Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service (MaaS) model, target over 1,500 banks across the world, spanning more than 60 countries in Central and South

[webapps] PopojiCMS 2.0.1 - Remote Command Execution (RCE)

PopojiCMS 2.0.1 - Remote Command Execution (RCE)

[webapps] Backdrop CMS 1.27.1 - Remote Command Execution (RCE)

Backdrop CMS 1.27.1 - Remote Command Execution (RCE)

[webapps] Apache OFBiz 18.12.12 - Directory Traversal

Apache OFBiz 18.12.12 - Directory Traversal

[webapps] Wordpress Theme XStore 9.3.8 - SQLi

Wordpress Theme XStore 9.3.8 - SQLi

[webapps] htmlLawed 1.2.5 - Remote Code Execution (RCE)

htmlLawed 1.2.5 - Remote Code Execution (RCE)

[webapps] Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

RomHack CFP Closes May 31!

submitted by /u/smaury
[link] [comments]

An attorney says she saw her library reading habits reflected in mobile ads. That's not supposed to happen

Follow us down this deep rabbit hole of privacy policy after privacy policy

Feature In April, attorney Christine Dudley was listening to a book on her iPhone while playing a game on her Android tablet when she started to see in-game ads that reflected the audiobooks she recently checked out of the San Francisco Public Library.…

A Basic Guide to Discovering Attack Surface with Ghidra and GDB

submitted by /u/cy1337
[link] [comments]

Gawd, after that week, we wonder what's next for China and the Western world

For starters: Crypto, import tariffs, and Microsoft shipping out staff

Kettle It's been a fairly troubling week in terms of the relationship between China and the Western world.…

Freeway for Network Pentesting

submitted by /u/Material-Tonight8924
[link] [comments]

US Official Warns a Cell Network Flaw Is Being Exploited for Spying

Plus: Three arrested in North Korean IT workers fraud ring, Tesla staffers shared videos from owners’ cars, and more.

How two brothers allegedly swiped $25M in a 12-second Ethereum heist

Feds scoff at blockchain integrity while software bug said to have been at heart of the matter

The US Department of Justice has booked two brothers on allegations that they exploited open source software used in the Ethereum blockchain world to bag $25 million (£20 million).…

Aussie cops probe MediSecure's 'large-scale ransomware data breach'

Throw another healthcare biz on the barby, mate

Australian prescriptions provider MediSecure is the latest healthcare org to fall victim to a ransomware attack, with crooks apparently stealing patients' personal and health data.…

Three cuffed for 'helping North Koreans' secure remote IT jobs in America

Your local nail tech could be a secret agent for Kim’s cunning plan

Three individuals accused of helping North Korea fund its weapons programs using US money are now in handcuffs.…

The who, where, and how of APT attacks – Week in security with Tony Anscombe

This week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape

Zeek 6.0.4

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Ubuntu Security Notice USN-6778-1

Ubuntu Security Notice 6778-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice USN-6776-1

Ubuntu Security Notice 6776-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice USN-6777-1

Ubuntu Security Notice 6777-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice USN-6774-1

Ubuntu Security Notice 6774-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

Ubuntu Security Notice USN-6775-1

Ubuntu Security Notice 6775-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice USN-6773-1

Ubuntu Security Notice 6773-1 - It was discovered that .NET did not properly handle memory in it's Double Parse routine. An attacker could possibly use this issue to achieve remote code execution. It was discovered that .NET did not properly handle the usage of a shared resource. An attacker could possibly use this to cause a dead-lock condition, resulting in a denial of service.

