October 2024

Gang gobbles 15K credentials from cloud and email providers’ garbage Git configs

Emeraldwhale looked sharp – until it made a common S3 bucket mistake A criminal operation dubbed Emeraldwhale has been discovered after it dumped more than 15,000 credentials belonging to cloud service and email providers in an open AWS S3 bucket, according to security researchers.…

LottieFiles supply chain attack exposes users to malicious crypto wallet drainer

A scary few Halloween hours for team behind hugely popular web plugin LottieFiles is overcoming something of a Halloween fright after battling to regain control of a compromised developer account that was used to exploit users' crypto wallets.…

Tower PC case used as ‘creative cavity’ by drug importer

Motherboard missing, leaving space for a million hits of meth Australian police have arrested a man after finding he imported what appear to be tower PC cases that were full of illicit drugs.…

Chinese attackers accessed Canadian government networks – for five years

India makes it onto list of likely threats for the first time A report by Canada's Communications Security Establishment (CSE) revealed that state-backed actors have collected valuable information from government networks for five years.…

Windows Themes zero-day bug exposes users to NTLM credential theft

Plus a free micropatch until Redmond fixes the flaw There's a Windows Themes spoofing zero-day bug on the loose that allows attackers to steal people's NTLM credentials.…

Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info

If you're gonna come at the mouse, you need to be better at hiding your tracks A disgruntled ex-Disney employee has been arrested and charged with hacking his former employer's systems to alter restaurant menus with potentially deadly consequences. …

Russian spies use remote desktop protocol files in unusual mass phishing drive

The prolific Midnight Blizzard crew cast a much wider net in search of scrummy intel Microsoft says a mass phishing campaign by Russia's foreign intelligence services (SVR) is now in its second week, and the spies are using a novel info-gathering technique.…

Beijing claims it’s found ‘underwater lighthouses’ that its foes use for espionage

Release the Kraken! China has accused unnamed foreign entities of using devices hidden in the seabed and bobbing on the waves to learn its maritime secrets.…

Uncle Sam outs a Russian accused of developing Redline infostealing malware

Or: why using the same iCloud account for malware development and gaming is a bad idea The US government has named and charged a Russian national, Maxim Rudometov, with allegedly developing and administering the notorious Redline infostealer. …

Cast a hex on ChatGPT to trick the AI into writing exploit code

'It was like watching a robot going rogue' says researcher OpenAI's language model GPT-4o can be tricked into writing exploit code by encoding the malicious instructions in hexadecimal, which allows an attacker to jump the model's built-in security guardrails and abuse the AI for evil purposes, according to…

Copyright © 2024 Lugapel