Damn Vulnerable UEFI (DVUEFI) is an open-source exploitation toolkit and learning platform for unveiling and fixing UEFI firmware vulnerabilities. Simulate real-world firmware attacks DVUEFI was created to assist ethical hackers, security researchers, and firmware enthusiasts in beginning their journey into…
Category: EN
Malicious npm Packages Mimicking ‘noblox.js’ Compromise Roblox Developers’ Systems
Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in the open-source ecosystem to deliver malware. “By mimicking the popular…
Novel attack on Windows spotted in phishing campaign run from and targeting China
Resources hosted at Tencent Cloud involved in Cobalt Strike campaign Chinese web champ Tencent’s cloud is being used by unknown attackers as part of a phishing campaign that aims to achieve persistent network access at Chinese entities.… This article has…
Infosec products of the month: August 2024
Here’s a look at the most interesting products from the past month, featuring releases from: Adaptive Shield, AppOmni, ArmorCode, Bitwarden, Cequence Security, ClearSale, Clutch Security, Contrast Security, Dragos, Elastic, Endor Labs, Entrust, Fortanix, Fortinet, Guardio, HYCU, Ivanti, McAfee, Nucleus Security,…
New Version of Snake Keylogger Targets Victims Through Phishing Emails
Researchers at Fortinet’s FortiGuard Labs have uncovered a newly evolved variant of the Snake Keylogger, a type of malicious software notorious for capturing and recording everything a user types. Keyloggers are often used by cybercriminals to steal personal information, such…
Introducing the “World’s Most Private VPN” – Now Open for Testers
Virtual Private Network (VPN) is a security tool that encrypts your internet connection and disguises your IP address. This is achieved by rerouting your data through an encrypted tunnel to one of the VPN’s servers. While the technical details…
Wireshark 4.4: Converting Display Filters to BPF Capture Filters, (Sun, Sep 1st)
Display filters are used to define expressions that decide which packets get displayed, and which not in Wireshark's packet list. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.4: Converting Display…
Happy United States Labor Day 2024 / Feliz Fin de Semana del Día del Trabajo de Estados Unidos 2024 / Joyeux Fin de Semaine de la Fête du Travail aux États-Unis 2024
<a class=” sqs-block-image-link ” href=”https://www.dol.gov/” rel=”noopener” target=”_blank”> <img alt=”” height=”543″ src=”https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/4b74c31d-aa0e-4a31-99fe-80119945ba60/Lady%2BMachinists.jpg?format=1000w” width=”700″ /> </a><figcaption class=”image-caption-wrapper”> Happy Labor Day 2024 – Three Day Weekend Edition! Permalink The post Happy United States Labor Day 2024 / Feliz Fin de Semana del Día…
The Corona Mirai Botnet: Exploiting End-of-Life IP Cameras
A recent report by Akami experts highlights a troubling trend: the exploitation of a five-year-old zero-day vulnerability in end-of-life IP cameras by the Corona Mirai-based malware botnet. This blog delves into the details of this issue, its implications, and the…
AT&T Claims It Has Fixed Software Bug That Caused An Outage For Some Wireless Users
Some AT&T customers experienced a disruption in their wireless service earlier this week, which made it difficult for them to call 911 in an emergency. It was rectified in a few hours, with the company blaming a software fault,…
New “sedexp” Linux Malware Remained Undetected For Two Years
Researchers have found a new malware targeting Linux systems for at least two years without… New “sedexp” Linux Malware Remained Undetected For Two Years on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article…
Google Confirmed A Now-Patched Chrome Vulnerability As Zero-Day
Soon after patching over three dozen vulnerabilities, including a zero-day, in Chrome, Google identifies another… Google Confirmed A Now-Patched Chrome Vulnerability As Zero-Day on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has…
Notion Announced Exiting Russia Following US Restrictions
Russian users can no longer rely on Notion for their projects as the service announced… Notion Announced Exiting Russia Following US Restrictions on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has been…
Microsoft Patched Copilot Vulnerabilities That Could Expose Data
A security researcher discovered numerous vulnerabilities in Microsoft Copilot that could expose users’ personal information,… Microsoft Patched Copilot Vulnerabilities That Could Expose Data on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has…
Malware Botnet Exploits Vulnerable AVTECH IP Cameras
Researchers discovered the active exploitation of a zero-day vulnerability in AVTECH IP cameras by the… Malware Botnet Exploits Vulnerable AVTECH IP Cameras on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has been…
7 password rules to live by in 2024, according to security experts
Here’s what the experts recommend when you need to create a new password — and one rule likely goes against what you’re made to do at work. This article has been indexed from Latest stories for ZDNET in Security Read…
Massive Data Breach Exposes Sensitive Information Linked to ServiceBridge Platform
A recent data breach involving the ServiceBridge platform, used for field service management, has exposed sensitive data belonging to millions of customers and businesses. Security researcher Jeremiah Fowler discovered that nearly 32 million files were left unprotected and accessible…
Guide to Securing Your Software Supply Chain: Exploring SBOM and DevSecOps Concepts for Enhanced Application Security
Editor’s Note: The following is an article written for and published in DZone’s 2024 Trend Report, Enterprise Security: Reinforcing Enterprise Application Defense. In today’s cybersecurity landscape, securing the software supply chain has become increasingly crucial. The rise of complex software ecosystems…
An air transport security system flaw allowed to bypass airport security screenings
A vulnerability in an air transport security system allowed unauthorized individuals to bypass airport security screenings. The Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs are two transport security systems that pilots, flight attendants, and other airline employees…
The Evolution of Device Recognition to Attack Fraud at-Scale
Fraud prevention today is like a game of whack-a-mole. When one fraudster or attack method is stamped out, another arises to take its place. Similarly, when a fraud prevention solution… The post The Evolution of Device Recognition to Attack Fraud…