This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-07T13:08:33+00:00 www.secnews.physaphae.fr Security Affairs - Blog Secu Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple vulnerabilities impacting some of its products, including high-severity flaws in identity, email, and web security products. The most severe vulnerability addressed by the IT giant is a cross-site request forgery (CSRF) flaw, tracked as CVE-2022-20961 […] ]]> 2022-11-04T06:13:36+00:00 https://securityaffairs.co/wordpress/138068/security/cisco-addressed-multiple-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=7817020 False Vulnerability None None Security Affairs - Blog Secu The LockBit ransomware group claimed to have hacked the multinational automotive group Continental and threatens to leak stolen data. LockBit ransomware gang announced to have hacked the German multinational automotive parts manufacturing company Continental. The group added the name of the company to its Tor leak site and is threatening to publish alleged stolen data if the […] ]]> 2022-11-03T21:29:12+00:00 https://securityaffairs.co/wordpress/138062/cyber-crime/lockbit-gang-claims-continental-hack.html www.secnews.physaphae.fr/article.php?IdArticle=7809126 False Ransomware,Hack None None Security Affairs - Blog Secu Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US. Researchers at Proofpoint Threat Research observed threat actor TA569 intermittently injecting malicious code on a media company that serves many major news outlets. The media company serves The media company provides video content and advertising […] ]]> 2022-11-03T16:28:32+00:00 https://securityaffairs.co/wordpress/138052/cyber-crime/supply-chain-attack-fakeupdates.html www.secnews.physaphae.fr/article.php?IdArticle=7804949 False Malware,Threat None None Security Affairs - Blog Secu Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. Security researchers at Sentinel Labs shared details about Black Basta‘s TTPs and assess it is highly likely the ransomware operation has ties with FIN7. The experts analyzed tools used by the ransomware gang in attacks, some of […] ]]> 2022-11-03T12:34:23+00:00 https://securityaffairs.co/wordpress/138037/cyber-crime/black-basta-linked-fin7.html www.secnews.physaphae.fr/article.php?IdArticle=7801701 False Ransomware None None Security Affairs - Blog Secu 2022-11-03T10:02:32+00:00 https://securityaffairs.co/wordpress/138026/digital-id/tiktok-employess-accss-eu-data.html www.secnews.physaphae.fr/article.php?IdArticle=7799304 False None None None Security Affairs - Blog Secu Fortinet addressed 16 vulnerabilities in some of the company's products, six flaws received a 'high' severity rate. One of the high-severity issues is a persistent XSS, tracked as CVE-2022-38374, in Log pages of FortiADC. The root cause of the issue is an improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC. A […] ]]> 2022-11-03T08:04:49+00:00 https://securityaffairs.co/wordpress/138021/security/fortinet-nov-2022-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=7797744 False Vulnerability None None Security Affairs - Blog Secu I’m deeply saddened by the absurd death of Vitali Kremez, he died during a scuba diving off the coast of Hollywood Beach in Florida Vitali Kremez (36), founder and CEO of AdvIntel, has been found dead after scuba diving off the coast of Hollywood Beach in Florida. Vitali Kremez had entered the water on October 30 […] ]]> 2022-11-02T22:37:27+00:00 https://securityaffairs.co/wordpress/138012/breaking-news/vitali-kremez-died.html www.secnews.physaphae.fr/article.php?IdArticle=7790060 False None None None Security Affairs - Blog Secu Four malicious Android apps uploaded by the same developer to Google Play totaled at least one million downloads. Malwarebytes researchers discovered four malicious apps uploaded by the same developer (Mobile apps Group) to the official Google Play. The apps are infected with the Android/Trojan.HiddenAds.BTGTHB malware, the apps totaled at least one million downloads. Below is […] ]]> 2022-11-02T21:49:48+00:00 https://securityaffairs.co/wordpress/137998/cyber-crime/malicious-android-apps-google-play.html www.secnews.physaphae.fr/article.php?IdArticle=7789197 False None None None Security Affairs - Blog Secu Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022, Kaspersky researchers uncovered a previously undocumented Android spyware, dubbed SandStrike, employed in an espionage campaign targeting the Persian-speaking religion minority, Baháʼí. The threat actors were distributing a VPN app embedding a highly sophisticated spyware. The […] ]]> 2022-11-02T18:55:55+00:00 https://securityaffairs.co/wordpress/137990/hacking/sandstrike-malware-cyberespionage.html www.secnews.physaphae.fr/article.php?IdArticle=7786609 False Malware,Threat None None Security Affairs - Blog Secu Dropbox disclosed a security breach, threat actors gained unauthorized access to 130 of its source code repositories on GitHub. File hosting service Dropbox announced that threat actors gained unauthorized access to 130 of its source code repositories on GitHub. According to the advisory published by Dropbox, the company was the target of a phishing campaign […] ]]> 2022-11-02T10:31:40+00:00 https://securityaffairs.co/wordpress/137975/hacking/dropbox-account-hacked-2fa-jpg.html www.secnews.physaphae.fr/article.php?IdArticle=7780203 False Threat None None Security Affairs - Blog Secu The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786, in its cryptography library. The flaws impact versions 3.0.0 through 3.0.6 of the library. The OpenSSL software […] ]]> 2022-11-02T08:33:57+00:00 https://securityaffairs.co/wordpress/137965/security/openssl-fixed-two-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=7778643 False None None 4.0000000000000000 Security Affairs - Blog Secu The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, […] ]]> 2022-11-01T17:33:53+00:00 https://securityaffairs.co/wordpress/137955/cyber-crime/lockbit-3-0-thales.html www.secnews.physaphae.fr/article.php?IdArticle=7767181 False Ransomware,Guideline None None Security Affairs - Blog Secu ConnectWise has addressed a critical remote code execution vulnerability impacting Recover and R1Soft Server Backup Manager (SBM). According to the advisory published by ConnectWise, the vulnerability is an Improper Neutralization of Special Elements in Output Used by a Downstream Component. An attacker can exploit the vulnerability to execute remote code or directly access confidential data. […] ]]> 2022-11-01T13:19:26+00:00 https://securityaffairs.co/wordpress/137946/uncategorized/connectwise-rce.html www.secnews.physaphae.fr/article.php?IdArticle=7764673 False Vulnerability None None Security Affairs - Blog Secu Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M. Research published by threat intelligence firm KELA related to ransomware activity in Q3 reveals a stable activity in