Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Years into these games’ histories, attackers are still creating “Fortnite” and “Roblox”-related scams

The latest activity from Lazarus Groups, .gov domains scamming people out of "V-Bucks" and more in this week's edition.

TALOS
Open in Source
#vulnerability#ios#android#mac#apple#google#cisco#git#intel#backdoor#ibm#zero_day
Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks

By Deeba Ahmed Meet Telekopye, a new phishing toolkit that uses a Telegram bot to carry out its operations. This is a post from HackRead.com Read the original post: Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks

The Last Hour Before Yevgeny Prigozhin's Plane Crash

Russia tightly controls its information space—making it hard to get accurate information out of the country. But open source data provides some clues about the crash.

GHSA-q4pp-j36h-3gqg: Minimal `basti` IAM Policy Allows Shell Access

### Summary The provided Minimal IAM Policy for `bastic connect` does not include `ssm:SessionDocumentAccessCheck`. This results in the ability to get a shell session on the bastion, not just the intended access for Port Forwarding. ### Details `basti connect` is designed to "securely connect to your RDS/Aurora/Elasticache/EC2 instances", using a bastion instance "with [AWS Session Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html) port forwarding capability to make the target available on your localhost." The [Minimal IAM Policy](https://github.com/BohdanPetryshyn/basti#minimal-iam-permissions) allows port forwarding via the following statement: ``` { "Effect": "Allow", "Action": "ssm:StartSession", "Resource": [ "arn:aws:ssm:*:*:document/AWS-StartPortForwardingSessionToRemoteHost", "arn:aws:ec2:<your-region>:<your-account-id>:instance/<your-basti-instance-id>" ] } ``` This statement does no...

Lazarus Group's infrastructure reuse leads to discovery of new malware

Lazarus Group appears to be changing its tactics, increasingly relying on open-source tools and frameworks in the initial access phase of their attacks, as opposed to strictly employing them in the post-compromise phase.

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.

Why The Chainsmokers Invest in—and Party With—Niche Cybersecurity Companies

Musician Alex Pall spoke with WIRED about his VC firm, the importance of raising cybersecurity awareness in a rapidly digitizing world, and his surprise that hackers know how to go hard.

New "Whiffy Recon" Malware Triangulates Infected Device Location via Wi-Fi Every Minute

The SmokeLoader malware is being used to deliver a new Wi-Fi scanning malware strain called Whiffy Recon on compromised Windows machines. "The new malware strain has only one operation. Every 60 seconds it triangulates the infected systems' positions by scanning nearby Wi-Fi access points as a data point for Google's geolocation API," Secureworks Counter Threat Unit (CTU) said in a statement