Feds Charge Five Men in ‘Scattered Spider’ Roundup

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. A visu...

“Sad announcement” email implies your friend has died

Tech support scammers are again stooping low with their email campaigns. This particular one hints that one of your contacts may have met an untimely end. It all starts with an email titled “Sad announcement” followed by a full name of someone you know. The email may appear to come from the perso...

North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS

A threat actor with ties to the Democratic People's Republic of Korea DPRK has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices. Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk , attributed it wi...

CVE-2024-38537

Fides (Ethical) vulnerability CVE-2024-38537 affects the client-side script fides.js, which in a limited edge case used the polyfill.io domain to support legacy browsers (IE11) lacking fetch. If the polyfill.io domain was compromised, legacy-browser users could download and execute malicious scri...

CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

Hackers Aim at Crypto Wallets with Hacked Namecheap Phishing Emails

By Deeba Ahmed Namecheap users should remain cautious, as hackers are using its inbox to scam users through phishing emails designed… This is a post from HackRead.com Read the original post: Hackers Aim at Crypto Wallets with Hacked Namecheap Phishing Emails...

Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud

While researching a recent large-scale bot campaign with CQ Prime Threat Research team lead, Dean Lendrum, we found attackers using domain parking and monetization services to register multiple domains, creating a large number of fake eCommerce accounts per domain. TL; DR ------ Analysis of...

namecheap.com Improper Access Control vulnerability OBB-1199823

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Fake Coronavirus ‘Vaccine’ Website Busted in DoJ Takedown

The Department of Justice has raised its first federal court action against online fraud relating to the coronavirus pandemic, on Sunday taking steps to shutter a fraudulent website that claimed to give away free coronavirus vaccines. The website, “coronavirusmedicalkit.com,” was purporting to gi...

Who’s Behind the Screencam Extortion Scam?

The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, it's likely that additional spammers and scammers piled on with...

DNSControl - Synchronize your DNS to multiple providers from a simple DSL

DNSControl is a system for maintaining DNS zones. It has two parts: a domain specific language DSL for describing DNS zones plus software that processes the DSL and pushes the resulting zones to DNS providers such as Route53, CloudFlare, and Gandi. It can talk to Microsoft ActiveDirectory and it...

Synchronize Your DNS to Multiple Providers: DNSControl

Synchronize Your DNS to Multiple Providers DNSControl is a system for maintaining DNS zones. It has two parts: a domain specific language DSL for describing DNS zones plus software that processes the DSL and pushes the resulting zones to DNS providers such as Route53, CloudFlare, and Gandi. It ca...

PhishLulz - Ruby toolset aimed at automating Phishing activities

PhishLulz is a Ruby toolset aimed at automating Phishing activities. When you start a phishing campaign, a dedicated Amazon EC2 Debian 7 instance is spawned. The VM comes with various open source tools that have been glued together. The two main components are: PhishingFrenzy...

Namecheap Accounts Compromised in Data Breach

LA-based domain name registrar and hosting company Namecheap warned its customers on Monday that cybercriminals have begun accessing their accounts by using the list of credentials gathered from third-party websites. The Hosting company confirmed the security breach and informed that the hackers...

DNS Registrar Fixes Hijack Vulnerability

UPDATE: The domain registrar and Web-hosting company Namecheap has fixed a cross-site request forgery vulnerability in its DNS setup page. According to security researcher Henry Hoggard, the bug could have given an attacker the ability to hijack domain name system servers and redirect incoming...