Security Affairs Archives - Page 394 of 1047

Pierluigi Paganini May 26, 2022

Exposed: the threat actors who are poisoning Facebook

An investigation of the infamous “Is That You?” video scam led Cybernews researchers into exposing threat actors who are poisoning Facebook Original post @ https://cybernews.com/security/exposed-the-threat-actors-who-are-poisoning-facebook/ An investigation of the infamous “Is That You?” video scam has led Cybernews researchers to a cybercriminal stronghold, from which threat actors have been infecting the social media giant with […]

Pierluigi Paganini May 26, 2022

Zyxel addresses four flaws affecting APs, AP controllers, and firewalls

Zyxel addressed multiple vulnerabilities impacting many of its products, including APs, AP controllers, and firewalls. Zyxel has released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products. Below is the list of the four vulnerabilities, the most severe one is a command injection flaw in some CLI commands […]

Pierluigi Paganini May 26, 2022

Experts warn of a new malvertising campaign spreading the ChromeLoader

Researchers warn of a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims’ browsers. Researchers from Red Canary observed a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims’ browsers. ChromeLoader is a malicious Chrome browser extension, it is classified as a pervasive browser hijacker that modifies browser settings to redirect […]

Pierluigi Paganini May 26, 2022

Do not use Tails OS until a flaw in the bundled Tor Browser will be fixed

The maintainers of the Tails project (The Amnesic Incognito Live System) warn users that the Tor Browser bundled with the OS could expose their sensitive information. The maintainers confirmed that Tor Browser in Tails 5.0 and earlier is unsafe to use for sensitive information. “We recommend that you stop using Tails until the release of 5.1 […]

Pierluigi Paganini May 25, 2022

Unknown APT group is targeting Russian government entities

An unknown APT group is targeting Russian government entities since the beginning of the Russian invasion of Ukraine. Researchers from Malwarebytes observed an unknown Advanced Persistent Threat (APT) group targeting Russian government entities with at least four separate spear-phishing campaigns since the beginning of the Russian invasion of Ukraine. The threat actors behind the attacks […]

Pierluigi Paganini May 25, 2022

Internationa police operation led to the arrest of the SilverTerrier gang leader

The Nigeria Police Force has arrested the suspected leader of the SilverTerrier cybercrime group as a result of an international operation. The Nigeria Police Force has arrested the suspected leader of the SilverTerrier cybercrime gang (aka TMT) after a year-long investigation codenamed “Operation Delilah.” SilverTerrier has been active since at least 2014 and focuses on BEC […]

Pierluigi Paganini May 25, 2022

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

Security flaws in Zoom can be exploited to compromise another user over chat by sending specially crafted messages. A set of four security flaws in the popular video conferencing service Zoom could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages.Tracked from CVE-2022-22784 through CVE-2022-22787, […]

Pierluigi Paganini May 25, 2022

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 flaws to its Known Exploited Vulnerabilities Catalog, including recently addressed issues in the Android kernel (CVE-2021-1048 and CVE-2021-0920) and Cisco IOS XR (CVE-2022-20821). The Cisco IOS XR flaw (CVE-2022-20821, CVSS score: […]

Pierluigi Paganini May 24, 2022

Trend Micro addressed a flaw exploited by China-linked Moshen Dragon APT

Trend Micro addressed a DLL hijacking issue in Trend Micro Security actively exploited by a China-linked threat group to deploy malware. Trend Micro addressed a DLL hijacking flaw in Trend Micro Security that a China-linked threat actor actively exploited to deploy malware. In early May, SentinelOne researchers observed a China-linked APT group, tracked as Moshen […]

Pierluigi Paganini May 24, 2022

Microsoft warns of new highly evasive web skimming campaigns

Threat actors behind web skimming campaigns are using malicious JavaScript to mimic Google Analytics and Meta Pixel scripts to avoid detection. Microsoft security researchers recently observed web skimming campaigns that used multiple obfuscation techniques to avoid detection. The threat actors obfuscated the skimming script by encoding it in PHP, which, in turn, was embedded in […]