Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days

A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 20… Continue reading Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days

Posted in Uncategorized

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems.
Tracked as CVE-2022-4116 (CVSS score: 9.8), the shortcoming could be trivially… Continue reading Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

Posted in Uncategorized

Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users

More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan.
Mainly designed to steal Facebook credentials, the malware is camouflaged as legitimate education-themed applications… Continue reading Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users

Posted in Uncategorized

Researchers ‘Accidentally’ Crash KmsdBot Cryptocurrency Mining Botnet Network

An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down.
KmsdBot, as christened by the Akamai Security Intelligence Response Team (SIRT), came to light mid-November 2022 for i… Continue reading Researchers ‘Accidentally’ Crash KmsdBot Cryptocurrency Mining Botnet Network

Posted in Uncategorized

LastPass Suffers Another Security Breach; Exposed Some Customers Information

Popular password management service LastPass said it’s investigating a second security incident that involved attackers accessing some of its customer information.
“We recently detected unusual activity within a third-party cloud storage service, whic… Continue reading LastPass Suffers Another Security Breach; Exposed Some Customers Information

Posted in Uncategorized

North Korea Hackers Using New “Dolphin” Backdoor to Spy on South Korean Targets

The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart.
“The backdoor […] has a wide range of spying capabili… Continue reading North Korea Hackers Using New “Dolphin” Backdoor to Spy on South Korean Targets

Posted in Uncategorized

Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an “unexpected behavior” in the npm command line interface (CLI) tool.
npm CLI’s install and audit commands have … Continue reading Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection

Posted in Uncategorized

This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms

A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp.
The app, named Symoo (com.v… Continue reading This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms

Posted in Uncategorized

French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm

The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements.
The Commission nationale de l’informatique et des liberté… Continue reading French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm

Posted in Uncategorized