Threats and Malware
Threats & Malware, Vulnerabilities
September 29, 2023
Via: Security AffairsUS Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) affecting Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities Catalog. The issue is an Expression Language (EL) injection via the UserResource resource, it […]
September 29, 2023
Via: Security AffairsOn June 5th, our researchers discovered a misconfigured Amazon Web Services (AWS) bucket storing nearly 48,000 files. A bucket is a container for storing data within AWS’s cloud storage system. The misconfiguration exposed the repository’s contents. According to our team, […]
Threats & Malware, Virus & Malware
September 27, 2023
Via: TechRadarThere is a flaw in GPU units from all major manufacturers that allows hackers to read sensitive data displayed in browsers, a new research paper argues. The vulnerability in question is called GPU.zip, and allows for cross-origin attacks. In essence, […]
Threats & Malware, Virus & Malware
September 26, 2023
Via: The RegisterCanada’s Better Outcomes Registry & Network (BORN) fears a MOVEit breach allowed cybercriminals to copy 3.4 million people’s childcare health records dating back more than a decade. BORN, which collates and uses information on “pregnancy, birth, the newborn period and […]
September 26, 2023
Via: TechRadarA concerning amount of companies are pretty woeful in reporting the cyberattacks and breaches they suffer, both internally and externally. Research conducted by Keeper Security found that nearly half (48%) of the IT and security leaders it surveyed that have […]
Threats & Malware, Virus & Malware
September 25, 2023
Via: TechRadarAir Canada has suffered a cyberattack in which some employee information was accessed. The news was confirmed by the airline itself, via a press release published on the company’s website, where a statement revealed, “an unauthorized group briefly obtained limited […]
Threats & Malware, Vulnerabilities
September 25, 2023
Via: The RegisterT-Mobile US has had another bad week on the infosec front – this time stemming from a system glitch that exposed customer account data, followed by allegations of another breach the carrier denied. According to customers who complained of the […]
Threats & Malware, Vulnerabilities
September 22, 2023
Via: The RegisterApple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware. The updates, which were issued yesterday and should be installed as soon as possible if not already, address as many as […]
September 21, 2023
Via: The RegisterPizza Hut’s Australian outpost has suffered a data breach. The baked goods purveyor has delivered bitter news to around 190,000 customers: that their name, delivery address, email address, and phone numbers have been accessed by unautorised entities. Even more seriously, […]
Threats & Malware, Virus & Malware
September 21, 2023
Via: The RegisterIndia is grappling with a three-and-a-half year surge in cyber crime, with analysis suggesting cities like Bengaluru and Gurugram – centers of India’s tech development – are hubs of this activity. The report – A Deep Dive into Cybercrime Trends […]
September 20, 2023
Via: The RegisterThe ongoing face-off between Washington and Beijing over technology and security issues has taken a new twist, with China accusing the US of hacking into the servers of Huawei in 2009 and conducting other cyber-attacks to steal critical data. China’s […]
September 20, 2023
Via: The RegisterTwo Indian nationals each received 41-month prison sentences for their involvement in $1.2 million worth of robocall scams targeting the elderly, according to the district of New Jersey’s attorney’s office on Tuesday. Plantiffs Arushobike Mitra and Garbita Mitra (no relation, […]
September 19, 2023
Via: The RegisterThe Clorox Company, makers of bleach and other household cleaning products, doesn’t expect operations to return to normal until near month end as it combs over “widescale disruption to operations” caused by cyber baddies. The $2 billion turnover biz, whose […]
Threats & Malware, Virus & Malware
September 19, 2023
Via: TechRadarCybersecurity researchers from Sysdig recently uncovered a new cryptojacking campaign that targeted uncommon Amazon Web Services (AWS) services. Cryptojacking is a type of cyberattack in which the threat actor secretly installs a cryptocurrency miner on a target endpoint. While not […]
Threats & Malware, Vulnerabilities
September 19, 2023
Via: Security AffairsVulnCheck researchers discovered approximately 12,000 internet-exposed Juniper SRX firewalls and EX switches that are vulnerable to the recently disclosed remote code execution flaw CVE-2023-36845. In mid-August, Juniper addressed four medium-severity (CVSS 5.3) vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) impacting EX switches […]
Threats & Malware, Virus & Malware
September 18, 2023
Via: The RegisterAs cloud native computing continues to gain popularity, so does the risk posed by criminals seeking to exploit the unwary. One newly spotted method targets services on the AWS platform, but not necessarily the ones you might think. Researchers from […]
September 18, 2023
Via: SecureWorldThe U.S. Internal Revenue Service (IRS) is entrusted with the vital responsibility of safeguarding sensitive taxpayer information. Recent incidents of potential unauthorized access to or disclosure of this data have raised concerns and prompted a thorough review by the Government […]
Threats & Malware, Vulnerabilities
September 8, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced […]
Threats & Malware, Virus & Malware
September 8, 2023
Via: The Hacker NewsA new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or AMOS), indicating that it’s being actively maintained by its author. An off-the-shelf Golang malware available for $1,000 per month, Atomic […]
September 7, 2023
Via: The Hacker NewsMicrosoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer’s corporate account. This enabled the adversary to access a debugging environment that […]