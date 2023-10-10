Security Leftovers
The Predator Files describe another nefarious global spyware campaign
A group of journalists and researchers today released evidence of a massive campaign to spy on numerous political leaders across the globe. Called “The Predator Files,” the project covers the use of potent spyware that targeted more than 50 social media accounts in 10 countries beginning in February.
Independently Confirming Amnesty Security Lab’s finding of Predator targeting of U.S. & other elected officials on Twitter/X
Amnesty International’s Security Lab has just published Caught in the Net as part of the European Investigative Collaborations‘ Predator Files, which details a threat actor sending what they assess to be Predator infection links on social media in replies to Twitter / X posts by officials, journalists and other members of civil society.
when a NAS does more than just storing data reliably – no wonder QNAP has so many security problems
QNAP is ignoring UNIX KISS and load heaps and heaps of programs pre-installed, pre-activated on their QNAP NAS which not only slows down the NAS, it is also a privacy (thumbnails that NEVER get deleted) and security problem.
Google Expands Bug Bounty Program With Chrome, Cloud CTF Events
Google is hosting capture the flag (CTF) events focused on Chrome’s V8 engine and on Kernel-based Virtual Machine (KVM).
Patches Prepared for ‘Probably Worst’ cURL Vulnerability
A high-severity vulnerability in the data transfer project cURL will be addressed with libcurl and curl updates this week.
Credential Harvesting Campaign Targets Unpatched NetScaler Instances
Threat actors are targeting Citrix NetScaler instances unpatched against CVE-2023-3519 to steal user credentials.
Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites [Ed: Plugin, not WordPress]
Recently patched TagDiv Composer plugin vulnerability exploited to hack thousands of WordPress sites as part of the Balada Injector campaign.
Phishers Spoof USPS, 12 Other Natl’ Postal Services
Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here's a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries worldwide.
Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks
Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.
DC Board of Elections Discloses Data Breach
The District of Columbia Board of Elections says voter records were compromised in a data breach at hosting provider DataNet.