This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-04-29T16:22:36+00:00 www.secnews.physaphae.fr Security Affairs - Blog Secu I’m proud to have contributed to the “European Cybersecurity in Context: A Policy-Oriented Comparative Analysis“ Worldwide connectivity has unleashed global digitalisation, creating cross-border social networks for communicating and spreading information. The use of digital identity for democratic procedures is becoming a reality and public services are shifting towards using digital tools to implement simplified procedures. […] ]]> 2022-08-22T18:07:52+00:00 https://securityaffairs.co/wordpress/134731/security/european-cybersecurity-in-context.html www.secnews.physaphae.fr/article.php?IdArticle=6474785 False None None None Security Affairs - Blog Secu Researchers shared details of an eight-year-old flaw dubbed DirtyCred, defined as nasty as Dirty Pipe, in the Linux kernel. Researchers from Northwestern University (Zhenpeng Lin  |  PhD Student,Yuhang Wu  |  PhD Student, Xinyu Xing  |  Associate Professor) disclosed an eight-year-old security vulnerability in the Linux kernel, dubbed DirtyCred, which they defined “as nasty as Dirty Pipe.” The Dirty Pipe flaw, tracked […] ]]> 2022-08-22T17:50:43+00:00 https://securityaffairs.co/wordpress/134719/security/linux-dirtycred-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6474464 False Vulnerability None None Security Affairs - Blog Secu On August 18, a Russian judge decided that Ilya Sachkov, founder and CEO of the Russian-led Group-IB, will remain in jail. Ilya Sachkov, founder and CEO of the Russian-led Group-IB will remain in jail following the judge's decision on August 18th after his defense team filed a complaint according to TASS (Russian Media Agency). Starting […] ]]> 2022-08-22T16:37:25+00:00 https://securityaffairs.co/wordpress/134714/cyber-crime/group-ib-ceo-ramains-jail.html www.secnews.physaphae.fr/article.php?IdArticle=6473839 False None None None Security Affairs - Blog Secu The Donot Team threat actor, aka APT-C-35, has added new capabilities to its Jaca Windows malware framework. The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries. In October 2021, a report released by the Amnesty International revealed that the […] ]]> 2022-08-22T06:47:28+00:00 https://securityaffairs.co/wordpress/134674/apt/donot-team-improves-jaca-framework.html www.secnews.physaphae.fr/article.php?IdArticle=6469702 False Malware None None Security Affairs - Blog Secu Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. DDoS Protection pages are associated with browser checks performed by WAF/CDN services which verify if the site visitor is a human or a bot. Recently security experts from Sucuri, spotted JavaScript injections targeting WordPress sites to display fake DDoS Protection pages […] ]]> 2022-08-21T23:56:05+00:00 https://securityaffairs.co/wordpress/134686/hacking/fake-ddos-protection-pages-wordpress.html www.secnews.physaphae.fr/article.php?IdArticle=6464198 False Malware None None Security Affairs - Blog Secu Threat actors have exploited a zero-day vulnerability in the General Bytes Bitcoin ATM servers to steal BTC from multiple customers. Threat actors have exploited a zero-day flaw in General Bytes Bitcoin ATM servers that allowed them to hijack transactions associated with deposits and withdrawal of funds. GENERAL BYTES is the world's largest Bitcoin, Blockchain, and […] ]]> 2022-08-21T17:40:20+00:00 https://securityaffairs.co/wordpress/134664/hacking/general-bytes-bitcoin-atm-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=6459309 False Vulnerability,Threat None None Security Affairs - Blog Secu A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. Grandoreiro is a modular backdoor that supports the following capabilities: Keylogging Auto-Updation for newer versions and modules Web-Injects and restricting access to specific […] ]]> 2022-08-21T08:35:30+00:00 https://securityaffairs.co/wordpress/134651/cyber-crime/grandoreiro-targest-mexico-spain.html www.secnews.physaphae.fr/article.php?IdArticle=6451974 False Malware None None Security Affairs - Blog Secu Hackers took control of a decommissioned satellite and broadcasted hacking conference talks and hacker movies.  During the latest edition of the DEF CON hacking conference held in Las Vegas, the group of white hat hackers Shadytel demonstrated how to take control of a satellite in geostationary orbit. The group used a satellite called Anik F1R, which […] ]]> 2022-08-21T07:18:34+00:00 https://securityaffairs.co/wordpress/134637/hacking/hackers-take-control-decommissioned-satellite.html www.secnews.physaphae.fr/article.php?IdArticle=6451155 False None None 4.0000000000000000 Security Affairs - Blog Secu The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 7 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added seven new flaws to its Known Exploited Vulnerabilities Catalog, including a critical SAP security vulnerability tracked as CVE-2022-22536. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday […] ]]> 2022-08-20T16:56:39+00:00 https://securityaffairs.co/wordpress/134633/hacking/cisa-7-news-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=6437754 False Vulnerability None None Security Affairs - Blog Secu TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America. The group is a small crime threat actor, that has been […] ]]> 2022-08-20T08:28:30+00:00 https://securityaffairs.co/wordpress/134622/cyber-crime/ta558-targets-hospitality-travel.html www.secnews.physaphae.fr/article.php?IdArticle=6430507 False Malware,Threat None None Security Affairs - Blog Secu Russia-linked APT group Cozy Bear continues to target Microsoft 365 accounts in NATO countries for cyberespionage purposes. Mandiant researchers reported that the Russia-linked Cozy Bear cyberespionage group (aka APT29, CozyDuke, and Nobelium), has targeted Microsoft 365 accounts in espionage campaigns. The experts pointed out that APT29 devised new advanced tactics, techniques, and procedures to evade detection. […] ]]> 2022-08-19T23:20:33+00:00 https://securityaffairs.co/wordpress/134609/apt/cozy-bear-targets-microsoft-365-users.html www.secnews.physaphae.fr/article.php?IdArticle=6422306 False None APT 29 None Security Affairs - Blog Secu US CISA added a critical SAP flaw to its Known Exploited Vulnerabilities Catalog after its details were disclosed at the Black Hat and Def Con conferences. The US Cybersecurity and Infrastructure Security Agency (CISA) added a critical SAP vulnerability, tracked as CVE-2022-22536, to its Known Exploited Vulnerabilities Catalog a few days after researchers shared details […] ]]> 2022-08-19T15:44:07+00:00 https://securityaffairs.co/wordpress/134603/security/cisa-sap-known-exploited-vulnerabilities-catalog.html www.secnews.physaphae.fr/article.php?IdArticle=6415364 False None None None Security Affairs - Blog Secu 2022-08-19T11:56:41+00:00 https://securityaffairs.co/wordpress/134588/hacking/amazon-ring-vulnerability-camera-recordings.html www.secnews.physaphae.fr/article.php?IdArticle=6411877 False Vulnerability None None Security Affairs - Blog Secu Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance. Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from malware and web-based attacks and provides application visibility and control. Cisco has addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2022-20871, that resides in the web management interface of AsyncOS for Cisco Secure Web […] ]]> 2022-08-19T09:04:18+00:00 https://securityaffairs.co/wordpress/134580/security/cisco-secure-web-appliance-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6409263 False Malware,Vulnerability None None Security Affairs - Blog Secu Threat actors are using the Bumblebee loader to compromise Active Directory services as part of post-exploitation activities. The Cybereason Global Security Operations Center (GSOC) Team analyzed a cyberattack that involved the Bumblebee Loader and detailed how the attackers were able to compromise the entire network. Most Bumblebee infections started by users executing LNK files which use a system binary to […] ]]> 2022-08-19T08:33:28+00:00 https://securityaffairs.co/wordpress/134569/malware/bumblebee-attack-chain.html www.secnews.physaphae.fr/article.php?IdArticle=6409264 False None None None Security Affairs - Blog Secu Estonia announced to have blocked a wave of cyber attacks conducted by Russian hackers against local institutions. Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced since 2007. The DDoS attacks targeted both public institutions and the private sector. The Pro-Russia hacker […] ]]> 2022-08-19T07:05:40+00:00 https://securityaffairs.co/wordpress/134560/cyber-warfare-2/estonia-blocked-cyberattacks-killnet.html www.secnews.physaphae.fr/article.php?IdArticle=6407512 False None None None Security Affairs - Blog Secu Apple released Safari 15.6.1 for macOS Big Sur and Catalina to address a zero-day vulnerability actively exploited in the wild. Safari 15.6.1 for macOS Big Sur and Catalina addressed an actively exploited zero-day vulnerability tracked as CVE-2022-32893. The flaw is an out-of-bounds write issue in WebKit and the IT giant fixed it with improved bounds […] ]]> 2022-08-18T22:37:20+00:00 https://securityaffairs.co/wordpress/134553/security/safari-15-6-1-fixes-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=6400536 False Vulnerability None None Security Affairs - Blog Secu Google announced to have blocked the largest ever HTTPs DDoS attack, which reached 46 million requests per second (RPS). Google announced to have blocked the largest ever HTTPs DDoS attack that hit one of its Cloud Armor customers. The IT giant revealed that the attack reached 46 million requests per second (RPS). The attack took […] ]]> 2022-08-18T17:57:36+00:00 https://securityaffairs.co/wordpress/134542/hacking/google-blocked-largest-ever-https-ddos.html www.secnews.physaphae.fr/article.php?IdArticle=6396622 False None None None Security Affairs - Blog Secu A new version of the BlackByte ransomware appeared in the threat landscape, version 2.0 uses extortion techniques similar to LockBit ones. BlackByte ransomware Version 2.0 appeared in the threat landscape after a short break, the latest version has a new data leak site. It is interesting to note that the group introduced some novelties in the […] ]]> 2022-08-18T15:24:11+00:00 https://securityaffairs.co/wordpress/134531/cyber-crime/blackbyte-ransomware-v2.html www.secnews.physaphae.fr/article.php?IdArticle=6395062 False Ransomware,Threat None 2.0000000000000000 Security Affairs - Blog Secu Apple addressed two zero-day vulnerabilities, exploited by threat actors, affecting iOS, iPadOS, and macOS devices. Apple this week released security updates for iOS, iPadOS, and macOS platforms to address two zero-day vulnerabilities exploited by threat actors. Apple did not share details about these attacks. The two flaws are: CVE-2022-32893 – An out-of-bounds issue in WebKit which. An attacker can trigger the […] ]]> 2022-08-18T08:36:30+00:00 https://securityaffairs.co/wordpress/134527/security/apple-zero-day-flaws-2.html www.secnews.physaphae.fr/article.php?IdArticle=6389742 False Threat None None Security Affairs - Blog Secu Exploit code for a critical vulnerability affecting networking devices using Realtek RTL819x system on a chip released online. The PoC exploit code for a critical stack-based buffer overflow issue, tracked as CVE-2022-27255 (CVSS 9.8), affecting networking devices using Realtek's RTL819x system on a chip was released online. The issue resides in the Realtek's SDK for […] ]]> 2022-08-18T07:10:57+00:00 https://securityaffairs.co/wordpress/134515/breaking-news/realtek-rce-poc-exploit.html www.secnews.physaphae.fr/article.php?IdArticle=6388999 False Vulnerability None None Security Affairs - Blog Secu A China-linked APT group named RedAlpha is behind a long-running mass credential theft campaign aimed at organizations worldwide. Recorded Future researchers attributed a long-running mass credential theft campaign to a Chinese nation-state actor tracked RedAlpha. The campaign targeted global humanitarian, think tank, and government organizations. Experts believe RedAlpha is a group of contractors conducting cyber-espionage activity on behalf of […] ]]> 2022-08-17T22:58:33+00:00 https://securityaffairs.co/wordpress/134519/apt/redalpha-china-credential-theft-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=6381201 False None None None Security Affairs - Blog Secu 2022-08-17T17:58:53+00:00 https://securityaffairs.co/wordpress/134508/malware/bugdrop-android-malware.html www.secnews.physaphae.fr/article.php?IdArticle=6377710 False None None None Security Affairs - Blog Secu Google addressed a dozen vulnerabilities in the Chrome browser, including the fifth Chrome zero-day flaw exploited this year. Google this week released security updates to address a dozen vulnerabilities in its Chrome browser for desktops including an actively exploited high-severity zero-day flaw in the wild. The actively exploited flaw, tracked as CVE-2022-2856, is an Insufficient validation […] ]]> 2022-08-17T17:01:18+00:00 https://securityaffairs.co/wordpress/134501/security/google-fifth-chrome-zero-day-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=6375990 False None None None Security Affairs - Blog Secu The North Korea-linked Lazarus Group has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets. ESET researchers continue to monitor a cyberespionage campaign, tracked as “Operation In(ter)ception,” that has been active at least since June 2020. The campaign targets employees working in the aerospace and military sectors and leverages […] ]]> 