Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Lensa AI and ‘Magic Avatars’: What to Know Before Using the App

Are you thinking about uploading some selfies and buying a pack of ‘Magic Avatars’? Consider these expert tips first.

Wired
#ios#git#intel
Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver

The subgroup of an Iranian nation-state group known as Nemesis Kitten has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands. "The use of GitHub as a virtual dead drop helps the malware blend in," Secureworks principal researcher Rafe Pilling said. "All the

MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics

The Iran-linked MuddyWater threat actor has been observed targeting several countries in the Middle East as well as Central and West Asia as part of a new spear-phishing activity. "The campaign has been observed targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and the United Arab Emirates," Deep Instinct researcher Simon Kenin said in a technical write-up.

3 Ways Attackers Bypass Cloud Security

At Black Hat Europe, a security researcher details the main evasion techniques attackers are currently using in the cloud.

CVE-2022-38765: Canon Medical Software Security Updates

Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.

Threat Source newsletter (Dec. 8, 2022): Your uncle clicked every link

Welcome to this week’s edition of the Threat Source newsletter. As we hurtle toward the end of another year I get that tightness in my chest – that feeling that I think most, if not all, Threat Source readers get at this time of year. That's

How Do I Use the Domain Score to Determine Whether a Domain Is a Threat?

To be most effective, protective DNS services need to constantly reassess and rescore domains as additional data comes in.

CVE-2022-44931: IOT_Vul/readme.md at main · z1r00/IOT_Vul

Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.