Malicious – Page 4 – OWASP Jakarta

New Case Study: The Malicious Comment

New Case Study: The Malicious Comment How safe is your comments section? Discover how a seemingly innocent ‘thank you’ comment on a product page concealed a malicious vulnerability, underscoring the necessity of robust security measures. Read the full real-life case study here. When is a ‘Thank you’ not a ‘Thank you’? When it’s Read more…

By adminowasp, 1 year ago

News

Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years

Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious “imageless” containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. “Over four million of the repositories in Read more…

By adminowasp, 1 year ago

News

Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023

Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. Read more…

By adminowasp, 1 year ago

News

Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor

Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. “The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads Read more…

By adminowasp, 1 year ago

News

Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution

Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked Read more…

By adminowasp, 1 year ago

News

Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals

Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store. The findings come from HUMAN’s Satori Threat Intelligence team, which said Read more…

By adminowasp, 1 year ago

News

Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware

Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims’ Macs, but Read more…

By adminowasp, 1 year ago

News

PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers

PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. It said “new project creation and new user registration” was temporarily halted to mitigate Read more…

By adminowasp, 1 year ago

News

Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions

Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users’ systems and carry out malicious actions. “This flaw could have allowed an attacker to exploit a private API, Read more…

By adminowasp, 1 year ago

News

Malicious NuGet Package Linked to Industrial Espionage Targets Developers

Malicious NuGet Package Linked to Industrial Espionage Targets Developers Threat hunters have identified a suspicious package in the NuGet package manager that’s likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which ReversingLabs said was Read more…

By adminowasp, 1 year ago