Source: heimdalsecurity.com – Author: Livia Gyongyoși Zyxel announced patches are available and should be applied immediately for the newly discovered vulnerability CVE-2023-27992. The flaw is a...
Author:
Linux Servers Hacked to Launch DDoS Attacks and Mine Monero Cryptocurrency – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși Threat actors brute-forced Linux SSH servers to deploy Tsunami DDoS bot, ShellBot, log cleaners, privilege escalation tools, and an XMRig...
Patching Required! New Critical SQL Injection Vulnerabilities Found in MOVEit – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși Researchers discovered new critical SQL injection vulnerabilities in the MOVEit Transfer managed file transfer (MFT) solution. The flaws could enable...
Threat Actors Target the University of Manchester in Cyberattack – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși The University of Manchester network was reportedly hit by a cyberattack and the security team suspects data was stolen. Researchers...
Verizon 2023 DBIR Is Out: Median Cost of Ransomware Incidents Risen to $26,000 – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși Verizon published Tuesday, June 6th, the 2023 Data Breach Investigations Report (DBIR), one of the most highly regarded reports in...
Vulnerability Alert! Two New Exploited Flaws Discovered on Zyxel Firewalls – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși CISA included CVE-2023-33009 and CVE-2023-33010 Zyxel Firewalls flaws in its Known Exploited Vulnerabilities (KEV) catalog. The new CVEs could lead...
New PowerDrop Malware Discovered Targeting U.S. Aerospace Industry – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși Researchers announced finding a sample of the new PowerDrop malware in the network of a defense contractor in the U.S....
5 Cloud Computing Security Risks and Recommended Prevention Measures – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși Cloud computing security risks are a shared responsibility of both the cloud service provider (CSP) and the organization using the...
Warning! WordPress Plugin ”Gravity Forms” Vulnerable to PHP Object Injection – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși Researchers revealed that the largely used WordPress plugin ”Gravity Forms” is vulnerable to unauthenticated PHP Object Injection. The flaw was...
MacOS Vulnerability Enables Hackers to Bypass SIP Root Restrictions – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși Researchers discovered an Apple vulnerability that threat actors can use to deploy undeletable malware. In order to exploit CVE-2023-32369, hackers...
Apria Loses Financial Data of Nearly Two Million Customers Due to Cyberattack – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși Threat actors breached Apria`s Healthcare LLC system and stole the credit card data of 1,869,598 patients and employees. Apria is...
Breach Alert! Rheinmetall AG Confirms Being Hit by BlackBasta Ransomware Attack – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși Rheinmetall AG announced they suffered a data breach after being a target of a BlackBasta ransomware attack. On May 20th,...
U.S. Transportation Department Breach Exposes Data of 237,000 Employees – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși The US Department of Transportation (USDOT) recently revealed threat actors breached its system in a cyberattack. The data breach compromised...
UNC3944 Uses Azure Serial Console for Stealthy Access to Virtual Machines – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși Researchers revealed that the UNC3944 threat actors use phishing and SIM-swapping attacks to get control over Microsoft Azure admin accounts....
What Is a Remote Code Execution Attack? Definition, Risks, and Mitigation Measures – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși A remote code execution (RCE) attack consists of adversaries remotely running code on an enterprise`s assets. Threat actors remotely inject...
Cactus Ransomware Infiltrates Networks by Exploiting VPN Flaws – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși Researchers warn Cactus Ransomware exploits VPN Flaws to compromise networks and encrypts itself to avoid detection. The new ransomware strain...
Warning! New DDoS Botnet Malware Exploits Critical Ruckus RCE Vulnerability – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși AndoryuBot new malware aims to infect unpatched Wi-Fi access points to enlist them in DDoS attacks. To this end, threat...
DNS Layer Security Explained. How It Stops Ransomware and Other Cyberattacks
DNS-Layer Security protects users from threats that arise from inbound and outbound traffic. It refers to monitoring communications between endpoints and the internet at a DNS-layer...
APT28 Russian Hackers Inject Routers with Jaguar Tooth Custom Malware
Researchers in US and UK warn that Russian state sponsored APT28 hackers deploy ”Jaguar Tooth” custom malware on routers in order to obtain unauthorized access. The...
New ”Domino” Malware Strain Targets Corporate Networks
Researchers recently discovered a new malware family named “Domino”, allegedly created by ITG14, also known as the FIN7 threat group. Reportedly, ex-Conti hackers have been using...
Ransomware Attack Shuts Down KFC and Pizza Hut Brand Owner`s Restaurants (Update)
Yum! recently disclosed that employees` data were exfiltrated in the January 2023 cyberattack. On January 18th, Yum! Brands closed almost 300 of its restaurants in the...
Round-Robin DNS Explained. What It Is and How It Works
The Round-robin DNS is a load-balancing technique that helps manage traffic and avoid overloading servers. Multiple IP addresses are assigned to a single domain name; each...
Typhon Info-Stealing Malware Comes Back Harder to Detect
Threat actors upgraded Typhon info-stealer to a version that has improved evading features against analysis and anti-virtualization mechanisms. The new Typhon Reborn V2 malware is currently...
New Rilide Malware Strikes Chromium-Based Browsers to Steal Cryptocurrency
Researchers discovered a new malware that fakes legitimate Google Drive extensions to inject malicious scripts and steal cryptocurrency. The new Rilide malware targets Chromium-based browsers like...
My Cloud Goes Down While Data Storage Giant Announces Network Breach
Western Digital announced that they discovered a network breach had affected their systems, starting March 26th. Threat actors managed to obtain unauthorized access to several of...
Warning! 14 Million Customers Impacted by Latitude Financial`s Data Breach
Latitude Financial Services, the recently breached Australian loan giant, announces that the number of affected people reaches 14 million. On March 16, 2023, Latitude disclosed they...
Command-and-Control Servers Explained. Techniques and DNS Security Risks
A command-and-control server (C&C) is a computer that threat actors use to send instructions to compromised systems. Their goal is to direct infected devices into performing...