This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-08T02:33:34+00:00 www.secnews.physaphae.fr Security Affairs - Blog Secu This is a transcription of an interview I had at Iran International broadcaster, I discussed about the role of social media in modern society. What’s the Middle East government’s role on Cyber bullying towards opposition activists? Middle East governments play a crucial role in cyberbullying against the opposition. Several independent organizations for the protection of […] ]]> 2022-07-02T19:59:23+00:00 https://securityaffairs.co/wordpress/132810/social-networks/the-role-of-social-media.html www.secnews.physaphae.fr/article.php?IdArticle=5519068 False None None None Security Affairs - Blog Secu Researchers shared technical details and proof-of-concept exploit code for the CVE-2022-28219 flaw in Zoho ManageEngine ADAudit Plus tool. Security researchers from Horizon3.ai have published technical details and proof-of-concept exploit code for a critical vulnerability, tracked as CVE-2022-28219 (CVSS 9.8 out of 10), in the Zoho ManageEngine ADAudit Plus tool. The tool allows monitoring activities of […] ]]> 2022-07-02T19:41:06+00:00 https://securityaffairs.co/wordpress/132797/hacking/zoho-manageengine-adaudit-plus-rce.html www.secnews.physaphae.fr/article.php?IdArticle=5519069 False Tool None None Security Affairs - Blog Secu A cyber attack forced the American publishing giant Macmillan to shut down its IT systems.  The publishing giant Macmillan has been hit by a cyberattack that forced the company to shut down its IT infrastructure to prevent the threat from spreading within its network. The company spokesman Erin Coffey told different media outlets that attackers have encrypted […] ]]> 2022-07-02T05:03:39+00:00 https://securityaffairs.co/wordpress/132792/cyber-crime/macmillan-ransomware-attack.html www.secnews.physaphae.fr/article.php?IdArticle=5505715 False Ransomware,Threat None None Security Affairs - Blog Secu Researchers warn of a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. Researchers from Kaspersky Lab have discovered a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. “In early 2022, we investigated one such IIS backdoor: SessionManager. In late April 2022, […] ]]> 2022-07-01T20:24:31+00:00 https://securityaffairs.co/wordpress/132783/malware/sessionmanager-backdoor-ms-iis.html www.secnews.physaphae.fr/article.php?IdArticle=5498351 False None None None Security Affairs - Blog Secu Microsoft spotted a cloud threat actor tracked as 8220 that is now targeting Linux servers in a long-running cryptomining campaign. Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group, tracked as 8220, that is now targeting Linux servers to install crypto miners. “We observed notable updates to […] ]]> 2022-07-01T14:44:34+00:00 https://securityaffairs.co/wordpress/132777/cyber-crime/8220-cryptomining-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=5493209 False Threat None None Security Affairs - Blog Secu Norway’s National Security Authority (NSM) confirmed that a DDoS attack took down some of the country’s most important websites. Norway’s National Security Authority (NSM) confirmed that some of the country’s most important websites and online services were taken down by a massive DDoS attack conducted by a pro-Russian group. NSM did not explicitly attribute the […] ]]> 2022-07-01T06:06:02+00:00 https://securityaffairs.co/wordpress/132765/hacking/legion-ddos-norway.html www.secnews.physaphae.fr/article.php?IdArticle=5484767 False None None None Security Affairs - Blog Secu Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware, the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4. “The Korea Internet & Security Agency (KISA) is distributing […] ]]> 2022-06-30T23:00:44+00:00 https://securityaffairs.co/wordpress/132770/malware/hive-ransomware-decryptor.html www.secnews.physaphae.fr/article.php?IdArticle=5477848 False Ransomware None None Security Affairs - Blog Secu North Korea-linked Lazarus APT group is suspected to be behind the recent hack of the Harmony Horizon Bridge. Recently, threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms.  Harmony's […] ]]> 2022-06-30T17:58:47+00:00 https://securityaffairs.co/wordpress/132759/hacking/harmony-hack-lazarus-apt.html www.secnews.physaphae.fr/article.php?IdArticle=5473880 False Hack,Threat APT 38 None Security Affairs - Blog Secu A former Canadian government IT worker admitted to being a high-level member of the Russian cybercrime group NetWalker. A former Canadian government employee, Sebastien Vachon-Desjardins, pleaded guilty in the U.S. to charges related to his involvement with the Russian cybercrime group NetWalker. In March, the man was extradited to the United States to face charges […] ]]> 2022-06-30T14:13:23+00:00 https://securityaffairs.co/wordpress/132753/cyber-crime/canadian-member-gang-netwalker-sentenced.html www.secnews.physaphae.fr/article.php?IdArticle=5471590 False Guideline None None Security Affairs - Blog Secu Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. The malware is highly likely available as a service on the Dark Web. Upon executing the malware, it performs some environment […] ]]> 2022-06-30T06:36:46+00:00 https://securityaffairs.co/wordpress/132743/malware/ytstealer-malware-dark-web.html www.secnews.physaphae.fr/article.php?IdArticle=5465759 False Malware None None Security Affairs - Blog Secu Researchers discovered a new flaw in RARlab’s UnRAR utility, tracked CVE-2022-30333, that can allow to remotely hack Zimbra Webmail servers. SonarSource researchers have discovered a new vulnerability in RARlab’s UnRAR utility, tracked as CVE-2022-30333, that can be exploited by remote attackers to execute arbitrary code on a system that relies on the binary, like Zimbra […] ]]> 2022-06-29T14:48:08+00:00 https://securityaffairs.co/wordpress/132737/breaking-news/unrar-path-traversal-flaw-zimbra.html www.secnews.physaphae.fr/article.php?IdArticle=5452615 False Hack,Vulnerability None None Security Affairs - Blog Secu The MITRE organization published the 2022 CWE Top 25 most dangerous software weaknesses. The MITRE shared the list of the 2022 top 25 most common and dangerous weaknesses, it could help organizations to assess internal infrastructure and determine their surface of attack. The presence of these vulnerabilities within the infrastructure of an organization could potentially expose it to […] ]]> 2022-06-29T10:40:13+00:00 https://securityaffairs.co/wordpress/132730/security/mitre-2022-cwe-top-25.html www.secnews.physaphae.fr/article.php?IdArticle=5449423 False None None None Security Affairs - Blog Secu The RansomHouse gang claims to have breached the Chipmaker giant AMD and