ExpressVPN disabled split tunneling on Windows clients to fix a bug introduced in May 2022 which caused DNS requests to bypass its servers. This bug exposed domain visits to ISPs when using split tunneling with app-specific VPN routing. Though traffic stayed encrypted, the DNS leak defeated privacy protections.
U.S. Internetโs 'Securence' email-providing division had a publicly exposed webpage that listed every email of its 6,500 clients. The CEO of the company stated that the exposure was caused by a mistake in an Ansible playbook controlling the nginx config. U.S. Internet has not commented on how long this misconfiguration was in place or why appropriate controls were not in place to detect or prevent the misconfiguration.
Proofpoint researchers have identified an ongoing malicious campaign targeting Microsoft Azure environments that has compromised hundreds of user accounts, including accounts from senior executives, through credential phishing and account takeover techniques. The attackers' operational infrastructure includes proxies and data hosting services. The threat is not currently attributed to any known threat actor.
CharmingCypress is an Iranian-backed threat actor that engages in spear-phishing campaigns to gather information on political opponents. It engages in unique campaigns that involve long email exchanges before sending malicious links, and in some cases, even creating a malicious VPN and fake webinar application. IOCs are included in the article.
This post provides an in-depth analysis of the ISFB first loader malware variant. It details the process of analyzing the malware, from using tools like "pestudio" to identifying potential packing to examining memory allocations and process injections. The post offers insights into the complexity and evasion techniques utilized by the ISFB variant through a detailed exploration of the malware's code and behavior.
LLMs can autonomously hack websites when paired with tools enabling system interaction. Despite safety efforts, LLMs weaponized without human guidance can compromise vulnerable websites through automated browsing and planning. Weaponized LLMs can break into buggy web apps without knowledge of vulnerabilities, showing that they can hack without oversight.
The HTTP Garden is a set of HTTP servers and proxies configured to be composable. It has scripts for interacting with them in a way that makes finding vulnerabilities easier.
Wyze suffered another security lapse that allowed some users to briefly view feeds from strangers' cameras in their app's Events tab. At least 12 such cases were reported. The flaw follows a previous incident that enabled unauthorized live access to Wyze devices.
A (very) deep dive into one Infrastructure Engineerโs decision-making process at a startup. The post is divided by topic and includes an endorse or reject verdict for each decision with accompanying reasoning. The topics include choice of cloud platform, security products to adopt, and SaaS applications.
Vyacheslav Penchukov, a leader of the Zeus/IcedID malware groups, has pleaded guilty to cybercrime charges. He was first arrested in 2022 after his involvement in a major theft using Zeus and now faces 40 years in prison. His prosecution is a win against infamous malware operations.
Some highlights of the report include the finding that 54% of major code changes get a full security review and that 34% of organizations review over 75% of code changes.
The US government disrupted a botnet used by Russia's GRU military intelligence unit for phishing, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets.
A letter from the EFF to the UN outlining issues with the draft UN Cybercrime Treaty that could lead to prosecution of good faith security researchers.
Curated news ๐ฐ, research ๐งโ๐ฌ, and tools ๐ for information security professionals