An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down. KmsdBot, as christened by the Akamai Security Intelligence Response Team (SIRT), came to light mid-November 2022 for its ability to brute-force systems with weak SSH credentials. The botnet strikes both Windows and Linux devices spanning […]
Popular password management service LastPass said it’s investigating a second security incident that involved attackers accessing some of its customer information. “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” LastPass CEO Karim Toubba said. GoTo, formerly called LogMeIn, acquired LastPass in […]
The French data protection watchdog on Tuesday fined electricity provider Électricité de France (EDF) €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements. The Commission nationale de l’informatique et des libertés (CNIL) said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the […]
The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches. To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity’s adjusted turnover in the relevant period, or three times the value of […]
Over 70,000 individuals are receiving text messages from the police informing them that they have been victims of online banking frauds and providing them with instructions on what they should do next. The communications are being sent out by the Metropolitan Police as a part of the UK’s greatest ever anti-fraud blitz, which is following […]
Oracle Access Manager (OAM) contains a pre-authentication RCE vulnerability (CVE-2021-35587) that was fixed in January 2022. However, the vulnerability is still being exploited by adversaries in the wild, as confirmed by the Cybersecurity and Infrastructure Security Agency, which added the vulnerability to its Catalog. CVE-2021-35587 has been added to the Known Exploited Vulnerabilities Catalog by CISA, […]
The security researchers at ESET found a new high-risk vulnerability in the UEFI firmware of Acer computers. Because to a security flaw that affects numerous types of Acer laptops, an adversary may be able to deactivate the Secure Boot function, allowing them to circumvent security measures and install malicious software. When the Secure Boot feature […]
Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as […]
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx. The trend, called Invisible Challenge, involves applying a filter known as Invisible Body that just leaves behind a silhouette of the person’s body. But the fact that individuals filming such videos could be […]
Ireland’s Data Protection Commission (DPC) has levied fines of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry initiated by the European regulator on April 14, […]
Earlier we published an article that provided details of a data breach that occurred on Twitter and affected 5.4 million accounts. Now, the exact same information has been published on a hacker forum that emerged as an alternative to the well-known and large Raidforums. Having said that, there is more to it. Due to the fact […]
A gang of hackers has been responsible for the hacking of WhatsApp in recent days, which resulted in the disclosure of a number of users’ contact information. Not only may they get access to your private information, but they can also steal money from your account. What should you do to prevent it? Take the […]
Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to a confused deputy problem, a type of privilege escalation where a program that doesn’t have permission to perform an action can coerce a more-privileged entity to […]
For 6 months, the infamous Emotet botnet has shown almost no activity, and now it’s distributing malicious spam. Let’s dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet is by far one of the most dangerous trojans ever created. The […]
Google sent out emergency patches for its Chrome web browser on Thursday to fix a security hole that the company says is being used in the wild.Google called the high-risk bug a GPU heap buffer overflow and gave it the number CVE-2022-4135. On November 22, 2022, Clement Lecigne of Google’s Threat Analysis Group is said […]
Iranian hackers broke into a key Israeli security organization on Wednesday, stole surveillance tape that caught one of the twin explosions that occurred in Jerusalem on that day, and then published the material online. Israeli officials authorized for publishing on Thursday that the tape was authentic and was collected by the Moses Staff group in […]
There has recently been a discovery made by IBM Security X-Force Threat Researchers regarding a new variant of ransomware known as RansomExx that is dubbed RansomExx2 which was written in Rust language. While threat actor behind this malware is known as Hive0091 (aka DefrayX). Apart from this, the RansomExx is also known by following these […]
‘Tis the season for shopping and if you too are scouting for bargains, make sure to keep your money safe when snapping up those deals
Recent data breaches have driven fast reforms to Australia’s cybersecurity and data protection rules, and the most recent development looks to be the formation of a cyber task force that will “hack back” and aggressively pursue what Minister for Home Affairs Clare O’Neil termed “scumbags.” Due to the fact that millions of Australian citizens have […]
Docker is a technology for containerization, while Kubernetes is a tool for orchestrating container deployments. In the subsequent subsections, we will discuss a variety of open-source tools that really are useful for securing Kubernetes clusters. These open source tools involve code snippets that will help with static scanning of Docker images, security auditing, hardening Kubernetes […]
The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat, Hive, and Luna. The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system, although […]