breaking news

Expert released PoC exploit code for critical Microsoft Word RCE flaw

Security researcher released a proof-of-concept exploit code for a critical flaw, tracked as CVE-2023-21716, in Microsoft Word. Security researcher Joshua Drake released a proof-of-concept for a critical vulnerability, tracked as CVE-2023-21716 (CVSS score 9.8 out of 10), in Microsoft Word. The vulnerability can be exploited by a remote attacker to execute arbitrary code on a […]

The post Expert released PoC exploit code for critical Microsoft Word RCE flaw appeared first on Security Affairs.

March 7, 2023
0 comment
Read More >>

LastPass hack caused by an unpatched Plex software on an employee’s PC

The LastPass data breach was caused by the failure to update Plex on the home computer of one of the company updates. The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers. Recently, the password management software firm disclosed a “second attack,” […]

The post LastPass hack caused by an unpatched Plex software on an employee’s PC appeared first on Security Affairs.

March 7, 2023
0 comment
Read More >>

European police dismantled the DoppelPaymer ransomware gang

German police announced to have dismantled an international cybercrime gang behind the DoppelPaymer ransomware operation. Europol has announced that an international operation conducted by law enforcement in Germany and Ukraine, with help of the US FBI and the Dutch police, targeted two key figures of the DoppelPaymer ransomware group. “On 28 February 2023, the German […]

The post European police dismantled the DoppelPaymer ransomware gang appeared first on Security Affairs.

March 6, 2023
0 comment
Read More >>

US government orders States to conduct cyber security audits of public water systems

The US government urges cyber security audits of public water systems, highlighting the importance to secure US critical infrastructure. The Biden administration announced on Friday that it will make it mandatory for the states to conduct cyber security audits of public water systems. Water systems are critical infrastructures that are increasingly exposed to the risk […]

The post US government orders States to conduct cyber security audits of public water systems appeared first on Security Affairs.

March 6, 2023
0 comment
Read More >>

Hatch Bank data breach caused by the exploitation of the GoAnywhere MFT zero-day

Fintech platform Hatch Bank disclosed a data breach, hackers exploited a recently discovered zero-day in Fortra GoAnywhere MFT secure file-sharing platform. Hatch Bank is a fintech firm that provides services to other fintech companies. The company disclosed a data breach and revealed that the attackers have exploited a recently discovered zero-day vulnerability in the company’s […]

The post Hatch Bank data breach caused by the exploitation of the GoAnywhere MFT zero-day appeared first on Security Affairs.

March 6, 2023
0 comment
Read More >>

Colour-Blind, a fully featured info stealer and RAT in PyPI

Experts discovered a fully featured information stealer, tracked as ‘Colour-Blind’ in the Python Package Index (PyPI). Researchers from Kroll’s Cyber Threat Intelligence team discovered a malicious Python package uploaded to the Python Package Index (PyPI) that contained a fully-featured information stealer and remote access trojan tracked as Colour-Blind. Below is the list of capabilities supported […]

The post Colour-Blind, a fully featured info stealer and RAT in PyPI appeared first on Security Affairs.

March 6, 2023
0 comment
Read More >>

Credential Stuffing attack on Chick-fil-A impacted +71K users

American fast-food restaurant chain Chick-fil-A reported that the accounts of over 71K users were compromised as a result of a credential stuffing campaign. The American fast-food restaurant chain Chick-fil-A notified over 71K users that their accounts have been compromised in a credential stuffing campaign that lasted at least two months. Upon discovering the attack, the […]

The post Credential Stuffing attack on Chick-fil-A impacted +71K users appeared first on Security Affairs.

March 5, 2023
0 comment
Read More >>

Play Ransomware gang has begun to leak data stolen from City of Oakland

The Play ransomware gang has finally begun to leak the data stolen from the City of Oakland in a recent attack. The Play ransomware gang has begun to leak data they have stolen from the City of Oakland (California) in a recent cyberattack. Oakland is the largest city in the East Bay region of the […]

The post Play Ransomware gang has begun to leak data stolen from City of Oakland appeared first on Security Affairs.

March 5, 2023
0 comment
Read More >>

Security Affairs newsletter Round 409 by Pierluigi Paganini

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. FiXS, a new ATM malware that is targeting Mexican banks BidenCash leaks 2.1M stolen credit/debit […]

The post Security Affairs newsletter Round 409 by Pierluigi Paganini appeared first on Security Affairs.

March 5, 2023
0 comment
Read More >>

FiXS, a new ATM malware that is targeting Mexican banks

Researchers at Metabase Q discovered a new ATM malware, dubbed FiXS, that was employed in attacks against Mexican banks since February 2023. Researchers at Metabase Q recently spotted a new ATM malware, dubbed FiXS, that is currently targeting Mexican banks. The name comes from the malware’s code name in the binary.  The experts have yet to determine […]

The post FiXS, a new ATM malware that is targeting Mexican banks appeared first on Security Affairs.

March 4, 2023
0 comment
Read More >>