The Lancefly APT group is using a custom powerful backdoor called Merdoor in attacks against organizations in South and Southeast Asia. Symantec researchers reported that the Lancefly APT group is using a custom-written backdoor in attacks targeting organizations in South…
Category: Security Affairs
PharMerica data breach impacts more than 5.8 million individuals
National pharmacy network PharMerica discloses a data breach that impacted more than 5.8 million individuals. National pharmacy network PharMerica disclosed a data breach that exposed the personal information of 5,815,591 individuals. The incident took place in March and the company…
New RA Group ransomware gang is the latest group using leaked Babuk source code
A previously unknown ransomware group known as RA Group is targeting companies in U.S. and South Korea with leaked Babuk source code. Cisco Talos researchers recently discovered a new ransomware operation called RA Group that has been active since at…
Introducing the DRM-Report Q1 2023: Unveiling the Current State of Ransomware
DRM Dashboard Ransomware Monitor released the first quarterly report for the year 2023 about the activities of ransomware groups globally. DRM Dashboard Ransomware Monitor, an independent platform of cybersecurity monitoring, is pleased to release the quarterly the DRM-Report for the…
Former Ubiquiti employee gets 6 years in jail for stealing confidential data and extorting company
A former Ubiquiti employee has been sentenced to six years in jail for the theft of confidential data and extorting company for ransom. NICKOLAS SHARP, a former Ubiquiti employee was sentenced today to six years in prison. In December 2020, SHARP stole…
Former ByteDance executive alleges TikTok of wrongful conduct
A former ByteDance executive revealed that the China government has access to TikTok data, including data stored in the United. Yintao Yu, the head of engineering for ByteDance’s U.S. operations from August 2017 to November 2018, revealed that the Chinese…
The latest variant of the RapperBot botnet adds cryptojacking capabilities
FortiGuard Labs Researchers spotted new samples of the RapperBot botnet that support cryptojacking capabilities. FortiGuard Labs researchers have discovered new samples of the RapperBot bot that added cryptojacking capabilities. Researchers from FortiGuard Labs first discovered the previously undetected RapperBot IoT…
Capita warns customers to assume that their data was stolen
UK outsourcing giant Capita is informing customers that their data may have been stolen in the cyberattack that hit the company in early April. In early April, the UK outsourcing giant Capita confirmed that its staff was locked out of…
Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. We are in the final! Please vote for Security Affairs (https://securityaffairs.com/) as the best…
Personal info of 90k hikers leaked by French tourism company La Malle Postale
La Malle Postale, a transportation company serving hikers on popular hiking trails in France, leaked personal data and private messages of their clients. The Cybernews research team has discovered a data leak on La Malle Postale’s system that exposed the…
Data of more than 2M Toyota customers exposed in ten years-long data breach
A data breach disclosed by Toyota Motor Corporation exposed info of more than 2 million customers for ten years Toyota Motor Corporation disclosed a data breach that exposed the car-location information of 2,150,000 customers between November 6, 2013, and April…
Discord suffered a data after third-party support agent was hacked
Discord disclosed a data breach, the security breach was caused by the compromise of a third-party support agent’s account. Discord, the popular VoIP and instant messaging social platform, disclosed a data breach and is notifying the impacted users. The security breach resulted in…
Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol
The CheckMate ransomware operators have been targeting the Server Message Block (SMB) communication protocol used for file sharing to compromise their victims’ networks. Unlike most ransom campaigns, CheckMate, discovered in 2022, has been quiet throughout its operations. To the best…
Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE
U.S. CISA and FBI warned of attacks conducted by the Bl00dy Ransomware Gang against the education sector in the country. The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by…
Leaked source code of Babuk ransomware used by 10 different ransomware families targeting VMware ESXi
The leak of the source code of the Babuk ransomware allowed 9 ransomware gangs to create their own ransomware targeting VMware ESXi systems. SentinelLabs researchers have identified 10 ransomware families using VMware ESXi lockers based on the source code of…
What the Email Security Landscape Looks Like in 2023
Email-based threats have become increasingly sophisticated, how is changing the Email Security Landscape? For over a decade, email has been a common source of cybersecurity threats. During that time, email-based threats have become increasingly sophisticated. What started as notes from…
The Black Basta ransomware gang hit multinational company ABB
