Atlassian fixed 2 critical flaws in Crowd and Bitbucket products
Atlassian addressed this week two critical vulnerabilities impacting its Crowd and Bitbucket products. Atlassian announced the release of security updates...
News
Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies
Hive ransomware operators have extorted over $100 million in ransom payments from over 1,300 companies worldwide as of November 2022....
Ongoing supply chain attack targets Python developers with WASP Stealer
A threat actor tracked as WASP is behind an ongoing supply chain attack targeting Python developers with the WASP Stealer....
China-based Fangxiao group behind a long-running phishing campaign
A China-based financially motivated group, tracked as Fangxiao, is behind a large-scale phishing campaign dating back as far as 2019. Researchers...
Two public schools in Michigan hit by a ransomware attack
Public schools in two Michigan counties were forced to halt their activities, including the lessons, after a ransomware attack. ...
Email Security Best Practices for Phishing Prevention
Trend Micro Research reported a 137.6% growth in phishing attacks blocked and detected in 2021. Explore the latest phishing trends...
Global Cyber Risk at Elevated Level
North America Least Prepared for Cyberattacks If you like the site, please consider joining the telegram channel or supporting us...
Magento and Adobe Commerce websites under attack
Researchers warn of a surge in cyberattacks targeting CVE-2022-24086, a pre-authentication issue impacting Adobe Commerce and Magento stores. In September 2022,...
Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police
A suspected leader of the Zeus cybercrime gang, Vyacheslav Igorevich Penchukov (aka Tank), was arrested by Swiss police. Swiss police last...
Iran-linked threat actors compromise US Federal Network
Iran-linked threat actors compromised a Federal Civilian Executive Branch organization using a Log4Shell exploit and installed a cryptomining malware. According...
Will Cloud-Native Network Security Oust Firewalls?
Security threats have already begun to outpace cloud firewalls. It’s a fact. But organizations exploring new cloud-native solution find themselves...
Electricity/Energy Cybersecurity: Trends & Survey Response
Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper...
Pilfered Keys: Free App Infected by Malware Steals Keychain Data
Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused...
Complete Guide to Protecting 7 Attack Vectors
The quicker a cyberattack is identified, the less it costs. Jon Clay, VP of Threat Intelligence, reviews 7 key initial...
F5 fixed 2 high-severity Remote Code Execution bugs in its products
Researchers at cybersecurity firm Rapid7 have identified several vulnerabilities and other potential security issues affecting F5 products. Rapid7 researchers discovered...
Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs
North Korea-linked Lazarus APT is using a new version of the DTrack backdoor in attacks aimed at organizations in Europe...
New RapperBot Campaign targets game servers with DDoS attacks
Fortinet researchers discovered new samples of RapperBot used to build a botnet to launch Distributed DDoS attacks against game servers....
Beginning 2023 Google plans to rollout the initial Privacy Sandbox Beta
Google announced it will roll out the Privacy Sandbox system for Android in beta to a limited number of Android...
DTrack activity targeting Europe and Latin America
Introduction DTrack is a backdoor used by the Lazarus group. Initially discovered in 2019, the backdoor remains in use three...
Happy birthday Security Affairs … 11 years together!
Happy BirthDay Security Affairs! Eleven years together! I launched Security Affairs for passion in November 2011 and since then the...
Experts found critical RCE in Spotify’s Backstage
Researchers discovered a critical vulnerability impacting Spotify’s Backstage Software Catalog and Developer Platform. Researchers from the security firm Oxeye discovered...
US-CERT Bulletin (SB22-318):Vulnerability Summary for the Week of November 7, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Experts revealed details of critical SQLi and access issues in Zendesk Explore
Researchers disclosed technical details of critical SQLi and access vulnerabilities in the Zendesk Explore Service. Cybersecurity researchers at Varonis disclosed...
China-linked APT Billbug breached a certificate authority in Asia
A suspected China-linked APT group breached a digital certificate authority in Asia as part of a campaign aimed at government...
