A Joint Committee on the National Security Strategy (JCNSS) warns of the high risk of a catastrophic ransomware attack on the UK government. The British government is accused of failing to mitigate the risk of ransomware attacks. According to a…
Category: Security Affairs
OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks
Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. The attackers compromise user accounts…
Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks
Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. Sophos backports the fix for the critical code injection vulnerability CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering that threat…
December 2023 Microsoft Patch Tuesday fixed 4 critical flaws
Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products, including a zero-day. Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products. The vulnerabilities addressed by the company impact Microsoft Windows…
Ukrainian military intelligence service hacked the Russian Federal Taxation Service
The Ukrainian government’s military intelligence service announced the hack of the Russian Federal Taxation Service (FNS). Hackers of the Main Intelligence Directorate of the Ministry of Defense of Ukraine announced they have compromised the Russian Federal Taxation Service (FNS). The…
Kyivstar, Ukraine’s largest mobile carrier brought down by a cyber attack
Kyivstar, the largest Ukraine service provider, was hit by a cyber attack that paralyzed its services. The attack is linked to the ongoing conflict. Kyivstar, the largest Ukraine service provider was down after a major cyber attack. The Ukrainian telecommunications company provides…
Dubai’s largest taxi app exposes 220K+ users
The Dubai Taxi Company (DTC) app, which provides taxi, limousine, and other transport services, left a database open to the public, exposing sensitive customer and driver data. Dubai Taxi Company, a subsidiary of Dubai’s Roads and Transport Authority, leaked a…
Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware
North Korea-linked APT group Lazarus was spotted exploiting Log4j vulnerabilities to deploy previously undocumented remote access trojans. The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs). Cisco…
Apple released iOS 17.2 to address a dozen of security flaws
Apple rolled out emergency security updates to backport patches for two actively exploited zero-day flaws to older devices. The company released iOS 17.2 and iPadOS 17.2 which address a dozen of security flaws. The most severe flaw is a memory corruption issue…
Toyota Financial Services discloses a data breach
Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data. “Due to…