Years into these games’ histories, attackers are still creating “Fortnite” and “Roblox”-related scams
The latest activity from Lazarus Groups, .gov domains scamming people out of "V-Bucks" and more in this week's edition.
Lazarus Group's infrastructure reuse leads to discovery of new malware
Lazarus Group appears to be changing its tactics, increasingly relying on open-source tools and frameworks in the initial access phase of their attacks, as opposed to strictly employing them in the post-compromise phase.
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.
Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
The driver is vulnerable to memory corruption if an adversary sends a specially crafted shader packer, which can lead to a memory corruption problem in the driver.
Generating FLIRT signatures for Nim and other non-C programming languages
Cisco Talos is excited to announce a new project to find an automated way to generate custom FLIRT signatures for IDA.
Recapping the top stories from Black Hat and DEF CON
Unsurprisingly, it seems like AI was the talk of the town.
The rise of AI-powered criminals: Identifying threats and opportunities
A major area of impact of AI tools in cybercrime is the reduced need for human involvement in certain aspects of cybercriminal organizations.
Reflecting on supply chain attacks halfway through 2023
With BlackHat and “Hacker Summer Camp” going on over the next few weeks, this seems like the right time to step back and reflect on what’s happened so far this year.
Out-of-bounds write vulnerabilities in popular chemistry software; Foxit PDF Reader issues could lead to remote code execution
Seven of the vulnerabilities included in today’s Vulnerability Roundup have a CVSS severity score of 9.8 out of a possible 10.