From darkreading.com
A Russian threat actor is peppering game developers with fraudulent Web3 gaming projects that drop multiple variants of infostealers on both MacOS and Windows devices.
The ultimate goal of the campaign appears to be defrauding victims and stealing their cryptocurrency wallets, according to Recorded Future’s Insikt Group, which discovered the malicious activity.
From gbhackers.com
Researchers identified a significant vulnerability within the HTTP/2 protocol, potentially allowing hackers to launch Denial of Service (DOS) attacks on web servers.
The vulnerability tracked as CVE-2024-28182 has raised concerns among internet security experts and prompted responses from various technology vendors.
The CERT Coordination Center (CERT/CC) disclosed the vulnerability in a vulnerability note VU#421644.
It has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2024-28182. This security flaw is particularly worrisome because it affects the HTTP/2 protocol, which is widely used for secure communications on the Internet.
From gbhackers.com
Google has announced the global rollout of its revamped Find My Device network.
This innovative feature is set to transform how Android users locate their misplaced devices and everyday items, leveraging a vast, crowdsourced network of over a billion Android devices.
Here’s a closer look at what this update entails and how it can benefit Android users worldwide.
From thehackernews.com
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices.
Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in an advisory, said it does not plan to ship a patch and instead urges customers to replace them.
“The vulnerability lies within the nas_sharing.cgi uri, which is vulnerable due to two main issues: a backdoor facilitated by hard-coded credentials, and a command injection vulnerability via the system parameter,” security researcher who goes by the name netsecfish said in late March 2024.
From kalilinuxtutorials.com
Welcome to the Machine Learning Tutorials Repository! This is the go-to spot for all the code associated with my Twitter tutorials.
If you’re passionate about diving deep into the realms of Machine Learning and exploring various topics, you’re in the right place!
From thehackernews.com
Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets.
The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet FortiGuard Labs said in a technical report.
The modus operandi is notable for the use of the BatCloak malware obfuscation engine and ScrubCrypt to deliver the malware in the form of obfuscated batch scripts.
BatCloak, offered for sale to other threat actors since late 2022, has its foundations in another tool called Jlaive. Its primary feature is to load a next-stage payload in a manner that circumvents traditional detection mechanisms.
From 8ksec.io
We hear about “cyber attacks” in the news every week! But – what actually happens ‘during’ the attack, what happens in the background, behind the scenes, from the moment the event ‘begins’ until the moment it’s realized something is amiss? Or worse – when it’s not realized something is amiss and things continue on autopilot…
Table of Contents