Misconfigured Argo Workflows Instances Employed for Attacking Kubernetes Clusters
Intezer has discovered new Kubernetes cluster attack vectors using misconfigured instances of Argo Workflows. Threat actors have already been benefitted...
Dorothy – Tool To Test Security Monitoring And Detection For Okta Environments
Created by David French (@threatpunter) at Elastic Security Dorothy is a tool to help security teams test their monitoring and...
Juumla – Tool Designed To Identify And Scan For Version, Config Files In The CMS Joomla!
Juumla is a python tool developed to identify the current Joomla version and scan for readable Joomla config files.Installing /...
Hiding Malware inside a model of a neural network
Researchers demonstrated how to hide malware inside an image classifier within a neural network in order to bypass the defense...
Microsoft publishes mitigations for the PetitPotam attack
Microsoft published mitigations for the recently discovered PetitPotam attack that allows attackers to force remote Windows machines to share their...
Threat actor offers Clubhouse secret database containing 3.8B phone numbers
A threat actor is offering for sale on hacking forums the secret database Clubhouse containing 3.8B phone numbers. Clubhouse is...
1.2 Million Aussies Suffered when Uber was Breached in 2016
Uber infringed on the privacy of more than 1 million Australians in 2016, according to the Office of the Australian...
Experts warned about the risk of hacking and obtaining a loan on the Public Services Portal of the Russian Federation
Experts warn that scammers have begun to hack the accounts of citizens on the site of state services and using...
THORChain Suffers Another Major Hack Totaling $8M
Popular cross-chain liquidity exchange THORChain has been hit by another exploit, this time costing around $8 million, suffering a second...
Discord CDN and API Exploits Drive Wave of Malware Detections
As per the researchers, the number of reported Discord malware detections has increased significantly since last year. Even users who...
LemonDuck Targets Windows and Linux Systems
Initially, it was mainly a crypto-monetary botnet that allowed machine mining but later a transformation was initiated to make it...
Rconn – Rconn Is A Multiplatform Program For Creating Generic Reverse Connections
rconn (r conn) is a multiplatform program for creating reverse connections. It lets you consume services that are behind NAT...
Ppmap – A Scanner/Exploitation Tool Written In GO, Which Leverages Prototype Pollution To XSS By Exploiting Known Gadgets
A simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the...
Crooks target Kubernetes installs via Argo Workflows to deploy miners
Threat actors target Kubernetes installs via Argo Workflows to cryptocurrency miners, security researchers from Intezer warn. Researchers from Intezer uncovered...
XCSSET MacOS malware targets Telegram, Google Chrome data and more
XCSSET macOS malware continues to evolve, now it is able to steal login information from multiple apps, including Telegram and...
Security Affairs newsletter Round 324
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Japanese computers hit by a wiper malware ahead of 2021 Tokyo Olympics
Japanese researchers spotted an Olympics-themed wiper targeting Japanese users ahead of the 2021 Tokyo Olympics. Tokyo Olympics could be a...
CVE-2021-28903
Summary: A stack overflow in libyang
CVE-2021-28904
Summary: In function ext_get_plugin() in libyang
CVE-2021-28905
Summary: In function lys_node_free() in libyang module can't be NULL. But in some cases, node->module can be null, which triggers...
CVE-2021-28906
Summary: In function read_yin_leaf() in libyang
XCSSET, a MacOS malware, Targets Google Chrome and Telegram Software
As part of further "refinements in its tactics," a malware notorious for targeting the macOS operating system has been updated...
Wi-Fi Routers with Default Passwords are Vulnerable to Attacks
Cybersecurity researchers have advised the users to change the manufacturer’s default access credentials of their Wi-Fi home router to minimize...
Researchers Embedded Malware into an AI’s ‘Neurons’ and it Worked Scarily Well
According to a new study, as neural networks become more popularly used, they may become the next frontier for malware...
