LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities
LogoKit – Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing...
News
Phishy calls and emails play on energy cost increase fears
Gas and electricity price concerns are rife at the moment, with spiralling costs and bigger increases waiting down the line....
Attackers abuse open redirects in Snapchat and Amex in phishing attacks
Threat actors abuse open redirects on Snapchat and American Express to launch phishing attacks against Microsoft 365 users. Attackers abused...
Microsoft is blocking Tutanota email addresses from registering a MS Teams account
Microsoft is actively blocking Tutanota email addresses from registering a Microsoft Teams account. Tutanota is an end-to-end encrypted email app...
Serious cyberattack hits German Chambers of Industry and Commerce (DIHK)
A massive cyberattack hit the website of the German Chambers of Industry and Commerce (DIHK) this week. A massive attack...
Security Affairs newsletter Round 377
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
GwisinLocker ransomware exclusively targets South Korea
Researchers spotted a new family of ransomware, named GwisinLocker, that encrypts Windows and Linux ESXi servers. Researchers warn of a...
Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports
Greek intelligence admitted it had spied on a journalist, while citizens ask the government to reveal the use of surveillance...
Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes
Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created...
Twitter confirms zero-day used to access data of 5.4 million accounts
Twitter confirmed that the recent data breach that exposed data of 5.4 million accounts was caused by the exploitation of...
Well-Architected Framework: Sustainability
One of the key pillars of the AWS Well-Architected Framework (WAF) is sustainability: the idea that cloud applications should be...
Cyber Insurance Market 2022: FAQs & Updates with iBynd
iBynd VP of Insurance, Tim Logan, and Trend Micro’s Cyber Risk Specialist Vince Kearns provide insights on cyber insurance must-haves,...
The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases
Dark Utilities “C2-as-a-Service” is attracting a growing number of customers searching for a command-and-control for their campaigns. The popularity of the...
DHS warns of critical flaws in Emergency Alert System encoder/decoder devices
The U.S. DHS warns of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. The Department of Homeland Security...
CISA adds Zimbra email bug to Known Exploited Vulnerabilities Catalog
US Critical Infrastructure Security Agency (CISA) adds a recently disclosed flaw in the Zimbra email suite to its Known Exploited...
Mysterious threat actor TAC-040 used previously undetected Ljl Backdoor
A threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor. Cybersecurity firm Deepwatch...
New Linux botnet RapperBot brute-forces SSH servers
RapperBot is a new botnet employed in attacks since mid-June 2022 that targets Linux SSH servers with brute-force attacks. Researchers...
New Woody RAT used in attacks aimed at Russian entities
An unknown threat actor is targeting Russian organizations with a new remote access trojan called Woody RAT. Malwarebytes researchers observed an...
Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction
A critical flaw in multiple models of DrayTek Vigor routers can allow unauthenticated, remote attackers to fully compromise affected devices....
Taiwan Government websites suffered DDoS attacks during the Nancy Pelosi visit
Taiwan government websites were temporarily forced offline by cyber attacks during the visit to Taipei of US House Speaker Nancy...
Hackers stole $200 million from the Nomad crypto bridge
The cryptocurrency bridge Nomad is the last victim of a cyber heist, threat actors stole almost $200 million of its...
For months, JusTalk messages were accessible to everyone on the Internet
JusTalk, a popular mobile video calling and messaging app with 20 million global users, exposed a massive database of supposedly...
Cisco addressed critical flaws in Small Business VPN routers
Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security...
DDoS attacks in Q2 2022
News overview Politically-motivated cyberattacks dominated the DDoS landscape in the second quarter of 2022 just as they did in the...
