Security News

Hundreds of thousands of websites hacked as part of redirection campaign

Thousands of Websites Hijacked Using Compromised FTP Credentials Researchers reported that threat actors compromised thousands of websites using legitimate FTP credentials to hijack traffic. Cybersecurity firm Wiz reported that since early September 2022, threat actors compromised tens of thousands of websites aimed at East Asian audiences to redirect hundreds of thousands of their users to […]

The post Hundreds of thousands of websites hacked as part of redirection campaign appeared first on Security Affairs.

March 3, 2023
0 comment
Read More >>

MQsTTang, a new backdoor used by Mustang Panda APT against European entities

China-Linked Mustang Panda APT employed MQsTTang backdoor as part of an ongoing campaign targeting European entities. China-linked Mustang Panda APT group has been observed using a new backdoor, called MQsTTang, in attacks aimed at European entities. The hacking campaign began in January 2023, ESET researchers pointed out that the custom backdoor MQsTTang is not based on existing families […]

The post MQsTTang, a new backdoor used by Mustang Panda APT against European entities appeared first on Security Affairs.

March 3, 2023
0 comment
Read More >>

Trusted Platform Module (TPM) 2.0 flaws could impact billions of devices

Two vulnerabilities affecting the Trusted Platform Module (TPM) 2.0 library could potentially lead to information disclosure or privilege escalation. The Trusted Computing Group (TCG) is warning of two vulnerabilities affecting the implementations of the Trusted Platform Module (TPM) 2.0 that could potentially lead to information disclosure or privilege escalation. The Trusted Platform Module (TPM) technology […]

The post Trusted Platform Module (TPM) 2.0 flaws could impact billions of devices appeared first on Security Affairs.

March 3, 2023
0 comment
Read More >>

The U.S. CISA and FBI warn of Royal ransomware operation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of the capabilities of the recently emerged Royal ransomware. The human-operated Royal ransomware first appeared on the threat landscape in September 2022, it has demanded ransoms up to millions of dollars. Unlike other ransomware operations, Royal doesn’t offer Ransomware-as-a-Service, it appears to be a private group without […]

The post The U.S. CISA and FBI warn of Royal ransomware operation appeared first on Security Affairs.

March 3, 2023
0 comment
Read More >>

Retailer WH Smith discloses data breach after a cyberattack

Retailer WH Smith disclosed a data breach following a cyber attack, threat actors had access to access company data. Retailer WH Smith revealed that threat actors have breached its infrastructure and had access to the data of about 12,500 current and former employees. The company immediately launched an investigation into the incident with the help […]

The post Retailer WH Smith discloses data breach after a cyberattack appeared first on Security Affairs.

March 3, 2023
0 comment
Read More >>

GunAuction site was hacked and data of 565k accounts were exposed

Hackers compromised the website GunAuction.com, a website that allows people to buy and sell guns, and stole users’ data. Hackers have compromised GunAuction.com, a website that allows people to buy and sell guns, TechCrunch reported. The attackers have stolen sensitive personal data from more than 550,000 users. Compromised customers’ data include full names, home addresses, email […]

The post GunAuction site was hacked and data of 565k accounts were exposed appeared first on Security Affairs.

March 3, 2023
0 comment
Read More >>

Cryptojacking campaign targets insecure deployments of Redis servers

Researchers from Cado Security discovered a cryptojacking campaign targeting misconfigured Redis database servers. Cado Labs researchers recently discovered a new cryptojacking campaign targeting insecure deployments of Redis database servers. Threat actors behind this campaign used the free and open source command line file transfer service transfer.sh. The attackers likely used the legitimate transfer.sh service is an attempt […]

The post Cryptojacking campaign targets insecure deployments of Redis servers appeared first on Security Affairs.

March 2, 2023
0 comment
Read More >>

Cisco fixed a critical command injection bug in IP Phone Series

Cisco addressed a critical vulnerability, tracked as CVE-2023-20078, impacting its IP Phone 6800, 7800, 7900, and 8800 Series products. Cisco released security updates to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Series products. The flaw, tracked as CVE-2023-20078 (rated 9.8 out of 10), is a command injection issue that resides […]

The post Cisco fixed a critical command injection bug in IP Phone Series appeared first on Security Affairs.

March 2, 2023
0 comment
Read More >>

Threat actors target law firms with GootLoader and SocGholish malware

Cyber criminals are targeting law firms with GootLoader and FakeUpdates (aka SocGholish) malware families. Researchers from eSentire have foiled 10 cyberattacks targeting six different law firms throughout January and February of 2023. The firms were targeted as part of two distinct campaigns aimed at distributing GootLoader and FakeUpdates (aka SocGholish) malware. “The attacks emanated from two separate threat […]

The post Threat actors target law firms with GootLoader and SocGholish malware appeared first on Security Affairs.

March 2, 2023
0 comment
Read More >>

Canada is going to ban TikTok on government mobile devices

The Canadian government announced it will ban the video app TikTok from all government-issued devices over security concerns. Canada is going to ban the popular Chinese video-sharing app TikTok from the mobile devices of its employees over security concerns. The app will be removed from government devices this week. The app “presents an unacceptable level […]

The post Canada is going to ban TikTok on government mobile devices appeared first on Security Affairs.

March 2, 2023
0 comment
Read More >>