Cybercriminals who use Prynt Stealer to collect data from victims are duped by the malware developer, who also receives a copy of the information via Telegram. The malware developer inserted a backdoor into the infostealer builder, which is present in…
Latest posts - Page 40
Using Hackability to find a Chrome data leak
Gareth Heyes has been hacking browsers for over 15 years, and one of his goals was to find an SOP bypass or information leak in every major browser. Chrome was the only browser left standing…until now. This post explains how…
A New Ransomware Attack Has Hit The Windows and Linux Servers of A Chile Government Agency
Chile’s national computer security and incident response team (CSIRT) has announced that a ransomware attack has impacted the country’s government agency’s operations and online services. The ransomware attack began on Thursday, August 25, and targeted the agency’s Microsoft and VMware…
Hackers Take Advantage of Users’ Desire to be Verified by Instagram
Threat actors harvest user credentials by exploiting Instagram’s highly sought-after verification programme. Vade discovered a sophisticated and targeted phishing campaign aimed at luring Instagram users into a trap and stealing their personal information and account credentials. It starts by email…
Over 1800 Android and iOS apps’ source code provides access to AWS credentials
The Symantec Danger Hunter team discovered 1859 applications on Android and iOS that contained hard-coded Amazon Web Expert services (AWS). They obtain tokens that allowed access to personal AWS credentials. Around half of all the apps examined by the security…
A TikTok vulnerability could have allowed account hijackers to take control
Microsoft has released a detailed description of a now-resolved issue that was potentially dangerous for TikTok users. Microsoft classified the issue as a “high-severity vulnerability,” requiring several steps to be chained together to function. Attackers who use it could compromise…
A Google Chrome Bug Allows Sites To Write To The Clipboard Without Prompting
Chrome version 104 introduced a bug that removes the requirement for users to approve clipboard writing events from websites visited. This feature is not limited to Google Chrome. Despite the fact that Safari and Firefox allow web pages to write…
Cyber Signals: 3 Ransomware Protection Strategies
The “as a service” business model has grown in popularity as cloud adoption enables people to access services through third-party providers. Given the convenience and agility of service offerings, that cybercriminals are utilizing the “as a service” model for nefarious…
A command injection vulnerability in GitHub Pages has earned a bug hunter $4,000
Social engineering techniques were used to trick developers into exposing repositories. Using the GitHub Pages build process, a security researcher discovered a way to launch code execution attacks. According to a recent blog post, Joren Vrancken received a $4,000 reward…
A student loan breach has exposed 2.5 million records.
In a breach that could lead to further problems, 2.5 million people were affected. Over 2.5 million loanees have been notified by EdFinancial and the Oklahoma Student Loan Authority (OSLA) that their personal information was compromised in a loan data…