Sodinokibi Ransomware gang threatens to disclose data from Kenneth Cole fashion firm
APT41: The threat of KeyPlug against Italian industries | Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM) | Chinese actor 'Unfading Sea Haze' remained undetected for five years | A consumer-grade spyware app found in check-in systems of 3 US hotels | Critical Veeam Backup Enterprise Manager authentication bypass bug | Cybercriminals are targeting elections in India with influence
Experts discovered millions of .git folders exposed to public
Crooks manipulate GitHub's search results to distribute malware | BatBadBut flaw allowed an attacker to perform command injection on Windows | Roku disclosed a new security breach impacting 576,000 accounts | LastPass employee targeted via an audio deepfake call | TA547 targets German organizations with Rhadamanthys malware | CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulner
Google fixes fifth actively exploited Chrome zero-day this year | Russia-linked APT28 targets government Polish institutions | Citrix warns customers to update PuTTY version installed on their XenCenter system manually | Dell discloses data breach impacting millions of customers | Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs | Zscaler is investigating data breac
A flaw in LastPass password manager leaks credentials from previous site
Magento flaw exploited to deploy persistent backdoor hidden in XML | Cyberattack disrupted services at Omni Hotels & Resorts | HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks | US cancer center City of Hope: data breach impacted 827149 individuals | Ivanti fixed for 4 new issues in Connect Secure and Policy Secure | Jackson County, Missouri, discloses a ransomware attack | Goog
Dirty stream attack poses billions of Android installs at risk | ZLoader Malware adds Zeus's anti-analysis feature | Ukrainian REvil gang member sentenced to 13 years in prison | HPE Aruba Networking addressed four critical ArubaOS RCE flaws | Threat actors hacked the Dropbox Sign production environment | CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog | Panda Restaurant Group
GitHub flaw could have allowed attackers to takeover repositories of other users
BatBadBut flaw allowed an attacker to perform command injection on Windows | Roku disclosed a new security breach impacting 576,000 accounts | LastPass employee targeted via an audio deepfake call | TA547 targets German organizations with Rhadamanthys malware | CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog | US CISA published an alert on the Sisense data
Microsoft provides mitigation for actively exploited CVE-2020-0674 IE 0Day
Google fixes eighth actively exploited Chrome zero-day this year, the third in a month | CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog | Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors | Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns | APT41: The threat of KeyPlug against Italian industries | Critical SQL
Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684
Crooks manipulate GitHub's search results to distribute malware | BatBadBut flaw allowed an attacker to perform command injection on Windows | Roku disclosed a new security breach impacting 576,000 accounts | LastPass employee targeted via an audio deepfake call | TA547 targets German organizations with Rhadamanthys malware | CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulner
Russia-linked Energetic Bear APT behind San Francisco airport attacks
GitCaught campaign relies on Github and Filezilla to deliver multiple malware | Two students uncovered a flaw that allows to use laundry machines for free | Grandoreiro Banking Trojan is back and targets banks worldwide | Healthcare firm WebTPA data breach impacted 2.5 million individuals | Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION | North Korea-linked Kim
350M decrypted email addresses left exposed on an unsecured server
UK Ministry of Defense disclosed a third-party data breach exposing military personnel data | Law enforcement agencies identified LockBit ransomware admin and sanctioned him | MITRE attributes the recent attack to China-linked UNC5221 | Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering | City of Wichita hit by a ransomware attack | El Salvador suffered a massive
North Korea-linked Konni APT targets Russian diplomatic bodies
A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites | Akira ransomware received $42M in ransom payments from over 250 victims | DuneQuixote campaign targets the Middle East with a complex backdoor | Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION | Critical CrushFTP zero-day exploited in attacks in the wild | A French hospital was fo
250 Million Microsoft customer support records and PII exposed online
CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog | CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog | North Korea-linked Kimsuky APT attack targets victims via Messenger | Electronic prescription provider MediSecure impacted by a ransomware attack | Google fixes seventh actively exploited Chrome zero-day this year, the third in a week
Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws
CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog | North Korea-linked Kimsuky APT attack targets victims via Messenger | Electronic prescription provider MediSecure impacted by a ransomware attack | Google fixes seventh actively exploited Chrome zero-day this year, the third in a week | Santander: a data breach at a third-party provider impacted customers and employ
DarkHotel uses VPN zero-day in attacks on Chinese government agencies
