Cybersecurity

cross-posted from: https://lemmy.zip/post/15519717

An earlier iteration of the site was taken down last year; now its reincarnation is gone.

Researchers have uncovered a critical vulnerability in VMware's Bluetooth device, allowing code execution by malicious actors.

A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases.

​Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.

Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “LockBitSupp” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev. This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years.

A Korean cybersecurity expert has been sentenced to prison for illegally accessing and distributing private videos from vulnerable "wallpad" cameras in 400,000 private households.

A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks.

Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks.

Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign.

Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities.