Security News

VMware warns of critical code execution bugs in vRealize Log Insight

A critical vulnerability in VMware vRealize Log Insight appliance can allow an unauthenticated attacker to take full control of a target system. VMware addressed multiple vulnerabilities, tracked as CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, and CVE-2022-31711, in its vRealize Log Insight appliance. VRealize Log Insight is a log collection and analytics virtual appliance that enables administrators to collect, view, […]

The post VMware warns of critical code execution bugs in vRealize Log Insight appeared first on Security Affairs.

January 25, 2023
0 comment
Read More >>

Pakistan hit by nationwide power outage, is it the result of a cyber attack?

Pakistan suffered a nationwide blackout, local authorities are investigating the cause and suspect it was the result of a cyberattack. On Monday, a nationwide blackout in Pakistan left millions of people in the darkness, and the authorities are investigating if it was caused by a cyberattack. The power outage impacted all the major cities in […]

The post Pakistan hit by nationwide power outage, is it the result of a cyber attack? appeared first on Security Affairs.

January 25, 2023
0 comment
Read More >>

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

GoTo is notifying customers that its development environment was breached in November 2022, attackers stole customers’ backups and encryption key. GoTo, formerly LogMeIn Inc, is a flexible-work provider of software as a service (SaaS) and cloud-based remote work tools for collaboration and IT management, The company is warning customers that threat actors breached its development environment in November 2022 and stole encrypted […]

The post GoTo revealed that threat actors stole customers’ backups and encryption key for some of them appeared first on Security Affairs.

January 24, 2023
0 comment
Read More >>

FBI confirms that North Korea-linked Lazarus APT is behind Harmony Horizon Bridge $100 million cyber heist

The U.S. FBI attributes the $100 million cyber heist against Harmony Horizon Bridge to North Korea-linked Lazarus APT. The U.S. Federal Bureau of Investigation (FBI) this week confirmed that in June 2022 the North Korea-linked Lazarus APT group and APT38 stole $100 million worth of cryptocurrency assets from the Blockchain company Harmony Horizon Bridge. “The FBI continues […]

The post FBI confirms that North Korea-linked Lazarus APT is behind Harmony Horizon Bridge $100 million cyber heist appeared first on Security Affairs.

January 24, 2023
0 comment
Read More >>

CISA added Zoho ManageEngine RCE (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog

US CISA added the Zoho ManageEngine RCE vulnerability CVE-2022-47966 to its Known Exploited Vulnerabilities Catalog. The US CISA added the Zoho ManageEngine remote code execution flaw (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The […]

The post CISA added Zoho ManageEngine RCE (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs.

January 24, 2023
0 comment
Read More >>

Massive Ad fraud scheme VASTFLUX targeted over 11 million devices

Researchers dismantled a sophisticated ad fraud scheme, dubbed VASTFLUX, that targeted more than 11 million devices. HUMAN’s Satori Threat Intelligence and Research Team dismantled a sophisticated ad fraud operation dubbed VASTFLUX. The name VASTFLUX comes from the evasion technique “fast flux” and VAST, the Digital Video Ad Serving Template that was abused by threat actors in this fraudulent scheme. The researchers […]

The post Massive Ad fraud scheme VASTFLUX targeted over 11 million devices appeared first on Security Affairs.

January 23, 2023
0 comment
Read More >>

Video game firm Riot Games hacked, now it faces problems to release content

Video game developer and publisher Riot Games announced that it will delay the release of game patches after a security incident. Riot Games is an American video game developer, publisher and esports tournament organizer known for the creation of the popular games League of Legends and Valorant. Last week threat actors hacked the company’s systems in its development environment, Riot Games […]

The post Video game firm Riot Games hacked, now it faces problems to release content appeared first on Security Affairs.

January 23, 2023
0 comment
Read More >>

Expert found critical flaws in OpenText Enterprise Content Management System

The OpenText enterprise content management (ECM) system is affected by multiple vulnerabilities, including a critical RCE. Armin Stock (Atos), researcher at cybersecurity firm Sec Consult, discovered multiple vulnerabilities in the OpenText enterprise content management (ECM) product. OpenText Extended ECM is an enterprise CMS platform that manages the information lifecycle by integrating with leading enterprise applications, […]

The post Expert found critical flaws in OpenText Enterprise Content Management System appeared first on Security Affairs.

January 22, 2023
0 comment
Read More >>

Roaming Mantis uses new DNS changer in its Wroba mobile malware

Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings. Roaming Mantis surfaced in March 2018 when hacked routers in Japan to […]

The post Roaming Mantis uses new DNS changer in its Wroba mobile malware appeared first on Security Affairs.

January 22, 2023
0 comment
Read More >>