Author Archives: Ravie Lakshmanan

Spotify’s Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module.
The vulnerability (CVSS score: 9.8), at its core, tak… Continue reading Critical RCE Flaw Reported in Spotify’s Backstage Software Catalog and Developer Platform→

Credit: Marina Minkin
A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet (TTE) that’s used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and … Continue reading PCSpoof: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft→

Cybersecurity researchers have disclosed details of now-patched flaws in Zendesk Explore that could have been exploited by an attacker to gain unauthorized access to information from customer accounts that have the feature turned on.
“Before it was pa… Continue reading Researchers Reported Critical SQLi and Access Flaws in Zendesk Analytics Service→

A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022.
Symantec, by Broadcom Softwa… Continue reading Researchers Say China State-backed Hackers Breached a Digital Certificate Authority→

Internet giant Google has agreed to pay a record $391.5 million to settle with 40 states in the U.S. over charges the company misled users about the collection of personal location data.
“Google misled its users into thinking they had turned off locat… Continue reading Google to Pay $391 Million Privacy Fine for Secretly Tracking Users’ Location→

Entities located in East and Southeast Asia as well as Ukraine have been targeted at least since 2020 by a previously undocumented subgroup of APT41, a prolific Chinese advanced persistent threat (APT).
Cybersecurity firm Trend Micro, which christened… Continue reading New “Earth Longzhi” APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders→

A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus Q&A portals.
“These malicious redirects appear to be designed to increase the authority of the attacker’s sites for search engines,” Su… Continue reading Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign→

A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks.
Dubbed KmsdBot by the … Continue reading New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks→

A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor’s infection chain.
Czech cybersecurity firm Avast said the purpose of the PNG f… Continue reading Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images→

Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts.
This encompasses a previously undocumented … Continue reading Experts Uncover Two Long-Running Android Spyware Campaigns Targeting Uyghurs→