Shipping information and order details of thousands of customers worldwide were leaked in September 2020.
Read more at straitstimes.com.

Avast discovered a distribution point where a malware toolset is hosted, but also serves as temporary storage for the gigabytes of data being exfiltrated on a daily basis, including documents, recordings, and webmail dumps including scans of passports from Asian, American and European citizens and diplomats applying for Burmese visas, from Burmese human rights activists and Burmese government institutions.

MuddyWater, also known as Static Kitten and Mercury, is a cyber espionage group that’s most likely a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).

Since at least 2017 MuddyWater has targeted a range of government and private organizations across sectors, including telecommunications, local government, defense, and oil and natural gas organizations, in the Middle East, Asia, Africa, Europe, and North America.

Apple introduced today Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, Photos, Notes, and more.

APT group Mustang Panda now appears to have Europe and Asia Pacific targets in its sights. The BlackBerry Research and Intelligence team recently unearthed evidence that the group may be using global interest in the Russian-Ukraine war to deliver PlugX malware via phishing lure to unsuspecting users.

Leaked: The Altrnativ world of cybersurveillance About this series: As co-founder of the French search engine Qwant, Eric Leandri was heralded as a champion of digital privacy and an example of Eur…

Learn about all the new malware targeting macOS users in 2022 and how to stay safe from the latest Mac-focused campaigns.

BMC&C Eclypsium Research has discovered and reported 3 vulnerabilities in American Megatrends, Inc. (AMI) MegaRAC Baseboard Management Controller (BMC) software. We are referring to these vulnerabilities collectively as BMC&C. MegaRAC BMC is widely used by many leading server manufacturers to provide “lights-out” management capabilities for their server products. Server manufacturers…

FortiGuardLabs examines a botnet known as Zerobot written in the Go language targeting IoT vulnerabilities. Read our blog to learn about how it evolves, including self-replication, attacks for different protocols, and self-propagation as well as its behavior once inside an infected device.

Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year.

he maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution.

The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service.

Unit 42 researchers examine several malware samples that incorporate Cobalt Strike components, and discuss some of the ways that we catch these samples by analyzing artifacts from the deltas in process memory at key points of execution. We will also discuss the evasion tactics used by these threats, and other issues that make their analysis problematic.

Here's ReversingLabs' discoveries and indicators of compromise (IOCs) for W4SP, as well as links to our YARA rule that can be used to detect the malicious Python packages in your environment. 

The President of the Republic announced the sending of the 'first diplomatic telegram encrypted using post-quantum cryptography' to the French embassy in Washington. We explain its importance for the future of confidential communications.

As demand for malicious proxy services continues, new players have entered the market. Black Proxies is marketed to other cybercriminals for their reliability, scope, and overwhelming number of IP addresses.

In October of this year, we received a report from ngocnb and khuyenn from GiaoHangTietKiem JSC covering a SQL injection vulnerability in WordPress. The bug could allow an attacker to expose data stored in a connected database. This vulnerability was recently addressed as CVE-2022-21661 ( ZDI-22-020

The rising adoption of connected medical devices is accelerating cyberattacks, according to Capterra’s Medical IoT Survey.

Zimperium zLabs has discovered a new Android threat campaign, the Schoolyard Bully Trojan, which has been active since 2018 and has spread to over 300,000 victims and is specifically targeting Facebook credentials. To learn more about this new threat, read more on our blog.

Thousands of small to medium size businesses are suffering as Rackspace have suffered a security incident on their Hosted Exchange service.

Yesterday, 2nd December 2022, Rackspace announced an outage to their Hosted Exchange Server:

The goal of this blog post is to present a privilege escalation I found while working on ADCS. We will see how it is possible to elevate our privileges to NT AUTHORITY\SYSTEM from virtual and network service accounts of a domain-joined machine (for example from a webshell on a Windows server) using ADCS. I want to call this attack chain “CertPotato” as homage to other *Potato tools and as a way to better remember it.

A popular technique for getting SYSTEM from a virtual or network service account is Delegate 2 Thyself by Charlie Clark. This technique involves using RBCD to elevate your privileges. In this article, I propose an alternative approach to become local SYSTEM using ADCS.