The Fuel Network ran an Immunefi contest for the entire network. From their custom VM to compilers to the bridge... lots of attack surface. The author of this post dove into the compiler and...
The new AI-powered remediation 2.0 combines the power of GenAI with the Wiz Research Team’s expertise in identifying cloud-native attack paths.
In the lead up to the 2024 US presidential election on Nov. 5, Democratic candidate Kamala Harris’ campaign mentioned the phrase “Donald Trump” more than they did “Kamala Harris” in advertisements...
This report comprehensively covers real-world cyber threats and security issues that have occurred in the financial industry both in Korea and abroad. This article includes an analysis of malware...
As part of our ongoing security efforts, we continuously monitor and detect malicious packages within various software ecosystems. Recently, we uncovered a unique supply chain attack through the...
Memory corruption vulnerabilities are 60%-70% of the issues exploited in the wild. There are many other classes of bugs so why are these so popular? This is what the article tackles. Ironically,...
Cybersecurity is an incredibly broad topic. Even the category of offensive cybersecurity is quite broad. In this article, they do a comparison between code auditing and vulnerability research....
As cyber threats evolve, manufacturing’s operational technology (OT) environments urgently need robust cybersecurity solutions. Dragos and Rockwell Automation collaborate to... The post 3...
This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in October 2024, as well as notable ransomware issues in Korea and other...
Overview AhnLab has been using AhnLab Smart Defense (ASD) to monitor advanced persistent threat (APT) attacks against targets in Korea. This report will cover the types and statistics of APT...
Filecoin is a decentralized p2p network allowing users to store and retrieve files on the Internet. Users (data owners) pay to store their files with storage providers (computers that store...
A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California...
EVMOS is a Cosmos SDK blockchain that integrates the EVM into it. From reading the documentation (shown in the next bullet point), they sent the distribution module some tokens. As stated in the...
Pwn2Own is a prestigious hacking competition for various devices. This entry was for the Synology TC500 camera running ARM 32-bit. The authors found a format string vulnerability in a custom...
Keyclock is a single sign-on provider. While on a project for a client, they identified a flaw in the authentication system. In Keyclock, the levels of security depend on the level of...
Takeaway.com is an online food delivery system. The author of this post found an Android-based kiosk online for super cheap so they decided to buy one. Their goal was a Kiosk escape while using...
Browser extensions have extra capabilities compared to web pages but are still sandboxed from running full code on the system. Extensions have access to some extra APIs but it's still quite...
Browser extensions have extra capabilities compared to web pages but are still sandboxed from running full code on the system. Extensions have access to some extra APIs but it's still quite...
Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a...
ASEC Blog publishes “Android Malware & Security Issue 5st Week of October, 2024” 게시물 Android Malware & Security Issue 5st Week of October, 2024이 ASEC에 처음 등장했습니다.
Election interference, American Water and the Internet Archive breaches, new cybersecurity laws, and more – October saw no shortage of impactful cybersecurity news stories
Don’t get spooked: Navigate the risks of generative AI with proven strategies to protect your organization 👻
Cisco Talos has observed an unknown threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. The decoy email and fake PDF filenames are...
Supply chain attack in popular lottie-player library compromises websites with malicious Web3 wallet prompts – update or revert the library to avoid the compromised versions.
Insights from Recorded Future’s Predict: leaders tackle evolving threats, AI risks, ransomware, and resilience strategies to empower security teams globally.
Introduction The GreyNoise Labs team discovered the vulnerabilities below after pivoting off the payload flagged by Sift, an LLM-powered threat hunting tool we use to make Finding Signals in the...
On October 30, 2024, a supply chain attack was initiated against the popular JavaScript library lottie-player, injecting malicious code that populates a Web3 wallet connection prompt on legitimate...
On 2024-10-31, an incident was reported, involving Volt Typhoon, APT31, APT41, gaining initial access via Unknown, while using SSM misconfiguration abuse, to achieve Data exfiltration. The...
Introduction Cyber Threat Intelligence (CTI) analysts come from diverse backgrounds, and their roles can vary a lot depending on the type of organisation they work for. The path to becoming a CTI...
Prioritizing vulnerabilities in the cloud can be overwhelming - Learn how teams adopt a workflow structured for speed and accuracy.