US-CERT Vulnerability Summary for the Week of May 15, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
News
New PowerExchange Backdoor Used in Iranian Cyber Attack on UAE Government
An unnamed government entity associated with the United Arab Emirates (U.A.E.) was targeted by a likely Iranian threat actor to...
Zyxel Issues Critical Security Patches for Firewall and VPN Products
Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be...
Cynet Protects Hospital From Lethal Infection
A hospital with 2,000 employees in the E.U. deployed Cynet protections across its environment. The hospital was in the process...
Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry
A new botnet called Dark Frost has been observed launching distributed denial-of-service (DDoS) attacks against the gaming industry. "The Dark...
Alert: Brazilian Hackers Targeting Users of Over 30 Portuguese Banks
A Brazilian threat actor is targeting Portuguese financial institutions with information-stealing malware as part of a long-running campaign that commenced...
Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code
The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk...
Webinar with Guest Forrester: Browser Security New Approaches
In today's digital landscape, browser security has become an increasingly pressing issue, making it essential for organizations to be aware...
China’s Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected
A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without...
Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware
The Iranian threat actor known as Agrius is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli...
GUAC 0.1 Beta: Google’s Breakthrough Framework for Secure Software Supply Chains
Google on Wednesday announced the 0.1 Beta version of GUAC (short for Graph for Understanding Artifact Composition) for organizations to...
Barracuda warns of email gateways breached via zero-day flaw
Barracuda, a company known for its email and network security solutions, warned customers today that some of their Email Security...
New PowerExchange malware backdoors Microsoft Exchange servers
A new PowerShell-based malware dubbed PowerExchange was used in attacks linked to APT34 Iranian state hackers to backdoor on-premise Microsoft...
Iranian hackers use new Moneybird ransomware to attack Israeli orgs
Image: Bing Create A suspected Iranian state-supported threat actor known as 'Agrius' is now deploying a new ransomware strain named...
Hackers target 1.5M WordPress sites with cookie consent plugin exploit
Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in a WordPress cookie consent plugin named Beautiful Cookie...
Chinese hackers breach US critical infrastructure in stealthy attacks
Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United...
GitLab ‘strongly recommends’ patching max severity flaw ASAP
GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal...
US-CERT Vulnerability Summary for the Week of May 15, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry
At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a...
What to Look for When Selecting a Static Application Security Testing (SAST) Solution
If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing (SAST)...
Legion Malware Upgraded to Target SSH Servers and AWS Credentials
An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web...
Data Stealing Malware Discovered in Popular Android Screen Recorder App
Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found...
N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware
The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers as an initial...
E.U. Regulators Hit Meta with Record $1.3 Billion Fine for Data Transfer Violations
Facebook's parent company Meta has been fined a record $1.3 billion by European Union data protection regulators for transferring the...
