Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware
Users of WSO2 products are advised to update their respective products and platforms or to apply the temporary mitigation steps...
News
Threat profile: RansomHouse makes extortion work without ransomware
Cybersecurity is an industry known for many hats: white hats, black hats, and grey hats. White hats refer to “the...
Runescape phish claims your email has been changed
A Runescape-themed missive landed in our email inbox today, claiming action is required to secure our account. The malicious email...
FBI warns of education sector credentials on dark web forums
The FBI is warning academics to be on their guard, as an embattled education sector continues to experience attacks and...
SideWinder carried out over 1,000 attacks since April 2020
SideWinder, an aggressive APT group, is believed to have carried out over 1,000 attacks since April 2020, Kaspersky reported. Researchers...
Is quantum teleportation the future of secure communications?
“Beam me up Scotty” will always remain my first association with teleportation. And as it stands now, we are still...
Microsoft shared workarounds for the Microsoft Office zero-day dubbed Follina
Microsoft released workarounds for a recently discovered zero-day vulnerability, dubbed Follina, in the Microsoft Office productivity suite. Microsoft has released workarounds for...
Experts warn of ransomware attacks against government organizations of small states
Cyber Research Labs reported a rise in ransomware attacks in the second quarter of 2022, small states are more exposed...
US-CERT Bulletin (SB22-150):Vulnerability Summary for the Week of May 23, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Three Nigerian men arrested in INTERPOL Operation Killer Bee
Interpol arrested three Nigerian men in Lagos, who are suspected of using the Agent Tesla RAT to reroute financial transactions...
Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug)
Several researchers have come across a novel attack that circumvents Microsoft’s Protected View and anti-malware detection. The attack vector uses...
Double-whammy attack follows fake Covid alert with a bogus bank call
The BBC has revealed details of how a food bank in the UK was conned out of about $63,000 (£50,000)...
A new WhatsApp OTP scam could allow the hijacking of users’ accounts
Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users’ accounts through phone calls....
The Quad commits to strengthening cybersecurity in software, supply chains
The United States, Australia, and its Asian partners—India and Japan—have agreed to work on several cybersecurity initiatives on software, supply...
Intuit phish says “we have put a temporary hold on your account”
Intuit released a warning about a phishing email being sent to its customers. The phishing emails tell recipients that their...
Multiple Microsoft Office versions impacted by an actively exploited zero-day
A zero-day flaw in Microsoft Office that could be exploited by attackers to achieve arbitrary code execution on Windows systems....
GoodWill Ransomware victims have to perform socially driven activities to decryption their data
Researchers discovered a new ransomware family called GoodWill that asks victims to donate the ransom for social causes. CloudSEK’s Threat Intelligence Research...
EnemyBot malware adds new exploits to target CMS servers and Android devices
The operators of the EnemyBot botnet added exploits for recently disclosed flaws in VMware, F5 BIG-IP, and Android systems. Operators...
Pro-Russian hacker group KillNet plans to attack Italy on May 30
Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian hacker...
Security Affairs newsletter Round 367 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for...
US man sentenced to 4 years in prison for his role in Infraud scheme
A man from New York was sentenced to four years in prison for trading stolen credit card data and assisting...
How to implement AWS Sustainability Pillar principles
Learn more about the AWS Well-Architected Framework Sustainability Pillar and how to securely and efficiently implement the six design principles...
Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks
360 Qihoo reported DDoS attacks launched by APT-C-53 (aka Gamaredon) conducted through the open-source DDoS Trojan program LOIC. Researchers at 360 Qihoo observed...
The strange link between Industrial Spy and the Cuba ransomware operation
The recently launched Industrial Spy data extortion marketplace has now started its ransomware operation. In April, Malware HunterTeam and Bleeping...