stole 450 GB of data from the company in 2021. The RansomHouse extortion gang claims to have stolen 450 GB of data from the chipmaker giant AMD in 2021 and threatens to leak it or sell it if the company will not pay […] ]]> 2022-06-29T09:31:40+00:00 https://securityaffairs.co/wordpress/132721/cyber-crime/ransomhouse-hacked-amd.html www.secnews.physaphae.fr/article.php?IdArticle=5448643 False None None None Security Affairs - Blog Secu This paper provides a taxonomic classification of non-state actors in the cyberspace, analyzing their role and impact on a state's socioeconomic structure Cyber Non-State Actors (CNSA) are key figures in our globalized world: their operations could have a significant impact on international affairs, politics, and on the economy, as much as states do. Non-state actors […] ]]> 2022-06-28T21:25:04+00:00 https://securityaffairs.co/wordpress/132716/hacking/non-state-actors-cyberspace.html www.secnews.physaphae.fr/article.php?IdArticle=5438217 False None None None Security Affairs - Blog Secu A new RAT dubbed ZuoRAT was employed in a campaign aimed at small office/home office (SOHO) routers in North American and Europe. Researchers from Black Lotus Labs, the threat intelligence division of Lumen Technologies, have discovered a new remote access trojan (RAT) called ZuoRAT, which targets small office/home office (SOHO) devices of remote workers during COVID-19 […] ]]> 2022-06-28T21:24:18+00:00 https://securityaffairs.co/wordpress/132709/hacking/zuorat-soho-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=5447076 False Malware,Threat None None Security Affairs - Blog Secu The LockBit ransomware operators released LockBit 3.0 with important novelties, including a bug bounty program and Zcash payments. The Lockbit ransomware operation has released LockBit 3.0, which has important noveòties such as a bug bounty program, Zcash payment, and new extortion tactics. The gang has been active since at least 2019 and today it is […] ]]> 2022-06-28T14:40:50+00:00 https://securityaffairs.co/wordpress/132701/cyber-crime/lockbit-3-0.html www.secnews.physaphae.fr/article.php?IdArticle=5432016 False Ransomware None None Security Affairs - Blog Secu Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4. The library was released on June 21, 2022, and affects x64 systems with the AVX-512 instruction set. “OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to […] ]]> 2022-06-28T11:02:10+00:00 https://securityaffairs.co/wordpress/132697/security/openssl-remote-memory-corruption-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5428809 False Vulnerability None None Security Affairs - Blog Secu CODESYS addressed 11 security flaws in the ICS Automation Software that could lead to information disclosure and trigger a denial-of-service (DoS) condition. CODESYS has released security patches to fix eleven 11 vulnerabilities in its ICS Automation Software. CoDeSys is a development environment for programming controller applications according to the international industrial standard IEC 61131-3. The […] ]]> 2022-06-28T06:38:41+00:00 https://securityaffairs.co/wordpress/132685/security/codesys-ics-automation-software-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=5426090 False Guideline None None Security Affairs - Blog Secu Lithuania confirmed it had been hit by an “intense” cyberattack, after Vilnius imposed restrictions on the rail transit of certain goods to Kaliningrad. The government of Lithuania announced on Monday that it had been hit by an “intense” cyberattack, likely launched from Moscow, days after the Russian government protested restrictions Vilnius imposed on the rail […] ]]> 2022-06-27T19:40:14+00:00 https://securityaffairs.co/wordpress/132676/cyber-warfare-2/lithuania-massive-ddos.html www.secnews.physaphae.fr/article.php?IdArticle=5421820 True None None None Security Affairs - Blog Secu Matanbuchus malware-as-a-service (Maas) has been observed spreading through phishing campaigns, dropping Cobalt Strike beacons. Threat intelligence firm Cyble has observed a malware-as-a-service (Maas), named Matanbuchus, involved in malspam attacks dropping Cobalt Strike beacons. Matanbuchus is a malware loader that first appeared on the threat landscape in February 2021, when it was offered for rent on Russian-speaking […] ]]> 2022-06-27T14:46:33+00:00 https://securityaffairs.co/wordpress/132665/malware/matanbuchus-loader.html www.secnews.physaphae.fr/article.php?IdArticle=5419215 False Malware,Threat None None Security Affairs - Blog Secu Iranian state-owned Khuzestan Steel Company was hit by a cyber attack that forced the company to halt its production. The Khuzestan Steel Company is one of the major steel companies owned by the Iranian government. The company was forced to halt production due to a cyberattack. According to the Associated Press, Khuzestan Steel Company has a monopoly […] ]]> 2022-06-27T12:33:37+00:00 https://securityaffairs.co/wordpress/132658/cyber-warfare-2/iran-khuzestan-steel-company-cyberattack.html www.secnews.physaphae.fr/article.php?IdArticle=5418157 False None None None Security Affairs - Blog Secu The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The malspam messages have the topic “Free primary legal aid” use a password-protected attachment “Algorithm of actions of […] ]]> 2022-06-27T10:23:24+00:00 https://securityaffairs.co/wordpress/132651/malware/cert-ua-darkcrystal-rat-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=5417058 False Malware None None Security Affairs - Blog Secu Threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony on Thursday evening. Last week threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms.  Harmony's Horizon […] ]]> 2022-06-27T08:12:53+00:00 https://securityaffairs.co/wordpress/132642/hacking/harmony-crypto-assets.html www.secnews.physaphae.fr/article.php?IdArticle=5416181 False Threat None None Security Affairs - Blog Secu A threat actor is selling access to 50 vulnerable networks that have been compromised exploiting the recently disclosed Atlassian Confluence zero-day. A threat actor is selling access to 50 vulnerable networks that have been compromised by exploiting the recently discovered Atlassian Confluence zero-day flaw (CVE-2022-26134). The discovery was made by the Rapid7 Threat Intelligence team […] ]]> 2022-06-26T18:27:26+00:00 https://securityaffairs.co/wordpress/132637/cyber-crime/access-vulnerable-networks-atlassian-0day.html www.secnews.physaphae.fr/article.php?IdArticle=5405453 False Threat None None Security Affairs - Blog Secu A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Oracle spent 6 months to fix 'Mega' flaws in the Fusion Middleware Multiple malicious packages […] ]]> 