This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-10T02:14:51+00:00 www.secnews.physaphae.fr Security Affairs - Blog Secu Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543, in Redis (Remote Dictionary Server) servers. Redis (remote dictionary server) […] ]]> 2022-12-01T22:39:51+00:00 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html www.secnews.physaphae.fr/article.php?IdArticle=8286450 False Malware,Threat None 3.0000000000000000 Security Affairs - Blog Secu LastPass disclosed a new security breach, threat actors had access to its cloud storage using information stolen in the August 2022 breach. Password management solution LastPass disclosed a new security breach, the attackers had access to a third-party cloud storage service using information stolen in the August 2022 breach. The impacted cloud storage service is […] ]]> 2022-12-01T07:33:53+00:00 https://securityaffairs.co/wordpress/139136/data-breach/lastpass-second-security-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8286161 False Threat LastPass 4.0000000000000000 Security Affairs - Blog Secu Google's Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. Officially, Variston claims to provide custom security solutions and custom patches for embedded system. The […] ]]> 2022-11-30T21:35:49+00:00 https://securityaffairs.co/wordpress/139126/malware/spanish-spyware-vendor-variston.html www.secnews.physaphae.fr/article.php?IdArticle=8286073 False Threat None 2.0000000000000000 Security Affairs - Blog Secu Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have allowed threat actors to gain unauthorized access to resources. The problem was reported to the company by researchers from […] ]]> 2022-11-28T15:04:34+00:00 https://securityaffairs.co/wordpress/139045/hacking/amazon-web-services-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8271710 False Vulnerability,Threat None 2.0000000000000000 Security Affairs - Blog Secu The massive data breach suffered by Twitter that exposed emails and phone numbers of its customers may have impacted more than five million users. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered […] ]]> 2022-11-26T21:11:03+00:00 https://securityaffairs.co/wordpress/139001/data-breach/twitter-massive-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8244621 False Data Breach,Vulnerability,Threat None 2.0000000000000000 Security Affairs - Blog Secu Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. The OpenSSL software library allows secure communications over computer networks against eavesdropping or need to identify the party at the other end. […] ]]> 2022-11-26T00:35:53+00:00 https://securityaffairs.co/wordpress/138986/security/dell-hp-lenovo-openssl-outdated.html www.secnews.physaphae.fr/article.php?IdArticle=8227743 False Threat None 5.0000000000000000 Security Affairs - Blog Secu The British government banned the installation of Chinese-linked security cameras at sensitive facilities due to security risks. Reuters reports that the British government ordered its departments to stop installing Chinese security cameras at sensitive buildings due to security risks. The Government has ordered departments to disconnect the camera from core networks and to consider removing […] ]]> 2022-11-25T06:35:47+00:00 https://securityaffairs.co/wordpress/138945/digital-id/uk-ban-chinese-security-cameras.html www.secnews.physaphae.fr/article.php?IdArticle=8213338 False Threat None 4.0000000000000000 Security Affairs - Blog Secu Microsoft reported that hackers have exploited flaws in a now-discontinued web server called Boa in attacks against critical industries. Microsoft experts believe that threat actors behind a malicious campaign aimed at Indian critical infrastructure earlier this year have exploited security flaws in a now-discontinued web server called Boa. The Boa web server is widely used across a […] ]]> 2022-11-24T08:46:59+00:00 https://securityaffairs.co/wordpress/138916/hacking/boa-web-servers-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8195953 False Threat None None Security Affairs - Blog Secu Pro-Russian hacker collective Killnet took down the European Parliament website with a DDoS cyberattack. The Pro-Russia group of hacktivists Killnet claimed responsibility for the DDoS attack that today took down the website of the European Parliament website. “KILLNET officially recognises the European Parliament as sponsors of homosexualism,” states the group.  The attack was launched immediately […] ]]> 2022-11-23T21:20:11+00:00 https://securityaffairs.co/wordpress/138906/hacktivism/killnet-ddos-european-parliament.html www.secnews.physaphae.fr/article.php?IdArticle=8186565 False Threat None 3.0000000000000000 Security Affairs - Blog Secu The gang behind Quantum Locker used a particular modus operandi to target large enterprises relying on cloud services in the NACE region. Executive Summary Incident Insights During the latest weeks, the Belgian company Computerland shared insights with the European threat intelligence community about Quantum TTPs adopted in recent attacks. The shared information revealed Quantum gang […] ]]> 2022-11-23T08:15:59+00:00 https://securityaffairs.co/wordpress/138873/cyber-crime/quantum-locker-lands-in-the-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8176197 False Threat None 2.0000000000000000 Security Affairs - Blog Secu Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild. Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. Aurora was offered as Malware-as-a-Service (MaaS) by a threat actor known as Cheshire. It is a multi-purpose botnet with data stealing […] ]]> 2022-11-22T15:20:06+00:00 https://securityaffairs.co/wordpress/138851/malware/aurora-stealer-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8162645 False Malware,Threat None 4.0000000000000000 Security Affairs - Blog Secu Experts from Cyble Research and Intelligence Labs (CRIL) discovered three new ransomware families: AXLocker, Octocrypt, and Alice Ransomware. Threat intelligence firm Cyble announced the discovery of three new ransomware families named AXLocker, Octocrypt, and Alice Ransomware. The AXLocker ransomware encrypts victims’ files and steals Discord tokens from the infected machine. The analysis of the code […] ]]> 2022-11-21T08:31:12+00:00 https://securityaffairs.co/wordpress/138783/malware/octocrypt-alice-axlocker-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8146794 False Ransomware,Threat None None Security Affairs - Blog Secu Microsoft warns that a threat actor, tracked as DEV-0569, is using Google Ads to distribute the recently discovered Royal ransomware. Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The DEV-0569 group carries out […] ]]> 2022-11-19T19:27:12+00:00 https://securityaffairs.co/wordpress/138750/malware/dev-0569-google-ads-royal-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8117164 False Ransomware,Threat None None Security Affairs - Blog Secu Every year during Black Friday and Cyber Monday, crooks take advantage of the bad habits of users with fraudulent schema. Researchers at Bitdefender Antispam Lab have analyzed during the last weeks the fraudulent activities associated with Black Friday and Cyber Monday. The experts noticed that between October 26 and November 6, the rate of unsolicited […] ]]> 2022-11-19T15:56:56+00:00 https://securityaffairs.co/wordpress/138737/cyber-crime/black-friday-and-cyber-monday-scams.html www.secnews.physaphae.fr/article.php?IdArticle=8113279 False Threat None 4.0000000000000000 Security Affairs - Blog Secu Hive ransomware operators have extorted over $100 million in ransom payments from over 1,300 companies worldwide as of November 2022. The threat actors behind the Hive ransomware-as-a-service (RaaS) have extorted $100 million in ransom payments from over 1,300 companies worldwide as of November 2022, reported the U.S. cybersecurity and intelligence authorities. “As of November 2022, […] ]]> 2022-11-18T11:30:22+00:00 https://securityaffairs.co/wordpress/138702/cyber-crime/hive-ransomware-extorted-100m.html www.secnews.physaphae.fr/article.php?IdArticle=8086702 False Ransomware,Threat None None Security Affairs - Blog Secu A threat actor tracked as WASP is behind an ongoing supply chain attack targeting Python developers with the WASP Stealer. Checkmarx researchers uncovered an ongoing supply chain attack conducted by a threat actor they tracked as WASP that is targeting Python developers. The attackers are using Python packages to distribute a polymorphic malware called W4SP […] ]]> 2022-11-18T08:24:14+00:00 https://securityaffairs.co/wordpress/138692/cyber-crime/wasp-stealer-supply-chain-attack.html www.secnews.physaphae.fr/article.php?IdArticle=8083972 False Malware,Threat None None Security Affairs - Blog Secu Iran-linked threat actors compromised a Federal Civilian Executive Branch organization using a Log4Shell exploit and installed a cryptomining malware. According to a joint advisory published by the FBI and CISA, an Iran-linked APT group compromised a Federal Civilian Executive Branch (FCEB) organization using an exploit for the Log4Shell flaw (CVE-2021-44228) and deployed a cryptomining malware. Log4Shell impacts […] ]]> 2022-11-17T07:58:03+00:00 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html www.secnews.physaphae.fr/article.php?IdArticle=8063403 False Threat None None Security Affairs - Blog Secu Researchers disclosed technical details of critical SQLi and access vulnerabilities in the Zendesk Explore Service. Cybersecurity researchers at Varonis disclosed technical details of critical SQLi and access vulnerabilities impacting the Zendesk Explore service. Zendesk Explore allows organizations to view and analyze key information about their customers, and their support resources. Threat actors would have allowed […] ]]> 2022-11-15T16:16:40+00:00 https://securityaffairs.co/wordpress/138579/hacking/zendesk-explore-critical-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8029739 False Threat None None Security Affairs - Blog Secu Trend Micro reported that the Earth Longzhi group, a previously undocumented subgroup of APT41, targets Ukraine and Asian Countries. Early this year, Trend Micro investigated a security breach suffered by a company in Taiwan. Threat actors employed a custom Cobalt Strike loader in the attack. Further analysis, revealed that the same threat actor targeted multiple regions […] ]]> 2022-11-15T08:46:34+00:00 https://securityaffairs.co/wordpress/138536/apt/earth-longzhi-subgroup-apt41.html www.secnews.physaphae.fr/article.php?IdArticle=8023019 False Threat,Guideline APT 41 4.0000000000000000 Security Affairs - Blog Secu Russian threat actors employed a new ransomware family called Somnia in attacks against multiple organizations in Ukraine. The Government Computer Emergency Response Team of Ukraine CERT-UA is investigating multiple attacks against organizations in Ukraine that involved a new piece of ransomware called Somnia. Government experts attribute the attacks to the group ‘From Russia with Love’ […] ]]> 2022-11-14T09:18:41+00:00 https://securityaffairs.co/wordpress/138496/hacking/somnia-ransomware-attacks-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=8006318 False Ransomware,Threat None None Security Affairs - Blog Secu An initial access broker claims to have hacked Deutsche Bank and is offering access to its systems for sale on Telegram. A threat actor (0x_dump) claims to have hacked the multinational investment bank Deutsche Bank and is offering access to its network for sale online. The security researcher Dominic Alvieri was one of the first experts […] ]]> 2022-11-11T23:07:47+00:00 https://securityaffairs.co/wordpress/138416/data-breach/deutsche-bank-alleged-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7957229 False Threat None None Security Affairs - Blog Secu Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The campaigns involved a new piece of malware called […] ]]> 2022-11-11T21:07:03+00:00 https://securityaffairs.co/wordpress/138395/intelligence/uyghurs-badbazaar-moonshine-surveillance.html www.secnews.physaphae.fr/article.php?IdArticle=7955465 False Malware,Threat None None Security Affairs - Blog Secu Microsoft linked Prestige ransomware attacks against organizations in Ukraine and Poland to Russia-linked threat actors. In Mid-October, Microsoft Threat Intelligence Center (MSTIC) researchers uncovered previously undetected ransomware, tracked as Prestige ransomware, employed in attacks targeting organizations in the transportation and related logistics industries in Ukraine and Poland. The Prestige ransomware first appeared in the threat […] ]]> 2022-11-11T08:28:28+00:00 https://securityaffairs.co/wordpress/138362/apt/prestige-ransomware-linked-iridium.html www.secnews.physaphae.fr/article.php?IdArticle=7943704 False Ransomware,Threat None None Security Affairs - Blog Secu 2022-11-07T19:52:34+00:00 https://securityaffairs.co/wordpress/138213/hacking/justice-blade-targets-saudi-arabia.html www.secnews.physaphae.fr/article.php?IdArticle=7883166 False Threat None None Security Affairs - Blog Secu At the end of October, a cyber attack caused the trains to stop in Denmark, the attack hit a third-party IT service provider. A cyber attack caused training the trains operated by DSB to stop in Denmark the last weekend, threat actors hit a third-party IT service provider. The attack hit the Danish company Supeo […] ]]> 2022-11-06T13:51:03+00:00 https://securityaffairs.co/wordpress/138127/cyber-crime/cyberattack-blocked-trains-denmark.html www.secnews.physaphae.fr/article.php?IdArticle=7866186 False Threat None None Security Affairs - Blog Secu Microsoft warns of an uptick among