Recent Security News

  • Hacker Conversations: HD Moore and the Line Between Black and White

    January 16, 2024 at 07:36AM The definition of a hacker is explored in an interview with HD Moore, who highlights the distinctions between moral, amoral, and immoral hacking based on intent and actions. He recounts his upbringing, early experiences of exploring technology, and the ethical dilemmas faced. The interview delves into the legal implications and…

    Read More

  • Case Study: The Cookie Privacy Monster in Big Global Retail

    January 16, 2024 at 06:51AM Reflectiz, a website security company, rescued a major retail client from non-compliance fines due to misconfigured cookie tracking. Despite being unintended, the client risked substantial penalties under GDPR. Reflectiz’s advanced exposure management solution detected 37 unauthorized cookie injections and facilitated timely corrective action, emphasizing the importance of continuous monitoring and…

    Read More

  • Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins

    January 16, 2024 at 05:36AM Volexity has observed widespread exploitation of two zero-day vulnerabilities in Ivanti Connect Secure VPN appliances by threat actors, including the group UTA0178. These vulnerabilities allow attackers to execute arbitrary commands and compromise internal networks. While the attacks were initially targeted, they have now become widespread, affecting organizations globally, particularly in…

    Read More

  • Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims

    January 16, 2024 at 03:45AM The now-defunct Inferno Drainer created over 16,000 malicious domains, scamming over $87 million from 137,000 victims by spoofing Web3 protocols. Affiliates could use the malware for phishing, draining 30% of stolen assets in some cases. The cybercrime spoofed over 100 cryptocurrency brands with specially crafted pages and was active throughout…

    Read More

  • Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

    January 16, 2024 at 02:45AM Threat actors exploit a patched security flaw in Microsoft Windows to deploy the Phemedrone Stealer, targeting web browsers, cryptocurrency wallets, and messaging apps. The flaw, CVE-2023-36025, allows attackers to bypass Windows SmartScreen protection. Despite being patched, threat actors find ways to exploit the flaw, highlighting their flexibility in adapting attack…

    Read More