A previously undetected Linux RAT dubbed Krasue has been observed targeting telecom companies in Thailand. Group-IB researchers discovered a previously undetected Linux remote access trojan called Krasue has been employed in attacks aimed at telecom companies in Thailand. The Krasue…
Category: Security Affairs
Atlassian addressed four new RCE flaws in its products
Australian Software giant Atlassian addressed four critical Remote Code Execution (RCE) vulnerabilities in its products. Atlassian released security patches to address four critical remote code execution vulnerabilities in its products. Below is the list of vulnerabilities addressed by the vendor: It’s unclear if…
CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds four Qualcomm vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualcomm vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added…
Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode
Researchers devised a new post-exploitation tampering technique to trick users into believing that their iPhone is in Lockdown Mode. Researchers from Jamf Threat Labs devised a new post-exploit tampering technique to trick users that their compromised iPhone is running in…
GST Invoice Billing Inventory exposes sensitive data to threat actors
GST Invoice Billing Inventory, a business accounting app for small and medium businesses with over 1M downloads has left a database open, exposing sensitive personal and corporate data up for grabs. The popular and reputable GST Invoice Billing Inventory (previously…
Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw
The U.S. CISA warns that threat actors are actively exploiting a critical vulnerability in Adobe ColdFusion to breach government agencies. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about threat actors actively exploiting a critical vulnerability (CVE-2023-26360) in Adobe…
ENISA published the ENISA Threat Landscape for DoS Attacks Report
ENISA published the ENISA Threat Landscape for DoS Attacks report to bring new insights to the DoS threat landscape. Denial-of-Service (DoS) attacks pose a persistent and significant security risk for organizations. Over the past few years, threat actors have increasingly…
ENISA published ENISA Threat Landscape for DoS Attacks
ENISA published the ENISA Threat Landscape for DoS Attacks report to bring new insights to the DoS threat landscape. Denial-of-Service (DoS) attacks pose a persistent and significant security risk for organizations. Over the past few years, threat actors have increasingly…
Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts
Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. Microsoft’s Threat Intelligence is warning of Russia-linked cyber-espionage group APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) actively exploiting the CVE-2023-23397 Outlook…
Google fixed critical zero-click RCE in Android
Google fixed a critical zero-click RCE vulnerability (CVE-2023-40088) with the release of the December 2023 Android security updates. Google December 2023 Android security updates addressed 85 vulnerabilities, including a critical zero-click remote code execution (RCE) flaw tracked as CVE-2023-40088. The…
New P2PInfect bot targets routers and IoT devices
Cybersecurity researchers discovered a new variant of the P2PInfect botnet that targets routers and IoT devices. Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. This variant has been…
Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware
Microsoft warns of ongoing malvertising attacks using the DanaBot malware to deploy the CACTUS ransomware. Microsoft uncovered ongoing malvertising attacks using the DanaBot Trojan (Storm-1044) to deploy the CACTUS ransomware. Microsoft the campaign to the ransomware operator Storm-0216 (Twisted Spider,…
LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order
The LockBit ransomware attack on the Industrial & Commercial Bank of China demonstrates the weakness of global financial system to cyberattacks. The ransomware breach that crippled U.S. Treasury trading operations at an American subsidiary of Industrial & Commercial Bank of…
Researchers devised an attack technique to extract ChatGPT training data
Researchers devised an attack technique that could have been used to trick ChatGPT into disclosing training data. A team of researchers from several universities and Google have demonstrated an attack technique against ChetGPT that allowed them to extract several megabytes…
Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Researchers…
New Agent Raccoon malware targets the Middle East, Africa and the US
Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. Unit42 researchers uncovered a new backdoor named Agent Raccoon, which is being used in attacks against organizations in the Middle…
Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices
Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass. Taiwanese vendor Zyxel addressed tens of vulnerabilities in its firewalls and access points. The addressed issues are tracked as CVE-2023-35136, CVE-2023-35139, CVE-2023-37925, CVE-2023-37926, CVE-2023-4397, CVE-2023-4398, CVE-2023-5650, CVE-2023-5797, CVE-2023-5960. Threat actors can…
Fortune-telling website WeMystic exposes 13M+ user records
WeMystic, a website on astrology, numerology, tarot, and spiritual orientation, left an open database exposing 34GB of sensitive data about the platforms’ users. Telling the future is a tricky business, and failure to foretell your own mishaps doesn’t help. The…
Expert warns of Turtle macOS ransomware
The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices. The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. Wardle pointed out that since Turtle…
US govt sanctioned North Korea-linked APT Kimsuky
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against North Korea-linked APT group Kimsuky. The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) this week announced sanctions against the North Korea-linked…