threat actors increasingly using publicly-disclosed zero-day exploits in their attacks. According to the Digital Defense Report published by Microsoft, threat actors are increasingly leveraging publicly-disclosed zero-day vulnerabilities to target organizations worldwide. The researchers noticed a reduction in the time between the announcement of a vulnerability and the commoditization of […] ]]> 2022-11-05T17:30:47+00:00 https://securityaffairs.co/wordpress/138100/security/treat-actors-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=7848503 False Vulnerability,Threat None None Security Affairs - Blog Secu A new campaign spreading RomCom RAT impersonates popular software brands like KeePass, and SolarWinds. The threat actor behind the RomCom RAT (remote access trojan) has refreshed its attack vector and is now abusing well-known software brands for distribution. Researchers from BlackBerry uncovered a new RomCom RAT campaign impersonating popular software brands like KeePass, and SolarWinds. […] ]]> 2022-11-04T13:51:55+00:00 https://securityaffairs.co/wordpress/138091/hacking/romcom-rat-campaigns.html www.secnews.physaphae.fr/article.php?IdArticle=7823119 True Threat None None Security Affairs - Blog Secu I'm proud to announce the release of the 10th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2022 (ETL) report, which is the annual analysis of the state of the cybersecurity threat landscape. This is the 10th edition of the […] ]]> 2022-11-04T10:09:39+00:00 https://securityaffairs.co/wordpress/138077/security/enisa-threat-landscape-2022.html www.secnews.physaphae.fr/article.php?IdArticle=7820498 False Threat None None Security Affairs - Blog Secu Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US. Researchers at Proofpoint Threat Research observed threat actor TA569 intermittently injecting malicious code on a media company that serves many major news outlets. The media company serves The media company provides video content and advertising […] ]]> 2022-11-03T16:28:32+00:00 https://securityaffairs.co/wordpress/138052/cyber-crime/supply-chain-attack-fakeupdates.html www.secnews.physaphae.fr/article.php?IdArticle=7804949 False Malware,Threat None None Security Affairs - Blog Secu Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022, Kaspersky researchers uncovered a previously undocumented Android spyware, dubbed SandStrike, employed in an espionage campaign targeting the Persian-speaking religion minority, Baháʼí. The threat actors were distributing a VPN app embedding a highly sophisticated spyware. The […] ]]> 2022-11-02T18:55:55+00:00 https://securityaffairs.co/wordpress/137990/hacking/sandstrike-malware-cyberespionage.html www.secnews.physaphae.fr/article.php?IdArticle=7786609 False Malware,Threat None None Security Affairs - Blog Secu Dropbox disclosed a security breach, threat actors gained unauthorized access to 130 of its source code repositories on GitHub. File hosting service Dropbox announced that threat actors gained unauthorized access to 130 of its source code repositories on GitHub. According to the advisory published by Dropbox, the company was the target of a phishing campaign […] ]]> 2022-11-02T10:31:40+00:00 https://securityaffairs.co/wordpress/137975/hacking/dropbox-account-hacked-2fa-jpg.html www.secnews.physaphae.fr/article.php?IdArticle=7780203 False Threat None None Security Affairs - Blog Secu Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M. Research published by threat intelligence firm KELA related to ransomware activity in Q3 reveals a stable activity in the sector of initial access sales, but experts observed a rise in the value of the offerings. […] ]]> 2022-11-01T11:32:51+00:00 https://securityaffairs.co/wordpress/137929/cyber-crime/ransomware-activity-q3-2022.html www.secnews.physaphae.fr/article.php?IdArticle=7763473 False Ransomware,Threat None None Security Affairs - Blog Secu A critical flaw in the cloud-based repository hosting service GitHub could’ve allowed attackers to takeover other repositories. The cloud-based repository hosting service GitHub has addressed a vulnerability that could have been exploited by threat actors to takeover the repositories of other users. The vulnerability was discovered by Checkmarx that called the attack technique RepoJacking. The […] ]]> 2022-10-31T12:11:03+00:00 https://securityaffairs.co/wordpress/137866/hacking/github-flaw-repojacking.html www.secnews.physaphae.fr/article.php?IdArticle=7754049 False Vulnerability,Threat None None Security Affairs - Blog Secu Air New Zealand suffered a security breach, multiple customers have been locked out of their accounts after the incident. Air New Zealand suffered a security breach, threat actors attempted to access customers’ accounts by carrying out credential-stuffing attacks. What is credential stuffing? “Credential stuffing is a type of attack in which hackers use automation and lists […] ]]> 2022-10-30T14:38:12+00:00 https://securityaffairs.co/wordpress/137793/cyber-crime/air-new-zealand-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7739106 False Threat None None Security Affairs - Blog Secu Twilio suffered another brief security incident in June 2022, the attack was conducted by the same threat actor of the August hack. The Communications company Twilio announced that it suffered another “brief security incident” on June 29, 2022, the attack was conducted by the same threat actor that in August compromised the company and gained access to […] ]]> 2022-10-29T18:34:59+00:00 https://securityaffairs.co/wordpress/137782/data-breach/twilio-new-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7723555 False Threat None None Security Affairs - Blog Secu 2022-10-26T19:09:16+00:00 https://securityaffairs.co/wordpress/137673/data-breach/see-tickets-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7690434 False Data Breach,Threat None None Security Affairs - Blog Secu Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from point-of-sale payment terminals. On April 19, 2022, Group-IB researchers identified the C2 server of the POS malware called MajikPOS. […] ]]> 2022-10-25T14:59:22+00:00 https://securityaffairs.co/wordpress/137608/malware/pos-malware-stolen-card-data.html www.secnews.physaphae.fr/article.php?IdArticle=7672738 False Malware,Threat None None Security Affairs - Blog Secu The Hive ransomware gang, which claimed the responsibility for the Tata Power data breach, started leaking data. On October 14, Tata Power, India's largest power generation company, announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company. The company confirmed that the security breach impacted “some of […] ]]> 2022-10-25T11:44:24+00:00 https://securityaffairs.co/wordpress/137601/malware/hive-ransomware-tata-power.html www.secnews.physaphae.fr/article.php?IdArticle=7671761 False Ransomware,Threat