Resecurity has identified a large-scale smishing campaign, tracked as Smishing Triad, targeting the US Citizens. Earlier episodes have revealed victims from the U.K., Poland, Sweden, Italy, Indonesia, Japan and other countries – the group was impersonating the Royal Mail, New…
Category: Security Affairs
Publicly available Evil_MinIO exploit used in attacks on MinIO Storage Systems
A threat actor was spotted exploiting MinIO storage system vulnerabilities to execute arbitrary code on affected servers. Security Joes researchers have observed an unknown threat actor using a publicly available exploit chain for vulnerabilities in the MinIO Object Storage system…
University of Sydney suffered a security breach caused by a third-party service provider
The University of Sydney (USYD) suffered a security breach caused by a third-party service provider that exposed personal information of recent applicants. The University of Sydney (USYD) announced that a data breach suffered by a third-party service provider exposed the…
Cybercrime will cost Germany $224 billion in 2023
Cybercrime will cost Germany 206 billion euros ($224 billion) in 2023, German digital association Bitkom told Reuters. According to the German digital association Bitkom, cybercrime will have a worrisome impact on the economy of the state in 2023. Bitkom estimated…
PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks
Researcher released PoC exploit code for a recent critical flaw (CVE-2023-34039) in VMware Aria Operations for Networks. At the end of August, VMware released security updates to address two vulnerabilities in Aria Operations for Networks (formerly vRealize Network Insight), respectively…
Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. LockBit…
LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)
The LockBit ransomware gang claims to have breached the Commission des services electriques de Montréal (CSEM). The LockBit ransomware group continues to be one of the most active extortion gangs in the threat landscape. This week the gang claimed to…
Social engineering attacks target Okta customers to achieve a highly privileged role
Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator…
Talos wars of customizations of the open-source info stealer SapphireStealer
Cisco reported that multiple threat actors are customizing the SapphireStealer information stealer after the leak of its source code. Cisco Talos researchers reported that multiple threat actors have created their own version of the SapphireStealer after that the source code…
UNRAVELING EternalBlue: inside the WannaCry’s enabler
WannaCry and NotPetya, probably two most damaging cyberattacks in recent history, were both only made possible because of EternalBlue. Here is how the NSA-developed cyber monster works, and how you should defend against it. What is the EternalBlue vulnerability? EternalBlue…