Security researcher Abdulraheem Khaled has discovered a coding scheme that can allow attackers to perform prototype pollution-like attacks on Python programs. He calls it ‘class pollution’ in a blog post documenting his findings.
A new malware campaign has been observed targeting users in Italy with phishing emails designed to deploy an information stealer on compromised Windows systems to steal system info, browser histories, cookies, and credentials of crypto wallets.
No explanation of the attack’s impact on its business operations has yet been disclosed, nor has the nature of the attack. The company stated it is “taking steps to ensure that its businesses can continue to trade with its customers and suppliers.”
In November 2011, the FBI-led Operation Ghost Click raided malicious servers run by the Rove Digital cyber group. This was only after it had used the DNSChanger Trojan to infect over four million computers and generate $14 million in illicit profits.
American investigative reporter Emma Best, a founder of the whistleblower site Distributed Denial of Secrets (DDoSecrets), told The Record in July that hackers had leaked over 12 million Russian documents to the organization since February.
The multiple breaches of password management giant LastPass in 2022 has created significant discussion – and alarm – among the cybersecurity community, not to mention affected LastPass customers.
While the attack did not cause any damage and no riders were put at risk, city officials raised alarms in a report because the attackers could have reached critical systems and may have left backdoors inside.
Meta Platforms has agreed to pay $725 million to settle a long-running lawsuit that allowed third parties, including Cambridge Analytica, to access users’ personal information without their consent for political advertising.
Microsoft has laid bare four ransomware families, namely KeRanger, FileCoder, MacRansom, and EvilQuest, that are targeting macOS systems worldwide. The initial vector for all these malware is a user-assisted method, where the victim downloads and installs trojanized apps. The attackers rely on genuine OS features for later stages and abuse flaws to break into the systems […]
Automated Libra, a South African threat actor, has improved its technique that includes leveraging cloud platform resources for cryptocurrency mining. The group has been evolving its capabilities with CAPTCHA bypass and Play and Run techniques to abuse free cloud resources. Users are suggested to apply an effective multi-cloud security strategy to secure their public cloud […]