More results...
Analyzing the concept of API management (APIM), its benefits, and what it will look like as the API landscape continues to evolve. There are two fundamental truths in the API landscape. So, where does this leave businesses that want to leverage the power of APIs? For starters, they need to invest in an API security […]
The post API management (APIM): What It Is and Where It’s Going appeared first on Security Affairs.
Experts warn of a high-severity vulnerability that affects F5 BIG-IP that can lead to arbitrary code execution or DoS condition. A high-severity vulnerability in F5 BIG-IP, tracked as CVE-2023-22374, can be exploited to cause a DoS condition and potentially lead to arbitrary code execution. “A format string vulnerability exists in iControl SOAP that allows an […]
The post A High-severity bug in F5 BIG-IP can lead to code execution and DoS appeared first on Security Affairs.
Censys found 30,000 internet-facing QNAP appliances potentially impacted by a recently disclosed critical code injection flaw. On January 30, Taiwanese vendor QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. A remote attacker can exploit the vulnerability to inject malicious code […]
The post Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw appeared first on Security Affairs.
The Dutch National Cyber Security Centre (NCSC) confirmed that Pro-Russia group Killnet hit websites of national and European hospitals. The Dutch National Cyber Security Centre (NCSC) reported that the websites of several hospital in the Netherlands and Europe were hit by DDoS attacks carried out by pro-Russia hacking group Killnet. The group of hackers launched […]
The post Pro-Russia Killnet group hit Dutch and European hospitals appeared first on Security Affairs.
Authors of the Prolex PoS malware improved their malicious code to target contactless credit card transactions. The threat actors behind the sophisticated point-of-sale (PoS) malware Prilex have have improved its capabilities to block contactless payment transactions. Researchers from Kaspersky Lab discovered three new versions of the PoS malware designed to target credit cards using NFC technology. […]
The post New Prilex PoS Malware evolves to target NFC-enabled credit cards appeared first on Security Affairs.
Lockbit ransomware operators have released a new version of their malware, LockBit Green, that also targets cloud-based services. Lockbit ransomware operators have implemented a new version of their malware, dubbed LockBit Green, which was designed to include cloud-based services among its targets. This is the third version of the ransomware developed by the notorious gang, […]
The post New LockBit Green ransomware variant borrows code from Conti ransomware appeared first on Security Affairs.
Researchers from Resecurity have identified a new version of Nevada Ransomware which recently emerged on the Dark Web right before the start of 2023. Resecurity, California-based cybersecurity company protecting Fortune 500 globally, has identified a new version of Nevada Ransomware which recently emerged on the Dark Web right before the start of 2023. The actors […]
The post <strong>Nevada Ransomware Has Released Upgraded Locker</strong> appeared first on Security Affairs.
TrickGate is a shellcode-based packer offered as a service to malware authors to avoid detection, CheckPoint researchers reported. TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. A packer (aka “Crypter” and “FUD”) implements a series of functionalities to make it harder for […]
The post TrickGate, a packer used by malware to evade detection since 2016 appeared first on Security Affairs.
IT Army of Ukraine claims to have breached the infrastructure of the Russian energy giant Gazprom and had access to a 1.5 GB archive. The collective IT Army of Ukraine announced it has gained access to a 1.5 GB archive belonging to the Russian energy giant Gazprom. The group of hacktivists announced the hack on […]
The post IT Army of Ukraine gained access to a 1.5GB archive from Gazprom appeared first on Security Affairs.
Horizon3 security researchers released proof-of-concept (PoC) code for VMware vRealize Log Insight RCE vulnerability CVE-2022-31706. Last week, researchers from Horizon3’s Attack Team announced the release of PoC exploit code for remote code execution in VMware vRealize Log tracked as CVE-2022-31706 (CVSS base 9.8/10). The PoC exploit code will trigger a series of flaws in VMware […]
The post Experts released VMware vRealize Log RCE exploit for CVE-2022-31706 appeared first on Security Affairs.