Security Leftovers
-
Xenomorph Android Banking Trojan Targeting Users in US, Canada
The Xenomorph Android banking trojan can now mimic financial institutions in the US and Canada and is also targeting crypto wallets.
-
Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
Predator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks.
-
Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware
Egyptian opposition politician Ahmed Altantawy was targeted with spyware after announcing a presidential bid, security researchers reported
-
MaginotDNS: Attacking the boundary of DNS caching protection
Guest Post: A look at modern day cache poisoning attacks on the integrity of the DNS.
-
A new spin on the ZeroFont phishing technique, (Tue, Sep 26th)
Last week, I came across an interesting phishing e-mail, in which a text written in a font with zero-pixel size was used in quite a novel way.
-
In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover
A critical vulnerability in the TeamCity CI/CD server could allow unauthenticated attackers to execute code and take over vulnerable servers.
-
UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor
UAE-linked APT group Stealth Falcon has used the new Deadglyph backdoor in an attack targeting a governmental entity in the Middle East.
-
Sony Investigating After Hackers Offer to Sell Stolen Data
Sony has launched an investigation after a ransomware group claimed to have compromised all systems and offered to sell stolen data.
-
$200 Million in Cryptocurrency Stolen in Mixin Network Hack
Mixin Network suspends deposits and withdrawals after hackers steal $200 million in digital assets from its centralized database.
-
Stealthy APT Gelsemium Seen Targeting Southeast Asian Government
A stealthy APT known as Gelsemium has been observed targeting a government entity in Southeast Asia for persistence and intelligence collection.
-
900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse
Nearly 900 US schools are impacted by the MOVEit hack at the educational nonprofit National Student Clearinghouse.
-
Air Canada Says Employee Information Accessed in Cyberattack
Canada’s largest airline says the personal information of some employees was accessed in a recent cyberattack.
-
Faster Patching Pace Validates CISA’s KEV Catalog Initiative
CISA says Known Exploited Vulnerabilities Catalog has helped federal agencies significantly accelerate their vulnerability remediation pace.
-
LastPass: ‘Horse Gone Barn Bolted’ is Strong Password
The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.
-
BIND Updates Patch Two High-Severity DoS Vulnerabilities
The latest BIND security updates include patches for two high-severity DoS vulnerabilities that can be exploited remotely.