Threat actors got to a database with over 152,000 customer records before its owner, the Turkish branch of Harvard Business Review, closed it. Crooks left a ransom note, threatening to leak the data and inform authorities of the EU’s General Data Protection Regulation (GDPR) violations. Original Post published on CyberNews A recent discovery by the […]
Everest ransomware operators claimed to have hacked South Africa state-owned company ESKOM Hld SOC Ltd. In March 2022, the Everest ransomware operators published a notice announcing the sale of “South Africa Electricity company’s root access” for $125,000. Eskom transforms inputs from the natural environment – coal, nuclear, fuel, diesel, water, and wind – into more […]
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. BlackByte Ransomware abuses vulnerable driver to bypass security solutions Unpatched remote code execution flaw in Zimbra […]
CommonSpirit, one of the largest hospital chains in the US, suffered a ransomware cyberattack that impacted its operations. Common Spirit, one of the largest hospital chains in the US, this week suffered a ransomware cyberattack that caused severe inconvenience to the facilities and to patients The alleged security breach led to delayed surgeries, hold-ups in […]
The BlackByte ransomware operators are leveraging a flaw in a legitimate Windows driver to bypass security solutions. Researchers from Sophos warn that BlackByte ransomware operators are using a bring your own vulnerable driver (BYOVD) attack to bypass security products. In BYOVD attacks, threat actors abuse vulnerabilities in legitimate, signed drivers, on which security products rely, […]
Threat actors are exploiting an unpatched severe remote code execution flaw (CVE-2022-41352) in the Zimbra collaboration platform. Researchers from Rapid7 are warning of the exploitation of unpatched zero-day remote code execution vulnerability, tracked as CVE-2022-41352, in the Zimbra Collaboration Suite. Rapid7 has published technical details, including a proof-of-concept (PoC) code and indicators of compromise (IoCs) […]
VMware this week addressed a severe vulnerability in vCenter Server that could lead to arbitrary code execution. VMware on Thursday released security patches to address a code execution vulnerability, tracked as CVE-2022-31680 (CVSS score of 7.2), in vCenter Server. The security issue is an unsafe deserialization vulnerability that resides in the platform services controller (PSC). […]
Fortinet addressed a critical authentication bypass vulnerability that impacted FortiGate firewalls and FortiProxy web proxies. Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. An attacker can exploit the vulnerability to log into vulnerable devices. “An authentication bypass using an alternate path or channel [CWE-88] in […]
Threat actors have stolen 2 million Binance Coins (BNB), worth $566 million, from the popular Binance Bridge. Hackers have reportedly stolen $566 million worth of Binance Coins (BNB) from the Binance Bridge. It seems that threat actors were able to exploit an issue with the bridge, the attack took place at 2:30 PM EST today. […]
Researchers linked the threat actor behind the Eternity malware-as-a-service (MaaS) to a new malware strain called LilithBot. Zscaler researchers linked a recently discovered sample of a new malware called LilithBot to the Eternity group (aka EternityTeam; Eternity Project). The Eternity group operates a homonymous malware-as-a-service (MaaS), it is linked to the Russian “Jester Group,” which is […]