Cybersecurity
Category Added in a WPeMatico Campaign
Sep 21, 2023THNSupply Chain / Malware The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website being used to distribute malicious Linux software. “It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to distribute […]
Pennsylvania State University (Penn State) is facing a lawsuit filed by a former chief information officer (CIO) who alleges that the university falsified government security compliance reports.
Pour one out for the cyber bureaucrats in the Biden administration. In recent weeks, the White House has embarked on a dizzying task: trying to harmonize the exceedingly broad number of cybersecurity-related regulations and technical standards set by industry that corporations and critical infrastructure operators must abide by. That monumental task is likely to span […]
A further multimillion-dollar distribution of funds from Western Union to victims of fraud perpetrated via its payment network has begun, following a previous payout of $365m. The new $40m tranche of money was forfeited by the Colorado-headquartered financial services giant to the Department of Justice (DoJ) to reimburse 25,000 victims in the US and abroad. […]
This post is also available in: 日本語 (Japanese) Researchers should be aware of threat actors repurposing older proof of concept (PoC) code to quickly craft a fake PoC for a newly released vulnerability. On Aug. 17, 2023, the Zero Day Initiative publicly reported a remote code execution (RCE) vulnerability in WinRAR tracked as CVE-2023-40477. They […]
A new cryptojacking operation has been found targeting lesser-known AWS offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to secretly mine cryptocurrency. Named AMBERSQUID, the campaign manages to exploit these cloud services without triggering AWS’s usual resource approval process. The services are referred to as uncommon since they are overlooked from a security […]
Sep 21, 2023THNVulnerability / Exploit A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware. “The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited […]
Two vulnerabilities discovered earlier this year in Atos Unify products could allow malicious actors to cause disruption and even backdoor the targeted system. The flaws were found in the unified communications and collaboration solution by researchers at SEC Consult, an Austria-based cybersecurity consulting firm that is part of the Atos Group’s Eviden business. The vulnerabilities […]
Sep 20, 2023THNNetwork Security / Vulnerability Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure. The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, They have been patched […]