Security
Headlines
HeadlinesLatestCVEs

Tag

#botnet

Threat Source newsletter (April 13, 2023) — Dark web forum whac-a-mole

Microsoft zero-days, dark web forum takedowns and Pentagon leaks on Discord in this week's newsletter.

TALOS
Open in Source
#sql#vulnerability#web#ios#mac#windows#apple#microsoft#cisco#pdf#botnet#auth#zero_day
US, India and China Most Targeted in DDoS Attacks, StormWall Q1 2023 Report

By Waqas DDoS attacks have surged by 47% in Q1 2023, according to a StormWall report. This is a post from HackRead.com Read the original post: US, India and China Most Targeted in DDoS Attacks, StormWall Q1 2023 Report

Android App Trojans Sold on Dark Web for $25-$20,000

By Deeba Ahmed A Kaspersky study reveals security threats to the Google Play app store and how they have been exposing Android users to malware threats. This is a post from HackRead.com Read the original post: Android App Trojans Sold on Dark Web for $25-$20,000

Apps for Sale: Cybercriminals Sell Android Hacks for Up to $20K a Pop

The marketplace for malicious Google Play applications and app-takeover tools is thriving, thanks to novel hacking techniques and lax enterprise security.

Alcasec Hacker, aka “Robin Hood of Spanish Hackers,” Arrested

By Waqas Alcasec boasted about his hacks in a YouTube podcast. This is a post from HackRead.com Read the original post: Alcasec Hacker, aka “Robin Hood of Spanish Hackers,” Arrested

Twitter 'Shadow Ban' Bug Gets Official CVE

A flaw in Twitter code allows bot abuse to trick the algorithm into suppressing certain accounts.

Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks

An unknown threat actor used a malicious self-extracting archive (SFX) file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software to display the file contents. It achieves this by including a decompressor stub, a piece of code

New Rilide Malware Targeting Chromium-Based Browsers to Steal Cryptocurrency

Chromium-based web browsers are the target of a new malware called Rilide that masquerades itself as a seemingly legitimate extension to harvest sensitive data and siphon cryptocurrency. "Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a broad spectrum of malicious activities, including monitoring  browsing history, taking screenshots,

CVE-2023-29218: Recommendation Algorithm Manipulation via mass blocks · Issue #1386 · twitter/the-algorithm

The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023.

Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of CVE-2022-46169 (CVSS score: 9.8) and CVE-2021-35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week. CVE-2022-46169 relates to a critical