New Kritec Magecart skimmer found on Magento stores

Threat actors often compete for the same resources, and this couldn't be further from the truth when it comes to website compromises. After all, if a vulnerability exists one can expect that it will be exploited more than once. In the past, we have seen such occurrences with Magecart threat actor...

Chinese APT41 Hackers Broke into at Least 6 U.S. State Governments: Mandiant

APT41, the state-sponsored threat actor affiliated with China, breached at least six U.S. state government networks between May 2021 and February 2022 by retooling its attack vectors to take advantage of vulnerable internet-facing web applications. The exploited vulnerabilities included "a zero-d...

APT37 (Reaper): The Overlooked North Korean Actor

On Feb. 2, 2018, we published a blog detailing the use of an Adobe Flash zero-day vulnerability CVE-2018-4878 by a suspected North Korean cyber espionage group that we now track as APT37 Reaper. Our analysis of APT37’s recent activity reveals that the group’s operations are expanding in scope and...

Photo Transfer Upload v1.0 iOS - Multiple Vulnerabilities

Document Title: =============== Photo Transfer Upload v1.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1047 Release Date: ============= 2013-08-15 Vulnerability Laboratory ID VL-ID: ====================================...

Exploit Kits Employing Obfuscation to Prevent Analysis

The creators of the Phoenix exploit kit have begun using obfuscation and other techniques to prevent security researchers and others from reverse-engineering the installation process for the kit, adopting a tactic that has become increasingly popular among attackers recently. The Phoenix exploit...