Information Security News

QNAP fixed Sudo privilege escalation bug in NAS devices

Taiwanese vendor QNAP warns customers to patch a high-severity Sudo privilege escalation bug affecting NAS devices. Taiwanese vendor QNAP warns customers to update their network-attached storage (NAS) devices to address a high-severity Sudo privilege escalation vulnerability tracked as CVE-2023-22809. The company states that the vulnerability affects QTS, QuTS hero, QuTScloud, and QVP (QVR Pro appliances) […]

The post QNAP fixed Sudo privilege escalation bug in NAS devices appeared first on Security Affairs.

March 30, 2023
0 comment
Read More >>

Australia’s Casino Giant Crown Resorts disclosed data breach after Clop ransomware attack

Australia’s gambling and entertainment giant Crown Resorts, disclosed a data breach caused by the exploitation of recently discovered GoAnywhere zero-day. Australian casino giant Crown Resorts disclosed a data breach after the attack of the Cl0p ransomware group. The group claims to have stolen sensitive data from over 130 organizations by exploiting a zero-day vulnerability (CVE-2023-0669) […]

The post Australia’s Casino Giant Crown Resorts disclosed data breach after Clop ransomware attack appeared first on Security Affairs.

March 29, 2023
0 comment
Read More >>

OpenAI quickly fixed account takeover bugs in ChatGPT

OpenAI addressed multiple severe vulnerabilities in the popular chatbot ChatGPT that could have been exploited to take over accounts. OpenAI addressed multiple severe vulnerabilities in ChatGPT that could have allowed attackers to take over user accounts and view chat histories. One of the issues was a “Web Cache Deception” vulnerability reported that could lead to […]

The post OpenAI quickly fixed account takeover bugs in ChatGPT appeared first on Security Affairs.

March 29, 2023
0 comment
Read More >>

Google TAG shares details about exploit chains used to install commercial spyware

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. The experts pointed out that both campaigns were limited and highly targeted. The threat actors behind […]

The post Google TAG shares details about exploit chains used to install commercial spyware appeared first on Security Affairs.

March 29, 2023
0 comment
Read More >>

Clipper attacks use Trojanized TOR Browser installers

Researchers discovered malware-laced installers for the TOR browser that is spreading clipper malware in Russia and Eastern Europe. Kaspersky researchers discovered a Trojanized version of the Tor Browser that is spreading a clipper malware in Russia and Eastern Europe. The attackers take advantage of the fact that the official Tor Project has been banned in […]

The post Clipper attacks use Trojanized TOR Browser installers appeared first on Security Affairs.

March 29, 2023
0 comment
Read More >>

Toyota Italy accidentally leaked sensitive data

Toyota Italy accidentally leaked sensitive data for more than one-and-a-half years, until this March, CyberNews reported. A Japanese multinational accidentally leaked access to its marketing tools, enabling attackers to launch phishing campaigns against its vast pool of customers in Italy. Toyota Italy accidentally leaked sensitive data for more than one-and-a-half years, until this March. Namely, […]

The post Toyota Italy accidentally leaked sensitive data appeared first on Security Affairs.

March 29, 2023
0 comment
Read More >>

Bitter APT group targets China’s nuclear energy sector 

Intezer researchers reported that a South Asian espionage group, tracked as Bitter, is targeting the Chinese nuclear energy industry. Intezer researchers uncovered a cyberespionage campaign targeting the Chinese nuclear energy sector, they linked it to the Bitter APT group. The Bitter APT group is a South Asian cyberespionage group active since at least 2021. The group […]

The post Bitter APT group targets China’s nuclear energy sector  appeared first on Security Affairs.

March 29, 2023
0 comment
Read More >>

Latitude Data breach is worse than initially estimated. 14 million individuals impacted

Australian loan giant Latitude Financial Services (Latitude) revealed that a data breach its has suffered impacted 14 million customers. The data breach suffered by Latitude Financial Services (Latitude) is much more serious than initially estimated. The company initially determined that the number of impacted individuals was 328,000, but now confirmed that the real number of […]

The post Latitude Data breach is worse than initially estimated. 14 million individuals impacted appeared first on Security Affairs.

March 28, 2023
0 comment
Read More >>

Europol warns of criminal use of ChatGPT

Europol warns of cybercriminal organizations can take advantage of systems based on artificial intelligence like ChatGPT. EU police body Europol warned about the potential abuse of systems based on artificial intelligence, such as the popular chatbot ChatGPT, for cybercriminal activities. Cybercriminal groups can use chatbot like ChatGPT in social engineering attacks, disinformation campaigns, and other […]

The post Europol warns of criminal use of ChatGPT appeared first on Security Affairs.

March 28, 2023
0 comment
Read More >>

Telecom giant Lumen suffered a ransomware attack and disclose a second incident

Telecommunications giant Lumen Technologies discovered two cybersecurity incidents, including a ransomware attack. In a filing to the Securities and Exchange Commission, on March 27, 2023, Lumen announced two cybersecurity incidents. One of the incidents is a ransomware attack that impacted a limited number of its servers that support a segmented hosting service. The company did […]

The post Telecom giant Lumen suffered a ransomware attack and disclose a second incident appeared first on Security Affairs.

March 28, 2023
0 comment
Read More >>