Swiss electrification and automation technology giant ABB suffered a Black Basta ransomware attack that impacted its business operations. Swiss multinational company ABB, a leading electrification and automation technology provider, it the last victim of the notorious Black Basta ransomware group.…
A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking
Experts warn of an unauthenticated privilege escalation flaw in the popular Essential ‘Addons for Elementor’ WordPress plugin. Essential ‘Addons for Elementor’ WordPress plugin is a collection of 90+ creative elements and extensions Enhance that allow admins to enhance Elementor page building…
A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking
Experts warn of an unauthenticated privilege escalation flaw in the popular Essential ‘Addons for Elementor’ WordPress plugin. Essential ‘Addons for Elementor’ WordPress plugin is a collection of 90+ creative elements and extensions Enhance that allow admins to enhance Elementor page building…
Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers
Researchers disclosed the details of five vulnerabilities that can be chained to take over some Netgear router models. Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82…
Google will provide dark web monitoring to all US Gmail users and more
Google announced the opening of the dark web monitoring report security feature to all Gmail users in the United States. Google is going to offer dark web monitoring to all U.S. Gmail users, the feature allows them to search for…
We are in the final! Please vote for Security Affairs and Pierluigi Paganini
Dear readers and friends, once again we are in the final of the European Cybersecurity Blogger Awards 2022 and I need your support. Please help me in reaching this new target. I work hard every day to provide updated news…
North Korea-linked APT breached the Seoul National University Hospital
The Korean National Police Agency (KNPA) warns that a North Korea-linked APT group had breached the Seoul National University Hospital (SNUH). The Korean National Police Agency (KNPA) revealed that a North Korea-linked APT group has breached one of the largest…
Twitter now supports Encrypted Direct Messages, with some limitations
Twitter is rolling out support for encrypted direct messages (DMs), the security feature will be initially available for the verified users. Twitter is rolling out support for encrypted direct messages (DMs), the feature is initially limited to verified users or affiliates to a verified…
A zero-click vulnerability in Windows allows stealing NTLM credentials
Researchers shared technical details about a flaw in Windows MSHTML platform, tracked as CVE-2023-29324, that could be abused to bypass security protections. Cybersecurity researchers have shared details about a now-patched security flaw, tracked as CVE-2023-29324 (CVSS score: 6.5), in Windows MSHTML platform. An attacker can exploit…
Cybersecurity firm Dragos shared details about a failed extortion attempt it suffered
Industrial cybersecurity firm Dragos revealed that a ransomware group attempted to breach its infrastructure and extort it. Industrial cybersecurity firm Dragos revealed that on May 8, 2023, a known ransomware group attempted and failed to breach the company systems. The…
DownEx cyberespionage operation targets Central Asia
A new sophisticated malware strain, dubbed DownEx, was involved in attacks aimed at Government organizations in Central Asia. In late 2022, Bitdefender Labs researchers first observed a highly targeted cyberattack targeting foreign government institutions in Kazakhstan that involved a new sophisticated strain of…
Smashing Pumpkins frontman paid ransom to a hacker who threatened to leak the band’s songs
The frontman of the American alternative rock band Smashing Pumpkins, Billy Corgan, has revealed he paid hackers who stole the band’s songs The frontman of the alternative rock band Smashing Pumpkins, Billy Corgan, revealed he paid a ransom after a hacker stole the band’s songs…
US disrupts Russia-linked Snake implant’s network
The US government announced to have disrupted the peer-to-peer (P2P) network of computers compromised by the Snake malware. The Snake implant is one of the most sophisticated implants used by Russia-linked threat actors for cyberespionage purposes. The malware has been…
Microsoft Patch Tuesday for May 2023 fixed 2 actively exploited zero-day flaws
Microsoft Patch Tuesday Security updates for May 2023 address a total of 40 vulnerabilities, including two zero-day actively exploited in attacks. Microsoft’s May 2023 security updates address 40 vulnerabilities, including two zero-day flaws actively exploited in attacks. The flaws affect…
The global food distribution giant Sysco discloses a data breach
Sysco, the global food distribution giant, disclosed a data breach, the compromised data includes customer and employee data. Sysco Corporation is an American multinational corporation involved in marketing and distributing food products, smallwares, kitchen equipment and tabletop items. BleepingComputer, who has seen an…
A Linux NetFilter kernel flaw allows escalating privileges to ‘root’
