Cybersecurity firm Zscaler is investigating claims of a data breach after hackers offered access to its network. Cybersecurity firm Zscaler is investigating allegations of a data breach following reports that threat actors are offering for sale access to its network.…
Tag: Security Affairs
Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover
Two high-severity vulnerabilities in BIG-IP Next Central Manager can be exploited to gain admin control and create hidden accounts on any managed assets. F5 has addressed two high-severity vulnerabilities, respectively tracked as CVE-2024-26026 and CVE-2024-21793, in BIG-IP Next Central Manager…
LockBit gang claimed responsibility for the attack on City of Wichita
The LockBit ransomware group has added the City of Wichita to its Tor leak site and threatened to publish stolen data. Last week, the City of Wichita, Kansas, was the victim of a ransomware attack and shut down its network…
New TunnelVision technique can bypass the VPN encapsulation
TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. A threat actor can use…
LiteSpeed Cache WordPress plugin actively exploited in the wild
Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to take over web sites. WPScan researchers reported that threat actors are exploiting a high-severity vulnerability in LiteSpeed Cache plugin for WordPress. LiteSpeed Cache for WordPress…
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606
A critical Remote Code Execution vulnerability in the Tinyproxy service potentially impacted 50,000 Internet-Exposing hosts. Researchers from Cisco Talos reported a use-after-free vulnerability in the HTTP Connection Headers parsing of Tinyproxy 1.11.1 and Tinyproxy 1.10.0. The issue is tracked as CVE-2023-49606…
UK Ministry of Defense disclosed a third-party data breach exposing military personnel data
The UK Ministry of Defense disclosed a data breach at a third-party payroll system that exposed data of armed forces personnel and veterans. The UK Ministry of Defense disclosed a data breach impacting a third-party payroll system that exposed data…
Law enforcement agencies identified LockBit ransomware admin and sanctioned him
The FBI, UK National Crime Agency, and Europol revealed the identity of the admin of the LockBit operation and sanctioned him. The FBI, UK National Crime Agency, and Europol have unmasked the identity of the admin of the LockBit ransomware operation, aka…
MITRE attributes the recent attack to China-linked UNC5221
MITRE published more details on the recent security breach, including a timeline of the attack and attribution evidence. MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the…
Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering
Alexander Vinnik, a Russian operator of virtual currency exchange BTC-e pleaded guilty to participating in a money laundering scheme. Alexander Vinnik, a Russian national, pleaded guilty to conspiracy to commit money laundering for his involvement in operating the cryptocurrency exchange…