Top

Data loss, Threats & Malware

Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme

September 27, 2022

Via: The Hacker News

The Australian Federal Police (AFP) on Monday disclosed it’s working to gather “crucial evidence” and that it’s collaborating with overseas law enforcement authorities following the hack of telecom provider Optus. “Operation Hurricane has been launched to identify the criminals behind […]


Network security, Security

5 Network Security Threats And How To Protect Yourself

September 26, 2022

Via: The Hacker News

Cybersecurity today matters so much because of everyone’s dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT ‘network’ – all […]


Cyber-crime, Malware

BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal

September 26, 2022

Via: The Hacker News

The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach. “Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration […]


Cyber-crime, Phishing

Phishing attacks skyrocketing, over 1 million observed

September 26, 2022

Via: Help Net Security

The APWG’s Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks — the worst quarter for phishing that APWG has ever observed. The total for June was 381,717 attacks or […]


Threats & Malware, Virus & Malware

NullMixer: oodles of Trojans in a single dropper

September 26, 2022

Via: Securelist

Executive Summary NullMixer is a dropper leading to an infection chain of a wide variety of malware families. NullMixer spreads via malicious websites that can be found mainly via search engines. These websites are often related to crack, keygen and […]


Hacker, Threats & Malware

Ukraine Arrests Cybercrime Group for Selling Data of 30 Million Accounts

September 26, 2022

Via: The Hacker News

Ukrainian law enforcement authorities on Friday disclosed that it had “neutralized” a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests. The group specialized in the sales of 30 million accounts belonging […]


Threats & Malware, Vulnerabilities

Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)

September 23, 2022

Via: Help Net Security

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities (KEV) Catalog. The details of in-the-wild exploitation of […]


Hacker, Threats & Malware

Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities

September 23, 2022

Via: The Hacker News

A hack-for-hire group that was first exposed in 2019 has expanded its focus to set its sights on entities with business or political ties to Russia. Dubbed Void Balaur, the cyber mercenary collective has a history of launching cyberattacks against […]


Threats & Malware, Vulnerabilities

New Firmware Vulnerabilities Affecting Millions of Devices Allow Persistent Access

September 23, 2022

Via: Security Week

The firm’s researchers have identified seven new security holes in InsydeH2O UEFI firmware provided by Insyde Software. The impacted code is used by dozens of other companies, including major vendors such as HP, Dell, Intel, Microsoft, Fujitsu, Framework, and Siemens. […]


Email security, Security

Mass email campaign with a pinch of targeted spam

September 23, 2022

Via: Securelist

Most mass malicious mailing campaigns are very primitive and hardly diverse, with the content limited to several sentences offering the user to download archives that supposedly contain some urgent bills or unpaid fines. The email messages may contain no signatures […]


Cyber-crime, Malware, Mobile, Mobile security

Fake Indian Banking Rewards Apps Targeting Android Users with Info-stealing Malware

September 23, 2022

Via: The Hacker News

An SMS-based phishing campaign is targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application. The Microsoft 365 Defender Research Team said that the messages contain links that redirect users to a sketchy website that triggers […]


Threats & Malware, Vulnerabilities

Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure

September 22, 2022

Via: The Hacker News

Researchers have disclosed a new severe Oracle Cloud Infrastructure (OCI) vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. “Each virtual disk in Oracle’s cloud has a unique identifier called OCID,” Shir Tamari, […]


Network security, Security

StackHawk Launches Deeper API Security Test Coverage to Improve the Security of APIs

September 22, 2022

Via: Dark Reading

StackHawk, the company making application security testing part of software delivery, today announced its Deeper API Security Test Coverage release. This expands StackHawk’s solution to help developers scan the entire API layer to uncover potential vulnerabilities. Today’s application architectures require […]


Application security, Security

What could be the cause of growing API security incidents?

September 22, 2022

Via: Help Net Security

Noname Security announced the findings from its API security report, “The API Security Disconnect – API Security Trends in 2022”, which revealed a rapidly growing number of API security incidents, concerning lack of API visibility, and a level of misplaced […]


Threats & Malware, Vulnerabilities

Python tarfile vulnerability affects 350,000 open-source projects (CVE-2007-4559)

September 22, 2022

Via: Help Net Security

Trellix Advanced Research Center published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in closed-source projects. The vulnerability exists in the Python tarfile module which is a default module in any […]


Threats & Malware, Vulnerabilities

Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners

September 22, 2022

Via: The Hacker News

A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. “If left unremedied and successfully exploited, this vulnerability could be used for […]


Cloud security, Security

Three Ways Security in the Azure Cloud Just Got Simpler

September 21, 2022

Via: CSO Online

Organizations’ use of the cloud is increasing, but this is contributing to a rise in the volume of cloud security incidents. In the 2022 Cloud Security Report, 98% of organizations told Check Point they use the cloud to host business […]


Hacker, Threats & Malware

Hackers stole $160 Million from Crypto market maker Wintermute

September 21, 2022

Via: Security Affairs

The company made the headlines after that threat actors have stolen around $160 million worth of digital assets. The company confirmed the disruption of its services in the coming days, but it pointed out that it is “solvent with twice […]


Cyber warfare, Cyber-crime

U.S. Adds 2 More Chinese Telecom Firms to National Security Threat List

September 21, 2022

Via: The Hacker News

The U.S. Federal Communications Commission (FCC) has added Pacific Network Corp, along with its subsidiary ComNet (USA) LLC, and China Unicom (Americas) Operations Limited, to the list of communications equipment and services that have been deemed a threat to national […]


Threats & Malware, Vulnerabilities

iBoot Power Distribution Unit Flaws Allow Hackers to Remotely Shut Down Devices

September 21, 2022

Via: Security Week

The vulnerabilities affecting the iBoot-PDU product were identified by researchers at industrial cybersecurity firm Claroty, who found a total of seven issues, including ones allowing a remote, unauthenticated attacker to execute arbitrary code. iBoot PDU vulnerabilitiesThe impacted PDU provides a […]