breaking news

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, […]

The post Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches appeared first on Security Affairs.

April 28, 2023
0 comment
Read More >>

Google Authenticator App now supports Google Account synchronization

Google announced that its Authenticator app for Android and iOS now supports Google Account synchronization. Google announced that its Google Authenticator app for both iOS and Android now supports Google Account synchronization that allows to safely backup users one-time codes to their Google Account. The company states that users over the years have faced the […]

The post Google Authenticator App now supports Google Account synchronization appeared first on Security Affairs.

April 25, 2023
0 comment
Read More >>

Peugeot leaks access to user information in South America

Peugeot, a French brand of automobiles owned by Stellantis, exposed its users in Peru, a South American country with a population of nearly 34 million. A brand, best known for its lion roaring for over a century, has leaked access to its user data in Peru. And while the country is not that big of […]

The post Peugeot leaks access to user information in South America appeared first on Security Affairs.

April 25, 2023
0 comment
Read More >>

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware. Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks. The group BlueNoroff is considered a group that operates under the control of the notorious North Korea-linked Lazarus APT group. The […]

The post North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware appeared first on Security Affairs.

April 25, 2023
0 comment
Read More >>

AuKill tool uses BYOVD attack to disable EDR software

Ransomware operators use the AuKill tool to disable EDR software through Bring Your Own Vulnerable Driver (BYOVD) attack. Sophos researchers reported that threat actors are using a previously undocumented defense evasion tool, dubbed AuKill, to disable endpoint detection and response (EDR) software. The tool relies on the Bring Your Own Vulnerable Driver (BYOVD) technique to disable the […]

The post AuKill tool uses BYOVD attack to disable EDR software appeared first on Security Affairs.

April 25, 2023
0 comment
Read More >>

Experts released PoC Exploit code for actively exploited PaperCut flaw

Threat actors are exploiting PaperCut MF/NG print management software flaws in attacks in the wild, while researchers released PoC exploit code. Hackers are actively exploiting PaperCut MF/NG print management software flaws (tracked as CVE-2023-27350 and CVE-2023-27351) in attacks in the wild. The threat actors were observed installing the Atera remote management software to take over vulnerable servers. On […]

The post Experts released PoC Exploit code for actively exploited PaperCut flaw appeared first on Security Affairs.

April 24, 2023
0 comment
Read More >>

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

EvilExtractor is a new “all-in-one” info stealer for Windows that is being advertised for sale on dark web cybercrime forums. Fortinet FortiGuard Labs researchers discovered a new “all-in-one” info stealer for Windows, dubbed EvilExtractor (sometimes spelled Evil Extractor) that is available for sale on dark web cybercrime forums. EvilExtractor is a modular info-stealer, it exfiltrates […]

The post EvilExtractor, a new All-in-One info stealer appeared on the Dark Web appeared first on Security Affairs.

April 24, 2023
0 comment
Read More >>

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Print management software provider PaperCut confirmed ongoing active exploitation of CVE-2023-27350 vulnerability. On April 19th, Print management software provider PaperCut confirmed that it is aware of the active exploitation of the CVE-2023-27350 vulnerability. The company received two vulnerability reports from the cybersecurity firm Trend Micro) for high/critical severity security issues in PaperCut MF/NG.  Trend Micro announced they will […]

The post Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws appeared first on Security Affairs.

April 24, 2023
0 comment
Read More >>

Hackers can hack organizations using data found on their discarded enterprise network equipment

ESET researchers explained that enterprise network equipment that was discarded, but not destroyed, could reveal corporate secrets. ESET researchers purchased a few used routers to set up a test environment and made a shocking discovery, in many cases, previously used configurations had not been wiped. The experts pointed out that the data they found on […]

The post Hackers can hack organizations using data found on their discarded enterprise network equipment appeared first on Security Affairs.

April 24, 2023
0 comment
Read More >>

Health insurer Point32Health suffered a ransomware attack

Non-profit health insurer Point32Health suffered a ransomware attack and has taken systems offline in response to the incident. Non-profit health insurer Point32Health has taken systems offline in response to a ransomware attack that took place on April 17. The insurer immediately launched an investigation into the incident with the help of third-party cybersecurity experts to […]

The post Health insurer Point32Health suffered a ransomware attack appeared first on Security Affairs.

April 24, 2023
0 comment
Read More >>