Tag: attack methodology

Source URL: https://www.theregister.com/2025/03/10/sidewinder_tactics_shift/ Source: The Register Title: Sidewinder goes nuclear, charts course for maritime mayhem in tactics shift Feedly Summary: Phishing and ancient vulns still do the trick for one of the most prolific groups around Researchers say the Sidewinder offensive cyber crew is starting to target maritime and nuclear organizations.… AI Summary and Description:…

The Register: MITRE Caldera security suite scores perfect 10 for insecurity

Feb 25, 2025

—

by

Source URL: https://www.theregister.com/2025/02/25/10_bug_mitre_caldera/ Source: The Register Title: MITRE Caldera security suite scores perfect 10 for insecurity Feedly Summary: Is a trivial remote-code execution hole in every version part of the training, or? The smart cookie who discovered a perfect 10-out-of-10-severity remote code execution (RCE) bug in MITRE’s Caldera security training platform has urged users to…

The Register: If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish

Feb 15, 2025

—

by

Source URL: https://www.theregister.com/2025/02/15/russia_spies_spoofing_teams/ Source: The Register Title: If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish Feedly Summary: Roses aren’t cheap, violets are dear, now all your access token are belong to Vladimir Digital thieves – quite possibly Kremlin-linked baddies – have been emailing out bogus…

The Register: Lazarus Group cloned open source projects to plant backdoors, steal credentials

Jan 29, 2025

—

by

Source URL: https://www.theregister.com/2025/01/29/lazarus_groups_supply_chain_attack/ Source: The Register Title: Lazarus Group cloned open source projects to plant backdoors, steal credentials Feedly Summary: Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? North Korea’s Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing…

The Register: SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac Silicon

Jan 29, 2025

—

by

Source URL: https://www.theregister.com/2025/01/29/flop_and_slap_attacks_apple_silicon/ Source: The Register Title: SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac Silicon Feedly Summary: It’s another cousin of Spectre, here to read your email, browsing history, and more Many recent Apple laptops, desktops, tablets, and phones powered by Cupertino’s homegrown Silicon processors can be exploited…

Hacker News: New ‘OtterCookie’ malware used to backdoor devs in fake job offers

Dec 29, 2024

—

by

Source URL: https://www.bleepingcomputer.com/news/security/new-ottercookie-malware-used-to-backdoor-devs-in-fake-job-offers/ Source: Hacker News Title: New ‘OtterCookie’ malware used to backdoor devs in fake job offers Feedly Summary: Comments AI Summary and Description: Yes Summary: The text outlines a cybersecurity threat posed by North Korean actors using new malware called OtterCookie in a campaign targeting software developers through fake job offers. It highlights…

Cisco Talos Blog: Exploring vulnerable Windows drivers

Dec 19, 2024

—

by

Source URL: https://blog.talosintelligence.com/exploring-vulnerable-windows-drivers/ Source: Cisco Talos Blog Title: Exploring vulnerable Windows drivers Feedly Summary: This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about malicious Windows drivers. AI Summary and Description: Yes Summary: The text provides an…

Hacker News: Oasis Security Research Team Discovers Microsoft Azure MFA Bypass

Dec 12, 2024

—

by

Source URL: https://oasis.security/resources/blog/oasis-security-research-team-discovers-microsoft-azure-mfa-bypass Source: Hacker News Title: Oasis Security Research Team Discovers Microsoft Azure MFA Bypass Feedly Summary: Comments AI Summary and Description: Yes Summary: Oasis Security’s research unveiled a critical vulnerability in Microsoft’s Multi-Factor Authentication (MFA), allowing attackers to breach user accounts undetected. This incident showcases the criticality of effective MFA implementations and the…

The Register: Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket

Dec 9, 2024

—

by