Acuity, the tech firm from which hackers claim to have stolen data belonging to the US Department of State and other government agencies, has confirmed experiencing a cybersecurity incident, but says the compromised data is not sensitive. A well-known hacker named IntelBroker announced this week on a cybercrime forum the release of documents belonging to "the Five Eyes Intelligence Group". READ MORE...
Browser fingerprinting is one of many tactics phishing site authors use to evade security checks and lengthen the lifespan of malicious campaigns. While browser fingerprinting has been used by legitimate organizations to uniquely identify web browsers for nearly 15 years, it is now also commonly exploited by cybercriminals: a recent study shows one in four phishing sites using some form of this technique. READ MORE...
Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations. HTTP/2 is an update to the HTTP protocol standardized in 2015, designed to improve web performance by introducing binary framing for efficient data transmission, multiplexing to allow multiple requests and responses over a single connection, and header compression to reduce overhead. READ MORE...
Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security. What makes the reported attacks particularly interesting is that traditional cybercriminals may not be behind them, but rather "forensic companies" exploiting two vulnerabilities to extract information and prevent remote wiping. READ MORE...
At first, analysts thought the downloader was a variant of well-known malware IcedID - but it turns out Latrodectus is something new altogether. The malware is being used by initial access brokers (IABs) in email threat campaigns, and researchers behind the discovery at Proofpoint and Team Cymru S2 Threat Research Team predict Latrodectus will continue gaining momentum among threat actors. That's due in large part to its ability to evade sandbox detection, the researchers said. READ MORE...
Ivanti initiated an overhaul of its internal security practices after critical vulnerabilities in the company's core product line were exploited over a months-long campaign linked to a suspected nation-state threat actor. Ivanti CEO Jeff Abbott issued a letter and video statement on Wednesday pledging to revamp its product security, vulnerability management and fully embrace secure by design and secure by default principles. READ MORE...
Threat actors are exploiting a critical vulnerability in Magento to inject a persistent backdoor into ecommerce websites, cybersecurity firm Sansec reports. The issue, tracked as CVE-2024-20720 (CVSS score of 9.1), is described as an OS command injection flaw leading to arbitrary code execution without user interaction. Adobe resolved the critical vulnerability in February 2024 in both Adobe Commerce and Magento, as part of its Tuesday Patch updates. READ MORE...