A new wave of ech0raix ransomware attacks targets QNAP NAS devices
A new wave of ech0raix ransomware attacks is targeting QNAP network-attached storage (NAS) devices. The threat actors behind the ech0raix...
News
Apache addressed a couple of severe vulnerabilities in Apache HTTP Server
The Apache Software Foundation released Apache HTTP Server 2.4.52 to address a couple of security flaws that can lead to...
Experts found backdoors in a popular Auerswald VoIP appliance
Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. Researchers from...
Experts monitor ongoing attacks using exploits for Log4j library flaws
Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library Researchers from DrWeb monitored attacks leveraging...
Dark web marketplace ToRReZ shuts down on their own’s decision
The operators of the ToRReZ dark web marketplace have shut down their operation claiming it is the result of their...
Albania Prime Minister apologizes over the recent massive leak of government data
Albania’s prime minister Edi Rama apologized for the massive leak of personal records from a government database of state. Albania’s...
New Android banking Malware targets Brazil’s Itaú Unibanco Bank
Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages....
Critical flaws in myPRO HMI/SCADA product could allow takeover vulnerable systems
A researcher found a dozen vulnerabilities in mySCADA myPRO product, some of which have been rated as critical. mySCADA myPRO...
French IT services provider Inetum hit by BlackCat ransomware attack
The IT services company Inetum Group was hit by a ransomware attack a few days before the Christmas holiday. French...
Security Affairs newsletter Round 346
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Apple fixed macOS flaw that could allow to bypass Gatekeeper security feature
Apple recently addressed fixed a flaw in the macOS that could be potentially exploited by an attacker to bypass Gatekeeper...
‘Spider-Man: No Way Home’ used to spread a cryptominer
Threat actors attempted to take advantage of the interest in the new ‘ Spider-Man: No Way Home’ movie to spread...
New Rook Ransomware borrows code from Babuk
Recently launched ransomware operation, named Rook, made headlines for its announcement claiming a desperate need a lot of money. A...
Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline
A gang behind a recent Dridex Omicron campaign is moking the victims taunting them with a COVID-19 funeral assistance helpline...
Fisher Price Chatter Bluetooth Telephone 60G LTE has serious privacy issues
Experts found serious privacy issues affecting Fisher Price Chatter Bluetooth Telephone, a Bluetooth headset that appears like a classic kids...
Experts warn of a new stealthy loader tracked as BLISTER
Security researchers spotted a campaign that is employing a new stealthy malware tracked as BLISTER that targets windows systems. Elastic...
NVIDIA informs customers of its products affected by Log4j flaws
NVIDIA released a security advisory to inform customers what products are affected by the recently disclosed Log4Shell vulnerability. NVIDIA has...
Dridex affiliate dresses up as Scrooge
Threat actors are hoping to catch a few more victims before they leave work for the Christmas holidays. The recent...
Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
In this entry we look into how Log4j vulnerabilities affect devices or properties embedded in or used for connected cars,...
AvosLocker ransomware reboots in Safe Mode and installs tools for remote access
In a recent wave of attacks, AvosLocker ransomware is rebooting systems into Windows Safe Mode to disable endpoint security solutions....
Crooks bypass a Microsoft Office patch for CVE-2021-40444 to spread Formbook malware
Crooks discovered how to bypass the patch for a recent Microsoft Office vulnerability (CVE-2021-40444) and are using it to distribute...
Three trivial bugs in Microsoft Teams Software remain unpatched
Researchers disclosed four vulnerabilities in the Teams business communication software, but Microsoft will not address three of them. Researchers from...
FBI traces and grabs back $150 million theft that was turned into bitcoins
On December 1, 2021, the Tokyo police arrested an employee of Sony Life Insurance on suspicion of fraudulently obtaining 17...
HackDHS bug bounty program accepts reports of Log4j-related flaws in DHS systems
The DHS has announced that it is expanding the ‘Hack DHS’ bug bounty program to report for Log4J impacting its...
