The maintainers of APKLeaks have patched a critical vulnerability that could lead to remote execution of arbitrary code. Created by Indonesia-based security engineer Dwi Siswanto, APKLeaks is open source software for scanning Android application package (APK) files for URLs, endpoints, and secrets. The application is used by FirmwareDroid, a backend solution for Android firmware analysis. In a security advisory published on GitHub on January 21, the software’s maintainers said the security flaw “allows remote authenticated attackers to execute arbitrary OS commands via [the] package name inside application manifest”. Escalated CVSS The vulnerability, described as an...
Search Results for: malware
“An internal document recently exchanged between a Belarusian railway lead engineer and a Russian railway head of IT department.” (Belarusian Cyber Partisans / Twitter) The Belarusian Railways Hack In the days after a group of Belarusian hackers announced they’d breached the network of the country’s railway system, encrypted data and demanded the expulsion of Russian troops and the release of political prisoners, a lot remains unclear. But the Belarusian Cyber Partisans, the hacktivist group behind the attacks, posted a series of screenshots to Twitter Monday afternoon showing what they say show “internal...
Some citizens’ personal information was available to view online A misconfigured database managed by a California public office has potentially exposed the sensitive medical information of citizens. County of Kings, in mid-California, announced that the security flaw in its public webserver made limited information on Covid-19 cases available on the internet. The incident was discovered on November 24, 2021, and involved records obtained by the County’s Public Health Department from the California Department of Public Health and County healthcare providers. An investigation determined that the misconfiguration resulted from an error made by a...
Hackers have breached the Segway website and placed malicious code on its online store to collect payment card details from online shoppers. “The website was compromised at least since January 6th,” antivirus maker Malwarebytes said on Monday. The security firm said the attack was still ongoing at the time it published its blog post and security alert. A spokesperson from Segway did not return a request for comment, but an inspection of the store’s source code suggests the company has removed the malicious code. Segway website hacked and malicous...
Dangerous vulnerability was discovered in Dark Souls III videogame that can be used to gain control of a gamer’s computer. The gaming community is discussing a recent vulnerability in the Dark Souls III videogame. This RCE vulnerability allows attackers to remotely execute arbitrary code on a victim’s computer. Apparently, the vulnerability also affects earlier games in the Dark Soul series: because of this, the developers have taken the unusual step of temporarily deactivating PvP servers across Dark Souls Remastered, Dark Souls II, and Dark Souls III. According to the developers, they also plan...
Since December 2021, a growing trend in phishing campaigns has emerged that uses malicious PowerPoint documents to distribute various types of malware, including remote access and information-stealing trojans. According to a report by Netskope’s Threat Labs shared with Bleeping Computer before publication, the actors are using PowerPoint files combined with legitimate cloud services that host the malware payloads. The families deployed in the tracked campaign are Warzone (aka AveMaria) and AgentTesla, two powerful RATs and info-stealers that target many applications, while the researchers also noticed the dropping of cryptocurrency...
Russian news agency Tass reported over the weekend that the “purported founder” of a notorious cybercrime group known as Infraud Organisation has been arrested In February 2018, when the US Department of Justice (DOJ) unleashed indictments against 36 defendants alleged to be part of what the DOJ described at the time as: [A] cybercriminal enterprise engaged in the large-scale acquisition, sale, and dissemination of stolen identities, compromised debit and credit cards, personally identifiable information, financial and banking information, computer malware, and other contraband. As a side-effect of the American indictment, 13 people were...
Russia has sent more than 100,000 soldiers to the nation’s border with Ukraine, threatening a war, unlike anything Europe has seen in decades. Though there hasn’t been any shooting yet, cyber operations are already underway. Soldiers and tanks may care about national borders, Cyber doesn’t Russia has sent more than 100,000 soldiers to the nation’s border with Ukraine, threatening a war unlike anything Europe has seen in decades. Though there hasn’t been any shooting yet, cyber operations are already underway. Last week, hackers defaced dozens of government websites in...
Pwndora is a mass and fast IPv4 address range scanner, integrated with multi-threading. Using sockets, it analyzes which ports are open, and collects more information about targets, each result is stored in Elasticsearch. You can integrate with Kibana to be able to visualize and manipulate data, essentially, it’s like having your own IoT search engine at home. Pwndora Features Port scanning with different options and retrieve software banner information. Detect some web technologies running on servers, using Webtech integration. Retrieves IP geolocation from Maxmind free database, updated periodically. Possibility to take screenshots from...
The U.S. Treasury Department announced today sanctions against Volodymyr Oliynyk, a former Ukrainian official, for collecting and sharing info on critical Ukrainian infrastructure with Russia’s Federal Security Service (FSB). “In 2021, Oliynyk worked at the direction of the FSB to gather information about Ukrainian critical infrastructure,” the Treasury Department said. “As in previous Russian incursions into Ukraine, repeated cyber operations against Ukraine’s critical infrastructure are part of Russia’s hybrid tactics to threaten Ukraine. According to the Treasury’s Office of Foreign Assets Control (OFAC), the information provided by Oliynyk would...
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu