Sat.Apr 20, 2024

article thumbnail

GitHub comments abused to push malware via Microsoft repo URLs

Bleeping Computer

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy.

Malware 142
article thumbnail

Critical CrushFTP zero-day exploited in attacks in the wild

Security Affairs

Threat actors exploited a critical zero-day vulnerability in the CrushFTP enterprise in targeted attacks, Crowdstrike experts warn. CrushFTP is a file transfer server software that enables secure and efficient file transfer capabilities. It supports various features such as FTP, SFTP, FTPS, HTTP, HTTPS, WebDAV, and WebDAV SSL protocols, allowing users to transfer files securely over different networks.

Software 110

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Critical Forminator plugin flaw impacts over 300k WordPress sites

Bleeping Computer

The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server. [.

article thumbnail

WINELOADER: A Tool for Espionage and Disruption

Penetration Testing

A new campaign orchestrated by the notorious APT29 hacking group – widely associated with Russia’s Foreign Intelligence Service (SVR) – exposes a dangerous shift in tactics for this sophisticated threat actor. The group has... The post WINELOADER: A Tool for Espionage and Disruption appeared first on Penetration Testing.

article thumbnail

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

Speaker: Speakers:

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

article thumbnail

AI-Controlled Fighter Jets Are Dogfighting With Human Pilots Now

WIRED Threat Level

Plus: New York’s legislature suffers a cyberattack, police disrupt a global phishing operation, and Apple removes encrypted messaging apps in China.

article thumbnail

USENIX Security ’23 – PrivGraph: Differentially Private Graph Data Publication by Exploiting Community Information

Security Boulevard

Authors/Presenters: *Quan Yuan, Zhikun Zhang, Linkang Du, Min Chen, Peng Cheng, Mingyang Sun* Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.