the sector of initial access sales, but experts observed a rise in the value of the offerings. […] ]]> 2022-11-01T11:32:51+00:00 https://securityaffairs.co/wordpress/137929/cyber-crime/ransomware-activity-q3-2022.html www.secnews.physaphae.fr/article.php?IdArticle=7763473 False Ransomware,Threat None None Security Affairs - Blog Secu A security flaw in the Galaxy Store app for Samsung devices could have potentially allowed remote command execution on affected phones. A now-patched vulnerability in the Galaxy Store app for Samsung devices could have potentially triggered remote command execution on affected phones. The flaw is a cross-site scripting (XSS) bug that can be triggered when […] ]]> 2022-11-01T09:46:44+00:00 https://securityaffairs.co/wordpress/137922/mobile-2/samsung-galaxy-store-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=7762360 True Vulnerability None None Security Affairs - Blog Secu VMware warned of the availability of a public exploit for a recently addressed critical remote code execution flaw in NSX Data Center for vSphere (NSX-V). VMware warned of the existence of a public exploit targeting a recently addressed critical remote code execution (RCE) vulnerability, tracked as CVE-2021-39144 (CVSS score of 9.8), in NSX Data Center for […] ]]> 2022-10-31T21:46:03+00:00 https://securityaffairs.co/wordpress/137912/security/vmware-cve-2021-39144-exploit.html www.secnews.physaphae.fr/article.php?IdArticle=7757825 False None None None Security Affairs - Blog Secu An unofficial patch for an actively exploited flaw in Microsoft Windows that allows to bypass Mark-of-the-Web (MotW) protections. 0patch released an unofficial patch to address an actively exploited security vulnerability in Microsoft Windows that could allow bypassing Mark-of-the-Web (MotW) protections by using files signed with malformed signatures. The issue affects all supported and multiple legacy […] ]]> 2022-10-31T18:21:37+00:00 https://securityaffairs.co/wordpress/137900/hacking/mark-of-the-web-bypass-0day.html www.secnews.physaphae.fr/article.php?IdArticle=7756517 False Vulnerability None None Security Affairs - Blog Secu Reflecting on the Wannacry ransomware attack, which is the lesson learnt e why most organizations are still ignoring it. In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding […] ]]> 2022-10-31T14:37:01+00:00 https://securityaffairs.co/wordpress/137894/cyber-crime/wannacry-hybrid-malware.html www.secnews.physaphae.fr/article.php?IdArticle=7754874 False Ransomware,Malware Wannacry,Wannacry 2.0000000000000000 Security Affairs - Blog Secu The Snatch ransomware group claims to have hacked HENSOLDT France, a company specializing in military and defense electronics. The Snatch ransomware group claims to have hacked the French company HENSOLDT France. HENSOLDT is a company specializing in military and defense electronics. HENSOLDT France offers a wide range of critical electronics solutions, products and services for the aeronautical, defence, energy and transport sectors, […] ]]> 2022-10-31T13:44:57+00:00 https://securityaffairs.co/wordpress/137886/cyber-crime/snatch-hensoldt-france-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=7754569 False None None None Security Affairs - Blog Secu A critical flaw in the cloud-based repository hosting service GitHub could’ve allowed attackers to takeover other repositories. The cloud-based repository hosting service GitHub has addressed a vulnerability that could have been exploited by threat actors to takeover the repositories of other users. The vulnerability was discovered by Checkmarx that called the attack technique RepoJacking. The […] ]]> 2022-10-31T12:11:03+00:00 https://securityaffairs.co/wordpress/137866/hacking/github-flaw-repojacking.html www.secnews.physaphae.fr/article.php?IdArticle=7754049 False Vulnerability,Threat None None Security Affairs - Blog Secu ThreatFabric researchers discovered five malicious dropper apps on Google Play Store with more than 130,000 downloads. Researchers at ThreatFabric have discovered five malicious dropper apps on the official Google Play Store. The malicious dropper apps are designed to deliver banking trojans, such as SharkBot and Vultur, that already totaled over 130,000 installations. “Droppers on Google Play went […] ]]> 2022-10-31T08:00:18+00:00 https://securityaffairs.co/wordpress/137847/cyber-crime/malicious-dropper-apps-play-store.html www.secnews.physaphae.fr/article.php?IdArticle=7751456 False None None None Security Affairs - Blog Secu 2022-10-30T19:39:56+00:00 https://securityaffairs.co/wordpress/137826/intelligence/liz-truss-phone-hacked.html www.secnews.physaphae.fr/article.php?IdArticle=7742842 False None None None Security Affairs - Blog Secu German police arrested a student that is suspected of being the administrator of ‘Deutschland im Deep Web’ (DiDW) darknet marketplace. Germany’s Federal Criminal Police Office (BKA) has arrested a student (22) in Bavaria, who is suspected of being the administrator of ‘Deutschland im Deep Web’ (DiDW) darknet marketplace. The darknet marketplace has gone off early […] ]]> 2022-10-30T17:52:51+00:00 https://securityaffairs.co/wordpress/137814/cyber-crime/deutschland-im-deep-web-didw-arrest.html www.secnews.physaphae.fr/article.php?IdArticle=7741350 False None None None Security Affairs - Blog Secu The BlackByte ransomware group claims to have compromised the Japanese beer and beverage company Asahi. Asahi Group Holdings, Ltd. is a global Japanese beer, spirits, soft drinks, and food business group. The Japanese beverage giant owns many popular brands, including Grolsch, such as Meantime, Peroni, and SABMiller. The BlackByte ransomware group claims to have stolen gigabytes of documents from Asahi, including […] ]]> 2022-10-30T16:41:03+00:00 https://securityaffairs.co/wordpress/137803/cyber-crime/blackbyte-ransomware-asahi.html www.secnews.physaphae.fr/article.php?IdArticle=7740603 False None None None Security Affairs - Blog Secu The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a precision metal manufacturing and metal solution provider. Asahi Group Holdings, Ltd. is a precision metal manufacturing and metal solution provider, for more than 40 years, the company has been delivering end-to-end services in the industries of precision metals and thin-film coatings with different teams […] ]]> 2022-10-30T16:41:03+00:00 https://securityaffairs.co/wordpress/137803/cyber-crime/blackbyte-ransomware-asahi-group-holdings.html www.secnews.physaphae.fr/article.php?IdArticle=7742097 False None None None Security Affairs - Blog Secu Air New Zealand suffered a security breach, multiple customers have been locked out of their accounts after the incident. Air New Zealand suffered a security breach, threat actors attempted to access customers’ accounts by carrying out credential-stuffing attacks. What is credential stuffing? “Credential stuffing is a type of attack in which hackers use automation and lists […] ]]> 2022-10-30T14:38:12+00:00 https://securityaffairs.co/wordpress/137793/cyber-crime/air-new-zealand-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7739106 False Threat None None Security Affairs - Blog Secu Twilio suffered another brief security incident in June 2022, the attack was conducted by the same threat actor of the August hack. The Communications company Twilio announced that it suffered another “brief security incident” on June 29, 2022, the attack was conducted by the same threat actor that in August compromised the company and gained access to […] ]]> 2022-10-29T18:34:59+00:00 https://securityaffairs.co/wordpress/137782/data-breach/twilio-new-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7723555 False Threat None None Security Affairs - Blog Secu The Slovak and Polish parliaments were hit by a massive cyber attack, and the voting system in Slovakia’s legislature was brought down. A massive cyber attack hit the Slovak and Polish parliaments, reported the authorities. The cyber attack brought down the voting system in Slovakia’s legislature. “The attack was multi-directional, including from inside the Russian […] ]]> 2022-10-29T17:12:16+00:00 https://securityaffairs.co/wordpress/137777/hacking/slovak-polish-parliaments-cyberattacks.html www.secnews.physaphae.fr/article.php?IdArticle=7722768 False None None None Security Affairs - Blog Secu Cybhorus CEO Pierluigi Paganini talks to TRT World about Elon Musk completing his $44 billion deal to buy Twitter and what changes he will make to the social media platform. Of course, the first impact will be on the leadership, Elon Musk was critical in the past with Agrawal's leadership. Musk will also take action […] ]]> 2022-10-29T14:53:00+00:00 https://securityaffairs.co/wordpress/137770/social-networks/elon-musk-twitter-change.html www.secnews.physaphae.fr/article.php?IdArticle=7720436 False Guideline None None Security Affairs - Blog Secu Juniper Networks devices are affected by multiple high-severity issues, including code execution vulnerabilities. Multiple high-severity security vulnerabilities have been discovered in Juniper Networks devices. “Multiple vulnerabilities have been found in the J-Web component of Juniper Networks Junos OS. One or more of these issues could lead to unauthorized local file access, cross-site scripting attacks, path […] ]]> 2022-10-28T19:47:43+00:00 https://securityaffairs.co/wordpress/137762/security/juniper-junos-os-flaws-2.html www.secnews.physaphae.fr/article.php?IdArticle=7718828 False Guideline None None Security Affairs - Blog Secu Google Thursday released an emergency patch for Chrome 107 to address the actively exploited zero-day vulnerability CVE-2022-3723. Google released an emergency update for the Chrome 107 to address an actively exploited zero-day vulnerability tracked as CVE-2022-3723. The CVE-2022-3723 flaw is a type confusion issue that resides in the Chrome V8 Javascript engine. The flaw has been reported […] ]]> 2022-10-28T13:00:33+00:00 https://securityaffairs.co/wordpress/137753/hacking/7-chrome-zero-day-fixed.html www.secnews.physaphae.fr/article.php?IdArticle=7718829 False Vulnerability None None Security Affairs - Blog Secu Apple released updates to backport the recently released security patches for CVE-2022-42827 zero-day to older iPhones and iPads. Apple has released new security updates to backport security patches released this week to address actively exploited CVE-2022-42827 in older iPhones and iPads, addressing an actively exploited zero-day bug. Early this week, Apple addressed the ninth zero-day […] ]]> 2022-10-28T09:25:49+00:00 https://securityaffairs.co/wordpress/137747/security/cve-2022-42827-zero-day-older-iphones-ipads.html www.secnews.physaphae.fr/article.php?IdArticle=7716607 False None None None Security Affairs - Blog Secu Threat actors hacked the website and Twitter account of the New York Post and published offensive messages against US politicians. New York Post confirmed that it was hacked, its website and Twitter account were used by the attackers to publish offensive messages targeting US politicians and a call for the assassination of US President Joe […] ]]> 2022-10-28T07:41:17+00:00 https://securityaffairs.co/wordpress/137735/hacking/new-york-post-hacked.html www.secnews.physaphae.fr/article.php?IdArticle=7715139 False None None None Security Affairs - Blog Secu DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm. Microsoft has discovered recent activity that links the Raspberry Robin worm to human-operated ransomware attacks.  Data collected by Microsoft Defender for Endpoint shows that nearly 3,000 devices in almost 1,000 organizations have seen at least one RaspberryRobin […] ]]> 2022-10-27T21:05:48+00:00 https://securityaffairs.co/wordpress/137722/malware/raspberry-robin-clop-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=7707891 False Ransomware None None Security Affairs - Blog Secu The multinational media conglomerate Thomson Reuters left a database with sensitive customer and corporate data exposed online Original post at https://cybernews.com/security/thomson-reuters-leaked-terabytes-sensitive-data/ Thomson Reuters, a multinational media conglomerate, left an open database with sensitive customer and corporate data, including third-party server passwords in plaintext format. Attackers could use the details for a supply-chain attack. The Cybernews […] ]]> 2022-10-27T14:34:22+00:00 https://securityaffairs.co/wordpress/137718/data-breach/thomson-reuters-database-exposed.html www.secnews.physaphae.fr/article.php?IdArticle=7703704 False None None None Security Affairs - Blog Secu 2022-10-27T13:38:51+00:00 https://securityaffairs.co/wordpress/137710/security/sirispy-apple-flaw-spy-conversations.html www.secnews.physaphae.fr/article.php?IdArticle=7703020 False Vulnerability None None Security Affairs - Blog Secu A popular British hacker was charged by the U.S. authorities for allegedly running the ‘The Real Deal’ dark web marketplace. The British hacker Daniel Kaye (aka Bestbuy, Spdrman, Popopret, UserL0ser) (34) was charged by the U.S. DoJ for allegedly running the ‘The Real Deal’ dark web marketplace. The man was charged with access device fraud […] ]]> 2022-10-27T05:14:38+00:00 https://securityaffairs.co/wordpress/137696/cyber-crime/british-hacker-the-real-deal.html www.secnews.physaphae.fr/article.php?IdArticle=7697649 False None None None Security Affairs - Blog Secu The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit. Experts pointed out that it is the first critical vulnerability patched in toolkit since September 2016. “The OpenSSL project […] ]]> 2022-10-26T23:00:48+00:00 https://securityaffairs.co/wordpress/137689/security/openssl-second-critical-flaw-ever.html www.secnews.physaphae.fr/article.php?IdArticle=7692571 False Vulnerability None None Security Affairs - Blog Secu 