2022-06-26T14:23:43+00:00 https://securityaffairs.co/wordpress/132633/breaking-news/security-affairs-newsletter-round-371-by-pierluigi-paganini.html www.secnews.physaphae.fr/article.php?IdArticle=5402189 False None None None Security Affairs - Blog Secu China-linked APT Bronze Starlight is deploying post-intrusion ransomware families as a diversionary action to its cyber espionage operations. Researchers from Secureworks reported that a China-linked APT group, tracked as Bronze Starlight (APT10), is deploying post-intrusion ransomware families to cover up the cyber espionage operations. The experts observed an activity cluster involving post-intrusion ransomware such as […] ]]> 2022-06-26T13:40:00+00:00 https://securityaffairs.co/wordpress/132624/apt/bronze-starlight-deploy-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5401371 False Ransomware APT 10 None Security Affairs - Blog Secu Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place on June 8. A Russian hacking group may be responsible for a cyber attack against a liquefied natural gas plant in Texas that led to its explosion on June 8. The explosion took place at […] ]]> 2022-06-26T09:32:45+00:00 https://securityaffairs.co/wordpress/132608/security/liquefied-natural-gas-plant-texas-explosion.html www.secnews.physaphae.fr/article.php?IdArticle=5398111 False Threat None None Security Affairs - Blog Secu 2022-06-25T20:08:23+00:00 https://securityaffairs.co/wordpress/132603/breaking-news/oracle-mega-flaw-cve-202221445.html www.secnews.physaphae.fr/article.php?IdArticle=5386927 True None None None Security Affairs - Blog Secu Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment variables) and also upload these to a publicly exposed endpoint. The malicious packages, which were […] ]]> 2022-06-25T17:52:29+00:00 https://securityaffairs.co/wordpress/132598/hacking/pypi-malicious-packages-2.html www.secnews.physaphae.fr/article.php?IdArticle=5384302 False None None None Security Affairs - Blog Secu Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against the network of an organization.  The attackers exploited a remote code execution zero-day vulnerability on the Mitel […] ]]> 2022-06-25T11:59:00+00:00 https://securityaffairs.co/wordpress/132588/hacking/mitel-voip-ransomware-attack.html www.secnews.physaphae.fr/article.php?IdArticle=5379054 False Ransomware,Vulnerability,Threat None None Security Affairs - Blog Secu The U.S. CISA and the Coast Guard Cyber Command (CGCYBER) warn of attacks exploiting the Log4Shell flaw in VMware Horizon servers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), published a joint advisory to warn of hacking attempts exploiting the Log4Shell flaw in VMware Horizon servers to […] ]]> 2022-06-24T15:07:56+00:00 https://securityaffairs.co/wordpress/132569/security/log4shell-ongoing-exploitation.html www.secnews.physaphae.fr/article.php?IdArticle=5361701 False None None None Security Affairs - Blog Secu Researchers discovered multiple vulnerabilities in Jacuzzi SmartTub app web interface that can expose private data. Multiple vulnerabilities in Jacuzzi SmartTub app web interface could have disclosed private data to attackers, security researcher Eaton Zveare warns. The experts attempted to notify the company without success, meantime the flaws have been addressed. The SmartTub app, which is […] ]]> 2022-06-24T13:52:37+00:00 https://securityaffairs.co/wordpress/132559/hacking/jacuzzi-smarttub-app-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=5360130 False None None None Security Affairs - Blog Secu Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with […] ]]> 2022-06-24T07:14:03+00:00 https://securityaffairs.co/wordpress/132553/malware/rcs-labs-spyware-spreads.html www.secnews.physaphae.fr/article.php?IdArticle=5355446 True Threat None None Security Affairs - Blog Secu China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. Check Point Research uncovered an activity cluster with ties to China-linked APT Tropic Trooper (aka Earth Centaur, KeyBoy, and Pirate Panda) which involved the use of a previously undescribed loader (dubbed “Nimbda”) written in Nim language. The Tropic Trooper APT has been active at least […] ]]> 2022-06-23T18:40:55+00:00 https://securityaffairs.co/wordpress/132545/hacking/tropic-trooper-apt-new-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=5345458 False Malware,Tool APT 23 None Security Affairs - Blog Secu The Israeli surveillance firm NSO Group revealed that its Pegasus spyware was used by at least five European countries. The controversial Israeli surveillance vendor NSO Group told the European Union lawmakers that its Pegasus spyware was used by at least five countries in the region. NSO Group’s General Counsel Chaim Gelfand admitted that the company […] ]]> 2022-06-23T13:35:23+00:00 https://securityaffairs.co/wordpress/132536/malware/nso-group-pegasus-5-eu-countries.html www.secnews.physaphae.fr/article.php?IdArticle=5342206 False None None None Security Affairs - Blog Secu Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution. Taiwanese vendor QNAP is addressing a critical PHP vulnerability, tracked as CVE-2019-11043 (CVSS score 9.8 out of 10), that could be exploited to achieve remote code execution. In certain configurations of FPM setup it is possible to […] ]]> 2022-06-23T10:48:05+00:00 https://securityaffairs.co/wordpress/132531/hacking/qnap-critical-php-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=5340260 False Vulnerability None None Security Affairs - Blog Secu Researchers at ETH Zurich discovered several critical flaws in the MEGA cloud storage service that could have allowed the decryption of user data MEGA has addressed multiple vulnerabilities in its cloud storage service that could have allowed threat actors to decrypt user data stored in encrypted form. Data on Mega services is end-to-end encrypted client-side […] ]]> 2022-06-23T07:53:28+00:00 https://securityaffairs.co/wordpress/132523/hacking/mega-flaws-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=5338343 False Threat None None Security Affairs - Blog Secu Cyber Spetsnaz is targeting government resources and critical infrastructure in Lithuania after the ban of Russian railway goods Cyber Spetsnaz is targeting Lithuanian government resources and critical infrastructure – the recent ban on Russian railway goods has caused a new spike of hacktivist activity on the Dark Web. Today the group has announced multiple targets […] ]]> 2022-06-22T20:51:22+00:00 https://securityaffairs.co/wordpress/132518/hacktivism/lithuania-under-cyber-attack.html www.secnews.physaphae.fr/article.php?IdArticle=5330825 False None None None Security Affairs - Blog Secu Researchers from Malwarebytes