LimeRAT Malware Analysis: Extracting the Config
Apr 27, 2023The Hacker NewsMalware Analysis / Cyber Threat Remote Access Trojans (RATs) have taken the third leading position in ANY. RUN’s Q1 2023 report…
Month: April 2023
Let Remote Attackers Launch XSS
A zero-day flaw in Cisco’s Prime Collaboration Deployment (PCD) software that can be used to launch cross-site scripting attacks has been identified. “A vulnerability in…
[tl;dr sec] #179 – BSidesSF Summaries, Attacking Kubernetes, OpenAI + Burp Suite
Hey there, I hope you’ve been doing well! Conference Montage I have some amusing anecdotes from BSidesSF and RSA that I want to share, but…
SLP Protocol Bug Lets Attackers Launch 2,200x DDoS Attack
The Service Location Protocol (SLP) has been found to have a new reflective Denial-of-Service (DoS) amplification vulnerability. Threat actors can exploit this vulnerability to execute…
Brace Yourself for the 2024 Deepfake Election
“It consistently amazes me that in the physical world, when we release products there are really stringent guidelines,” Farid says. “You can’t release a product…
Google Cloud seals bug that could have led to data breaches
Google Cloud has fixed a potentially dangerous application programming interface (API) vulnerability in its platform that, had it been exploited by malicious actors, could have…
Jedox’s Journey with HackerOne: A Q&A with CTO, Vladislav Maličević
Vladislav Maličević is the Chief Technology Officer at Jedox, a leading global provider of cloud-based enterprise performance management solutions for Financial Planning and Analysis. Jedox…
PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliates
Clop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro researchers. The detected…
RTM Locker’s First Linux Ransomware Strain Targeting NAS and ESXi Hosts
Apr 27, 2023Ravie LakshmananLinux / Endpoint Security The threat actors behind RTM Locker have developed a ransomware strain that’s capable of targeting Linux machines, marking…
Web Cache Entanglement – Novel Pathways to Poisoning
Each year we anticipate new research from James Kettle at the annual Black Hat USA event and he’s become known for his web cache research.…
Eesti Energia Cyberattack Repeats As NoName Targets Estonia
Months after the Eesti Energia cyberattack, hacker group NoName has listed it and several Estonian organizations as victims. Among the named targets were the official…
GitHub introduces private vulnerability reporting for open source repositories
GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners. General availability The private vulnerability…