LockBit 3.0 introduces important novelties, including a bug bounty program
The LockBit ransomware operators released LockBit 3.0 with important novelties, including a bug bounty program and Zcash payments. The Lockbit...
News
Latest OpenSSL version is affected by a remote memory corruption flaw
Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. Security expert Guido Vranken discovered a...
You only have nine months to ditch Exchange Server 2013
Microsoft has posted a reminder that Exchange Server 2013 reaches End of Support (EoS) on April 11, 2023. That’s a...
Two critical flaws affect CODESYS ICS Automation Software
CODESYS addressed 11 security flaws in the ICS Automation Software that could lead to information disclosure and trigger a denial-of-service...
Conti vs. LockBit: A Comparative Analysis of Ransomware Groups
We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will...
US-CERT Bulletin (SB22-178):Vulnerability Summary for the Week of June 20, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
The government of Lithuania confirmed it had been hit by an intense cyberattack
Lithuania confirmed it had been hit by an “intense” cyberattack, after Vilnius imposed restrictions on the rail transit of certain...
New Matanbuchus Campaign drops Cobalt Strike beacons
Matanbuchus malware-as-a-service (Maas) has been observed spreading through phishing campaigns, dropping Cobalt Strike beacons. Threat intelligence firm Cyble has observed a...
Cyberattack halted the production at the Iranian state-owned Khuzestan Steel company
Iranian state-owned Khuzestan Steel Company was hit by a cyber attack that forced the company to halt its production. The Khuzestan Steel...
Ukrainian telecommunications operators hit by DarkCrystal RAT malware
The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team...
Instagram introduces new ways for users to verify their age
If Instagram suspects you are fibbing about your age, you’ll currently see the following message: “You must be at least...
Threat actors stole $100M in crypto assets from Harmony
Threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony on Thursday evening. Last week threat actors...
Threat actors sell access to tens of vulnerable networks compromised by exploiting Atlassian 0day
A threat actor is selling access to 50 vulnerable networks that have been compromised exploiting the recently disclosed Atlassian Confluence...
Security Affairs newsletter Round 371 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for...
China-linked APT Bronze Starlight deploys ransomware as a smokescreen
China-linked APT Bronze Starlight is deploying post-intrusion ransomware families as a diversionary action to its cyber espionage operations. Researchers from...
Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas
Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place...
Oracle spent 6 months to fix ‘Mega’ flaws in the Fusion Middleware
Researchers disclose technical details of a critical flaw in Fusion Middleware, tracked as CVE-2022–21445, that Oracle took six months to...
Multiple malicious packages in PyPI repository found stealing AWS secrets
Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered...
Attackers exploited a zero-day in Mitel VOIP devices to compromise a network
Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers...
Private Network 5G Security Risks & Vulnerabilities
Why cybersecurity is the first step to private network deployment If you like the site, please consider joining the telegram...
Threat actors continue to exploit Log4Shell in VMware Horizon Systems
The U.S. CISA and the Coast Guard Cyber Command (CGCYBER) warn of attacks exploiting the Log4Shell flaw in VMware Horizon...
Vulnerabilities in the Jacuzzi SmartTub app could allow to access users’ data
Researchers discovered multiple vulnerabilities in Jacuzzi SmartTub app web interface that can expose private data. Multiple vulnerabilities in Jacuzzi SmartTub...
Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users
Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on...
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs
These days ransomware analysis gets a lot of coverage in commercial and public reports, with vendors issuing dozens of ransomware-related...
