Lapsus$ member has been convicted of having hacked multiple high-profile companies

An 18-year-old member of the Lapsus$ gang has been convicted of having helped hack multiple high-profile companies.

A teenage member of the Lapsus$ data extortion group, Arion Kurtaj (18), was convicted by a London jury of having hacked multiple high-profile …

More than 3,000 Openfire servers exposed to attacks using a new exploit

Researchers warn that more than 3,000 unpatched Openfire servers are exposed to attacks using an exploit for a recent flaw.

Vulncheck researchers discovered more than 3,000 Openfire servers vulnerable to the CVE-2023-32315 flaw that are exposed to attacks using a …

DoJ charged Tornado Cash founders with laundering more than $1 billion

The U.S. DoJ charged two men with operating the Tornado Cash service and laundering more than $1 Billion in criminal proceeds.

The U.S. Justice Department charged two Tornado Cash founders ROMAN STORM and ROMAN SEMENOV have been charged with one …

FBI identifies wallets holding cryptocurrency funds stolen by North Korea

The U.S. FBI warned that North Korea-linked threat actors may attempt to cash out stolen cryptocurrency worth more than $40 million.

The Federal Bureau of Investigation shared details about the activity of six cryptocurrency wallets operated by North Korea-linked threat …

Carderbee APT targets Hong Kong orgs via supply chain attacks

A previously unknown APT group, tracked as Carderbee, was behind a supply chain attack against Hong Kong organizations.

Symantec Threat Hunter Team reported that a previously unknown APT group, tracked as Carderbee, used a malware-laced version of the legitimate Cobra …

TP-Link Tapo L530E smart bulb flaws allow hackers to steal user passwords

Four vulnerabilities in the TP-Link Tapo L530E smart bulb and impacting the mobile app used to control them expose users to hack.

Researchers from the University of Catania (Italy) and the University of London (UK) have discovered four vulnerabilities impacting …

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data.

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple …

Snatch gang claims the hack of the Department of Defence South Africa

Snatch gang claims the hack of the Department of Defence South Africa and added the military organization to its leak site.

The Snatch ransomware group added the Department of Defence South Africa to its data leak site.

The mission of …

CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog

US CISA added critical vulnerability CVE-2023-26359 in Adobe ColdFusion to its Known Exploited Vulnerabilities catalog.

US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-26359 (CVSS score 9.8) affecting Adobe ColdFusion to its Known Exploited Vulnerabilities Catalog.

Adobe …

Ivanti fixed a new critical Sentry API authentication bypass flaw

Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035.

The software company Ivanti released urgent security patches to address a critical-severity vulnerability, tracked as CVE-2023-38035 (CVSS score 9.8), in the Ivanti Sentry (formerly MobileIron …

BlackCat ransomware group claims the hack of Seiko network

The BlackCat/ALPHV ransomware group claims to have hacked the Japanese maker of watches Seiko and added the company to its data leak site.

On August 10, 2023, the Japanese maker of watches Seiko disclosed a data breach following a cyber …

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

HiatusRAT malware operators resurfaced with a new wave of attacks targeting Taiwan-based organizations and a U.S. military procurement system.

In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called “HiatusRAT” that infected over 100 edge networking devices …

Israel and US to Invest $3.85 Million in projects for critical infrastructure protection through the BIRD Cyber Program

Israel and US government agencies announced the BIRD Cyber Program, an investment of roughly $4M in projects to enhance the cyber resilience of critical infrastructure.

The BIRD Cyber Program is a joint initiative from the Israel National Cyber Directorate (INCD), …

N. Korean Kimsuky APT targets S. Korea-US military exercises

North Korea-linked APT Kimsuky launched a spear-phishing campaign targeting US contractors working at the war simulation centre.

North Korea-linked APT group Kimsuky carried out a spear-phishing campaign against US contractors involved in a joint U.S.-South Korea military exercise.

The news …

Four Juniper Junos OS flaws can be chained to remotely hack devices

Juniper Networks addressed multiple flaws in the J-Web component of Junos OS that could be chained to achieve remote code execution.

Juniper Networks has released an “out-of-cycle” security update to address four vulnerabilities in the J-Web component of Junos OS. …

Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.


Cybersecurity: CASB vs SASE

Understanding cybersecurity aspects addressed by Cloud Access Security Broker (CASB) and Secure Access Service Edge (SASE)

In an increasingly digital world, where businesses rely on cloud services and remote access, cybersecurity has become paramount. As organizations strive to safeguard their …

Over 3,000 Android Malware spotted using unsupported/unknown compression methods to avoid detection

Threat actors are using Android Package (APK) files with unsupported compression methods to prevent malware analysis.

On June 28th, researchers from Zimperium zLab researchers observed that Joe Sandbox announced the availability of an Android APK that could not be analyzed …

文 » A