IM
IronMonkey Threat Research
LIVE
|
Articles 27,088
|
CVEs 348,689
|
APT Groups 800
|
Tools 2,196
|
Updated recently
Today Yesterday All 27,056 articles — Page 836 of 902
WeLiveSecurity ·

Sometimes there’s more than just an enticing product offer hiding behind an ad

Maxwell Dulin's Resources ·

WhatsUp Gold gives a user visbility into applications, network devices and servers. To do this, it requires a lot of credentials, making it a good target for attackers. While tracing out some...

Maxwell Dulin's Resources ·

Thorchain is a cross chain bridging platform with DeFi elements. In the Thorchain router on EVM, there is a call made to an arbitrary contract with a low level call. If this fails, then an ETH...

Energy
Maxwell Dulin's Resources ·

Cross chain bridging platforms require on-chain and off-chain components. For Ethereum, the common practice is emitting an event in the EVM, which will be processed off-chain. After the processing...

Energy
Maxwell Dulin's Resources ·

Roundcube is an open source webmail software that enables users to check emails in their browser. Many government agencies use it, making it a good target for exploitation. Naturally, the biggest...

Winter Vivern Defense Industrial Base Government Facilities
Cloud Threat Landscape ·

Researchers discovered a new attack exploiting the CVE-2023-22527. The attack uses an in-memory fileless backdoor, known as the Godzilla webshell. The Godzilla backdoor uses AES encryption for...

Information Technology Energy
Maxwell Dulin's Resources ·

ZKSync was launching the Aave V3 pool on their chain. While activating this they noticed a major bug. The bug only happened after a complex flow of supplying and borrowing assets. Since things...

Wiz Blog | RSS feed ·

Research report benchmarks vendor innovation and growth performance in CSPM.

Information Technology Chemical
Threat Analysis Group (TAG) ·

an image of a blue square with the embedded text "Google" and "Threat Analysis Group"

Financial Services
Checkmarx Zero - Medium ·

For over a year, a persistent malware campaign has been targeting Roblox developers through malicious NPM packages. By mimicking the popular “noblox.js” library, attackers have published dozens of...

Critical Manufacturing
None ·

Wi-Fi Hacking is much easier than most people think and the way to achieve it is some common techniques that most hackers use. With a few simple steps, the average user can protect their home router…

Communications Critical Manufacturing
Recorded Future ·

Explore 2024 Check Fraud Report: Rising U.S. fraud trends, geographic hotspots, and threat actors, with insights from Telegram data.

WeLiveSecurity ·

The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become

Financial Services
WeLiveSecurity ·

Demystifying CVE-2024-7262 and CVE-2024-7263

APT-C-60
Recorded Future ·

We are thrilled to announce our latest development for our integration of Recorded Future with Google Security Operations, also known as Security Operations (Formerly known as Google Chronicle).

Nuclear
Cloud Threat Landscape ·

The critical vulnerability CVE-2023-22527 is being actively exploited for cryptojacking activities, turning affected Confluence Data Center and Server instances into cryptomining networks....

Information Technology Financial Services
Maxwell Dulin's Resources ·

USDC is one of the biggest assets in crypto by usage and TVL. Circle, the owners of USDC, created the protocol Cross Chain Transfer Protocol (CCTP). Although this is a general message passing...

Transportation Systems
WeLiveSecurity ·

In the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors

Critical Manufacturing
Maxwell Dulin's Resources ·

As a precursory, I really don't like how this article is written. It takes more time to hype up the bug and the companies work than actually explain the vulnerability. Additionally, the...

Information Technology Financial Services
WeLiveSecurity ·

The world of Android threats is quite vast and intriguing. In this episode, Becks and Lukáš demonstrate how easy it is to take over your phone, with some added tips on how to stay secure

The DFIR Report ·

Key Takeaways In December 2023, we observed an intrusion that started with the execution of a Cobalt Strike beacon and ended in the deployment of BlackSuit ransomware. The threat actor … Read More

Information Technology
Checkmarx Zero - Medium ·

In July 2024, the software supply chain security landscape faced unprecedented challenges, marked by sophisticated attacks from state-sponsored actors and organized cybercriminal groups. North...

Information Technology Financial Services
WeLiveSecurity ·

Phishing using PWAs? ESET Research's latest discovery might just ruin some users' assumptions about their preferred platform's security

Financial Services
Cloud Threat Landscape ·

The threat actor group Bling Libra (behind ShinyHunters ransomware) has been observed infiltrating an organization's Amazon Web Services (AWS) environment, focusing on extortion rather than...

Wiz Blog | RSS feed ·

Attackers can take advantage of a quirk of the default AWS configuration (without SourceIdentity configured) to potentially make detecting and attributing their actions more difficult.

WeLiveSecurity ·

Android malware discovered by ESET Research relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM

Financial Services Communications
Wiz Blog | RSS feed ·

This case study serves to highlight the importance of rapid, heuristic, accurate, and contextualized detection and response in the cloud.

Information Technology Government Facilities
WeLiveSecurity ·

Should the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with

Financial Services Chemical
Maxwell Dulin's Resources ·

The authors of the post were trying to find SSRF bugs within Microsoft Copilot after finding 2 but recently patched bugs. They found that when providing key phrases it was possible to trigger an...

Information Technology Financial Services
Research & Threat Intel News- Outpost24 Blog ·

Welcome to the Threat Context monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber Threat...

Financial Services Information Technology