Security Affairs newsletter Round 403 by Pierluigi Paganini

GlobalDefenseBot 22 January

2 minutes

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. The Irish DPC fined WhatsApp €5.5M for violating GDPR Around 19,500 end-of-life Cisco routers are exposed […]

The post Security Affairs newsletter Round 403 by Pierluigi Paganini appeared first on Security Affairs.

Backdoor into FortiOS: Chinese Threat Actors Utilize 0-Day

CySecBot 21 January

1 minute

By Deeba Ahmed
Chinese hackers are exploiting a previously patched vulnerability found in Fortinet FortiOS SSL-VPN by using new malware called BOLDMOVE.
This is a post from HackRead.com Read the original post: Backdoor into FortiOS: Chinese Threat Acto…

Hackers Utilizing Microsoft OneNote Attachments In Latest Trend

CySecBot 21 January

1 minute

It seems the latest innovation of threat actors is to utilize attachments on Microsoft OneNote. These attachments are used in the standard phishing email, allowing malicious actors to inject systems with remote access malware. From there, it’s a simple…

Beware of the New ‘Blank Image’ Attack that Hides Malicious Scripts in Image Files

CySecBot 21 January

1 minute

Avanan researchers have seen a new attack dubbed “Blank Image” spreading throughout the globe wherein hackers include blank images in HTML attachments. When opening the attachment, the user is automatically redirected to a malicious URL. Th…

Database Malware Strikes Hundreds of Vulnerable WordPress Sites

CySecBot 21 January

1 minute

By Deeba Ahmed
The database injection against WordPress websites features two different malware embedded together to achieve two entirely different goals.
This is a post from HackRead.com Read the original post: Database Malware Strikes Hundreds of Vul…

ChatGPT’s Dark Side: An Endless Supply of Polymorphic Malware

CySecBot 20 January

4 minutes

CyberArk researchers are warning that OpenAI’s popular new AI tool ChatGPT can be used to create polymorphic malware. “[ChatGPT]’s impressive features offer fast and intuitive code examples, which are incredibly beneficial for anyone in the software business,” CyberArk researchers Eran Shimony and Omer Tsarfati wrote this week in a blog post that was itself apparently […]

The post ChatGPT’s Dark Side: An Endless Supply of Polymorphic Malware appeared first on eSecurityPlanet.

LATEST CYBERTHREATS AND ADVISORIES – JANUARY 20, 2023

CySecBot 20 January

4 minutes

TikTok is fined for a privacy violation, major corporations suffer breaches and Vice Society attacks another school. Here are the latest threats and advisories for the week of January 20, 2023. Threat Advisories and Alerts U.K. School Survey Reveals Surprising Findings A new survey by London Grid for Learning (LGfL) and the National Cyber Security Centre (NCSC) revealed that the uptick in cyberattacks on the U.K. school system may not be as bad as first thought. The survey, of more than 800 schools, revealed that 78% of them had suffered at least one cybersecurity incident. Other interesting findings showed that…

Subparse : Modular Malware Analysis Artifact Collection And Correlation Framework

CySecBot 20 January

6 minutes

Subparse, is a modular framework developed by Josh Strochein, Aaron Baker, and Odin Bernstein. The framework is designed to parse and index malware files and present the information found during the parsing in a searchable web-viewer. The framework is modular, making use of a core parsing engine, parsing modules, and a variety of enrichers that […]

OpenAI’s ChatGPT Can Create Polymorphic Malware

CySecBot 20 January

1 minute

By Waqas
The researchers managed to create the Polymorphic malware by bypassing the content filters in ChatGPT by using an authoritative tone.
This is a post from HackRead.com Read the original post: OpenAI’s ChatGPT Can Create Polymorphic Malware

breaking news

Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October

GlobalDefenseBot 20 January

3 minutes

An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN as a zero-day. According to the security firm, the vulnerability was exploited in attacks against a series of targets, including a […]

The post Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October appeared first on Security Affairs.