Thomson Reuters collected and leaked at least 3TB of sensitive data
The multinational media conglomerate Thomson Reuters left a database with sensitive customer and corporate data exposed online Original post at...
hacking
SiriSpy flaw allows eavesdropping on users’ conversations with Siri
SiriSpy is a vulnerability affecting Apple iOS and macOS that allowed apps to eavesdrop on users’ conversations with Siri. SiriSpy...
Whids – Open Source EDR For Windows
What EDR with artifact collection driven by detection. The detection engine is built on top of a previous project NB:...
British hacker arraigned for running The Real Deal dark web marketplace
A popular British hacker was charged by the U.S. authorities for allegedly running the ‘The Real Deal’ dark web marketplace....
OpenSSL to fix the second critical flaw ever
The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced...
See Tickets discloses data breach, customers’ credit card data exposed
International ticketing services company See Tickets disclosed a data breach that exposed customers’ payment card details. Ticketing service company See...
US charges Ukrainian man with Raccoon Infostealer operation
US authorities charged a Ukrainian man with computer fraud for allegedly infecting millions of computers with Raccoon Infostealer. The US...
ProtectMyTooling – Multi-Packer Wrapper Letting Us Daisy-Chain Various Packers, Obfuscators And Other Red Team Oriented Weaponry
Script that wraps around multitude of packers, protectors, obfuscators, shellcode loaders, encoders, generators to produce complex protected Red Team implants....
Two flaws in Cisco AnyConnect Secure Mobility client for Windows actively exploited
Cisco warns of active exploitation attempts targeting two vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows. Cisco is...
VMware fixes critical RCE in VMware Cloud Foundation
VMware addressed a critical remote code execution vulnerability in VMware Cloud Foundation tracked as CVE-2021-39144. VMware has released security updates...
Experts disclosed a 22-year-old bug in popular SQLite Database library
A high-severity vulnerability, tracked as CVE-2022-35737, has been disclosed in the SQLite database library. The security expert Andreas Kellas detailed...
Two PoS Malware used to steal data from more than 167,000 credit cards
Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity...
Hive ransomware gang starts leaking data allegedly stolen from Tata Power
The Hive ransomware gang, which claimed the responsibility for the Tata Power data breach, started leaking data. On October 14,...
Mangle – Tool That Manipulates Aspects Of Compiled Executables (.Exe Or DLL) To Avoid Detection From EDRs
Authored By Tyl0us Featured at Source Zero Con 2022 Mangle is a tool that manipulates aspects of compiled executables (.exe...
Dormant Colors campaign operates over 1M malicious Chrome extensions
A new malvertising campaign, code-named Dormant Colors, is delivering malicious Google Chrome extensions that hijack targets’ browsers. Researchers at Guardio...
Apple fixed the ninth actively exploited zero-day this year
Apple released security updates that addressed the ninth zero-day vulnerability actively exploited in the wild since the start of the...
Cuba ransomware affiliate targets Ukraine, CERT-UA warns
The Ukraine Computer Emergency Response Team (CERT-UA) warns of Cuba Ransomware attacks against critical networks in the country. The Ukraine...
Norway PM warns of Russia cyber threat to oil and gas industry
Norway ’s prime minister warned last week that Russia poses “a real and serious threat” to the country’s oil and...
Bomber – Scans Software Bill Of Materials (SBOMs) For Security Vulnerabilities
bomber is an application that scans SBOMs for security vulnerabilities. Overview So you've asked a vendor for an Software Bill...
Malicious Clicker apps in Google Play have 20M+ installs
Researchers discovered 16 malicious clicker apps in the official Google Play store that were downloaded by 20M+ users. Security researchers...
Security experts targeted with malicious CVE PoC exploits on GitHub
Researchers discovered thousands of GitHub repositories that offer fake proof-of-concept (PoC) exploits for various flaws used to distribute malware. A team...
Shomon – Shodan Monitoring Integration For TheHive
ShoMon is a Shodan alert feeder for TheHive written in GoLang. With version 2.0, it is more powerful than ever!...
Security Affairs newsletter Round 390
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Hackers stole sensitive data from Iran’s atomic energy agency
Iran’s atomic energy agency claims that alleged state-sponsored hackers have compromised its email system. Iran’s atomic energy agency revealed on...