warns that the Magecart skimming campaign is active, but the attacks are more covert. Magecart threat actors have switched most of their operations server-side to avoid detection of security firms. However, Malwarebytes researchers warn that the Client-side Magecart attacks are still targeting organizations, but are more covert. The researchers recently uncovered two […] ]]> 2022-06-22T13:49:09+00:00 https://securityaffairs.co/wordpress/132512/cyber-crime/magecart-attacks-difficult-detect.html www.secnews.physaphae.fr/article.php?IdArticle=5325993 False Threat None None Security Affairs - Blog Secu I'm proud to announce that SecurityAffairs was awarded as the Best European Personal Cybersecurity Blog 2022 at European Cybersecurity Blogger Awards 2022. The winners of the annual European Cybersecurity Blogger Awards have been announced. Security affairs has been voted for the third consecutive year as the Best European Personal Cybersecurity Blog 2022 at European Cybersecurity Blogger Awards […] ]]> 2022-06-22T10:03:29+00:00 https://securityaffairs.co/wordpress/132506/breaking-news/securityaffairs-best-european-cybersecurity-blog-2022.html www.secnews.physaphae.fr/article.php?IdArticle=5323272 False None None None Security Affairs - Blog Secu Threat actors are using the Rig Exploit Kit to spread the Dridex banking trojan instead of the Raccoon Stealer malware. Since January 2022, the Bitdefender Cyber Threat Intelligence Lab observed operators behind the RIG Exploit Kit pushing the Dridex banking trojan instead of the Raccoon Stealer. The switch occurred in February when Raccoon Stealer temporarily halted […] ]]> 2022-06-22T09:21:23+00:00 https://securityaffairs.co/wordpress/132498/malware/rig-exploit-kit-dridex.html www.secnews.physaphae.fr/article.php?IdArticle=5323273 False Threat None None Security Affairs - Blog Secu US Flagstar Bank disclosed a data breach that exposed files containing the personal information of 1.5 million individuals. US-based Flagstar Bank disclosed a data breach that impacted roughly 1.5 million individuals, but the company did not share details about the attack. The security breach took place in early December 2021, and the investigation that was […] ]]> 2022-06-22T07:31:01+00:00 https://securityaffairs.co/wordpress/132490/data-breach/flagstar-bank-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=5321943 False Data Breach None None Security Affairs - Blog Secu Researchers linked a new APT group, tracked as ToddyCat, to a series of attacks targeting entities in Europe and Asia since at least December 2020. Researchers from Kaspersky have linked a new APT group, tracked as ToddyCat, to a series of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. The threat […] ]]> 2022-06-21T15:05:21+00:00 https://securityaffairs.co/wordpress/132482/apt/toddycat-apt.html www.secnews.physaphae.fr/article.php?IdArticle=5309256 False Threat None None Security Affairs - Blog Secu Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain. Researchers warn of a new Windows NTLM relay attack dubbed DFSCoerce that can be exploited by threat actors to take control over a Windows domain. The DFSCoerce attack relies on the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to […] ]]> 2022-06-21T12:01:07+00:00 https://securityaffairs.co/wordpress/132473/hacking/dfscoerce-attacks-windows-domains.html www.secnews.physaphae.fr/article.php?IdArticle=5307202 False Threat None None Security Affairs - Blog Secu Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. Resecurity, Inc. (USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. The identified resources in one of the malicious campaigns impersonate various services […] ]]> 2022-06-21T07:20:48+00:00 https://securityaffairs.co/wordpress/132458/cyber-crime/azure-front-door-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=5305717 False None None None Security Affairs - Blog Secu The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28. The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) who is accused to have carried out a cyber espionage attack against the NATO […] ]]> 2022-06-20T21:46:13+00:00 https://securityaffairs.co/wordpress/132452/hacking/apt28-hacked-nato-think-tank.html www.secnews.physaphae.fr/article.php?IdArticle=5302356 False Hack APT 28 None Security Affairs - Blog Secu Google Project Zero experts disclosed details of a 5-Year-Old Apple Safari flaw actively exploited in the wild. Researchers from the Google Project Zero team have disclosed details of a vulnerability in Apple Safari that was actively exploited in the wild. The vulnerability, tracked as CVE-2022-22620, was fixed for the first time in 2013, but in […] ]]> 2022-06-20T14:37:44+00:00 https://securityaffairs.co/wordpress/132446/hacking/apple-safari-zero-day-2016.html www.secnews.physaphae.fr/article.php?IdArticle=5298888 False Vulnerability None None Security Affairs - Blog Secu A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. US DoJ announced to have shut down the Russian RSOCKS Botnet MaliBot Android Banking Trojan […] ]]> 2022-06-20T12:12:45+00:00 https://securityaffairs.co/wordpress/132442/security/security-affairs-newsletter-round-370-by-pierluigi-paganini.html www.secnews.physaphae.fr/article.php?IdArticle=5297735 True None None None Security Affairs - Blog Secu Cisco announced that it will not release updates to fix the CVE-2022-20825 flaw in end-of-life Small Business RV routers. Cisco will not release updates to address the CVE-2022-20825 RCE flaw in end-of-life Small Business RV routers and encourage upgrading to newer models. The vulnerability, which received a CVSS severity rating of 9.8 out of 10.0, […] ]]> 2022-06-20T11:41:56+00:00 https://securityaffairs.co/wordpress/132437/security/cisco-rce-small-business-rv-routers.html www.secnews.physaphae.fr/article.php?IdArticle=5297362 False None None None Security Affairs - Blog Secu The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. The malware was first spotted in 2019 by security experts at Kaspersky, the name BRAT comes from 'Brazilian RAT Android,' because at the time it was used to […] ]]> 2022-06-20T09:41:01+00:00 https://securityaffairs.co/wordpress/132425/malware/brata-android-malware-evolution.html www.secnews.physaphae.fr/article.php?IdArticle=5296059 False Malware None None Security Affairs - Blog Secu A critical vulnerability in Ninja Forms plugin potentially impacted more than one million WordPress websites In middle June, the Wordfence Threat Intelligence team noticed a back-ported security update in the popular WordPress plugin Ninja Forms, which has over one million active installations. The analysis of the updates revealed that they patched a code injection vulnerability […] ]]> 2022-06-19T22:31:24+00:00 https://securityaffairs.co/wordpress/132417/hacking/wordpress-ninja-forms-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5286131 False Vulnerability,Threat None None Security Affairs - Blog Secu Experts warn of a new ech0raix ransomware campaign targeting QNAP Network Attached Storage (NAS) devices. Bleeping Computer and MalwareHunterTeam researchers, citing user reports and sample submissions on the ID Ransomware platform, warn of a new wave of ech0raix ransomware attacks targeting QNAP Network Attached Storage (NAS) devices. The ransomware, tracked by Intezer as “QNAPCrypt” and “eCh0raix” by Anomali, is […] ]]> 2022-06-19T07:00:00+00:00 https://securityaffairs.co/wordpress/132410/cyber-crime/ech0raix-ransomware-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=5269088 False Ransomware None None Security Affairs - Blog Secu The U.S. Department of Justice (DoJ) announced to have shut down the infrastructure associated with the Russian botnet RSOCKS. The U.S. Department of Justice (DoJ) announced to have shut down the infrastructure associated with the Russian botnet RSOCKS as part of an international police operation that involved law enforcement partners from Germany, the Netherlands, and […] ]]> 2022-06-18T17:39:53+00:00 https://securityaffairs.co/wordpress/132403/cyber-crime/police-dismantled-rsocks-bitnet.html www.secnews.physaphae.fr/article.php?IdArticle=5252873 False None None None Security Affairs - Blog Secu Malibot is a new Android malware targeting online banking and cryptocurrency wallet customers in Spain and Italy. F5 Labs researchers spotted a new strain of Android malware, named Malibot, that is targeting online banking and cryptocurrency wallet customers in Spain and Italy. The experts documented attacks against multiple banks, including UniCredit, Santander, CaixaBank, and CartaBCC. […] ]]> 2022-06-18T06:47:02+00:00 https://securityaffairs.co/wordpress/132387/hacking/malibot-android-malware.html www.secnews.physaphae.fr/article.php?IdArticle=5239143 False Malware None None Security Affairs - Blog Secu China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. Volexity researchers discovered that the zero-day vulnerability, tracked as CVE-2022-1040, in Sophos Firewall was exploited by Chinese threat actors to compromise a company and cloud-hosted web servers it was operating. The vulnerability was exploited by […] ]]> 2022-06-17T23:00:30+00:00 https://securityaffairs.co/wordpress/132377/apt/chinese-driftingcloud-apt-exploited-sophos-firewall-zero-day-before-it-was-fixed.html www.secnews.physaphae.fr/article.php?IdArticle=5230322 False Vulnerability,Threat None None Security Affairs - Blog Secu Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country. The latest samples of this spyware were detected by the researchers in April 2022, four […] ]]> 2022-06-17T20:00:33+00:00 https://securityaffairs.co/wordpress/132363/malware/hermit-spyware-italian-surveillance-firm.html www.secnews.physaphae.fr/article.php?IdArticle=5226610 False Malware,Threat,Cloud APT 37 None Security Affairs - Blog Secu Experts discovered a feature in Microsoft 365 suite that could be abused to encrypt files stored on SharePoint and OneDrive and target cloud infrastructure. Researchers from Proofpoint reported that a feature in the in Microsoft 365 suite could be abused to encrypt files stored on SharePoint and OneDrive. “Proofpoint has discovered a potentially dangerous piece […] ]]> 2022-06-17T06:34:51+00:00 https://securityaffairs.co/wordpress/132353/hacking/microsoft-365-feature-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5210804 False None None None Security Affairs - Blog Secu The BlackCat ransomware gang is targeting unpatched Exchange servers to compromise target networks, Microsoft warns. Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations worldwide. The compromise of Exchange servers allows threat actors to access the target networks, perform internal reconnaissance and lateral movement activities, and steal sensitive documents before encrypting them. “For example, […] ]]> 2022-06-16T21:53:40+00:00 https://securityaffairs.co/wordpress/132343/hacking/blackcat-ransomware-targets-unpatched-microsoft-exchange.html www.secnews.physaphae.fr/article.php?IdArticle=5199926 False Ransomware,Threat None None Security Affairs - Blog Secu 2022-06-16T15:07:19+00:00 https://securityaffairs.co/wordpress/132339/malware/blackcat-ransomware-clear-web.html www.secnews.physaphae.fr/article.php?IdArticle=5192914 False None None None Security Affairs - Blog Secu Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Fastjson is a Java library that can be used to convert Java Objects into their JSON representation. […] ]]> 2022-06-16T10:14:49+00:00 https://securityaffairs.co/wordpress/132333/security/fastjson-library-rce.html www.secnews.physaphae.fr/article.php?IdArticle=5187227 False Vulnerability None None Security Affairs - Blog Secu Cisco addressed a critical bypass authentication flaw in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager. Cisco addressed a critical bypass authentication vulnerability affecting Email Security Appliance (ESA) and Secure Email and Web Manager. The flaw, tracked as CVE-2022-20798 (CVSS score 9.8), can be exploited by an unauthenticated, remote attacker to bypass […] ]]> 2022-06-16T08:41:13+00:00 https://securityaffairs.co/wordpress/132327/hacking/cisco-esa-critical-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5184991 True Vulnerability None None Security Affairs - Blog Secu Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. An investigation conducted by the antivirus firm Dr. Web in May resulted in the discovery of multiple adware and information-stealing malware on the official Google Play Store. However, the experts warn that info-stealing Trojans are the […] ]]> 2022-06-16T07:00:36+00:00 https://securityaffairs.co/wordpress/132305/malware/malware-google-play-store.html www.secnews.physaphae.fr/article.php?IdArticle=5182737 False Malware None None Security Affairs - Blog Secu Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption keys. Researchers from University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, devised a new side-channel attack technique dubbed Hertzbleed that could allow remote attackers to steal encryption keys from modern Intel […] ]]> 2022-06-15T22:59:44+00:00 https://securityaffairs.co/wordpress/132316/hacking/hertzbleed-side-channel-attack-allows-to-remotely-steal-encryption-keys-from-amd-and-intel-chips.html www.secnews.physaphae.fr/article.php?IdArticle=5174244 False Vulnerability None None Security Affairs - Blog Secu Citrix fixed a critical flaw