Zombinder APK binding service used in multiple malware attacks
Zombinder is a third-party service on darknet used to embed malicious payloads in legitimate Android applications. While investigating a new...
News
Pwn2Own Toronto 2022 Day 2: Participants earned $281K
Pwn2Own Toronto 2022 Day Two – Participants demonstrated exploits for smart speaker, smartphone, printer, router, and NAS. On the first...
Android app with over 5m downloads leaked user browsing history
The Android app Web Explorer – Fast Internet left an open instance, exposing a trove of sensitive data that malicious...
APT37 used Internet Explorer Zero-Day in a recent campaign
Google warns that the North Korea-linked APT37 group is exploiting Internet Explorer zero-day flaw to spread malware. North Korea-linked APT37...
New Go-based botnet Zerobot exploits dozens of flaws
Researchers discovered a new Go-based botnet called Zerobot that exploits two dozen security vulnerabilities IoT devices. Fortinet FortiGuard Labs researchers have discovered...
Pwn2Own Toronto 2022 hacking competition. Samsung S22 hacked
The Pwn2Own Toronto 2022 hacking competition has begun, this is the 10th anniversary of the consumer-focused version of the contest....
Sophos fixed a critical flaw in its Sophos Firewall version 19.5
Sophos addressed several vulnerabilities affecting its Sophos Firewall version 19.5, including arbitrary code execution issues. Sophos has released security patches...
Main phishing and scamming trends and techniques
There are two main types of online fraud aimed at stealing user data and money: phishing and scams. Phishers primarily...
Cybersecurity Plan: 3 Keys for CISOs
CISOs and security professionals need a cybersecurity plan to succeed. Explore three keys for a winning strategy. If you like...
Why Chaos Engineering is a Good Stress Test Strategy
Learn about chaos engineering, a method of resilience testing that intentionally introduces “chaos” into a system to discover vulnerabilities and...
Russia’s second-largest bank VTB Bank under DDoS attack
Russia’s second-largest bank VTB Bank reveals it is facing the largest DDoS (distributed denial of service) attack in its history....
A flaw in the connected vehicle service SiriusXM allows remote car hacking
Researchers discovered a security flaw in the connected vehicle service SiriusXM that exposes multiple car models to remote attacks. Cybersecurity...
Ransomware Toolkit Cryptonite turning into an accidental wiper
Researchers spotted a version of the open-source ransomware toolkit Cryptonite that doesn’t support decryption capabilities. Fortinet researchers discovered a sample of...
Crook sentenced to 18 months for stealing $20M in SIM swapping attack
Nicholas Truglia, from Florida, US, was sentenced to 18 months in prison for stealing more than $20 million in a...
Crimeware trends: self-propagation and driver exploitation
Introduction If one sheep leaps over the ditch, the rest will follow. This is an old saying, found in various...
US-CERT Bulletin (SB22-339):Vulnerability Summary for the Week of November 28, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
French hospital cancels operations after a ransomware attack
A French hospital near Paris canceled operations and transfer some patients due to a cyber attack suffered over the weekend....
Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web
Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. “In the Box” dark...
Critical Ping bug potentially allows remote hack of FreeBSD systems
A critical stack-based buffer overflow bug, tracked as CVE-2022-23093, in the ping service can allow to take over FreeBSD systems. The maintainers...
Lazarus APT uses fake cryptocurrency apps to spread AppleJeus Malware
The North Korea-linked Lazarus APT spreads fake cryptocurrency apps under the fake brand BloxHolder to install the AppleJeus malware. Volexity...
Law enforcement agencies can extract data from thousands of cars’ infotainment systems
Law enforcement agencies can extract data from the infotainment systems of thousands of different car models. Data managed by infotainment...
US DHS Cyber Safety Board will review Lapsus$ gang’s operations
US DHS Cyber Safety Review Board will review attacks linked to the Lapsus$ extortion gang that hit multiple high-profile companies....
New CryWiper wiper targets Russian entities masquerading as a ransomware
Experts spotted a new data wiper, dubbed CryWiper, that was employed in destructive attacks against Russian mayor’s offices and courts. Researchers...
Security Affairs newsletter Round 396
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
