Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices
Mozi botnet continues to evolve, its authors implemented new capabilities to target Netgear, Huawei, and ZTE network gateways. Microsoft researchers...
threatintel
Cisco warns of Server Name Identification data exfiltration flaw in multiple products
Unauthenticated attackers could bypass TLS inspection filtering solution in multiple products to exfiltrate data from previously compromised servers, Cisco warns....
637 flaws in industrial control system (ICS) products were published in H1 2021
During the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76...
Threat actors stole $97 million from Liquid cryptocurency exchange
Japanese cryptocurrency exchange Liquid was hit by a cyber attack, threat actors stole $97 Million worth of crypto-currency assets from...
Cisco will not patch critical flaw CVE-2021-34730 in EoF routers
Cisco has no plan to fix a critical code execution flaw (CVE-2021-34730) in small business RV110W, RV130, RV130W, and RV215W...
Cisco Small Business routers vulnerable to remote attacks, won’t get a patch
In a security advisory, Cisco has informed users that a vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small...
T-Mobile customers, change your PINs
At the end of last week, T-Mobile was investigating reports of a “massive” customer data breach. A hacker claimed to stolen 100...
Beware of COVID Pass scams
You’ve likely seen fake parcel delivery texts in the news recently, and we’ve covered a few of these ourselves. SMS...
Kaspersky Lab detected 1,500 phishing resources targeting crypto investors
Since the beginning of the year, Kaspersky Lab has detected more than 1,500 fraudulent resources around the world aimed at...
HolesWarm Cryptominer Botnet Targets Unpatched Windows, Linux Servers
Researchers at Tencent have issued a warning regarding a HolesWarm cryptominer malware campaign that has exploited more than 20 known...
FBI: Credential Stuffing Attacks on Grocery and Food Delivery Services
According to the FBI, hackers are hacking online accounts at grocery shops, restaurants, and food delivery services using credential stuffing...
Roskomnadzor accused Google of blackmail and pressure on the court
Representatives of Roskomnadzor accused the American corporation Google of blackmail after its statement about possible risks for Russia associated with...
Siamesekitten Launches New Operations Against Israeli Organizations
To mask their actual objectives, hackers affiliated with the government of Iran have concentrated their offensive efforts on IT and...
REW-sploit – Emulate And Dissect MSF And *Other* Attacks
REW-sploitThe tool has been presented at Black-Hat Arsenal USA 2021 https://www.blackhat.com/us-21/arsenal/schedule/index.html#rew-sploit-dissecting-metasploit-attacks-24086 Slides of presentation are available at https://github.com/REW-sploit/REW-sploit_docs Need help...
Allstar – GitHub App To Set And Enforce Security Policies
Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its goal is to...
Threat actors hacked US Census Bureau in 2020 by exploiting a Citrix flaw
Threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day vulnerability,...
NK-linked InkySquid APT leverages IE exploits in recent attacks
North Korea-linked InkySquid group leverages two Internet Explorer exploits to deliver a custom implant in attacks aimed at a South...
New analysis of Diavol ransomware reinforces the link to TrickBot gang
Researchers conducted a new analysis of the Diavol ransomware and found new evidence of the link with the gang behind...
T-Mobile data breach has impacted 48.6 million customers
T-Mobile has confirmed that hackers have stolen records belonging to 48.6 million of current and former customers. Recently T-Mobile has...
Cars and hospital equipment running Blackberry QNX may be affected by BadAlloc vulnerability
Following an announcement by Blackberry the U.S. Food & Drug Administration (FDA) and the Cybersecurity & Infrastructure Security Agency (CISA)...
How to spot a DocuSign phish and what to do about it
Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off....
macOS 11’s hidden security improvements
A deep dive into macOS 11’s internals reveals some security surprises that deserve to be more widely known. Contents IntroductionDisclaimersmacOS...
65 Manufacturers Affected by Critical Security Flaws in Realtek Chipsets
Cybersecurity experts have unearthed critical security flaws in Realtek chips that affect more than 65 hardware vendors and several wireless...
TrickBot Employs Bogus 1Password Installer to Launch Cobalt Strike
The Institute AV-TEST records around 450,000 new critical programmings (malware) every day with several potentially unwanted applications (PUA). These are...
