Hacking News

ALPHV/BlackCat ransomware affiliate targets Veritas Backup solution bugs

An ALPHV/BlackCat ransomware affiliate was spotted exploiting vulnerabilities in the Veritas Backup solution. An affiliate of the ALPHV/BlackCat ransomware gang, tracked as UNC4466, was observed exploiting three vulnerabilities in the Veritas Backup solution to gain initial access to the target network. Unlike other ALPHV affiliates, UNC4466 doesn’t rely on stolen credentials for initial access to victim environments. Mandiant […]

The post ALPHV/BlackCat ransomware affiliate targets Veritas Backup solution bugs appeared first on Security Affairs.

April 4, 2023
0 comment
Read More >>

Rorschach ransomware has the fastest file-encrypting routine to date

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. Check Point Research (CPR) and Check Point Incident Response Team (CPIRT) researchers detected a previously unknown ransomware strain, dubbed Rorschach ransomware, that was employed in attack against a US-based company. The experts pointed out that the Rorschach ransomware appears to be unique. […]

The post Rorschach ransomware has the fastest file-encrypting routine to date appeared first on Security Affairs.

April 4, 2023
0 comment
Read More >>

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

US CISA has added a Zimbra flaw, which was exploited in attacks targeting NATO countries, to its Known Exploited Vulnerabilities catalog U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926, to its Known Exploited Vulnerabilities Catalog. The CVE-2022-27926 flaw affects Zimbra Collaboration version 9.0.0, which is used to host publicly-facing […]

The post CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

April 4, 2023
0 comment
Read More >>

UK outsourcing services provider Capita suffered a cyber incident

UK outsourcing services provider Capita confirmed that the outage suffered on Friday was caused by a cyberattack. Capita, the UK outsourcing giant, confirmed that its staff was locked out of their accounts on Friday after a cyber incident. Capita is one of the government’s biggest suppliers, with £6.5bn of public sector contracts, reported The Guardian. […]

The post UK outsourcing services provider Capita suffered a cyber incident appeared first on Security Affairs.

April 4, 2023
0 comment
Read More >>

Western Digital took its services offline due to a security breach

Western Digital disclosed a security breach, according to the company an unauthorized party gained access to multiple systems. Western Digital has shut down several of its services after discovering a security breach, the company disclosed that an unauthorized party gained access to multiple systems. “Western Digital is currently experiencing a service outage impacting the following […]

The post Western Digital took its services offline due to a security breach appeared first on Security Affairs.

April 3, 2023
0 comment
Read More >>

Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover

Microsoft addressed a misconfiguration flaw in the Azure Active Directory (AAD) identity and access management service. Microsoft has addressed a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed multiple Microsoft applications, including the Bing management portal, to unauthorized access. The vulnerability was discovered by Wiz Research which determined […]

The post Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover appeared first on Security Affairs.

April 3, 2023
0 comment
Read More >>

Moobot botnet spreads by targeting Cacti and RealTek flaws

The Moobot botnet is actively exploiting critical vulnerabilities in Cacti, and Realtek in attacks in the wild. FortiGuard Labs researchers observed an ongoing hacking campaign targeting Cacti (CVE-2022-46169) and Realtek (CVE-2021-35394) vulnerabilities to spread ShellBot and Moobot malware. The ShellBot, also known as PerlBot, is a Perl-based DDoS bot that uses IRC protocol for C2 communications. The […]

The post Moobot botnet spreads by targeting Cacti and RealTek flaws appeared first on Security Affairs.

April 3, 2023
0 comment
Read More >>

Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. LockBit leaks data stolen from the South Korean National Tax Service Italy’s Data Protection Authority […]

The post Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition appeared first on Security Affairs.

April 2, 2023
0 comment
Read More >>

Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns

Italy’s data protection agency is temporarily blocking the popular chatbot ChatGPT due to a possible violation of the European data privacy regulation. The Italian Data Protection Authority, Garante Privacy, has temporarily banned ChatGPT due to the illegal collection of personal data and the absence of systems for verifying the age of minors. The Authority pointed out that […]

The post Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns appeared first on Security Affairs.

April 1, 2023
0 comment
Read More >>

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog. Five of the issues added by CISA to its catalog are part of the exploits used by surveillance […]

The post CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

April 1, 2023
0 comment
Read More >>