Security News

Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M

The Cyber Police of Ukraine, with law enforcement officials from Czechia, has arrested several members of a gang responsible for $4.33 million scam. The Cyber Police of Ukraine, with the support of law enforcement officials from the Czech Republic, has arrested several members of a cybercriminal ring that defrauded EU citizens of $4.33 million with […]

The post Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M appeared first on Security Affairs.

March 31, 2023
0 comment
Read More >>

Russian APT group Winter Vivern targets email portals of NATO and diplomats

Russian hacking group Winter Vivern has been actively exploiting Zimbra flaws to steal the emails of NATO and diplomats. A Russian hacking group, tracked Winter Vivern (aka TA473), has been actively exploiting vulnerabilities (CVE-2022-27926) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. The CVE-2022-27926 flaw […]

The post Russian APT group Winter Vivern targets email portals of NATO and diplomats appeared first on Security Affairs.

March 31, 2023
0 comment
Read More >>

Super FabriXss vulnerability in Microsoft Azure SFX could lead to RCE

Researchers shared details about a flaw, dubbed Super FabriXss, in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution. Researchers from Orca Security shared details about a new vulnerability, dubbed Super FabriXss (CVE-2023-23383 – CVSS score: 8.2), in Azure. The experts demonstrated how to escalate a reflected XSS vulnerability in Azure Service […]

The post Super FabriXss vulnerability in Microsoft Azure SFX could lead to RCE appeared first on Security Affairs.

March 31, 2023
0 comment
Read More >>

New AlienFox toolkit harvests credentials for tens of cloud services

AlienFox is a novel comprehensive toolset for harvesting credentials for multiple cloud service providers, SentinelLabs reported. AlienFox is a new modular toolkit that allows threat actors to harvest credentials for multiple cloud service providers. AlienFox is available for sale and is primarily distributed on Telegram in the form of source code archives. Some modules are […]

The post New AlienFox toolkit harvests credentials for tens of cloud services appeared first on Security Affairs.

March 30, 2023
0 comment
Read More >>

3CX voice and video conferencing software victim of a supply chain attack

Popular voice and video conferencing software 3CX was the victim of a supply chain attack, SentinelOne researchers reported. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular software as […]

The post 3CX voice and video conferencing software victim of a supply chain attack appeared first on Security Affairs.

March 30, 2023
0 comment
Read More >>

New Mélofée Linux malware linked to Chinese APT groups

Exatrack researchers warn of an unknown China-linked hacking group that has been linked to a new Linux malware, dubbed Mélofée. Cybersecurity researchers from ExaTrack recently discovered a previously undetected malware family, dubbed Mélofée, targeting Linux servers. The researchers linked with high-confidence this malware to China-linked APT groups, in particular the Winnti group. The Mélofée malware includes a […]

The post New Mélofée Linux malware linked to Chinese APT groups appeared first on Security Affairs.

March 30, 2023
0 comment
Read More >>

QNAP fixed Sudo privilege escalation bug in NAS devices

Taiwanese vendor QNAP warns customers to patch a high-severity Sudo privilege escalation bug affecting NAS devices. Taiwanese vendor QNAP warns customers to update their network-attached storage (NAS) devices to address a high-severity Sudo privilege escalation vulnerability tracked as CVE-2023-22809. The company states that the vulnerability affects QTS, QuTS hero, QuTScloud, and QVP (QVR Pro appliances) […]

The post QNAP fixed Sudo privilege escalation bug in NAS devices appeared first on Security Affairs.

March 30, 2023
0 comment
Read More >>

Australia’s Casino Giant Crown Resorts disclosed data breach after Clop ransomware attack

Australia’s gambling and entertainment giant Crown Resorts, disclosed a data breach caused by the exploitation of recently discovered GoAnywhere zero-day. Australian casino giant Crown Resorts disclosed a data breach after the attack of the Cl0p ransomware group. The group claims to have stolen sensitive data from over 130 organizations by exploiting a zero-day vulnerability (CVE-2023-0669) […]

The post Australia’s Casino Giant Crown Resorts disclosed data breach after Clop ransomware attack appeared first on Security Affairs.

March 29, 2023
0 comment
Read More >>

OpenAI quickly fixed account takeover bugs in ChatGPT

OpenAI addressed multiple severe vulnerabilities in the popular chatbot ChatGPT that could have been exploited to take over accounts. OpenAI addressed multiple severe vulnerabilities in ChatGPT that could have allowed attackers to take over user accounts and view chat histories. One of the issues was a “Web Cache Deception” vulnerability reported that could lead to […]

The post OpenAI quickly fixed account takeover bugs in ChatGPT appeared first on Security Affairs.

March 29, 2023
0 comment
Read More >>

Google TAG shares details about exploit chains used to install commercial spyware

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. The experts pointed out that both campaigns were limited and highly targeted. The threat actors behind […]

The post Google TAG shares details about exploit chains used to install commercial spyware appeared first on Security Affairs.

March 29, 2023
0 comment
Read More >>