help-circle
rss





The attack scenario is not very realistic, but the details of the attack and why it caused a XSS are fascinating…

fedilink

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code – Krebs on Security

Like NVIDIA, Microsoft was able to stanch some of the bleeding, cutting off LAPSUS$’s illicit access while the group was in the process of downloading all of the available source code repositories alphabetically (the group publicized their access to Microsoft at the same time they were downloading…

fedilink


Since December 2019, Mandiant has observed advanced threat actors increase their investment in tools to facilitate bulk email collection from victim environments, especially as it relates to their support of suspected espionage objectives. Email messages and their attachments offer a rich source of …

fedilink

Enarx

cross-posted from: https://lemmy.ml/post/255750

fedilink


We have been closely investigating the Android BianLian botnet (also known as Hydra). This botnet emerged in 2018. It is still very alive in 2022, particularly active since the beginning of 2022, where we are closely monitoring at least three independent campaigns…

fedilink



“It turns out that some recent releases of Java were vulnerable to a similar kind of trick, in the implementation of widely-used ECDSA signatures,” Madden wrote. “If you are running one of the vulnerable versions then an attacker can easily forge some types of SSL certificates and handshakes (allo…

fedilink

Out of the 58 in-the-wild 0-days for the year, 39, or 67% were memory corruption vulnerabilities. Memory corruption vulnerabilities have been the standard for attacking software for the last few decades and it’s still how attackers are having success. Out of these memory corruption vulnerabilities…

fedilink





Confidentiality Integrity Availability

  • 0 users online
  • 2 users / day
  • 4 users / week
  • 9 users / month
  • 77 users / 6 months
  • 1 subscriber
  • 291 Posts
  • 384 Comments
  • Modlog