2022-10-26T19:09:16+00:00 https://securityaffairs.co/wordpress/137673/data-breach/see-tickets-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7690434 False Data Breach,Threat None None Security Affairs - Blog Secu US authorities charged a Ukrainian man with computer fraud for allegedly infecting millions of computers with Raccoon Infostealer. The US Justice Department charged a Ukrainian, Mark Sokolovsky (26) man with computer fraud for allegedly infecting millions of computers with the Raccoon Infostealer. The man is currently being held in the Netherlands, he was charged for […] ]]> 2022-10-26T13:14:31+00:00 https://securityaffairs.co/wordpress/137661/cyber-crime/raccoon-infostealer-man-charged.html www.secnews.physaphae.fr/article.php?IdArticle=7686433 False None None None Security Affairs - Blog Secu Cisco warns of active exploitation attempts targeting two vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows. Cisco is warning of exploitation attempts targeting two security flaws, tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), in the Cisco AnyConnect Secure Mobility Client for Windows. Both vulnerabilities are dated 2020 and are now patched. The […] ]]> 2022-10-26T09:37:20+00:00 https://securityaffairs.co/wordpress/137654/security/cisco-anyconnect-secure-mobility-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=7683841 False None None None Security Affairs - Blog Secu VMware addressed a critical remote code execution vulnerability in VMware Cloud Foundation tracked as CVE-2021-39144. VMware has released security updates to address a critical vulnerability, tracked as CVE-2021-39144 (CVSSv3 9.8), in VMware Cloud Foundation. VMware Cloud Foundation™ is the industry’s most advanced hybrid cloud platform. It provides a complete set of software-defined services for compute, storage, […] ]]> 2022-10-26T07:36:50+00:00 https://securityaffairs.co/wordpress/137640/hacking/vmware-cloud-foundation-rce.html www.secnews.physaphae.fr/article.php?IdArticle=7682579 False Vulnerability None 5.0000000000000000 Security Affairs - Blog Secu A high-severity vulnerability, tracked as CVE-2022-35737, has been disclosed in the SQLite database library. The security expert Andreas Kellas detailed a high-severity vulnerability, tracked as CVE-2022-35737 (CVSS score: 7.5), in the SQLite database library, which was introduced in October 2000. The CVE-2022-35737 flaw is an integer overflow issue that impacts SQLite versions 1.0.12 through 3.39.1. The vulnerability was […] ]]> 2022-10-25T20:22:55+00:00 https://securityaffairs.co/wordpress/137629/hacking/cve-2022-35737-sqlite-bug.html www.secnews.physaphae.fr/article.php?IdArticle=7675578 False Vulnerability None None Security Affairs - Blog Secu Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from point-of-sale payment terminals. On April 19, 2022, Group-IB researchers identified the C2 server of the POS malware called MajikPOS. […] ]]> 2022-10-25T14:59:22+00:00 https://securityaffairs.co/wordpress/137608/malware/pos-malware-stolen-card-data.html www.secnews.physaphae.fr/article.php?IdArticle=7672738 False Malware,Threat None None Security Affairs - Blog Secu The Hive ransomware gang, which claimed the responsibility for the Tata Power data breach, started leaking data. On October 14, Tata Power, India's largest power generation company, announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company. The company confirmed that the security breach impacted “some of […] ]]> 2022-10-25T11:44:24+00:00 https://securityaffairs.co/wordpress/137601/malware/hive-ransomware-tata-power.html www.secnews.physaphae.fr/article.php?IdArticle=7671761 False Ransomware,Threat None None Security Affairs - Blog Secu A new malvertising campaign, code-named Dormant Colors, is delivering malicious Google Chrome extensions that hijack targets' browsers. Researchers at Guardio Labs have discovered a new malvertising campaign, called Dormant Colors, aimed at delivering malicious Google Chrome extensions. The Chrome extensions hijack searches and insert affiliate links into web pages. The experts called the campaign Dormant […] ]]> 2022-10-25T07:10:04+00:00 https://securityaffairs.co/wordpress/137587/malware/malicious-chrome-extensions-dormant-colors.html www.secnews.physaphae.fr/article.php?IdArticle=7670615 False None None None Security Affairs - Blog Secu Apple released security updates that addressed the ninth zero-day vulnerability actively exploited in the wild since the start of the year.  Apple has addressed the ninth zero-day vulnerability exploited in attacks in the wild since the start of the year. The vulnerability, tracked as CVE-2022-42827, is an out-of-bounds write issue that can be exploited by an attacker to […] ]]> 2022-10-24T21:09:12+00:00 https://securityaffairs.co/wordpress/137579/security/apple-fixes-ninth-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=7668702 False Vulnerability None None Security Affairs - Blog Secu The Ukraine Computer Emergency Response Team (CERT-UA) warns of Cuba Ransomware attacks against critical networks in the country. The Ukraine Computer Emergency Response Team (CERT-UA) warns of potential Cuba Ransomware attacks against local critical infrastructure. On October 21, 2022, the Ukraine CERT-UA uncovered a phishing campaign impersonating the Press Service of the General Staff of […] ]]> 2022-10-24T18:35:15+00:00 https://securityaffairs.co/wordpress/137567/cyber-warfare-2/cuba-ransomware-cert-ua.html www.secnews.physaphae.fr/article.php?IdArticle=7668098 False Ransomware None None Security Affairs - Blog Secu Norway 's prime minister warned last week that Russia poses “a real and serious threat” to the country's oil and gas industry. Norway 's prime minister Jonas Gahr Støre warned that Russia poses “a real and serious threat” to the country's oil and gas industry. The minister claims its country is going slow in adopting […] ]]> 2022-10-24T14:17:22+00:00 https://securityaffairs.co/wordpress/137561/cyber-warfare-2/norway-pm-warns-russia-threat.html www.secnews.physaphae.fr/article.php?IdArticle=7666423 False Threat None None Security Affairs - Blog Secu Researchers discovered 16 malicious clicker apps in the official Google Play store that were downloaded by 20M+ users. Security researchers at McAfee have discovered 16 malicious clicker apps available in the official Google Play store that were installed more than 20 million times. One of these apps, called DxClean, has more than five million times […] ]]> 2022-10-24T10:32:04+00:00 https://securityaffairs.co/wordpress/137549/malware/clicker-apps-google-play.html www.secnews.physaphae.fr/article.php?IdArticle=7664466 False None None None Security Affairs - Blog Secu Researchers discovered thousands of GitHub repositories that offer fake proof-of-concept (PoC) exploits for various flaws used to distribute malware. A team of researchers at the Leiden Institute of Advanced Computer