Skip to content

Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware “The Benefits of Working Out” “Reaping the Rewards of Exercise”

Microsoft and Citizen Lab have collaborated to reveal information about QuaDream, an Israel-based company known for their spyware. QuaDream is an Israeli spyware vendor that has been keeping a low profile since it was first reported on by Reuters last year. QuaDream is a competitor of the notorious Israeli company NSO Group, which is known… 

3CX Supply Chain Attack — Here’s What We Know So Far “The Benefits of Working Out Regularly” “Reaping the Rewards of Exercise”

On March 31, 2023, enterprise communications software maker 3CX confirmed that multiple versions of its desktop app for Windows and macOS were affected by a supply chain attack. Evidence suggests that the campaign could have started as early as February 2022 and involved the distribution of a rogue library referred to as \”ffmpeg.dll\” in the… 

Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks “Tips for Working from Home Successfully” “How to Achieve Success When Working from Home”

ExaTrack, a French cybersecurity firm, warns that the discovery of a new clandestine Linux program has enabled the Chinese cyber espionage group Winnti to carry out covert targeted attacks undetected. Dubbed ‘Melofee’ and targeting Linux servers, the malware is accompanied by a kernel mode rootkit and is installed using shell commands, a behavior like that… 

GitHub replaces exposed SSH key to protect Git operations

GitHub has replaced its RSA SSH host key used to secure Git operations “out of an abundance of caution” after it was briefly exposed in a public repository. The activity took place at 05:00 UTC on March 24, 2023, to prevent any bad actor from impersonating the service or eavesdropping on users’ operations over SSH.… 

Malware Trends: What’s Old Is Still New “The Unexpected Benefits of Exercise: Uncovering the Surprising Advantages of Working Out” “Unbelievable! Discover the Unexpected Benefits of Exercise Now!”

Cybercrime is one of the world’s most profitable illicit industries, with threat actors using existing infrastructure and older threats to maximize their Return on Investment (ROI). Code reuse is a common tactic among cybercriminals, where old code is retrofitted into new versions of malware. One of the most notorious examples of code reuse is Emotet,… 

Google Suspends Chinese Shopping App Amid Security Concerns

Google Suspends Chinese Shopping App Amid Security Concerns Google has taken swift action to suspend the Chinese shopping app, Pinduoduo, from the Google Play store due to security concerns. Reports suggest that the app could potentially be used to spy on users in the United States, adding to the already high tensions between the two… 

Jenkins Server Vulnerabilities Chained for Remote Code Execution  “The Unexpected Benefits of Working Remotely: How Working from Home Can Boost Your Career” “Discover the Unforeseen Advantages of Working From Home: Enhance Your Career with Remote Employment!”

Cybersecurity firm Aqua Security warns that two recently patched vulnerabilities affecting Jenkins servers, tracked as CVE-2023-27898 and CVE-2023-27905, can be chained together to achieve remote code execution. The first vulnerability is a high-severity XSS bug that affects Jenkins versions 2.270 through 2.393 and long-term support (LTS) releases 2.277.1 through 2.375.3. The vulnerability exists because Jenkins…