Hacks/Cracks - Page 1.5
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Security vulnerabilities in Google's login systems have been uncovered, enabling researchers to bypass Google's protections and access user accounts by obtaining login cookies. These findings raise concerns about the effectiveness of cookie-based authentication and the security of Google accounts in general.
The recent uncovering of malicious Python projects being distributed through the Python Package Index (PyPI) is an urgent reminder of the need for enhanced vigilance and security around the Python open-source ecosystem. Threat actors have been able to compromise developer accounts and push out trojanized versions of legitimate Python libraries, enabling them to harvest credentials, execute arbitrary commands, and more.
A new set of malicious Python projects are targeting Linux and Windows systems. Security Brief states, "There has been a significant rise in the number of attacks involving Python."
Alright, folks, let me fill you in. Fake security updates have been causing real-world havoc! The Israel National Cyber Directorate (INCD) alerts about phishing emails pretending to be F5 BIG-IP security updates, and guess what? These emails unleash Windows and Linux data wipers. Troubling, right?
Let me fill you in on a stealthy threat to Linux systems that has flown under the radar for nearly three years! A remote access trojan dubbed "Krasue" has been silently infiltrating Linux systems like yours, primarily targeting telecommunications companies since 2021.
The 8220 hacker group is exploiting both Windows and Linux web servers with crypto-jacking malware. It is believed that the group has access to the source code of both OSes, which enables them to exploit vulnerabilities in both systems.
Researchers have identified a new exploit impacting upcoming processors called “Spectre based on Linear Address Masking” (SLAM). This side-channel-based attack exploits the new security features in Intel (Linear Address Masking (LAM)), AMD (Upper Address Ignore (UAI)), and ARM (Top Byte Ignore (TBI) chips. Specifically, the SLAM attack is a transient execution technique exploiting the new memory improvement features to leak sensitive data like password hashes.
A collection of new security vulnerabilities called LogoFAIL has been discovered hiding with the Unified Extensible Firmware Interfaces (UEFI) that we use for booting almost all modern computing devices. Linux or Windows, ARM or x86, it doesn't matter -- they're all vulnerable to these flaws!
A team of Chinese hackers known as Kinsing has discovered a little-known security vulnerability in the Apache ActiveMQ message broker software. The vulnerability allowed the attackers to implant rootkits on Linux servers remotely and steal sensitive information such as usernames, passwords, and SSH keys.
Researchers have discovered a new variant of BiBi malware attacks targeting Israeli Windows and Linux systems, resulting in data wipes. Alerts were sent out by Israel’s (Cyber Emergency Response Team) CERT to help potential target organizations prevent attacks by threat actors.
The US authorities have shut down a major botnet comprising tens of thousands of infected endpoints, which cyber-criminals hired to launch various attacks anonymously.
A new malware wiper known as BiBi-Linux is being used to destroy data in attacks targeting Linux systems belonging to Israeli companies.
StripedFly malware is capable of grabbing screenshots and stealing passwords.
The BlackCat ransomware operators have demonstrated ongoing adaptation and innovation in their malicious activities, making mitigating their threats challenging for security experts.
In September 2023, FortiGuard Labs’ vigilant team uncovered a significant development in the IZ1H9 Mirai-based DDoS campaign.
The digital age offers opportunities but also increases the importance of cybersecurity as threats grow in complexity and sophistication, making preparedness a top priority.
The newly emerged ransomware actively targets both Windows and Linux systems with a double-extortion approach.
The P2PInfect botnet worm is going through a period of highly elevated activity volumes starting in late August and then picking up again in September 2023.
Researchers have discovered a never-before-seen backdoor for Linux that’s being used by a threat actor linked to the Chinese government.
Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years.