Science (Soufian El Yadmani, Robin The, Olga Gadyatskaya) discovered thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for multiple vulnerabilities. The experts analyzed PoCs shared on […] ]]> 2022-10-24T07:24:29+00:00 https://securityaffairs.co/wordpress/137527/hacking/malicious-github-repositories.html www.secnews.physaphae.fr/article.php?IdArticle=7662848 True None None None Security Affairs - Blog Secu Iran's atomic energy agency claims that alleged state-sponsored hackers have compromised its email system. Iran's atomic energy agency revealed on Sunday that a nation-state actor had access to a subsidiary's network and free access to its email system, the Associated Press reports. The Iranian government has yet to attribute the attack to a specific The […] ]]> 2022-10-23T17:15:39+00:00 https://securityaffairs.co/wordpress/137513/hacking/hackers-stole-sensitive-data-from-irans-atomic-energy-agency.html www.secnews.physaphae.fr/article.php?IdArticle=7652849 False None None None Security Affairs - Blog Secu International cash and carry giant METRO suffered this week IT infrastructure outages following a cyberattack. International cash and carry giant METRO was hit by a cyberattack that caused IT infrastructure outages. Metro employs more than 95,000 people in 681 stores worldwide, most of them in Germany, its sales reached 24.8 billion euros in 2020. The […] ]]> 2022-10-23T13:15:02+00:00 https://securityaffairs.co/wordpress/137506/hacking/metro-confirmed-cyberattack.html www.secnews.physaphae.fr/article.php?IdArticle=7649845 False None None None Security Affairs - Blog Secu US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. Healthcare and Public Health sector with ransomware. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. businesses, mainly in the Healthcare and Public Health (HPH) Sector, […] ]]> 2022-10-22T17:05:23+00:00 https://securityaffairs.co/wordpress/137493/cyber-crime/daixin-team-targets-healthcare.html www.secnews.physaphae.fr/article.php?IdArticle=7631786 False None None None Security Affairs - Blog Secu Threat actors are exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace ONE Access in attacks in the wild. Threat actors are actively exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace ONE Access to deliver cryptocurrency miners and ransomware. The issue causes server-side template injection due to because of the lack of […] ]]> 2022-10-22T15:31:57+00:00 https://securityaffairs.co/wordpress/137483/hacking/vmware-workspace-one-access-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=7630858 False Threat None None Security Affairs - Blog Secu Electricity company EnergyAustralia suffered a security breach, threat actors had access to information on 323 customers. Another Australian organization was hit by a severe cyber attack, this time the victim is the Electricity company EnergyAustralia. EnergyAustralia is the country's third-largest energy retailer. The company confirmed that threat actors had access to information on 323 residential and […] ]]> 2022-10-21T23:02:44+00:00 https://securityaffairs.co/wordpress/137473/data-breach/energyaustralia-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7614768 False Threat None None Security Affairs - Blog Secu Wordfence researchers warn of exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. Experts at WordPress security firm Wordfence reported exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. GitHub's threat analyst Alvaro Munoz this week disclosed a remote code execution vulnerability, tracked as CVE-2022-42889 (CVSS score 9.8), in the open-source Apache Commons […] ]]> 2022-10-21T20:51:28+00:00 https://securityaffairs.co/wordpress/137462/hacking/text4shell-exploitation-attempts.html www.secnews.physaphae.fr/article.php?IdArticle=7612851 False Threat None None Security Affairs - Blog Secu CISA added a Linux kernel vulnerability, tracked as CVE-2021-3493, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added a Linux kernel vulnerability, tracked as CVE-2021-3493, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the […] ]]> 2022-10-21T13:47:59+00:00 https://securityaffairs.co/wordpress/137454/security/cve-2021-3493-known-exploited-vulnerabilities-catalog.html www.secnews.physaphae.fr/article.php?IdArticle=7606305 False None None None Security Affairs - Blog Secu Google launched the Graph for the Understanding Artifact Composition (GUAC) project, to secure the software supply chain. Google this week launched a new project named Graph for Understanding Artifact Composition (GUAC) which aims at securing the software supply chain. The IT giant is seeking contributors to the new project. “GUAC, or Graph for Understanding Artifact Composition, is in the […] ]]> 2022-10-21T10:15:49+00:00 https://securityaffairs.co/wordpress/137448/security/guac-software-supply-chain-security.html www.secnews.physaphae.fr/article.php?IdArticle=7603554 False None None None Security Affairs - Blog Secu 2022-10-21T07:50:12+00:00 https://securityaffairs.co/wordpress/137435/malware/ursnif-shift-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=7600844 False Malware None None Security Affairs - Blog Secu Healthcare system Advocate Aurora Health (AAH) disclosed a data breach that exposed the personal data of 3,000,000 patients. The US-based hospital healthcare system Advocate Aurora Health (AAH) disclosed a data breach that exposed the personal data of 3,000,000 patients. The company is notifying the impacted individuals. The healthcare system operates 26 hospitals in Wisconsin and […] ]]> 2022-10-21T05:23:28+00:00 https://securityaffairs.co/wordpress/137421/data-breach/advocate-aurora-health-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7599031 False Data Breach None None Security Affairs - Blog Secu Cybersecurity researchers warn of a new PowerShell backdoor that disguises itself as part of the Windows update process to avoid detection. Cybersecurity researchers from SafeBreach a warning of a new PowerShell backdoor masqueraded as a Windows update process to avoid detection. The backdoor spreads via weaponized Word documents (“Apply Form.docm.”) posing as a LinkedIn-based job […] ]]> 2022-10-20T18:09:07+00:00 https://securityaffairs.co/wordpress/137410/malware/undetectable-powershell-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=7589131 False None None None Security Affairs - Blog Secu Microsoft disclosed a data leak, sensitive data of some of its customers were exposed by a misconfigured Microsoft server accessible online. Microsoft announced that sensitive data belonging to some of its customers were exposed on the Internet due to a misconfigured Microsoft server. The data leak was discovered by the security threat intelligence firm SOCRadar […] ]]> 2022-10-20T16:07:14+00:00 https://securityaffairs.co/wordpress/137397/data-breach/microsoft-data-leak-2.html www.secnews.physaphae.fr/article.php?IdArticle=7587349 