Attackers abused the popular TikTok Invisible Challenge to spread info-stealer
Threat actors are exploiting interest in a popular TikTok challenge, dubbed Invisible Challenge, to trick users into downloading info-stealing malware....
hacking
China-linked UNC4191 APT relies on USB Devices in attacks against entities in the Philippines
An alleged China-linked cyberespionage group, tracked as UNC4191, used USB devices in attacks aimed at Philippines entities. Mandiant researchers spotted...
ENC Security, the encryption provider for Sony and Lexar, leaked sensitive data for over a year
CyberNews experts discovered that ENC Security, a Netherlands software company, had been leaking critical business data since May 2021. Original...
Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access
Cyble observed Initial Access Brokers (IABs) offering access to enterprise networks compromised via a critical flaw in Fortinet products. Researchers at...
CISA adds Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities Catalog
CISA added a critical flaw impacting Oracle Fusion Middleware, tracked as CVE-2021-35587, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity...
Pycrypt – Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products
Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products Important: Make Sure your payload file have all the...
Tips for Gamifying Your Cybersecurity Awareness Training Program
In today’s technological world, educating people about cybersecurity awareness is an absolute necessity. According to one report, 82% of data...
Irish data protection commission fines Meta over 2021 data-scraping leak
Irish data protection commission (DPC) fined Meta for not protecting Facebook’s users’ data from scraping. Meta has been fined €265 million...
A flaw in some Acer laptops can be used to bypass security features
ESET announced the discovery of a vulnerability impacting Acer laptops that can allow an attacker to deactivate UEFI Secure Boot....
Experts found a vulnerability in AWS AppSync
Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon...
EvilTree – A Remake Of The Classic “Tree” Command With The Additional Feature Of Searching For User Provided Keywords/Regex In Files, Highlighting Those That Contain Matche
A standalone python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in...
RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia
Several Ukrainian organizations were hit by Russia-based RansomBoggs Ransomware in the last week, ESET reports. Researchers from ESET observed multiple...
Security Affairs newsletter Round 395
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
US FCC bans the import of electronic equipment from Chinese firms
The U.S. Federal Communications Commission announced it will completely ban the import of electronic equipment from Huawei, ZTE, Hytera, Hikvision,...
Kubeeye – Tool To Find Various Problems On Kubernetes, Such As Application Misconfiguration, Unhealthy Cluster Components And Node Problems
KubeEye is an inspection tool for Kubernetes to discover Kubernetes resources (by OPA ), cluster components, cluster nodes (by Node-Problem-Detector)...
Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches
The massive data breach suffered by Twitter that exposed emails and phone numbers of its customers may have impacted more...
MSMAP – Memory WebShell Generator
Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer and Management Clients....
Devices from Dell, HP, and Lenovo used outdated OpenSSL versions
Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered...
Google fixed the eighth actively exploited #Chrome #zeroday this year
Google on Thursday released security updates to address a new zero-day vulnerability, tracked as CVE-2022-4135, impacting the Chrome web browser....
Experts investigate WhatsApp data leak: 500M user records for sale
Cybernews investigated a data sample available for sale containing up-to-date mobile phone numbers of nearly 500 million WhatsApp users. Original...
SharpSCCM – A C# Utility For Interacting With SCCM
SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr, formerly SCCM) for lateral movement and...
An international police operation dismantled the spoofing service iSpoof
An international law enforcement operation has dismantled an online phone number spoofing service called iSpoof. An international law enforcement operation that...
UK urges to disconnect Chinese security cameras in government buildings
The British government banned the installation of Chinese-linked security cameras at sensitive facilities due to security risks. Reuters reports that...
RansomExx Ransomware upgrades to Rust programming language
RansomExx ransomware is the last ransomware in order of time to have a version totally written in the Rust programming...