2022-08-17T08:31:52+00:00 https://securityaffairs.co/wordpress/134491/malware/north-korea-mac-malware-m1.html www.secnews.physaphae.fr/article.php?IdArticle=6369198 False Malware,Medical APT 38 None Security Affairs - Blog Secu Researchers uncovered a new flaw, dubbed ÆPIC, in Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. The ÆPIC Leak (CVE-2022-21233) is the first architecturally CPU bug that could lead to the disclosure of sensitive data and impacts most 10th, 11th and 12th generation Intel CPUs. ÆPIC Leak works on […] ]]> 2022-08-17T07:10:07+00:00 https://securityaffairs.co/wordpress/134478/security/aepic-leak-architecturally-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6368360 False Guideline None None Security Affairs - Blog Secu Zoom addressed two high-severity vulnerabilities in its macOS app that were disclosed at the DEF CON conference. Zoom last week released macOS updates to fix two high-severity flaws in its macOS app that were disclosed at the DEF CON conference. Technical details of the vulnerabilities were disclosed at the DEF CON conference by security researcher […] ]]> 2022-08-17T06:57:36+00:00 https://securityaffairs.co/wordpress/134468/security/zoom-macos-app-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=6367526 False None None None Security Affairs - Blog Secu A cyber attack disrupted the IT operations of South Staffordshire Water, a company supplying drinking water to 1.6M consumers daily. South Staffordshire Water has issued a statement confirming the security breach, the company pointed out that the attack did not impact the safety and water distribution systems. South Staffordshire Water plc known as South Staffs […] ]]> 2022-08-16T17:38:33+00:00 https://securityaffairs.co/wordpress/134450/cyber-crime/south-staffordshire-water-cyberattack.html www.secnews.physaphae.fr/article.php?IdArticle=6357085 False None None None Security Affairs - Blog Secu Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns. The Computer Emergency Response Team of Ukraine (CERT-UA) confirmed the ongoing cyber espionage campaign. Symantec and TrendMicro first discovered the Gamaredon […] ]]> 2022-08-16T08:15:55+00:00 https://securityaffairs.co/wordpress/134438/apt/gamaredon-continues-target-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=6349738 False Malware None None Security Affairs - Blog Secu For about 1,900 users, Twilio hackers could have attempted to re-register their number to another device or learned that their number was registered to Signal. Communication company Twilio provides Signal with phone number verification services, and recent security breach it has suffered had also impacted some users of the popular instant-messaging app. Twilio hackers could […] ]]> 2022-08-16T06:56:04+00:00 https://securityaffairs.co/wordpress/134428/mobile-2/twilio-hack-signal-impacy.html www.secnews.physaphae.fr/article.php?IdArticle=6348516 False None None None Security Affairs - Blog Secu Microsoft disrupted a hacking operation linked conducted by Russia-linked APT SEABORGIUM aimed at NATO countries. The Microsoft Threat Intelligence Center (MSTIC) has disrupted activity by SEABORGIUM (aka ColdRiver, TA446), a Russia-linked threat actor that is behind a persistent hacking campaign targeting people and organizations in NATO countries. SEABORGIUM has been active since at least 2017, […] ]]> 2022-08-15T21:46:10+00:00 https://securityaffairs.co/wordpress/134414/apt/seaborgiums-targets-nato.html www.secnews.physaphae.fr/article.php?IdArticle=6345368 False Threat None None Security Affairs - Blog Secu Researchers from threat intelligence firm Cyble reported a surge in attacks targeting virtual network computing (VNC). Virtual Network Computing (VNC) is a graphical desktop-sharing system that leverages the Remote Frame Buffer (RFB) protocol to control another machine remotely. It transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a […] ]]> 2022-08-15T18:01:21+00:00 https://securityaffairs.co/wordpress/134408/hacking/vnc-critical-infrastructures-at-risk.html www.secnews.physaphae.fr/article.php?IdArticle=6343492 False Threat None None Security Affairs - Blog Secu 2022-08-15T15:22:28+00:00 https://securityaffairs.co/wordpress/134392/malware/sova-android-malware-v5.html www.secnews.physaphae.fr/article.php?IdArticle=6342993 False Ransomware,Malware None None Security Affairs - Blog Secu Security Researchers discovered a new PyPI Package designed to drop fileless cryptominer to Linux systems. Sonatype researchers have discovered a new PyPI package named ‘secretslib‘ that drops fileless cryptominer to the memory of Linux machine systems. The package describes itself as “secrets matching and verification made easy,” it has a total of 93 downloads since […] ]]> 2022-08-15T08:16:31+00:00 https://securityaffairs.co/wordpress/134381/security/pypi-package-fileless-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=6337742 False Malware None None Security Affairs - Blog Secu China-linked threat actors Iron Tiger backdoored a version of the cross-platform messaging app MiMi to infect systems. Trend Micro researchers uncovered a new campaign conducted by a China-linked threat actor Iron Tiger that employed a  backdoored version of the cross-platform messaging app MiMi Chat App to infect Windows, Mac, and Linux systems. The Iron Tiger APT (aka Panda Emissary, […] ]]> 2022-08-15T07:02:20+00:00 https://securityaffairs.co/wordpress/134366/apt/iron-tiger-apt-is-behind-a-supply-chain-attack-that-employed-messaging-app-mimi.html www.secnews.physaphae.fr/article.php?IdArticle=6335813 False Threat APT 27 5.0000000000000000 Security Affairs - Blog Secu Flaws in Xiaomi Redmi Note 9T and Redmi Note 11 models could be exploited to disable the mobile payment mechanism and even forge transactions. Check Point researchers discovered the flaws while analyzing the payment system built into Xiaomi smartphones powered by MediaTek chips. Trusted execution environment (TEE) is an important component of mobile devices designed to process […] ]]> 2022-08-14T17:51:11+00:00 https://securityaffairs.co/wordpress/134331/hacking/xiaomi-phones-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6322896 False None None None Security Affairs - Blog Secu The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks. The Zeppelin ransomware first appeared on the threat landscape in November 2019 […] ]]> 2022-08-14T06:52:55+00:00 https://securityaffairs.co/wordpress/134350/cyber-crime/zeppelin-ransomware-joint-alert.html www.secnews.physaphae.fr/article.php?IdArticle=6311917 False Ransomware,Threat None None Security Affairs - Blog Secu Russian hacker group Killnet claims to have launched a DDoS attack on the aerospace and defense giant Lockheed Martin.  