Using a malicious Chrome extension, researchers showed how an attacker could inject custom code into a victim’s Opera browser to exploit special and powerful APIs, used by developers and typically saved for only the most trusted sites. Go to Source Author: Nate Nelson, Contributing Writer
Category Archives: Uncategorized
A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said. To demonstrate the issue, the company said […]
Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta’s advertising platform and hijacked Facebook accounts to distribute information known as SYS01stealer. “The hackers behind the campaign use trusted brands to expand their reach,” Bitdefender Labs said in a report shared with The Hacker News. “The malvertising campaign leverages nearly a hundred malicious Go […]
Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims’ crypto wallets. The package, named “CryptoAITools,” is said to have been distributed via both Python Package Index (PyPI) and bogus GitHub repositories. It was downloaded over […]
Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understand how to meet the requirements of each framework to keep your customer […]
Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before. Go to Source Author: Jai Vijayan, Contributing Writer
A professional-grade tool set, appropriately dubbed “CloudScout,” is infiltrating cloud apps like Microsoft Outlook and Google Drive, targeting sensitive info for exfiltration. Go to Source Author: Tara Seals, Managing Editor, News, Dark Reading
In the latest attack against ISPs, second-largest French provider Free fell victim to unknown cyberattackers who attempted to sell the compromised data it stole from the company on an underground cybercrime forum. Go to Source Author: Dark Reading Staff
A collaboration with the FBI and law-enforcement agencies in Europe, the UK, and Australia, Operation Magnus has seized servers and source code related to the two malware families, which have stolen data from millions of victims worldwide. Go to Source Author: Elizabeth Montalbano, Contributing Writer
Great CISOs are in short supply, so choose wisely. Here are five ways to make sure you’ve made the right pick. Go to Source Author: Martha Heller