In this blog post, we will explore the intricate world of detection engineering. We’ll start by examining the inputs and outputs of detection engineering, and then we’ll illustrate the detection engineering lifecycle. The post Detection Engineering: A Case Study appeared…
Category: EN
Cyberhaven says it was hacked to publish a malicious update to its Chrome extension
The data-loss startup says it was targeted as part of a “wider campaign to target Chrome extension developers.” © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the…
North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign
North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often…
You Can Be a Part of this Grassroots Movement 🧑💻
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> You ever hear the saying, “it takes a village”? I never really understood the saying until I started going to conferences, attending protests, and working on EFF’s…
The Growing Intersection of Reproductive Rights and Digital Rights: 2024 in Review
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> Dear reader of our blog, surely by now you know the format: as we approach the end of the year, we look back on our work, count…
Electronic Frontier Alliance Fought and Taught Locally: 2024 in Review
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> The EFF-chaired Electronic Frontier Alliance (EFA) has had a big year! EFA is a loose network of local groups fighting for digital rights in the United States.…
While the Court Fights Over AI and Copyright Continue, Congress and States Focus On Digital Replicas: 2024 in Review
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> The phrase “move fast and break things” carries pretty negative connotations in these days of (Big) techlash. So it’s surprising that state and federal policymakers are doing…
Global Age Verification Measures: 2024 in Review
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> EFF has spent this year urging governments around the world, from Canada to Australia, to abandon their reckless plans to introduce age verification for a variety of…
You Can Be a Part of this Grassroots Movement 🧑💻
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> You ever hear the saying, “it takes a village”? I never really understood the saying until I started going to conferences, attending protests, and working on EFF’s…
Trio of SQL Injection Vulnerabilities Found in Amazon Redshift Drivers: Update Now
Three severe SQL injection vulnerabilities have been identified in specific Amazon Redshift drivers, posing a significant risk of privilege escalation and data compromise. The vulnerabilities, labeled as CVE-2024-12744, CVE-2024-12745, and CVE-2024-12746, each hold a CVSS severity score of 8.0, emphasizing…
Microsoft adds another problem to the Windows 11 24H2 naughty list
Santa Satya pops one more issue into his sack just in time for Christmas The trickle of known issues with Windows 11 24H2 has continued with a new one just in time for festive season: installed the operating system using…
You Can Be a Part of this Grassroots Movement 🧑💻
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> You ever hear the saying, “it takes a village”? I never really understood the saying until I started going to conferences, attending protests, and working on EFF’s…
Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks
A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto Networks’ PAN-OS software. This flaw allows unauthenticated attackers to exploit firewalls through specially crafted packets, causing denial-of-service (DoS) conditions. The issue has been actively exploited,…
NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern
The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in the cybersecurity community. This notorious Remote Access Trojan (RAT), also known as Bladabindi, has long been a tool of choice for cybercriminals due to its…
New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers
Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack targeting various organizations, unlike typical nation-sponsored attacks. While primarily associated with BeaverTail and InvisibleFerret malware, SOCs have recently observed OtterCookie deployed within this campaign. OtterCookie…
Lumma Stealer Attacking Users To Steal Login Credentials From Browsers
Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised EXE installer, as analysis revealed a parent-child relationship between these samples, all of which communicated with the same C2 server. The Lumma Stealer Trojan, observed…
You Can Be a Part of this Grassroots Movement 🧑💻
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> You ever hear the saying, “it takes a village”? I never really understood the saying until I started going to conferences, attending protests, and working on EFF’s…
Canvas fingerprinting in the wild
Every day, your computer renders dozens of these without you even noticing. Strange patterns, colorful shapes, and emojis—what do you think these are? These are canvas fingerprints, a technique used by the vast majority of websites to fingerprint devices and…
You Can Be a Part of this Grassroots Movement 🧑💻
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> You ever hear the saying, “it takes a village”? I never really understood the saying until I started going to conferences, attending protests, and working on EFF’s…
Volkswagen data breach of Electric cars and D Link router botnet attack
Volkswagen Data Leak Exposes Information of Over 800,000 Electric Vehicle Owners Volkswagen (VW), one of the most well-known automobile manufacturers in the world, has become the latest victim of a significant data breach that has compromised the personal information of…