Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw

July 29, 2024 at 08:18AM Salt Labs, the research arm of API security firm Salt Security, has uncovered a cross-site scripting (XSS) attack affecting numerous websites, including major companies like HotJar and Business Insider. The attack exploits OAuth implementation, potentially leading to complete account takeovers. Salt Labs released its findings and a free scanner to … Read more

FYI: Data from deleted GitHub repos may not actually be deleted

July 25, 2024 at 03:59PM Truffle Security researchers discovered a vulnerability termed CFOR, allowing data access from deleted GitHub repository forks. Accessing a deleted commit through the original repo’s fork poses security risks. GitHub views this as an intended feature, not a flaw. The platform contains lingering “dangling commits” even after deletion. Truffle Security advises … Read more

Port Shadow Attack Allows VPN Traffic Interception, Redirection

July 18, 2024 at 09:03AM Researchers from several universities have identified a vulnerability, named Port Shadow (CVE-2021-3773), that allows threat actors to exploit VPNs to launch man-in-the-middle attacks, intercepting and redirecting traffic. This affects OpenVPN, WireGuard, and OpenConnect on Linux or FreeBSD. Mitigation involves specific firewall rules, and end users are advised to connect to … Read more

Avast secretly gave DoNex ransomware decryptors to victims before crims vanished

July 8, 2024 at 08:51AM Avast researchers have provided decryptors for victims of the DoNex ransomware, a threat that has undergone several rebrands and targeted victims in various countries. The decryptor is freely available and can be run as administrator, with the password-cracking process recommended for the 64-bit version due to its memory-intensive nature. Based … Read more

Risk of getting malicious extension from Chrome store way worse than Google’s letting on, study suggests

June 23, 2024 at 06:45AM Google claims to effectively vet Chrome extensions to catch most malicious code, though researchers argue that the risk is more substantial. There has been considerable installation of risky extensions, representing a significant problem. The authors emphasize the critical need for stronger oversight by Google to address these issues. After reviewing … Read more

China’s ‘Velvet Ant’ APT Nests Inside Multiyear Espionage Effort

June 17, 2024 at 01:02PM China’s Velvet Ant cyber-espionage group executed a persistent and adaptable campaign to steal data from a large East Asian company. Despite eradication attempts by security researchers at Sygnia, the threat actor maintained footholds within the victim’s network for years. The group utilized legacy and unmonitored systems, deploying malware and backdoors … Read more

LilacSquid APT Employs Open Source Tools, QuasarRAT

May 31, 2024 at 04:19PM Researchers have tied LilacSquid, a new advanced persistent threat actor, to data exfiltration attacks across US, Europe. The group employs methods including exploiting known vulnerabilities, stealing remote desktop protocol credentials, and using open source tools like MeshAgent and InkLoader to establish control and deploy custom malware such as PurpleInk. LilacSquid … Read more

Critical Fluent Bit bug affects all major cloud providers, say researchers

May 21, 2024 at 01:54PM Infosec researchers have flagged a critical vulnerability (CVE-2024-4323) in Fluent Bit, a widely used logging component. Tenable discovered the flaw, potentially leading to denial of service, information leakage, and remote code execution. The issue affects versions 2.0.7 through 3.0.3 and may compromise the security of major cloud providers and blue … Read more

GhostStripe attack haunts self-driving cars by making them ignore road signs

May 10, 2024 at 10:07AM A team of researchers has developed an undetectable attack system, GhostStripe, capable of manipulating the image recognition of autonomous vehicles by exploiting the reliance on CMOS sensors. This attack causes the vehicles to not recognize road signs, posing a serious security concern. While countermeasures are available, the study highlights ongoing … Read more

Amnesty International Cites Indonesia as a Spyware Hub

May 5, 2024 at 10:02PM Amnesty International’s Security Lab reveals Indonesia’s emergence as a hub for surveillance tools, receiving invasive spyware from Israel, Greece, Singapore, and Malaysia since 2017. Companies like Q Cyber Technologies, Intellexa consortium, Saito Tech, FinFisher, Raedarius M8 Sdn Bhd, and Wintego Systems are linked to these tools. Malicious domain names and … Read more