Search.AI.Wiki

Category: Security Affairs

Microsoft Patch Tuesday for May 2023 fixed 2 actively exploited zero-day flaws

Microsoft Patch Tuesday Security updates for May 2023 address a total of 40 vulnerabilities, including two zero-day actively exploited in attacks.

Microsoft’s May 2023 security updates address 40 vulnerabilities, including two zero-day flaws actively exploited in attacks. The flaws affect …

The global food distribution giant Sysco discloses a data breach

Sysco, the global food distribution giant, disclosed a data breach, the compromised data includes customer and employee data.

Sysco Corporation is an American multinational corporation involved in marketing and distributing food products, smallwares, kitchen equipment and tabletop items.

BleepingComputer, who …

A Linux NetFilter kernel flaw allows escalating privileges to ‘root’

A Linux NetFilter kernel flaw, tracked as CVE-2023-32233, can be exploited by unprivileged local users to escalate their privileges to root.

Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the …

Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet

A DDoS botnet dubbed AndoryuBot has been observed exploiting an RCE, tracked as CVE-2023-25717, in Ruckus access points.

FortiGuard Labs researchers have recently observed a spike in attacks attempting to exploit the Ruckus Wireless Admin remote code execution vulnerability tracked …

FBI seized 13 domains linked to DDoS-for-hire platforms

The U.S. DoJ announced the seizure of 13 new domains associated with DDoS-for-hire platforms as part of Operation PowerOFF.

The U.S. Justice Department announced the seizure of 13 domains linked to DDoS-for-hire services as part of a coordinated international law …

New CACTUS ransomware appeared in the threat landscape

Researchers warn of a new ransomware family called CACTUS that exploits known vulnerabilities in VPN appliances to gain initial access to victims’ networks.

Researchers from cybersecurity firm Kroll have analyzed on a new ransomware family called CACTUS that has been …

Iran-linked APT groups started exploiting Papercut flaw

Microsoft warns of Iran-linked APT groups that are targeting vulnerable PaperCut MF/NG print management servers.

Microsoft warns that Iran-linked APT groups have been observed exploiting the CVE-2023-27350 flaw in attacks against PaperCut MF/NG print management servers.

The CVE-2023-27350 flaw is …

Money Message gang leaked private code signing keys from MSI data breach

The ransomware gang behind the attack on Taiwanese PC maker MSI leaked the company’s private code signing keys on their darkweb leak site.

In early April, the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation …

NextGen Healthcare suffered a data breach that impacted +1 Million individuals

NextGen Healthcare suffered a data breach, the security incident exposed the personal information of approximately 1 million individuals.

Healthcare solutions provider NextGen Healthcare suffered a data breach that exposed the personal information of informing approximately one million individuals.

NextGen Healthcare, …

Western Digital notifies customers of data breach after March cyberattack

Western Digital is notifying its customers of a data breach that exposed their sensitive personal information, the incident took place in March.

In March 2022, Western Digital was hit by a ransomware attack and in response to the incident, it …

CERT-UA warns of an ongoing SmokeLoader campaign

Ukraine’s CERT-UA warns of an ongoing phishing campaign aimed at distributing the SmokeLoader malware in the form of a polyglot file.

CERT-UA warns of an ongoing phishing campaign that is distributing the SmokeLoader malware in the form of a polyglot …

SEC issued a record award of $279 million to a whistleblower

The Securities and Exchange Commission (SEC) announced the largest-ever award, approximately $279 million, to a whistleblower.

The Securities and Exchange Commission (SEC) paid a record sum of approximately $279 million to a whistleblower.

The award was paid to a whistleblower …

San Bernardino County Sheriff’s Department paid a $1.1M ransom

The San Bernardino County Sheriff’s Department confirmed that it has paid a $1.1-million ransom after the April ransomware attack.

The San Bernardino County Sheriff’s Department opted to pay a $1.1-million ransom after a ransomware attack infected its systems in early …

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Twitter

Twitter confirmed that a security incident publicly exposed Circle tweets

A security problem caused the public sharing of private tweets sent to Twitter Circles to users outside of the Circle, the company admitted.

Since August 2022, the Twitter Circle feature allows users to send tweets to a restricted circle of …

FBI seized other domains used by the shadow eBook library Z-Library

The FBI disrupted once again the illegal eBook library Z-Library the authorities seized several domains used by the service.

The Federal Bureau of Investigation (FBI) seized multiple domains used by the illegal shadow eBook library Z-Library.

Z-Library is the world’s …

Fortinet fixed two severe issues in FortiADC and FortiOS

Fortinet has addressed a couple of high-severity vulnerabilities impacting FortiADC, FortiOS, and FortiProxy.

Fortinet addressed nine security vulnerabilities affecting multiple products, including two high-severity issues, tracked as CVE-2023-27999 and CVE-2023-22640, in FortiADC, FortiOS, and FortiProxy.

The CVE-2023-27999 flaw (CVSS score …

Pro-Russia group NoName took down multiple France sites, including the French Senate one

The French Senate’s website was taken offline by a DDoS attack launched by the pro-Russian hacker group NoName.

The pro-Russia hacker group NoName is claiming responsibility for a DDoS attack that took the website of the French Senate offline.

“Access

North Korea-linked Kimsuky APT uses new recon tool ReconShark

North Korea-linked APT group Kimsuky has been observed using a new reconnaissance tool dubbed ReconShark in a recent campaign.

SentinelOne researchers observed an ongoing campaign from North Korea-linked Kimsuky Group that is using a new malware called ReconShark.

The reconnaissance …
文 » A