Credentials and API Keys Leaking Online
Dec 12, 2024Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk…
Month: December 2024
Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement
Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement Pierluigi Paganini December 12, 2024 Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to…
Vulnerabilities in Skoda & Volkswagen Cars Let Hackers Remotely Track Users
Cybersecurity researchers have discovered several vulnerabilities in the infotainment systems of certain Skoda and Volkswagen car models. These vulnerabilities may allow hackers to track and…
Malicious ESLint Package Let Attackers Steal Data And Inject Remote Code
Cybercriminals exploited typosquatting to deploy a malicious npm package, `@typescript_eslinter/eslint`, targeting developers seeking the legitimate TypeScript ESLint plugin, which was designed to mimic the genuine…
Triad Nexus, Chinese Hackers Using 200,000 Domains For Widespread Cyber Attack
Researchers identified FUNNULL, a Chinese CDN, as hosting malicious content, which includes fake trading apps for financial fraud, gambling sites likely used for money laundering,…
No-Brainer AI Security Stock to Buy and Hold for the Long Run
12 Dec No-Brainer AI Security Stock to Buy and Hold for the Long Run Posted at 08:54h in Blogs by Taylor Fox This week in…
New Zealand Cyber Incidents Surge 58%
New Zealand’s National Cyber Security Centre (NCSC) has released its highly anticipated Cyber Security Insights Report for the third quarter of 2024. This report reveals…
Antidot Malware Attacking Employees Android Devices To Inject Malicious Payloads
Researchers discovered a new variant of the AntiDot banking trojan targeting Android mobile devices through a mobile-phishing (mishing) campaign, where this variant builds upon the…
Operation PowerOFF took down 27 DDoS platforms across 15 countries
Operation PowerOFF took down 27 DDoS platforms across 15 countries Pierluigi Paganini December 12, 2024 Operation PowerOFF took down 27 DDoS stresser services globally, disrupting…
The Unsolvable Problem: XZ and Modern Infrastructure
The ongoing prevalence (and rise) of software supply chain attacks is enough to keep any software developer or security analyst up at night. The recent…
Scammers Exploit Fake Domains in Dubai Police Phishing Scams
SUMMARY: Researchers found a rise in phishing attacks in the UAE impersonating Dubai Police via SMS. Attackers use fake domains with typosquatting and suspicious extensions…
Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS
Dec 12, 2024Ravie LakshmananVulnerability / Device Security Details have emerged about a now-patched security vulnerability in Apple’s iOS and macOS that, if successfully exploited, could…