Search Results for: OSI

September 13, 2023 A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show. The flaw “could allow an attacker to exploit a race condition within GitHub’s repository creation and username renaming operations,” Checkmarx security researcher Elad Rapoport said in a technical report shared with The Hacker News. …

Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack Read More »

September 1, 2023 Three additional rogue Python packages have been discovered in the Package Index (PyPI) repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. The findings come from ReversingLabs, which detected the packages tablediter, request-plus, and requestspro. First disclosed at the …

North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository Read More »

September 1, 2023 How often do cyberattacks happen? How frequently do threat actors target businesses and governments around the world? The BlackBerry® Threat Research and Intelligence Team recently analyzed 90 days of real-world data to answer these questions. Full results are in the latest BlackBerry Global Threat Intelligence Report, but read on for a teaser of …

Numbers Don’t Lie: Exposing the Harsh Truths of Cyberattacks in New Report Read More »

August 13, 2023 Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) that could be potentially exploited by a malicious attacker to conduct remote attacks. “An external attacker who leverages the vulnerabilities discovered in AudioCodes Ltd.’s desk phones and Zoom’s Zero Touch Provisioning feature can gain full remote …

Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping Read More »

July 27, 2023 A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it’s a significant upgrade over the Pupy RAT, an open-source remote access trojan it’s modeled on. “Decoy Dog has a full suite of powerful, previously unknown capabilities – including the ability to move victims to another controller, allowing them to maintain …

Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks Read More »

July 20, 2023 On April 5, 2023, the FBI and Dutch National Police announced the takedown of Genesis Market, one of the largest dark web marketplaces. The operation, dubbed “Operation Cookie Monster,” resulted in the arrest of 119 people and the seizure of over $1M in cryptocurrency. You can read the FBI’s warrant here for details specific to …

Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations Read More »

July 5, 2023 The threat actors behind the DDoSia attack tool have come up with a new version that incorporates a new mechanism to retrieve the list of targets to be bombarded with junk HTTP requests in an attempt to bring them down. The updated variant, written in Golang, “implements an additional security mechanism to conceal the …

DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors Read More »

June 30, 2023 Android-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated with thousands of Android users. “As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of messages collected on accounts,” LetMeSpy said in an announcement on …

Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users’ Personal Data Read More »

June 23, 2023 Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday report. The supply chain vulnerability, also known as dependency repository hijacking, is a class of …

Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack Read More »