4 matches found
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the...
New Attack Lets Hackers Collect and Spoof Browser's Digital Fingerprints
A "potentially devastating and hard-to-detect threat" could be abused by attackers to collect users' browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy. Academics from Texas A&M University dubbed the attack...
Reverse-CTF, Snort rule challenge and more — What to expect from Talos at Defcon
Want to get up close and personal with Talos researchers? Then be sure to stick around for the second half of “Hacker Summercamp:” Defcon. After our series of talks at Blackhat, we’re headed elsewhere on the strip for Defcon. Specifically, we’ll have a huge presence at this year’s Blue Team...
Coda: Lack or Origin check leads to Cross-Site Websocket Hijacking (CSWSH)
Summary @fisher discovered a CSRF-related vulnerability in Coda docs by which an attacked could craft a convincing page that would make modifications to a specific document without the victim knowing. This is due to the inherent nature of Websockets not being secure by default. Although a...