New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force
Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices. The approach, dubbed BrutePrint, bypasses limits put in place to counter failed biometric authentication attempts by weaponizing two zero-day vulnerabilities in the smartphone fingerprint authentication (SFA
Data Breach at MCNA Dental Insurer Impacts 9 Million Users
By Habiba Rashid The hackers managed to steal highly sensitive data in the data breach, including Social Security numbers, names, addresses, phone numbers, email addresses, and more. This is a post from HackRead.com Read the original post: Data Breach at MCNA Dental Insurer Impacts 9 Million Users
Jimbos Protocol Hack: $7.5 Million Lost in Latest DeFi Attack
By Habiba Rashid The attack on Jimbos Protocol exploited a critical vulnerability related to the lack of slippage control on liquidity conversions. This is a post from HackRead.com Read the original post: Jimbos Protocol Hack: $7.5 Million Lost in Latest DeFi Attack
AceCryptor: Cybercriminals’ Powerful Weapon, Detected in 240K+ Attacks
A crypter (alternatively spelled cryptor) malware dubbed AceCryptor has been used to pack numerous strains of malware since 2016. Slovak cybersecurity firm ESET said it identified over 240,000 detections of the crypter in its telemetry in 2021 and 2022. This amounts to more than 10,000 hits per month. Some of the prominent malware families contained within AceCryptor are SmokeLoader, […]
3 Challenges in Building a Continuous Threat Exposure Management (CTEM) Program and How to Beat Them
If you’re a cybersecurity professional, you’re likely familiar with the sea of acronyms our industry is obsessed with. From CNAPP, to CWPP, to CIEM and all of the myriad others, there seems to be a new initialism born each day. In this article, we’ll look at another trending acronym – CTEM, which stands for Continuous […]
New GobRAT Remote Access Trojan Targeting Linux Routers in Japan
Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT. “Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT,” the JPCERT Coordination Center (JPCERT/CC) said in a report published today. The compromise of an internet-exposed router […]
Don’t Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims
A new phishing technique called “file archiver in the browser” can be leveraged to “emulate” a file archiver software in a web browser when a victim visits a .ZIP domain. “With this phishing attack, you simulate a file archiver software (e.g., WinRAR) in the browser and use a .zip domain to make it appear more […]
PyPI Implements Mandatory Two-Factor Authentication for Project Owners
The Python Package Index (PyPI) announced last week that every account that maintains a project on the official third-party software repository will be required to turn on two-factor authentication (2FA) by the end of the year. “Between now and the end of the year, PyPI will begin gating access to certain site functionality based on […]
Stealing From Wallets to Browsers: Bandit Stealer Hits Windows Devices
By Deeba Ahmed Watch out for the Bandit Stealer malware that is being distributed through phishing emails. This is a post from HackRead.com Read the original post: Stealing From Wallets to Browsers: Bandit Stealer Hits Windows Devices
Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking
A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs said the issue rendered services using the framework susceptible to credential leakage, which could