None None Security Affairs - Blog Secu Norway 's prime minister warned last week that Russia poses “a real and serious threat” to the country's oil and gas industry. Norway 's prime minister Jonas Gahr Støre warned that Russia poses “a real and serious threat” to the country's oil and gas industry. The minister claims its country is going slow in adopting […] ]]> 2022-10-24T14:17:22+00:00 https://securityaffairs.co/wordpress/137561/cyber-warfare-2/norway-pm-warns-russia-threat.html www.secnews.physaphae.fr/article.php?IdArticle=7666423 False Threat None None Security Affairs - Blog Secu Threat actors are exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace ONE Access in attacks in the wild. Threat actors are actively exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace ONE Access to deliver cryptocurrency miners and ransomware. The issue causes server-side template injection due to because of the lack of […] ]]> 2022-10-22T15:31:57+00:00 https://securityaffairs.co/wordpress/137483/hacking/vmware-workspace-one-access-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=7630858 False Threat None None Security Affairs - Blog Secu Electricity company EnergyAustralia suffered a security breach, threat actors had access to information on 323 customers. Another Australian organization was hit by a severe cyber attack, this time the victim is the Electricity company EnergyAustralia. EnergyAustralia is the country's third-largest energy retailer. The company confirmed that threat actors had access to information on 323 residential and […] ]]> 2022-10-21T23:02:44+00:00 https://securityaffairs.co/wordpress/137473/data-breach/energyaustralia-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7614768 False Threat None None Security Affairs - Blog Secu Wordfence researchers warn of exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. Experts at WordPress security firm Wordfence reported exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. GitHub's threat analyst Alvaro Munoz this week disclosed a remote code execution vulnerability, tracked as CVE-2022-42889 (CVSS score 9.8), in the open-source Apache Commons […] ]]> 2022-10-21T20:51:28+00:00 https://securityaffairs.co/wordpress/137462/hacking/text4shell-exploitation-attempts.html www.secnews.physaphae.fr/article.php?IdArticle=7612851 False Threat None None Security Affairs - Blog Secu Microsoft disclosed a data leak, sensitive data of some of its customers were exposed by a misconfigured Microsoft server accessible online. Microsoft announced that sensitive data belonging to some of its customers were exposed on the Internet due to a misconfigured Microsoft server. The data leak was discovered by the security threat intelligence firm SOCRadar […] ]]> 2022-10-20T16:07:14+00:00 https://securityaffairs.co/wordpress/137397/data-breach/microsoft-data-leak-2.html www.secnews.physaphae.fr/article.php?IdArticle=7587349 False Threat None None Security Affairs - Blog Secu Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. Apache Commons Text is a library focused on algorithms working on strings. The vulnerability, dubbed “Text4Shell,” is an unsafe script evaluation issue […] ]]> 2022-10-19T22:50:57+00:00 https://securityaffairs.co/wordpress/137359/security/text4shell-apache-commons-text.html www.secnews.physaphae.fr/article.php?IdArticle=7570729 False Vulnerability,Threat None None Security Affairs - Blog Secu China-linked threat actors APT41 (a.k.a. Winnti) targeted organizations in Hong Kong, in some cases remaining undetected for a year. Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May. Winnti (aka APT41, Axiom, Barium, Blackfly) is a cyberespionage […] ]]> 2022-10-18T14:15:09+00:00 https://securityaffairs.co/wordpress/137300/apt/apt41-spyder-loader.html www.secnews.physaphae.fr/article.php?IdArticle=7541666 False Threat,Guideline APT 17,APT 41 None Security Affairs - Blog Secu Government institutions in Bulgaria have been hit by a cyber attack during the weekend, experts believe it was launched by Russian threat actors. The infrastructure of government institutions in Bulgaria has been hit by a massive DDoS attack. The attack started on Saturday and experts believe that it was orchestrated by Russian threat actors. The […] ]]> 2022-10-17T10:54:25+00:00 https://securityaffairs.co/wordpress/137230/hacking/bulgaria-hit-cyber-attack-russia.html www.secnews.physaphae.fr/article.php?IdArticle=7527273 False Threat None None Security Affairs - Blog Secu Microsoft warns that new Prestige ransomware is targeting transportation and logistics organizations in Ukraine and Poland. Microsoft reported that new Prestige ransomware is being used in attacks aimed at transportation and logistics organizations in Ukraine and Poland. The Prestige ransomware first appeared in the threat landscape on October 11 in attacks occurring within an hour […] ]]> 2022-10-16T23:22:16+00:00 https://securityaffairs.co/wordpress/137203/apt/prestige-ransomware-targets-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=7517773 False Ransomware,Threat None None Security Affairs - Blog Secu Tata Power Company Limited, India’s largest power generation company, announced it was hit by a cyberattack. Tata Power on Friday announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company. The company confirmed that the security breach impacted “some of its IT systems.” “The Tata Power Company […] ]]> 2022-10-15T10:22:50+00:00 https://securityaffairs.co/wordpress/137130/hacking/tata-power-cyber-attack.html www.secnews.physaphae.fr/article.php?IdArticle=7479145 False Threat None None Security Affairs - Blog Secu Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. The experts believe the group operated for cyber espionage purposes and is […] ]]> 2022-10-14T15:10:29+00:00 https://securityaffairs.co/wordpress/137107/apt/wip19-targets-middle-east-asia.html www.secnews.physaphae.fr/article.php?IdArticle=7458705 False Threat None None Security Affairs - Blog Secu The Budworm espionage group resurfaced targeting a U.S.-based organization for the first time, Symantec Threat Hunter team reported. The Budworm cyber espionage group (aka APT27, Bronze Union, Emissary Panda, Lucky Mouse, TG-3390, and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of […] ]]> 2022-10-13T23:10:45+00:00 https://securityaffairs.co/wordpress/137075/apt/budworm-apt-targets-us.html www.secnews.physaphae.fr/article.php?IdArticle=7443560 False Threat APT 27 None Security Affairs - Blog Secu Cloudflare mitigated a record distributed denial-of-service (DDoS) attack against Wynncraft, one of the largest Minecraft servers. Cloudflare announced it has mitigated a record distributed denial-of-service (DDoS) attack against Wynncraft, one of the largest Minecraft servers. The Cloudflare DDoS threat report 2022 Q3 states that multi-terabit massive DDoS attacks have become increasingly frequent. In Q3, the […] ]]> 2022-10-13T15:43:51+00:00 https://securityaffairs.co/wordpress/137062/hacking/ddos-attack-record-q3-2022.html www.secnews.physaphae.fr/article.php?IdArticle=7436369 True Threat None None Security Affairs - Blog Secu Lockbit ransomware affiliates are compromising Microsoft Exchange servers to deploy their ransomware, experts warn. South-Korean cybersecurity firm AhnLab reported that Lockbit ransomware affiliates are distributing their malware via compromised Microsoft Exchange servers. In July 2022, two servers operated by a customer of the security firm were infected with LockBit 3.0 ransomware.  