Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts

The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known

The Hacker News
Open in Source
#android#mac#windows#google#microsoft#c++#auth#The Hacker News
XCSSET Malware Updates with Python 3 to Target macOS Monterey Users

The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022," SentinelOne researchers

Charming Kitten APT Wields New Scraper to Steal Email Inboxes

Google researchers say the nation-state hacking team is now employing a data-theft tool that targets Gmail, Yahoo, and Microsoft Outlook accounts using previously acquired credentials.

Google flags man as sex abuser after he sends photos of child to doctor

Categories: News Tags: CSAM Tags: de-Google Tags: AI Tags: NCMEC Tags: EFF Tags: false positive Tech giants are scanning our private files to find predators guilty of sexually abusing children, but they are creating victims of their own. (Read more...) The post Google flags man as sex abuser after he sends photos of child to doctor appeared first on Malwarebytes Labs.

CVE-2021-28861: gh-87389: Fix an open redirection vulnerability in http.server. by gpshead · Pull Request #93879 · python/cpython

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.

Fake DDoS Protection Alerts Distribute Dangerous RAT

Security vendor Sucuri says adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks.

Criminals socially engineer their way to bank details with fake arrest warrants

Categories: News Categories: Social engineering Scammers subject their victims to a whirlwind of emotions so they can achieve their end goal: money. (Read more...) The post Criminals socially engineer their way to bank details with fake arrest warrants appeared first on Malwarebytes Labs.

TikTok’s In-App Browser Can Monitor Your Activity on External Websites

By Deeba Ahmed Other iPhone apps using in-app browsers were also tested in the research but TikTok was the only app to monitor keystrokes. This is a post from HackRead.com Read the original post: TikTok’s In-App Browser Can Monitor Your Activity on External Websites

CVE-2022-38171: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readSymbolDictSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).

Attackers using fake Cloudflare DDoS protection popups to distribute malware

By Waqas The malware dropped in this attack is the NetSupport RAT which was previously identified in malicious MS Word documents. This is a post from HackRead.com Read the original post: Attackers using fake Cloudflare DDoS protection popups to distribute malware