Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug
SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. Security vendor...
hacking
FIN7 group continues to target US companies with BadUSB devices
The Federal Bureau of Investigation (FBI) warns US companies that the FIN7 cybercriminals group is targeting the US defense industry...
How to secure QNAP NAS devices? The vendor’s instructions
QNAP is warning customers of ransomware attacks targeting network-attached storage (NAS) devices exposed online. Taiwanese vendor QNAP has warned customers...
Threat actor targets VMware Horizon servers using Log4Shell exploits, UK NHS warns
A threat actor attempted to exploit the Log4Shell vulnerability to hack VMWare Horizon servers at UK NHS and deploy web...
Mortar – Evasion Technique To Defeat And Divert Detection And Prevention Of Security Products (AV/EDR/XDR)
red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of...
Norton Crypto, the controversial cryptomining feature of Norton 360
Experts warn that the popular antivirus product Norton 360 has installed a cryptocurrency miner on its customers’ computers. Many users...
Over 3.7 million accounts were compromised in the FlexBooker data breach
The appointment scheduling service FlexBooker discloses a data breach that impacted over 3.7 million accounts. Threat actors compromised the FlexBooker...
Night Sky, a new ransomware operation in the threat landscape
Researchers warn of a new ransomware family, called ‘Night Sky,’ that uses a double-extortion model in attacks again businesses. Researchers...
North Korea-linked Konni APT targets Russian diplomatic bodies
North Korea-linked APT group Konni targets Russian Federation’s Ministry of Foreign Affairs (MID) new versions of malware implants. Security researchers...
Threat actors stole 1.1 million customer accounts from 17 well-known companies
NY OAG warned 17 companies that roughly 1.1 million of their customers have had their user accounts compromised in credential...
Google Docs comment feature abused in phishing campaign
Experts warn of a new phishing technique that abuses the commenting feature of Google Docs to send out emails that...
France hits Google, Facebook with fines over ‘Cookies’ management
The French data privacy and protection authority hit Google and Facebook with 210 million euros ($237 million) in fines. France’s...
Log4J-Detect – Script To Detect The “Log4j” Java Library Vulnerability (CVE-2021-44228) For A List Of URLs With Multithreading
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreadingThe script...
NoReboot persistence technique fakes iPhone shutdown
Researchers devised a sophisticated persistence technique, named NoReboot, for iOS malware that fake shut downs. Researchers from Zecops devised a...
VMware fixed CVE-2021-22045 heap-overflow in Workstation, Fusion and ESXi
VMware addressed a heap-overflow issue (CVE-2021-22045) in Workstation, Fusion and CVE-2021-22045 products that can lead to code execution on the...
FTC warns legal action against businesses who fail to mitigate Log4J attacks
The US Federal Trade Commission (FTC) has warned legal action against companies who fail to secure their infrastructure against Log4Shell...
Threat actors continue to exploit Log4j flaws in their attacks, Microsoft Warns
Threat actors continue to attempt to exploit Apache Log4J vulnerabilities in their campaigns to deploy malware on target systems, Microsoft...
Researchers used electromagnetic signals to classify malware infecting IoT devices
Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. A team of academics (Duy-Phuc...
UScellular discloses the second data breach in a year
UScellular, one of the largest wireless carriers in the US, has disclosed a data breach after the hack suffered in...
Rustpad – Multi-Threaded Padding Oracle Attacks Against Any Service
A multi-threaded what now? rustpad is a multi-threaded successor to the classic padbuster, written in Rust. It abuses a Padding...
Attackers abused cloud video platform to inject an e-skimmer into 100 Real Estate sites
Threat actors compromised more than 100 real estate websites belonging to the same parent company by implanting an e-skimmer. Threat...
Purple Fox backdoor spreads through fake Telegram App installer
Threat actors are spreading the Purple Fox backdoor using tainted installers of the Telegram messaging application. Threat actors are using...
SyntheticSun – A Defense-In-Depth Security Automation And Monitoring Framework Which Utilizes Threat Intelligence, Machine Learning, Managed AWS Security Services And, Serverless Technologies To Continuously Prevent, Detect And Respond To Threats
SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and,...
Hospitality Chain McMenamins discloses data breach after ransomware attack
Hospitality chain McMenamins disclosed a data breach after a recent ransomware attack. Hospitality chain McMenamins discloses a data breach after...