Threat actors initially deployed […] ]]> 2022-10-12T05:54:56+00:00 https://securityaffairs.co/wordpress/136968/cyber-crime/microsoft-exchange-lockbit-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=7405732 False Ransomware,Malware,Threat None None Security Affairs - Blog Secu Researchers warn of a new phishing-as-a-service (PhaaS) toolkit, called Caffeine, which is being used by cybercriminals. In March 2022, Mandiant researchers discovered threat actors using a shared Phishing-as-a-Service (PhaaS) platform called Caffeine. The experts noticed that the toolkit has an intuitive interface and supports multiple features that allow customers to easily arrange phishing campaigns. The service […] ]]> 2022-10-11T16:56:09+00:00 https://securityaffairs.co/wordpress/136953/cyber-crime/caffeine-phishing-platform.html www.secnews.physaphae.fr/article.php?IdArticle=7394579 False Threat None None Security Affairs - Blog Secu The BlackByte ransomware operators are leveraging a flaw in a legitimate Windows driver to bypass security solutions. Researchers from Sophos warn that BlackByte ransomware operators are using a bring your own vulnerable driver (BYOVD) attack to bypass security products. In BYOVD attacks, threat actors abuse vulnerabilities in legitimate, signed drivers, on which security products rely, […] ]]> 2022-10-08T16:23:28+00:00 https://securityaffairs.co/wordpress/136816/malware/blackbyte-ransomware-byovd-attack.html www.secnews.physaphae.fr/article.php?IdArticle=7353726 False Ransomware,Threat None None Security Affairs - Blog Secu Threat actors have stolen 2 million Binance Coins (BNB), worth $566 million, from the popular Binance Bridge. Hackers have reportedly stolen $566 million worth of Binance Coins (BNB) from the Binance Bridge. It seems that threat actors were able to exploit an issue with the bridge, the attack took place at 2:30 PM EST today. […] ]]> 2022-10-07T09:16:50+00:00 https://securityaffairs.co/wordpress/136779/cyber-crime/hackers-stole-binance-funds.html www.secnews.physaphae.fr/article.php?IdArticle=7331497 False Threat None None Security Affairs - Blog Secu Researchers linked the threat actor behind the Eternity malware-as-a-service (MaaS) to a new malware strain called LilithBot. Zscaler researchers linked a recently discovered sample of a new malware called LilithBot to the Eternity group (aka EternityTeam; Eternity Project). The Eternity group operates a homonymous malware-as-a-service (MaaS), it is linked to the Russian “Jester Group,” which is […] ]]> 2022-10-07T05:02:45+00:00 https://securityaffairs.co/wordpress/136764/breaking-news/lilithbot-malware-eternity-group.html www.secnews.physaphae.fr/article.php?IdArticle=7328289 False Malware,Threat None None Security Affairs - Blog Secu A threat actor used a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike disclosed details of a supply chain attack that involved the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Comm100 is a provider of customer service and communication products […] ]]> 2022-10-03T19:29:51+00:00 https://securityaffairs.co/wordpress/136582/hacking/comm100-supply-chain-attack.html www.secnews.physaphae.fr/article.php?IdArticle=7290680 False Threat None None Security Affairs - Blog Secu 2022-10-03T13:21:50+00:00 https://securityaffairs.co/wordpress/136558/intelligence/finnish-intelligence-russia-cyberespionage.html www.secnews.physaphae.fr/article.php?IdArticle=7287645 False Threat None None Security Affairs - Blog Secu The Shangri-La hotel group disclosed a data breach, a database containing the personal information of its customers was compromised. The Shangri-La hotel group disclosed a data breach, threat actors had access to a database containing the personal information of customers at eight of its Asian properties between May and July. The incident impacted hotels in […] ]]> 2022-10-01T12:52:00+00:00 https://securityaffairs.co/wordpress/136489/data-breach/shangri-la-security-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7247377 False Threat None None Security Affairs - Blog Secu A cyberespionage group, tracked as Witchetty, used steganography to hide a previously undocumented backdoor in a Windows logo. Broadcom’s Symantec Threat Hunter Team observed a threat actor, tracked as Witchetty, using steganography to hide a previously undocumented backdoor in a Windows logo. The group used the backdoor in attacks against Middle Eastern governments. The cyber […] ]]> 2022-09-30T22:14:03+00:00 https://securityaffairs.co/wordpress/136477/apt/witchetty-apt-steganography.html www.secnews.physaphae.fr/article.php?IdArticle=7233497 False Threat None None Security Affairs - Blog Secu The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime underground. The availability of the cracked version of the tool was first reported by the cybersecurity researcher Will […] ]]> 2022-09-29T09:54:56+00:00 https://securityaffairs.co/wordpress/136395/cyber-crime/brute-ratel-cracked-copy.html www.secnews.physaphae.fr/article.php?IdArticle=7198358 False Tool,Threat None None Security Affairs - Blog Secu The recently discovered malware builder Quantum Builder is being used by threat actors to deliver the Agent Tesla RAT. A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT), Zscaler ThreatLabz researchers warn. “Quantum Builder (aka “Quantum Lnk Builder”) is used to create malicious shortcut […] ]]> 2022-09-28T15:43:32+00:00 https://securityaffairs.co/wordpress/136370/uncategorized/quantum-builder-agent-tesla-rat.html www.secnews.physaphae.fr/article.php?IdArticle=7181400 False Malware,Threat None None Security Affairs - Blog Secu ONLINE DISINFORMATION is one of the defining issues of our time and the influence of fake news has become an acute threat to our society. Disinformation undermines true journalism and steers the public opinion in highly charged topics such as immigration, climate change, armed conflicts or refugee and health crises. Social media platforms are the […] ]]> 2022-09-28T14:03:04+00:00 https://securityaffairs.co/wordpress/136366/intelligence/disinformation-under-the-hood-of-a-doppelganger.html www.secnews.physaphae.fr/article.php?IdArticle=7179608 False Threat None None