Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the...

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the...

34 Cybercriminals Arrested in Spain for Multi-Million Dollar Online Scams

Spanish law enforcement officials have announced the arrest of 34 members of a criminal group that carried out various online scams, netting the gang about €3 million $3.2 million in illegal profits. Authorities conducted searches across 16 locations Madrid, Malaga, Huelva, Alicante, and Murcia,...

sim-central.nl Cross Site Scripting vulnerability OBB-3740225

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-5288

A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary may also reset the SIM and in the worst case upload a new firmware version to the device...

SICK SIM1012 Security Vulnerability

SICK SIM Series is a series of sensor integrators from SICK, Germany. A security vulnerability exists in the SICK SIM1012. An attacker could use this vulnerability to interact with the device and change configuration settings...

CVE-2023-28208

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM...

Kroll SIM-Swapping Attack Causes Data Breach at 3 Top Crypto Firms

By Habiba Rashid Cryptocurrency firms, including FTX, BlockFi, and Genesis, have contacted victims of data breaches caused by a sim-swapping attack… This is a post from HackRead.com Read the original post: Kroll SIM-Swapping Attack Causes Data Breach at 3 Top Crypto Firms...

Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack

Risk and financial advisory solutions provider Kroll on Friday disclosed that one of its employees fell victim to a "highly sophisticated" SIM swapping attack. The incident, which took place on August 19, 2023, targeted the employee's T-Mobile account, the company said. "Specifically, T-Mobile,...

Kroll Employee SIM-Swapped for Crypto Investor Data

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters...

Two LAPSUS$ Hackers Convicted in London Court for High-Profile Tech Firm Hacks

Two U.K. teenagers have been convicted by a jury in London for being part of the notorious LAPSUS$ aka Slippy Spider transnational gang and for orchestrating a series of brazen, high-profile hacks against major tech firms and demanding a ransom in exchange for not leaking the stolen information...

Scattered Spider: The Modus Operandi

Scattered Spider: The Modus Operandi By Trellix · August 17, 2023 This story was also written by Phelix Oluoch Executive Summary Scattered Spider, also referred to as UNC3944, Scatter Swine, and Muddled Libra, is a financially motivated threat actor group that has been active since May 2022...

CVE-2023-21268

In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation...

Path traversal

In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21268

In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21268

CVE-2023-21268 concerns a path traversal issue in the Android MmsProvider.java update that can alter directory permissions. The vulnerability enables a local attacker to trigger a denial of service affecting SIM recognition, without requiring additional execution privileges. Exploitation is descr...

CVE-2023-21268

In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-264880895

In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation...

SAMSUNG Mobile device 缓冲区错误漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile device SMR Jul-2023 Release 1 version, which originates from an out-of-bounds write in the...

CVE-2023-21629

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files...