Threat Actors Target AWS EC2 Workloads to Steal Credentials
We found malicious samples attempting to steal Amazon Elastic Compute Cloud (EC2) Workloads' access keys and tokens via typosquatting and...
News
Addressing Ransomware in Hospitals & Medical Devices
Ransomware attacks have been on the rise in recent years, and hospitals are increasingly becoming targets. In many cases, these...
See Tickets discloses data breach, customers’ credit card data exposed
International ticketing services company See Tickets disclosed a data breach that exposed customers’ payment card details. Ticketing service company See...
US charges Ukrainian man with Raccoon Infostealer operation
US authorities charged a Ukrainian man with computer fraud for allegedly infecting millions of computers with Raccoon Infostealer. The US...
Two flaws in Cisco AnyConnect Secure Mobility client for Windows actively exploited
Cisco warns of active exploitation attempts targeting two vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows. Cisco is...
VMware fixes critical RCE in VMware Cloud Foundation
VMware addressed a critical remote code execution vulnerability in VMware Cloud Foundation tracked as CVE-2021-39144. VMware has released security updates...
Top Cloud Security Challenges & How to Beat Them
The ongoing shift of traditional IT functions to the cloud brings new cyber risks for enterprises. Discover three current cloud...
LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company
Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion...
Experts disclosed a 22-year-old bug in popular SQLite Database library
A high-severity vulnerability, tracked as CVE-2022-35737, has been disclosed in the SQLite database library. The security expert Andreas Kellas detailed...
Two PoS Malware used to steal data from more than 167,000 credit cards
Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity...
Hive ransomware gang starts leaking data allegedly stolen from Tata Power
The Hive ransomware gang, which claimed the responsibility for the Tata Power data breach, started leaking data. On October 14,...
Dormant Colors campaign operates over 1M malicious Chrome extensions
A new malvertising campaign, code-named Dormant Colors, is delivering malicious Google Chrome extensions that hijack targets’ browsers. Researchers at Guardio...
Apple fixed the ninth actively exploited zero-day this year
Apple released security updates that addressed the ninth zero-day vulnerability actively exploited in the wild since the start of the...
Uncovering Security Blind Spots in CNC Machines
Industry 4.0 has given rise to smart factories that have markedly improved machining processes, but it has also opened the...
US-CERT Bulletin (SB22-297):Vulnerability Summary for the Week of October 17, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Cuba ransomware affiliate targets Ukraine, CERT-UA warns
The Ukraine Computer Emergency Response Team (CERT-UA) warns of Cuba Ransomware attacks against critical networks in the country. The Ukraine...
Norway PM warns of Russia cyber threat to oil and gas industry
Norway ’s prime minister warned last week that Russia poses “a real and serious threat” to the country’s oil and...
Malicious Clicker apps in Google Play have 20M+ installs
Researchers discovered 16 malicious clicker apps in the official Google Play store that were downloaded by 20M+ users. Security researchers...
Security experts targeted with malicious CVE PoC exploits on GitHub
Researchers discovered thousands of GitHub repositories that offer fake proof-of-concept (PoC) exploits for various flaws used to distribute malware. A team...
Security Affairs newsletter Round 390
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Hackers stole sensitive data from Iran’s atomic energy agency
Iran’s atomic energy agency claims that alleged state-sponsored hackers have compromised its email system. Iran’s atomic energy agency revealed on...
Wholesale giant METRO confirmed to have suffered a cyberattack
International cash and carry giant METRO suffered this week IT infrastructure outages following a cyberattack. International cash and carry giant...
Daixin Team targets health organizations with ransomware, US agencies warn
US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. Healthcare and Public Health sector...
