Sat.Aug 15, 2020

article thumbnail

XCSSET Mac spyware spreads via Xcode Projects

Security Affairs

A new Mac malware, tracked as XCSSET, spreads through Xcode projects and exploits two zero-day vulnerabilities, experts warn. XCSSET is a new Mac malware that spreads through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks. The first zero-day issue is used to steal cookies via a flaw in the behavior of Data Vaults , while the second one is used to abuse the development version of Safari.

Spyware 123
article thumbnail

ATM Hackers Have Picked Up Some Clever New Tricks

WIRED Threat Level

Over the last few years, so-called jackpotting attacks have gotten increasingly sophisticated—while cash machines remain largely the same.

Hacking 139
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Sodinokibi ransomware gang stole 1TB of data from Brown-Forman

Security Affairs

Sodinokibi (REvil) ransomware operators announced on Friday to have hacked Brown-Forman, one of the largest U.S. firm in the spirits and wine business. Sodinokibi (REvil) ransomware operators announced last week to have breached the network of the Brown-Forman, one of the largest U.S. firm in the spirits and wine business. Threat actors claim to have exfiltrated 1TB of confidential data and plan to put it up for auction the most sensitive info and leak the rest.

article thumbnail

The NSA and FBI Expose Fancy Bear's Sneaky Hacking Tool

WIRED Threat Level

Plus: TikTok tracking, Russian SIMs, and more of this week's top security news.

Hacking 142
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

PoC exploit code for two Apache Struts 2 flaws available online

Security Affairs

Security researchers have discovered a PoC exploit code available online that can be used to trigger unpatched security flaws in Apache Struts 2. Security researchers have discovered a PoC code and exploit available on GitHub that that can be used to trigger the security vulnerabilities in Apache Struts 2. The Proof-of-concept exploit code was released last week, it allows to trigger the CVE-2019-0230 and CVE-2019-0233 vulnerabilities in Apache Struts 2 that are classified as remote code-executi

article thumbnail

Emotet malware employed in fresh COVID19-themed spam campaign

Security Affairs

The Emotet malware has begun to spam COVID19-themed emails to U.S. businesses after not being active for most of the USA pandemic. The infamous Emotet malware is back, operators have begun to spam COVID-19 themed emails to the U.S. businesses. Early this year, the Emotet malware was employed in spam COVID19-themed campaigns that targeted those countries that were already affected by the pandemic.

Malware 97