Uncategorized

CVE-2023-29383: Abusing Linux chfn to Misrepresent /etc/passwd 07/05/2023 at 18:24 By Two years ago, I picked out chfn as a candidate to be reviewed for security bugs. Why chfn I hear you ask? (Thanks for asking.) It is one of a small number of Set owner User ID (SUID) programs loaded with Linux which means […]

React to this headline:

Dissecting Buffer Overflow Attacks in MongoDB 07/05/2023 at 18:24 By Towards the end of 2020, a new vulnerability in MongoDB was found and published. The vulnerability affected almost all versions of MongoDB, up to v4.5.0, but was discussed and patched appropriately. This article is an excerpt from SpiderLabs Blog from Trustwave View Original Source React

React to this headline:

Why It’s Important to Change Default Credentials 07/05/2023 at 18:24 By Security best practice guidelines always call for changing default passwords as any password left on the factory preset is considered low hanging fruit, essentially just waiting to be abused by attackers to gain unauthorized access. This article is an excerpt from SpiderLabs Blog from

React to this headline:

Deobfuscating the Recent Emotet Epoch 4 Macro 07/05/2023 at 18:24 By This analysis is intended to help the cybersecurity community better understand the wider obfuscation and padding tricks Emotet is using. This article is an excerpt from SpiderLabs Blog from Trustwave View Original Source React to this headline:

React to this headline:

Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies 07/05/2023 at 18:24 By Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera. This article is an excerpt from SpiderLabs Blog from Trustwave View Original Source React to this headline:

React to this headline:

White House officials discuss AI concerns with security organizations 07/05/2023 at 18:23 By Vice President Harris and other White House officials met with security leaders to address risks associated with artificial intelligence (AI).  This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to this headline:

React to this headline:

Virginia school offers cybersecurity education program 07/05/2023 at 18:23 By A tech industry adult education program is being offered by Virginia Commonwealth University and the Institute of Data to help fill the talent gap. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to this headline:

React to this headline:

City of Dallas recovers after recent ransomware attack 07/05/2023 at 18:23 By City of Dallas residents are still dealing with some delays and disruptions following a Wednesday ransomware attack which affected some city websites and services. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to this headline:

React to this headline:

Add ‘prompt’ to the long list of injection attacks 07/05/2023 at 18:23 By Generative AI tools can be manipulated to accomplish malicious tasks, reveal sensitive information or ignore safety filters with the right prompt. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to this headline:

React to this headline:

Five reasons organizations aren’t ready for the next cyberattack 07/05/2023 at 18:23 By Even as security organizations are economizing on everything from desk space to free coffee cyber threats are consistently getting worse. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to this headline:

React to this headline:

New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks 07/05/2023 at 18:22 By Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that

React to this headline:

Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry 07/05/2023 at 18:22 By An advanced persistent threat (APT) actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism. “The attack is based on a classic side-loading attack, consisting of a clean application, a malicious

React to this headline:

Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN 07/05/2023 at 18:22 By Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019. “The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments

React to this headline:

New Android Malware ‘FluHorse’ Targeting East Asian Markets with Deceptive Tactics 07/05/2023 at 18:22 By Various sectors in East Asian markets have been subjected to a new email phishing campaign that distributes a previously undocumented strain of Android malware called FluHorse that abuses the Flutter software development framework. “The malware features several malicious Android applications that mimic

React to this headline:

N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks 07/05/2023 at 18:22 By The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign. “[ReconShark] is actively delivered to specifically targeted individuals through spear-phishing emails, OneDrive links leading to document downloads,

React to this headline: