LockBit 3.0 gang claims to have stolen data from Thales
The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is...
News
Experts warn of critical RCE in ConnectWise Server Backup Solution
ConnectWise has addressed a critical remote code execution vulnerability impacting Recover and R1Soft Server Backup Manager (SBM). According to the...
Ransomware activity and network access sales in Q3 2022
Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M....
Samsung Galaxy Store flaw could have allowed installing malicious apps on target devices
A security flaw in the Galaxy Store app for Samsung devices could have potentially allowed remote command execution on affected...
APT10: Tracking down LODEINFO 2022, part II
In the previous publication ‘Tracking down LODEINFO 2022, part I‘, we mentioned that the initial infection methods vary in different...
APT10: Tracking down LODEINFO 2022, part I
Kaspersky has been tracking activities involving the LODEINFO malware family since 2019, looking for new modifications and thoroughly investigating any...
US-CERT Bulletin (SB22-304):Vulnerability Summary for the Week of October 24, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
VMware warns of the public availability of CVE-2021-39144 exploit code
VMware warned of the availability of a public exploit for a recently addressed critical remote code execution flaw in NSX...
Actively exploited Windows Mark-of-the-Web zero-day received an unofficial patch
An unofficial patch for an actively exploited flaw in Microsoft Windows that allows to bypass Mark-of-the-Web (MotW) protections. 0patch released...
Wannacry, the hybrid malware that brought the world to its knees
Reflecting on the Wannacry ransomware attack, which is the lesson learnt e why most organizations are still ignoring it. In...
Snatch group claims to have hacked military provider HENSOLDT France
The Snatch ransomware group claims to have hacked HENSOLDT France, a company specializing in military and defense electronics. The Snatch ransomware group claims to...
GitHub flaw could have allowed attackers to takeover repositories of other users
A critical flaw in the cloud-based repository hosting service GitHub could’ve allowed attackers to takeover other repositories. The cloud-based repository...
Malicious dropper apps on Play Store totaled 30.000+ installations
ThreatFabric researchers discovered five malicious dropper apps on Google Play Store with more than 130,000 downloads. Researchers at ThreatFabric have...
Former British Prime Minister Liz Truss ‘s phone was allegedly hacked by Russian spies
According to the Daily Mail, Former British Prime Minister Liz Truss ‘s personal phone was hacked by Russian spies. The...
German BKA arrested the alleged operator of Deutschland im Deep Web darknet market
German police arrested a student that is suspected of being the administrator of ‘Deutschland im Deep Web’ (DiDW) darknet marketplace....
BlackByte ransomware group hit Japanese beverage giant Asahi
The BlackByte ransomware group claims to have compromised the Japanese beer and beverage company Asahi. Asahi Group Holdings, Ltd. is a global Japanese beer,...
Air New Zealand warns of an ongoing credential stuffing attack
Air New Zealand suffered a security breach, multiple customers have been locked out of their accounts after the incident. Air...
Security Affairs newsletter Round 391
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Twilio discloses another security incident that took place in June
Twilio suffered another brief security incident in June 2022, the attack was conducted by the same threat actor of the August hack....
A massive cyberattack hit Slovak and Polish Parliaments
The Slovak and Polish parliaments were hit by a massive cyber attack, and the voting system in Slovakia’s legislature was...
How will Twitter change under Elon Musk?
Cybhorus CEO Pierluigi Paganini talks to TRT World about Elon Musk completing his $44 billion deal to buy Twitter and...
Multiple vulnerabilities affect the Juniper Junos OS
Juniper Networks devices are affected by multiple high-severity issues, including code execution vulnerabilities. Multiple high-severity security vulnerabilities have been discovered...
Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year
Google Thursday released an emergency patch for Chrome 107 to address the actively exploited zero-day vulnerability CVE-2022-3723. Google released an...
Apple backports fixes for CVE-2022-42827 zero-day to older iPhones, iPads
Apple released updates to backport the recently released security patches for CVE-2022-42827 zero-day to older iPhones and iPads. Apple has...
