Dormant Colors campaign operates over 1M malicious Chrome extensions
A new malvertising campaign, code-named Dormant Colors, is delivering malicious Google Chrome extensions that hijack targets’ browsers. Researchers at Guardio...
News
Apple fixed the ninth actively exploited zero-day this year
Apple released security updates that addressed the ninth zero-day vulnerability actively exploited in the wild since the start of the...
Uncovering Security Blind Spots in CNC Machines
Industry 4.0 has given rise to smart factories that have markedly improved machining processes, but it has also opened the...
US-CERT Bulletin (SB22-297):Vulnerability Summary for the Week of October 17, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Cuba ransomware affiliate targets Ukraine, CERT-UA warns
The Ukraine Computer Emergency Response Team (CERT-UA) warns of Cuba Ransomware attacks against critical networks in the country. The Ukraine...
Norway PM warns of Russia cyber threat to oil and gas industry
Norway ’s prime minister warned last week that Russia poses “a real and serious threat” to the country’s oil and...
Malicious Clicker apps in Google Play have 20M+ installs
Researchers discovered 16 malicious clicker apps in the official Google Play store that were downloaded by 20M+ users. Security researchers...
Security experts targeted with malicious CVE PoC exploits on GitHub
Researchers discovered thousands of GitHub repositories that offer fake proof-of-concept (PoC) exploits for various flaws used to distribute malware. A team...
Security Affairs newsletter Round 390
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Hackers stole sensitive data from Iran’s atomic energy agency
Iran’s atomic energy agency claims that alleged state-sponsored hackers have compromised its email system. Iran’s atomic energy agency revealed on...
Wholesale giant METRO confirmed to have suffered a cyberattack
International cash and carry giant METRO suffered this week IT infrastructure outages following a cyberattack. International cash and carry giant...
Daixin Team targets health organizations with ransomware, US agencies warn
US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. Healthcare and Public Health sector...
Threat actors exploit critical flaw in VMware Workspace ONE Access to drop ransomware, miners
Threat actors are exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace ONE Access in attacks in the wild....
EnergyAustralia Electricity company discloses security breach
Electricity company EnergyAustralia suffered a security breach, threat actors had access to information on 323 customers. Another Australian organization was...
Infographic: How CNAPP Consolidate Cybersecurity Tools
A cloud-native application protection platform (CNAPP) consolidates your security tools, helping development, DevOps, cloud, and security teams sort each piece...
Experts warn of CVE-2022-42889 Text4Shell exploit attempts
Wordfence researchers warn of exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. Experts at WordPress security firm...
CISA adds Linux kernel flaw CVE-2021-3493 to its Known Exploited Vulnerabilities Catalog
CISA added a Linux kernel vulnerability, tracked as CVE-2021-3493, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security...
GUAC – A Google Open Source Project to secure software supply chain
Google launched the Graph for the Understanding Artifact Composition (GUAC) project, to secure the software supply chain. Google this week launched a...
News URSNIF variant doesn’t support banking features
A new variant of the popular Ursnif malware is used as a backdoor to deliver next-stage payloads and steal sensitive...
Healthcare system Advocate Aurora Health data breach potentially impacted 3M patients
Healthcare system Advocate Aurora Health (AAH) disclosed a data breach that exposed the personal data of 3,000,000 patients. The US-based...
Solve the Cloud-Native App Security Puzzle with CNAPP
Explore the value of integrating cloud-native application protection into security and development. If you like the site, please consider joining...
Ransomware Insurance Security Strategies
Ransomware accounts for 75% of all cyber insurance claims yet 40% of business currently lack the coverage needed. Discover how...
Attack Surface Management 2022 Midyear Review Part 1
In our 2022 midyear roundup, we examine the most significant trends and incidents that influenced the cybersecurity landscape in the...
Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update
Cybersecurity researchers warn of a new PowerShell backdoor that disguises itself as part of the Windows update process to avoid...