The Moscow Times first reported that the Pro-Russia hacker group Killnet is claiming responsibility for a recent DDoS attack that hit the aerospace and defense giant Lockheed Martin. The Killnet group also claims to have stolen […] ]]> 2022-08-13T16:51:53+00:00 https://securityaffairs.co/wordpress/134341/hacking/killnet-lockheed-martin.html www.secnews.physaphae.fr/article.php?IdArticle=6297861 False None None None Security Affairs - Blog Secu Researchers discovered a flaw in three signed third-party UEFI boot loaders that allow bypass of the UEFI Secure Boot feature. Researchers from hardware security firm Eclypsium have discovered a vulnerability in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that can be exploited to bypass the UEFI Secure Boot feature. Secure Boot is […] ]]> 2022-08-13T09:39:35+00:00 https://securityaffairs.co/wordpress/134334/hacking/uefi-secure-boot-feature-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6290775 False Vulnerability None None Security Affairs - Blog Secu Threat actors are exploiting an authentication bypass Zimbra flaw, tracked as CVE-2022-27925, to hack Zimbra Collaboration Suite email servers worldwide. An authentication bypass affecting Zimbra Collaboration Suite, tracked as CVE-2022-27925, is actively exploited to hack ZCS email servers worldwide. Zimbra is an email and collaboration platform used by more than 200,000 businesses from over 140 countries. Yesterday, August 11, CISA has […] ]]> 2022-08-12T08:00:43+00:00 https://securityaffairs.co/wordpress/134314/hacking/zimbra-rce-actively-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=6265951 False Hack None None Security Affairs - Blog Secu The Conti ransomware gang is using BazarCall phishing attacks as an initial attack vector to access targeted networks. BazarCall attack, aka call back phishing, is an attack vector that utilizes targeted phishing methodology and was first used by the Ryuk ransomware gang in 2020/2021. The BazarCall attack chain is composed of the following stages: Stage […] ]]> 2022-08-12T06:25:03+00:00 https://securityaffairs.co/wordpress/134302/cyber-crime/bazarcall-revolutionized-ransomware-operations.html www.secnews.physaphae.fr/article.php?IdArticle=6265094 False Ransomware None None Security Affairs - Blog Secu Palo Alto Networks devices running the PAN-OS are abused to launch reflected amplification denial-of-service (DoS) attacks. Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 (CVSS score of 8.6), in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service (DoS) attacks. The vendor has learned that firewalls from multiple vendors are abused to […] ]]> 2022-08-11T17:58:58+00:00 https://securityaffairs.co/wordpress/134295/security/palo-alto-networks-pan-os-dos.html www.secnews.physaphae.fr/article.php?IdArticle=6253782 False Threat None None Security Affairs - Blog Secu A former Twitter employee was found guilty of spying on certain Twitter users for Saudi Arabia. A former Twitter employee, Ahmad Abouammo (44), was found guilty of gathering private information of certain Twitter users and passing them to Saudi Arabia. “Ahmad Abouammo, a US resident born in Egypt, was found guilty by a jury Tuesday […] ]]> 2022-08-11T05:50:14+00:00 https://securityaffairs.co/wordpress/134266/intelligence/ex-twitter-employee-guilty.html www.secnews.physaphae.fr/article.php?IdArticle=6244328 False None None None Security Affairs - Blog Secu Cisco addressed a high severity flaw, tracked as CVE-2022-20866, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco addressed a high severity vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The flaw, tracked as CVE-2022-20866, impacts the handling of RSA keys on devices running Cisco ASA Software and […] ]]> 2022-08-11T05:47:24+00:00 https://securityaffairs.co/wordpress/134287/security/cisco-flaw-asa-ftd.html www.secnews.physaphae.fr/article.php?IdArticle=6244329 False Vulnerability,Threat None None Security Affairs - Blog Secu Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat […] ]]> 2022-08-10T21:20:53+00:00 https://securityaffairs.co/wordpress/134278/hacking/yanluowang-ransomware-hacked-cisco.html www.secnews.physaphae.fr/article.php?IdArticle=6236967 False Ransomware,Threat None None Security Affairs - Blog Secu 70% of Large enterprises that previously addressed the Log4j flaw are still struggling to patch Log4j-vulnerable assets. INTRODUCTION In December 2021 security teams scrambled to find Log4j-vulnerable assets and patch them. Eight months later many Global 2000 firms are still fighting to mitigate the digital assets and business risks associated with Log4j. The ease of […] ]]> 2022-08-10T17:17:14+00:00 https://securityaffairs.co/wordpress/134262/hacking/risky-business-enterprises-cant-shake-log4j-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6233613 False None None None Security Affairs - Blog Secu 2022-08-10T15:14:01+00:00 https://securityaffairs.co/wordpress/134253/malware/pypi-malicious-packages-3.html www.secnews.physaphae.fr/article.php?IdArticle=6231955 False Threat None None Security Affairs - Blog Secu Cloudflare revealed that at least 76 employees and their family members were targeted by smishing attacks similar to the one that hit Twilio. The content delivery network and DDoS mitigation company Cloudflare revealed this week that at least 76 employees and their family members received text messages on their personal and work phones. According to […] ]]> 2022-08-10T13:48:54+00:00 https://securityaffairs.co/wordpress/134237/hacking/twilio-hackers-hit-cloudflare-employees.html www.secnews.physaphae.fr/article.php?IdArticle=6230310 False Data Breach None None Security Affairs - Blog Secu US Critical Infrastructure Security Agency (CISA) adds vulnerabilities in the UnRAR utility to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed security flaw, tracked as CVE-2022-30333 (CVSS score: 7.5), in the UnRAR utility to its Known Exploited Vulnerabilities Catalog. The CVE-2022-30333 flaw is a path traversal […] ]]> 2022-08-10T10:39:16+00:00 https://securityaffairs.co/wordpress/134230/security/cisa-unrar-windows-catalog.html www.secnews.physaphae.fr/article.php?IdArticle=6227846 True None None None Security Affairs - Blog Secu VMware warns of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw in multiple products. VMware warns its customers of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw, tracked as CVE-2022-31656, in multiple products. The flaw was discovered by security researcher Petrus Viet from VNG Security, […] ]]> 2022-08-10T07:46:08+00:00 https://securityaffairs.co/wordpress/134222/security/vmware-poc-code-cve-2022-31656.html www.secnews.physaphae.fr/article.php?IdArticle=6225454 False None None None Security Affairs - Blog Secu Microsoft Patch Tuesday security updates for August 2022 addressed a zero-day attack remote code execution vulnerability in Windows. Microsoft Patch Tuesday security updates for August 2022 addressed 118 