Security

0 Comments
A new vulnerability has been discovered in Microsoft’s Azure Service Fabric Explorer (SFX) that would enable unauthenticated, remote threat actors to execute code on a container hosted on a Service Fabric node. Dubbed Super FabriXss by the Orca Security team, the cross-site scripting (XSS) flaw (CVE-2023-23383) has a CVSS score of 8.2 and affects SFX version 9.1.1436.9590 or
0 Comments
A new malware toolset has been discovered and analyzed by security experts at SentinelOne. Dubbed “AlienFox” by the team, the toolkit can harvest credentials for multiple cloud service providers. An advisory published on Thursday by SentinelOne threat researcher Alex Delamotte shows that attackers used AlienFox to successfully harvest API keys and secrets from various services, including
0 Comments
Threat actors suspected to be operating for the North Korean government have been observed trojanizing versions of the voice and video calling desktop client 3CX DesktopApp to launch attacks against several victims. The Symantec threat intelligence team shared the findings in an advisory published earlier today, explaining the attackers’ tactics were similar to those used against
0 Comments
Google’s Threat Analysis Group (TAG) has revealed tracking over 30 commercial spyware vendors that facilitate the spread of malware by government-backed threat actors. Writing in a blog post published earlier today, TAG’s Clement Lecigne said these vendors are arming countries that would otherwise not be able to develop these tools. “While the use of surveillance
0 Comments
A malware campaign targeting cryptocurrency wallets has been recently discovered by security researchers at Kaspersky. Discussing the findings in an advisory published today, the company said the attacks were first observed in September 2022 and relied on malware replacing part of the clipboard contents with cryptocurrency wallet addresses. “Despite the attack being fundamentally simple, it
0 Comments
Microsoft announced a new information disclosure vulnerability on Friday, for a bug affecting its screenshot editing tools in both Windows 10 and Windows 11.  The vulnerability (CVE-2023-28303) is called aCropalypse and could enable malicious actors to recover sections of screenshots, potentially revealing sensitive information.  Read more on screenshot-supported malware here: New Threat Group Reviews Screenshots Before Striking
0 Comments
Vulnerable code has been discovered in the payment solution plugin WooCommerce for the WordPress content management system (CMS) that could allow an unauthenticated attacker to gain administrative privileges and take over a website. The findings come from WordPress security experts at Wordfence, who described the critical authentication bypass in a blog post published on Thursday.
0 Comments
The US Cybersecurity and Infrastructure Security Agency (CISA) and the Joint Cyber Defense Collaborative (JCDC) have unveiled a new effort to aid organizations in quickly fixing vulnerabilities targeted by ransomware actors. The Pre-Ransomware Notification Initiative provides businesses with early warnings, enabling them to potentially evict threat actors before they can encrypt data and systems for
0 Comments
A Chinese cyber-espionage actor likely connected with the “Operation Soft Cell” campaign has been targeting Middle East telecom providers since the beginning of 2023. The new series of attacks are part of what SentinelOne researchers described as “Operation Tainted Love,” a cyber-espionage campaign exhibiting “a well-maintained, versioned credential theft capability” and a new dropper mechanism.
0 Comments
An administrator of the notorious BreachForums website has announced the forum was taken down following the arrest of its alleged founder days ago. Writing in a Telegram message within the “Breach Forums” channel on Tuesday, the BreachForums admin known as “baphomet” confirmed he would be closing the site. “I will be taking down the forum,
0 Comments
The Russia-aligned advanced persistent threat (APT) known as Winter Vivern has been observed conducting espionage campaigns targeting government organizations and a private telecommunication organization. Security researchers at SentinelOne shared details about the new campaign in an advisory published on Thursday. The APT activity was first identified by DomainTools in early 2021 and then further described