Synology warns customers that some of its NAS devices are affected by multiple critical Netatalk vulnerabilities. Synology has warned customers that multiple critical Netatalk vulnerabilities affect some of its network-attached storage (NAS) devices. Netatalk is a free, open-source implementation of the Apple Filing Protocol that allows Unix-like operating systems to serve as a file server for macOS computers. QNAP NAS devices support the AFP protocol to […]
This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing invasion that occurred in the previous weeks: April 30 – Pro-Russian group Killnet launched DDoS attacks on Romanian govt sites A series of DDoS […]
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here.  Microsoft Azure flaws could allow accessing PostgreSQL DBs of other customers Emotet tests […]
Researchers discovered flaws in the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. Microsoft addressed a couple of vulnerabilities impacting the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. The vulnerabilities were discovered by researchers at cloud […]
Emotet operators are testing new attack techniques in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default. The operators of the infamous Emotet botnet are testing new attack techniques in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default. The threat actors are adopting the […]
A series of DDoS attacks launched by Russian hacktivists are targeting several Romanian government websites. The Romanian national cyber security and incident response team, DNSC, warns of a series of distributed denial-of-service (DDoS) attacks targeting government websites. The attacks have started on April 29, 2022, at 04:00. The attacks were allegedly launched by Pro-Russian group […]
OpRussia continues, less than a week after my last update Anonymous has hacked other Russian companies and leaked their data via DDoSecrets. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective claims to have published more than 6 TB of Russian data via DDoSecrets. This is my update […]
QNAP urges customers to disable the AFP file service protocol on their NAS devices until it fixes critical Netatalk flaws. Taiwanese vendor QNAP is warning customers to disable the AFP file service protocol on their network-attached storage (NAS) deviced until it fixes several critical Netatalk vulnerabilities. Netatalk is a free, open-source implementation of the Apple Filing Protocol that allows Unix-like operating systems […]
Cybercrime gang FIN7âs badUSB attacks serve as a reminder of two key vulnerabilities present among all organizations. The criminal group had been mailing malware-ridden USBs to various entities in the transport, insurance, and defense industries under the guise that they originated from a trusted source, such as Amazon and the US Department of Health and […]
Threat actors have replaced the BazaLoader and IcedID malware with a new loader called Bumblebee in their campaigns. Cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns seem to have adopted a new loader called Bumblebee. The loader appears to be under development and is a highly sophisticated […]