CVEs in multiple products, including .NET Core, Active Directory Domain Services, Azure Batch Node Agent, Azure Real Time Operating System, Azure Site Recovery, Azure Sphere, Microsoft ATA […] ]]> 2022-08-09T21:25:56+00:00 https://securityaffairs.co/wordpress/134211/security/microsoft-patch-tuesday-august-2022.html www.secnews.physaphae.fr/article.php?IdArticle=6217272 False Vulnerability None None Security Affairs - Blog Secu Cybersecurity researchers from Kaspersky linked the Maui ransomware to the North Korea-backed Andariel APT group. Kaspersky linked with medium confidence the Maui ransomware operation to the North Korea-backed APT group Andariel, which is considered a division of the Lazarus APT Group,  North Korean nation-state actors used Maui ransomware to encrypt servers providing healthcare services, including electronic […] ]]> 2022-08-09T17:04:09+00:00 https://securityaffairs.co/wordpress/134195/malware/maui-ransomware-andariel-apt.html www.secnews.physaphae.fr/article.php?IdArticle=6213659 False Ransomware APT 38 None Security Affairs - Blog Secu China-linked threat actors targeted dozens of industrial enterprises and public institutions in Afghanistan and Europe. In January 2022, researchers at Kaspersky ICS CERT uncovered a series of targeted attacks on military industrial enterprises and public institutions in Afghanistan and East Europe. The attackers breached dozens of enterprises and in some cases compromised their IT infrastructure, […] ]]> 2022-08-09T14:52:06+00:00 https://securityaffairs.co/wordpress/134180/apt/china-apt-attacks-industrial-enterprises.html www.secnews.physaphae.fr/article.php?IdArticle=6212250 False Threat None None Security Affairs - Blog Secu The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the crypto mixer service Tornado Cash used by North Korea. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned the crypto mixer service Tornado Cash used by North Korean-linked Lazarus APT Group. The mixers are essential components for cybercriminals that use […] ]]> 2022-08-09T10:28:00+00:00 https://securityaffairs.co/wordpress/134168/cyber-crime/us-treasury-sanctioned-tornado-cash.html www.secnews.physaphae.fr/article.php?IdArticle=6209517 False None APT 38 None Security Affairs - Blog Secu Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. For this first one, I’ll briefly introduce some crucial topics to […] ]]> 2022-08-09T09:17:18+00:00 https://securityaffairs.co/wordpress/134164/malware/malicious-file-analysis-es-01.html www.secnews.physaphae.fr/article.php?IdArticle=6209165 False None None None Security Affairs - Blog Secu Experts spotted a new botnet named Orchard using Bitcoin creator Satoshi Nakamoto’s account information to generate malicious domains. 360 Netlab researchers recently discovered a new botnet named Orchard that uses Satoshi Nakamoto’s Bitcoin account (1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa) transaction information to generate DGA domain name. “Another change relates to the use of the DGA algorithm employed in the […] ]]> 2022-08-08T22:24:24+00:00 https://securityaffairs.co/wordpress/134155/malware/orchard-botnet.html www.secnews.physaphae.fr/article.php?IdArticle=6206413 False None None None Security Affairs - Blog Secu Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack. Communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. The attackers accessed company systems using employee credentials obtained through a sophisticated SMS phishing attack. Twilio is […] ]]> 2022-08-08T18:16:46+00:00 https://securityaffairs.co/wordpress/134147/data-breach/twilio-discloses-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=6204814 True Data Breach,Threat None None Security Affairs - Blog Secu LogoKit – Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing campaigns. Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company providing managed threat detection and response for Fortune 500’s, identified threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters […] ]]> 2022-08-08T15:11:18+00:00 https://securityaffairs.co/wordpress/134141/hacking/logokit-phishing-open-redirect.html www.secnews.physaphae.fr/article.php?IdArticle=6203650 False Spam,Threat None None Security Affairs - Blog Secu Threat actors abuse open redirects on Snapchat and American Express to launch phishing attacks against Microsoft 365 users. Attackers abused open redirects on the websites of Snapchat and American Express as part of a phishing campaign targeting Microsoft 365 users. The term Open URL redirection, open redirects, refers to a security issue that makes it […] ]]> 2022-08-08T05:53:48+00:00 https://securityaffairs.co/wordpress/134131/cyber-crime/snapchat-amex-open-redirects-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=6197161 False None None None Security Affairs - Blog Secu Microsoft is actively blocking Tutanota email addresses from registering a Microsoft Teams account. Tutanota is an end-to-end encrypted email app and a freemium secure email service, as of March 2017, Tutanota’s owners claimed to have over 2 million users. The news is that Microsoft is actively blocking Tutanota email addresses from registering a Microsoft Teams […] ]]> 2022-08-08T05:51:15+00:00 https://securityaffairs.co/wordpress/134124/digital-id/microsoft-block-tutanota-email-addresses.html www.secnews.physaphae.fr/article.php?IdArticle=6197162 False None None None Security Affairs - Blog Secu A massive cyberattack hit the website of the German Chambers of Industry and Commerce (DIHK) this week. A massive attack hit the website of the German Chambers of Industry and Commerce (DIHK) forcing the organization to shut down its IT systems as a precautionary measure for security reasons. “Due to a possible cyber attack, the […] ]]> 2022-08-07T16:37:20+00:00 https://securityaffairs.co/wordpress/134121/hacking/dihk-cyberattack.html www.secnews.physaphae.fr/article.php?IdArticle=6187132 False None None None Security Affairs - Blog Secu Researchers spotted a new family of ransomware, named GwisinLocker, that encrypts Windows and Linux ESXi servers. Researchers warn of a new ransomware called GwisinLocker which is able to encrypt Windows and Linux ESXi servers. The ransomware targets South Korean healthcare, industrial, and pharmaceutical companies, its name comes from the name of the author ‘Gwisin’ (ghost […] ]]> 2022-08-07T12:24:54+00:00 https://securityaffairs.co/wordpress/134105/cyber-crime/gwisinlocker-ransowmare-south-korea.html www.secnews.physaphae.fr/article.php?IdArticle=6184024 False Ransomware None None Security Affairs - Blog Secu Greek intelligence admitted it had spied on a journalist, while citizens ask the government to reveal the use of surveillance malware. The head of the Greek intelligence told a parliamentary committee that they had spied on a journalist with surveillance malware, Reuters reported citing two sources present. The revelation comes while media and journalists are […] ]]> 2022-08-06T20:46:41+00:00 https://securityaffairs.co/wordpress/134097/intelligence/greek-intelligence-surveillance-malware.html www.secnews.physaphae.fr/article.php?IdArticle=6170155 False Malware None None Security Affairs - Blog Secu Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created or revoked a shared invitation link for their workspace Slack announced that it is resetting passwords for about 0.5% of its users after a bug exposed salted password hashes when creating or revoking shared invitation […] ]]> 2022-08-06T18:06:07+00:00 https://securityaffairs.co/wordpress/134094/security/slack-resets-passwords-bug.html www.secnews.physaphae.fr/article.php?IdArticle=6168324 False None None None Security Affairs - Blog Secu Twitter confirmed that the recent data breach that exposed data of 5.4 million accounts was caused by the exploitation of a zero-day flaw. