Tag
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Given the recent tragedies in the U.S., I don’t feel it’s appropriate to open by being nostalgic or trying to be witty — let’s just stick to some security news this week. The one big... [[ This is only the beginning! Please visit the blog for the complete entry ]]
Lawmakers argue Android phone data could be “weaponized against women” if the US Supreme Court officially overturns abortion protections.
Lawmakers argue Android phone data could be “weaponized against women” if the US Supreme Court officially overturns abortion protections.
Tigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to smuggle (or, if you prefer, inject) an arbitrary attacker-controlled stanza in the XMPP server's output stream. A malicious client can abuse this vulnerability to send arbitrary XMPP stanzas to another client (including the control stanzas that are only meant to be sent by the server).
ChromeOS uses usbguard when the screen is locked but appears to suffer from bypass issues.
qdPM version 9.1 authenticated remote code execution exploit that leverages a path traversal.
ChromeLoader is working its way into Chrome browsers via ISO images claiming to offer cracked games. What are the dangers? The post ChromeLoader targets Chrome Browser users with malicious ISO files appeared first on Malwarebytes Labs.
A malvertising threat is witnessing a new surge in activity since its emergence earlier this year. Dubbed ChromeLoader, the malware is a "pervasive and persistent browser hijacker that modifies its victims' browser settings and redirects user traffic to advertisement websites," Aedan Russell of Red Canary said in a new report. ChromeLoader is a rogue Chrome browser extension and is typically
Cybersecurity researchers are calling attention to a free-to-use browser automation framework that's being increasingly used by threat actors as part of their attack campaigns. "The framework contains numerous features which we assess may be utilized in the enablement of malicious activities," researchers from Team Cymru said in a new report published Wednesday. "The technical entry bar for the
A recent phishing scam neatly illustrates some of the tactics scammers use to avoid human intuition and automatic detection. The post If you get an email saying “Item stopped due to unpaid customs fee”, it’s a fake appeared first on Malwarebytes Labs.