A large-scale malware campaign called Sign1 has infected over 39,000 WordPress sites in the last six months. The attackers injected malicious JavaScript that redirected visitors to harmful websites. The malware uses dynamic URLs and only runs if visitors do not come from popular websites to avoid detection.
A new DoS attack relies on a vulnerability in the UDP protocol that allows for IP spoofing. If an attacker launches an attack against a vulnerable server with the spoofed IP of another vulnerable server, the servers will continuously respond with errors to each other until all resources are exhausted. It is estimated that 300,000 servers are vulnerable to this attack.
In light of a Reddit user reporting that installing a KDE Plasma theme wiped all of their files, KDE has issued a warning to vet themes before installing them. This is because themes can be uploaded by anyone and by the nature of how they change the behavior of KDE, they must execute arbitrary code. KDE has promised to make its security warnings more clear and, resources permitting, begin to vet themes.
This article covers the technical details on how Passkeys work under the hood and how to use this technology for your organization as a replacement for passwords. Passkeys offer advantages like synchronization to multiple devices. Their implementation and security measures vary among services. The shift in threat models from hardware security keys to passkeys requires careful consideration based on user requirements.
Version 1.0 of OPA includes a few breaking changes. The OPA team has provided flags for opa check and opa fmt to check and update policies for compliance.
This blog post discusses Remote Code Execution (RCE) in the context of cloud environments, specifically focusing on AWS. It explains the steps attackers can use to exploit RCE vulnerabilities in the cloud with blurbs about how Uptycs can help, but the advice and insights should be common enough to be applicable to other tools too.
The Doyensec team developed PoIEx to aid in its code audit efforts. Points of Intersection are areas in application code that interact with IaC infrastructure. PoIEx creates a graph of IaC infrastructure and allows for jumping to application code that references it using semgrep rules.
Google has released three new Golang libraries built to be secure by default. SafeText is used for processing YAML templates and templating shell commands. SafeOpen is designed to protect against path traversal attacks when opening files. SafeArchive is meant to protect against attacks related to dealing with archive files.
weAudit is a VS Code extension that aids teams of code reviewers. It allows reviewers to add bookmarks with findings or notes to code as well as mark files as reviewed. weAudit tracks bookmarks and notes in shareable files to enable collaboration and allow for the creation of GitHub issues.
Russian hackers linked to Russia's Foreign Intelligence Service (SVR) have been using the WINELOADER malware to target German political parties through phishing emails with logos from the Christian Democratic Union (CDU).
Microsoft is set to shut down access to over fifty cloud services for Russian organizations by the end of March in compliance with EU sanctions. The decision was influenced by EU Council Regulation 2023/2873, which prohibits supplying certain software, including cloud solutions, to entities in Russia.
The UK's National Cyber Security Centre has released a set of guidelines for public and private sector leaders to navigate cyber security incidents effectively.
A group of security researchers discovered a technique called Unsaflok that allows hackers to open Saflok-brand RFID-based keycard locks in hotel rooms worldwide.
German authorities have shut down the Nemesis Market, an online marketplace dealing in drugs, cybercrime services, and fraudulently obtained credit card data.
Curated news π°, research π§βπ¬, and tools π for information security professionals