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered […] ]]> 2022-08-05T22:08:30+00:00 https://securityaffairs.co/wordpress/134087/data-breach/twitter-zero-day-data-leak.html www.secnews.physaphae.fr/article.php?IdArticle=6150012 False Data Breach,Vulnerability,Threat None None Security Affairs - Blog Secu 2022-08-05T20:45:30+00:00 https://securityaffairs.co/wordpress/134073/hacking/dark-utilities-c2-as-a-service.html www.secnews.physaphae.fr/article.php?IdArticle=6148312 False None None None Security Affairs - Blog Secu The U.S. DHS warns of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. The Department of Homeland Security (DHS) warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. Threat actors could exploit the flaws to send fake emergency alerts via TV, radio networks, and cable networks. The Emergency Alert System […] ]]> 2022-08-05T14:10:06+00:00 https://securityaffairs.co/wordpress/134067/hacking/emergency-alert-system-bugs-alert.html www.secnews.physaphae.fr/article.php?IdArticle=6143532 True Threat None None Security Affairs - Blog Secu US Critical Infrastructure Security Agency (CISA) adds a recently disclosed flaw in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed flaw in the Zimbra email suite, tracked as CVE-2022-27924, to its Known Exploited Vulnerabilities Catalog. In middle June, researchers from Sonarsource discovered […] ]]> 2022-08-05T13:03:38+00:00 https://securityaffairs.co/wordpress/134058/security/zimbra-known-exploited-vulnerabilities-catalog.html www.secnews.physaphae.fr/article.php?IdArticle=6141995 False None None 2.0000000000000000 Security Affairs - Blog Secu A threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor. Cybersecurity firm Deepwatch reported that a threat actor, tracked as TAC-040, has likely exploited the CVE-2022-26134 flaw in Atlassian Confluence servers to deploy a previously undetected backdoor dubbed Ljl Backdoor. The attackers exploited the flaw in an attack […] ]]> 2022-08-05T08:49:59+00:00 https://securityaffairs.co/wordpress/134033/hacking/tac-040-ljl-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=6138932 False Threat None None Security Affairs - Blog Secu An unknown threat actor is targeting Russian organizations with a new remote access trojan called Woody RAT. Malwarebytes researchers observed an unknown threat actor targeting Russian organizations with a new remote access trojan called Woody RAT. The attackers were delivering the malware using archive files and Microsoft Office documents exploiting the Follina Windows flaw (CVE-2022-30190). The assumption […] ]]> 2022-08-04T19:13:13+00:00 https://securityaffairs.co/wordpress/134014/intelligence/woody-rat-targets-russia-orgs.html www.secnews.physaphae.fr/article.php?IdArticle=6128945 False Malware,Threat None None Security Affairs - Blog Secu A critical flaw in multiple models of DrayTek Vigor routers can allow unauthenticated, remote attackers to fully compromise affected devices. Tens of router models from Taiwanese SOHO manufacturer DrayTek are affected by a critical, unauthenticated, remote code execution vulnerability, tracked as CVE-2022-32548, that can be exploited to fully compromise a vulnerable device and gain unauthorized […] ]]> 2022-08-04T16:48:56+00:00 https://securityaffairs.co/wordpress/134007/hacking/draytek-vigor-routers-rce.html www.secnews.physaphae.fr/article.php?IdArticle=6126753 False None None None Security Affairs - Blog Secu Taiwan government websites were temporarily forced offline by cyber attacks during the visit to Taipei of US House Speaker Nancy Pelosi. Major Taiwan government websites were temporarily forced offline by distributed denial of service (DDoS) attacks attacks during the visit to Taipei of US House Speaker Nancy Pelosi. The cyber attacks forced offline the government […] ]]> 2022-08-04T12:50:29+00:00 https://securityaffairs.co/wordpress/133997/breaking-news/taiwan-hit-cyberattacks.html www.secnews.physaphae.fr/article.php?IdArticle=6123820 False None None None Security Affairs - Blog Secu The cryptocurrency bridge Nomad is the last victim of a cyber heist, threat actors stole almost $200 million of its funds. Another crypto heist made the headlines, threat actors stole nearly $200 million worth of cryptocurrency from the bridge Nomad. Nomad Bridge is a cross-chain bridge between Ethereum, Moonbeam, Avalanche, Evmos and Milkomeda. The project […] ]]> 2022-08-04T11:21:00+00:00 https://securityaffairs.co/wordpress/133988/hacking/nomad-cyber-heist.html www.secnews.physaphae.fr/article.php?IdArticle=6123096 False Threat None None Security Affairs - Blog Secu Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. The flaw resides in the web-based management interface of several Small Business VPN routers, including Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. […] ]]> 2022-08-04T07:37:25+00:00 https://securityaffairs.co/wordpress/133984/security/cisco-small-business-vpn-routers-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=6120254 False None None None Security Affairs - Blog Secu Semikron, a German-based independent manufacturer of power semiconductor components, suffered a ransomware cyberattck. Semikron is a German-based independent manufacturer of power semiconductor components, it employs more than 3,000 people in 24 subsidiaries worldwide, with production sites in Germany, Brazil, China, France, India, Italy, Slovakia and the USA. The company confirmed it has suffered a cyberattack conducted by a professional […] ]]> 2022-08-03T18:34:37+00:00 https://securityaffairs.co/wordpress/133975/cyber-crime/semikron-cyber-attack.html www.secnews.physaphae.fr/article.php?IdArticle=6110723 False Ransomware None None Security Affairs - Blog Secu Researchers spotted a Chinese threat actors using a new offensive framework called Manjusaka which is similar to Cobalt Strike. Talos researchers