Security Affairs newsletter Round 392
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Cybersecurity researchers discovered 29 malicious PyPI packages delivering the W4SP stealer to developers’ systems. Cybersecurity researchers have discovered 29 packages...
Microsoft warns of an uptick among threat actors increasingly using publicly-disclosed zero-day exploits in their attacks. According to the Digital...
Motivation During the forensic analysis of a Windows machine, you may find the name of a deleted prefetch file. While...
A new campaign spreading RomCom RAT impersonates popular software brands like KeePass, and SolarWinds. The threat actor behind the RomCom...
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. Prerequisites Appshark requires a specific version...
I’m proud to announce the release of the 10th edition of the ENISA Threat Landscape (ETL) on the state of...
Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple...
The LockBit ransomware group claimed to have hacked the multinational automotive group Continental and threatens to leak stolen data. LockBit...
Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US....
Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. Security researchers...
Vulnerable Client-Server Application Vulnerable client-server application (VuCSA) is made for learning/presenting how to perform penetration tests of non-http thick clients....
TikTok updated its privacy policy for European Economic Area (“EEA”) and confirmed that its Chinese staff can access their users’ data....
Fortinet addressed 16 vulnerabilities in some of the company’s products, six flaws received a ‘high’ severity rate. One of the...
I’m deeply saddened by the absurd death of Vitali Kremez, he died during a scuba diving off the coast of...
Four malicious Android apps uploaded by the same developer to Google Play totaled at least one million downloads. Malwarebytes researchers...
Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022,...
jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even...
Dropbox disclosed a security breach, threat actors gained unauthorized access to 130 of its source code repositories on GitHub. File...
The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote...
The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is...
ConnectWise has addressed a critical remote code execution vulnerability impacting Recover and R1Soft Server Backup Manager (SBM). According to the...
Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M....
Deliberately Download & Run There's no need to clone the repository. Linux & Mac curl -o cicd-goat/docker-compose.yaml --create-dirs https://raw.githubusercontent.com/cider-security-research/cicd-goat/main/docker-compose.yamlcd cicd-goat...