Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. Positive Technologies researchers Vladimir Kononovich and Alexey Stennikov have discovered security flaws Wincor Cineo ATMs that could be exploited to bypass Black-Box attack protections and withdraw cash. “According to Vladimir Kononovich, some manufacturers rely on security through […]
Cybersecurity researchers uncovered a huge botnet, tracked as Pink, that already infected over 1.6 million devices most of them located in China. Qihoo 360’s Netlab Cybersecurity researchers discovered a huge botnet, tracked as Pink, that already infected over 1.6 million devices. The botnet was created to launch DDoS attacks and to insert advertisements in the […]
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Hacker accessed medical info at UMass Memorial Health Reading INTERPOL the African Cyberthreat Assessment […]
A cyber attack hit the UMass Memorial Health, threat actors had access to employee email system, potentially exposing patients info. Threat actors hacked into the employee email system of the UMass Memorial Health healthcare system, potentially accessing the personal information of thousands of patients. The security breach took place between June 2020 and January and […]
ESET researchers discovered a previously undescribed loader for Windows binaries, tracked as Wslink, that runs as a server and executes modules in memory. ESET researchers discovered Wslink, a previously undescribed loader for Windows binaries that, unlike similar loaders, runs as a server and executes modules in memory. The name Wslink comes from one of its […]
Threat actors have stolen $130 million worth of cryptocurrency assets from the Cream Finance decentralized finance (DeFi) platform. C.R.E.A.M. Finance is a decentralized lending protocol for individuals, institutions and protocols to access financial services. It promises earnings to users who are passively holding ETH or wBTC. Threat actors have stolen $130 million worth of cryptocurrency […]
Grief ransomware operators claim to have compromised computer systems at US National Rifle Association (NRA) and added it to their leak site. Grief ransomware operators announced to have hacked US National Rifle Association (NRA) and threaten to leak the stolen data. The NRA was added to the list of compromised organizations on the leak site […]
North Korea-linked Lazarus APT group is extending its operations and started targeting the IT supply chain on new targets. North Korea-linked Lazarus APT group is now targeting also IT supply chain, researchers from Kaspersky Lab warns. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. […]
UltimaSMS, a massive fraud campaign is using Android apps with million of downloads to subscribe victims to premium subscription services. Researchers from Avast have uncovered a widespread premium SMS scam on the Google Play Store, tracked as UltimaSMS, the name comes from the first apps they discovered called Ultima Keyboard 3D Pro. Threat actors used at […]
An unknown ransomware gang leverages a critical SQL injection flaw in the BillQuick Web Suite time and billing solution to deploy ransomware. An unknown ransomware gang is exploiting a critical SQL injection flaw, tracked as CVE-2021-42258, in the popular billing software suite BillQuick Web Suite time to deploy ransomware. The attacks were first spotted this month […]