in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can allow attackers to reset admin passwords. Citrix fixed a critical vulnerability in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can be exploited by attackers to reset admin passwords. Citrix Application Delivery Management (ADM) is a comprehensive platform […] ]]> 2022-06-15T18:39:38+00:00 https://securityaffairs.co/wordpress/132299/security/citrix-application-delivery-management-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5170131 False Vulnerability None None Security Affairs - Blog Secu Researchers discovered a new Golang-based peer-to-peer (P2P) botnet, dubbed Panchan, targeting Linux servers in the education sector since March 2022. Akamai security researchers discovered a new Golang-based P2P Botnet, tracked as Panchan, that is targeting Linux servers that has been active since March 2022. Panchan uses basic SSH dictionary attack to implement wormable behavior, it also […] ]]> 2022-06-15T14:51:22+00:00 https://securityaffairs.co/wordpress/132290/cyber-crime/panchan-p2p-botnet.html www.secnews.physaphae.fr/article.php?IdArticle=5166351 False None None None Security Affairs - Blog Secu 2022-06-15T07:32:03+00:00 https://securityaffairs.co/wordpress/132256/deep-web/dark-web-index-2022.html www.secnews.physaphae.fr/article.php?IdArticle=5163687 False None None None Security Affairs - Blog Secu A high-severity vulnerability in the Zimbra email suite could be exploited by an unauthenticated attacker to steal login credentials of users. Researchers from Sonarsource have discovered a high-severity vulnerability impacting the Zimbra email suite, tracked as CVE-2022-27924 (CVSS score: 7.5), that can be exploited by an unauthenticated attacker to steal login credentials of users without user […] ]]> 2022-06-14T23:11:08+00:00 https://securityaffairs.co/wordpress/132269/hacking/zimbra-email-suite-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5153200 False Vulnerability None None Security Affairs - Blog Secu Organizations face the constant need to protect these APIs from attacks so they can protect organizational data. Organizations are rapidly opening their ecosystem through Application Programming Interfaces (API) by ensuring seamless access to data and interaction with external software components and services. APIs are the gateway to providing the high security of data in an […] ]]> 2022-06-14T07:16:17+00:00 https://securityaffairs.co/wordpress/132244/security/api-security-best-practices.html www.secnews.physaphae.fr/article.php?IdArticle=5140187 False None None None Security Affairs - Blog Secu Chinese cybercriminals are using SeaFlower backdoored versions of iOS and Android Web3 wallets to steal users' seed phrase. Researchers from Confiant have uncovered a sophisticated malware campaign, tracked as SeaFlower, targeting Web3 wallet users. Chinese crooks are spreading backdoored versions of iOS and Android Web3 wallets to steal users' seed phrase. SeaFlower maintains the functionality […] ]]> 2022-06-14T07:06:29+00:00 https://securityaffairs.co/wordpress/132250/cyber-crime/seaflower-malware-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=5140188 False Malware None None Security Affairs - Blog Secu Experts spotted a new Linux rootkit, dubbed 'Syslogk,' that uses specially crafted “magic packets” to activate a dormant backdoor on the device. Researchers from antivirus firm Avast spotted a new Linux rootkit, dubbed 'Syslogk,' that uses specially crafted “magic packets” to activate a dormant backdoor on the device. The experts reported that the Syslogk rootkit is heavily […] ]]> 2022-06-14T02:48:40+00:00 https://securityaffairs.co/wordpress/132232/malware/syslogk-linux-rootkit.html www.secnews.physaphae.fr/article.php?IdArticle=5138367 False None None None Security Affairs - Blog Secu Ukraine’s Computer Emergency Response Team (CERT) warns that the Russia-linked Sandworm APT group may exploit the Follina RCE vulnerability. Ukraine’s Computer Emergency Response Team (CERT) is warning that the Russia-linked Sandworm APT may be exploiting the recently discovered Follina RCE. The issue, tracked as CVE-2022-30190, impacts the Microsoft Windows Support Diagnostic Tool (MSDT). Nation-state actors […] ]]> 2022-06-13T18:30:20+00:00 https://securityaffairs.co/wordpress/132227/apt/cert-ua-sandworm-follina-rce.html www.secnews.physaphae.fr/article.php?IdArticle=5134786 False Tool,Vulnerability None None Security Affairs - Blog Secu China-linked Gallium APT employed a previously undocumented RAT, tracked as PingPull, in recent cyber espionage campaign targeting South Asia, Europe, and Africa. China-linked Gallium APT (aka Softcell) used a previously undocumented remote access Trojan dubbed PingPull in recent attacks aimed at organizations in Southeast Asia, Europe, and Africa. Researchers from Palo Alto Networks defined the […] ]]> 2022-06-13T14:54:32+00:00 https://securityaffairs.co/wordpress/132217/apt/gallium-apt-pingpull-trojan.html www.secnews.physaphae.fr/article.php?IdArticle=5133144 False None None None Security Affairs - Blog Secu Experts observed the HelloXD ransomware deploying a backdoor to facilitate persistent remote access to infected hosts. The HelloXD ransomware first appeared in the threat landscape on November 30, 2021, it borrows the code from Babuk ransomware, which is available in Russian-speaking hacking forums since September 2021. Unlike other ransomware operations, this ransomware gang doesn't use a […] ]]> 2022-06-13T13:18:30+00:00 https://securityaffairs.co/wordpress/132207/malware/helloxd-ransomware-installs-microbackdoor.html www.secnews.physaphae.fr/article.php?IdArticle=5132474 False Ransomware,Threat None None Security Affairs - Blog Secu Researchers at the University of Hamburg demonstrated that WiFi connection probe requests expose users to track. A group of academics at the University of Hamburg (Germany) demonstrated that it is possible to use WiFi connection probe requests to identify and track devices and thereby their users. Mobile devices transmit probe requests to receive information about […] ]]> 2022-06-13T07:52:41+00:00 https://securityaffairs.co/wordpress/132193/mobile-2/wifi-probe-requests-track-users.html www.secnews.physaphae.fr/article.php?IdArticle=5129617 False None None None Security Affairs - Blog Secu A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers HID Mercury Access Controller flaws […] ]]> 2022-06-12T22:21:36+00:00 https://securityaffairs.co/wordpress/132194/breaking-news/security-affairs-newsletter-round-369-by-pierluigi-paganini.html www.secnews.physaphae.fr/article.php?IdArticle=5122861 False Ransomware None None Security Affairs - Blog Secu Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134, affecting