Frequent verification codes may appear for non-Mainland China IP visits. If visitors are severely affected, please send [IP|ASN](|AS14618) to the bottom mailbox to add to the whitelist


1hour ago   Android app with over 5m downloads leaked user browsing history    #Security Affairs #安全文章 The Android app Web Explorer – Fast Internet left an open instance, exposing a trove of sensitive data that malicious actors could use to check specific users’ browsing history. Original post at A browsing app for Android devic

2hour ago   APT37 used Internet Explorer Zero-Day in a recent campaign    #Security Affairs #安全文章 Google warns that the North Korea-linked APT37 group is exploiting Internet Explorer zero-day flaw to spread malware. North Korea-linked APT37 group (aka ScarCruft, Reaper, and Group123) actively exploited an Internet Explorer zero-day vulnerability, tracked as CVE-2022-41128, in attacks aimed at So

yday 23:18   New Go-based botnet Zerobot exploits dozens of flaws    #Security Affairs #安全文章 Researchers discovered a new Go-based botnet called Zerobot that exploits two dozen security vulnerabilities IoT devices. Fortinet FortiGuard Labs researchers have discovered a new Go-based botnet called Zerobot that spreads by exploiting two dozen security vulnerabilities in the internet of things

yday 19:11   Pwn2Own Toronto 2022 hacking competition. Samsung S22 hacked    #Security Affairs #安全文章 The Pwn2Own Toronto 2022 hacking competition has begun, this is the 10th anniversary of the consumer-focused version of the contest. The news of the Samsung Galaxy S22 hack on the first day of Pwn2Own Toronto 2022 made the headlines. White hat hackers that participated in the competition hacked the

yday 15:03   Sophos fixed a critical flaw in its Sophos Firewall version 19.5    #Security Affairs #安全文章 Sophos addressed several vulnerabilities affecting its Sophos Firewall version 19.5, including arbitrary code execution issues. Sophos has released security patches to address seven vulnerabilities in Sophos Firewall version 19.5, including some arbitrary code execution bugs. The most severe issue a

dby 00:37   Russia’s second-largest bank VTB Bank under DDoS attack    #Security Affairs #安全文章 Russia’s second-largest bank VTB Bank reveals it is facing the largest DDoS (distributed denial of service) attack in its history. State-owned VTB Bank, the second-largest financial institution in Russia, says it is facing the largest DDoS (distributed denial of service) attack in its history.

dby 22:18   A flaw in the connected vehicle service SiriusXM allows remote car hacking    #Security Affairs #安全文章 Researchers discovered a security flaw in the connected vehicle service SiriusXM that exposes multiple car models to remote attacks. Cybersecurity researchers discovered a security vulnerability in the connected vehicle service provided by SiriusXM that can allow threat actors to remotely attack veh

dby 18:39   Ransomware Toolkit Cryptonite turning into an accidental wiper    #Security Affairs #安全文章 Researchers spotted a version of the open-source ransomware toolkit Cryptonite that doesn’t support decryption capabilities. Fortinet researchers discovered a sample of malware generated with the publicly available open-source ransomware toolkit Cryptonite that never offers the decryption wind

dby 16:14   Crook sentenced to 18 months for stealing $20M in SIM swapping attack    #Security Affairs #安全文章 Nicholas Truglia, from Florida, US, was sentenced to 18 months in prison for stealing more than $20 million in a SIM swapping scheme. DoJ announced that Nicholas Truglia (25) was sentenced to 18 months in prison for the theft of over $20 million worth of cryptocurrency through SIM swapping attacks.

2022-12-05 22:48   French hospital cancels operations after a ransomware attack    #Security Affairs #安全文章 A French hospital near Paris canceled operations and transfer some patients due to a cyber attack suffered over the weekend. France’s health ministry announced that the Hospital Centre of Versailles was hit by a cyber attack over the weekend. Hospital Centre of Versailles, which includes Andre

2022-12-05 20:13   Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web    #Security Affairs #安全文章 Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. “In the Box” dark web marketplace is leveraged by cybercriminals to attack over 300 financial institutions (FIs), payment systems, social media and online-ret

2022-12-05 18:36   Critical Ping bug potentially allows remote hack of FreeBSD systems    #Security Affairs #安全文章 A critical stack-based buffer overflow bug, tracked as CVE-2022-23093, in the ping service can allow to take over FreeBSD systems. The maintainers of the FreeBSD operating system released updates to address a critical flaw, tracked as CVE-2022-23093, in the ping module that could be potent

2022-12-05 14:40   Lazarus APT uses fake cryptocurrency apps to spread AppleJeus Malware    #Security Affairs #安全文章 The North Korea-linked Lazarus APT spreads fake cryptocurrency apps under the fake brand BloxHolder to install the AppleJeus malware. Volexity researchers warn of a new malware campaign conducted by the North Korea-linked Lazarus APT against cryptocurrency users. The threat actors were observed spre

2022-12-05 03:14   Law enforcement agencies can extract data from thousands of cars’ infotainment systems    #Security Affairs #安全文章 Law enforcement agencies can extract data from the infotainment systems of thousands of different car models. Data managed by infotainment systems in modern vehicles are a valuable source of information for the investigation of law enforcement agencies. Modern vehicles come with sophisticated infota

2022-12-04 19:53   US DHS Cyber Safety Board will review Lapsus$ gang’s operations    #Security Affairs #安全文章 US DHS Cyber Safety Review Board will review attacks linked to the Lapsus$ extortion gang that hit multiple high-profile companies. The Department of Homeland Security (DHS) Cyber Safety Review Board announced that it will review cyberattacks linked to the extortion gang Lapsus$, the gang breached m