Month: October 2022

Fodcha DDoS Botnet Resurfaces with New Capabilities

31 October 2022

The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, Qihoo 360’s Network Security Research Lab said in a report published last week. Fodcha […]

Read More

Tips for Choosing a Pentesting Company

31 October 2022

In today’s world of automated hacking systems, frequent data breaches and consumer protection regulations such as GDPR and PCI DSS, penetration testing is now an essential security requirement for organisations of all sizes. But what should you look for when choosing the right provider? The sheer number of providers can be daunting, and finding one […]

Read More

Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability

31 October 2022

An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web (MotW) protections. The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a Magniber ransomware campaign that targets users with fake security updates […]

Read More

Samsung Galaxy Store Bug Could’ve Let Hackers Secretly Install Apps on Targeted Devices

31 October 2022

A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links. An independent security researcher has been credited with […]

Read More

GitHub Repojacking Bug Could’ve Allowed Attackers to Takeover Other Users’ Repositories

31 October 2022

Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories and mount supply chain attacks. The RepoJacking technique, disclosed by Checkmarx, entails a bypass of a protection mechanism called popular repository namespace retirement, which aims to prevent developers from pulling unsafe repositories with the same […]

Read More

Twilio Reveals Another Breach from the Same Hackers Behind the August Hack

29 October 2022

Communication services provider Twilio this week disclosed that it experienced another “brief security incident” in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information. The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part […]

Read More

High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices

28 October 2022

Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. “This vulnerability can […]

Read More

These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets

28 October 2022

Five malicious dropper Android apps with over 130,000 cumulative installations have been discovered on the Google Play Store distributing banking trojans like SharkBot and Vultur, which are capable of stealing financial data and performing on-device fraud. “These droppers continue the unstopping evolution of malicious apps sneaking to the official store,” Dutch mobile security firm ThreatFabric […]

Read More

Cloud Security Made Simple in New Guidebook For Lean Teams

28 October 2022

Cloud computing was the lifeline that kept many companies running during the pandemic. But it was a classic case of medicine that comes with serious side effects. Having anywhere, anytime access to data and apps gives companies tremendous flexibility in a fast-changing world, plus the means to scale and customize IT at will. The cloud […]

Read More

Researchers Uncover Stealthy Techniques Used by Cranefly Espionage Hackers

28 October 2022

A recently discovered hacking group known for targeting employees dealing with corporate transactions has been linked to a new backdoor called Danfuan. This hitherto undocumented malware is delivered via another dropper called Geppei, researchers from Symantec, by Broadcom Software, said in a report shared with The Hacker News. The dropper “is being used to install […]

Read More