Daily Cyber Brief

Ethernet flaw could have crippled Orion spacecraft, DPRK hackers target European organizations with updated malware, and a pre-auth exploit is found in Spotify's Backstage...

Cybersecurity

Time-Triggered Ethernet flaw could have crippled Orion spacecraft

A vulnerability in a networking technology widely used in space and aircraft could, if successfully exploited, have disastrous effects on these critical systems including thwarting NASA missions, according to researchers. In a study published today, researchers at the…

North Korean hackers target European orgs with updated malware

North Korean hackers are using a new version of the DTrack backdoor to attack organizations in Europe and Latin America. DTrack is a modular backdoor featuring a keylogger, a screenshot snapper, a browser history retriever, a running processes snooper, an IP address…

FBI Director warns of potential Chinese gov’t exploitation of TikTok

The director of the FBI warned Congress on Tuesday about the ways the Chinese government may weaponize the popularity of social media giant TikTok in its favor. FBI Director Christopher A. Wray appeared alongside Department of Homeland Security Secretary…

Misconfigurations, Vulnerabilities Found in 95% of Applications

Nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability, a new study shows. Weak SSL and TLS configuration, missing Content Security Policy (CSP)…

Google to roll out Privacy Sandbox on Android 13 starting early 2023

Google announced today that they will begin rolling out the Privacy Sandbox system on a limited number of Android 13 devices starting in early 2023. The Privacy Sandbox for Android is a set of technologies Google introduced in February this year, aiming to limit the…

Remote Code Execution Discovered in Spotify's Backstage

A vulnerability in Spotify’s open-source, Cloud Native Computing Foundation (CNCF)-incubated project Backstage has been discovered that could lead to threat actors performing remote code execution (RCE). The findings come from the Oxeye research team, who have…

Researchers release exploit details for Backstage pre-auth RCE bug

The malicious code was injected in a modified function of the rendering engine of the said plugin, run in the context of the virtual machine, and triggered by an error that invokes an undefined function. The payload creates a CallSite object outside the sandbox, allowing the…

Nasty SQL Injection Bug in Zendesk Endangers Sensitive Customer Data

Multiple security vulnerabilities in Zendesk's Web-based customer relationship management (CRM) platform could have allowed attackers to access sensitive information from potentially any customer account — a discovery that showcases application programming interface…

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources…

Swimlane Introduces Low-Code, Automation Approach to OT Security

Security teams are tasked with the challenge of processing large amounts of operational technology (OT) and IT security telemetry. To make this easier, Swimlane announced a low-code security automation platform to create a centralized system of record and control point…

Daily Cyber Brief

Ethernet flaw could have crippled Orion spacecraft, DPRK hackers target European organizations with updated malware, and a pre-auth exploit is found in Spotify's Backstage...

Cybersecurity

Join the conversation

Overt Operator