REPORT BREACH
admin

admin

  • Joined: September 10, 2024
  • Articles: 1672

Title: Exploring a Data Exfiltration Attack: Insights from the Porsche Experience Date: July 28, 2023 Category: Cyber Attack / Vulnerability In line with Checkmarx’s mission to enhance secure software development, our Security Research team examined the security measures of prominent car manufacturers. Given Porsche’s comprehensive Vulnerability Reporting Policy, we chose to focus our research there. Our investigation uncovered a potential attack scenario stemming from the combination of security vulnerabilities identified across various Porsche assets, including a website and a GraphQL API, which could facilitate data exfiltration. Data exfiltration poses a significant threat to any business or organization, regardless of its size, as it can lead to severe consequences when malicious individuals gain unauthorized access to sensitive data. Porsche maintains a varied online presence, featuring numerous microsites, websites, and web applications, with The Porsche Experience being one such platform that caters to registered users.

Data Exfiltration Attack Scenario: The Porsche Experience July 28, 2023 In recent investigations aimed at assessing the security frameworks of major automotive manufacturers, the Security Research team at Checkmarx has focused its attention on Porsche. Recognized for its robust Vulnerability…

Malicious Python Package Steals AWS Credentials

Security Operations Developers’ Credentials Compromised Through Typosquatted ‘Fabric’ Library Prajeet Nair (@prajeetspeaks) • November 11, 2024 Image: Shutterstock A deceptive Python package, masquerading as a popular SSH automation library, has been active on the PyPi repository since 2021. This malicious…

STARK#MULE Cyber Campaign Targets Korean Speakers with U.S. Military-Themed Malware Documents

July 28, 2023
Cyber Attack / Malware

A persistent cyber attack campaign identified as STARK#MULE is aimed at Korean-speaking individuals, using U.S. Military-themed documents to lure victims into executing malware on compromised systems. Cybersecurity firm Securonix has been monitoring this activity, though the full extent of the attacks remains unclear and it is unknown if any of them have successfully compromised systems. Security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov noted in a report shared with The Hacker News that these attacks are reminiscent of previous ones linked to North Korean groups like APT37, which has historically targeted South Korea, particularly its government officials. APT37, also known by various aliases including Nickel Foxcroft, Reaper, Ricochet Chollima, and ScarCruft, is recognized as a North Korean state-sponsored actor focused on southern targets.

STARK#MULE Targets Koreans with U.S. Military-Themed Document Lures In a notable development in cyber threats, a new campaign has emerged targeting Korean-speaking individuals through the use of U.S. military-themed documents designed to deliver malware. Cybersecurity experts from Securonix have named…

Patchwork Hackers Target Chinese Universities and Research Institutions Using EyeShell Backdoor

Date: July 31, 2023
Category: Cyber Espionage / Malware

A recent campaign has revealed that the hacking group known as Patchwork is actively targeting universities and research organizations in China. According to the KnownSec 404 Team, these attacks leverage a backdoor named EyeShell. Also referred to as Operation Hangover or Zinc Emerson, Patchwork is believed to operate on behalf of India and has been active since at least December 2015. Their attacks primarily focus on Pakistan and China, employing custom malware such as BADNEWS, typically via spear-phishing and watering hole techniques. This group exhibits tactical similarities with other Indian-affiliated cyber-espionage collectives, like SideWinder and the DoNot Team. In a related development, Meta announced in May that it had suspended 50 accounts on Facebook and Instagram connected to Patchwork, which exploited rogue messaging apps.

Patchwork Hackers Target Chinese Research Institutions with EyeShell Backdoor On July 31, 2023, cybersecurity analysts from the KnownSec 404 Team reported that cyber espionage threats linked to a group known as Patchwork have been actively targeting universities and research organizations…

The Future’s AI-Powered Machine Gun Has Arrived

In response to the escalating threat posed by low-cost weaponized drones targeting American forces overseas, the U.S. military is intensifying its efforts to safeguard troops from aerial attacks. Amid this urgent situation—which includes the exploration of costly weaponry, advanced directed…