Python Developers Beware: Clipper Malware Found in 450+ PyPI Packages!

Malicious actors have published more than 451 unique Python packages on the official Python Package Index PyPI repository in an attempt to infect developer systems with clipper malware. Software supply chain security company Phylum, which spotted the libraries, said the ongoing activity is a...

Missing Access Controls in Liquidity Position Library

Lines of code Vulnerability details Impact function feesEarnedOf LiquidityPosition memory liquidityPosition, uint256 long0FeeGrowth, uint256 long1FeeGrowth, uint256 shortFeeGrowth internal pure returns uint256 long0Fee, uint256 long1Fee, uint256 shortFee ... function updateLiquidityPosition stora...

X (Formerly Twitter): Ability to getting Twitter Blue verified badge without purchase it

Vulnerability description not provided...

2022 Top Five Immediate Threats in Geopolitical Context

As we are nearing the end of 2022, looking at the most concerning threats of this turbulent year in terms of testing numbers offers a threat-based perspective on what triggers cybersecurity teams to check how vulnerable they are to specific threats. These are the threats that were most tested to...

A Closer Look at Windows Kernel Threats

In this blog entry, we discuss the reasons why malicious actors choose to and opt not to pursue kernel-level access in their attacks. It also provides an overview of kernel-level threats that have been publicly reported from April 2015 to October 2022...

Probing Weaponized Chat Applications Abused in Supply-Chain Attacks

This report examines the infection chain and the pieces of malware used by malicious actors in supply-chain attacks that leveraged trojanized installers of chat-based customer engagement platforms...

Obligatory ChatGPT Post

Seems like absolutely everyone everywhere is playing with Chat GPT. So I did, too…. Write an essay in the style of Bruce Schneier on how ChatGPT will affect cybersecurity. As with any new technology, the development and deployment of ChatGPT is likely to have a significant impact on the field of...

IIS modules: The evolution of web shells and how to detect them

Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for...

Infinite approval given to DepositTradeHelper contract can be misused by malicious actors

Lines of code Vulnerability details Impact depositAndTrade function in DepositTradeHelper account has infinite approval to spend baseTokens & collateralTokens of user using offChain signatures. However, once swapRouter executes UniV3 swap transaction on line 33, the contract does not give up its...

Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild

Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012. The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Clou...

Anyone who is malicious can front-run initialize transaction to set pool's initial price to a value that deviates quite a lot from market price, which discourages users from using the pool and makes the pool useless

Lines of code Vulnerability details Impact Calling the following initialize function sets the initial price for the pool. Setting the initial price to be similar to the current market price would encourage users to use the pool. Yet, the initialize transaction is vulnerable to front-running. For...

Researchers Detail OriginLogger RAT — Successor to Agent Tesla Malware

Palo Alto Networks Unit 42 has detailed the inner workings of a malware called OriginLogger, which has been touted as a successor to the widely used information stealer and remote access trojan RAT known as Agent Tesla. A .NET based keylogger and remote access, Agent Tesla has had a long-standing...

How Malicious Actors Abuse Native Linux Tools in Attacks

Through our honeypots and telemetry, we were able to observe instances in which malicious actors abused native Linux tools to launch attacks on Linux environments. In this blog entry, we discuss how these utilities were used and provide recommendations on how to minimize their impact...

Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content

A "major" security issue in the Google Chrome web browser, as well as Chromium-based alternatives, could allow malicious web pages to automatically overwrite clipboard content without requiring any user consent or interaction by simply visiting them. The clipboard poisoning attack is said to have...

Hackers Targeting VoIP Servers By Exploiting Digium Phone Software

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system,...

Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs

GitHub Actions and Azure virtual machines VMs are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an...

Data Distribution Service: Mitigating Risks Part 3

In the final chapter of our blog series, we discuss mitigating strategies and recommendations to keep DDS protected from malicious actors...

Unpacking Cloud-Based Cryptocurrency Miners That Abuse GitHub Actions and Azure Virtual Machines

We investigate cloud-based cryptocurrency miners that leverage GitHub Actions and Azure virtual machines, including the cloud infrastructure and vulnerabilities that malicious actors exploit for easy monetary gain...

Lack of Verification of conduitKey, offererConduitKey, and fulfillerConduitKey Could Cause Offerers or Fulfillers to Lose Their Assets to Malicious Fulfillers or Offerers

Lines of code https://github.com/c...

Cybersecurity Automation: How Can Businesses Benefit From It

By Owais Sultan Businesses of all sizes are prone to cyberattacks, and this is no longer a taboo. Malicious actors are… This is a post from HackRead.com Read the original post: Cybersecurity Automation: How Can Businesses Benefit From It...