17Articles
6Categories
2024-05-25Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
25 MayChromium: CVE-2024-5159 Heap buffer overflow in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
25 MayChromium: CVE-2024-5157 Use after free in SchedulingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
25 MayChromium: CVE-2024-5158 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
25 MayChromium: CVE-2024-5274 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. Google is aware that an exploit for CVE-2024-5274 exists in…MSRC.MICROSOFT.COM
25 MayChromium: CVE-2024-5160 Heap buffer overflow in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 6[−]
25 MayBeware of HTML Masquerading as PDF Viewer Login PagesForcepoint X-Labs has recently observed a significant number of phishing email instances in their telemetry targeting various government departments in APAC that masquerade as PDF viewer login pages.FORCEPOINT.COM
25 MayCybercriminals Exploit Cloud Storage for SMS Phishing ScamsSecurity researchers have revealed a series of criminal campaigns that exploit cloud storage services such as Amazon S3, Google Cloud Storage, Backblaze B2 and IBM Cloud Object Storage.INFOSECURITY-MAGAZINE.COM
25 MayExperts Find Flaw in Replicate AI Service Exposing Customers' Models and DataCybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. "Exploitation of this vulnerabi…THEHACKERNEWS.COM
25 MayCybercriminals Exploit Cloud Storage For SMS Phishing Scamssubmitted by 0nekoneko7 to securitynews 1 points | 0 comments https://www.infosecurity-magazine.com/news/cloud-storage-exploited-sms/INFOSECURITY-MAGAZINE.COM
25 MayZero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Marketsubmitted by kernelle to cybersecurity 2 points | 0 comments https://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID4839255_code2492185.pdf?abstractid=4626426&mirid=1 Abstract Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made soft…PAPERS.SSRN.COM
25 MaypcTattletale - 138,751 breached accountsIn May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage , allegedly due to pcTattletale not responding to a previous security vulnerability report. The breach exposed data including members…HAVEIBEENPWNED.COM
🔥 INCIDENT REPORTING 1[−]
25 MaySpyware app pcTattletale was hacked and its website defacedpcTattletale's website was briefly defaced and contained links containing files from the spyware maker's servers, before going offline. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 2[−]
25 MaySharp Dragon Expands Towards Africa and The CaribbeanThe threat actors demonstrate increased caution in selecting their targets, broadening their reconnaissance efforts, and adopting Cobalt Strike Beacon over custom backdoors.RESEARCH.CHECKPOINT.COM
25 Maycsvkit, (Sat, May 25th)After reading my diary entry " Checking CSV Files ", a reader informed me that CSV toolkit csvkit also contains a command to check CSV files: csvstat.py . ISC.SANS.EDU
🌐 CYBER THREAT LANDSCAPE 1[−]
25 MayArc browser’s Windows launch targeted by Google ads malvertisingA new Google Ads malvertising campaign, coinciding with the launch of the Arc web browser for Windows, was tricking people into downloading trojanized installers that infect them with malware payloads. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 2[−]
25 MayNSA Issues Guidance for Maturing Application, Workload Capabilities Under Zero Trust; Dave Luber Quoted“This guidance helps organizations disrupt malicious cyber activity by applying granular access control and visibility to applications and workloads in modern network environments,” said Dave Luber, director of cybersecurity at NSA.EXECUTIVEGOV.COM
25 MayIndian man stole $37 million in crypto using fake Coinbase Pro siteAn Indian national pleaded guilty to wire fraud conspiracy for stealing over $37 million through a fake Coinbase website used to steal credentials. [...]BLEEPINGCOMPUTER.COM