Threats & Malware, Vulnerabilities
April 9, 2024
Via: Security AffairsBitdefender researchers discovered multiple vulnerabilities in LG webOS running on smart TVs that could be exploited to bypass authorization and gain root access on the devices. The vulnerabilities discovered by the researchers impact WebOS versions 4 through 7 running on […]
Threats & Malware, Virus & Malware
February 20, 2024
Via: Security AffairsThe Cactus ransomware group claims responsibility for pilfering 1.5TB of data from the Energy management and industrial automation giant Schneider Electric. Schneider Electric is a multinational company that specializes in energy management, industrial automation, and digital transformation. In January, BleepingComputer […]
February 9, 2024
Via: DataBreach TodayFederal authorities have seized internet domains and arrested two men in Malta and Nigeria who they say served as sales and customer service reps for a dark web business that sold RAT malware to cybercriminals over a 12-year period, leading […]
February 2, 2024
Via: The RegisterJoshua Schulte, a former CIA employee and software engineer accused of sharing material with WikiLeaks, was sentenced to 40 years in prison by the US Southern District of New York on Thursday. Schulte was sent down for crimes including espionage, […]
January 31, 2024
Via: Security AffairsThis week, crooks stole around $112 million worth of the Ripple-focused cryptocurrency XRP from a crypto wallet belonging to the Ripple’s co-founder and executive chairman Chris Larsen. Larsen pointed out that the hackers compromised his personal XRP accounts, while the […]
January 29, 2024
Via: Security AffairsUkraine’s security service, the SBU, announced that it has identified and detained an alleged member of the pro-Russia hacker group known as the Cyber Army of Russia. The news was first reported by The Record Media. The hacktivists group is […]
Threats & Malware, Virus & Malware
January 3, 2024
Via: Security AffairsUkraine’s SBU announced they shut down two surveillance cameras that were allegedly hacked by the Russian intelligence services to spy on air defense forces and critical infrastructure in Kyiv. The surveillance cameras were located in residential buildings and were used […]
Threats & Malware, Virus & Malware
January 2, 2024
Via: Security AffairsHudson Researchers reported that on December 20th, a hacker using the moniker ‘irleaks’ announced the availability for sale of over 160,000,000 records allegedly stolen from 23 leading insurance companies in Iran. The hacker claims that stolen data includes first name, […]
Threats & Malware, Vulnerabilities
January 2, 2024
Via: Security AffairsSecurity researchers from Ruhr University Bochum (Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk) discovered a vulnerability, called Terrapin (CVE-2023-48795, CVSS score 5.9), in the Secure Shell (SSH) cryptographic network protocol. An attacker can trigger the flaw to downgrade the connection’s security […]
December 26, 2023
Via: Security AffairsThe cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. The Carbanak gang was first discovered by Kaspersky Lab in 2015, the group has stolen at least $300 million from 100 financial […]
Threats & Malware, Vulnerabilities
December 15, 2023
Via: Security AffairspfSense is a popular open-source firewall solution maintained by Netgate, researchers discovered multiple security issues affecting it. Researchers from SonarCloud discovered several security issues, Cross-Site Scripting (XSS) vulnerabilities and a Command Injection vulnerability in pfSense CE (CVE-2023-42325, CVE-2023-42327, CVE-2023-42326). The […]
Application security, Security
November 28, 2023
Via: SecureWorldIn the ever-evolving landscape of computer security, many innovations flood the market, each boasting its efficacy. As a regular attendee of security conferences and contributor to security books, it’s evident to me that the field remains a hot topic. However, […]
Threats & Malware, Vulnerabilities
November 15, 2023
Via: Security AffairsVMware disclosed an authentication bypass vulnerability, tracked as CVE-2023-34060 (CVSS score 9.8), in its Cloud Director Appliance that can be exploited by an attacker with network access to the appliance bypassing login restrictions when authenticating on port 22 (ssh) or […]
November 3, 2023
Via: Security AffairsIran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, and Static Kitten) is targeting Israeli entities in a new spear-phishing campaign, Deep Instinct’s Threat Research team reported. The phishing messages were aimed at deploying a legitimate remote administration tool called Advanced Monitoring […]
October 27, 2023
Via: Security AffairsThe French National Agency for the Security of Information Systems ANSSI (Agence Nationale de la sécurité des systèmes d’information) warns that the Russia-linked APT28 group has been targeting multiple French organizations, including government entities, businesses, universities, and research institutes and […]
October 19, 2023
Via: TechRadarNorth Korea has somehow managed to not only get its hands on AI, but also be the first nation to be publicly confirmed by the US to be using AI in cyber warfare, new reports have claimed. North Korea is […]
October 16, 2023
Via: Security AffairsThe popular encrypted messaging app Signal denied claims of an alleged zero-day vulnerability in its platform. The company launched an investigation into the claims after they have seen the vague viral reports alleging a zero-day vulnerability. “PSA: we have seen […]
October 3, 2023
Via: Security AffairsZscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023. The BunnyLoader malware loader is written in C/C++ and is sold on various forums […]
August 10, 2023
Via: The Hacker NewsInterpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan. 16Shop specialized in the sales of phishing kits that other cybercriminals can purchase to mount phishing […]
Threats & Malware, Vulnerabilities
July 26, 2023
Via: The Hacker NewsA severe privilege escalation issue impacting MikroTik RouterOS could be weaponized by remote malicious actors to execute arbitrary code and seize full control of vulnerable devices. Cataloged as CVE-2023-30799 (CVSS score: 9.1), the shortcoming is expected to put approximately 500,000 […]