Bogus security reports plague open-source projects
There has been a number of bogus security reports filed against popular open-source software projects. These reports have claimed to find critical vulnerabilities in software like cURL and PostgreSQL, but upon closer inspection, they have all turned out to be false. The reports appear to have been filed by automated tools that scan commit messages […]
Gilbert Herrera named National Security Agency’s research chief
Gilbert Herrera, a former Sandia National Laboratories employee, has been named chief of the National Security Agency’s (NSA) Research Directorate. Herrera told The Record that he took the role because he had spent his whole career working on research and technology deployment in an area where he believed the findings would never be challenged. Herrera […]
Ontario Police advise Android users to turn off emergency SOS
The Ontario Provincial Police (OPP) has observed a significant increase in 911 hang-up calls, possibly due to Android’s Emergency SOS feature. The Emergency SOS feature on Android allows users to contact emergency services by pressing the power button five times. The OPP is urging Android users to turn off the feature as people could mistakenly […]
Ships disconnected from on-shore servers following ransomware attack
DNV, an international accredited registrar and classification society was hit by a ransomware attack that knocked its ShipManager software offline and disconnected 1,000 ships from on-shore servers. The attack occurred on January 7, and the company updated its report yesterday to say it involved ransomware, but affected vessels are not in danger and can continue […]
Vidar info-stealing malware spreads via 1,300 domains impersonating AnyDesk site
Attackers are spreading Vidar information stealing malware using 1,300 domains impersonating AnyDesk official site. The malicious activity was uncovered by SEKOLA threat analyst crep1x. Crep1x shared the complete list of the malicious hostnames all of which linked to the same IP address of 185.149.120[.]9. The malicious hostnames include typosquats for AnyDesk, MSI Afterburner, 7-ZIP, Blender, […]
CISA mandates agencies to patch two privilege escalation flaws
The Cybersecurity and Infrastructure Security Agency (CISA) gave all Federal Civilian Executive Branch Agencies (FCEB) three weeks until January 31st to address two security flaws and block potential attacks. The two flaws include a Microsoft Exchange elevation of privileges flaw tracked as CVE-2022-41080 and a privilege escalation zero-day tracked as CVE-2023-21674. CVE-2022-41080 can be paired […]
Visual Studio Market becomes victim of supply chain attack
Aqua Security researchers discovered that hackers are conducting supply chain attacks using Visual Studio Marketplace. According to the report, attackers could impersonate popular VS Code extensions to hoodwink developers into downloading malicious versions. The attack vector aimed at the Visual Studio Code extensions marketplace could be used to upload rogue extensions masquerading as their legitimate […]
Malicious PyPi packages found with AWS keys
Tom Forbes, a UK-based software developer, discovered 57 active API access keys for AWS services that can be exploited. They use keyloggers to steal sensitive user information stored in browsers, run shell commands, and steal typed secrets. Forbes created a Rust tool that checks the presence of AWS API keys in all new PyPI packages. […]
U.S. Supreme Court grants WhatsApp permission to pursue Pegasus spyware lawsuit
The United States Supreme Court has granted Meta permission to file a lawsuit accusing an Israeli company, NSO, for illegally accessing WhatsApp servers while installing a spyware known as Pegasus on users’ devices. This came after the Supreme Court rejected NSO Group Technologies’ appeal, which claimed immunity from the lawsuit because it was acting on […]
HackerOne Employee Fired For Using Bug Reports To Claim Bounties
HackerOne has fired an employee for using bug reports submitted by external researchers to claim extra bounties elsewhere. The company was compelled to investigate the issue after a customer filed a complaint on June 22 asking it to investigate “a suspicious vulnerability disclosure made outside of the HackerOne platform.” According to HackerOne co-founder and CISO […]
