Jan 12, 2024NewsroomDevSecOps / Software security GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction. Tracked as CVE-2023-7028, the flaw has been awarded the maximum severity of 10.0 on the CVSS scoring system and could facilitate account takeover by […]
Snitchy & Scratchy The brainchild of Atlanta based producer/polymath Jonah Swilley – a founding member of Mattiel and also known for his production work with Moonwalks and Night Beats – and Columbus, GA rapper Brandon ‘Bez’ Evans, Revival Season’s debut album, Golden Age Of Self Snitching is out next month and looks like it’ll turn […]
Defense evasion by exploiting CVE-2023-36025 Once the malicious .url file exploiting CVE-2023-36025 is executed, it connects to an attacker-controlled server to download and execute a control panel item (.cpl) file. Microsoft Windows Defender SmartScreen should warn users with a security prompt before executing the .url file from an untrusted source. However, the attackers craft a […]
Technical Analysis Zscaler ThreatLabz has previously analyzed DreamBus and its modules. Each DreamBus module is an Executable and Linkable Format (ELF) binary that is packed by UPX with a modified header and footer. This alteration is designed to prevent the UPX command-line tool from statically unpacking DreamBus binaries. The magic bytes UPX! (0x21585055) are typically […]
Scope Neglect comes via the mighty Mute empire Iceland-based Australian composer Ben Frost has released his first studio album in six years. Scope Neglect, which is released via Mute, is described as an experimental and genre-shifting album forged from Frost’s admiration for heavy metal. The results meld elements of the genre with the composer’s dramatic, […]
A recent spate of phishing scams — promoted through counterfeit websites — has prompted warnings from police and local businesses in the United Arab Emirates (UAE). The alerts flag fake websites posing as Dubai’s Road and Transport Authority (RTA), which runs the metro and bus network in the city, as well as tourist sites such […]
Team Liquid’s wiki leak exposes 118K users Pierluigi Paganini January 12, 2024 Liquipedia, an online e-sports platform run by Team Liquid, exposed a database revealing its users’ email addresses and other details. Users of the e-sports knowledge base were exposed via a publicly accessible and passwordless MongoDB database, the Cybernews research team has discovered. The […]
The Kansas state court system is close to a full recovery from an October ransomware attack that forced officials to use paper records for weeks, state Supreme Court Chief Justice Marla Luckert said Wednesday. During a State of the Judiciary speech in front of the Kansas legislature, Luckert spoke at length about the incident, telling […]
Jan 12, 2024NewsroomCyber Attack / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The issue, tracked as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an […]