Tag: Security Affairs

A couple of security vulnerabilities in Apache SuperSet could be exploited by an attacker to gain remote code execution on vulnerable systems. Apache Superset is an open-source Data Visualization and Data Exploration Platform, it is written in Python and based on the…

Read more →

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. In July, Microsoft announced it had mitigated an attack conducted by a China-linked threat actor, tracked as Storm-0558,…

Read more →

Google released September 2023 Android security updates to address multiple flaws, including an actively exploited zero-day. Google released September 2023 Android security updates that address tens of vulnerabilities, including a zero-day flaw tracked as CVE-2023-35674 that was actively exploited in…

Read more →

Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can reveal the user’s IP address by visiting a website. A Reddit user with the handle ‘Educational-Map-8145’ published a proof of concept exploit for a zero-day flaw…

Read more →

MITRE and CISA released a Caldera extension for OT that allows the emulation of attacks on operational technology systems. MITRE Caldera is an open-source adversary emulation platform that helps cybersecurity practitioners to automate security assessments. The tool is built on…

Read more →

Three critical remote code execution vulnerabilities in ASUS routers potentially allow attackers to hijack the network devices. ASUS routers RT-AX55, RT-AX56U_V2, and RT-AC86U are affected by three critical remote code execution vulnerabilities that can potentially allow threat actors to take…

Read more →

Crypto gambling site Stake suffered a security breach, and threat actors withdrew $41M of funds stolen including Tether and Ether. Researchers reported abnormally large withdrawals made from the crypto gambling site Stake to an account with no previous activity, a…

Read more →

The nonprofit organization Freecycle Network (Freecycle.org) confirmed that it has suffered a data breach that impacted more than 7 million users. The Freecycle Network (TFN,) is a private, nonprofit organization that coordinates a worldwide network of “gifting” groups to divert…

Read more →

Meta disrupted two influence campaigns orchestrated by China and Russia, the company blocked thousands of accounts and pages. Meta announced it has taken down two of the largest known covert influence operations originating from China and Russia. The social network…

Read more →

A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down. A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down for some days. It is not…

Read more →

The social media site X announced that it will collect premium users’ biometric data for security and identification purposes. The social media platform X (formerly known as Twitter) has updated its privacy policy informing its premium users that the company…

Read more →

Resecurity has identified a large-scale smishing campaign, tracked as Smishing Triad, targeting the US Citizens. Earlier episodes have revealed victims from the U.K., Poland, Sweden, Italy, Indonesia, Japan and other countries – the group was impersonating the Royal Mail, New…

Read more →

A threat actor was spotted exploiting MinIO storage system vulnerabilities to execute arbitrary code on affected servers. Security Joes researchers have observed an unknown threat actor using a publicly available exploit chain for vulnerabilities in the MinIO Object Storage system…

Read more →

The University of Sydney (USYD) suffered a security breach caused by a third-party service provider that exposed personal information of recent applicants. The University of Sydney (USYD) announced that a data breach suffered by a third-party service provider exposed the…

Read more →

Cybercrime will cost Germany 206 billion euros ($224 billion) in 2023, German digital association Bitkom told Reuters. According to the German digital association Bitkom, cybercrime will have a worrisome impact on the economy of the state in 2023. Bitkom estimated…

Read more →

Researcher released PoC exploit code for a recent critical flaw (CVE-2023-34039) in VMware Aria Operations for Networks. At the end of August, VMware released security updates to address two vulnerabilities in Aria Operations for Networks (formerly vRealize Network Insight), respectively…

Read more →

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. LockBit…

Read more →

The LockBit ransomware gang claims to have breached the Commission des services electriques de Montréal (CSEM). The LockBit ransomware group continues to be one of the most active extortion gangs in the threat landscape. This week the gang claimed to…

Read more →

Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator…

Read more →

Cisco reported that multiple threat actors are customizing the SapphireStealer information stealer after the leak of its source code. Cisco Talos researchers reported that multiple threat actors have created their own version of the SapphireStealer after that the source code…

Read more →