observed a Chinese threat actor using a new offensive framework called Manjusaka (which can be translated to “cow flower” from the Simplified Chinese writing) that is similar to Sliver and Cobalt Strike tools. The […] ]]> 2022-08-03T17:15:45+00:00 https://securityaffairs.co/wordpress/133953/hacking/manjusaka-attack-tool.html www.secnews.physaphae.fr/article.php?IdArticle=6109996 False Tool,Threat None None Security Affairs - Blog Secu Google addressed a critical vulnerability in Android OS, tracked as CVE-2022-20345, that can be exploited to achieve remote code execution over Bluetooth. Google has fixed a critical vulnerability, tracked as CVE-2022-20345, that affects the Android System component. The IT giant has fixed the flaw with the release of Android 12 and 12L updates. Google did […] ]]> 2022-08-03T15:45:18+00:00 https://securityaffairs.co/wordpress/133956/security/android-critical-flaw-cve-2022-20345.html www.secnews.physaphae.fr/article.php?IdArticle=6108550 False Vulnerability None None Security Affairs - Blog Secu Many experts often overlook hardware based security and its vital importance in establishing a secure workspace. When it comes to cybersecurity, everyone likes to talk about software and the dangers that it poses. However, people often overlook hardware-based security and its vital importance in establishing a secure workspace. This is attributed to a general lack […] ]]> 2022-08-03T07:22:45+00:00 https://securityaffairs.co/wordpress/133948/security/busting-the-myths-of-hardware-based-security.html www.secnews.physaphae.fr/article.php?IdArticle=6102923 False None None None Security Affairs - Blog Secu VMware patched a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. VMware has addressed a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. An unauthenticated attacker can exploit the vulnerability to gain admin privileges. “A malicious actor with network access to the […] ]]> 2022-08-02T17:29:31+00:00 https://securityaffairs.co/wordpress/133938/security/vmware-critical-flaws-3.html www.secnews.physaphae.fr/article.php?IdArticle=6092888 False Vulnerability None None Security Affairs - Blog Secu An affiliate of the LockBit 3.0 RaaS operation has been abusing the Windows Defender command-line tool to deploy Cobalt Strike payloads. During a recent investigation, SentinelOne researchers observed threat actors associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation abusing the Windows Defender command line tool MpCmdRun.exe to decrypt and load Cobalt Strike payloads. The attackers initially compromise the target […] ]]> 2022-08-02T12:30:55+00:00 https://securityaffairs.co/wordpress/133925/cyber-crime/lockbit-3-0-abuse-windows-defender.html www.secnews.physaphae.fr/article.php?IdArticle=6089536 False Tool,Threat None None Security Affairs - Blog Secu Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. Gootkit runs on an access-a-as-a-service model, it is used by different groups to drop additional malicious payloads on the compromised systems. Gootkit has been known to use fileless techniques to deliver threats such as the SunCrypt, and REvil (Sodinokibi) ransomware, Kronos trojans, […] ]]> 2022-08-02T07:44:54+00:00 https://securityaffairs.co/wordpress/133918/malware/gootkit-is-still-active.html www.secnews.physaphae.fr/article.php?IdArticle=6086658 False Malware None 2.0000000000000000 Security Affairs - Blog Secu Austria is investigating a report that an Austrian firm DSIRF developed spyware targeting law firms, banks and consultancies. At the end of July, Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows […] ]]> 2022-08-02T07:34:52+00:00 https://securityaffairs.co/wordpress/133911/malware/austria-investigates-dsirf-firm.html www.secnews.physaphae.fr/article.php?IdArticle=6086659 False Threat None 2.0000000000000000 Security Affairs - Blog Secu The ALPHV/BlackCat ransomware gang claims to have breached the European gas pipeline Creos Luxembourg S.A. The ALPHV/BlackCat ransomware gang claims to have hacked the European gas pipeline Creos Luxembourg S.A. Creos Luxembourg S.A. owns and manages electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg. In this capacity, the company plans, constructs […] ]]> 2022-08-01T18:26:37+00:00 https://securityaffairs.co/wordpress/133899/cyber-crime/alphv-blackcat-ransomware-creos-luxembourg.html www.secnews.physaphae.fr/article.php?IdArticle=6081290 False Ransomware None None Security Affairs - Blog Secu An Australian national has been charged for the creation and sale of the Imminent Monitor (IM) spyware, which was also used for criminal purposes. The 24-year-old Australian national Jacob Wayne John Keen has been charged for his alleged role in the development and sale of spyware known as Imminent Monitor (IM). The Australian Federal Police (AFP) launched […] ]]> 2022-08-01T16:19:00+00:00 https://securityaffairs.co/wordpress/133893/cyber-crime/imminent-monitor-spyware-author-arrested.html www.secnews.physaphae.fr/article.php?IdArticle=6080318 False None None 5.0000000000000000 Security Affairs - Blog Secu A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563 vulnerability impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The issue affects Dahua’s implementation of the Open Network Video Interface Forum (ONVIF). ONVIF provides and promotes standardized interfaces for effective […] ]]> 2022-08-01T06:43:37+00:00 https://securityaffairs.co/wordpress/133877/security/dahua-severe-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6073397 False Vulnerability None None Security Affairs - Blog Secu The Federal Communications Commission (FCC) warned Americans of the rising threat of smishing (robotexts) attacks. The Federal Communications Commission (FCC) issued an alert to warn Americans of the rising threat of smishing (robotexts) attacks aimed at stealing their personal information or for financial scams. “The FCC's Robocall Response Team is alerting consumers to the rising […] ]]> 2022-08-01T06:13:32+00:00 https://securityaffairs.co/wordpress/133865/cyber-crime/fcc-warns-smishing-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=6073398 False Threat None None Security Affairs - Blog Secu North Korea-linked threat actor SharpTongue is using a malicious extension on Chromium-based web browsers to spy on victims’ email accounts. North Korea-linked actor SharpTongue has been using a malicious extension on Chromium-based web browsers to spy on victims’ Gmail and AOL email accounts. Researchers from cybersecurity firm Volexity tracked the threat actors as SharpTongue, but […] ]]> 2022-07-31T08:43:16+00:00 https://securityaffairs.co/wordpress/133837/apt/sharptongue-spy-gmail-aol.html www.secnews.physaphae.fr/article.php?IdArticle=6053086 False Threat None None Security Affairs - Blog Secu 2022-07-30T19:40:21+00:00 https://securityaffairs.co/wordpress/133827/malware/enisa-threat-landscape-for-ransomware-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=6040800 False Ransomware,Threat None None Security Affairs - Blog Secu US Critical Infrastructure Security Agency (CISA) adds the critical Confluence flaw, tracked as CVE-2022-26138, to its Known Exploited Vulnerabilities Catalog. US CISA has added the recently disclosed Confluence vulnerability, tracked as CVE-2022-26138, to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation. According to Binding Operational Directive (BOD) […] ]]> 2022-07-30T17:44:15+00:00 https://securityaffairs.co/wordpress/133819/security/cisa-confluence-cve-2022-26138-catalog.html www.secnews.physaphae.fr/article.php?IdArticle=6038918 True None None None Security Affairs - Blog Secu Microsoft linked the recently discovered Raspberry Robin Windows malware to the notorious Evil Corp operation. On July 26, 2022, Microsoft researchers discovered that the FakeUpdates malware was being distributed via Raspberry Robin malware. