After a bit too much eggnog, Elliot Williams and Al Williams got together to see what Hackaday had been up to over the holiday. Turns out, quite a bit. There was a lot to cover, but the big surprise was the “What’s that Sound” competition. Do you know who had the correct answer from the…

Claroty’s TEAM82 has a report on a new malware strain, what they’re calling IOCONTROL. It’s a Linux malware strain aimed squarely at embedded devices. One of the first targets of this malware, surprisingly, is the Iraeli made Orpak gas station pumps. There’s a bit of history here, as IOCONTROL is believed to be used by…

The background and the IOCs for this blog were gathered by an Expert helper on our forums and Malwarebytes researchers. Our thanks go out to them. A new, malicious campaign is making the rounds online and it starts simple: Unwitting targets receive a direct message (DM) on a Discord server asking about their interest in…

Post Content ​DataBreachToday.com RSS Syndication ​Read More

ITerm2 kan door kritieke kwetsbaarheid gevoelige gegevens lekken Een kritieke kwetsbaarheid in macOS terminal emulator iTerm2 zorgt ervoor dat gevoelige gegevens kunnen lekken, zo heeft ontwikkelaar George Nachman bekendgemaakt. Er is een nieuwe versie beschikbaar … Read more Published Date: Jan 03, 2025 (2 hours, 36 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-22275 Go…

Flying a first-person view (FPV) remote controlled aircraft with goggles is an immersive experience that makes you feel as if you’re really sitting in the cockpit of the plane or quadcopter. Unfortunately, while your wearing the goggles, you’re also completely blind to the world around you. That’s why you’re supposed to have a spotter nearby…

PDF.js Arbitrary JavaScript Code Execution (CVE-2024-4367) Hello everyone, Today we’re going to look at CVE-2024–4367, a serious vulnerability in PDF.js that allows attackers to run arbitrary JavaScript code. Let’s take a closer look at vulnerabilities unders … Read more Published Date: Jan 03, 2025 (2 hours, 27 minutes ago) Vulnerabilities has been mentioned in this article. Go…

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers Windows Server / Threat Mitigation A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger … Read more Published Date: Jan 03, 2025 (2 hours, 45 minutes ago) Vulnerabilities has been mentioned in this article.…

CVE ID : CVE-2024-9140 Published : Jan. 3, 2025, 9:15 a.m. | 1 hour, 1 minute ago Description : Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant…

So many times, we look beyond the mark. With our feeds constantly inundated with headline-grabbing news about AI-generated threats, nation states upping their cybercrime game, and sophisticated new forms of malware, we can be tempted to think that the bulk of cyberwarfare is going on “up there” somewhere. In reality, most breaches still originate from…