No-Justice Wiper in Recent Albanian AttacksThe cybersecurity firm ClearSky identified the tools used, including the No-Justice wiper and a PowerShell code. The malware had a valid digital signature, making it appear legitimate.HEALTHCAREINFOSECURITY.COM
6 JanSea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom CompaniesTelecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the Netherlands have been targeted as part of a new cyber espionage campaign undertaken by a Türkiye-nexus threat actor known as Sea Turtle. "T…THEHACKERNEWS.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
6 JanGoogle: Malware abusing API is standard token theft, not an API issueGoogle is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 3[−]
6 JanAre you sure of your password?, (Sat, Jan 6th)If many people can detect simple phishing emails these days, some attacks are very well crafted and also have built-in techniques not only to ensure that potential victims will fall into the trap but there is another aspect. From an attacker's point of view, how to improve th…ISC.SANS.EDU
6 JanX users fed up with constant stream of malicious crypto adsCybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams. [...]BLEEPINGCOMPUTER.COM
6 JanCracking the 2023 SANS Holiday Hack ChallengeFrom ChatNPT to Game Boys and space apps, this year’s challenge took us to the Geese Islands for another rollicking romp of funWELIVESECURITY.COM