Taiwanese vendor QNAP is warning customers to install QTS and QuTSÂ firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTSÂ firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. A remote attacker can exploit the vulnerability to inject malicious code […]
A researcher disclosed technical details of a two-factor authentication bypass vulnerability affecting Instagram and Facebook. The researcher Gtm Manoz received a $27,000 bug bounty for having reported a two-factor authentication bypass vulnerability affecting Instagram and Facebook. The flaw resides in a component used by the parent company Meta for confirming a phone number and email […]
The Ukrainian (CERT-UA) discovered five different wipers deployed on the network of the country’s national news agency, Ukrinform. On January 17, 2023, the Telegram channel “CyberArmyofRussia_Reborn” reported the compromise of the systems at the Ukrainian National Information Agency “Ukrinform”. The Ukrainian Computer Emergency Response Team (CERT-UA) immediately investigated the claims and as of January 27, […]
The threat actors behind the GOOTLOADER malware continues to improve their code by adding new components and implementing new obfuscation techniques. Mandiant researchers reported that the UNC2565 group behind the GOOTLOADER malware (aka Gootkit) continues to improve their code by adding new components and implementing new obfuscation techniques. Gootkit runs on an access-a-as-a-service model, it is used […]
An alleged member of the ShinyHunters cybercrime gang has been extradited from Morocco to the United States. Sebastien Raoult, a French national who is suspected of being a member of ShinyHunters cybercrime gang known as “Seyzo Kaizen,” has been extradited from Morocco to the United States. The 22-year-old man was arrested in Morocco at Rabat […]
Pro-Russia group Killnet launched last week DDoS attacks against the websites of German airports, administration bodies, and banks. The Pro-Russia group Killnet is behind the DDoS attacks that last week hit the websites of German airports, administration bodies, and banks. The attacks are the hacktivists’ response to the German government’s decision to send Leopard 2 tanks to […]
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Copycat Criminals mimicking Lockbit gang in northern Europe Sandworm APT targets Ukraine with new SwiftSlicer wiper […]
Horizon3’s Attack Team made the headlines again announcing the release of a PoC exploit code for remote code execution in VMware vRealize Log. Researchers from the Horizon3’s Attack Team announced the release of PoC exploit code for remote code execution in VMware vRealize Log. The PoC exploit code will trigger a series of flaws in […]
Russia-linked Sandworm APT group is behind a new Golang-based wiper, tracked as SwiftSlicer, that hit Ukraine, ESET reports. Researchers from ESET discovered a new Golang-based wiper, dubbed SwiftSlicer, that was used in attacks aimed at Ukraine. The experts believe that the Russia-linked APT group Sandwork (aka BlackEnergy and TeleBots) is behind the wiper attacks. The Sandworm group has been […]
The latest BIND updates patch multiple remotely exploitable vulnerabilities that could lead to denial-of-service (DoS). BIND is a suite of software for interacting with the Domain Name System (DNS) maintained by the Internet Systems Consortium (ISC). The ISC released security patches to address multiple high-severity denial-of-service DoS vulnerabilities in the DNS software suite. Threat actors can exploit […]