Red Hat Security Advisory 2024-2889-03

Red Hat Security Advisory 2024-2889-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2024-2890-03

Red Hat Security Advisory 2024-2890-03 - An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Security Advisory 2024-2891-03

Red Hat Security Advisory 2024-2891-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2888-03

Red Hat Security Advisory 2024-2888-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2886-03

Red Hat Security Advisory 2024-2886-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2887-03

Red Hat Security Advisory 2024-2887-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2882-03

Red Hat Security Advisory 2024-2882-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2883-03

Red Hat Security Advisory 2024-2883-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2884-03

Red Hat Security Advisory 2024-2884-03 - An update for Firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2885-03

Red Hat Security Advisory 2024-2885-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2881-03

Red Hat Security Advisory 2024-2881-03 - An update for firefox is now available for Red Hat Enterprise Linux 7. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2784-03

Red Hat Security Advisory 2024-2784-03 - Red Hat OpenShift Container Platform release 4.12.57 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-2834-03

Red Hat Security Advisory 2024-2834-03 - An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Issues addressed include a server-side request forgery vulnerability.

Red Hat Security Advisory 2024-2781-03

Red Hat Security Advisory 2024-2781-03 - Red Hat OpenShift Container Platform release 4.12.57 is now available with updates to packages and images that fix several bugs.

Red Hat Security Advisory 2024-2782-03

Red Hat Security Advisory 2024-2782-03 - Red Hat OpenShift Container Platform release 4.12.57 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Critical Flaw In AI Python Package Can Lead To System And Data Compromise

EU Probes Meta Over Its Provisions For Protecting Children

Google Patches 3rd Chrome Browser Zero Day Inside Of A Week

Microsoft Quick Assist Tool Abused For Ransomware Delivery

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining

First LockBit, now BreachForums: Are cops winning the war or just a few battles?

TLDR: Peace in our time is really really hard

On Wednesday the FBI and international cops celebrated yet another cybercrime takedown – of ransomware brokerage site BreachForums – just a week after doxing and imposing sanctions on the LockBit ransomware crew's kingpin, and two months after compromising the gang's website.…

QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends) - watchTowr Labs

submitted by /u/dx7r__
[link] [comments]

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

A new report from XM Cyber has found – among other insights - a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on hundreds of thousands of attack path assessments conducted by the XM Cyber

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year. "Deuterbear, while similar to Waterbear in many ways, shows advancements in capabilities such as including support for shellcode plugins, avoiding handshakes

Accessing Secure Client Cloud Management after the SecureX EoL

Secure Client Management capabilities aren’t going away with the SecureX EOL, the functionality is simply migrating to the Cisco Security Cloud Control service.

Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks

The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir, is "structurally almost identical to GoBear, with extensive sharing of code between

CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2014-100005 - A cross-site request forgery (CSRF) vulnerability impacting D-Link DIR-600 routers that allows an

Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware

Spoiler alert: it's not really IT support controlling your device

A cybercrime gang has been abusing Microsoft's Quick Assist application in social engineering attacks that ultimately allow the crew to infect victims with Black Basta ransomware.…

Sasori: A dynamic web crawler built on top of Puppeteer

submitted by /u/5up3r54iy4n
[link] [comments]

To the Moon and back(doors): Lunar landing in diplomatic missions

ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The SSID Confusion attack, tracked as CVE-2023-52424, impacts all operating systems and Wi-Fi clients, including home and mesh networks that are based on

CSTC: Bringing the CyberChef to the BurpSuite

submitted by /u/usdAG
[link] [comments]

EU probes Meta over its provisions for protecting children

Has social media biz done enough to comply with Digital Services Act? Maybe not

The European Commission has opened formal proceedings to assess whether Meta, the provider of Facebook and Instagram, may have breached the Digital Services Act (DSA) in areas linked to the protection of minors.…

How an Employee's Personal GitHub Repository Compromised Azure’s Internal Container Registry

submitted by /u/Pale_Fly_2673
[link] [comments]

Stifling Beijing in cyberspace is now British intelligence’s number-one mission

Annual conference of cyber intel unit shows UK's alarm over China blaring louder than ever

CyberUK Regular attendees of CYBERUK, the annual conference hosted by British intelligence unit the National Cyber Security Centre (NCSC), will know that in addition to the expected conference panels, there is usually an interwoven theme to proceedings.…

Wireshark Analyzer 4.2.5

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.