Hacking News

Malicious Python Package uses Unicode support to evade detection 

Researchers discovered a malicious package on PyPI that uses Unicode to evade detection while stealing sensitive data. Supply chain security firm Phylum discovered a malicious Python package on the Python Package Index (PyPI) repository that uses Unicode to evade detection and deliver information-stealing malware. The package, named onyxproxy, was uploaded to the PyPI repository on March […]

The post Malicious Python Package uses Unicode support to evade detection  appeared first on Security Affairs.

March 27, 2023
0 comment
Read More >>

Security Affairs newsletter Round 412 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites Pwn2Own Vancouver 2023 awarded $1,035,000 and […]

The post Security Affairs newsletter Round 412 by Pierluigi Paganini – International edition appeared first on Security Affairs.

March 26, 2023
0 comment
Read More >>

Microsoft shares guidance for investigating attacks exploiting CVE-2023-23397

Microsoft is warning of cyber attacks exploiting a recently patched Outlook vulnerability tracked as CVE-2023-23397 (CVSS score: 9.8). Microsoft published guidance for investigating attacks exploiting recently patched Outlook vulnerability tracked as CVE-2023-23397. The flaw is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. A remote, unauthenticated attacker can exploit the flaw to […]

The post Microsoft shares guidance for investigating attacks exploiting CVE-2023-23397 appeared first on Security Affairs.

March 26, 2023
0 comment
Read More >>

Vice Society claims attack on Puerto Rico Aqueduct and Sewer Authority

Puerto Rico Aqueduct and Sewer Authority (PRASA) is investigating a cyber attack with the help of the FBI and US CISA. The Puerto Rico Aqueduct and Sewer Authority (PRASA) is investigating a cyberattack that last week hit the agency. The agency quickly activated the incident response procedure after the attack. The attack was disclosed on […]

The post Vice Society claims attack on Puerto Rico Aqueduct and Sewer Authority appeared first on Security Affairs.

March 26, 2023
0 comment
Read More >>

NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites

The U.K. National Crime Agency (NCA) revealed that it has set up a number of fake DDoS-for-hire sites to infiltrate the online criminal underground. The UK National Crime Agency announced it has infiltrated the online criminal marketplace by setting up several sites purporting to offer DDoS-for-hire services. DDoS-for-hire or ‘booter’ services allows registered users to […]

The post NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites appeared first on Security Affairs.

March 25, 2023
0 comment
Read More >>

CISA announced the Pre-Ransomware Notifications initiative

The US Cybersecurity and Infrastructure Security Agency (CISA) announced the Pre-Ransomware Notifications service to help organizations stop ransomware attacks before damage occurs. The US Cybersecurity and Infrastructure Security Agency announced a new Pre-Ransomware Notification initiative that aims at alerting organizations of early-stage ransomware attacks. The principle behind the initiative is simple, ransomware actors initially gain access […]

The post CISA announced the Pre-Ransomware Notifications initiative appeared first on Security Affairs.

March 25, 2023
0 comment
Read More >>

China-linked hackers target telecommunication providers in the Middle East

Researchers reported that China-linked hackers targeted telecommunication providers in the Middle East in the first quarter of 2023. In the first quarter of 2023, SentinelLabs researchers spotted the initial phases of attacks against telecommunication providers in the Middle East. According to the researchers, the activity is part of the Operation Soft Cell that was first […]

The post China-linked hackers target telecommunication providers in the Middle East appeared first on Security Affairs.

March 25, 2023
0 comment
Read More >>

City of Toronto is one of the victims hacked by Clop gang using GoAnywhere zero-day

Clop ransomware gang added the City of Toronto to the list of its victims, it is another organization compromised by exploiting GoAnywhere zero-day. Clop ransomware gang added the City of Toronto to the list of victims published on its Tor leak site. The City was targeted as part of a campaign exploiting the recently disclosed zero-day vulnerability in […]

The post City of Toronto is one of the victims hacked by Clop gang using GoAnywhere zero-day appeared first on Security Affairs.

March 24, 2023
0 comment
Read More >>

Pwn2Own Vancouver 2023 Day 2: Microsoft Teams, Oracle VirtualBox, and Tesla hacked

On the second day of Pwn2Own Vancouver 2023, the organization awarded $475,000 for 10 unique zero-day vulnerabilities. On the second day of Pwn2Own Vancouver 2023, the organization awarded $475,000 for 10 unique zero-day vulnerabilities, bringing the total awarded to $850,000! The bug hunters demonstrated zero-day attacks against the Oracle VirtualBox virtualization platform, Microsoft Teams, Tesla […]

The post Pwn2Own Vancouver 2023 Day 2: Microsoft Teams, Oracle VirtualBox, and Tesla hacked appeared first on Security Affairs.

March 24, 2023
0 comment
Read More >>

A million at risk from user data leak at Korean beauty platform PowderRoom

South Korean beauty content platform, PowderRoom, has leaked the personal information of nearly one million people. The Cybernews research team discovered that the South Korean social platform, powderroom.co.kr – which markets itself as the nation’s biggest beauty community – was leaking the private data of a million users. The platform exposed full names, phone numbers, […]

The post A million at risk from user data leak at Korean beauty platform PowderRoom appeared first on Security Affairs.

March 24, 2023
0 comment
Read More >>