Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. In July, Microsoft announced it had mitigated an attack conducted by a China-linked threat actor, tracked as Storm-0558,…
Category: Security Affairs
Google addressed an actively exploited zero-day in Android
Google released September 2023 Android security updates to address multiple flaws, including an actively exploited zero-day. Google released September 2023 Android security updates that address tens of vulnerabilities, including a zero-day flaw tracked as CVE-2023-35674 that was actively exploited in…
A zero-day in Atlas VPN Linux Client leaks users’ IP address
Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can reveal the user’s IP address by visiting a website. A Reddit user with the handle ‘Educational-Map-8145’ published a proof of concept exploit for a zero-day flaw…
MITRE and CISA release Caldera for OT attack emulation
MITRE and CISA released a Caldera extension for OT that allows the emulation of attacks on operational technology systems. MITRE Caldera is an open-source adversary emulation platform that helps cybersecurity practitioners to automate security assessments. The tool is built on…
ASUS routers are affected by three critical remote code execution flaws
Three critical remote code execution vulnerabilities in ASUS routers potentially allow attackers to hijack the network devices. ASUS routers RT-AX55, RT-AX56U_V2, and RT-AC86U are affected by three critical remote code execution vulnerabilities that can potentially allow threat actors to take…
Hackers stole $41M worth of crypto assets from crypto gambling firm Stake
Crypto gambling site Stake suffered a security breach, and threat actors withdrew $41M of funds stolen including Tether and Ether. Researchers reported abnormally large withdrawals made from the crypto gambling site Stake to an account with no previous activity, a…
Freecycle data breach impacted 7 Million users
The nonprofit organization Freecycle Network (Freecycle.org) confirmed that it has suffered a data breach that impacted more than 7 million users. The Freecycle Network (TFN,) is a private, nonprofit organization that coordinates a worldwide network of “gifting” groups to divert…
Meta disrupted two influence campaigns from China and Russia
Meta disrupted two influence campaigns orchestrated by China and Russia, the company blocked thousands of accounts and pages. Meta announced it has taken down two of the largest known covert influence operations originating from China and Russia. The social network…
A massive DDoS attack took down the site of the German financial agency BaFin
A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down. A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down for some days. It is not…
X will collect biometric data from its premium users
The social media site X announced that it will collect premium users’ biometric data for security and identification purposes. The social media platform X (formerly known as Twitter) has updated its privacy policy informing its premium users that the company…