#git

A suspected Russian hybrid espionage and influence operation has been observed delivering a mix of Windows and Android malware to target the Ukrainian military under the Telegram persona Civil Defense. Google's Threat Analysis Group (TAG) and Mandiant are tracking the activity under the name UNC5812. The threat group, which operates a Telegram channel named civildefense_com_ua, was created on

Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked to an ongoing North Korean campaign tracked as Contagious Interview. The Datadog Security Research team is monitoring the activity under the name Tenacious Pungsan, which is also known by the monikers

A report distributed by the US Department of Homeland Security warned that financially motivated cybercriminals are more likely to attack US election infrastructure than state-backed hackers.

This article details a new campaign by TeamTNT, a notorious hacking group, leveraging exposed Docker daemons to deploy…

### Summary The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved. A file can be downloaded to such a folder by changing the download folder to a folder in `/scripts` path and using the `/flashgot` API to download the file. ### Details **Configuration changes** 1. Change the download folder to `/home/<user>/.pyload/scripts` 2. Change permissions for downloaded files: 1. Change permissions of downloads: on 2. Permission mode for downloaded files: 0744 **Making the request to download files** The `flashgot` API provides functionality to download files from a provided URL. Although pyload tries to prevent non-local requests from being able to reach this API, it relies on checking the Host header and the Referer header of the incoming request. Both of these can be set by an att...

Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin. But don't worry, we're here to break it all down in plain English and arm you with the

Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and Microsoft Sway to their advantage. "The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for

Operational Technology (OT) security has affected marine vessel and port operators, since both ships and industrial cranes are being digitalized and automated at a rapid pace, ushering in new types of security challenges. Ships come to shore every six months on average. Container cranes are mostly automated. Diagnostics, maintenance, upgrade and adjustments to these critical systems are done

The severity of the Remote Code Execution – Microsoft SharePoint (CVE-2024-38094) vulnerability has increased. It was fixed as part of the July Microsoft Patch Tuesday (July 9). SharePoint is a popular platform for corporate portals. According to the Microsoft bulletin, аn authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code […]

Plus: Apple offers $1 million to hack its AI cloud infrastructure, Iranian hackers successfully peddle stolen Trump campaign docs, Russia hacks the nation of Georgia, and a “cyberattack” that wasn’t.