Hackers are making artificial websites for famous open-source and free apps to encourage malicious downloads through google search engine advertisements. At least one prominent…
github
Malware
Malware – 2FA Secured Sessions hack
In December, CircleCi experienced a security incident when hackers breached their systems. The breach occurred after an engineer at the company became infected with…
Android malware
Pre-installed malware on Android TV box
A Canadian systems security consultant, Daniel Milisic, recently bought an Android TV box from Amazon. It came with malware. It was in its firmware.…
Malware
Pink APT Group: Malware Threat Spotlight
A new advanced threat actor, Dark Pink APT by Group-IB and Saaiwc Group by Anheng Hunting Labs, has been identified as the source of…
Darknet marketplace
Darknet Markets Move To Android Apps
Online markets selling drugs and other illegal substances on the darknet have begun to use custom Android apps. It increases privacy and evades law…
Malware
Hackers deceive people to download BitRAT malware using stolen bank data.
A new malware campaign has been observed that uses sensitive bank information as a lure in phishing emails to fall a remote access trojan…
Credential stuffing attack
Users of Mastodon are at risk of password-stealing attacks
A researcher has cautioned that a vulnerability in Anomaly, a fork of Mastodon, could allow hackers to obtain users’ password information. Mastodon has been…
Remote Code Execution
Another Parse Server RCE is produced by the prototype pollution project
Parse Server has been updated to address a prototype pollution vulnerability that could result in remote code execution (RCE). According to a GitHub security…
RCE vulnerability
Critical “CosMiss” RCE Flaw Affecting Azure Cosmos DB
On Tuesday, Microsoft said that it has fixed a CosMiss RCE flaw that allows complete read and write access in Jupyter Notebooks for Azure…
General
Incident Response Trends in Q3 2022, quarterly report
In Q3 2022, researchers at Cisco Talos Incident Response (CTIR) released their quarterly report on incident response trends. Trends in ransomware, phishing, and BEC…