Security News Archives - Page 408 of 840

Pierluigi Paganini April 19, 2022

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

Researchers reported that threat actors leveraged a new zero-click iMessage exploit to install NSO Group Pegasus on iPhones belonging to Catalans. Researchers from Citizen Lab have published a report detailing the use of a new zero-click iMessage exploit, dubbed HOMAGE, to install the NSO Group Pegasus spyware on iPhones belonging to Catalan politicians, journalists, academics, and activists. […]

Pierluigi Paganini April 19, 2022

New SolarMarker variant upgrades evasion abilities to avoid detection

Researchers disclosed a new variant of the SolarMarker malware that implements new techniques to avoid detection. Cybersecurity researchers from Palo Alto Networks disclosed a new version of the SolarMarker malware that implements new features to avoid detection. SolarMarker (aka Jupyter, Polazert, and Yellow Cockatoo) is a fileless .NET RAT that implements backdoor capabilities and allows operators to steal […]

Pierluigi Paganini April 18, 2022

Experts spotted Industrial Spy, a new stolen data marketplace

A new marketplace named Industrial Spy that focuses on the sale of stolen data appeared in the threat landscape. Malware HunterTeam and Bleeping Computer reported the born of a new marketplace called Industrial Spy that sells stolen data and offers free stolen data to its members. MalwareHunterTeam researchers spotted malware samples [1, 2] that drop the […]

Pierluigi Paganini April 18, 2022

CISA adds VMware, Chrome flaws to its Known Exploited Vulnerabilities Catalog

US CISA adds a VMware privilege escalation flaw and a Google Chrome type confusion issue to its Known Exploited Vulnerabilities Catalog. The Cybersecurity and Infrastructure Security Agency (CISA) added a VMware privilege escalation flaw (CVE-2022-22960) and a Google Chrome type confusion issue (CVE-2022-1364) to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: […]

Pierluigi Paganini April 18, 2022

Apr 10 – Apr 16 Ukraine – Russia the silent cyber conflict

This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing invasion that occurred in the previous weeks: April 16 – The unceasing action of Anonymous against Russia This week the Anonymous collective and its […]

Pierluigi Paganini April 17, 2022

Enemybot, a new DDoS botnet appears in the threat landscape

Enemybot is a DDoS botnet that targeted several routers and web servers by exploiting known vulnerabilities. Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting known vulnerabilities. The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet […]

Pierluigi Paganini April 17, 2022

Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns

GitHub reported that threat actors used stolen OAuth user tokens to exfiltrate private data from several organizations. GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. Threat actors abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, […]

Pierluigi Paganini April 17, 2022

Security Affairs newsletter Round 361 by Pierluigi Paganini

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. U.S. Gov believes North Korea-linked Lazarus APT is behind Ronin Validator cyber heist The […]

Pierluigi Paganini April 16, 2022

U.S. Gov believes North Korea-linked Lazarus APT is behind Ronin Validator cyber heist

The U.S. government blames North Korea-linked APT Lazarus for the recent $600 million Ronin Validator cyber heist. The U.S. government attributes the recent $600 million Ronin Validator cryptocurrencty heist to the North Korea-linked APT Lazarus. The U.S. Treasury announced in a notice the sanctions against the Ethereum address used by the APT to receive the […]

Pierluigi Paganini April 16, 2022

The unceasing action of Anonymous against Russia

This week the Anonymous collective and its affiliates have targeted multiple Russian organizations stealing gigabytes of data. This week Anonymous and other hacker groups affiliated with the collective have launched multiple attacks against Russian government agencies and organizations. The week started with the announcement of the hack of Russia’s Ministry of Culture, Anonymous leaked 446 […]

Security News

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

New SolarMarker variant upgrades evasion abilities to avoid detection

Experts spotted Industrial Spy, a new stolen data marketplace

CISA adds VMware, Chrome flaws to its Known Exploited Vulnerabilities Catalog

Apr 10 – Apr 16 Ukraine – Russia the silent cyber conflict

Enemybot, a new DDoS botnet appears in the threat landscape

Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns

Security Affairs newsletter Round 361 by Pierluigi Paganini

U.S. Gov believes North Korea-linked Lazarus APT is behind Ronin Validator cyber heist

The unceasing action of Anonymous against Russia

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Over 100 Dell models exposed to critical ControlVault3 firmware bugs

How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments

WhatsApp cracks down on 6.8M scam accounts in global takedown

Trend Micro fixes two actively exploited Apex One RCE flaws

U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog

QUICK LINKS

Security News

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!