News

5 API Vulnerabilities That Get Exploited by Criminals

November 23, 2022

Let’s give a look at API vulnerabilities by reading the API Security Top 10 published by the Open Web Application...

US-CERT Bulletin (SB22-325):Vulnerability Summary for the Week of November 14, 2022

November 22, 2022

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...

Researcher warns that Cisco Secure Email Gateways can easily be circumvented

November 22, 2022

A researcher revealed how to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using...

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

November 22, 2022

Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild. Aurora Stealer...

Two Estonian citizens arrested in $575M cryptocurrency fraud scheme

November 22, 2022

Two Estonian citizens were arrested in Tallinn for allegedly running a $575 million cryptocurrency fraud scheme. Two Estonian nationals were...

Emotet is back and delivers payloads like IcedID and Bumblebee

November 22, 2022

The Emotet malware is back and experts warn of a high-volume malspam campaign delivering payloads like IcedID and Bumblebee. Proofpoint...

Expert published PoC exploit code for macOS sandbox escape flaw

November 21, 2022

A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech Reguła...

Google won a lawsuit against the Glupteba botnet operators

November 21, 2022

Google won a lawsuit filed against two Russian nationals involved in the operations of the Glupteba botnet. This week, Google...

Google provides rules to detect tens of cracked versions of Cobalt Strike

November 21, 2022

Researchers at Google Cloud identified 34 different hacked release versions of the Cobalt Strike tool in the wild. Cobalt Strike...

Octocrypt, Alice, and AXLocker Ransomware, new threats in the wild

November 21, 2022

Experts from Cyble Research and Intelligence Labs (CRIL) discovered three new ransomware families: AXLocker, Octocrypt, and Alice Ransomware. Threat intelligence...

Security Affairs newsletter Round 394

November 20, 2022

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...

PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online

November 20, 2022

Proof-of-concept exploit code for two actively exploited Microsoft Exchange ProxyNotShell flaws released online. Proof-of-concept exploit code has been released online...

DEV-0569 group uses Google Ads to distribute Royal Ransomware

November 19, 2022

Microsoft warns that a threat actor, tracked as DEV-0569, is using Google Ads to distribute the recently discovered Royal ransomware....

Black Friday and Cyber Monday, crooks are already at work

November 19, 2022

Every year during Black Friday and Cyber Monday, crooks take advantage of the bad habits of users with fraudulent schema....

New improved versions of LodaRAT spotted in the wild

November 19, 2022

Cisco Talos spotted multiple updated versions of LodaRAT that were deployed alongside other malware families, including RedLine and Neshta. Researchers...

IT threat evolution in Q3 2022. Non-mobile statistics

November 19, 2022

IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These...

IT threat evolution in Q3 2022. Mobile statistics

November 19, 2022

IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These...

IT threat evolution Q3 2022

November 19, 2022

IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics Targeted...

Earth Preta Spear-Phishing Governments Worldwide

November 18, 2022

We break down the cyberespionage activities of advanced persistent threat (APT) group Earth Preta, observed in large-scale attack deployments that...

Atlassian fixed 2 critical flaws in Crowd and Bitbucket products

November 18, 2022

Atlassian addressed this week two critical vulnerabilities impacting its Crowd and Bitbucket products. Atlassian announced the release of security updates...

Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies

November 18, 2022

Hive ransomware operators have extorted over $100 million in ransom payments from over 1,300 companies worldwide as of November 2022....

Ongoing supply chain attack targets Python developers with WASP Stealer

November 18, 2022

A threat actor tracked as WASP is behind an ongoing supply chain attack targeting Python developers with the WASP Stealer....

China-based Fangxiao group behind a long-running phishing campaign

November 18, 2022

A China-based financially motivated group, tracked as Fangxiao, is behind a large-scale phishing campaign dating back as far as 2019. Researchers...

Two public schools in Michigan hit by a ransomware attack

November 17, 2022

Public schools in two Michigan counties were forced to halt their activities, including the lessons, after a ransomware attack. ...

News

5 API Vulnerabilities That Get Exploited by Criminals

US-CERT Bulletin (SB22-325):Vulnerability Summary for the Week of November 14, 2022

Researcher warns that Cisco Secure Email Gateways can easily be circumvented

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

Two Estonian citizens arrested in $575M cryptocurrency fraud scheme

Emotet is back and delivers payloads like IcedID and Bumblebee

Expert published PoC exploit code for macOS sandbox escape flaw

Google won a lawsuit against the Glupteba botnet operators

Google provides rules to detect tens of cracked versions of Cobalt Strike

Octocrypt, Alice, and AXLocker Ransomware, new threats in the wild

Security Affairs newsletter Round 394

PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Black Friday and Cyber Monday, crooks are already at work

New improved versions of LodaRAT spotted in the wild

IT threat evolution in Q3 2022. Non-mobile statistics

IT threat evolution in Q3 2022. Mobile statistics

IT threat evolution Q3 2022

Earth Preta Spear-Phishing Governments Worldwide

Atlassian fixed 2 critical flaws in Crowd and Bitbucket products

Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies

Ongoing supply chain attack targets Python developers with WASP Stealer

China-based Fangxiao group behind a long-running phishing campaign

Two public schools in Michigan hit by a ransomware attack

HackerOne Bug Bounty Disclosure: -bypass-email-verification-for-monitoring-at-monitor-mozilla-org–d-amrr

[RANSOMHUB] – Ransomware Victim: www[.]americanstandard-us[.]com

[SPACEBEARS] – Ransomware Victim: Christian Community Aid

[CLOP] – Ransomware Victim: JOMARSOFTCORP[.]COM

Microsoft Monthly Security Update (October 2024)

You may have missed