US-CERT Vulnerability Summary for the Week of March 13, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
News
OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident
OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other...
U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals
In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that...
Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability....
GitHub.com rotates its exposed private SSH key
GitHub has rotated its private SSH key for GitHub.com after the secret was was accidentally published in a public GitHub repository. The software...
UK creates fake DDoS-for-hire sites to identify cybercriminals
The U.K.'s National Crime Agency (NCA) revealed today that they created multiple fake DDoS-for-hire service websites to identify cybercriminals who utilize...
OpenAI: ChatGPT payment data leak caused by open-source bug
OpenAI says a Redis client open-source library bug was behind Monday's ChatGPT outage and data leak, where users saw other...
‘Bitter’ espionage hackers target Chinese nuclear energy orgs
A cyberespionage hacking group tracked as 'Bitter APT' was recently seen targeting the Chinese nuclear energy industry using phishing emails...
Procter & Gamble confirms data theft via GoAnywhere zero-day
Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees after its GoAnywhere...
Microsoft shares tips on detecting Outlook zero-day exploitation
Microsoft today published a detailed guide aiming to help customers discover signs of compromise via exploitation of a recently patched...
FBI confirms access to Breached cybercrime forum database
Today, the FBI confirmed they have access to the database of the notorious BreachForums (aka Breached) hacking forum after the...
Australian police arrest four BEC actors who stole $1.7 million
The Australian Federal Police (AFP) has arrested four members of a cybercriminal syndicate that has laundered $1.7 million stolen from...
Windows, Ubuntu, and VMWare Workstation hacked on last day of Pwn2Own
On the third day of the Pwn2Own hacking contest, security researchers were awarded $185,000 after demonstrating 5 zero-day exploits targeting...
The Week in Ransomware – March 24th 2023 – Clop overload
This week's news has been dominated by the Clop ransomware gang extorting companies whose GoAnywhere services were breached using a...
US-CERT Vulnerability Summary for the Week of March 13, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
A malicious Python package on the Python Package Index (PyPI) repository has been found to use Unicode as a trick...
THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
Any app that can improve business operations is quickly added to the SaaS stack. However, employees don't realize that this...
Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing...
GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure...
Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites
Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on...
Exploit released for Veeam bug allowing cleartext credential theft
Cross-platform exploit code is now available for a high-severity Backup Service vulnerability impacting Veeam's Backup & Replication (VBR) software. The...
Python info-stealing malware uses Unicode to evade detection
A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers'...
CloudPanel installations use the same SSL certificate private key
Self-hosted web administration solution CloudPanel was found to have several security issues, including using the same SSL certificate private key...
Microsoft Teams, Virtualbox, Tesla zero-days exploited at Pwn2Own
During the second day of Pwn2Own Vancouver 2023, competitors were awarded $475,000 after successfully exploiting 10 zero-days in multiple products....