A Linux NetFilter kernel flaw, tracked as CVE-2023-32233, can be exploited by unprivileged local users to escalate their privileges to root. Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers…
Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet
A DDoS botnet dubbed AndoryuBot has been observed exploiting an RCE, tracked as CVE-2023-25717, in Ruckus access points. FortiGuard Labs researchers have recently observed a spike in attacks attempting to exploit the Ruckus Wireless Admin remote code execution vulnerability tracked…
FBI seized 13 domains linked to DDoS-for-hire platforms
The U.S. DoJ announced the seizure of 13 new domains associated with DDoS-for-hire platforms as part of Operation PowerOFF. The U.S. Justice Department announced the seizure of 13 domains linked to DDoS-for-hire services as part of a coordinated international law…
New CACTUS ransomware appeared in the threat landscape
Researchers warn of a new ransomware family called CACTUS that exploits known vulnerabilities in VPN appliances to gain initial access to victims’ networks. Researchers from cybersecurity firm Kroll have analyzed on a new ransomware family called CACTUS that has been…
Iran-linked APT groups started exploiting Papercut flaw
Microsoft warns of Iran-linked APT groups that are targeting vulnerable PaperCut MF/NG print management servers. Microsoft warns that Iran-linked APT groups have been observed exploiting the CVE-2023-27350 flaw in attacks against PaperCut MF/NG print management servers. The CVE-2023-27350 flaw is a PaperCut…
Money Message gang leaked private code signing keys from MSI data breach
The ransomware gang behind the attack on Taiwanese PC maker MSI leaked the company’s private code signing keys on their darkweb leak site. In early April, the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation…
NextGen Healthcare suffered a data breach that impacted +1 Million individuals
NextGen Healthcare suffered a data breach, the security incident exposed the personal information of approximately 1 million individuals. Healthcare solutions provider NextGen Healthcare suffered a data breach that exposed the personal information of informing approximately one million individuals. NextGen Healthcare,…
Western Digital notifies customers of data breach after March cyberattack
Western Digital is notifying its customers of a data breach that exposed their sensitive personal information, the incident took place in March. In March 2022, Western Digital was hit by a ransomware attack and in response to the incident, it…
CERT-UA warns of an ongoing SmokeLoader campaign
Ukraine’s CERT-UA warns of an ongoing phishing campaign aimed at distributing the SmokeLoader malware in the form of a polyglot file. CERT-UA warns of an ongoing phishing campaign that is distributing the SmokeLoader malware in the form of a polyglot…
SEC issued a record award of $279 million to a whistleblower
The Securities and Exchange Commission (SEC) announced the largest-ever award, approximately $279 million, to a whistleblower. The Securities and Exchange Commission (SEC) paid a record sum of approximately $279 million to a whistleblower. The award was paid to a whistleblower…
San Bernardino County Sheriff’s Department paid a $1.1M ransom
The San Bernardino County Sheriff’s Department confirmed that it has paid a $1.1-million ransom after the April ransomware attack. The San Bernardino County Sheriff’s Department opted to pay a $1.1-million ransom after a ransomware attack infected its systems in early…
Dragon Breath APT uses double-dip DLL sideloading strategy
An APT group tracked as Dragon Breath has been observed employing a new DLL sideloading technique. Sophos researchers observed an APT group, tracked as Dragon Breath (aka APT-Q-27 and Golden Eye), that is using a new DLL sideloading technique that adds complexity and…
Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Twitter…
Twitter confirmed that a security incident publicly exposed Circle tweets
A security problem caused the public sharing of private tweets sent to Twitter Circles to users outside of the Circle, the company admitted. Since August 2022, the Twitter Circle feature allows users to send tweets to a restricted circle of…
FBI seized other domains used by the shadow eBook library Z-Library
The FBI disrupted once again the illegal eBook library Z-Library the authorities seized several domains used by the service. The Federal Bureau of Investigation (FBI) seized multiple domains used by the illegal shadow eBook library Z-Library. Z-Library is the world’s…
WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks
A reflected cross-site scripting vulnerability is the Advanced Custom Fields plugin for WordPress exposed over 2 million sites to hacking. Assetnote researchers discovered a reflected cross-site scripting vulnerability, tracked as CVE-2023-29489 (CVSS score: 6.1), in the Advanced Custom Fields plugin…
Fortinet fixed two severe issues in FortiADC and FortiOS
Fortinet has addressed a couple of high-severity vulnerabilities impacting FortiADC, FortiOS, and FortiProxy. Fortinet addressed nine security vulnerabilities affecting multiple products, including two high-severity issues, tracked as CVE-2023-27999 and CVE-2023-22640, in FortiADC, FortiOS, and FortiProxy. The CVE-2023-27999 flaw (CVSS score…
