Mar 27 – Apr 02 Ukraine – Russia the silent cyber conflict
This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective....
News
Security Affairs newsletter Round 359 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church
Anonymous claims to have hacked the Russian Orthodox Church ‘s charitable wing and leaked 15 GB of alleged stolen data....
UK Police charges two teenagers for their alleged role in the Lapsus$ extortion group
The City of London Police charged two of the seven teenagers who were arrested for their alleged role in the...
Beastmode Mirai botnet now includes exploits for Totolink routers
Operators behind the Mirai-based distributed denial-of-service (DDoS) botnet Beastmode (aka B3astmode) added exploits for Totolink routers. The Mirai-based distributed denial-of-service (DDoS) botnet Beastmode (aka...
Ukraine intelligence leaks names of 620 alleged Russian FSB agents
The Ukrainian Defense Ministry’s Directorate of Intelligence leaked personal data belonging to 620 alleged Russian FSB agents. The Ukrainian Defense...
Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts
GitLab has addressed a critical vulnerability, tracked as CVE-2022-1162 (CVSS score of 9.1), that could allow remote attackers to take over...
Trend Micro fixed high severity flaw in Apex Central product management console
Trend Micro has fixed a high severity arbitrary file upload flaw, tracked as CVE-2022-26871, in the Apex Central product management...
This Week in Security News – April 1, 2022
Probing the activities of cloud-based cryptocurrency-mining groups, and Lapsus$ ‘back from vacation’ If you like the site, please consider joining...
New UAC-0056 activity: There’s a Go Elephant in the room
This blog post was authored by Ankur Saini, Roberto Santos and Hossein Jazi. UAC-0056 also known as SaintBear, UNC2589 and...
Globant suffers network breach due to LAPSUS$ compromise
Globant, an IT and software development firm with offices all around the globe, recently admitted in a press statement Wednesday...
Update now! Apple patches two zero-day vulnerabilities that may have been actively exploited
Apple has released security updates for macOS Monterey 12.3.1, iOS 15.4.1, iPadOS 15.4.1, tvOS 15.4.1, and watchOS 8.5.1. The update...
Hive ransomware impacts California non-profit health organisation
Ransomware authors are once again targeting health services, holding important files to ransom and impacting potentially vital services. On this...
Anonymous targets oligarchs’ Russian businesses: Marathon Group hacked
Anonymous continues its operations against Russia, the group announced the hack of the Russian investment firm Marathon Group. Anonymous continues...
AcidRain, a wiper that crippled routers and modems in Europe
Researchers spotted a new destructive wiper, tracked as AcidRain, that is likely linked to the recent attack against Viasat. Security...
Zyxel fixes a critical bug in its business firewall and VPN devices
Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment...
CISA adds Sophos firewall bug to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Sophos firewall flaw and seven other issues to...
Flaws in Wyze cam devices allow their complete takeover
Wyze Cam devices are affected by three security vulnerabilities that can allow attackers to takeover them and access camera feeds....
Lazarus Trojanized DeFi app for delivering malware
For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency...
MITRE ATT&CK® Evaluation results: Malwarebytes’ efficiency, delivered simply, earns high marks
Cybersecurity can be complex work, as security teams need to regularly decipher and prioritize alerts, protect against daily threats, and...
Apple issues emergency patches to fix actively exploited zero-days
Apple released emergency patches to address two zero-day vulnerabilities actively exploited to compromise iPhones, iPads, and Macs. Apple has released...
Phishers make a date with your calendar apps
Calendars are a rich source of bad behaviour for scammers and spammers. They’re one of the most prolific tools the...
Tech support scam campaign targets Japanese visitors to PornHub
The Malwarebytes Threat Intelligence team has identified a malvertising campaign targeting Japanese users. The campaign they discovered was found to...
URI spoofing flaw could phish WhatsApp, Signal, Instagram, and iMessage users
There’s a flaw in the way many of the world’s most popular messaging and email platforms—such as Facebook Messenger, Instagram,...
