New Crypto-Stealer ‘Panda’ Spread via Discord
PandaStealer is delivered in rigged Excel files masquerading as business quotes, bent on stealing victims’ cryptocurrency and other info.
Read moreInformation Security
Anti-Spam WordPress Plugin Could Expose Website User Data
‘Spam protection, AntiSpam, FireWall by CleanTalk’ is installed on more than 100,000 sites — and could offer up sensitive info to attackers that aren’t even logged in.
Read moreGlobal Phishing Attacks Spawn Three New Malware Strains
The never-seen malware strains have "professionally coded sophistication" and were launched by a well-resourced APT using nearly 50 domains, one hijacked.
Read more21Nails: Multiple Critical Vulnerabilities in Exim Mail Server
“We recently audited central parts of the Exim mail server and discovered 21 vulnerabilities: 11 local vulnerabilities, and 10 remote
Read morePulse Secure VPNs Get a Fix for Critical Zero-Day Bugs
The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others.
Read moreFOX – Fix Objective-C XREFs in Ghidra
TL;DR FOX is a Ghidra script to assist with reverse engineering of iOS apps. It locates all calls to objc_msgSend
Read morePhishing with fake meeting invite
This is interesting. We are so used to getting meeting invites that they really don’t hit the phishing radar very
Read moreExploiting the Source Engine (Part 2) – Full-Chain Client RCE in Source using Frida
Ooh! That infoleak is really really spicy, love it. There’s more fun attack surface there, too- e.g. can you have
Read moreScripps Health Cyberattack Causes Widespread Hospital Outages
The San Diego-based hospital system diverted ambulances to other medical centers after a suspected ransomware attack.
Read moreNew Attacks Slaughter All Spectre Defenses
The 3+ years computer scientists spent concocting ways to defend against these supply-chain attacks against chip architecture? It’s bound for the dustbin.
Read more