Security News

Pierluigi Paganini April 01, 2024
Info stealer attacks target macOS users

Experts warn of info stealer malware, including Atomic Stealer, targeting Apple macOS users via malicious ads and rogue websites. Jamf Threat Labs researchers analyzed info stealer malware attacks targeting macOS users via malicious ads and rogue websites. One of the attacks spotted by the researchers relied on sponsored ads proposed to the users while searching […]

Pierluigi Paganini March 31, 2024
Security Affairs newsletter Round 465 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Expert found a backdoor in XZ tools used many Linux distributions German BSI warns of 17,000 […]

Pierluigi Paganini March 31, 2024
DinodasRAT Linux variant targets users worldwide

A Linux variant of the DinodasRAT backdoor used in attacks against users in China, Taiwan, Turkey, and Uzbekistan, researchers from Kaspersky warn. Researchers from Kaspersky uncovered a Linux version of a multi-platform backdoor DinodasRAT that was employed in attacks targeting China, Taiwan, Turkey, and Uzbekistan. DinodasRAT (aka XDealer) is written in C++ and supports a broad range of capabilities to […]

Pierluigi Paganini March 31, 2024
AT&T confirmed that a data breach impacted 73 million customers

AT&T confirmed that a data breach impacted 73 million current and former customers after its data were leaked on a cybercrime forum. In March 2024, more than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached forum, vx-underground researchers reported. The researchers confirmed that the leaked data is legitimate, however, it is […]

Pierluigi Paganini March 30, 2024
Expert found a backdoor in XZ tools used many Linux distributions

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest versions of the “xz” tools and libraries. Red Hat Information Risk and Security and Red […]

Pierluigi Paganini March 30, 2024
German BSI warns of 17,000 unpatched Microsoft Exchange servers

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. The German Federal Office for Information Security (BSI) issued an alert about at least 17,000 Microsoft Exchange servers in the country that are vulnerable to one or more critical vulnerabilities. The BSI also added […]

Pierluigi Paganini March 29, 2024
Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. The company published a document containing recommendations against password spray attacks aimed at Remote […]

Pierluigi Paganini March 29, 2024
American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers’ personal information and partial payment data. Hot Topic, Inc. is an American fast-fashion company specializing in counterculture-related clothing and accessories, as well as licensed music. The company was the victim of credential stuffing attacks against its website and mobile application on November 18-19 and November 25, 2023. The attackers detected suspicious login activity […]

Pierluigi Paganini March 28, 2024
Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to trigger a denial-of-service (DoS) condition. Cisco this week released patches to address multiple IOS and IOS XE software vulnerabilities. An unauthenticated attacker can exploit several issues fixed by the IT giant to cause a denial-of-service (DoS) condition. Below are the […]

Pierluigi Paganini March 28, 2024
Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. Google’s Threat Analysis Group (TAG) and its subsidiary Mandiant reported that in 2023 97 zero-day vulnerabilities were exploited in attacks, while in 2022 the actively exploited zero-day flaws were 62. In 2023, Google (TAG) and […]