QNAP warns of critical command injection flaws in QTS OS, apps
QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system...
News
Veeam warns of critical bugs in Veeam ONE monitoring platform
Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two...
US sanctions Russian who laundered money for Ryuk ransomware affiliate
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Russian national Ekaterina Zhdanova for laundering millions...
Critical Atlassian Confluence bug exploited in Cerber ransomware attacks
Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber...
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks
Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution (RCE) vulnerability previously...
Hackers exploit Looney Tunables Linux bug, steal cloud creds
The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified...
Samsung Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Samsung Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of...
Security Agency Publishes Post-Quantum Guidance For Firms
The UK’s National Cyber Security Centre (NCSC) has released more information designed to help organizations migrate their systems to post-quantum...
Okta Breach Hit Over 130 Customers
A security breach at identity and access management (IAM) specialist Okta impacted over 130 of its customers, a handful of...
Russian National Sanctioned For Virtual Currency Money Laundering
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned a Russian national for her involvement...
Spy Trojan SpyNote Unveiled in Attacks on Gamers
The SpyNote Trojan, camouflaged as a mod for the game Roblox, has been observed targeting Android users. This mobile malware can...
US, Japan and South Korea Unite to Counter North Korean Cyber Activities
The US, Japan and South Korea have established a high-level consultative body designed to counter North Korea’s cyber activities.A key...
Over Half of Users Report Kubernetes/Container Security Incidents
Cloud native development practices are creating dangerous new security blind spots for organizations in the US, UK, France and Germany,...
US-CERT Vulnerability Summary for the Week of October 30, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocontec -- solarview_compact_firmwareAn issue in Contec SolarView Compact v.6.0 and before allows...
Iranian Hackers Launches Destructive Cyberattacks on Israeli Tech and Education Sectors
Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced...
New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics
An updated version of an information stealer malware known as Jupyter has resurfaced with "simple yet impactful changes" that aim...
QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices
QNAP has released security updates to address two critical security flaws impacting its operating system that could result in arbitrary...
SecuriDropper: New Android Dropper-as-a-Service Bypasses Google’s Defenses
Cybersecurity researchers have shed light on a new dropper-as-a-service (DaaS) for Android called SecuriDropper that bypasses new security restrictions imposed...
Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel
Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host...
Google Play Store Highlights ‘Independent Security Review’ Badge for VPN Apps
Google is rolling out a new banner to highlight the "Independent security review" badge in the Play Store's Data safety...
U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown
The U.S. Department of the Treasury imposed sanctions against a Russian woman for taking part in the laundering of virtual...
Socks5Systemz proxy service infects 10,000 systems worldwide
A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000...
US-CERT Vulnerability Summary for the Week of October 23, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info projectworlds_pvt._limited -- online_art_gallery Online Art Gallery v1.0 is vulnerable to multiple...
Discord will switch to temporary file links to block malware delivery
Discord will switch to temporary file links for all users by the end of the year to block attackers from...
