SLP flaw allows DDoS attacks with an amplification factor as high as 2200 times

A flaw in the Service Location Protocol (SLP), tracked as CVE-2023-29552, can allow to carry out powerful DDoS attacks.

A high-severity security vulnerability (CVE-2023-29552, CVSS score: 8.6) impacting the Service Location Protocol (SLP) can be exploited by threat actors to …

VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023

VMware addressed zero-day flaws that can be chained to achieve arbitrary code execution on Workstation and Fusion software hypervisors.

VMware released security updates to address two zero-day vulnerabilities (CVE-2023-20869, CVE-2023-20870) that were chained by the STAR Labs team during the …

A new Mirai botnet variant targets TP-Link Archer A21

Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451) in TP-Link Archer A21 in recent attacks.

Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8) …

Google researchers found multiple security issues in Intel TDX

Google Cloud Security and Project Zero researchers found multiple vulnerabilities in the Intel Trust Domain Extensions (TDX).

Google Cloud Security and Project Zero researchers, working with Intel experts, discovered multiple vulnerabilities in the Intel Trust Domain Extensions (TDX).

The Intel …

Google Authenticator App now supports Google Account synchronization

Google announced that its Authenticator app for Android and iOS now supports Google Account synchronization.

Google announced that its Google Authenticator app for both iOS and Android now supports Google Account synchronization that allows to safely backup users one-time codes …

Peugeot leaks access to user information in South America

Peugeot, a French brand of automobiles owned by Stellantis, exposed its users in Peru, a South American country with a population of nearly 34 million.

A brand, best known for its lion roaring for over a century, has leaked access …

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware.

Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks.

The …

AuKill tool uses BYOVD attack to disable EDR software

Ransomware operators use the AuKill tool to disable EDR software through Bring Your Own Vulnerable Driver (BYOVD) attack.

Sophos researchers reported that threat actors are using a previously undocumented defense evasion tool, dubbed AuKill, to disable endpoint detection and response …

Experts released PoC Exploit code for actively exploited PaperCut flaw

Threat actors are exploiting PaperCut MF/NG print management software flaws in attacks in the wild, while researchers released PoC exploit code.

Hackers are actively exploiting PaperCut MF/NG print management software flaws (tracked as CVE-2023-27350 and CVE-2023-27351) in attacks in the …

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

EvilExtractor is a new “all-in-one” info stealer for Windows that is being advertised for sale on dark web cybercrime forums.

Fortinet FortiGuard Labs researchers discovered a new “all-in-one” info stealer for Windows, dubbed EvilExtractor (sometimes spelled Evil Extractor) that is …

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Print management software provider PaperCut confirmed ongoing active exploitation of CVE-2023-27350 vulnerability.

On April 19th, Print management software provider PaperCut confirmed that it is aware of the active exploitation of the CVE-2023-27350 vulnerability.

The company received two vulnerability reports from the …

Hackers can hack organizations using data found on their discarded enterprise network equipment

ESET researchers explained that enterprise network equipment that was discarded, but not destroyed, could reveal corporate secrets.

ESET researchers purchased a few used routers to set up a test environment and made a shocking discovery, in many cases, previously used …

Health insurer Point32Health suffered a ransomware attack

Non-profit health insurer Point32Health suffered a ransomware attack and has taken systems offline in response to the incident.

Non-profit health insurer Point32Health has taken systems offline in response to a ransomware attack that took place on April 17. The insurer …

Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC

Experts warn of a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control (RBAC).

Cloud security firm Aqua discovered a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run miners. The campaign …

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Abandoned

…

Abandoned Eval PHP WordPress plugin abused to backdoor websites

Threat actors were observed installing the abandoned Eval PHP plugin on compromised WordPress sites for backdoor deployment.

Researchers from Sucuri warned that threat actors are installing the abandoned Eval PHP plugin on compromised WordPress sites for backdoor deployment.

The Eval …

CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog

US Cybersecurity and Infrastructure Security Agency (CISA) added MinIO, PaperCut, and Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog:

CVE-2023-28432 (CVSS

…