SonicWall fixed critical SQLi in Analytics and GMS products
Security company SonicWall released updates to address a critical SQL injection (SQLi) flaw in Analytics On-Prem and Global Management System...
News
Account lockout policy in Windows 11 is enabled by default to block block brute force attacks
Starting with Windows 11 Microsoft introduce by default an account lockout policy that can block brute force attacks. Starting with...
Hackers breached Ukrainian radio station to spread fake news about Zelensky ‘s health
Threat actors hacked the Ukrainian radio station TAVR Media and broadcasted fake news on the critical health condition of President...
Candiru surveillance spyware DevilsTongue exploited Chrome Zero-Day to target journalists
The spyware developed by Israeli surveillance firm Candiru exploited recently fixed CVE-2022-2294 Chrome zero-day in attacks on journalists. Researchers from...
TA4563 group leverages EvilNum malware to target European financial and investment entities
A threat actor tracked as TA4563 is using EvilNum malware to target European financial and investment entities. A threat actor,...
Alibaba OSS Buckets Compromised to Distribute Malicious Shell Scripts via Steganography
In this blog entry, we discuss a malicious campaign that targets Alibaba Cloud’s OSS buckets with leaked credentials for malware...
Threat actors target software firm in Ukraine using GoMet backdoor
Threat actors targeted a large software development company in Ukraine using the GoMet backdoor. Researchers from Cisco Talos discovered an...
Lightning Framework, a previously undetected malware that targets Linux systems
Researchers discovered a previously undetected malware dubbed ‘Lightning Framework’ that targets Linux systems. Researchers from Intezer discovered a previously undetected...
Atlassian patched a critical Confluence vulnerability
Atlassian released security updates to address a critical security vulnerability affecting Confluence Server and Confluence Data Center. Atlassian released security updates...
Ring shares data with police without consent (but it’s in good faith), says Amazon
Ring, the Amazon-owned company behind the popular smart doorbells, has admitted to giving doorbell data to law enforcement willy-nilly. All...
Facebook gets round tracking privacy measure by encrypting links
A form of individual tracking specific to your web browser is at the heart of a currently contested privacy battle,...
Apple fixes multiple flaws in iOS, iPadOS, macOS, tvOS, and watchOS devices
Apple released security updates to address multiple vulnerabilities that affect iOS, iPadOS, macOS, tvOS, and watchOS devices. Apple released security...
Another ransomware payment recovered by the Justice Department
The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to...
Vulnerabilities in GPS tracker could have “life-threatening” implications
Researchers at BitSight have discovered six vulnerabilities in the MiCODUS MV720 GPS tracker, a popular vehicle tracking device. The vulnerabilities are...
8220 Gang Cloud Botnet infected 30,000 host globally
The crimeware group known as 8220 Gang expanded over the last month their Cloud Botnet to roughly 30,000 hosts globally. ...
Luna and Black Basta — new ransomware for Windows, Linux and ESXi
Introduction In our crimeware reporting service, we analyze the latest crime-related trends we come across. If we look back at...
Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data
We discovered the use of two Python penetration-testing tools, Impacket and Responder, that malicious actors used to compromise systems and...
Improving Software Supply Chain Cybersecurity
Explore use cases for software supply chain cyberattacks and mitigation strategies to improve security maturity and reduce cyber risk. If...
New Luna ransomware targets Windows, Linux and ESXi systems
Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers...
Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers
Multiple flaws in MiCODUS MV720 Global Positioning System (GPS) trackers shipped with over 1.5 million vehicles can allow hackers to remotely...
Roblox breached: Internal documents posted online by unknown attackers
A data compromise situation has impacted Roblox Corporation, the developers of the massive smash-hit video game Roblox. An as-yet unknown...
EU warns of risks of spillover effects associated with the ongoing war in Ukraine
The Council of the European Union (EU) warns of malicious cyber activities conducted by threat actors in the context of...
Belgium claims China-linked APT groups hit its ministries
The Minister for Foreign Affairs of Belgium blames multiple China-linked threat actors for attacks against The country’s defense and interior...
US-CERT Bulletin (SB22-199):Vulnerability Summary for the Week of July 11, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
