Tag
A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The attack has been codenamed CacheWarp (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security. It
By Deeba Ahmed As per cybersecurity researchers at Proofpoint, the APT group TA402 operates in support of Palestinian espionage objectives, with a primary focus on intelligence collection. This is a post from HackRead.com Read the original post: Pro-Palestinian TA402 APT Using IronWind Malware in New Attack
Netflix, Spotify, Twitter, PayPal, Slack. All down for millions of people. How a group of teen friends plunged into an underworld of cybercrime and broke the internet—then went to work for the FBI.
Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind. The activity, detected between July and October 2023, has been attributed by Proofpoint to a threat actor it tracks under the name TA402, which is also known as Molerats, Gaza Cyber Gang, and shares tactical overlaps with a pro-Hamas
The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts. "An important feature that sets it apart is that, unlike previous campaigns, which relied on .NET applications, this one used Delphi as the programming
Ubuntu Security Notice 6465-3 - Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service.
The !CVE Project is an initiative to track and identify security issues that are not acknowledged by vendors but still are important for the security community.
EnBw SENEC Legacy Storage Box versions 1 through 3 suffered from a default credential issue.
Ubuntu Security Notice 6465-1 - Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service.
By Deeba Ahmed The global operation also led to the arrest of eight individuals, including the alleged mastermind. This is a post from HackRead.com Read the original post: Police Dismantle Phishing-as-a-Service Platform BulletProftLink