Security Affairs - Blog Secu The recently discovered Erbium information-stealer is being distributed as fake cracks and cheats for popular video games. Threat actors behind the new ‘Erbium’ information-stealing malware are distributing it as fake cracks and cheats for popular video games to steal victims’ credentials and cryptocurrency wallets. The Erbium info-stealing malware was first spotted by researchers at threat […] ]]> 2022-09-27T09:40:39+00:00 https://securityaffairs.co/wordpress/136285/malware/erbium-info-stealing-malware.html www.secnews.physaphae.fr/article.php?IdArticle=7158257 True Malware,Threat None None Security Affairs - Blog Secu A previously undetected hacking group, tracked as Metador, has been targeting telecommunications, internet services providers (ISPs), and universities for about two years. SentinelLabs researchers uncovered a never-before-seen threat actor, tracked as Metador, that primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa. The experts pointed out that […] ]]> 2022-09-26T10:38:12+00:00 https://securityaffairs.co/wordpress/136239/apt/metador-targets-isp-networks.html www.secnews.physaphae.fr/article.php?IdArticle=7148311 True Threat None None Security Affairs - Blog Secu Ransomware operators switch to new extortion tactics by using the Exmatter malware and adding new data corruption functionality. The data extortion landscape is constantly evolving and threat actors are devising new extortion techniques, this is the case of threat actors using the Exmatter malware. Cyderes Special Operations and Stairwell Threat Research researchers spotted a sample […] ]]> 2022-09-26T06:22:16+00:00 https://securityaffairs.co/wordpress/136226/cyber-crime/exmatter-tool-shift-extortion-tactics.html www.secnews.physaphae.fr/article.php?IdArticle=7146767 False Malware,Tool,Threat None None Security Affairs - Blog Secu Australian telecoms company Optus disclosed a data breach, threat actors gained access to former and current customers. Optus, one of the largest service providers in Australia, disclosed a data breach. The intruders gained access to the personal information of both former and current customers. The company is a subsidiary of Singtel with 10.5 million subscribers as of 2019. […] ]]> 2022-09-23T11:02:00+00:00 https://securityaffairs.co/wordpress/136104/data-breach/optus-discloses-security-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7080145 False Threat None None Security Affairs - Blog Secu Threat actors have stolen around $160 million worth of digital assets worth from crypto trading firm Wintermute. Malicious actors continue to target organizations in the cryptocurrency industry, the last victim in order of time is crypto trading firm Wintermute. The company made the headlines after that threat actors have stolen around $160 million worth of digital assets. […] ]]> 2022-09-21T14:54:44+00:00 https://securityaffairs.co/wordpress/136029/hacking/wintermute-l160m-cyber-heist.html www.secnews.physaphae.fr/article.php?IdArticle=7040139 False Threat None None Security Affairs - Blog Secu Uber disclosed additional details about the security breach, the company blames a threat actor allegedly affiliated with the LAPSUS$ hacking group. Uber revealed additional details about the recent security breach, the company believes that the threat actor behind the intrusion is affiliated with the LAPSUS$ hacking group. Over the last months, the Lapsus$ gang compromised […] ]]> 2022-09-20T13:17:36+00:00 https://securityaffairs.co/wordpress/135980/cyber-crime/uber-hacked-by-lapsus-group.html www.secnews.physaphae.fr/article.php?IdArticle=7015707 False Threat Uber,Uber None Security Affairs - Blog Secu American Airlines disclosed a data breach, threat actors had access to an undisclosed number of employee email accounts. American Airlines recently suffered a data breach, threat actors compromised a limited number of employee email accounts. The intruders had access to sensitive personal information contained in the accounts, but the company’s data breach notification states that it is not aware […] ]]> 2022-09-20T10:52:13+00:00 https://securityaffairs.co/wordpress/135963/data-breach/american-airlines-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7013090 False Data Breach,Threat None None Security Affairs - Blog Secu Revolut has suffered a cyberattack, threat actors have had access to personal information of tens of thousands of customers. The financial technology company Revolut suffered a ‘highly targeted’ cyberattack over the weekend, threat actors had access to the personal information of 0.16% of its customers (approximately 50,000 users). The company states that it has already contacted the […] ]]> 2022-09-19T16:26:21+00:00 https://securityaffairs.co/wordpress/135935/data-breach/revolut-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7003814 False Threat None None Security Affairs - Blog Secu Threat actors leaked source code and gameplay videos of Grand Theft Auto 6 (GTA6) after they have allegedly breached Rockstar Game. Threat actors allegedly compromised Rockstar Game’s Slack server and Confluence wiki and leaked Grand Theft Auto 6 gameplay videos and source code. On September 18, 2022, threat actors that go on GTAForums as 'teapotuberhacker' […] ]]> 2022-09-19T07:11:18+00:00 https://securityaffairs.co/wordpress/135923/data-breach/gta6-gameplay-videos-source-code-leak.html www.secnews.physaphae.fr/article.php?IdArticle=6998645 True Threat Uber None Security Affairs - Blog Secu The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. The company revealed that the threat actor had access to its network for four days […] ]]> 2022-09-17T18:11:10+00:00 https://securityaffairs.co/wordpress/135869/hacking/lastpass-august-hack-notice.html www.secnews.physaphae.fr/article.php?IdArticle=6960731 False Hack,Threat LastPass None Security Affairs - Blog Secu North Korea-linked threat actor UNC4034 is spreading tainted versions of the PuTTY SSH and Telnet client. In July 2022, Mandiant identified a novel spear phish methodology that was employed by North Korea-linked threat actor UNC4034. The attackers are spreading tainted versions of the PuTTY SSH and Telnet client. The attack chain starts with a fake […] ]]> 2022-09-16T16:40:56+00:00 https://securityaffairs.co/wordpress/135831/malware/north-korea-linked-apt-backdoored-putty.html www.secnews.physaphae.fr/article.php?IdArticle=6933196 False Threat None None Security Affairs - Blog Secu Uber on Thursday disclosed a security breach, threat actors gained access to its network, and stole internal documents. Uber on Thursday suffered a cyberattack, the attackers were able to penetrate its internal network and access internal documents, including vulnerability reports. According to the New York Times, the threat actors hacked an employee’s Slack account and […] ]]> 2022-09-16T07:22:27+00:00 https://securityaffairs.co/wordpress/135811/data-breach/uber-hacked-systems-allegedly-compromised.html www.secnews.physaphae.fr/article.php?IdArticle=6924934 False Vulnerability,Threat Uber,Uber None Security Affairs - Blog Secu Akamai announced to have recently blocked a new record-breaking distributed denial-of-service (DDoS) attack. On Monday, September 12, 2022, Akamai mitigated the largest DDoS attack ever that hit one of its European customers. The malicious traffic peaked at 704.8 Mpps and appears to originate from the same threat actor behind the previous record that Akamai blocked […] ]]> 2022-09-15T21:32:33+00:00 https://securityaffairs.co/wordpress/135803/security/record-ddos-sept-2022.html www.secnews.physaphae.fr/article.php?IdArticle=6916211 False Threat None None Security Affairs - Blog Secu The FBI has issued an alert about threat actors targeting healthcare payment processors in an attempt to hijack the payments. The Federal Bureau of Investigation (FBI) has issued an alert about cyber attacks against healthcare payment processors to redirect victim payments. Threat actors used employees' publicly-available Personally Identifiable Information (PII) and social engineering techniques to […] ]]> 2022-09-15T08:48:25+00:00 https://securityaffairs.co/wordpress/135774/cyber-crime/attacks-healthcare-payment-processors.html www.secnews.physaphae.fr/article.php?IdArticle=6905506 False Threat None None Security Affairs - Blog Secu Threat actors are exploiting the death of Queen Elizabeth II as bait in phishing attacks to steal Microsoft account credentials from victims. Researchers from Proofpoint are warning of threat actors that are using the death of Queen Elizabeth II as bait in phishing attacks. The attackers aim at tricking recipients into visiting sites designed to […] ]]> 2022-09-15T05:22:07+00:00 https://securityaffairs.co/wordpress/135764/cyber-crime/queen-elizabeth-ii-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=6903102 False Threat None None Security Affairs - Blog Secu Threat actors are actively exploiting a zero-day vulnerability in the WPGateway premium plugin to target WordPress websites. The Wordfence Threat Intelligence team reported that threat actors are actively exploiting a zero-day vulnerability (CVE-2022-3180) in the WPGateway premium plugin in attacks aimed at WordPress sites. The WPGateway plugin is a premium plugin that allows users of […] ]]> 2022-09-14T05:21:01+00:00 https://securityaffairs.co/wordpress/135715/cyber-crime/wordpress-wpgateway-critical-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6881565 False Vulnerability,Threat None None Security Affairs - Blog Secu A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage campaign that remained under the radar since early 2021. “A distinct group of espionage attackers who were formerly associated with the […] ]]> 2022-09-13T15:43:18+00:00 https://securityaffairs.co/wordpress/135700/intelligence/cyber-espionage-target-asian-countries.html www.secnews.physaphae.fr/article.php?IdArticle=6870469 False Threat None None Security Affairs - Blog Secu Iran-linked threat actors target individuals specializing in Middle Eastern affairs, nuclear security and genome research. In mid-2022, Proofpoint researchers uncovered a cyberespionage campaign conducted by Iran-linked TA453 threat actors. The campaign aimed at individuals specializing in Middle Eastern affairs, nuclear security and genome research. Threat actors used at least two actor-controlled personas on a single […] ]]> 2022-09-13T10:43:49+00:00 https://securityaffairs.co/wordpress/135679/apt/iran-ta453-multi-persona-impersonation.html www.secnews.physaphae.fr/article.php?IdArticle=6867807 False Threat None None Security Affairs - Blog Secu Google completed the acquisition of the threat intelligence firm Mandiant, the IT giant will pay $5.4 billion. Google announced the completion of the $5.4 billion acquisition of threat intelligence firm Mandiant. The acquisition was announced in March 2022 by both companies: “RESTON, Va., March 8, 2022 – Mandiant, Inc. (NASDAQ: MNDT) today announced that it has entered into […] ]]> 2022-09-12T16:36:52+00:00 https://securityaffairs.co/wordpress/135638/security/google-announced-acquisition-of-mandiant.html www.secnews.physaphae.fr/article.php?IdArticle=6861531 False Threat None None Security Affairs - Blog Secu Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, including theme files, pages, posts, widgets, users, and […] ]]> 2022-09-09T11:50:31+00:00 https://securityaffairs.co/wordpress/135518/hacking/backupbuddy-wordpress-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=6801258 False Vulnerability,Threat None None Security Affairs - Blog Secu 2022-09-09T08:57:47+00:00 https://securityaffairs.co/wordpress/135511/apt/dev-0270-abuses-bitlocker-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=6798992 False Ransomware,Threat None None Security Affairs - Blog Secu Some members of the Conti ransomware gang were involved in financially motivated attacks targeting Ukraine from April to August 2022. Researchers from Google’s Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group were involved in five different campaigns targeting Ukraine between April and August 2022. The activities overlap with operations […] ]]> 2022-09-08T09:10:20+00:00 https://securityaffairs.co/wordpress/135447/cyber-crime/conti-ransomware-members-target-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=6782176 False Ransomware,Threat None None Security Affairs - Blog Secu A new Linux malware dubbed Shikitega leverages a multi-stage infection chain to target endpoints and IoT devices. Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, dubbed Shikitega, that targets endpoints and IoT devices. The malware outstands for its multistage infection chain, threat actors use it to can gain full control of the system […] ]]> 2022-09-07T16:38:18+00:00 https://securityaffairs.co/wordpress/135437/malware/shikitega-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=6769653 False Malware,Threat None None Security Affairs - Blog Secu Experts spotted new Android spyware that was used by China-linked threat actors to spy on the Uyghur community in China. Researchers from Cyble Research & Intelligence Labs (CRIL) started their investigation after MalwareHunterTeam experts shared information about a new Android malware used to spy on the Uyghur community. The malware disguised as a book titled “The China […] ]]> 2022-09-06T16:23:32+00:00 https://securityaffairs.co/wordpress/135403/malware/android-malware-spy-uyghur.html www.secnews.physaphae.fr/article.php?IdArticle=6751989 False Malware,Threat None None Security Affairs - Blog Secu QNAP warns customers of ongoing DeadBolt ransomware attacks that are exploiting a zero-day vulnerability in Photo