Security News
The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned...
EMBA: Open-source security analyzer for embedded devicesThe EMBA open-source security analyzer is tailored as the central firmware analysis tool for penetration testers and product security groups. SSH vulnerability exploitable in Terrapin attacksSecurity researchers have discovered a vulnerability in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection's security by truncating the extension negotiation message.
Two British teens part of the LAPSUS$ cyber crime and extortion gang have been sentenced for their roles in orchestrating a string of high-profile attacks against a number of companies. Arion...
A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices. The ability to launch Bluetooth LE spam attacks using the Flipper Zero portable wireless pen-testing and hacking tool was first demonstrated in September 2023 by security researcher 'Techryptic.
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year. The company fixed the zero-day bug for users in the Stable Desktop channel, with patched versions rolling out worldwide to Windows users and Mac and Linux users one day after being reported to Google.
A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. When configuring two-factor authentication on Instagram, the site will also provide eight-digit backup codes that can be used to regain access to accounts if you cannot verify your account using 2FA. This could happen for multiple reasons, such as switching your mobile number, losing your phone, and losing access to your email account.
Password attacks take many forms: from phishing schemes that dupe employees into handing over their login information, to underground markets where bad actors can sell or purchase stolen credentials. Nearly half of incidents cited in Verizon's 2023 Data Breach Investigations Report involved compromised passwords.
Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their...
This manipulation lets attackers remove or modify messages exchanged through the communication channel, which leads to downgrading the public key algorithms used for user authentication or disabling defenses against keystroke timing attacks in OpenSSH 9.5. "The Terrapin attack exploits weaknesses in the SSH transport layer protocol in combination with newer cryptographic algorithms and encryption modes introduced by OpenSSH over 10 years ago."
The Iranian nation-state actor known as MuddyWater has leveraged a newly discovered command-and-control (C2) framework called MuddyC2Go in its attacks on the telecommunications sector in Egypt,...