TheHackerNews

January 18, 2024 Cybersecurity researchers have identified a “lightweight method” called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group’s Pegasus, QuaDream’s Reign, and Intellexa’s Predator.  Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file Article posted by: https://thehackernews.com/2024/01/new-ishutdown-method-exposes-hidden.html ——————————————————————————————————————– Infocerts, …

New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone Read More »

January 18, 2024 GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials within a production container. The Microsoft-owned subsidiary said it was made aware of the problem on December 26, 2023, and that it addressed the issue the same …

GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials Read More »

January 18, 2024 Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The flaws are listed below – CVE-2023-6548 (CVSS score: 5.5) – Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, …

Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP! Read More »

January 17, 2024 Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash. “By reading out-of-bounds memory, …

Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability Read More »

January 17, 2024 Explore how an advanced exposure management solution saved a major retail industry client from ending up on the naughty step due to a misconfiguration in its cookie management policy. This wasn’t anything malicious, but with modern web environments being so complex, mistakes can happen, and non-compliance fines can be just an oversight …

Case Study: The Cookie Privacy Monster in Big Global Retail Read More »

January 17, 2024 Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). “The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse …

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits – Act Now Read More »

January 17, 2024 Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. “Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord,” Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun said. “It also Article …

Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer Read More »

January 17, 2024 The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 and 2023. The scheme “leveraged high-quality phishing pages to lure unsuspecting users into connecting their cryptocurrency wallets with the attackers’ infrastructure that spoofed Web3 protocols to trick victims into authorizing transactions,” Article …

Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims Read More »

January 17, 2024 The remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South Korea. WebHard, short for web hard drive, is a popular online file storage system used to upload, download, and share files in the country. While webhards have been used …

Remcos RAT Spreading Through Adult Games in New Attack Wave Read More »

January 16, 2024 Cybersecurity researchers have disclosed a security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system. The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs research team owing to the fact that it …

Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows Read More »