Category: Shorts

From where to where? — The evolution of network security Ingress traffic handling is less trendy these days because it was supposed to be dealt with in the 90s. So CIOs started to supercharge their network fences with every appliance they could get to protect against inbound, or Ingress traffic. The risk was real, and…

Golang-based Skuld Malware Steals Discord and Browser Data from Windows A new Golang-based information stealer called Skuld has been found infecting Windows systems across Europe, Southeast Asia and the U.S. Trellix researcher Ernesto Fernández Provecho warns that this new malware strain tries to steal sensitive information from its victims. To do so, it searches for…

ChatGPT Is Exactly What Humans Need—and Unoriginal Dr. Barlow and Wollstonecraft present a case study to a class of 60 students at the Harvard Graduate School of Education. In the case study, they pretend to be teachers or administrators at a school and design a course of action to prevent bullying. The students find that…

Preliminary antitrust ruling suggests breaking up Google’s ad business by EU The European Commission accuses Google of illegally favoring its advertising services over those of its competitors, according to a statement released today by the agency’s executive vice-president in charge of competition policy Margrethe Vestager. It’s a pretty serious charge against what remains a core…

PoC Exploits Found in Fake Researcher Profiles on GitHub At least half a dozen fake GitHub accounts from a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service. The repositories, which are still available as of writing, claim to be proof-of-concept (PoC) exploit for purported zero-day flaws in Discord, Google…

Critical SQL injection vulnerabilities discovered in MOVEit Transfer – patch now! The company behind the MOVEit Transfer file transfer application patches patches to address SQL injection vulnerabilities. Multiple SQL Injection vulnerabilities have been identified in the MOveit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVeeit Transfer database,…

SPECTRALVIPER Backdoor Found Targeting Vietnamese Public Companies Vietnamese public companies have been targeted by an actor named REF2754 who has deployed a backdoor called SPECTRALVIPER. This new piece of malware brings a bunch of new capabilities to the table that include file-passing, file-injection, and token impersonation. It’s also really sneaky–like a Trojan horse for cyberespionage.…

Apple’s Safari Private Browsing Automatically Removes Tracking Parameters in URLs Safari has been a somewhat unheralded pioneer of private browsing, and so many privacy and security features, and this year it’s just a tour de force. Apple is introducing major updates to Safari Private Browsing, including support for tabs that remain open even when the…

Critical vulnerability discovered in WooCommerce Stripe Gateway plugin WooCommerce Stripe Gateway exposes security flaw in pluginA security flaw has been uncovered in the WooCommerce Strip Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. According to security researcher Rafie Muhammad, the plugin suffers from what’s called an unauthenticated insecure direct object…