Category: Security Affairs

China-linked Flax Typhoon APT targets Taiwan

China-linked APT group Flax Typhoon targeted dozens of organizations in Taiwan as part of a suspected espionage campaign. Microsoft linked the Chinese APT Flax Typhoon (aka Ethereal Panda) to a cyber espionage campaign that targeted dozens of organizations in Taiwan.…

Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035

Proof-of-concept exploit code for critical Ivanti Sentry authentication bypass flaw CVE-2023-38035 has been released. Researchers released a proof-of-concept (PoC) exploit code for critical Ivanti Sentry authentication bypass vulnerability CVE-2023-38035 (CVSS score 9.8). This week the software company Ivanti released urgent…

Defense contractor Belcan leaks admin password with a list of flaws

US Government and defense contractor Belcan left its super admin credentials open to the public, Cybernews research team reveals. Belcan is a government, defense, and aerospace contractor offering global design, software, manufacturing, supply chain, information technology, and digital engineering solutions.…

Ivanti fixed a new critical Sentry API authentication bypass flaw

Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035. The software company Ivanti released urgent security patches to address a critical-severity vulnerability, tracked as CVE-2023-38035 (CVSS score 9.8), in the Ivanti Sentry (formerly MobileIron…

N. Korean Kimsuky APT targets S. Korea-US military exercises

North Korea-linked APT Kimsuky launched a spear-phishing campaign targeting US contractors working at the war simulation centre. North Korea-linked APT group Kimsuky carried out a spear-phishing campaign against US contractors involved in a joint U.S.-South Korea military exercise. The news…

Cybersecurity: CASB vs SASE

Understanding cybersecurity aspects addressed by Cloud Access Security Broker (CASB) and Secure Access Service Edge (SASE) In an increasingly digital world, where businesses rely on cloud services and remote access, cybersecurity has become paramount. As organizations strive to safeguard their…

Bronze Starlight targets the Southeast Asian gambling sector

Experts warn of an ongoing campaign attributed to China-linked Bronze Starlight that is targeting the Southeast Asian gambling sector. SentinelOne observed China-linked APT group Bronze Starlight (aka APT10, Emperor Dragonfly or Storm-0401) targeting the gambling sector within Southeast Asia. The malware and…

Two unauthenticated stack buffer overflows found in Ivanti Avalanche EMM

Ivanti Avalanche EMM product is impacted by two buffer overflows collectively tracked as CVE-2023-32560. Tenable researchers discovered two stack-based buffer overflows, collectively tracked as CVE-2023-32560 (CVSS v3: 9.8), impacting the Ivanti Avalanche enterprise mobility management (EMM) solution. A remote, unauthenticated attacker…

Monti Ransomware gang launched a new Linux encryptor

Monti Ransomware operators returned, after a two-month pause, with a new Linux variant of their encryptor. The Monti ransomware operators returned, after a two-month break, with a new Linux version of the encryptor. The variant was employed in attacks aimed…

Hacking ATMs by exploiting flaws in ScrutisWeb ATM fleet software

Researchers found several flaws in the ScrutisWeb ATM fleet monitoring software that can expose ATMs to hack.  Researchers from the Synack Red Team found multi flaws (CVE-2023-33871, CVE-2023-38257, CVE-2023-35763 and CVE-2023-35189) in the ScrutisWeb ATM fleet monitoring software that can…

Ongoing Xurum attacks target Magento 2 e-stores

Experts warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites using Adobe’s Magento 2 CMS. Akamai researchers warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites running the Magento 2 CMS. The attackers are actively exploiting a server-side template injection…

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Multiple vulnerabilities in CyberPower PowerPanel Enterprise DCIM platform and Dataprobe PDU could expose data centers to hacking. Researchers from Trellix Advanced Research Center discovered multiple vulnerabilities impacting CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power…

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. Microsoft Threat Intelligence researchers discovered 16 high-severity vulnerabilities, collectively tracked as CoDe16, in the CODESYS V3 software development kit (SDK). An attacker can…

Police dismantled bulletproof hosting service provider Lolek Hosted

A joint operation conducted by European and U.S. law enforcement agencies dismantled the bulletproof hosting service provider Lolek Hosted. Lolek Hosted is a bulletproof hosting service provider used to facilitate the distribution of information-stealing malware, and also to launch DDoS (distributed…

UK govt contractor MPD FM leaks employee passport data

UK govt contractor MPD FM left an open instance that exposed employee passports, visas, and other sensitive data MPD FM, a facility management and security company providing services to various UK government departments, left an open instance that exposed employee…

The Evolution of API: From Commerce to Cloud

API (or Application Programming Interface) is a ubiquitous term in the tech community today, and it’s one with a long history. As a concept, APIs (or Application Programming Interfaces) have been around since the 1950s. What started out as a…

Gafgyt botnet is targeting EoL Zyxel routers

Researchers warn that the Gafgyt botnet is actively exploiting a vulnerability impacting the end-of-life Zyxel P660HN-T1A router. A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel P660HN-T1A…

Statc Stealer, a new sophisticated info-stealing malware

Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from…

US Govt launches Artificial Intelligence Cyber Challenge

The US Government House this week launched an Artificial Intelligence Cyber Challenge competition for creating a new generation of AI systems. On Wednesday, the United States Government House introduced an Artificial Intelligence Cyber Challenge competition. The two-year competition aims to…

EvilProxy used in massive cloud account takeover scheme

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises…

Downfall Intel CPU side-channel attack exposes sensitive data

Google researcher Daniel Moghimi devised a new side-channel attack technique, named Downfall, against Intel CPU. Google researcher Daniel Moghimi devised a new side-channel attack technique Intel CPU, named Downfall, that relies on a flaw tracked as CVE-2022-40982. An attacker can…

Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws

Microsoft Patch Tuesday security updates for August 2023 addressed 74 vulnerabilities, including two actively exploited flaws. Microsoft Patch Tuesday security updates for August 2023 addressed 74 new vulnerabilities in multiple products including Windows and Windows Components; Edge (Chromium-Based); Exchange Server;…

UK Electoral Commission discloses a data breach

The UK Electoral Commission suffered a data breach that exposed voters’ personal information between 2014 and 2022. The UK Electoral Commission disclosed a data breach that exposed the personal information of voters in the United Kingdom between 2014 and 2022.…

Russian APT29 conducts phishing attacks through Microsoft Teams

Russia-linked APT29 group targeted dozens of organizations and government agencies worldwide with Microsoft Teams phishing attacks. Microsoft Threat Intelligence reported that Russia-linked cyberespionage group APT29  (aka SVR group, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes) carried out Microsoft Teams phishing attacks aimed at…

Burger King forgets to put a password on their systems, again

The fast food giant Burger King put their systems and data at risk by exposing sensitive credentials to the public for a second time. Original post @https://cybernews.com/security/burger-king-data-leak/ Burger King is a renowned US-based international fast food giant with a global…