News

Adafruit data leak

Adafruit data leak from ex-employee’s GitHub rep

Adafruit has disclosed a data leak that occurred due to a publicly-viewable GitHub repository. The company suspects this could have allowed “unauthorized access” to information about certain users on or before 2019. Based in New York City, Adafruit is a producer of open-source hardware components since 2005. The company designs, manufactures, and sells electronics products, tools, and accessories. …

Adafruit data leak from ex-employee’s GitHub rep Read More »

Anonymous Declares Cyber War against Russia

Anonymous Declares Cyber War against Russia, disables state news websitE

The popular collective Anonymous declared war on Russia for the illegitimate invasion of Ukraine and announced a series of cyber attacks calling to action its members The Anonymous collective is calling to action against Russia following the illegitimate invasion of Ukraine. The famous groups of hacktivists are also calling for action Russian citizens inviting them …

Anonymous Declares Cyber War against Russia, disables state news websitE Read More »

Most Spoofed Brands In 2021

Most Spoofed Brands In 2021: Microsoft, Apple and Google top the list 

Most Spoofed Brands In 2021 IBM’s 2022 X-Force Threat Intelligence Index also revealed that ransomware was again the top attack type last year and that manufacturing supply chains were most vulnerable to exploitation Microsoft, Apple and Google were the top three brands criminals attempted to mimic in 2021, according to IBM’s newly released X-Force Threat Intelligence …

Most Spoofed Brands In 2021: Microsoft, Apple and Google top the list  Read More »

Remote Code Execution in pfSense

Remote Code Execution in pfSense <= 2.5.2

Remote Code Execution (RCE) in pfSense Summary pfSense allows authenticated users to get information about the routes set in the firewall. The information are retrieved by executing the netstat utility and then its output is parsed via the sed utility. While the common prevention patterns for command injections (i.e. the usage of the escapeshellarg function for the arguments) are in use, …

Remote Code Execution in pfSense <= 2.5.2 Read More »

datasecurity-event.com

Snap Privilege Escalation: Vulnerability in Linux Package Manager Snap

A newly discovered Snap flaw allows a low-privileged user to gain root access. Researchers found an easy-to-exploit vulnerability in Snap, a universal application packaging and distribution system developed for Ubuntu but available on multiple Linux distributions. The flaw allows a low-privileged user to execute malicious code as root, the highest administrative account on Linux. Snap …

Snap Privilege Escalation: Vulnerability in Linux Package Manager Snap Read More »

Android malware dubbed Xenomorph

New Android malware dubbed Xenomorph targets customers of 56 banks

A New Android malware dubbed Xenomorph, served through Google Play Store has infected more than 50,000 Android devices to steal banking information. Still in early development stage, Xenomorph is targeting users of dozens of financial institutions in Spain, Portugal, Italy, and Belgium. Researchers at fraud and cybercrime prevention company ThreatFabric analyzing Xenomorph found code that is similar …

New Android malware dubbed Xenomorph targets customers of 56 banks Read More »

Datasecurity event

Rapid7 Close public access to their Open Data Internet Research Tool

In the spring of 2018, we launched the Open Data initiative to provide security teams and researchers with access to research data generated from Project Sonar and Project Heisenberg. Our goal for those projects is to understand how the attack surface is evolving, what exposures are most common or impactful, and how attackers are taking advantage of these opportunities. Ultimately, …

Rapid7 Close public access to their Open Data Internet Research Tool Read More »

national maths and science data breach

National Math and Science Databreach, more than 190,000 notified of data security incident

According to their notification letter, on or about October 13, 2021, their AV software triggered an alert. Through the resulting investigation,  NMSI determined that between September 23, 2021 and October 18, 2021, an unauthorized actor “may have had access to certain systems.” The National Math and Science Initiative (NMSI) in Texas describes itself as a non-profit organization …

National Math and Science Databreach, more than 190,000 notified of data security incident Read More »