False Threat None None Security Affairs - Blog Secu While the Russian army is conducting coordinated missile and drone strikes in Ukraine experts observed Internet disruptions in the country. Starting on the morning of Monday, October 10, the Russian army is targeting several cities in Ukraine with coordinated missile and drone strikes. The escalation is a retaliation for the bombing of a bridge connecting […] ]]> 2022-10-20T11:22:33+00:00 https://securityaffairs.co/wordpress/137390/cyber-warfare-2/internet-disruptions-russia-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=7582937 False None None None Security Affairs - Blog Secu The Federal Police of Brazil arrested an individual who is suspected of being a member of the notorious LAPSUS$ extortionist group. The Federal Police of Brazil yesterday announced the arrest of an individual suspected of being linked to the LAPSUS$ extortionist gang. The authorities did not disclose info about the individual, it seems that the […] ]]> 2022-10-20T09:53:51+00:00 https://securityaffairs.co/wordpress/137381/cyber-crime/brazilian-police-arrested-lapsus-member.html www.secnews.physaphae.fr/article.php?IdArticle=7581191 False None None None Security Affairs - Blog Secu Nearly two million .git folders containing vital project information are exposed to the public, the Cybernews research team found. Original Post at https://cybernews.com/security/millions-git-folders-exposed/ Git is the most popular open-source, distributed version control system (VCS) developed nearly 20 years ago by Linus Torvalds for development of the Linux kernel, with other kernel developers contributing to its initial […] ]]> 2022-10-20T06:00:37+00:00 https://securityaffairs.co/wordpress/137371/security/millions-git-folders-exposed-public.html www.secnews.physaphae.fr/article.php?IdArticle=7577762 False None None None Security Affairs - Blog Secu Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. Apache Commons Text is a library focused on algorithms working on strings. The vulnerability, dubbed “Text4Shell,” is an unsafe script evaluation issue […] ]]> 2022-10-19T22:50:57+00:00 https://securityaffairs.co/wordpress/137359/security/text4shell-apache-commons-text.html www.secnews.physaphae.fr/article.php?IdArticle=7570729 False Vulnerability,Threat None None Security Affairs - Blog Secu Cybersecurity researchers published technical details about a now-patched FabriXss flaw that impacts Azure Fabric Explorer. Orca Security researchers have released technical details about a now-patched FabriXss vulnerability, tracked as CVE-2022-35829 (CVSS 6.2), that impacts Azure Fabric Explorer. An attacker can exploit the vulnerability to gain administrator privileges on the cluster. In order to exploit this flaw, an […] ]]> 2022-10-19T15:14:05+00:00 https://securityaffairs.co/wordpress/137349/hacking/azure-azure-fabric-fabrixss.html www.secnews.physaphae.fr/article.php?IdArticle=7563881 False Vulnerability None None Security Affairs - Blog Secu Researchers at Palo Alto Network’s Unit 42 linked the Ransom Cartel ransomware operation to the REvil ransomware operations. Researchers at Palo Alto Network’s Unit 42 have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil cybercrime gang. The REvil group was one of the most active ransomware gangs in the first half […] ]]> 2022-10-19T13:07:36+00:00 https://securityaffairs.co/wordpress/137328/cyber-crime/ransom-cartel-links-revil.html www.secnews.physaphae.fr/article.php?IdArticle=7562037 False Ransomware None None Security Affairs - Blog Secu 2022-10-19T05:19:19+00:00 https://securityaffairs.co/wordpress/137318/security/microsoft-office-365-message-encryption-ome-doesnt-ensure-confidentiality.html www.secnews.physaphae.fr/article.php?IdArticle=7555058 False None None None Security Affairs - Blog Secu An international law enforcement operation led by Europol disrupted a cybercrime ring focused on hacking wireless key fobs to steal cars. The French authorities in cooperation with their Spanish and Latvian peers, and with the support of Europol and Eurojust, have dismantled a cybercrime organization specializing in the theft of cars by hacking key fobs.  […] ]]> 2022-10-18T15:48:58+00:00 https://securityaffairs.co/wordpress/137311/cyber-crime/cybercrime-key-fobs-hacking.html www.secnews.physaphae.fr/article.php?IdArticle=7542491 False None None None Security Affairs - Blog Secu China-linked threat actors APT41 (a.k.a. Winnti) targeted organizations in Hong Kong, in some cases remaining undetected for a year. Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May. Winnti (aka APT41, Axiom, Barium, Blackfly) is a cyberespionage […] ]]> 2022-10-18T14:15:09+00:00 https://securityaffairs.co/wordpress/137300/apt/apt41-spyder-loader.html www.secnews.physaphae.fr/article.php?IdArticle=7541666 False Threat,Guideline APT 17,APT 41 None Security Affairs - Blog Secu HelpSystems, the company that developed the Cobalt Strike platform, addressed a critical remote code execution vulnerability in its software. HelpSystems, the company that developed the commercial post-exploitation toolkit Cobalt Strike, addressed a critical remote code execution vulnerability, tracked as CVE-2022-42948, in its platform. The company released an out-of-band security update to address the remote code […] ]]> 2022-10-18T12:27:39+00:00 https://securityaffairs.co/wordpress/137284/hacking/cobalt-strike-rce.html www.secnews.physaphae.fr/article.php?IdArticle=7540029 False Vulnerability None None Security Affairs - Blog Secu Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. Unfortunately, the number of devices that have yet to be patched is still high. “After multiple notifications from Fortinet over the past week, there are still a significant number of […] ]]> 2022-10-18T07:56:50+00:00 https://securityaffairs.co/wordpress/137273/hacking/fortinet-cve-2022-40684-vulnerable-systems.html www.secnews.physaphae.fr/article.php?IdArticle=7536140 False None None None Security Affairs - Blog Secu Video messaging company Zoom fixed a high-severity vulnerability, tracked as CVE-2022-28762, in Zoom Client for Meetings for macOS. Zoom Client for Meetings for macOS (Standard and for IT Admin) is affected by a debugging port misconfiguration. The issue, tracked as CVE-2022-28762, received a CVSS severity score of 7.3. When the camera mode rendering context is […] ]]> 2022-10-18T07:11:17+00:00 https://securityaffairs.co/wordpress/137266/security/zoom-macos-cve-2022-28762.html www.secnews.physaphae.fr/article.php?IdArticle=7536141 False None None None Security Affairs - Blog Secu Australian retail giant Woolworths disclosed a data breach that impacted approximately 2.2 million MyDeal customers. Bad news for the customers of the MyDeal online marketplace, the Australian retail giant Woolworths disclosed a data breach that impacted approximately 2.2 million of them. As soon the company became aware