Collaborate Disseminate
Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off channels. Continue reading Google Crushes YouTube Cookie-Stealing Channel Hijackers
The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in cloud services such as Twilio Electric Imp. Continue reading Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services
The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It’s kept up attacks through 2021 and is working on retooling its arsenal yet again. Continue reading Lyceum APT Returns, This Time Targeting Tunisian Firms
TA505 – cybercrime trailblazers with ever-evolving TTPs – have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages. Continue reading TA505 Gang Is Back With Newly Polished FlawedGrace RAT
Companies are worried that the highly privileged password app could let attackers deep inside an enterprise’s footprint, says Redscan’s George Glass.
Continue reading Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0?
The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea. Continue reading Twitter Suspends Accounts Used to Snare Security Researchers
Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees.
Continue reading Missouri Vows to Prosecute ‘Hacker’ Who Disclosed Data Leak
Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones.
Continue reading Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack
Microsoft’s October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is a zero-day being used to deliver the MysterySnail RAT to Windows servers. Continue reading Microsoft Kills Bug Being Exploited in MysterySnail Espionage Campaign
The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a “great” flaw that can be used for jailbreaks and local privilege escalation. Continue reading Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug