America's Army Security Vulnerabilities
9.1CVSS
9.4AI Score
0.003EPSS
[SECURITY] [DSA 5356-1] sox security update
Debian Security Advisory DSA-5356-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 20, 2023 https://www.debian.org/security/faq Package : sox CVE ID : CVE-2021-3643 CVE-2021-23159...
9.1CVSS
7.2AI Score
0.003EPSS
Armenian Entities Hit by New Version of OxtaRAT Spying Tool
Entities in Armenia have come under a cyber attack using an updated version of a backdoor called OxtaRAT that allows remote access and desktop surveillance. "The tool capabilities include searching for and exfiltrating files from the infected machine, recording the video from the web camera and...
0.4AI Score
Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad
Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America. The tech giant's Security Intelligence team is tracking the cluster under the emerging moniker DEV-0147, describing the activity as an "expansion of the group's...
9.8CVSS
0.8AI Score
0.973EPSS
Hacker "Capture the Flag" has been a mainstay at hacker gatherings since the mid-1990s. It’s like the outdoor game, but played on computer networks. Teams of hackers defend their own computers while attacking other teams’. It’s a controlled setting for what computer hackers do in real life:...
0.2AI Score
Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down?
Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion – with a T, not a B – it's no wonder that cybersecurity is top of mind for leaders across all industries and regions....
-0.1AI Score
8.8AI Score
A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against.....
2.4AI Score
Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App
A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users' private keys. The seven attacks span three different threat...
0.5AI Score
army-technology.com Cross Site Scripting vulnerability OBB-3122886
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.2AI Score
Ukraine Intercepting Russian Soldiers’ Cell Phone Calls
They're using commercial phones, which go through the Ukrainian telecom network: "You still have a lot of soldiers bringing cellphones to the frontline who want to talk to their families and they are either being intercepted as they go through a Ukrainian telecommunications provider or...
1AI Score
The Equifax Breach Settlement Offer is Real, For Now
Millions of people likely just received an email or snail mail notice saying they're eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this....
-0.7AI Score
The Ukrainian army has released an instructional video explaining how Russian soldiers should surrender to a drone: "Seeing the drone in the field of view, make eye contact with it," the video instructs. Soldiers should then raise their arms and signal they're ready to follow. After that the...
2.9AI Score
Reassessing cyberwarfare. Lessons learned in 2022
At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. We left the COVID-19 crisis behind hoping for a long-awaited return to normality and were immediately plunged into the chaos and uncertainty of a twentieth-century-style military conflict that posed...
0.1AI Score
IT Army of Ukraine Hit Russian Banking Giant with Crippling DDoS Attack
By Habiba Rashid The bank confirmed that it had "experienced an unprecedented cyber attack from abroad." This is a post from HackRead.com Read the original post: IT Army of Ukraine Hit Russian Banking Giant with Crippling DDoS...
1.6AI Score
U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer
A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important....
-0.3AI Score
Russian Software Company Pretending to Be American
Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian. According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian...
1.8AI Score
News overview In Q3 2022, DDoS attacks were, more often than not, it seemed, politically motivated. As before, most news was focused on the conflict between Russia and Ukraine, but other high-profile events also affected the DDoS landscape this quarter. The pro-Russian group Killnet, active since.....
0.4AI Score
The Bug Report October 2022 Edition
The Bug Report — October 2022 Edition By Trellix · November 2, 2022 This story was written by Richard Johnson. Do ROP exploits count as jmp scares? Why am I here? Welcome back to the Bug Report: Spooky Edition, and we’ve got bugs crawling out of the walls! Of all the months we do this, we’ve...
0.3AI Score
0.972EPSS
The Bug Report October 2022 Edition
The Bug Report — October 2022 Edition By Trellix · November 2, 2022 This story was written by Richard Johnson. Do ROP exploits count as jmp scares? Why am I here? Welcome back to the Bug Report: Spooky Edition, and we’ve got bugs crawling out of the walls! Of all the months we do this, we’ve...
