NopSec

MAY 31, 2023

May was a rather quiet month for security research, but an excellent write up filtered to the masses from the Pwn2own 2023 conference held in Vancouver, B.C. Finally, it wouldn’t be a worthy blog post if we didn’t include a nugget from patch Tuesday. tar file manipulation. tar file manipulation. x) and VMware Fusion (13.x)

Risk 52

Risk Accountability Authentication Passwords 52

Kali Linux

DECEMBER 4, 2023

With 2023 coming to an end and before the holiday season starts, we thought today would be a good time to release Kali 2023.4. Additionally, David Bombal’s Raspberry Pi 5 Kali Linux install in 10 minutes came out to show off our initial work of Kali Linux on the Raspberry Pi 5. And is looking pretty in the process!

Architecture 145

Architecture Passwords Firmware Software 145

Security Affairs

MARCH 2, 2023

Researchers from eSentire have foiled 10 cyberattacks targeting six different law firms throughout January and February of 2023. This forum hosted a ZIP archive that contains the malicious.js Cyber criminals are targeting law firms with GootLoader and FakeUpdates (aka SocGholish) malware families. ” continues the analysis.

Malware 94

Malware Ransomware Engineering Internet 94

Security Boulevard

JULY 7, 2023

This blog post provides an in-depth analysis of this emerging malware campaign and its corresponding infection chain. TOITOIN Infection Chain In May 2023, diligent threat hunters within the Zscaler cloud, recognized as the world's largest security cloud, made a significant breakthrough. Read on to learn more about this alarming threat.

Malware 104

Malware Encryption Phishing Internet 104

SecureList

FEBRUARY 16, 2023

blogging platform that posted a gallery of children’s drawings, encouraging users to vote for their favorites. Noon spyware (4.89%) moved up to second place, and Badun Trojans (4.61%) spreading as archived electronic documents moved down to third place. Scammers created a page on the telegra.ph

Phishing 91

Phishing Scams Accountability Energy and Utilities 91

SecureList

JUNE 20, 2023

In this blog post, we’ll discuss the results of a vulnerability research study focused on a popular model of smart pet feeder. The package is a compressed archive protected by a password. However, as these devices become more sophisticated, they also become more vulnerable to cyberattacks.

Firmware 87

Firmware Passwords Manufacturing Mobile 87

SecureList

MARCH 28, 2023

The installer is missing a digital signature and is just a RAR SFX (self-extracting executable) archive. A password-protected RAR archive (random password). The SFX starts the original torbrowser.exe as a disguise, while also running the RAR extraction tool on the embedded password-protected RAR archive.

Cryptocurrency 102

Cryptocurrency Malware Banking Passwords 102