Data Leak Outs Students of Iran’s MOIS Training Academy
A school for the Iranian state hackers of tomorrow has itself, ironically, been hacked.
A school for the Iranian state hackers of tomorrow has itself, ironically, been hacked.
Related
Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses
An ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, as ShinyHunters and Scattered Spider appear to be working hand in hand, new findings show. “This latest wave of ShinyHunters-attributed attacks reveals a dramatic shift in tactics, moving beyond the group’s previous credential theft and…
Patch Released for Critical vm2 Sandbox Escape Vulnerability
UPDATE April 19 2023: Updated to include another sandbox vulnerability in vm2 (CVE-2023-30547).Earlier this week, an update was released for a critical sandbox escape vulnerabilities in vm2 (CVE-2023-29017 and CVE-2023-29199) , which ultimately allows for remote code execution by an attacker. vm2 is a widely used module within the Node.js library that provides a sandbox…
Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware
Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. “Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate…
EU Sanctions Companies in China, Iran for Cyberattacks
Already sanctioned in the US and the UK, these rulings prohibit companies and a couple of principals from entering or doing business in the European Union.
Those ‘Summarize With AI’ Buttons May Lying to You
Microsoft uncovered AI recommendation poisoning in 31 companies across 14 industries, and turnkey tools make it trivially easy to pull off.
Mobile Applications: A Cesspool of Security Issues
An analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do?