Ex Ubiquiti Developer Arrested for Data Theft

Ex Ubiquiti Developer Arrested for Data Theft A man from Oregon has been charged with stealing confidential data from his employer and secretly extorting the company for a $2m ransom while purporting…

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

Trend Micro – Trend Micro – Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify We looked into exploitation attempts we observed in the wild and the abuse of…

Former Ubiquiti Employee Charged with Data Theft

Ubiquiti Inc. is a technology company based in San Jose, California created in 2003. Having its headquarters in New York City, Ubiquiti produces and distributes wireless data transmission and wired…

Attackers exploiting Windows Installer vulnerability despite patching

According to Cisco Talos, abusing the flaw would allow an attacker with limited access to get higher privileges and become an administrator. A Windows Installer security vulnerability, tracked as CVE-2021-41379,…

Hackers are targeting this Microsoft Windows Installer flaw, say security researchers

Hackers have already created malware in a bid to exploit an elevation of privilege vulnerability in Microsoft’s Windows Installer. Microsoft released a patch for CVE-2021-41379, an elevation of privilege flaw…

Apple’s NSO Group Lawsuit Amps Up Pressure on Pegasus Spyware-Maker

Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company’s woes.…

Attackers Actively Target Windows Installer Zero-Day

Researcher discovered a “more powerful” variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month. Attackers are actively exploiting a Windows Installer zero-day vulnerability that…

Top tools for mobile iOS assessments

Infosec Institute –  Infosec Institute –  The mobile landscape has become one of the main challenges for IT security teams from a security viewpoint in the last few years. With…

Red Team: C2 frameworks for pentesting

Infosec Institute –  Infosec Institute –  C2 frameworks — the abbreviation to the Command and Control (C&C) infrastructure — are how red teamers and pentesters can control compromised machines during…

This new attack bypasses Rowhammer defenses in most DRAM, say researchers

Researchers have revealed a new type of Rowhammer attack on DRAM devices that can reliably bypass mitigations implemented by vendors after the first such attacks emerged in 2014.  ZDNet Recommends…