Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Researchers Warn of 'Matanbuchus' Malware Campaign Dropping Cobalt Strike Beacons

A malware-as-a-service (Maas) dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. Matanbuchus, like other malware loaders such as BazarLoader, Bumblebee, and Colibri, is engineered to download and execute second-stage executables from command-and-control (C&C) servers on infected

The Hacker News
Open in Source
#mac#windows#intel#The Hacker News
Instagram introduces new ways for users to verify their age

Meta has announced it's going to test new age verification methods like social vouching and video selfies for INstagram users. The post Instagram introduces new ways for users to verify their age appeared first on Malwarebytes Labs.

The Post-Roe Privacy Nightmare Has Arrived

Plus: Microsoft details Russia’s Ukraine hacking campaign, Meta’s election integrity efforts dwindle, and more.

Threat Intelligence Services Are Universally Valued by IT Staff

Most of those surveyed are concerned about AI-based attacks and deepfakes, but suggest that their organization is ready.

Why We're Getting Vulnerability Management Wrong

Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management.

CVE-2022-30120: 9.1.0 Release Notes :: Concrete CMS

XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting

7 Steps to Stronger SaaS Security

Continuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security.

Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks

Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup.

Chinese Hackers Distributing Nim language Malware in SMS Bomber Tool

By Deeba Ahmed This newly discovered malware campaign is attributed to a Chinese hacking group called Tropic Trooper. Cybersecurity researchers at… This is a post from HackRead.com Read the original post: Chinese Hackers Distributing Nim language Malware in SMS Bomber Tool

State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks

A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora,