Summary

Top Articles:

  • Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms
  • Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days
  • Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens
  • China-linked APT Flew Under Radar for Decade
  • PyPI Shuts Down Over the Weekend, Says Incident Was Overblown
  • Popular NFT Marketplace Phished for $540M
  • CrowdStrike 'Updates' Deliver Malware & More as Attacks Snowball
  • Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft
  • Zero-Click RCE Bug in macOS Calendar Exposes iCloud Data
  • Session Takeover Bug in AWS Apache Airflow Reveals Larger Cloud Risk

Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft

Published: 2024-06-18 20:23:24

Popularity: 32

Author: Nate Nelson, Contributing Writer

🤖: ""VMware hacked""

A trio of bugs could allow hackers to escalate privileges and remotely execute code on virtual machines deployed across cloud environments.

...more

Session Takeover Bug in AWS Apache Airflow Reveals Larger Cloud Risk

Published: 2024-03-21 17:13:23

Popularity: 13

Author: Nate Nelson, Contributing Writer

A bug exposed users of an AWS workflow management service to cookie tossing, but behind the scenes lies an even deeper issue that runs across all of the top cloud services.

...more

Newly ID'ed Chinese APT Hides Backdoor in Software Updates

Published: 2024-01-26 21:00:00

Popularity: 9

Author: Nate Nelson, Contributing Writer

The threat actor went more than half a decade before being discovered — thanks to a remarkable backdoor delivered in invisible adversary-in-the-middle attacks.

...more

PyPI Shuts Down Over the Weekend, Says Incident Was Overblown

Published: 2023-05-22 20:52:00

Popularity: 45

Author: Nate Nelson, Contributing Writer, Dark Reading

The climate of concern around open source security and supply chain attacks may have caused a small story to become a big one.

...more

Popular NFT Marketplace Phished for $540M

Published: 2022-07-11 20:06:10

Popularity: 43

Author: Nate Nelson

Keywords:

  • Cryptography
  • Hacks
  • In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.

    ...more

    China-linked APT Flew Under Radar for Decade

    Published: 2022-06-17 13:34:04

    Popularity: 57

    Author: Nate Nelson

    Keywords:

  • Government
  • Malware
  • Vulnerabilities
  • Evidence suggests that a just-discovered APT has been active since 2013.

    ...more

    Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days

    Published: 2024-05-17 12:00:00

    Popularity: 63

    Author: Nate Nelson, Contributing Writer

    A number of serious Windows bugs still haven't made their way into criminal circles, but that won't remain the case forever — and time is running short before ZDI releases exploit details.

    ...more

    Is CISA's Secure by Design Pledge Toothless?

    Published: 2024-05-10 18:21:29

    Popularity: 9

    Author: Nate Nelson, Contributing Writer

    CISA's agreement is voluntary and, frankly, basic. Signatories say that's a good thing.

    ...more

    Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms

    Published: 2024-05-20 19:31:25

    Popularity: 95

    Author: Nate Nelson, Contributing Writer

    An on-by-default endpoint in ubiquitous logging service Fluent Bit contains an oversight that hackers can toy with to rattle most any cloud environment.

    ...more

    CrowdStrike 'Updates' Deliver Malware & More as Attacks Snowball

    Published: 2024-07-25 20:51:01

    Popularity: 43

    Author: Nate Nelson, Contributing Writer

    🤖: "Malware Alert"

    The fake updates are part of a phishing and fraud surge that is both more voluminous and more targeted that the usual activity around national news stories.

    ...more

    Critical, Actively Exploited Jenkins RCE Bug Suffers Patch Lag

    Published: 2024-08-22 19:42:04

    Popularity: None

    Author: Nate Nelson, Contributing Writer

    🤖: ""Exploit alert""

    A 7-month-old bug in an OSS CI/CD server is still being actively exploited, thanks to spotty patching, CISA warns.

    ...more

    Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens

    Published: 2024-09-11 13:00:44

    Popularity: 62

    Author: Nate Nelson, Contributing Writer

    🤖: ""Eavesdropping in silence""

    In the "PixHell" attack, sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps.

    ...more

    Zero-Click RCE Bug in macOS Calendar Exposes iCloud Data

    Published: 2024-09-17 21:26:38

    Popularity: 14

    Author: Nate Nelson, Contributing Writer

    🤖: ""calendar crash""

    A researcher bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud photos.

    ...more

    end