Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction
A critical flaw in multiple models of DrayTek Vigor routers can allow unauthenticated, remote attackers to fully compromise affected devices....
News
Taiwan Government websites suffered DDoS attacks during the Nancy Pelosi visit
Taiwan government websites were temporarily forced offline by cyber attacks during the visit to Taipei of US House Speaker Nancy...
Hackers stole $200 million from the Nomad crypto bridge
The cryptocurrency bridge Nomad is the last victim of a cyber heist, threat actors stole almost $200 million of its...
For months, JusTalk messages were accessible to everyone on the Internet
JusTalk, a popular mobile video calling and messaging app with 20 million global users, exposed a massive database of supposedly...
Cisco addressed critical flaws in Small Business VPN routers
Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security...
DDoS attacks in Q2 2022
News overview Politically-motivated cyberattacks dominated the DDoS landscape in the second quarter of 2022 just as they did in the...
Lessons from the Russian Cyber Warfare Attacks
Trend Micro experts discuss how the prominence of cyberwarfare in a hyper-connected world is a call for enhanced cyber risk...
US-CERT Bulletin (SB22-213):Vulnerability Summary for the Week of July 25, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Power semiconductor component manufacturer Semikron suffered a ransomware attack
Semikron, a German-based independent manufacturer of power semiconductor components, suffered a ransomware cyberattck. Semikron is a German-based independent manufacturer of power semiconductor components, it...
Manjusaka, a new attack tool similar to Sliver and Cobalt Strike
Researchers spotted a Chinese threat actors using a new offensive framework called Manjusaka which is similar to Cobalt Strike. Talos...
Google fixed Critical Remote Code Execution flaw in Android
Google addressed a critical vulnerability in Android OS, tracked as CVE-2022-20345, that can be exploited to achieve remote code execution...
Busting the Myths of Hardware Based Security
Many experts often overlook hardware based security and its vital importance in establishing a secure workspace. When it comes to...
SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant
This blog entry offers a technical analysis of a new SolidBit variant that is posing as different applications to lure...
VMware fixed critical authentication bypass vulnerability
VMware patched a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. VMware has...
LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender
An affiliate of the LockBit 3.0 RaaS operation has been abusing the Windows Defender command-line tool to deploy Cobalt Strike payloads. During...
Gootkit AaaS malware is still active and uses updated tactics
Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. Gootkit runs on an access-a-as-a-service model, it...
Austria investigates DSIRF firm for allegedly developing Subzero spywareÂ
Austria is investigating a report that an Austrian firm DSIRF developed spyware targeting law firms, banks and consultancies. At the...
ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A.
The ALPHV/BlackCat ransomware gang claims to have breached the European gas pipeline Creos Luxembourg S.A. The ALPHV/BlackCat ransomware gang claims...
Australian man charged with creating and selling the Imminent Monitor spyware
An Australian national has been charged for the creation and sale of the Imminent Monitor (IM) spyware, which was also used...
A flaw in Dahua IP Cameras allows full take over of the devices
A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563...
US Federal Communications Commission (FCC) warns of the rise of smishing attacks
The Federal Communications Commission (FCC) warned Americans of the rising threat of smishing (robotexts) attacks. The Federal Communications Commission (FCC)...
Threat actor claims to have hacked European manufacturer of missiles MBDA
Threat actors that go online with the moniker Adrastea claim to have hacked the multinational manufacturer of missiles MBDA. MBDA is a...
17 Android Apps on Google Play Store, dubbed DawDropper, were serving banking malware
The researchers discovered over a dozen Android Apps on Google Play Store, collectively dubbed DawDropper, that were dropping Banking malware. Trend...
Security Affairs newsletter Round 376 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for...
