GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens

GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens,

Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data from several organizations.
« An attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM

,

Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data from several organizations.
« An attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM

, ,
https://thehackernews.com/2022/04/github-says-hackers-breach-dozens-of.html

JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots

JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots,

As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples.
« Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow full control of robot functions, or expose sensitive information, »

,

As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples.
« Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow full control of robot functions, or expose sensitive information, »

, ,
https://thehackernews.com/2022/04/new-jekyllbot5-flaws-let-attackers-take.html

Une faille dans la place de marché Rarible a permis de dérober facilement des NFT

Une faille dans la place de marché Rarible a permis de dérober facilement des NFT,

Un lien vers un NFT vérolé pouvait provoquer le transfert quasi automatique de NFT d’un portefeuille vers un autre. Effrayant de simplicité.

,

Un lien vers un NFT vérolé pouvait provoquer le transfert quasi automatique de NFT d’un portefeuille vers un autre. Effrayant de simplicité.

, ,
https://www.01net.com/actualites/une-faille-dans-la-place-de-marche-rarible-a-permis-de-derober-facilement-des-nft-2055922.html

Comment les hackers nord-coréens sont passés maîtres dans le vol de cryptomonnaies

Comment les hackers nord-coréens sont passés maîtres dans le vol de cryptomonnaies,

Le deuxième plus grand hack de tous les temps — 500 millions d’euros siphonnés auprès de Ronin Network — vient d’être attribué aux pirates de Pyongyang. Ces derniers dévalisent la cryptofinance depuis cinq ans avec succès.

,

Le deuxième plus grand hack de tous les temps — 500 millions d’euros siphonnés auprès de Ronin Network — vient d’être attribué aux pirates de Pyongyang. Ces derniers dévalisent la cryptofinance depuis cinq ans avec succès.

, ,
https://www.01net.com/actualites/comment-les-hackers-nord-coreens-sont-passes-maitres-dans-le-vol-de-cryptomonnaies-2055918.html

Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free

Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free,

A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes.
« It features the ability to steal sensitive information from victims and can download additional malware to infected systems, » Cisco Talos researchers Edmund Brumaghin and Vanja Svajcer 

,

A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes.
« It features the ability to steal sensitive information from victims and can download additional malware to infected systems, » Cisco Talos researchers Edmund Brumaghin and Vanja Svajcer 

, ,
https://thehackernews.com/2022/04/haskers-gang-gives-away-zingostealer.html

Chrome : Google corrige en urgence une faille exploitée par des pirates, mettez vite votre navigateur à jour !

Chrome : Google corrige en urgence une faille exploitée par des pirates, mettez vite votre navigateur à jour !,

Une confusion de type dans le moteur JavaScript incite le géant informatique à diffuser un patch qu’il est fortement recommandé d’installer le plus vite possible.

,

Une confusion de type dans le moteur JavaScript incite le géant informatique à diffuser un patch qu’il est fortement recommandé d’installer le plus vite possible.

, ,
https://www.01net.com/actualites/chrome-google-corrige-en-urgence-une-faille-exploitee-par-des-pirates-mettez-vite-votre-navigateur-a-jour-2055915.html

La police démantèle RaidForums, le supermarché des données volées

La police démantèle RaidForums, le supermarché des données volées,

Utilisé par plus de 500 000 hackers, ce site était l’un des principaux espaces d’échange de bases de données volées. Il était piloté par un jeune homme de 21 ans, arrêté au Royaume-Uni.

,

Utilisé par plus de 500 000 hackers, ce site était l’un des principaux espaces d’échange de bases de données volées. Il était piloté par un jeune homme de 21 ans, arrêté au Royaume-Uni.

, ,
https://www.01net.com/actualites/la-police-demantele-raidforums-le-supermarche-des-donnees-volees-2055893.html

Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software

Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software,

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system.
Tracked as CVE-2022-20695, the issue has been rated 10 out of 10 for severity and enables an adversary to bypass authentication controls and log in to the device through the

,

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system.
Tracked as CVE-2022-20695, the issue has been rated 10 out of 10 for severity and enables an adversary to bypass authentication controls and log in to the device through the

, ,
https://thehackernews.com/2022/04/critical-auth-bypass-bug-reported-in.html

Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure

Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure,

Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks.
The issue, assigned the identifier CVE-2022-22966, has a CVSS score of 9.1 out of a maximum of 10. VMware credited security researcher Jari Jääskelä with reporting the flaw.
<

,

Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks.
The issue, assigned the identifier CVE-2022-22966, has a CVSS score of 9.1 out of a maximum of 10. VMware credited security researcher Jari Jääskelä with reporting the flaw.
<

, ,
https://thehackernews.com/2022/04/critical-vmware-cloud-director-bug.html

Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw

Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw,

Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild.
Tracked as CVE-2022-1364, the tech giant described the high-severity bug as a case of type confusion in the V8 JavaScript engine. Clément Lecigne of Google’s Threat Analysis Group has been credited with reporting the flaw on April 13

,

Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild.
Tracked as CVE-2022-1364, the tech giant described the high-severity bug as a case of type confusion in the V8 JavaScript engine. Clément Lecigne of Google’s Threat Analysis Group has been credited with reporting the flaw on April 13

, ,
https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html