Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., Europe, the Middle East and India.

Iran-linked Charming Kitten group, (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) made the headlines in …

A component in Huawei network appliances could be used to take down Germany’s telecoms networks

German government warns that technology to regulate power consumption in Huawei network appliances could be used for sabotage purposes.

In March, the interior ministry announced it was conducting an audit on the network appliance from Chinese telecoms giants Huawei and …

Thousands of publicly-exposed Apache Superset installs exposed to RCE attacks

Apache Superset open-source data visualization platform is affected by an insecure default configuration that could lead to remote code execution.

Apache Superset is an open-source data visualization and data exploration platform. The maintainers of the software have released security patches …

SLP flaw allows DDoS attacks with an amplification factor as high as 2200 times

A flaw in the Service Location Protocol (SLP), tracked as CVE-2023-29552, can allow to carry out powerful DDoS attacks.

A high-severity security vulnerability (CVE-2023-29552, CVSS score: 8.6) impacting the Service Location Protocol (SLP) can be exploited by threat actors to …

VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023

VMware addressed zero-day flaws that can be chained to achieve arbitrary code execution on Workstation and Fusion software hypervisors.

VMware released security updates to address two zero-day vulnerabilities (CVE-2023-20869, CVE-2023-20870) that were chained by the STAR Labs team during the …

Google researchers found multiple security issues in Intel TDX

Google Cloud Security and Project Zero researchers found multiple vulnerabilities in the Intel Trust Domain Extensions (TDX).

Google Cloud Security and Project Zero researchers, working with Intel experts, discovered multiple vulnerabilities in the Intel Trust Domain Extensions (TDX).

The Intel …

Google Authenticator App now supports Google Account synchronization

Google announced that its Authenticator app for Android and iOS now supports Google Account synchronization.

Google announced that its Google Authenticator app for both iOS and Android now supports Google Account synchronization that allows to safely backup users one-time codes …

Peugeot leaks access to user information in South America

Peugeot, a French brand of automobiles owned by Stellantis, exposed its users in Peru, a South American country with a population of nearly 34 million.

A brand, best known for its lion roaring for over a century, has leaked access …

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware.

Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks.

The …

Experts released PoC Exploit code for actively exploited PaperCut flaw

Threat actors are exploiting PaperCut MF/NG print management software flaws in attacks in the wild, while researchers released PoC exploit code.

Hackers are actively exploiting PaperCut MF/NG print management software flaws (tracked as CVE-2023-27350 and CVE-2023-27351) in attacks in the …

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Print management software provider PaperCut confirmed ongoing active exploitation of CVE-2023-27350 vulnerability.

On April 19th, Print management software provider PaperCut confirmed that it is aware of the active exploitation of the CVE-2023-27350 vulnerability.

The company received two vulnerability reports from the …

How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

WordPress is one of the most popular content management systems in the world due to the ability it gives non-technical, inexperienced users to create professional, effective websites. According to data from W3Techs, WordPress was used by 43% of all websites…

Hackers can hack organizations using data found on their discarded enterprise network equipment

ESET researchers explained that enterprise network equipment that was discarded, but not destroyed, could reveal corporate secrets.

ESET researchers purchased a few used routers to set up a test environment and made a shocking discovery, in many cases, previously used …

Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC

Experts warn of a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control (RBAC).

Cloud security firm Aqua discovered a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run miners. The campaign …

Abandoned Eval PHP WordPress plugin abused to backdoor websites

Threat actors were observed installing the abandoned Eval PHP plugin on compromised WordPress sites for backdoor deployment.

Researchers from Sucuri warned that threat actors are installing the abandoned Eval PHP plugin on compromised WordPress sites for backdoor deployment.

The Eval …

CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog

US Cybersecurity and Infrastructure Security Agency (CISA) added MinIO, PaperCut, and Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog:

CVE-2023-28432 (CVSS

…

Used routers often come loaded with corporate secrets

Enlarge (credit: aquatarkus/Getty Images)

You know that you're supposed to wipe your smartphone or laptop before you resell it or give it to your cousin. After all, there's a lot of valuable personal data on there that should stay in

…

DevSecOps – Everything You Need to Know

In today’s fast-paced, technology-driven world, developing and deploying software applications is no longer enough. With the rapidly escalating and evolving cyber threats, security integration has become integral to development and operations. This is where DevSecOps enters the frame as a …

The risk and reward of ChatGPT in cybersecurity

Unless you’ve been on a retreat in some far-flung location with no internet access for the past few months, chances are you’re well aware of how much hype and fear there’s been around ChatGPT, the artificial intelligence (AI) chatbot developed …

Enable fully homomorphic encryption with Amazon SageMaker endpoints for secure, real-time inferencing

This is joint post co-written by Leidos and AWS. Leidos is a FORTUNE 500 science and technology solutions leader working to address some of the world’s toughest challenges in the defense, intelligence, homeland security, civil, and healthcare markets.

Leidos has …