Biztonsági szemle
2024. Aug. 29.
Biztonsági szemle
Google beefs up Chrome bug bounty program
Higher rewards of up to $250,000 will be given by Google for the discovery of memory corruption flaws in the Chrome browser shown to achieve remote code execution using a non-sandboxed process as part of a more robust vulnerability reward program.
2024. Aug. 29.
Biztonsági szemle
Applause credentials inadvertently exposed
Included in the exposed .env file were Applause's credentials for Marketo, SalesForce, and Gotowebinar systems, which could result in the compromise of sensitive customer information, marketing details, and operational and financial data from its...
2024. Aug. 29.
Biztonsági szemle
Cyberattack exposes Dick's Sporting Goods data
"The Company's investigation of the incident remains ongoing. Based on the Company's current knowledge of the facts and circumstances related to this incident, the Company believes that this incident is not material," said Dick's in a filing with the...
2024. Aug. 29.
Biztonsági szemle
Microchip Technology attack admitted by Play ransomware gang
While Microchip has not provided any comment regarding the claims, Play's admission a full week after the company's breach disclosure to the Securities and Exchange Commission reveals an extension from the 72-hour deadline given for a ransom payment.
2024. Aug. 29.
Biztonsági szemle
More advanced, stealthy LummaC2 malware variant emerges
After being downloaded through an obfuscated PowerShell command, the new LummaC2 variant facilitates the execution of an AES-encrypted second-stage payload, which would enable malicious code injection into a Windows process to establish command-and...
2024. Aug. 29.
Biztonsági szemle
EDR-killing capabilities added to PoorTry Windows driver
Despite being initially developed to disable security systems, PoorTry — also known as BurntCigar — has since been updated to allow the removal of security software's crucial dynamic link libraries and executable files in a RansomHub attack last...
2024. Aug. 29.
Biztonsági szemle
Mirai variant deployed via AVTECH security camera exploit
Such a flaw targets a security issue known since 2019 and could be leveraged to facilitate code injection.
2024. Aug. 29.
Biztonsági szemle
Internet-exposed Versa Director servers persist amid Volt Typhoon attacks
Internet-exposed Versa Director instances were from the U.S., Philippines, India, and Shanghai.
2024. Aug. 29.
Biztonsági szemle
WPS Office flaw exploited for SpyGlace backdoor delivery
Such a flaw, which could be leveraged for remote code execution, was concealed by APT-C-60 in a trojanized spreadsheet file that included a link, which would prompt the deployment of SpyGlace alongside a file stealing, command executing, and plugin...
2024. Aug. 29.
Biztonsági szemle
New Tickler malware leveraged by APT33 in US-, UAE-targeted attack campaign
APT33 leveraged now-disrupted Microsoft Azure subscriptions to commence password spraying attacks against the targeted entities, while using compromised education sector accounts to obtain additional infrastructure that was then utilized for...
2024. Aug. 29.
Biztonsági szemle
How Telecom Vulnerabilities Can Be a Threat to Cybersecurity Posture
Telecom-based attacks such as SMS toll fraud and 2FA hijacking have evolved into a mainstream concern for CISOs.
2024. Aug. 29.
Biztonsági szemle
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
We’re sharing an update on suspected state-backed attacker APT29 and the use of exploits identical to those used by Intellexa and NSO.