Top

Category: Threats & Malware

Threats and Malware


Threats & Malware, Vulnerabilities

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

September 29, 2023

Via: Security Affairs

US Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) affecting Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities Catalog. The issue is an Expression Language (EL) injection via the UserResource resource, it […]


Data loss, Threats & Malware

Misconfigured WBSC server leaks thousands of passports

September 29, 2023

Via: Security Affairs

On June 5th, our researchers discovered a misconfigured Amazon Web Services (AWS) bucket storing nearly 48,000 files. A bucket is a container for storing data within AWS’s cloud storage system. The misconfiguration exposed the repository’s contents. According to our team, […]


Threats & Malware, Virus & Malware

Almost all top GPUs are at risk of this dangerous cyberattack – here’s what you need to know

September 27, 2023

Via: TechRadar

There is a flaw in GPU units from all major manufacturers that allows hackers to read sensitive data displayed in browsers, a new research paper argues. The vulnerability in question is called GPU.zip, and allows for cross-origin attacks. In essence, […]


Threats & Malware, Virus & Malware

MOVEit breach delivers bundle of 3.4 million baby records

September 26, 2023

Via: The Register

Canada’s Better Outcomes Registry & Network (BORN) fears a MOVEit breach allowed cybercriminals to copy 3.4 million people’s childcare health records dating back more than a decade. BORN, which collates and uses information on “pregnancy, birth, the newborn period and […]


Data loss, Threats & Malware

Many firms aren’t reporting breaches to the proper authorities

September 26, 2023

Via: TechRadar

A concerning amount of companies are pretty woeful in reporting the cyberattacks and breaches they suffer, both internally and externally. Research conducted by Keeper Security found that nearly half (48%) of the IT and security leaders it surveyed that have […]


Threats & Malware, Virus & Malware

Air Canada reports data breach, employee data affected

September 25, 2023

Via: TechRadar

Air Canada has suffered a cyberattack in which some employee information was accessed. The news was confirmed by the airline itself, via a press release published on the company’s website, where a statement revealed, “an unauthorized group briefly obtained limited […]


Threats & Malware, Vulnerabilities

T-Mobile US exposes some customer data – but don’t call it a breach

September 25, 2023

Via: The Register

T-Mobile US has had another bad week on the infosec front – this time stemming from a system glitch that exposed customer account data, followed by allegations of another breach the carrier denied. According to customers who complained of the […]


Threats & Malware, Vulnerabilities

Apple squashes security bugs after iPhone flaws exploited by Predator spyware

September 22, 2023

Via: The Register

Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware. The updates, which were issued yesterday and should be installed as soon as possible if not already, address as many as […]


Data loss, Threats & Malware

Data breach reveals distressing info: People who order pineapple on pizza

September 21, 2023

Via: The Register

Pizza Hut’s Australian outpost has suffered a data breach. The baked goods purveyor has delivered bitter news to around 190,000 customers: that their name, delivery address, email address, and phone numbers have been accessed by unautorised entities. Even more seriously, […]


Threats & Malware, Virus & Malware

India’s biggest tech centers named as cyber crime hotspots

September 21, 2023

Via: The Register

India is grappling with a three-and-a-half year surge in cyber crime, with analysis suggesting cities like Bengaluru and Gurugram – centers of India’s tech development – are hubs of this activity. The report – A Deep Dive into Cybercrime Trends […]


Data loss, Threats & Malware

Pot calls the kettle hack as China claims Uncle Sam did digital sneak peek first

September 20, 2023

Via: The Register

The ongoing face-off between Washington and Beijing over technology and security issues has taken a new twist, with China accusing the US of hacking into the servers of Huawei in 2009 and conducting other cyber-attacks to steal critical data. China’s […]


Data loss, Threats & Malware

Robocall scammers sentenced in US after netting $1.2M via India-based call centers

September 20, 2023

Via: The Register

Two Indian nationals each received 41-month prison sentences for their involvement in $1.2 million worth of robocall scams targeting the elderly, according to the district of New Jersey’s attorney’s office on Tuesday. Plantiffs Arushobike Mitra and Garbita Mitra (no relation, […]


Data loss, Threats & Malware

The Clorox Company admits cyberattack causing ‘widescale disruption’

September 19, 2023

Via: The Register

The Clorox Company, makers of bleach and other household cleaning products, doesn’t expect operations to return to normal until near month end as it combs over “widescale disruption to operations” caused by cyber baddies. The $2 billion turnover biz, whose […]


Threats & Malware, Virus & Malware

New cryptojacking attacks target uncommon AWS instances

September 19, 2023

Via: TechRadar

Cybersecurity researchers from Sysdig recently uncovered a new cryptojacking campaign that targeted uncommon Amazon Web Services (AWS) services. Cryptojacking is a type of cyberattack in which the threat actor secretly installs a cryptocurrency miner on a target endpoint. While not […]


Threats & Malware, Vulnerabilities

12,000 Juniper SRX firewalls and EX switches vulnerable to CVE-2023-36845

September 19, 2023

Via: Security Affairs

VulnCheck researchers discovered approximately 12,000 internet-exposed Juniper SRX firewalls and EX switches that are vulnerable to the recently disclosed remote code execution flaw CVE-2023-36845. In mid-August, Juniper addressed four medium-severity (CVSS 5.3) vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) impacting EX switches […]


Threats & Malware, Virus & Malware

Cryptojackers spread their nets to capture more than just EC2

September 18, 2023

Via: The Register

As cloud native computing continues to gain popularity, so does the risk posed by criminals seeking to exploit the unwary. One newly spotted method targets services on the AWS platform, but not necessarily the ones you might think. Researchers from […]


Data loss, Threats & Malware

GAO Report Reveals IRS’s Limited Control Over Taxpayer Data Handling

September 18, 2023

Via: SecureWorld

The U.S. Internal Revenue Service (IRS) is entrusted with the vital responsibility of safeguarding sensitive taxpayer information. Recent incidents of potential unauthorized access to or disclosure of this data have raised concerns and prompted a thorough review by the Government […]


Threats & Malware, Vulnerabilities

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities

September 8, 2023

Via: The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced […]


Threats & Malware, Virus & Malware

Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware

September 8, 2023

Via: The Hacker News

A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or AMOS), indicating that it’s being actively maintained by its author. An off-the-shelf Golang malware available for $1,000 per month, Atomic […]


Data loss, Threats & Malware

Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach

September 7, 2023

Via: The Hacker News

Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer’s corporate account. This enabled the adversary to access a debugging environment that […]