Biztonsági szemle
2024. augusztus 29.
Biztonsági szemle
Applause credentials inadvertently exposed
Included in the exposed .env file were Applause's credentials for Marketo, SalesForce, and Gotowebinar systems, which could result in the compromise of sensitive customer information, marketing details, and operational and financial data from its...
2024. augusztus 29.
Biztonsági szemle
Cyberattack exposes Dick's Sporting Goods data
"The Company's investigation of the incident remains ongoing. Based on the Company's current knowledge of the facts and circumstances related to this incident, the Company believes that this incident is not material," said Dick's in a filing with the...
2024. augusztus 29.
Biztonsági szemle
Microchip Technology attack admitted by Play ransomware gang
While Microchip has not provided any comment regarding the claims, Play's admission a full week after the company's breach disclosure to the Securities and Exchange Commission reveals an extension from the 72-hour deadline given for a ransom payment.
2024. augusztus 29.
Biztonsági szemle
More advanced, stealthy LummaC2 malware variant emerges
After being downloaded through an obfuscated PowerShell command, the new LummaC2 variant facilitates the execution of an AES-encrypted second-stage payload, which would enable malicious code injection into a Windows process to establish command-and...
2024. augusztus 29.
Biztonsági szemle
EDR-killing capabilities added to PoorTry Windows driver
Despite being initially developed to disable security systems, PoorTry — also known as BurntCigar — has since been updated to allow the removal of security software's crucial dynamic link libraries and executable files in a RansomHub attack last...
2024. augusztus 29.
Biztonsági szemle
Mirai variant deployed via AVTECH security camera exploit
Such a flaw targets a security issue known since 2019 and could be leveraged to facilitate code injection.
2024. augusztus 29.
Biztonsági szemle
Internet-exposed Versa Director servers persist amid Volt Typhoon attacks
Internet-exposed Versa Director instances were from the U.S., Philippines, India, and Shanghai.
2024. augusztus 29.
Biztonsági szemle
WPS Office flaw exploited for SpyGlace backdoor delivery
Such a flaw, which could be leveraged for remote code execution, was concealed by APT-C-60 in a trojanized spreadsheet file that included a link, which would prompt the deployment of SpyGlace alongside a file stealing, command executing, and plugin...
2024. augusztus 29.
Biztonsági szemle
New Tickler malware leveraged by APT33 in US-, UAE-targeted attack campaign
APT33 leveraged now-disrupted Microsoft Azure subscriptions to commence password spraying attacks against the targeted entities, while using compromised education sector accounts to obtain additional infrastructure that was then utilized for...
2024. augusztus 29.
Biztonsági szemle
How Telecom Vulnerabilities Can Be a Threat to Cybersecurity Posture
Telecom-based attacks such as SMS toll fraud and 2FA hijacking have evolved into a mainstream concern for CISOs.
2024. augusztus 29.
Biztonsági szemle
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
We’re sharing an update on suspected state-backed attacker APT29 and the use of exploits identical to those used by Intellexa and NSO.
2024. augusztus 29.
Biztonsági szemle
SC Awards 2024: Celebrating the Finalists
Congratulations to the 2024 SC Awards finalists and a big 'Thank You' to the 50-plus judges and their careful considerations.