Pro-Russia group NoName took down multiple France sites, including the French Senate one
The French Senate’s website was taken offline by a DDoS attack launched by the pro-Russian hacker group NoName. The pro-Russia hacker group NoName is claiming responsibility for a DDoS attack that took the website of the French Senate offline. “Access…
North Korea-linked Kimsuky APT uses new recon tool ReconShark
North Korea-linked APT group Kimsuky has been observed using a new reconnaissance tool dubbed ReconShark in a recent campaign. SentinelOne researchers observed an ongoing campaign from North Korea-linked Kimsuky Group that is using a new malware called ReconShark. The reconnaissance tool is delivered…
Fleckpe Android malware totaled +620K downloads via Google Play Store
Fleckpe is a new Android subscription Trojan that was discovered in the Google Play Store, totaling more than 620,000 downloads since 2022. Fleckpe is a new Android subscription Trojan that spreads via Google Play, the malware discovered by Kaspersky is…
Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE
Cisco is warning customers of a critical remote code execution vulnerability affecting its EoL SPA112 2-Port Phone Adapters. Cisco is warning of a critical remote code execution (RCE) vulnerability, tracked as CVE-2023-20126 (CVSS score of 9.8), impacting SPA112 2-Port phone…
Experts devised a new exploit for the PaperCut flaw that can bypass all current detection
VulnCheck researchers devised a new exploit for a recently disclosed critical flaw in PaperCut servers that bypasses all current detections. Cybersecurity researchers from VulnCheck have developed a new exploit for the recently disclosed critical flaw in PaperCut servers, tracked as CVE-2023-27350 (CVSS…
Facebook warns of a new information-stealing malware dubbed NodeStealer
Facebook discovered a new information-stealing malware, dubbed ‘NodeStealer,’ that is being distributed on Meta. NodeStealer is a new information-stealing malware distributed on Meta that allows stealing browser cookies to hijack accounts on multiple platforms, including Facebook, Gmail, and Outlook. The…
Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector
CERT-UA is warning of destructive cyberattacks conducted by the Russia-linked Sandworm APT group against the Ukraine public sector. Russia-linked APT group Sandworm is behind destructive cyberattacks against Ukrainian state networks, the Ukrainian Government Computer Emergency Response Team (CERT-UA) warns. The…
City of Dallas shut down IT services after ransomware attack
The City of Dallas, Texas, was hit by a ransomware attack that forced it to shut down some of its IT systems. The IT systems at the City of Dallas, Texas, have been targeted by a ransomware attack. To prevent…
Authorities dismantled the card-checking platform Try2Check
Authorities dismantled the Try2Check platform, a Card-Checking platform that generated tens of millions of dollars in revenue. The U.S. DoJ charged the Russian citizen Denis Gennadievich Kulkov with running the Card-Checking services. The platform has been active since 2005, according…
Passwordless sign-in with passkeys is now available for Google accounts
Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Passwords are essential to protect services and…
Hackers are taking advantage of the interest in generative AI to install Malware
Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned. Threat actors are taking advantage of the huge interest in generative AI like ChatGPT to trick victims into installing malware, Meta warns.…
Researchers found DoS flaws in popular BGP implementation
Vulnerabilities in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to trigger a DoS condition on BGP peers. Forescout Vedere Labs researchers discovered multiple vulnerabilities in the software implementation of the Border Gateway Protocol (BGP).…
FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals
A joint operation conducted by the FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminal groups for money laundering. The Cyber Police Department together with the Main Investigative Department of the National Police, the Office of the Prosecutor…
SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market
International law enforcement operation SpecTor resulted in the seizure of an online marketplace and the arrest of nearly 300 people. In an international law enforcement operation coordinated by Europol, codenamed ‘SpecTor’, the police seized the illegal dark web marketplace ‘Monopoly…
The first iPhone Rapid Security Response update released by Apple fails to install
Apple has released its first Rapid Security Response update, but many iPhone users reported problems during the installation of the iOS Security Response. On June 2022, Apple announced that the Rapid Security Response feature would be available starting with iOS…
Fortinet warns of a spike in attacks against TBK DVR devices
FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices. FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat actors are attempting to…