of the security breach it blocked access to […] ]]> 2022-10-17T19:15:18+00:00 https://securityaffairs.co/wordpress/137262/data-breach/woolworths-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7531195 False Data Breach None None Security Affairs - Blog Secu Black Lotus is a new, powerful Windows UEFI rootkit advertised on underground criminal forums, researcher warns. Cybersecurity researcher Scott Scheferman reported that a new Windows UEFI rootkit, dubbed Black Lotus, is advertised on underground criminal forums. The powerful malware is offered for sale at $5,000, with $200 payments per new updates. The researcher warns that […] ]]> 2022-10-17T15:00:10+00:00 https://securityaffairs.co/wordpress/137252/malware/black-lotus-uefi-rootkit.html www.secnews.physaphae.fr/article.php?IdArticle=7528752 False Malware None None Security Affairs - Blog Secu The IT infrastructure of the Japanese tech company Oomiya was infected with the LockBit 3.0 ransomware. One of the affiliates for the LockBit 3.0 RaaS hit the Japanese tech company Oomiya. Oomiya is focused on designing and manufacturing microelectronics and facility system equipment. The business of Omiya Kasei is divided into four major areas, manufacturing and designing […] ]]> 2022-10-17T13:19:48+00:00 https://securityaffairs.co/wordpress/137243/cyber-crime/oomiya-lockbit-3-0-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=7528456 False None None None Security Affairs - Blog Secu Government institutions in Bulgaria have been hit by a cyber attack during the weekend, experts believe it was launched by Russian threat actors. The infrastructure of government institutions in Bulgaria has been hit by a massive DDoS attack. The attack started on Saturday and experts believe that it was orchestrated by Russian threat actors. The […] ]]> 2022-10-17T10:54:25+00:00 https://securityaffairs.co/wordpress/137230/hacking/bulgaria-hit-cyber-attack-russia.html www.secnews.physaphae.fr/article.php?IdArticle=7527273 False Threat None None Security Affairs - Blog Secu Interpol has announced the arrests of 75 individuals as part of a coordinated international operation against an organized cybercrime ring called Black Axe. Interpol arrested 75 individuals as part of a coordinated global operation, codenamed Operation Jackal, against the cybercrime ring Black Axe. The operation involved law enforcement bodies in 14 countries (Argentina, Australia, Côte d’Ivoire, France, […] ]]> 2022-10-17T08:36:26+00:00 https://securityaffairs.co/wordpress/137220/cyber-crime/interpol-arrests-black-axe-members.html www.secnews.physaphae.fr/article.php?IdArticle=7525879 False None None None Security Affairs - Blog Secu Lansweeper warns that over 45,000 VMware ESXi servers exposed online have reached end-of-life (EOL), making them an easy target for attackers. IT Asset Management software provider Lansweeper has scanned the Internet for VMware ESXi servers and found over 45,000 instances that have reached end-of-life (EOL). The company discovered 79,000 VMware ESXi instances operated by 6.000 […] ]]> 2022-10-17T07:01:49+00:00 https://securityaffairs.co/wordpress/137191/security/vmware-esxi-eol.html www.secnews.physaphae.fr/article.php?IdArticle=7524452 False None None None Security Affairs - Blog Secu Microsoft warns that new Prestige ransomware is targeting transportation and logistics organizations in Ukraine and Poland. Microsoft reported that new Prestige ransomware is being used in attacks aimed at transportation and logistics organizations in Ukraine and Poland. The Prestige ransomware first appeared in the threat landscape on October 11 in attacks occurring within an hour […] ]]> 2022-10-16T23:22:16+00:00 https://securityaffairs.co/wordpress/137203/apt/prestige-ransomware-targets-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=7517773 False Ransomware,Threat None None Security Affairs - Blog Secu Threat actors have compromised hundreds of servers exploiting critical flaw CVE-2022-41352 in Zimbra Collaboration Suite (ZCS). Last week, researchers from Rapid7 warned of the exploitation of unpatched zero-day remote code execution vulnerability, tracked as CVE-2022-41352, in the Zimbra Collaboration Suite. Rapid7 has published technical details, including a proof-of-concept (PoC) code and indicators of compromise (IoCs) regarding […] ]]> 2022-10-16T14:09:51+00:00 https://securityaffairs.co/wordpress/137164/apt/zimbra-cve-2022-41352-exploitation.html www.secnews.physaphae.fr/article.php?IdArticle=7508743 True None None None Security Affairs - Blog Secu Experts spotted a PHP version of an information-stealing malware called Ducktail spread as cracked installers for legitimate apps and games. Zscaler researchers discovered a PHP version of an information-stealing malware tracked as Ducktail. The malicious code is distributed as free/cracked application installers for a variety of applications including games, Microsoft Office applications, Telegram, and others.   Ducktail has been […] ]]> 2022-10-15T16:41:24+00:00 https://securityaffairs.co/wordpress/137145/malware/ducktail-php-targets-facebook.html www.secnews.physaphae.fr/article.php?IdArticle=7485682 False Malware None None Security Affairs - Blog Secu Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software. “An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker […] ]]> 2022-10-15T12:58:39+00:00 https://securityaffairs.co/wordpress/137138/security/palo-alto-networks-pan-os-flaw-3.html www.secnews.physaphae.fr/article.php?IdArticle=7481337 False Vulnerability None None Security Affairs - Blog Secu Tata Power Company Limited, India’s largest power generation company, announced it was hit by a cyberattack. Tata Power on Friday announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company. The company confirmed that the security breach impacted “some of its IT systems.” “The Tata Power Company […] ]]> 2022-10-15T10:22:50+00:00 https://securityaffairs.co/wordpress/137130/hacking/tata-power-cyber-attack.html www.secnews.physaphae.fr/article.php?IdArticle=7479145 False Threat None None Security Affairs - Blog Secu Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability. The Common Log File System (CLFS) is a general-purpose logging subsystem that can be used by applications running in both kernel mode […] ]]> 2022-10-14T22:29:57+00:00 https://securityaffairs.co/wordpress/137119/hacking/cve-2022-37969-details.html www.secnews.physaphae.fr/article.php?IdArticle=7465862 False None None None Security Affairs - Blog Secu Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. The experts believe the group operated for cyber espionage purposes and is […] ]]> 2022-10-14T15:10:29+00:00 https://securityaffairs.co/wordpress/137107/apt/wip19-targets-middle-east-asia.html www.secnews.physaphae.fr/article.php?IdArticle=7458705 False Threat None None Security Affairs - Blog Secu Experts released the PoC exploit code for the