All posts tagged hack

■■■■■ Zero-Day: CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free issues impacting the Extensible Stylesheet Language Transformations (XSLT) parameter processing and the WebGPU inter-process communication (IPC) Framework. XSLT is an XML-based language used for the conversion of XML documents into web pages or PDF documents, whereas WebGPU is an emerging web standard…

■□□□□ The BBC (British Broadcasting Corporation) were the target of nearly 50 million malicious email attacks between 1st October 2021 and the end of January 2022. This is according to official figures obtained via a Freedom of Information act (FOI) request, and analysed by a Parliament Street think tank. This means the BBC is facing…

■■■■■ Zero-Day: Mozilla Firefox 97.0.2 fixes two actively exploited zero-day bugs. https://www.bleepingcomputer.com/news/security/mozilla-firefox-9702-fixes-two-actively-exploited-zero-day-bugs/ https://t.me/cKure/10865

Malware now using stolen NVIDIA code signing certificates. According to samples uploaded to the VirusTotal malware scanning service, the stolen certificates were used to sign various malware and hacking tools, such as Cobalt Strike beacons, Mimikatz, backdoors, and remote access trojans. https://www.bleepingcomputer.com/news/security/malware-now-using-stolen-nvidia-code-signing-certificates/ https://t.me/cKure/10863

■■■□□ Cyber-War updates. Russia vs Ukraine Malware based attacks are targeting charities and non-governmental organizations (NGOs) providing support in Ukraine https://t.me/cKure/10862

■■■□□ Data-Leak: Adafruit has disclosed a data leak that occurred due to a publicly-viewable GitHub repository. The company suspects this could have allowed “unauthorized access” to information about certain users on or before 2019. https://www.bleepingcomputer.com/news/security/adafruit-discloses-data-leak-from-ex-employees-github-repo/ https://t.me/cKure/10861

■■□□□ Ukraine – Russia Cyber-War updates! https://cybershafarat.com/2022/03/05/ukraine-it-army-attack-metrics/ https://t.me/cKure/10860

■■□□□ Data-Leak: The Lapsus$ ransomware group claimed to have hacked Samsung Electronics and leaked alleged stolen confidential data. https://t.me/cKure/10859

Leaked stolen Nvidia cert can sign Windows malware. An Nvidia code-signing certificate was among the mountain of files stolen and leaked online by criminals who ransacked the GPU giant’s internal systems. https://go.theregister.com/feed/www.theregister.com/2022/03/05/nvidia_stolen_certificate/ https://t.me/cKure/10857

■■□□□ New Linux Kernel Cgroups Vulnerability Could Let Attackers Escape Container. Zero-Day. https://thehackernews.com/2022/03/new-linux-kernel-cgroups-vulnerability.html https://t.me/cKure/10856