Atlassian Confluence Server and Data Center. Proof-of-concept exploits for the CVE-2022-26134 vulnerability have been released online, Bleeping Computer reported that starting from […] ]]> 2022-06-12T14:14:51+00:00 https://securityaffairs.co/wordpress/132186/cyber-crime/ransomware-gangs-cve-2022-26134-rce-atlassian-confluence.html www.secnews.physaphae.fr/article.php?IdArticle=5116425 False Ransomware None 3.0000000000000000 Security Affairs - Blog Secu Experts found vulnerabilities in HID Mercury Access Controllers can be exploited by attackers to remotely unlock doors. Researchers from security firm Trellix discovered some critical vulnerabilities in HID Mercury Access Controllers that can be exploited by attackers to remotely unlock doors. The flaws impact products manufactured by LenelS2, a provider of advanced physical security solutions […] ]]> 2022-06-12T09:36:08+00:00 https://securityaffairs.co/wordpress/132175/hacking/hid-mercury-access-controller-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=5112422 False None None None Security Affairs - Blog Secu Iran-linked Lyceum APT group uses a new .NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new .NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn. The activity of the Lyceum APT […] ]]> 2022-06-11T16:16:48+00:00 https://securityaffairs.co/wordpress/132164/apt/lyceum-apt-target-energy-dns-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=5098187 False None None None Security Affairs - Blog Secu PACMAN is a new attack technique demonstrated against Apple M1 processor chipsets that could be used to hack macOS systems. PACMAN is a novel hardware attack technique that can allow attackers to bypass Pointer Authentication (PAC) on the Apple M1 CPU. The pointer authentication codes (PACs) allow to detect and guard against unexpected changes to pointers in memory. […] ]]> 2022-06-11T13:34:12+00:00 https://securityaffairs.co/wordpress/132154/hacking/pacman-attack-apple-m1-cpus.html www.secnews.physaphae.fr/article.php?IdArticle=5095633 False Hack None None Security Affairs - Blog Secu Threat actors are exploiting the recently disclosed CVE-2022-26134 RCE in Atlassian Confluence servers to deploy cryptocurrency miners. CheckPoint researchers have observed threat actors exploiting the recently disclosed CVE-2022-26134 remote code execution vulnerability in Atlassian Confluence servers to deploy cryptocurrency miners. Last week, Atlassian warned of a critical unpatched remote code execution vulnerability affecting all Confluence […] ]]> 2022-06-10T20:51:38+00:00 https://securityaffairs.co/wordpress/132140/cyber-crime/cryptomining-campaign-atlassian-confluence-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5081221 False Vulnerability,Threat None None Security Affairs - Blog Secu The Cuba ransomware operators are back and employed a new version of its malware in recent attacks. Cuba ransomware has been active since at least January 2020. Its operators have a data leak site, where they post exfiltrated data from their victims who refused to pay the ransom. The ransomware encrypts files on the targeted systems […] ]]> 2022-06-10T14:37:16+00:00 https://securityaffairs.co/wordpress/132134/malware/cuba-ransomware-new-variant.html www.secnews.physaphae.fr/article.php?IdArticle=5076307 False Ransomware,Malware None None Security Affairs - Blog Secu The Vice Society group has claimed responsibility for the ransomware attack that hit the Italian city of Palermo forcing the IT admins to shut down its infrastructure. The Vice Society ransomware group has claimed responsibility for the recent cyber attack that hit the city of Palermo in the South of Italy. In response to the […] ]]> 2022-06-10T08:24:56+00:00 https://securityaffairs.co/wordpress/132122/cyber-crime/city-of-palermo-vice-society-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5071521 False Ransomware None None Security Affairs - Blog Secu Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. The name comes from the concept of symbiote which is an organism that lives in symbiosis with another organism, exactly like this implant does with […] ]]> 2022-06-09T19:10:49+00:00 https://securityaffairs.co/wordpress/132113/malware/symbiote-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=5061406 True Threat None None Security Affairs - Blog Secu Researchers spotted a previously undocumented Chinese-speaking APT, tracked as Aoqin Dragon, targeting entities in Southeast Asia and Australia. SentinelOne documented a series of attacks aimed at government, education, and telecom entities in Southeast Asia and Australia carried out by a previously undocumented Chinese-speaking APT tracked as Aoqin Dragon. The APT primary focus on cyberespionage against targets […] ]]> 2022-06-09T14:52:45+00:00 https://securityaffairs.co/wordpress/132099/apt/aoqin-dragon-targets-south-asia-australia.html www.secnews.physaphae.fr/article.php?IdArticle=5057830 False None None None Security Affairs - Blog Secu Researchers spotted a new variant of the Emotet bot that uses a new module to steal credit card information stored in the Chrome web browser. Proofpoint researchers reported a new wave of Emotet infections, in particular, a new variant is using a new info-stealing module used to siphon credit card information stored in the Chrome […] ]]> 2022-06-09T10:54:48+00:00 https://securityaffairs.co/wordpress/132090/cyber-crime/emotet-google-chrome-info-stealer.html www.secnews.physaphae.fr/article.php?IdArticle=5055032 False None None None Security Affairs - Blog Secu Threat actors spread info-stealing malware through the search results for a pirated copy of the CCleaner Pro Windows optimization program. Researchers from Avast have uncovered a malware campaign, tracked as FakeCrack, spreading through the search results for a pirated copy of the CCleaner Pro Windows optimization program. The researchers pointed out that operators behind the campaign […] ]]> 2022-06-09T08:48:41+00:00 https://securityaffairs.co/wordpress/132076/cyber-crime/ccleaner-black-seo-malware-fakecrack.html www.secnews.physaphae.fr/article.php?IdArticle=5053642 False Malware CCleaner,CCleaner 3.0000000000000000 Security Affairs - Blog Secu 0patch researchers released an unofficial security patch for a Windows zero-day vulnerability dubbed DogWalk. 