Nepal’s elite Sherpas See No Future in guiding Mountaineers, Report
India Strategic India Strategic https://www.indiastrategic.in CySecBot CySecBot
breaking news
San Bernardino County Sheriff’s Department paid a $1.1M ransom
The San Bernardino County Sheriff’s Department confirmed that it has paid a $1.1-million ransom after the April ransomware attack. The San Bernardino County Sheriff’s Department opted to pay a $1.1-million ransom after a ransomware attack infected its systems in early April. The ransomware attack forced the Police department to temporarily shut down some of its […]
The post San Bernardino County Sheriff’s Department paid a $1.1M ransom appeared first on Security Affairs.
Dragon Breath APT uses double-dip DLL sideloading strategy
An APT group tracked as Dragon Breath has been observed employing a new DLL sideloading technique. Sophos researchers observed an APT group, tracked as Dragon Breath (aka APT-Q-27 and Golden Eye), that is using a new DLL sideloading technique that adds complexity and layers to the execution of the classic DLL sideloading. The attack consists of a clean […]
The post Dragon Breath APT uses double-dip DLL sideloading strategy appeared first on Security Affairs.
Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by […]
The post Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition appeared first on Security Affairs.
Twitter confirmed that a security incident publicly exposed Circle tweets
A security problem caused the public sharing of private tweets sent to Twitter Circles to users outside of the Circle, the company admitted. Since August 2022, the Twitter Circle feature allows users to send tweets to a restricted circle of users, these messages are not visible to Twitter users outside the Circle. As reported by […]
The post Twitter confirmed that a security incident publicly exposed Circle tweets appeared first on Security Affairs.
FBI seized other domains used by the shadow eBook library Z-Library
The FBI disrupted once again the illegal eBook library Z-Library the authorities seized several domains used by the service. The Federal Bureau of Investigation (FBI) seized multiple domains used by the illegal shadow eBook library Z-Library. Z-Library is the world’s largest illegal library and claims to offer more than 11 million e-books for download. The library […]
The post FBI seized other domains used by the shadow eBook library Z-Library appeared first on Security Affairs.
WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks
A reflected cross-site scripting vulnerability is the Advanced Custom Fields plugin for WordPress exposed over 2 million sites to hacking. Assetnote researchers discovered a reflected cross-site scripting vulnerability, tracked as CVE-2023-29489 (CVSS score: 6.1), in the Advanced Custom Fields plugin for WordPress. The ACF field builder allows users to quickly and easily add fields to […]
The post WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks appeared first on Security Affairs.
Fortinet fixed two severe issues in FortiADC and FortiOS
Fortinet has addressed a couple of high-severity vulnerabilities impacting FortiADC, FortiOS, and FortiProxy. Fortinet addressed nine security vulnerabilities affecting multiple products, including two high-severity issues, tracked as CVE-2023-27999 and CVE-2023-22640, in FortiADC, FortiOS, and FortiProxy. The CVE-2023-27999 flaw (CVSS score 7.6) is a command injection issue in the external resource module. “An improper neutralization of […]
The post Fortinet fixed two severe issues in FortiADC and FortiOS appeared first on Security Affairs.
Pro-Russia group NoName took down multiple France sites, including the French Senate one
The French Senate’s website was taken offline by a DDoS attack launched by the pro-Russian hacker group NoName. The pro-Russia hacker group NoName is claiming responsibility for a DDoS attack that took the website of the French Senate offline. “Access to the Senate website has been disrupted since this morning, our team is fully mobilized […]
The post Pro-Russia group NoName took down multiple France sites, including the French Senate one appeared first on Security Affairs.
North Korea-linked Kimsuky APT uses new recon tool ReconShark
North Korea-linked APT group Kimsuky has been observed using a new reconnaissance tool dubbed ReconShark in a recent campaign. SentinelOne researchers observed an ongoing campaign from North Korea-linked Kimsuky Group that is using a new malware called ReconShark. The reconnaissance tool is delivered through spear-phishing emails, OneDrive links leading to document weaponized downloads, and the execution of malicious […]
The post North Korea-linked Kimsuky APT uses new recon tool ReconShark appeared first on Security Affairs.