8.6AI Score
0.972EPSS
13 Cybersecurity Horror Stories to Give you Sleepless Nights
Are we sitting comfortably? Twas a dark and stormy night, and the cybersecurity team stood patiently in their Scrum meeting. “Tell us a tale,” the CISO said, and one of their number raised their hand. They caught the eye of their colleagues, and began… 1. An artists tale Curious reader, gird thy...
-0.2AI Score
Critical OpenSSL fix due Nov 1—what you need to know
A fix for a critical issue in OpenSSL is on the way, announced in advance of its release on November 1, 2022, in a four hour window between 13:00 UTC and 17:00 UTC. The release, version 3.0.7, will address a critical vulnerability for all versions of the software starting with a 3. Versions...
9.8CVSS
0.4AI Score
0.911EPSS
Consider for a moment that an army of bots is setting their sights on your website. They target your login page and hammer it with millions of requests in an ongoing attack that lasts days, raising your infrastructure and fraud prevention costs. Would this frighten you? What if this barrage of...
0.3AI Score
Ransomware: Open Source to the Rescue
Automobile, Energy, Media, Ransomware? When thinking about verticals, one may not instantly think of cyber-criminality. Yet, every move made by governments, clients, and private contractors screams toward normalizing those menaces as a new vertical. Ransomware has every trait of the classical...
-0.6AI Score
A cyber threat hunter talks about what he’s learned in his 16+ year cybersecurity career
_Hiep Hinh is a Principal MDR Analyst at Malwarebytes, where he supports 24/7/365 Managed Detection and Response (MDR) efforts. Hiep has over 16 years of experience in the cybersecurity and intelligence fields, including for the US Army as an intelligence analyst and for the Airforce Computer...
-0.4AI Score
New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems
A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy...
7.8CVSS
1.4AI Score
0.0005EPSS
Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
By Chetan Raghuprasad, Asheer Malhotra and Vitor Ventura, with contributions from Matt Thaxton. Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities. The Alchimist has a web...
7.8CVSS
0.4AI Score
0.0005EPSS
Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
Contributions from Matt Thaxton. Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities. The Alchimist has a web interface in Simplified Chinese with remote administration...
7.8CVSS
0.3AI Score
0.0005EPSS
army-uk.info Cross Site Scripting vulnerability OBB-2987399
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
AI Score
Ex-NSA Employee Arrested for Trying to Sell U.S. Secrets to a Foreign Government
A former U.S. National Security Agency (NSA) employee has been arrested on charges of attempting to sell classified information to a foreign spy, who was actually an undercover agent working for the Federal Bureau of Investigation (FBI). Jareh Sebastian Dalke, 30, was employed at the NSA for less.....
-0.1AI Score
age and Authenticated Encryption
age is a file encryption format, tool, and library. It was made to replace one of the last remaining GnuPG use cases, but it was not made to replace GnuPG because in the last 20 years we learned that cryptographic tools work best when they are specialized and opinionated instead of flexible Swiss.....
7AI Score
How one product manager builds community at Microsoft Security
I first met Joey Cruz not long after he joined the Microsoft Identity and Network Access (IDNA) team when he helped create demos for a keynote speech I was delivering. Joey has a way of making you feel that even if something goes sideways, it will all be okay because he will make sure it is. As...
-0.4AI Score
How one product manager builds community at Microsoft Security
I first met Joey Cruz not long after he joined the Microsoft Identity and Network Access (IDNA) team when he helped create demos for a keynote speech I was delivering. Joey has a way of making you feel that even if something goes sideways, it will all be okay because he will make sure it is. As...
-0.4AI Score
Cyber Tools and Foreign Policy: A False Flag Chinese “APT” and Nancy Pelosi’s Visit to Taiwan
Cyber Tools and Foreign Policy: A False Flag Chinese “APT” and Nancy Pelosi’s Visit to Taiwan By Anne An · September 29, 2022 Preface U.S. House Speaker Nancy Pelosi’s visit to Taiwan led to an aftershock across the Taiwan Strait and through the Asia Pacific region. Immediately after Pelosi’s...
