featured

Mobile Security

Issued by: Security Affairs

Google released September 2023 Android security updates that address tens of vulnerabilities, including a zero-day flaw tracked as CVE-2023-35674 that was actively exploited in the wild. This high-severity vulnerability CVE-2023-35674 resides in the Framework component, a threat actor could exploit the issue to escalate privileges without requiring user interaction or additional execution privileges. “There are…

Vulnerabilities

Issued by: SecurityWeek

In an updated advisory, the virtualization technology giant confirmed the public release of exploit code that provides a roadmap for hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface. The exploit code and root-cause analysis, released by SinSinology researcher Sina Kheirkhah, documents the problem as a case…

Malware & Threats

Issued by: DataBreach Today

When is a LockBit ransomware attack not actually a LockBit attack? Cyber defenders are reporting a profusion of attacks involving stolen or reused strains of ransomware. Blame a variety of factors, including law enforcement crackdowns on big-name brands, evolving ransomware business models and at least one case of a ransomware group leader with poor people…

Malware & Threats

Issued by: DataBreach Today

After the attack comes the bill: Ransomware and data-exfiltration attacks continue to stick victims with serious cleanup, legal and other costs. Cloud computing giant Rackspace has so far spent $10.8 million responding to an attack against its hosted Exchange environment by the Play ransomware group that began late last November, the company said in an…

Network Security

Issued by: The Hacker News

Just recently, an attack believed to be perpetrated by the Chinese hacker group Storm-0558 targeted several government agencies. They used fake digital authentication tokens to access webmail accounts running on Microsoft’s Outlook service. In this incident, the attackers stole a signing key from Microsoft, enabling them to issue functional access tokens for Outlook Web Access…

Malware & Threats

Issued by: Dark Reading

Attackers targeted a major US energy company with a phishing campaign that overall sent more than 1,000 emails armed with malicious QR codes aimed at stealing Microsoft credentials. The campaign, discovered by Cofense in May, used both PNG image attachments and redirect links associated with Microsoft Bing and well-known business applications — including Salesforce and…

Vulnerabilities

Issued by: Dark Reading

Hardcoded credentials in the Dell Compellent storage array service could enable attackers to take over enterprise VMware environments for any organizations running those two services in collaboration. Dell Compellent reached its end of life in 2019, and holds less than a 1% share of the data storage market, according to Enlyft. However, organizations still using…