#web

By Deeba Ahmed Fake Complaints, Real Malware - Sophos Warns Hotels of Global Malspam Attack! This is a post from HackRead.com Read the original post: Global malspam targets hotels, spreading Redline and Vidar stealers

The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that victims can use to regain access to files locked by the malware. Court documents show that the U.S. Federal Bureau of Investigation (FBI) enlisted the help of a confidential human source (CHS) to act as an affiliate for the BlackCat and gain

Cybersecurity researchers have shed light on the inner workings of the ransomware operation led by Mikhail Pavlovich Matveev, a Russian national who was indicted by the U.S. government earlier this year for his alleged role in launching thousands of attacks across the world. Matveev, who resides in Saint Petersburg and is known by the aliases Wazawaka, m1x, Boriselcin, Uhodiransomwar,

Debian Linux Security Advisory 5580-1 - The Zoom Offensive Security Team discovered that processing a SVG image may lead to a denial-of-service.

By Waqas But the gang may already be back with a new domain. This is a post from HackRead.com Read the original post: FBI Seizes Dark Web Domain of Blackcat – ALPHV Ransomware

By Owais Sultan Building a successful business is no small feat. You pour your heart and soul into it – serving… This is a post from HackRead.com Read the original post: 5 Fraud Prevention Strategies That Help Companies Ward Off Cyber Attacks

Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. "Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive, and Discord to host second stage malware and sidestep detection tools," ReversingLabs researcher Karlo Zanki

Relive Talos' top stories from the past year as we recap the top malware and other threats that came our way.

By Deeba Ahmed From WhatsApp to Telegram: New Twist on Old Scam Exploits Users for Money via YouTube Video Engagement. This is a post from HackRead.com Read the original post: “Get Paid to Like Videos”? This YouTube Scam Leads to Empty Wallets

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving arbitrary code execution and privilege escalation through the unquoted service path. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of PowerSYSTEM Center, a multi-function management platform, are affected: PowerSYSTEM Center: 2020 v5.0.x through 5.16.x 3.2 Vulnerability Overview 3.2.1 UNQUOTED SEARCH PATH OR ELEMENT CWE-428 Subnet Solutions PowerSYSTEM Center versions 2020 v5.0.x through 5.16.x contain a vulnerability that could allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. CVE-2023-6631 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:...