authentication bypass flaw CVE-2022-40684 in FortiGate firewalls and FortiProxy web proxies. A proof-of-concept (PoC) exploit code for the authentication bypass vulnerability CVE-2022-40684 (CVSS score: 9.6) in FortiGate firewalls and FortiProxy web proxies has been released online. The vulnerability impacts FortiOS versions from 7.0.0 to 7.0.6 and from […] ]]> 2022-10-14T09:37:35+00:00 https://securityaffairs.co/wordpress/137095/hacking/fortinet-cve-2022-40684-poc.html www.secnews.physaphae.fr/article.php?IdArticle=7452991 False Vulnerability None None Security Affairs - Blog Secu Over 80,000 drone IDs were exposed in the leak of a database containing information from airspace monitoring devices manufactured by DJI. Original post at CyberNews: https://cybernews.com/privacy/dji-drone-tracking-data-exposed-in-us/ Over 80,000 drone IDs were exposed in a data leak after a database containing information from dozens of airspace monitoring devices manufactured by the Chinese-owned DJI was left accessible […] ]]> 2022-10-14T08:33:52+00:00 https://securityaffairs.co/wordpress/137087/data-breach/dji-drone-tracking-data-exposed-in-us.html www.secnews.physaphae.fr/article.php?IdArticle=7452046 False None None None Security Affairs - Blog Secu The Budworm espionage group resurfaced targeting a U.S.-based organization for the first time, Symantec Threat Hunter team reported. The Budworm cyber espionage group (aka APT27, Bronze Union, Emissary Panda, Lucky Mouse, TG-3390, and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of […] ]]> 2022-10-13T23:10:45+00:00 https://securityaffairs.co/wordpress/137075/apt/budworm-apt-targets-us.html www.secnews.physaphae.fr/article.php?IdArticle=7443560 False Threat APT 27 None Security Affairs - Blog Secu Cloudflare mitigated a record distributed denial-of-service (DDoS) attack against Wynncraft, one of the largest Minecraft servers. Cloudflare announced it has mitigated a record distributed denial-of-service (DDoS) attack against Wynncraft, one of the largest Minecraft servers. The Cloudflare DDoS threat report 2022 Q3 states that multi-terabit massive DDoS attacks have become increasingly frequent. In Q3, the […] ]]> 2022-10-13T15:43:51+00:00 https://securityaffairs.co/wordpress/137062/hacking/ddos-attack-record-q3-2022.html www.secnews.physaphae.fr/article.php?IdArticle=7436369 True Threat None None Security Affairs - Blog Secu Experts discovered a new attack framework, including a C2 tool dubbed Alchimist, used in attacks against Windows, macOS, and Linux systems. Researchers from Cisco Talos discovered a new, previously undocumented attack framework that included a C2 dubbed Alchimist. The framework is likely being used in attacks aimed at Windows, macOS, and Linux systems. The experts […] ]]> 2022-10-13T14:59:19+00:00 https://securityaffairs.co/wordpress/137046/hacking/alchimist-c2-tool.html www.secnews.physaphae.fr/article.php?IdArticle=7435493 False Tool None None Security Affairs - Blog Secu An APT group tracked as Polonium employed custom backdoors in attacks aimed at Israelian entities since at least September 2021. POLONIUM APT focused only on Israeli targets, it launched attacks against more than a dozen organizations in various industries, including engineering, information technology, law, communications, branding and marketing, media, insurance, and social services. Microsoft MSTIC […] ]]> 2022-10-13T10:14:00+00:00 https://securityaffairs.co/wordpress/137030/apt/polonium-custom-backdoors.html www.secnews.physaphae.fr/article.php?IdArticle=7432026 False None None None Security Affairs - Blog Secu Kaspersky researchers warn of a recently discovered malicious version of a popular WhatsApp messenger mod dubbed YoWhatsApp. Kaspersky researchers discovered an unofficial WhatsApp Android application named ‘YoWhatsApp’ that steals access keys for users’ accounts. Mod apps are advertised as unofficial versions of legitimate apps that have features that the official one does not supports. YoWhatsApp is […] ]]> 2022-10-13T07:29:58+00:00 https://securityaffairs.co/wordpress/137013/malware/yowhatsapp-fake-whatsapp.html www.secnews.physaphae.fr/article.php?IdArticle=7429462 False None None None Security Affairs - Blog Secu Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator. Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator that can be exploited by remote attackers to compromise the vulnerable host. Aruba EdgeConnect Orchestrator is a centralized SD-WAN management solution that allows enterprises to control their WAN. Below are the vulnerabilities addressed […] ]]> 2022-10-12T21:26:16+00:00 https://securityaffairs.co/wordpress/137000/security/aruba-edgeconnect-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=7420231 False None None None Security Affairs - Blog Secu 2022-10-12T15:41:34+00:00 https://securityaffairs.co/wordpress/136987/security/microsoft-patch-tuesday-oct-2022.html www.secnews.physaphae.fr/article.php?IdArticle=7414800 False None None None Security Affairs - Blog Secu Lockbit ransomware affiliates are compromising Microsoft Exchange servers to deploy their ransomware, experts warn. South-Korean cybersecurity firm AhnLab reported that Lockbit ransomware affiliates are distributing their malware via compromised Microsoft Exchange servers. In July 2022, two servers operated by a customer of the security firm were infected with LockBit 3.0 ransomware.  Threat actors initially deployed […] ]]> 2022-10-12T05:54:56+00:00 https://securityaffairs.co/wordpress/136968/cyber-crime/microsoft-exchange-lockbit-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=7405732 False Ransomware,Malware,Threat None None Security Affairs - Blog Secu Researchers warn of a new phishing-as-a-service (PhaaS) toolkit, called Caffeine, which is being used by cybercriminals. In March 2022, Mandiant researchers discovered threat actors using a shared Phishing-as-a-Service (PhaaS) platform called Caffeine. The experts noticed that the toolkit has an intuitive interface and supports multiple features that allow customers to easily arrange phishing campaigns. The service […] ]]> 2022-10-11T16:56:09+00:00 https://securityaffairs.co/wordpress/136953/cyber-crime/caffeine-phishing-platform.html www.secnews.physaphae.fr/article.php?IdArticle=7394579 False Threat None None Security Affairs - Blog Secu Threat actors behind the Emotet bot are continually improving their tactics, techniques, and procedures to avoid detection. VMware researchers have analyzed the supply chain behind the Emotet malware reporting that its operators are continually shifting their tactics, techniques, and procedures to avoid detection. The Emotet banking trojan has been active at least since 2014, the botnet is operated by […] ]]> 2022-10-11T10:40:22+00:00 https://securityaffairs.co/wordpress/136935/malware/emotet-evolution-ttps.html www.secnews.physaphae.fr/article.php?IdArticle=7390601 False Malware None None