SEC Investigating Progress Software Over MOVEit Hack
The US Securities and Exchange Commission is launching its own investigation into the vulnerability in Progress Software’s MOVEit transfer tool that exposed data from more…
Month: October 2023
Apple fixes iOS Kernel zero-day vulnerability on older iPhones
Apple has published security updates for older iPhones and iPads to backport patches released one week ago, addressing two zero-day vulnerabilities exploited in attacks. “Apple is…
Critical Google Chrome User-After-Free Site Isolation Flaw
As part of a security update for Chrome, Google has upgraded the Stable channels to 118.0.5993.70 for Mac and Linux and 118.0.5993.70/.71 for Windows. The…
Scottish biometrics watchdog outlines police cloud concerns
The Scottish biometrics commissioner has written to Police Scotland outlining his ongoing concerns over the cloud-based digital evidence sharing system used by the force, which…
Adobe, Cisco IOS, Skype, WordPad, & Rapid Reset Flaws
The US cybersecurity organization CISA has updated its Known Exploited Vulnerabilities catalog to include five new security flaws that are currently being actively exploited. This…
Everest Ransomware lures Insider Threats with profit share
In recent times, we’ve witnessed a significant shift in the tactics employed by ransomware groups. Instead of solely infiltrating corporate networks to pilfer data and…
Ransomware review: October 2023
In September, two high-profile casino breaches taught us about the nuances of the RaaS affiliate landscape, the asymmetric dangers of phishing, and of two starkly…
[tl;dr sec] #203 – Stealing CI/CD Secrets, Sliver & Cursed Chrome, Career Advice
My heart goes out to those facing violence, loss, and displacement. I hope there is a return to peace soon. In the meantime, I’ll try…
ToddyCat hackers use ‘disposable’ malware to target Asian telecoms
A newly discovered campaign dubbed “Stayin’ Alive” has been targeting government organizations and telecommunication service providers across Asia since 2021, using a wide variety of…
Stayin’ Alive Hacking Teleco & Government Organizations
Threat actors target telecoms and government ministries because they house valuable data and infrastructure. Telecoms hold sensitive communication records and can disrupt essential services, while…
Malicious NuGet Package Targeting .NET Developers with SeroXen RAT
A malicious package hosted on the NuGet package manager for the .NET Framework has been found to deliver a remote access trojan called SeroXen RAT.…
Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin
A threat actor has deployed a WordPress backdoor that can hide its presence by posing as a legitimate plugin, WordPress security firm Defiant reports. Identified…