Le Slip Français – 1,495,127 breached accounts
In April 2024, the French underwear maker Le Slip Français suffered a data breach. The breach included 1.5M email addresses, physical addresses, names and phone numbers.
Source Code to the 1999 FPS Game Descent 3 Released
On April 16th of this year, [Kevin Bentley] released the source code to the Sci-Fi FPS game Descent 3. Originally released in 1999 for Windows, it was the third part in the Descent series, following right after the events of Descent 2. In the game, you control a...
Go to Source More Windows PCs previously blocked are now able to upgrade to Windows 11. Apple has fallen to number two in terms of iPhone market share. Salesforce makes news with a possible acquisition of Informatica. And a new AI...
Kapeka: A New Backdoor in Sandworm’s Arsenal of Aggression
Kapeka is a new backdoor that may be a new addition to Russia-link Sandworm’s malware arsenal and possibly a successor to GreyEnergy. The post Kapeka: A New Backdoor in Sandworm’s Arsenal of Aggression appeared first on SecurityWeek.
Show HN: BiTE – Cross-platform executable viewer and reverse engineering tool
Hey everyone!I’m excited to share a project I’ve been working on throughout my university studies. It’s called BiTE (https://github.com/WINSDK/bite) and it's a tool primarily focused on being an executable viewer with reverse engineering capabilities.BiTE supports...
Cyber Security Today, April 17, 2024 – More suspicious attempts to take over open source projects, a data theft at a Cisco Duo partner, and more
More suspicious attempts to take over open source projects, a data theft at a Cisco Duo partner, and more. Welcome to Cyber Security Today. It’s Wednesday, April 17, 2024. I’m Howard Solomon. The recent takeover of an encryption utility used by Linux may not be an...
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server...
TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks
The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. "The group made...
US government faces criticism over Microsoft security failures: Hashtag Trending, Tuesday April 16, 2024
US government faces criticism over Microsoft security failures: Hashtag Trending, Tuesday April 16, 2024 Go to Source Solar power is the largest source of new US electricity generation for the sixth month in a row, Microsoft is hiking...
US government faces criticism over handline Microsoft cybersecurity failures: Hashtag Trending for Tuesday April 16, 2024
US government faces criticism over handline Microsoft cybersecurity failures: Hashtag Trending for Tuesday April 16, 2024 Go to Source Solar power is the largest source of new US electricity generation for the sixth month in a row,...
Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw
A security flaw impacting the Lighttpd web server used in baseboard management controllers (BMCs) has remained unpatched by device vendors like Intel and Lenovo, new findings from Binarly reveal. While the original shortcoming was discovered and patched by the...
Destructive ICS Malware ‘Fuxnet’ Used by Ukraine Against Russian Infrastructure
ICS malware Fuxnet allegedly used by Ukrainian Blackjack group to disrupt industrial sensors and other systems belonging to a Moscow infrastructure firm. The post Destructive ICS Malware ‘Fuxnet’ Used by Ukraine Against Russian Infrastructure appeared first on...
US House approves FISA renewal – warrantless surveillance and all
US House approves FISA renewal – warrantless surveillance and all Go to Source PLUS: Chinese chipmaker Nexperia attacked; A Microsoft-signed backdoor; CISA starts scanning your malware; and more Infosec in brief US Congress nearly...
Porting Modern Windows Applications to Windows 95
Porting Modern Windows Applications to Windows 95 Go to Source Windows 95 was an amazing operating system that would forever transform the world of home computing, setting the standard for user interaction on a desktop and quite...
Government spyware is another reason to use an ad blocker
Spyware makers are reportedly working on targeting individuals with stealthy data-stealing malware using online banner ads. © 2024 TechCrunch. All rights reserved. For personal use only.
Giant Tiger – 2,842,669 breached accounts
In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers.
Rust gets security fix for Windows vulnerability
Rust gets security fix for Windows vulnerability Go to Source The Rust language team has published a point release of Rust to fix a critical vulnerability to the standard library that could benefit an attacker when using Windows.Rust...
Epic wants to blow the Google Play Store wide open
Back in December, Epic Games won an antitrust case against Google. A jury found that Google held an illegal monopoly on in-app billing and app distribution on Android devices, and that it engaged in anticompetitive practices with certain gaming companies and device...
This Week in Security: BatBadBut, DLink, and Your TV Too
This Week in Security: BatBadBut, DLink, and Your TV Too Go to Source So first up, we have BatBadBut, a pun based on the vulnerability being “about batch files and bad, but not the worst.” It’s a weird interaction between how Windows...
Threat Actors Manipulate GitHub Search to Deliver Malware
Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code. The post Threat Actors Manipulate GitHub Search to Deliver Malware appeared first on SecurityWeek.
Salvadoran Citizens – 946,989 breached accounts
In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos...
CISA Releases Malware Next-Gen Analysis System for Public Use
CISA's Malware Next-Gen system is now available for any organization to submit malware samples and other suspicious artifacts for analysis. The post CISA Releases Malware Next-Gen Analysis System for Public Use appeared first on SecurityWeek.
SharePoint logs are easily circumvented and Microsoft is dragging its heels
SharePoint logs are easily circumvented and Microsoft is dragging its heels Go to Source Now is the perfect time to review those permissions SharePoint users should beware since audit logs on the platform have proved relatively simple...
‘eXotic Visit’ Spyware Campaign Targets Android Users in India and Pakistan
An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. Slovak cybersecurity firm said the activity,...
Rust rustles up fix for 10/10 critical command injection bug on Windows
Rust rustles up fix for 10/10 critical command injection bug on Windows Go to Source BatBadBut hits Erlang, Go, Python, Ruby as well Programmers are being urged to update their Rust versions after the security experts working on the...
Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files
Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files Go to Source Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that propagates the malware through malicious Windows Script Files...
Beware: GitHub’s Fake Popularity Scam Tricking Developers into Downloading Malware
Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves...
Microsoft Patches Two Zero-Days Exploited for Malware Delivery
Microsoft patches CVE-2024-29988 and CVE-2024-26234, two zero-day vulnerabilities exploited by threat actors to deliver malware. The post Microsoft Patches Two Zero-Days Exploited for Malware Delivery appeared first on SecurityWeek.
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included Go to Source Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active...