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code […] ]]> 2022-07-29T13:55:57+00:00 https://securityaffairs.co/wordpress/133810/cyber-crime/raspberry-robin-linked-evil-corp.html www.secnews.physaphae.fr/article.php?IdArticle=6012569 False Malware None None Security Affairs - Blog Secu Passwords no longer meet the demands of today's identity and access requirements. Therefore, strong authentication methods are needed. “Usernames and passwords are insufficient and vulnerable means of authentication on their own; therefore, it is essential to employ strong authentication techniques like multi-factor authentication (MFA) to confirm users’ identities before granting secure access to resources,” Sarah […] ]]> 2022-07-29T12:29:53+00:00 https://securityaffairs.co/wordpress/133807/security/strong-authentication.html www.secnews.physaphae.fr/article.php?IdArticle=6011662 False None None None Security Affairs - Blog Secu Threat actors are actively exploiting the recently patched critical flaw in Atlassian Confluence Server and Data Center Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers. Once installed the Questions […] ]]> 2022-07-29T11:27:26+00:00 https://securityaffairs.co/wordpress/133798/hacking/atlassian-cve-2022-26138-actively-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=6010742 True Vulnerability None None Security Affairs - Blog Secu Threat actors used multiple npm packages to target Discord users with malware designed to steal their payment card data. A malicious campaign targeting Discord users leverages multiple npm packages to deliver malware that steals their payment card information, Kaspersky researchers warn. The malicious code hidden in the packages, and tracked as Lofy Stealer, is a […] ]]> 2022-07-29T08:06:44+00:00 https://securityaffairs.co/wordpress/133795/cyber-crime/malware-npm-packages-discord.html www.secnews.physaphae.fr/article.php?IdArticle=6008014 True Malware None None Security Affairs - Blog Secu This month Akamai blocked the largest distributed denial-of-service (DDoS) attack that hit an organization in Europe. On July 21, 2022, Akamai mitigated the largest DDoS attack that ever hit one of its European customers. The attack hit an Akamai customer in Eastern Europe that was targeted 75 times in the past 30 days with multiple […] ]]> 2022-07-28T20:59:37+00:00 https://securityaffairs.co/wordpress/133780/hacking/largest-ddos-attack-europe.html www.secnews.physaphae.fr/article.php?IdArticle=5997073 False None None None Security Affairs - Blog Secu LibreOffice maintainers addressed three security flaws in their productivity software, including an arbitrary code execution issue. LibreOffice is an open-source office productivity software suite, a project of The Document Foundation (TDF). LibreOffice maintainers addressed three security flaws in their suit, including an arbitrary code execution issue tracked as CVE-2022-26305. The CVE-2022-26305 flaw is classified as the execution of untrusted […] ]]> 2022-07-28T18:45:08+00:00 https://securityaffairs.co/wordpress/133775/security/libreoffice-flaws-2.html www.secnews.physaphae.fr/article.php?IdArticle=5995253 False None None None Security Affairs - Blog Secu Threat actors are devising new attack tactics in response to Microsoft’s decision to block Macros by default. In response to Microsoft’s decision steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default in Microsoft Office applications, threat actors are adopting new attack techniques. Researchers from Proofpoint reported that […] ]]> 2022-07-28T17:34:58+00:00 https://securityaffairs.co/wordpress/133764/hacking/attacks-after-microsoft-blocked-macros.html www.secnews.physaphae.fr/article.php?IdArticle=5994369 False Threat None None Security Affairs - Blog Secu ENISA published a report that includes anonymised and aggregated information about major telecom security incidents in 2021. ENISA published a report that provides anonymized and aggregated information about major telecom security incidents in 2021. Every European telecom operator that suffers a security incident, notifies its national authorities which share a summary of these reports to […] ]]> 2022-07-28T15:01:14+00:00 https://securityaffairs.co/wordpress/133756/reports/telecom-security-incidents-2021-enisa.html www.secnews.physaphae.fr/article.php?IdArticle=5991725 False None None None Security Affairs - Blog Secu Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. The […] ]]> 2022-07-28T11:04:36+00:00 https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html www.secnews.physaphae.fr/article.php?IdArticle=5988226 False Malware,Threat None None Security Affairs - Blog Secu The Spanish police arrested two individuals accused to have hacked the country’s radioactivity alert network (RAR) in 2021. The Spanish police have arrested two men suspected to be the hackers behind cyberattacks that hit the country’s radioactivity alert network (RAR) between March and June 2021. The RAR system is a mesh of gamma radiation detection […] ]]> 2022-07-28T07:57:27+00:00 https://securityaffairs.co/wordpress/133737/cyber-crime/radioactivity-alert-network-hacker-arrested.html www.secnews.physaphae.fr/article.php?IdArticle=5985645 False None None None Security Affairs - Blog Secu Threat actors are increasingly abusing Internet Information Services (IIS) extensions to maintain persistence on target servers. Microsoft warns of threat actors that are increasingly abusing Internet Information Services (IIS) extensions to establish covert backdoors into servers and maintain persistence in the target networks. IIS backdoors are also hard to detect because they follow the same […] ]]> 2022-07-27T20:17:57+00:00 https://securityaffairs.co/wordpress/133727/hacking/iis-extensions-backdoors.html www.secnews.physaphae.fr/article.php?IdArticle=5975762 False Threat None None