Information Security News Blog
MAPS Cloud Scanner A research tool for interacting with Windows Defender’s MAPS (Microsoft Active Protection Service) cloud-based file reputation and dynamic signature delivery system. MAPS is the cloud backend that powers Defender’s real-time protection verdicts, sample...
Checkmarx is grappling with a distressing sequel to its March security breach, as data exfiltrated from a private GitHub repository has surfaced in the possession of the LAPSUS$ collective. The organization posits that the...
Corporate correspondence has once again emerged as a convenient portal for adversaries. In this nascent campaign, the assailants eschew direct “forced entry,” choosing instead to orchestrate a familiar professional complication for employees and promptly...
The GlassWorm campaign has resurfaced within the developer community, though the adversaries have adopted a more surreptitious operational profile. Rather than disseminating overtly malicious extensions via OpenVSX, they initially publish innocuous facsimiles of popular...
The ubiquitous Python library elementary-data has emerged as a conduit for the exfiltration of sensitive developer telemetry. The compromised iteration infiltrated not only the PyPI repository but also the project’s official Docker images, causing...
A clandestine Android dropper, masquerading as a mundane PDF reader, has once again infiltrated the Google Play Store. While the application appeared to function as advertised—seamlessly opening documents without initially arousing suspicion—it harbored the...
The cryptocurrency landscape has received yet another ominous signal as adversaries successfully breached yet another DeFi platform, leaving users to await an investigation only after the capital had already been exfiltrated from the protocol....
aerleon Generate firewall configs for multiple firewall platforms from a single platform-agnostic configuration language through a command line tool and Python API. Aerleon is a fork of Capirca with the following major additions: YAML policy and...
Researchers have unearthed a pervasive offensive targeting industrial controllers that had been inadvertently exposed to the public internet. Beneath the façade of routine Modbus/TCP inquiries lay not merely indiscriminate scanning, but calculated attempts to...
Microsoft has resolved to render Windows updates significantly less intrusive, empowering users to defer installations with greater frequency, deactivate their systems without unbidden alterations, and discern with clarity which specific components the system intends...
Kerlab A Rust implementation of Kerberos for FUn and Detection Kerlab was developed just to drill down kerberos protocol and better understand it. The main purpose is to write more targeted detection rules. kerasktgt Kerberos Ask...
The United States Cybersecurity and Infrastructure Security Agency (CISA) has once again augmented its repository of vulnerabilities identified in active, real-world incursions. The latest revision incorporates four distinct flaws within products from Samsung, SimpleHelp,...