0patch released an unofficial security patch for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) dubbed DogWalk. The issue impacts all Windows versions, starting from Windows 7 and Server Server 2008, including the latest releases. The flaw […] ]]> 2022-06-08T21:24:02+00:00 https://securityaffairs.co/wordpress/132070/hacking/unofficial-security-patch-dogwalk.html www.secnews.physaphae.fr/article.php?IdArticle=5045945 False Tool,Vulnerability None None Security Affairs - Blog Secu An international operation led by the US authorities dismantled and seized the infrastructure of the online marketplace SSNDOB. US DoJ announced the seizure of the SSNDOB Marketplace, a series of websites offering personal information, including the names, dates of birth, and Social Security numbers belonging to individuals in the United States. According to the authorities, the […] ]]> 2022-06-08T13:56:38+00:00 https://securityaffairs.co/wordpress/132061/cyber-crime/us-seized-ssndob-marketplace.html www.secnews.physaphae.fr/article.php?IdArticle=5040452 False None None None Security Affairs - Blog Secu China-linked threat actors have breached telecommunications companies and network service providers to spy on the traffic and steal data. US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers. The nation-state actors exploit publicly known vulnerabilities to compromise the target […] ]]> 2022-06-08T09:53:30+00:00 https://securityaffairs.co/wordpress/132042/apt/us-warns-china-linked-threat-actors.html www.secnews.physaphae.fr/article.php?IdArticle=5037916 False Threat None None Security Affairs - Blog Secu Black Basta ransomware gang implemented a new feature to encrypt VMware ESXi virtual machines (VMs) running on Linux servers. The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers. Researchers from Uptycs first reported the discovery of the new Black Basta ransomware variant that supports encryption of […] ]]> 2022-06-08T07:55:06+00:00 https://securityaffairs.co/wordpress/132037/hacking/black-basta-ransomware-vmware-esxi.html www.secnews.physaphae.fr/article.php?IdArticle=5036679 False Ransomware None None Security Affairs - Blog Secu Mandiant researchers associate multiple LockBit ransomware attacks with the notorious Evil Corp Cybercrime Group. Mandiant researchers have investigated multiple LOCKBIT ransomware attacks that have been attributed to the financially motivated threat actor UNC2165. The researchers also noticed that the group shares numerous overlaps with the cybercrime gang Evil Corp. The UNC2165 group has been active since at […] ]]> 2022-06-07T14:19:53+00:00 https://securityaffairs.co/wordpress/132031/cyber-crime/evil-corp-lockbit-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5022096 False Ransomware,Threat None 2.0000000000000000 Security Affairs - Blog Secu The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack […] ]]> 2022-06-07T08:55:47+00:00 https://securityaffairs.co/wordpress/132018/hacking/black-basta-ransomware-qbot.html www.secnews.physaphae.fr/article.php?IdArticle=5020098 False Ransomware,Malware,Threat None None Security Affairs - Blog Secu LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Today the LockBit ransomware gang has added the cybersecurity firm Mandiant to the list of victims published on its darkweb leak site. Mandiant is investigating the claims of the ransomware gang, the cybercrime group declared to have […] ]]> 2022-06-06T22:39:43+00:00 https://securityaffairs.co/wordpress/132011/cyber-crime/lockbit-claims-mandiant-hack.html www.secnews.physaphae.fr/article.php?IdArticle=5016533 False Ransomware None None Security Affairs - Blog Secu Microsoft’s Digital Crimes Unit (DCU) announced the seizure of domains used by Iran-linked APT Bohrium in spear-phishing campaigns. Microsoft’s Digital Crimes Unit (DCU) announced to have taken legal action to disrupt a spear-phishing operation linked to Iran-linked APT Bohrium. The IT giant has seized the domains used by the threat actors employed in its attacks aimed […] ]]> 2022-06-06T20:15:11+00:00 https://securityaffairs.co/wordpress/132002/apt/microsoft-seized-bohrium-apt-domains.html www.secnews.physaphae.fr/article.php?IdArticle=5015551 False Threat None None Security Affairs - Blog Secu A nation-state actor is attempting to exploit the Follina flaw in a recent wave of attacks against government entities in Europe and the U.S. An alleged nation-state actor is attempting to exploit the recently disclosed Microsoft Office Follina vulnerability in attacks aimed at government entities in Europe and the U.S. On May 31, Microsoft released […] ]]> 2022-06-06T12:11:08+00:00 https://securityaffairs.co/wordpress/131992/apt/nation-state-actors-follina-exploits.html www.secnews.physaphae.fr/article.php?IdArticle=5011241 False Vulnerability None None Security Affairs - Blog Secu During the bug hunting activity, Red Team Research (RTR) detected 2 zero-day bugs on GEMINI-NET, a RESI Informatica solution. It's been detected an OS Command Injection, which has been identified from NIST as a Critical one, its score is 9,8.  This vulnerability comes from a failure to check the parameters sent as inputs into the […] ]]> 2022-06-06T10:36:13+00:00 https://securityaffairs.co/wordpress/131985/security/resi-critical-command-injection.html www.secnews.physaphae.fr/article.php?IdArticle=5009681 False Vulnerability None None Security Affairs - Blog Secu 2022-06-06T07:05:21+00:00 https://securityaffairs.co/wordpress/131967/hacking/exclusive-pro-russia-cyber-spetsnaz-is-attacking-government-agencies.html www.secnews.physaphae.fr/article.php?IdArticle=5008877 False None None None Security Affairs - Blog Secu Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center servers, have been released. Bleeping Computer reported that starting from Friday afternoon, a proof-of-concept exploit for this issue was publicly shared. Researchers from cybersecurity firm […] ]]> 2022-06-05T18:11:36+00:00 https://securityaffairs.co/wordpress/131961/hacking/atlassian-cve-2022-26134-rce-poc.html www.secnews.physaphae.fr/article.php?IdArticle=4997883 False Vulnerability None None Security Affairs - Blog Secu A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Anonymous: Operation Russia after 100 days of war GitLab addressed critical account take over via […] ]]> 2022-06-05T16:13:32+00:00 https://securityaffairs.co/wordpress/131958/breaking-news/security-affairs-newsletter-round-368-by-pierluigi-paganini.html www.secnews.physaphae.fr/article.php?IdArticle=4996157 False None None None Security Affairs - Blog Secu Hackers have stolen over $250,000 in Ethereum from Bored Ape Yacht Club (BAYC), this is the third security breach it suffered this year. Threat actors compromised Bored Ape Yacht Club (BAYC) for the third time this year, they have stolen and sold NFTs, making away with 142 ETH, equivalent to over $250,000. The hacker conducted […] ]]> 2022-06-05T13:58:11+00:00 https://securityaffairs.co/wordpress/131950/hacking/bored-ape-yacht-club-hacked.html www.secnews.physaphae.fr/article.php?IdArticle=4993598 False Threat None None