The 2016 data leak that affected Uber’s 57 million users and drivers was hushed up. The DOJ (US Department of Justice) and the taxi firm reached a deal in exchange for the confession, allowing the latter to avoid punishment. Uber…
Latest posts - Page 47
Nuki Smart Locks Have Several Security Flaws
Numerous Nuki Smart locks have security weaknesses, according to researchers. The availability, confidentiality, and integrity of the smart locks could all be impacted by exploiting the flaws. Nuki Smart Locks Flaws The Nuki Smart Lock and Bridge devices contain eleven…
Government Ransomware Attack Reports Are Declining, But Appearances Can Be Deceiving
The Ransomware Task Force, a group of about 60 cybersecurity experts from the tech sector and the public sector, published a report earlier this month that found that while organizations around the world continue to experience attacks, the rate of…
How Mercenary Hackers Sway Litigation Battles
Indian cyber mercenaries are hacking parties involved in lawsuits around the world, according to a treasure trove of thousands of email records found by Reuters, demonstrating how paid spies have evolved into the go-to tactic for litigants looking for an…
Workflow Weaknesses In GitHub Actions Gave Applications Like Logstash Write Access
Worst-case possibilities included malicious construction and greater infrastructural compromise. Multiple workflows of the well-known continuous integration and development (CI/CD) service GitHub Actions have been found to be command execution susceptible by security researchers. An automation tool created by the Tinder…
Malicious Npm Packages Target Discord Users Once More
A recent LofyLife campaign infects client files and obtains tokens to track user activity including logins, password changes, and payment methods. Researchers have discovered that threat actors are once more concealing malware that can steal Discord tokens in order to…
The US Government Alerts Citizens To The Rise in SMS Phishing Attempts
Americans have been alerted by the Federal Communications Commission (FCC) to an upsurge in SMS (Short Message Service) phishing attacks that aim to steal their money and personal information. Scammers behind such attacks, often known as smishing or robotexts (as…
Numerous Android Apps On The Google Play Store Have Been Discovered To Drop Banking Malware
A malicious effort used Android dropper apps that appeared to be innocuous from the Google Play Store to infect consumers’ smartphones with banking malware. These 17 dropper apps, collectively referred to as DawDropper by Trend Micro, pretended to be productivity…
Framing without iframes
Recently, Portswigger researchers discovered new techniques for framing a website without using the iframe element when researching XSS vectors. To include these, PortSwigger has updated the XSS cheat sheet. Researchers at Portswigger found that Google Chrome permits changing the URL…
Untangling KNOTWEED: A private European Offensive Actor Employing 0-Day Exploits
A private-sector offensive actor (PSOA) was discovered by the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) using a number of Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and…