Security loopholes on social marketplace website trustanduse.com exposed data of around 439,000 users including many businesses for at least six months. Disclosing personal data on platforms providing digital services is always risky. The Cybernews research team identified a publicly accessible database storing up to 855GB of sensitive user and business data that belongs to social […]
Royal Mail, Britain’s postal service, announced it has suffered a “cyber incident” that caused a “severe service disruption.” Royal Mail, the British multinational postal service and courier company, announced this week that a “cyber incident” has a severe impact on its operation. The incident only impacted Royal Mail’s international export services, the company said it is temporarily unable to […]
Threat actors are targeting organizations in the Australian healthcare sector with the Gootkit malware loader. Trend Micro researchers warn that Gootkit Loader is actively targeting the Australian healthcare industry. The experts analyzed a series of attacks and discovered that Gootkit leveraged SEO poisoning for its initial access and abused legitimate tools like VLC Media Player. […]
US CISA added Microsoft Exchange elevation of privileges bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The first issue, tracked as CVE-2022-41080, is a Microsoft Exchange server privilege escalation vulnerability. The issue can be chained with CVE-2022-41082 (ProxyNotShell) to […]
Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day. Microsoft Patch Tuesday security updates for January 2023 addressed a total of 98 vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; .NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows […]
Zoom addressed four “high” severity vulnerabilities impacting its popular videoconferencing software Zoom Rooms. Zoom addressed four “high” severity vulnerabilities impacting its videoconferencing platform Zoom Rooms. Below are the details for the bugs addressed by the company: CVE-2022-36930 (CVSS Score 8.2) – Local Privilege Escalation in Rooms for Windows Installers. The issue affects Rooms for Windows […]
The open-source jsonwebtoken (JWT) library is affected by a high-severity security flaw that could lead to remote code execution. The open-source JsonWebToken (JWT) library is affected by a high-severity security flaw, tracked as CVE-2022-23529 (CVSS score: 7.6), that could lead to remote code execution. The package is maintained by Auth0, it had over 9 million weekly downloads […]
Kinsing cryptojacking operators are exploiting misconfigured and exposed PostgreSQL servers to access Kubernetes environments. Researchers at Microsoft Defender for Cloud observed threat actors behind the Kinsing cryptojacking operation using two methods to gain initial access in Kubernetes environments: exploitation of weakly configured PostgreSQL containers and exploiting vulnerable images. The crypto-miner Kinsing was first spotted by security firm […]
Airline company Air France-KLM is notifying the customers of its loyalty program Flying Blue of a data breach. Airline company Air France-KLM announced it has suffered a data breach, data belonging to customers of its loyalty program Flying Blue were exposed. The Flying Blue loyalty program is used by other airlines, including Aircalin, Kenya Airways, […]
The government institutions of Moldova have been hit by a wave of phishing attacks since the country offered support to Ukraine. The government institutions of Moldova have been hit by a wave of phishing attacks, threat actors sent more than 1,330 emails to accounts belonging to the country’s state services. “The Information Technology and Cyber […]