-
Hackers Steal Session Cookies to Bypass Multi-factor Authentication
Cyber attackers continue to up their game. One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). The new attack method, reported by Sophos researchers yesterday, is already growing in use. The “cookie-stealing cybercrime spectrum” is broad, the researchers wrote, ranging from “entry-level […]
-
New Linux Exploit ‘Dirty Cred’ Revealed at Black Hat
A new Linux kernel exploitation called Dirty Cred was revealed at last week’s Black Hat security conference. Zhenpeng Lin, a PhD student, and a team of researchers worked on an alternative approach to the infamous Dirty Pipe vulnerability that affected Linux kernel versions 8 and later. Dity Pipe is a major flaw that allows attackers […]
-
CI/CD Pipeline is Major Software Supply Chain Risk: Black Hat Researchers
Continuous integration and development (CI/CD) pipelines are the most dangerous potential attack surface of the software supply chain, according to NCC researchers. The presentation at last week’s Black Hat security conference by NCC’s Iain Smart and Viktor Gazdag, titled “RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise,” builds on previous work NCC […]
-
Cobalt Strike Inspires Next-generation Crimeware
Cobalt Strike is a legitimate vulnerability scanning and pentesting tool that has long been a favorite tool of hackers, and it’s even been adapted by hackers for Linux environments. And now it’s inspiring imitators. Cisco Talos researchers have disclosed a new toolset used in the wild by threat actors as an alternative to Cobalt Strike […]
-
Hackers Find Alternatives to Microsoft Office Macros
Hackers have been exploiting macros in Microsoft Office products for years, but now their tactics are changing as Microsoft has begun blocking macros by default. The typical attack scenario involves phishing via email attachments, such as Word, Excel or PowerPoint documents containing malicious macros infected with malware. Such documents are common in enterprises, and the […]
-
New Linux Malware Surges, Surpassing Android
Linux malware is skyrocketing and now surpasses both macOS and Android, according to a new report, suggesting that cybercriminals are increasingly targeting the open source operating system. The Atlas VPN report said the number of new Linux malware samples collected soared by 646% from the first half of 2021 to the first half of 2022, […]
-
How to Secure DNS
The domain name system (DNS) is basically a directory of addresses for the internet. Your browser uses DNS to find the IP for a specific service. For example, when you enter esecurityplanet.com, the browser queries a DNS service to reach the matching servers, but it’s also used when you send an email. It is handy […]
-
Lilith: The Latest Threat in Ransomware
Discovered by malware hunter JAMESWT on Twitter, Lilith is ransomware designed to lock Windows machines. The malware exfiltrates data before encrypting the targeted devices to provide additional means of extortion. The ransom note contains the following ultimatum and instructions: Victims have three days to contact the threat actors on a hidden Onion website to pay […]
-
New Highly-Evasive Linux Malware Infects All Running Processes
Intezer Labs security researchers have identified a sophisticated new malware that targets Linux devices. Dubbed OrBit, the malware can gain persistence quickly, evade detection and hide its presence in network activity by manipulating logs. The module hooks functions called in shared libraries, which is pretty common for malware, but it also implements “advanced evasion techniques” […]
-
25 Most Dangerous Software Vulnerabilities & Flaws Identified by MITRE
MITRE has released its latest list of the top 25 most exploited vulnerabilities and exposures found in software. The MITRE CWE list is different from the product-specific CVE lists from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and other agencies and instead focuses on more generic software development weaknesses, similar to the OWASP list […]