Station. QNAP warns customers of an ongoing wave of DeadBolt ransomware attacks, threat actors are exploiting a zero-day vulnerability in Photo Station. The attacks started on Saturday meantime the Taiwanese vendor has addressed the vulnerability. “QNAP Systems, Inc. today […] ]]> 2022-09-05T20:43:48+00:00 https://securityaffairs.co/wordpress/135347/malware/qnap-deadbolt-ransomware-new-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=6743256 False Ransomware,Vulnerability,Threat None None Security Affairs - Blog Secu The popular collective Anonymous and the IT Army of Ukraine hacked the Yandex Taxi app causing a massive traffic jam in Moscow. This week Anonymous announced to have hacked the Yandex Taxi app, the largest taxi service in Russia, and used it to cause a massive traffic jam in Moscow. The threat actors ordered all […] ]]> 2022-09-04T13:23:48+00:00 https://securityaffairs.co/wordpress/135280/hacktivism/anonyomus-hacked-yandex-taxi.html www.secnews.physaphae.fr/article.php?IdArticle=6725521 False Threat None None Security Affairs - Blog Secu The author of the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub. The development team behind the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub after the SafeBreach Labs researchers recently analyzed a new targeted attack aimed at Farsi-speaking code developers. […] ]]> 2022-09-04T09:14:26+00:00 https://securityaffairs.co/wordpress/135255/malware/coderat-malware.html www.secnews.physaphae.fr/article.php?IdArticle=6722594 False Malware,Threat None None Security Affairs - Blog Secu Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July. After the attack that hit the company in late July 2022, Samsung disclosed a data breach. The Electronics giant discovered on August 4 that threat actors have had access to its systems and exfiltrated customer personal […] ]]> 2022-09-02T22:38:44+00:00 https://securityaffairs.co/wordpress/135241/data-breach/samsung-second-data-breach-2022.html www.secnews.physaphae.fr/article.php?IdArticle=6692821 True Data Breach,Threat None None Security Affairs - Blog Secu Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format (ELF) ransomware which encrypts the files inside Linux systems based on the given folder path. We observed that the dropped README note matches exactly with the DarkAngels ransomware […] ]]> 2022-09-02T13:26:40+00:00 https://securityaffairs.co/wordpress/135218/malware/linux-ransomware-under-development.html www.secnews.physaphae.fr/article.php?IdArticle=6684725 False Ransomware,Threat None None Security Affairs - Blog Secu Researchers from Cyble analyzed a new, highly evasive JavaScript skimmer used by Magecart threat actors. Cyble Research & Intelligence Labs started its investigation after seeing a post on Twitter a new JavaScript skimmer developed by the Magecart threat group used to target Magento e-commerce websites. In Magecart attacks against Magento e-stores, attackers attempt to exploit vulnerabilities […] ]]> 2022-09-01T21:10:54+00:00 https://securityaffairs.co/wordpress/135177/cyber-crime/javascript-skimmer-magecart.html www.secnews.physaphae.fr/article.php?IdArticle=6671208 False Threat None None Security Affairs - Blog Secu Researchers discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials. Researchers from Broadcom Symantec’s Threat Hunter team discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials that allowed access to private cloud services. The experts pointed out that most of the apps containing hard-coded Amazon Web Services […] ]]> 2022-09-01T14:01:47+00:00 https://securityaffairs.co/wordpress/135152/hacking/apps-hard-coded-aws-credentials.html www.secnews.physaphae.fr/article.php?IdArticle=6665062 False Threat None None Security Affairs - Blog Secu Italian oil giant Eni was hit by a cyber attack, attackers compromised its computer networks, but the consequences appear to be minor. Italian oil giant company Eni disclosed a security breach, threat actors gained access to its network, but according to the company the intrusion had minor consequences because it was quickly detected. “The internal […] ]]> 2022-08-31T19:42:45+00:00 https://securityaffairs.co/wordpress/135116/hacking/eni-suffered-cyberattack.html www.secnews.physaphae.fr/article.php?IdArticle=6650572 False Threat None 2.0000000000000000 Security Affairs - Blog Secu 2022-08-31T16:43:57+00:00 https://securityaffairs.co/wordpress/135090/malware/gowebbfuscator-james-webb-space-telescope.html www.secnews.physaphae.fr/article.php?IdArticle=6648566 False Malware,Threat None None Security Affairs - Blog Secu Experts uncovered a cyber espionage campaign conducted by a China-linked APT group and aimed at several entities in the South China Sea. Proofpoint's Threat Research Team uncovered a cyber espionage campaign targeting entities across the world that was orchestrated by a China-linked threat actor. The campaign aimed at entities in Australia, Malaysia, and Europe, as […] ]]> 2022-08-31T13:03:30+00:00 https://securityaffairs.co/wordpress/135076/apt/apt40-scanbox-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=6645584 False Threat APT 40 None Security Affairs - Blog Secu The U.S. FBI warns investors that crooks are increasingly exploiting security issues in Decentralized Finance (DeFi) platforms to steal cryptocurrency. The U.S. Federal Bureau of Investigation (FBI) published a Public Service Announcement (PSA) to warn investors that cybercriminals are increasingly exploiting security flaws in Decentralized Finance (DeFi) platforms to steal cryptocurrency. Threat actors are exploiting […] ]]> 2022-08-30T05:26:17+00:00 https://securityaffairs.co/wordpress/135017/cyber-crime/fbi-warns-defi-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=6619614 False Threat None None Security Affairs - Blog Secu Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Early August, the communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. The attackers accessed company systems using employee credentials obtained through […] ]]> 2022-08-29T15:25:45+00:00 https://securityaffairs.co/wordpress/134984/data-breach/twilio-hack-authy-2fa.html www.secnews.physaphae.fr/article.php?IdArticle=6613781 False Hack,Threat None None Security Affairs - Blog Secu Researchers spotted a Turkish-based crypto miner malware campaign, tracked as Nitrokod, which infected systems across 11 countries. Check Point researchers discovered a Turkish based crypto miner malware campaign, dubbed Nitrokod, which infected machines across 11 countries The threat actors dropped the malware from popular software available on dozens of free software websites, including Softpedia and […] ]]> 2022-08-29T13:11:48+00:00 https://securityaffairs.co/wordpress/134985/cyber-crime/nitrokod-crypto-miner-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=6612759 False Malware,Threat None None