IT Information Security Archives - Page 467 of 623 - Security Affairs

IT Information Security

Pierluigi Paganini November 12, 2021

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The attackers exploited a XNU privilege escalation vulnerability […]

Pierluigi Paganini November 12, 2021

How we broke the cloud with two lines of code: the full story of ChaosDB

Wiz Research Team disclosed technical details about the discovery of the ChaosDB vulnerability in Azure Cosmos DB database solution. In August, 2021 the Wiz Research Team disclosed ChaosDB – a severe vulnerability in the popular Azure Cosmos DB database solution that allowed for complete, unrestricted access to the accounts and databases of several thousand Microsoft […]

Pierluigi Paganini November 12, 2021

BotenaGo botnet targets millions of IoT devices using 33 exploits

Researchers at AT&T discovered a new BotenaGo botnet that is using thirty three exploits to target millions of routers and IoT devices. BotenaGo is a new botnet discovered by researchers at AT&T that leverages thirty three exploits to target millions of routers and IoT devices. Below is the list of exploits used by the bot: Vulnerability Affected devices […]

Pierluigi Paganini November 11, 2021

Threat actors hacked a server of a Queensland water supplier and remained undetected for 9 months

Threat actors compromised a server managing customer data for a Queensland water supplier and remained undetected for nine months. A served used by the SunWater statutory Queensland (Australia) Government-owned water supplier was compromised and threat actors remained undetected for nine longs, the annual financial audit report published by the Queensland Audit Office revealed. The water supplier […]

Pierluigi Paganini November 11, 2021

DoJ sentenced to 10 years Russian ‘King of Fraud’ behind the fraud scheme 3ve

The US DoJ sentenced a Russian man for operating a large-scale digital advertising fraud scheme called Methbot (‘3ve’). The US DoJ sentenced the Russian nation Aleksandr Zhukov, aka the ‘King of Fraud,’ for operating a large-scale digital advertising fraud scheme called Methbot (‘3ve‘) that stole at least $7 million from US organizations. DoJ sentenced Zhukov […]

Pierluigi Paganini November 11, 2021

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

The FBI warned private industry partners of attempts by an Iranian threat actor to buy stolen information belonging to US organizations. The Federal Bureau of Investigation (FBI) issued a private industry notification (PIN) to warn private industry partners that Iran-linked threat actors are attempting to buy stolen information belonging to US businesses and organizations abroad. […]

Pierluigi Paganini November 11, 2021

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN

Palo Alto Networks warns of an easy exploitable Remote Code Execution vulnerability in its GlobalProtect VPN product. Palo Alto Networks disclosed a critical remote code execution vulnerability, tracked as CVE-2021-3064, in its GlobalProtect portal and gateway interfaces. The cybersecurity vendor warns that the vulnerability is easily exploitable by an unauthenticated network-based attacker. Successful exploitation can […]

Pierluigi Paganini November 11, 2021

Sophisticated Android spyware PhoneSpy infected thousands of Korean phones

South Korean users have been targeted with a new sophisticated Android spyware, tracked as PhoneSpy, as part of an ongoing campaign. Researchers from Zimperium zLabs uncovered an ongoing campaign aimed at infecting the mobile phones of South Korean users with new sophisticated android spyware dubbed PhoneSpy. The malware already hit more than a thousand South […]

Pierluigi Paganini November 10, 2021

VMware discloses a severe flaw in vCenter Server that has yet to fix

VMware announced it is working on patches for an important severity privilege escalation vulnerability affecting vCenter Server. VMware announced it’s working on security patches to address an important severity privilege escalation vulnerability, tracked as CVE-2021-22048, in its vCenter Server. vCenter Server is the centralized management utility for VMware and is used to manage virtual machines, multiple […]

Pierluigi Paganini November 10, 2021

A flaw in WP Reset PRO WordPress plugin allows wiping the installation DB

A critical vulnerability in the WP Reset PRO WordPress plugin can allow an authenticated user to wipe the entire database of WordPress sites. Researchers from cybersecurity form Packstack have discovered a critical vulnerability in the WP Reset PRO WordPress plugin that could be exploited by an authenticated user to completely wipe the database of a […]

1
2
465
466
467
468
469
621
622
623