Security Affairs Archives - Page 394 of 1057

Pierluigi Paganini June 27, 2022

New Matanbuchus Campaign drops Cobalt Strike beacons

Matanbuchus malware-as-a-service (Maas) has been observed spreading through phishing campaigns, dropping Cobalt Strike beacons. Threat intelligence firm Cyble has observed a malware-as-a-service (Maas), named Matanbuchus, involved in malspam attacks dropping Cobalt Strike beacons. Matanbuchus is a malware loader that first appeared on the threat landscape in February 2021, when it was offered for rent on Russian-speaking […]

Pierluigi Paganini June 27, 2022

Cyberattack halted the production at the Iranian state-owned Khuzestan Steel company

Iranian state-owned Khuzestan Steel Company was hit by a cyber attack that forced the company to halt its production. The Khuzestan Steel Company is one of the major steel companies owned by the Iranian government. The company was forced to halt production due to a cyberattack. According to the Associated Press, Khuzestan Steel Company has a monopoly […]

Pierluigi Paganini June 27, 2022

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The malspam messages have the topic “Free primary legal aid” use a password-protected attachment “Algorithm of actions of […]

Pierluigi Paganini June 27, 2022

Threat actors stole $100M in crypto assets from Harmony

Threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony on Thursday evening. Last week threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms. Harmony’s Horizon […]

Pierluigi Paganini June 26, 2022

Threat actors sell access to tens of vulnerable networks compromised by exploiting Atlassian 0day

A threat actor is selling access to 50 vulnerable networks that have been compromised exploiting the recently disclosed Atlassian Confluence zero-day. A threat actor is selling access to 50 vulnerable networks that have been compromised by exploiting the recently discovered Atlassian Confluence zero-day flaw (CVE-2022-26134). The discovery was made by the Rapid7 Threat Intelligence team […]

Pierluigi Paganini June 26, 2022

Security Affairs newsletter Round 371 by Pierluigi Paganini

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Oracle spent 6 months to fix ‘Mega’ flaws in the Fusion Middleware Multiple malicious packages […]

Pierluigi Paganini June 26, 2022

Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas

Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place on June 8. A Russian hacking group may be responsible for a cyber attack against a liquefied natural gas plant in Texas that led to its explosion on June 8. The explosion took place at […]

Pierluigi Paganini June 25, 2022

Oracle spent 6 months to fix ‘Mega’ flaws in the Fusion Middleware

Researchers disclose technical details of a critical flaw in Fusion Middleware, tracked as CVE-2022–21445, that Oracle took six months to patch. Security researchers have published technical details of a critical Fusion Middleware vulnerability, tracked as CVE-2022–21445, that was reported to Oracle by researchers PeterJson of VNG Corporation and Nguyen Jang of VNPT in October 2021. […]

Pierluigi Paganini June 25, 2022

Multiple malicious packages in PyPI repository found stealing AWS secrets

Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment variables) and also upload these to a publicly exposed endpoint. The malicious packages, which were […]

Pierluigi Paganini June 25, 2022

Attackers exploited a zero-day in Mitel VOIP devices to compromise a network

Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against the network of an organization. The attackers exploited a remote code execution zero-day vulnerability on the Mitel […]