Information Security News

US CISA adds MS Exchange bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog

US CISA added Microsoft Exchange elevation of privileges bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The first issue, tracked as CVE-2022-41080, is a Microsoft Exchange server privilege escalation vulnerability. The issue can be chained with CVE-2022-41082 (ProxyNotShell) to […]

The post US CISA adds MS Exchange bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs.

January 11, 2023
0 comment
Read More >>

Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day

Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day. Microsoft Patch Tuesday security updates for January 2023 addressed a total of 98 vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; .NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows […]

The post Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day appeared first on Security Affairs.

January 11, 2023
0 comment
Read More >>

StrongPity APT spreads backdoored Android Telegram app via fake Shagle site

The StrongPity APT group targeted Android users with a trojanized version of the Telegram app served through a website impersonating a video chat service called Shagle. ESET researchers reported that StrongPity APT group targeted Android users with a trojanized version of the Telegram app. The campaign has been active since November 2021, threat actors served the malicious app […]

The post StrongPity APT spreads backdoored Android Telegram app via fake Shagle site appeared first on Security Affairs.

January 11, 2023
0 comment
Read More >>

Zoom Rooms was affected by four “high” severity vulnerabilities

Zoom addressed four “high” severity vulnerabilities impacting its popular videoconferencing software Zoom Rooms. Zoom addressed four “high” severity vulnerabilities impacting its videoconferencing platform Zoom Rooms. Below are the details for the bugs addressed by the company: CVE-2022-36930 (CVSS Score 8.2) – Local Privilege Escalation in Rooms for Windows Installers. The issue affects Rooms for Windows […]

The post Zoom Rooms was affected by four “high” severity vulnerabilities appeared first on Security Affairs.

January 10, 2023
0 comment
Read More >>

Remote code execution bug discovered in the popular JsonWebToken library

The open-source jsonwebtoken (JWT) library is affected by a high-severity security flaw that could lead to remote code execution. The open-source JsonWebToken (JWT) library is affected by a high-severity security flaw, tracked as CVE-2022-23529 (CVSS score: 7.6), that could lead to remote code execution. The package is maintained by Auth0, it had over 9 million weekly downloads […]

The post Remote code execution bug discovered in the popular JsonWebToken library appeared first on Security Affairs.

January 10, 2023
0 comment
Read More >>

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL

Kinsing cryptojacking operators are exploiting misconfigured and exposed PostgreSQL servers to access Kubernetes environments. Researchers at Microsoft Defender for Cloud observed threat actors behind the Kinsing cryptojacking operation using two methods to gain initial access in Kubernetes environments: exploitation of weakly configured PostgreSQL containers and exploiting vulnerable images. The crypto-miner Kinsing was first spotted by security firm […]

The post Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL appeared first on Security Affairs.

January 10, 2023
0 comment
Read More >>

Phishing campaign targets government institution in Moldova

The government institutions of Moldova have been hit by a wave of phishing attacks since the country offered support to Ukraine. The government institutions of Moldova have been hit by a wave of phishing attacks, threat actors sent more than 1,330 emails to accounts belonging to the country’s state services. “The Information Technology and Cyber […]

The post Phishing campaign targets government institution in Moldova appeared first on Security Affairs.

January 9, 2023
0 comment
Read More >>

Resecurity Released a Status Report on Drug Trafficking in the Dark Web (2022-2023)

Cybersecurity firm Resecurity published report on drug trafficking marketplaces currently operating in the Dark Web Resecurity, a Los Angeles-based cybersecurity and risk management provider has released an eye-opening report on drug trafficking marketplaces currently operating in the Dark Web. The report highlights a rapidly growing shadow economy, and new communication methods such as proprietary Android-based […]

The post <strong>Resecurity Released a Status Report on Drug Trafficking in the Dark Web (2022-2023)</strong> appeared first on Security Affairs.

January 9, 2023
0 comment
Read More >>

Qualcomm Snapdragon flaws impact Lenovo, Microsoft, Lenovo, and Samsung devices

Tens of software vulnerabilities affected Qualcomm firmware and impacted the devices of Microsoft, Lenovo, and Samsung. Qualcomm January 2023 security bulletin addressed 22 software vulnerabilities in its Snapdragon suite. Some of the flaws were reported by the efiXplorer Team at the firmware protection firm Binarly, Zinuo Han of OPPO Amber Security Lab, Gengjia Chen from […]

The post Qualcomm Snapdragon flaws impact Lenovo, Microsoft, Lenovo, and Samsung devices appeared first on Security Affairs.

January 9, 2023
0 comment
Read More >>

inSicurezzaDigitale launches the Dashboard Ransomware Monitor

The cybersecurity blog inSicurezzaDigitale has launched the Italian Dashboard Ransomware Monitor to analyze the principal RaaSs’ activities. Here it comes, inSicurezzaDigitale announced the Dashboard Ransomware Monitor, it is the second project after the recent presentation of the project Mastodon. The Dashboard is very easy to use and it is available via this link: ransom.insicurezzadigitale.com The […]

The post inSicurezzaDigitale launches the Dashboard Ransomware Monitor appeared first on Security Affairs.

January 9, 2023
0 comment
Read More >>