News Clipping

JavaScript Packages Caught Stealing Environment Variables [bleepingcomputer]

On August 1, npm Inc. — the company that runs the biggest JavaScript package repository — removed 38 JavaScript npm packages that were caught stealing environment variables from infected projects. According to a subsequent investigation by npm’s team, on July 19, a person named HackTask uploaded 38 JavaScript libraries on...

Read more


FIN7/Carbanak threat actor unleashes Bateleur JScript backdoor [proofpoint]

Proofpoint researchers have uncovered that the threat actor commonly referred to as FIN7 has added a new JScript backdoor called Bateleur and updated macros to its toolkit. We have observed these new tools being used to target U.S.-based chain restaurants, although FIN7 has previously targeted hospitality organizations, retailers, merchant services,...

Read more


SMBLoris – the new SMB flaw [sans]

While studying the infamous EternalBlue exploit about 2 months ago, researchers Sean Dillon (zerosum0x0) and Zach Harding (Aleph-Naught-) found a new flaw in the Server Message Block (SMB) protocol that could allow an adversary to interrupt the service by depleting the memory and CPU resources of the targeted machine on...

Read more


Page 104 of 122« First...102030...102103104105106...110120...Last »