North Korea-linked ScarCruft APT uses large LNK files in infection chains
North Korea-linked ScarCruft APT group started using oversized LNK files to deliver the RokRAT malware starting in early July 2022. Check Point researchers reported that the infection chains observed in the attacks attributed to North Korea-linked ScarCruft APT group (aka APT37, Reaper, and…
CISA adds TP-Link, Apache, and Oracle bugs to its Known Exploited Vulnerabilities catalog
US Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link, Apache, and Oracle vulnerabilities to its Known Exploited Vulnerabilities catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog: CVE-2023-1389 (CVSS…
New Lobshot hVNC malware spreads via Google ads
The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads. Threat actors are…
T-Mobile suffered the second data breach in 2023
T-Mobile disclosed the second data breach of 2023, threat actors had access to the personal information of hundreds of customers since February. T-Mobile suffered the second data breach of 2023, threat actors had access to the personal information of hundreds…
Experts spotted a new sophisticated malware toolkit called Decoy Dog
Infoblox researchers discovered a new sophisticated malware toolkit, dubbed Decoy Dog, targeting enterprise networks. While analyzing billions of DNS records, Infoblox researchers discovered a sophisticated malware toolkit, dubbed Decoy Dog, that was employed in attacks aimed at enterprise networks. Threat actors behind…
German IT provider Bitmarck hit by cyberattack
Bitmarck, one of the largest IT service providers for social insurance carriers in Germany, announced yesterday that it has suffered a cyber attack. The German IT service provider Bitmarck announced on April 30 it had taken all its systems offline due…
Iranian govt uses BouldSpy Android malware for internal surveillance operations
Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic…
Russian APT Nomadic Octopus hacked Tajikistani carrier
Russian APT group Nomadic Octopus hacked a Tajikistani carrier to spy on government officials and public service infrastructures. Russian cyber espionage group Nomadic Octopus (aka DustSquad) has hacked a Tajikistani telecoms provider to spy on 18 entities, including high-ranking government…
Google banned 173k developer accounts in 2022
In 2022, Google prevented 1.43 million policy-violating apps from being published in the official Google Play store. Google announced that it prevented 1.43 million policy-violating applications from being published on Google Play in 2022. The IT giant also announced it…
Crooks broke into AT&T email accounts to empty their cryptocurrency wallets
Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts. Hackers are breaking into the AT&T email accounts and then using the access they are logging into the victim’s cryptocurrency exchange…
Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies
CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Russia-linked APT28 group is targeting Ukrainian government bodies with fake ‘Windows Update’ guides, Computer Emergency Response Team of Ukraine (CERT-UA) warns.…
White hat hackers showed how to take over a European Space Agency satellite
Thales cybersecurity researchers have shown this week how they seized control of a European Space Agency (ESA) satellite. This week, during the third edition of CYSAT, the European event dedicated to cybersecurity for the space industry, the European Space Agency…
Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ViperSoftX…
ViperSoftX uses more sophisticated encryption and anti-analysis techniques
A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. The variant employed…
Atomic macOS Stealer is advertised on Telegram for $1,000 per month
Atomic macOS Stealer is a new information stealer targeting macOS that is advertised on Telegram for $1,000 per month. Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS). The…
CISA warns of a critical flaw affecting Illumina medical devices
U.S. CISA released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw affecting Illumina medical devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of vulnerabilities that…
OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands
OpenAI announced that access to its chatbot service ChatGPT is allowed again in Italy after the company met the demands of regulators. OpenAI restored access to ChatGPT in Italy after the company met the demands of the Italian Data Protection…
Cisco discloses a bug in the Prime Collaboration Deployment solution
Cisco is working on a patch for a bug in the Prime Collaboration Deployment solution that was reported by a member of NATO’s Cyber Security Centre (NCSC). Cisco informed its customers that it’s working on a patch for cross-site scripting…
Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches
A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. The vulnerability…
Ukraine cyber police arrested a man for selling data of 300M people
The Ukrainian cyber police arrested a Ukraine man for selling the data of over 300 million people from different countries. The Ukrainian cyber police have arrested a man (36) from the city of Netishyn for selling the personal data and…
