Google’s parent company, Alphabet, has filed a lawsuit against two people based in China for using the company’s platform for scam cryptocurrency apps that amassed over 100,000 downloads.
Alphabet claims that scammers used its platforms, Google Play and YouTube, to upload and advertise fraudulent crypto apps.
The IntelBroker hacker and their affiliates have leaked a trove of sensitive records, which they claim jeopardize the United States national security.
Throughout the past few months, several publications have written about a North Korean threat actor group’s use of NPM packages to deploy malware to developers and other unsuspecting victims. This blog post provides additional details regarding the second and third-stage malware in these attacks, which these publications have only covered in limited detail.
As “P4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it can—and should—adopt his methods.
Russian hacker groups are military units with code names that are part of the Main Intelligence Directorate of the General Staff and the Federal Security Service of the Russian Federation. — Ukrinform.
Within hours of opposition leader Alexey Navalny’s death in February in a Russian prison, a group of anti-Kremlin hackers went looking for revenge.
Nozomi Networks Labs found 9 vulnerabilities in DJI drones - we outline the research process for identifying and mitigating these security issues.
Key takeaways Proofpoint identified multiple YouTube channels distributing malware by promoting cracked and pirated video games and related content. The video descriptions include links leading t...
Microsoft needs a security culture overhaul, a US report concludes. The software giant could have prevented a cloud email hack in 2023.
Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called "The Manipulaters," a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work,…
The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.
On March 29, right before Easter weekend, we received notifications about something unusual happening with the open-source project XZ Utils, which provides lossless data compression on virtually all Unix-like operating systems, including Linux.
The initial warning was sent to the Open Source Security mailing list sent by Andres Freund, who discovered that XZ Utils versions 5.6.0 and 5.6.1 are impacted by a backdoor. A few hours later, the US government’s CISA and OpenSSF warned about a critical problem: an installed XZ backdoored version could lead to unauthorized remote access.
A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar.
"Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities," Trend Micro security researcher Christopher So said in a report published today.
Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them.
Let’s Encrypt is proud to introduce Sunlight, a new implementation of a Certificate Transparency log that we built from the ground up with modern Web PKI opportunities and constraints in mind. In partnership with Filippo Valsorda, who led the design and implementation, we incorporated feedback from the broader transparency logging community, including the Chrome and TrustFabric teams at Google, the Sigsum project, and other CT log and monitor operators. Their insights have been instrumental in shaping the project’s direction.
tl;dr – Apache Software Foundation, Blender Foundation, OpenSSL Software Foundation, PHP Foundation, Python Software Foundation, Rust Foundation, and Eclipse Foundation are jointly announcing…
Andres Freund published the existence of the xz attack on 2024-03-29 to the public oss-security@openwall mailing list. The day before, he alerted Debian security and the (private) distros@openwall list. In his mail, he says that he dug into this after “observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors).”
At a high level, the attack is split in two pieces: a shell script and an object file. There is an injection of shell code during configure, which injects the shell code into make. The shell code during make adds the object file to the build. This post examines the shell script. (See also my timeline post.)
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) - amlweems/xzbot
A secret program called "Project Ghostbusters" saw Facebook devise a way to intercept and decrypt the encrypted network traffic of Snapchat users to study their behavior.
