Cisco Warns of Active Exploitation of Flaw in Carrier-Grade Routers
Multiple flaws in system software that causes errors in packet handling could allow an attacker to consume memory and crash devices.
Source: Threadpost
Operation PowerFall: CVE-2020-0986 and variants
In August 2020, we published a blog post about Operation PowerFall. This targeted attack consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer 11 and an elevation...
Chinese APT Debuts Sepulcher Malware in Spear-Phishing Attacks
The RAT has been distributed in various campaigns over the past six months, targeting both European officials and Tibetan dissidents.
Source: Threadpost
Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws
Two flaws - one of them yet to be fixed - are afflicting a third-party plugin used by Magento e-commerce websites.
Source: Threadpost
U.S. Voter Databases Offered for Free on Dark Web, Report
Some underground forum users said they're monetizing the information through the State Department's anti-influence-campaign effort.
Source: Threadpost
Magecart Credit-Card Skimmer Adds Telegram as C2 Channel
In a rare move, the encrypted messaging service is being used to send stolen payment-card data from websites back to cybercriminals.
Source: Threadpost
FBI: Ring Smart Doorbells Could Sabotage Cops
While privacy advocates have warned against Ring's partnerships with police, newly unearthed documents reveal FBI concerns about 'new challenges' smart doorbell footage could create for cops.
Source: Threadpost
Pioneer Kitten APT Sells Corporate Network Access
The Iran-based APT has infiltrated multiple VPNs using open-source tools and known exploits.
Source: Threadpost
Apple Accidentally Notarizes Shlayer Malware Used in Adware Campaign
The notarized malware payloads were discovered in a recent MacOS adware campaign, disguised as Adobe Flash Player updates.
Source: Threadpost
Charming Kitten Returns with WhatsApp, LinkedIn Effort
The Iran-linked APT is targeting Israeli scholars and U.S. government employees in a credential-stealing effort.
Source: Threadpost