Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Threat Source newsletter (March 9, 2023) — Stop freaking out about ChatGPT

Don't expect AI to suddenly start stealing jobs or making malware more powerful.

TALOS
Open in Source
#sql#web#mac#google#microsoft#amazon#cisco#git
5 Reasons You Should Care About Unmanaged Assets

Unmanaged devices pose a significant challenge and risk for many organizations. Here are the five reasons you should care about unmanaged devices and assets.

Who’s Behind the NetWire Remote Access Trojan?

A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years.

Inside Threat: Developers Leaked 10M Credentials, Passwords in 2022

More than five out of every 1,000 commits to GitHub included a software secret, half again the rate in 2021, putting applications and businesses at risk.

Beware of Fake Facebook Profiles, Google Ads Pushing Sys01 Stealer

By Deeba Ahmed The researchers have been tracking the malware campaign since November 2020. This is a post from HackRead.com Read the original post: Beware of Fake Facebook Profiles, Google Ads Pushing Sys01 Stealer

IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks

A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization vulnerability in IBM Aspera Faspex file-sharing software (CVE-2022-47986, CVSS score: 9.8), according to

Prometei botnet improves modules and exhibits new capabilities in recent updates

Prometei botnet continued its activity since Cisco Talos first reported about it in 2020. Since November 2022, we have observed Prometei improving the infrastructure components and capabilities.

Does Your Help Desk Know Who's Calling?

Phishing, the theft of users' credentials or sensitive data using social engineering, has been a significant threat since the early days of the internet – and continues to plague organizations today, accounting for more than 30% of all known breaches. And with the mass migration to remote working during the pandemic, hackers have ramped up their efforts to steal login credentials as they take

New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic

The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with successful exploitation of susceptible Oracle WebLogic servers to download a PowerShell script that contains ScrubCrypt. Crypters are a type of software that can encrypt,

CVE-2023-27986: security - Shell command and Emacs Lisp code injection in emacsclient-mail.desktop

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.