Critical Ping bug potentially allows remote hack of FreeBSD systems
A critical stack-based buffer overflow bug, tracked as CVE-2022-23093, in the ping service can allow to take over FreeBSD systems. The maintainers...
hacking
Lazarus APT uses fake cryptocurrency apps to spread AppleJeus Malware
The North Korea-linked Lazarus APT spreads fake cryptocurrency apps under the fake brand BloxHolder to install the AppleJeus malware. Volexity...
Law enforcement agencies can extract data from thousands of cars’ infotainment systems
Law enforcement agencies can extract data from the infotainment systems of thousands of different car models. Data managed by infotainment...
US DHS Cyber Safety Board will review Lapsus$ gang’s operations
US DHS Cyber Safety Review Board will review attacks linked to the Lapsus$ extortion gang that hit multiple high-profile companies....
Neton – Tool For Getting Information From Internet Connected Sandboxes
Neton is a tool for getting information from Internet connected sandboxes. It is composed by an agent and a web...
New CryWiper wiper targets Russian entities masquerading as a ransomware
Experts spotted a new data wiper, dubbed CryWiper, that was employed in destructive attacks against Russian mayor’s offices and courts. Researchers...
Security Affairs newsletter Round 396
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Google fixed the ninth actively exploited Chrome zeroday this year
Google released security updates to address a new Chrome zero-day flaw, tracked as CVE-2022-4262, actively exploited in the wild. Google...
Shells – Little Script For Generating Revshells
A script for generating common revshells fast and easy. Especially nice when in need of Youtube video Version 1.4.6 Added...
A new Linux flaw can be chained with other two bugs to gain full root privileges
Qualys researchers demonstrated how to chain a new Linux flaw with two other two issues to gain full root privileges...
Attack of drones: airborne cybersecurity nightmare
Threat actors could exploit drones for payload delivery, kinetic operations, and even diversion, experts warn. Original post at https://cybernews.com/security/drones-hack-airborne-cybersecurity-nightmare/ Once...
Cuba Ransomware received over $60M in Ransom payments as of August 2022
Cuba ransomware gang received more than $60 million in ransom payments related to attacks against 100 entities worldwide as of...
Android Keyboard Apps with 2 Million downloads can remotely hack your device
Experts found multiple flaws in three Android Keyboard apps that can be exploited by remote attackers to compromise a mobile...
Pywirt – Python Windows Incident Response Toolkit
With this application, it is aimed to accelerate the incident response processes by collecting information in windows operating systems via...
New Go-based Redigo malware targets Redis servers
Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm...
3 of the Worst Data Breaches in the World That Could Have Been Prevented
Data breaches can be devastating for organizations, these are 3 of the worst incidents that could have been prevented Data...
DomainDouche – OSINT Tool to Abuse SecurityTrails Domain Suggestion API To Find Potentially Related Domains By Keyword And Brute Force
Abusing SecurityTrails domain suggestion API to find potentially related domains by keyword and brute force. Use it while it still...
North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea
North Korea-linked ScarCruft group used a previously undocumented backdoor called Dolphin against targets in South Korea. ESET researchers discovered a previously undocumented backdoor called Dolphin...
Lastpass discloses the second security breach this year
LastPass disclosed a new security breach, threat actors had access to its cloud storage using information stolen in the August...
Google links three exploitation frameworks to Spanish commercial spyware vendor Variston
Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the...
D4TA-HUNTER – GUI Osint Framework With Kali Linux
D4TA-HUNTER is a tool created in order to automate the collection of information about the employees of a company that...
Attackers abused the popular TikTok Invisible Challenge to spread info-stealer
Threat actors are exploiting interest in a popular TikTok challenge, dubbed Invisible Challenge, to trick users into downloading info-stealing malware....
China-linked UNC4191 APT relies on USB Devices in attacks against entities in the Philippines
An alleged China-linked cyberespionage group, tracked as UNC4191, used USB devices in attacks aimed at Philippines entities. Mandiant researchers spotted...
ENC Security, the encryption provider for Sony and Lexar, leaked sensitive data for over a year
CyberNews experts discovered that ENC Security, a Netherlands software company, had been leaking critical business data since May 2021. Original...