Google obtained a temporary court order against CryptBot distributors
Google obtained a temporary court order in the U.S. to disrupt the operations of the CryptBot information stealer. Google announced that a federal judge in the Southern District of New York unsealed its civil action against the operators of the information…
Researchers found the first Linux variant of the RTM locker
RTM ransomware-as-a-service (RaaS) started offering locker ransomware that targets Linux, NAS, and ESXi systems. The Uptycs threat research team discovered the first ransomware binary attributed to the RTM ransomware-as-a-service (RaaS) provider. The new variant of the encryptor targets Linux, NAS, and ESXi…
Crooks use PaperCut exploits to deliver Cl0p and LockBit ransomware
Microsoft revealed that recent attacks against PaperCut servers aimed at distributing Cl0p and LockBit ransomware. Microsoft linked the recent attacks against PaperCut servers to a financially motivated threat actor tracked as Lace Tempest (formerly DEV-0950). The group is known to be an…
CryptoRom: OkCupid scam cost Florida man $480k – we followed the money to Binance
CyberNews analyzed a classic cryptocurrency romance scam, also known as CryptoRom, explaining how scammers hid the money CryptoRom scammers hid the money with several layers of obfuscation, but the Cybernews research team discovered that the stolen funds ended up in…
Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks
Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., Europe, the Middle East and India. Iran-linked Charming Kitten group, (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign…
China-linked Alloy Taurus APT uses a Linux variant of PingPull malware
China-linked threat actor tracked as Alloy Taurus is using a Linux variant of the PingPull backdoor and a new tool dubbed Sword2033. Researchers from Palo Alto Networks Unit 42 recently observed the China-linked Alloy Taurus group (aka GALLIUM, Softcell) targeting Linux systems…
A component in Huawei network appliances could be used to take down Germany’s telecoms networks
German government warns that technology to regulate power consumption in Huawei network appliances could be used for sabotage purposes. In March, the interior ministry announced it was conducting an audit on the network appliance from Chinese telecoms giants Huawei and…
Thousands of publicly-exposed Apache Superset installs exposed to RCE attacks
Apache Superset open-source data visualization platform is affected by an insecure default configuration that could lead to remote code execution. Apache Superset is an open-source data visualization and data exploration platform. The maintainers of the software have released security patches to…
Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline
Pro-Russia hacking group Zarya caused a cybersecurity incident at a Canadian gas pipeline, the critical infrastructure sector is on alert. A Canadian gas pipeline suffered a cyber security incident, Canada’s top cyber official and Pro-Russia hacking group Zarya claimed the…
SLP flaw allows DDoS attacks with an amplification factor as high as 2200 times
A flaw in the Service Location Protocol (SLP), tracked as CVE-2023-29552, can allow to carry out powerful DDoS attacks. A high-severity security vulnerability (CVE-2023-29552, CVSS score: 8.6) impacting the Service Location Protocol (SLP) can be exploited by threat actors to…
VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023
VMware addressed zero-day flaws that can be chained to achieve arbitrary code execution on Workstation and Fusion software hypervisors. VMware released security updates to address two zero-day vulnerabilities (CVE-2023-20869, CVE-2023-20870) that were chained by the STAR Labs team during the…
A new Mirai botnet variant targets TP-Link Archer A21
Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451) in TP-Link Archer A21 in recent attacks. Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8)…
Google researchers found multiple security issues in Intel TDX
Google Cloud Security and Project Zero researchers found multiple vulnerabilities in the Intel Trust Domain Extensions (TDX). Google Cloud Security and Project Zero researchers, working with Intel experts, discovered multiple vulnerabilities in the Intel Trust Domain Extensions (TDX). The Intel…
Google Authenticator App now supports Google Account synchronization
Google announced that its Authenticator app for Android and iOS now supports Google Account synchronization. Google announced that its Google Authenticator app for both iOS and Android now supports Google Account synchronization that allows to safely backup users one-time codes…
Peugeot leaks access to user information in South America
Peugeot, a French brand of automobiles owned by Stellantis, exposed its users in Peru, a South American country with a population of nearly 34 million. A brand, best known for its lion roaring for over a century, has leaked access…
North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware
North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware. Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks. The group BlueNoroff is…