7.1AI Score
Cyber Tools and Foreign Policy: A False Flag Chinese “APT” and Nancy Pelosi’s Visit to Taiwan
Cyber Tools and Foreign Policy: A False Flag Chinese “APT” and Nancy Pelosi’s Visit to Taiwan By Anne An · September 29, 2022 Preface U.S. House Speaker Nancy Pelosi’s visit to Taiwan led to an aftershock across the Taiwan Strait and through the Asia Pacific region. Immediately after Pelosi’s...
0.6AI Score
Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems
A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. "Chaos functionality includes the ability to enumerate the host...
9.8CVSS
0.4AI Score
0.975EPSS
SoX 14.4.2 (wav.c) Division By Zero
Title: SoX 14.4.2 (wav.c) Division By Zero Advisory ID: ZSL-2022-5712 Type: Local Impact: DoS Risk: (2/5) Release Date: 18.09.2022 Summary SoX (Sound eXchange) is the Swiss Army knife of sound processing tools: it can convert sound files between many different file formats and audio devices, and...
7.2AI Score
China Accuses NSA's TAO Unit of Hacking its Military Research University
China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi'an in June 2022. The National Computer Virus Emergency Response Centre (NCVERC) disclosed...
0.3AI Score
Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities
A variant of the Mirai botnet known as MooBot is co-opting vulnerable D-Link devices into an army of denial-of-service bots by taking advantage of multiple exploits. "If the devices are compromised, they will be fully controlled by attackers, who could utilize those devices to conduct further...
9.8CVSS
2.6AI Score
EPSS
Anonymous hacked Russian Yandex taxi app causing a massive traffic jam
By Waqas Anonymous has confirmed to Hackread.com that the attack on the Yandex Taxi app was carried out in cooperation with the IT Army of Ukraine. This is a post from HackRead.com Read the original post: Anonymous hacked Russian Yandex taxi app causing a massive traffic...
2.7AI Score
Meet Anne An Senior Security Researcher By Michael Alicea · August 25, 2022 At Trellix, we celebrate and champion our people. I’ve been hearing a lot recently about one of my colleagues, Anne An. My sources tell me she is a highly technical and “intuitive” researcher embedded on our frontlines as.....
6.7AI Score
Meet Anne An Senior Security Researcher By Michael Alicea · August 25, 2022 At Trellix, we celebrate and champion our people. I’ve been hearing a lot recently about one of my colleagues, Anne An. My sources tell me she is a highly technical and “intuitive” researcher embedded on our frontlines as.....
-0.6AI Score
Cryptojackers growing in numbers and sophistication
With rising energy costs and increased volatility in the value of cryptocurrencies, we were bound to see a rise in malicious cryptomining, aka cryptojacking. If you don't know whether you will ever see a return on your investments in mining equipment, one will look for other opportunities. But if.....
-0.4AI Score
New Hacker Forum Takes Pro-Ukraine Stance
A new hacker forum is taking a unique political stance to support Ukraine in its war with Russia, entertaining only topics and threat activity focused against Russia and Belarus, researchers have found. The Russian-language site, DUMPS Forum, has been around since late May, and at first glance...
0.8AI Score
Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys
Researchers have uncovered a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, some of which can be utilized to gain unauthorized access to Twitter accounts associated with them. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret....
0.6AI Score
Fedora: Security Advisory for bettercap (FEDORA-2022-5ef0bd9a27)
The remote host is missing an update for...
7.5AI Score
[SECURITY] Fedora 36 Update: bettercap-2.32.0-5.fc36
The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM...
7.4AI Score
The past, present and future of Metasploit Don't miss Spencer McIntyre's talk on the Help Net Security's blog. Spencer is the Lead Security Researcher at Rapid7 and speaks about how Metasploit has evolved since its creation back in 2003. He also explains how the Framework is addressing today's...
0.1AI Score
New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems
A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate...
0.5AI Score
Hackers for Hire: Adversaries Employ 'Cyber Mercenaries'
A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit hacks that are part of larger criminal campaigns. Dubbed Atlas Intelligence Group (A.I.G.), the cybergang....
-0.5AI Score