Security News

A “By-Design” flaw in Microsoft Azure can allow storage accounts takeover

A flaw in Microsoft Azure could be exploited by attackers to gain access to storage accounts, perform lateral movements, and even execute remote code. Researchers from the security firm Orca demonstrated how to abuse Microsoft Azure Shared Key authorization to gain full access to storage accounts and potentially critical business assets. The issue can also […]

The post A “By-Design” flaw in Microsoft Azure can allow storage accounts takeover appeared first on Security Affairs.

April 11, 2023
0 comment
Read More >>

Yum! Brands, the owner of KFC, Taco Bell and Pizza Hut, discloses data breach

Yum! Brands, the company that owns the KFC, Pizza Hut, and Taco Bell brands, disclosed a data breach after the January ransomware attack. On January 13, 2023, Yum! Brands suffered a cyberattack that forced the company to take its systems offline closing roughly 300 restaurants in the UK for one day. Now the company, which owns the […]

The post Yum! Brands, the owner of KFC, Taco Bell and Pizza Hut, discloses data breach appeared first on Security Affairs.

April 11, 2023
0 comment
Read More >>

Apple released emergency updates to fix recently disclosed zero-day bugs on older devices

Apple released updates to backport patches addressing two actively exploited zero-day vulnerabilities in older iPhones, iPads, and Macs. Apple has released emergency updates to backport security patches that address two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs. On April 7, 2023, Apple has released emergency security updates to address two actively exploited zero-day […]

The post Apple released emergency updates to fix recently disclosed zero-day bugs on older devices appeared first on Security Affairs.

April 11, 2023
0 comment
Read More >>

A cyber attack hit the water controllers for irrigating fields in the Jordan Valley

A cyber attack paralyzed the water controllers for irrigating fields in the Jordan Valley that are operated by the Galil Sewage Corporation. A cyberattack blocked several controllers for irrigating fields in the Jordan Valley. The systems operated by the Galil Sewage Corporation monitor the irrigation process and wastewater treatment in the Jordan Valley. The company experts […]

The post A cyber attack hit the water controllers for irrigating fields in the Jordan Valley appeared first on Security Affairs.

April 11, 2023
0 comment
Read More >>

CISA adds zero-day bugs in iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog

US Cybersecurity and Infrastructure Security Agency (CISA) added two flaws in iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog: This week Apple has released emergency security updates to address the above actively exploited zero-day […]

The post CISA adds zero-day bugs in iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

April 10, 2023
0 comment
Read More >>

SD Worx shuts down UK and Ireland services after cyberattack

Belgian HR giant SD Worx was forced to shut down its IT infrastructure for its UK and Ireland services after a cyber attack. HR and payroll management firm SD Worx shut down its IT systems for its UK and Ireland services after a cyber attack. The company employs more than 7,000 HR professionals and serves over […]

The post SD Worx shuts down UK and Ireland services after cyberattack appeared first on Security Affairs.

April 10, 2023
0 comment
Read More >>

Sophos patches three issues in the Sophos Web Security appliance, one of them rated as critical

Sophos addressed three vulnerabilities in Sophos Web Appliance, including a critical flaw that can lead to code execution. Cybersecurity vendor Sophos addressed three vulnerabilities in Sophos Web Appliance, including a critical flaw, tracked as CVE-2023-1671 (CVSS score of 9.8), that can lead to code execution. The CVE-2023-1671 flaw is a pre-auth command injection issue that […]

The post Sophos patches three issues in the Sophos Web Security appliance, one of them rated as critical appeared first on Security Affairs.

April 10, 2023
0 comment
Read More >>

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Iran-linked APT group MERCURY is behind destructive attacks on hybrid environments masquerading as a ransomware operation. The Microsoft Threat Intelligence team observed a series of destructive attacks on hybrid environments that were carried out by MuddyWater APT group (aka MERCURY). Threat actors masqueraded the attacks as a standard ransomware operation. MERCURY (aka MuddyWater, SeedWorm and TEMP.Zagros) has been active since […]

The post Iran-linked MERCURY APT behind destructive attacks on hybrid environments appeared first on Security Affairs.

April 10, 2023
0 comment
Read More >>

Samsung employees unwittingly leaked company secret data by using ChatGPT

Samsung employees have unwittingly leaked top secret data by providing them to the popular chatbot service ChatGPT. Samsung employees have shared internal documents, including meeting notes and source code, with the popular chatbot service ChatGPT. ChatGPT uses data provided by the users to train itself and build its experience, with the risk that this data […]

The post Samsung employees unwittingly leaked company secret data by using ChatGPT appeared first on Security Affairs.

April 10, 2023
0 comment
Read More >>

Researchers disclose critical sandbox escape bug in vm2 sandbox library

The development team behind the vm2 JavaScript sandbox library addressed a critical Remote Code Execution vulnerability. The developers behind the vm2 JavaScript sandbox module have addressed a critical vulnerability, tracked as CVE-2023-29017 (CVSS score 9.8), that could be exploited to execute arbitrary shellcode. vm2 is a sandbox that can run untrusted code in an isolated context […]

The post Researchers disclose critical sandbox escape bug in vm2 sandbox library appeared first on Security Affairs.

April 9, 2023
0 comment
Read More >>