Improving Software Supply Chain Cybersecurity
Explore use cases for software supply chain cyberattacks and mitigation strategies to improve security maturity and reduce cyber risk. If...
News
New Luna ransomware targets Windows, Linux and ESXi systems
Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers...
Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers
Multiple flaws in MiCODUS MV720 Global Positioning System (GPS) trackers shipped with over 1.5 million vehicles can allow hackers to remotely...
Roblox breached: Internal documents posted online by unknown attackers
A data compromise situation has impacted Roblox Corporation, the developers of the massive smash-hit video game Roblox. An as-yet unknown...
EU warns of risks of spillover effects associated with the ongoing war in Ukraine
The Council of the European Union (EU) warns of malicious cyber activities conducted by threat actors in the context of...
Belgium claims China-linked APT groups hit its ministries
The Minister for Foreign Affairs of Belgium blames multiple China-linked threat actors for attacks against The country’s defense and interior...
US-CERT Bulletin (SB22-199):Vulnerability Summary for the Week of July 11, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
CloudMensis spyware went undetected for many years
Researchers spotted previously undocumented spyware, dubbed CloudMensis, that targets the Apple macOS systems. Researchers from ESET discovered a previously undetected...
Russia-linked APT29 relies on Google Drive, Dropbox to evade detection
Russia-linked threat actors APT29 are using the Google Drive cloud storage service to evade detection. Palo Alto Networks researchers reported...
Crooks create rogue cryptocurrency-themed apps to steal crypto assets from users
The U.S. FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. The U.S....
The FTC will go after companies misusing location, health, and other sensitive data
After the overturning of Roe V Wade, many feared that using, having access to, and sharing reproductive and sexual health...
Several apps on the Play Store used to spread Joker, Facestealer and Coper malware
Google blocked dozens of malicious apps from the official Play Store that were spreading Joker, Facestealer, and Coper malware families....
MLNK Builder 4.2 released in Dark Web – malicious shortcut-based attacks are on the rise
Cybercriminals released a new MLNK Builder 4.2 tool for malicious shortcuts (LNK) generation with an improved Powershell and VBS Obfuscator...
Tor Browser 11.5 is optimized to automatically bypass censorship
The Tor Project team has announced the release of Tor Browser 11.5, which introduces functionalities to automatically bypass censorship. The...
A massive cyberattack hit Albania
A synchronized criminal attack from abroad hit Albania over the weekend, all Albanian government systems shut down following the cyberattack....
Watch out for the CVE-2022-30136 Windows NFS Remote Code Execution flaw
Researchers published an analysis of the Windows remote code execution vulnerability CVE-2022-30136 impacting the Network File System. Trend Micro Research...
Graff paid a $7.5M ransom and sued its insurance firm for refusing to cover this payment
The high-end British jeweler Graff paid a £6 million ransom after the ransomware attack it suffered in 2021. In September...
Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever
Threat actors hacked the popular NFT platform, Premint NFT and stole 314 NFTs. The popular NFT platform, Premint NFT, was...
Google is going to remove App Permissions List from the Play Store
Google is going to remove the app permissions list from the official Play Store for both the mobile app and...
Security Affairs newsletter Round 374 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for...
APT groups target journalists and media organizations since 2021
Researchers from Proofpoint warn that various APT groups are targeting journalists and media organizations since 2021. Proofpoint researchers warn that...
Critical flaw in Netwrix Auditor application allows arbitrary code execution
A vulnerability in the Netwrix Auditor software can be exploited to execute arbitrary code on affected devices. Bishop Fox discovered...
CISA urges to fix multiple critical flaws in Juniper Networks products
CISA urges admins to apply recently released fixes in Juniper Networks products, including Junos Space, Contrail Networking and NorthStar Controller....
Threat actors exploit a flaw in Digium Phone Software to target VoIP servers
Threat actors are targeting VoIP servers by exploiting a vulnerability in Digium’s software to install a web shell, Palo Alto...
