The data-loss startup says it was targeted as part of a “wider campaign to target Chrome extension developers.” © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the…
North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign
North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often…
You Can Be a Part of this Grassroots Movement 🧑💻
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> You ever hear the saying, “it takes a village”? I never really understood the saying until I started going to conferences, attending protests, and working on EFF’s…
The Growing Intersection of Reproductive Rights and Digital Rights: 2024 in Review
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> Dear reader of our blog, surely by now you know the format: as we approach the end of the year, we look back on our work, count…
Electronic Frontier Alliance Fought and Taught Locally: 2024 in Review
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> The EFF-chaired Electronic Frontier Alliance (EFA) has had a big year! EFA is a loose network of local groups fighting for digital rights in the United States.…
While the Court Fights Over AI and Copyright Continue, Congress and States Focus On Digital Replicas: 2024 in Review
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> The phrase “move fast and break things” carries pretty negative connotations in these days of (Big) techlash. So it’s surprising that state and federal policymakers are doing…
Global Age Verification Measures: 2024 in Review
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> EFF has spent this year urging governments around the world, from Canada to Australia, to abandon their reckless plans to introduce age verification for a variety of…
You Can Be a Part of this Grassroots Movement 🧑💻
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> You ever hear the saying, “it takes a village”? I never really understood the saying until I started going to conferences, attending protests, and working on EFF’s…
Trio of SQL Injection Vulnerabilities Found in Amazon Redshift Drivers: Update Now
Three severe SQL injection vulnerabilities have been identified in specific Amazon Redshift drivers, posing a significant risk of privilege escalation and data compromise. The vulnerabilities, labeled as CVE-2024-12744, CVE-2024-12745, and CVE-2024-12746, each hold a CVSS severity score of 8.0, emphasizing…
Elektronische Patientenakte: So lässt sich auf die ePAs aller Versicherten zugreifen
Die angeblich sicherste ePA Europas lässt sich von vielen Seiten aus angreifen. Potenziell sind die Daten aller Versicherten gefährdet. (38C3, Datenschutz) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Elektronische Patientenakte: So lässt sich auf…
Microsoft adds another problem to the Windows 11 24H2 naughty list
Santa Satya pops one more issue into his sack just in time for Christmas The trickle of known issues with Windows 11 24H2 has continued with a new one just in time for festive season: installed the operating system using…
You Can Be a Part of this Grassroots Movement 🧑💻
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> You ever hear the saying, “it takes a village”? I never really understood the saying until I started going to conferences, attending protests, and working on EFF’s…
38C3: Große Sicherheitsmängel in elektronischer Patientenakte 3.0 aufgedeckt
Gravierende Sicherheitslücken müssten bis zum Start der ePA 3.0 noch geschlossen werden. Das demonstrieren Martin Tschirsich und Bianca Kastl auf dem 38C3. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: 38C3: Große Sicherheitsmängel in elektronischer Patientenakte…
Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks
A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto Networks’ PAN-OS software. This flaw allows unauthenticated attackers to exploit firewalls through specially crafted packets, causing denial-of-service (DoS) conditions. The issue has been actively exploited,…
NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern
The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in the cybersecurity community. This notorious Remote Access Trojan (RAT), also known as Bladabindi, has long been a tool of choice for cybercriminals due to its…
New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers
Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack targeting various organizations, unlike typical nation-sponsored attacks. While primarily associated with BeaverTail and InvisibleFerret malware, SOCs have recently observed OtterCookie deployed within this campaign. OtterCookie…
Lumma Stealer Attacking Users To Steal Login Credentials From Browsers
Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised EXE installer, as analysis revealed a parent-child relationship between these samples, all of which communicated with the same C2 server. The Lumma Stealer Trojan, observed…
You Can Be a Part of this Grassroots Movement 🧑💻
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> You ever hear the saying, “it takes a village”? I never really understood the saying until I started going to conferences, attending protests, and working on EFF’s…
Canvas fingerprinting in the wild
Every day, your computer renders dozens of these without you even noticing. Strange patterns, colorful shapes, and emojis—what do you think these are? These are canvas fingerprints, a technique used by the vast majority of websites to fingerprint devices and…
IT Security News Hourly Summary 2024-12-27 18h : 6 posts
6 posts were published in the last hour 16:38 : You Can Be a Part of this Grassroots Movement 🧑💻 16:10 : 38C3: Terabyte an Bewegungsdaten von VW-Elektroautos in der Cloud gefunden 16:10 : Datenschutzverletzung: Volkwagen-Bewegungsprofile von 800.000 E-Autos offengelegt…
You Can Be a Part of this Grassroots Movement 🧑💻
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> You ever hear the saying, “it takes a village”? I never really understood the saying until I started going to conferences, attending protests, and working on EFF’s…
38C3: Terabyte an Bewegungsdaten von VW-Elektroautos in der Cloud gefunden
Die für die Softwareentwicklung von VW zuständige Tochterfirma hat Bewegungsdaten hunderttausender Elektroautos so gespeichert, dass ein Zugriff leicht war. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: 38C3: Terabyte an Bewegungsdaten von VW-Elektroautos in der Cloud…
Datenschutzverletzung: Volkwagen-Bewegungsprofile von 800.000 E-Autos offengelegt
Persönliche Daten und Bewegungsprofile von rund 800.000 VW-E-Auto-Besitzern lagen monatelang öffentlich zugänglich in der Cloud. (VW, Datenschutz) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Datenschutzverletzung: Volkwagen-Bewegungsprofile von 800.000 E-Autos offengelegt
Volkswagen data breach of Electric cars and D Link router botnet attack
Volkswagen Data Leak Exposes Information of Over 800,000 Electric Vehicle Owners Volkswagen (VW), one of the most well-known automobile manufacturers in the world, has become the latest victim of a significant data breach that has compromised the personal information of…