Security News

VMware NSX Manager bugs actively exploited in the wild since December

Security researchers warn of hacking attempts in the wild exploiting critical vulnerabilities in VMware NSX Manager. Cyber security firm Wallarm is warning of ongoing attacks exploiting the critical flaws, tracked as CVE-2021-39144 (CVSS score of 9.8) and CVE-2022-31678 (CVSS score of 9.1), in VMware NSX Manager. VMware NSX is a network virtualization solution that is […]

The post VMware NSX Manager bugs actively exploited in the wild since December appeared first on Security Affairs.

March 8, 2023
0 comment
Read More >>

SYS01 stealer targets critical government infrastructure

Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. Cybersecurity researchers from Morphisec discovered a new, advanced information stealer, dubbed SYS01 stealer, that since November 2022 was employed in attacks aimed at critical government infrastructure employees, manufacturing companies, and other sectors. The experts found similarities between the SYS01 stealer and another […]

The post SYS01 stealer targets critical government infrastructure appeared first on Security Affairs.

March 8, 2023
0 comment
Read More >>

Acer discloses a new data breach, 160 GB of sensitive data available for sale

Taiwanese multinational hardware and electronics corporation Acer discloses a data breach after a threat actor claimed the hack of the company. Recently a threat actor announced the availability for sale of 160 GB of data allegedly stolen from the Taiwanese multinational hardware and electronics corporation Acer. The threat actor announced the hack on a popular cybercrime forum, he claims […]

The post Acer discloses a new data breach, 160 GB of sensitive data available for sale appeared first on Security Affairs.

March 7, 2023
0 comment
Read More >>

Expert released PoC exploit code for critical Microsoft Word RCE flaw

Security researcher released a proof-of-concept exploit code for a critical flaw, tracked as CVE-2023-21716, in Microsoft Word. Security researcher Joshua Drake released a proof-of-concept for a critical vulnerability, tracked as CVE-2023-21716 (CVSS score 9.8 out of 10), in Microsoft Word. The vulnerability can be exploited by a remote attacker to execute arbitrary code on a […]

The post Expert released PoC exploit code for critical Microsoft Word RCE flaw appeared first on Security Affairs.

March 7, 2023
0 comment
Read More >>

LastPass hack caused by an unpatched Plex software on an employee’s PC

The LastPass data breach was caused by the failure to update Plex on the home computer of one of the company updates. The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers. Recently, the password management software firm disclosed a “second attack,” […]

The post LastPass hack caused by an unpatched Plex software on an employee’s PC appeared first on Security Affairs.

March 7, 2023
0 comment
Read More >>

US government orders States to conduct cyber security audits of public water systems

The US government urges cyber security audits of public water systems, highlighting the importance to secure US critical infrastructure. The Biden administration announced on Friday that it will make it mandatory for the states to conduct cyber security audits of public water systems. Water systems are critical infrastructures that are increasingly exposed to the risk […]

The post US government orders States to conduct cyber security audits of public water systems appeared first on Security Affairs.

March 6, 2023
0 comment
Read More >>

Hatch Bank data breach caused by the exploitation of the GoAnywhere MFT zero-day

Fintech platform Hatch Bank disclosed a data breach, hackers exploited a recently discovered zero-day in Fortra GoAnywhere MFT secure file-sharing platform. Hatch Bank is a fintech firm that provides services to other fintech companies. The company disclosed a data breach and revealed that the attackers have exploited a recently discovered zero-day vulnerability in the company’s […]

The post Hatch Bank data breach caused by the exploitation of the GoAnywhere MFT zero-day appeared first on Security Affairs.

March 6, 2023
0 comment
Read More >>

Colour-Blind, a fully featured info stealer and RAT in PyPI

Experts discovered a fully featured information stealer, tracked as ‘Colour-Blind’ in the Python Package Index (PyPI). Researchers from Kroll’s Cyber Threat Intelligence team discovered a malicious Python package uploaded to the Python Package Index (PyPI) that contained a fully-featured information stealer and remote access trojan tracked as Colour-Blind. Below is the list of capabilities supported […]

The post Colour-Blind, a fully featured info stealer and RAT in PyPI appeared first on Security Affairs.

March 6, 2023
0 comment
Read More >>

Credential Stuffing attack on Chick-fil-A impacted +71K users

American fast-food restaurant chain Chick-fil-A reported that the accounts of over 71K users were compromised as a result of a credential stuffing campaign. The American fast-food restaurant chain Chick-fil-A notified over 71K users that their accounts have been compromised in a credential stuffing campaign that lasted at least two months. Upon discovering the attack, the […]

The post Credential Stuffing attack on Chick-fil-A impacted +71K users appeared first on Security Affairs.

March 5, 2023
0 comment
Read More >>

Play Ransomware gang has begun to leak data stolen from City of Oakland

The Play ransomware gang has finally begun to leak the data stolen from the City of Oakland in a recent attack. The Play ransomware gang has begun to leak data they have stolen from the City of Oakland (California) in a recent cyberattack. Oakland is the largest city in the East Bay region of the […]

The post Play Ransomware gang has begun to leak data stolen from City of Oakland appeared first on Security Affairs.

March 5, 2023
0 comment
Read More >>