Top

Category: Threats & Malware

Threats and Malware


Threats & Malware, Vulnerabilities

Microsoft releases out-of-band update to fix Kerberos auth issues caused by a patch for CVE-2022-37966

November 23, 2022

Via: Security Affairs

Microsoft released an out-of-band update to address issues caused by a recent Windows security patch that causes Kerberos authentication problems. Microsoft Patch Tuesday security updates for November 2022 addressed a privilege escalation vulnerability, tracked as CVE-2022-37966, that impacts Windows Server. […]


Threats & Malware, Vulnerabilities

BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks

November 22, 2022

Via: Security Week

BMC is a specialized processor that allows administrators to remotely control and monitor a device without having to access the operating system or applications running on it. The BMC can be used to reboot a device, install an operating system, […]


Data loss, Threats & Malware

Leaked Algolia API Keys Exposed Data of Millions of Users

November 22, 2022

Via: Security Week

Organizations can use Algolia’s API to incorporate into their applications functions such as search, discovery, and recommendations. The API is used by over 11,000 companies, including Lacoste, Slack, Medium, and Zendesk. CloudSEK says it has identified 1,550 applications that leaked […]


Threats & Malware, Virus & Malware

This ransomware will steal your Discord account and encrypt all your files for good measure

November 21, 2022

Via: TechRadar

A new ransomware family has been detected targeting the cryptocurrency community. Cybersecurity researchers from Cyble recently discovered a strain they dubbed “AXLocker” which, aside from the usual encrypting of all files found on the endpoint, also ends up stealing Discord […]


Threats & Malware, Virus & Malware

Notorious Emotet Malware Returns With High-Volume Malspam Campaign

November 21, 2022

Via: The Hacker News

The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee. “Hundreds of thousands of emails per day” have been sent since early November 2022, enterprise security […]


Threats & Malware, Vulnerabilities

PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability

November 21, 2022

Via: Security Week

Tracked as CVE-2022-26696 (CVSS score of 7.8), the security defect was identified and reported last year, with a patch available since the release of macOS Monterey 12.4 in May. In its advisory, Apple notes that the flaw allowed a sandboxed […]


Threats & Malware, Virus & Malware

LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities

November 18, 2022

Via: The Hacker News

The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta. “The ease of access to its source code makes LodaRAT an attractive tool for any threat […]


Threats & Malware, Vulnerabilities

Omron PLC Vulnerability Exploited by Sophisticated ICS Malware

November 18, 2022

Via: Security Week

On November 10, the US Cybersecurity and Infrastructure Security Agency (CISA) published two advisories describing three vulnerabilities affecting NJ and NX-series controllers and software made by Japanese electronics giant Omron. One of the advisories describes CVE-2022-33971, a high-severity flaw that […]


Threats & Malware, Vulnerabilities

Atlassian Patches Critical Vulnerabilities in Bitbucket, Crowd

November 18, 2022

Via: Security Week

In the Bitbucket source code repository hosting service, Atlassian fixed CVE-2022-43781, a critical command injection vulnerability that affects Bitbucket Server and Data Center version 7 and, in some cases, version 8. “There is a command injection vulnerability using environment variables […]


Threats & Malware, Virus & Malware

Transportation sector targeted by both ransomware and APTs

November 18, 2022

Via: Help Net Security

Trellix released The Threat Report: Fall 2022 from its Advanced Research Center, which analyzes cybersecurity trends from the third quarter (Q3) of 2022. The report includes evidence of malicious activity linked to ransomware and nation-state backed advanced persistent threat (APT) […]


Hacker, Threats & Malware

Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police

November 17, 2022

Via: Security Affairs

“Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources.” […]


Threats & Malware, Vulnerabilities

High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices

November 17, 2022

Via: The Hacker News

Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems. Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. […]


Data loss, Threats & Malware

Researchers Discover Hundreds of Amazon RDS Instances Leaking Users’ Personal Data

November 16, 2022

Via: The Hacker News

Hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show. “Leaking PII in this manner provides a potential treasure trove for threat actors – […]


Threats & Malware, Vulnerabilities

Networking Tech Vulnerability Could Be Used to Hack Spacecraft: Researchers

November 16, 2022

Via: Security Week

The flaw affects Time-Triggered Ethernet (TTE), a networking technology specifically designed for real-time applications and cyber-physical systems with high safety and availability requirements. TTE is often used to reduce costs and improve efficiency as it allows mission-critical components to exist […]


Threats & Malware, Vulnerabilities

Critical vulnerability in Spotify’s Backstage discovered, patched

November 15, 2022

Via: Help Net Security

A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is Backstage? Having more than 19,000 stars on Github, Backstage is one […]


Threats & Malware, Vulnerabilities

Aiphone Intercom System Vulnerability Allows Hackers to Open Doors

November 14, 2022

Via: Security Week

Aiphone is one of the largest global manufacturers of intercom systems, including audio and video entry systems for residential and corporate buildings. Last week, researchers with Norwegian application security firm Promon published information on a vulnerability identified in several Aiphone […]


Threats & Malware, Vulnerabilities

Foxit Patches Several Code Execution Vulnerabilities in PDF Reader

November 11, 2022

Via: Security Week

The feature-rich PDF reader provides broad functionality to users, including support for multimedia documents and dynamic forms via JavaScript support, which also expands the application’s attack surface. This week, Cisco’s Talos security researchers have published information on four vulnerabilities in […]


Threats & Malware, Vulnerabilities

Multiple High-Severity Flaw Affect Widely Used OpenLiteSpeed Web Server Software

November 11, 2022

Via: The Hacker News

Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. “By chaining and exploiting the vulnerabilities, adversaries could compromise the web server […]


Threats & Malware, Vulnerabilities

Cisco Patches 33 Vulnerabilities in Enterprise Firewall Products

November 11, 2022

Via: Security Week

The most severe of the security defects is CVE-2022-20927, a bug in the dynamic access policies (DAP) functionality of ASA and FTD software, allowing a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition. Due to improper processing of data […]


Hacker, Threats & Malware

Medibank hackers revealed to be in Russia

November 11, 2022

Via: CSO Online

The Australian Federal Police has revealed that those responsible for the data breach of Australian private health insurer Medibank are in Russia. On October 13, Medibank paused trading in the Australian Securities Exchange and announced there had been a “cyber […]