Google warns of actively exploited Pixel firmware zero-day
Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks…
Author: Cybernoz
ADHA claims $1m in service credits from Accenture – Cloud – Hardware – Software
The Australian Digital Health Agency has claimed $1.04 million in service credits from Accenture, the outsourced operator of My Health Record infrastructure, since January 2018.…
CISA warns of criminals impersonating its employees in phone calls
Image: Midjourney Today, the Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential…
Black Basta Ransomware Suspected of Exploiting Windows 0-day Before Patch
The notorious Black Basta ransomware group is believed to have taken advantage of a high-severity Windows privilege escalation vulnerability (CVE-2024-26169) as a zero-day exploit before…
Conti And LockBit Ransomware Cryptor Developer Arrested By Ukraine Police
Ukraine National Police have arrested a man they say helped disguise ransomware used by Russia-based threat groups. The 28-year-old cryptor developer was unnamed in Ukraine…
New phishing toolkit uses PWAs to steal login credentials
A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms…
Tools for Conducting Malware Traffic Analysis in a Sandbox
A malware sandbox is a versatile solution that offers a variety of tools for studying malicious behavior, including threats’ network traffic. A quick sandbox analysis…
Life360 says hacker tried to extort them after Tile data breach
Safety and location services company Life360 says it was the target of an extortion attempt after a threat actor breached and stole sensitive information from…
Hackers Exploiting Linux SSH Services to Deploy Malware
SSH and RDP provide remote access to server machines (Linux and Windows respectively) for administration. Both protocols are vulnerable to brute-force attacks if solid passwords…
Sub-Venture Scale Security Problems
Thank you to Kane for coming up with the main thesis and as primary author of this piece. Check out his blog for a lot…
RCE, Privilege Escalation Flaws Patched
The June 2024 Patch Tuesday update from Microsoft addressed almost 49 vulnerabilities in its products and 9 vulnerabilities in non-Microsoft products. The update includes a…
JetBrains Warns of GitHub Plugin that Exposes Access Tokens
A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and later) exposed access tokens to malicious content within GitHub pull requests,…