MITRE released EMB3D Threat Model for embedded devices | Google fixes sixth actively exploited Chrome zero-day this year | Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware | Threat actors may have exploited a zero-day in older iPhones, Apple warns | City of Helsinki suffered a data breach | Russian hackers defaced local British news sites | Australian Firstmac L
Mozilla banned hundreds of malicious Firefox add-ons over the last weeks
North Korea-linked Kimsuky APT attack targets victims via Messenger | Electronic prescription provider MediSecure impacted by a ransomware attack | Google fixes seventh actively exploited Chrome zero-day this year, the third in a week | Santander: a data breach at a third-party provider impacted customers and employees | FBI seized the notorious BreachForums hacking forum | A Tornado Cash develope
Greek Government websites hit by DDoS attacks, it's the second time
North Korea-linked Kimsuky APT attack targets victims via Messenger | Electronic prescription provider MediSecure impacted by a ransomware attack | Google fixes seventh actively exploited Chrome zero-day this year, the third in a week | Santander: a data breach at a third-party provider impacted customers and employees | FBI seized the notorious BreachForums hacking forum | A Tornado Cash develope
Anonymous hacked Russia's Ministry of Culture and leaked 446 GB
FIN7 targeted a large U.S. carmaker with phishing attacks | Law enforcement operation dismantled phishing-as-a-service platform LabHost | Previously unknown Kapeka backdoor linked to Russian Sandworm APT | Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available | Linux variant of Cerber ransomware targets Atlassian servers | Ivanti fixed two critical flaws in its Aval
CentOS8のカーネル再構築(Linux kernel 5.7.10) - Opensourcetechブログ
LinuCエヴァンジェリストの鯨井貴博@opensourcetechです。 Linux Kernelの再構築方法の紹介です。 CentOS8のデフォルトカーネル(4.18.0-193.el8.x86_64)を新しめのカーネルにしてみます。 https://www.kernel.org/ CentOS8は、以下の状態。 カーネルのダウンロードとその展開の為に、そこそこディスクスペースが必要になるので、 HDD容量だけは気を付けたいところです。 今回のようにCentOS8(最小限インストール)+Linuxカーネル5.7.10だと、 再構築に必要なパッケージなど入れて、HDDが25GB程度あれば大丈夫かと思います。 [root@centos8test ~]# cat /etc/centos-release CentOS Linux release 8.2.2004 (Core) [root@ce
White hat hackers showed how to take over an ESA satellite
Over 91,000 LG smart TVs running webOS are vulnerable to hacking | ScrubCrypt used to drop VenomRAT along with many malicious plugins | Google announces V8 Sandbox to protect Chrome users | China is using generative AI to carry out influence operations | Greylock McKinnon Associates data breach exposed DOJ data of 341650 people | Crowdfense is offering a larger 30M USD exploit acquisition program
CVE-2021-3560 in polkit auth system service affects most of Linux distros
Hackers may have accessed thousands of accounts on the California state welfare platform | Brokewell Android malware supports an extensive set of Device Takeover capabilities | Experts warn of an ongoing malware campaign targeting WP-Automatic plugin | Cryptocurrencies and cybercrime: A critical intermingling | Kaiser Permanente data breach may have impacted 13.4 million patients | Over 1,400 Crus
Electronic prescription provider MediSecure impacted by a ransomware attack | Google fixes seventh actively exploited Chrome zero-day this year, the third in a week | Santander: a data breach at a third-party provider impacted customers and employees | FBI seized the notorious BreachForums hacking forum | A Tornado Cash developer has been sentenced to 64 months in prison | Adobe fixed multiple cri
Hackers targeted ICS/SCADA systems at water facilities,Israeli gov warns
Australian Firstmac Limited disclosed a data breach after cyber attack | Pro-Russia hackers targeted Kosovo’s government websites | Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION | As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide | Ohio Lottery data breach impacted over 538,000 individuals | Notorius threat actor IntelBr
Anonymous hacked Russian streaming services to broadcast war footage
Targeted operation against Ukraine exploited 7-year-old MS Office bug | Hackers may have accessed thousands of accounts on the California state welfare platform | Brokewell Android malware supports an extensive set of Device Takeover capabilities | Experts warn of an ongoing malware campaign targeting WP-Automatic plugin | Cryptocurrencies and cybercrime: A critical intermingling | Kaiser Permanen
NK CARROTBALL dropper used in attacks on U.S. Govn Agency
North Korea-linked Kimsuky APT attack targets victims via Messenger | Electronic prescription provider MediSecure impacted by a ransomware attack | Google fixes seventh actively exploited Chrome zero-day this year, the third in a week | Santander: a data breach at a third-party provider impacted customers and employees | FBI seized the notorious BreachForums hacking forum | A Tornado Cash develope
Ransomware attack disrupts operations at Australian beverage firm Lion
Google fixes fifth actively exploited Chrome zero-day this year | Russia-linked APT28 targets government Polish institutions | Citrix warns customers to update PuTTY version installed on their XenCenter system manually | Dell discloses data breach impacting millions of customers | Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs | Zscaler is investigating data breac
Children's clothing maker Hanna Andersson discloses a data breach
CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog | CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog | North Korea-linked Kimsuky APT attack targets victims via Messenger | Electronic prescription provider MediSecure impacted by a ransomware attack | Google fixes seventh actively exploited Chrome zero-day this year, the third in a week
Kyiv blames Belarus-linked APT UNC1151 for recent cyberattack
Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023 | Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals | Cyber-Partisans hacktivists claim to have breached Belarus KGB | The Los Angeles County Department of Health Services disclosed a data breach | Multiple Brocade SANnav SAN Management SW flaws allow device compromise
Stolen OAuth tokens used to download data from dozens of orgs, GitHub warns
FIN7 targeted a large U.S. carmaker with phishing attacks | Law enforcement operation dismantled phishing-as-a-service platform LabHost | Previously unknown Kapeka backdoor linked to Russian Sandworm APT | Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available | Linux variant of Cerber ransomware targets Atlassian servers | Ivanti fixed two critical flaws in its Aval
Russia-Linked Turla APT uses new malware in watering hole attacks
Ransomware attack on Singing River Health System impacted 895,000 people | Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days | VMware fixed zero-day flaws demonstrated at Pwn2Own Vancouver 2024 | MITRE released EMB3D Threat Model for embedded devices | Google fixes sixth actively exploited Chrome zero-day this year | Phorpiex botnet sent millions of phishin
Expert released PoC exploits for recently disclosed Cisco DCNM flaws
Google fixes eighth actively exploited Chrome zero-day this year, the third in a month | CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog | Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors | Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns | APT41: The threat of KeyPlug against Italian industries | Critical SQL
MalwareBazaar - welcome to the abuse-ch malware repository
Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days | VMware fixed zero-day flaws demonstrated at Pwn2Own Vancouver 2024 | MITRE released EMB3D Threat Model for embedded devices | Google fixes sixth actively exploited Chrome zero-day this year | Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware | Threat actors may have explo
Experts analyzed the evolution of the Emotet supply chain
Crooks manipulate GitHub's search results to distribute malware | BatBadBut flaw allowed an attacker to perform command injection on Windows | Roku disclosed a new security breach impacting 576,000 accounts | LastPass employee targeted via an audio deepfake call | TA547 targets German organizations with Rhadamanthys malware | CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulner
JhoneRAT uses Google Drive, Twitter, ImgBB, and Google Forms to target countries in Middle East
Google fixes eighth actively exploited Chrome zero-day this year, the third in a month | CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog | Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors | Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns | APT41: The threat of KeyPlug against Italian industries | Critical SQL
Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world
North Korea-linked Kimsuky APT attack targets victims via Messenger | Electronic prescription provider MediSecure impacted by a ransomware attack | Google fixes seventh actively exploited Chrome zero-day this year, the third in a week | Santander: a data breach at a third-party provider impacted customers and employees | FBI seized the notorious BreachForums hacking forum | A Tornado Cash develope
Vulnerable Docker Installations Are A Playhouse for Malware Attacks
Previously unknown Kapeka backdoor linked to Russian Sandworm APT | Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available | Linux variant of Cerber ransomware targets Atlassian servers | Ivanti fixed two critical flaws in its Avalanche MDM | Researchers released exploit code for actively exploited Palo Alto PAN-OS bug | Cisco warns of large-scale brute-force attacks
Google warned 12K+ users targeted by state-sponsored hackers
GitCaught campaign relies on Github and Filezilla to deliver multiple malware | Two students uncovered a flaw that allows to use laundry machines for free | Grandoreiro Banking Trojan is back and targets banks worldwide | Healthcare firm WebTPA data breach impacted 2.5 million individuals | Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION | North Korea-linked Kim
Healthcare giant Magellan discloses data breach after ransomware attack
City of Helsinki suffered a data breach | Russian hackers defaced local British news sites | Australian Firstmac Limited disclosed a data breach after cyber attack | Pro-Russia hackers targeted Kosovo’s government websites | Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION | As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide
Threat actors found a way to bypass mitigation F5 BIG-IP flaw
Citrix warns customers to update PuTTY version installed on their XenCenter system manually | Dell discloses data breach impacting millions of customers | Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs | Zscaler is investigating data breach claims | Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover | LockBit gang claimed responsibili
Hack the Army bug bounty program paid $275,000 in rewards
Google fixes eighth actively exploited Chrome zero-day this year, the third in a month | CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog | Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors | Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns | APT41: The threat of KeyPlug against Italian industries | Critical SQL
BlueBleed: Microsoft confirmed data leak exposing customers’ info
Crooks manipulate GitHub's search results to distribute malware | BatBadBut flaw allowed an attacker to perform command injection on Windows | Roku disclosed a new security breach impacting 576,000 accounts | LastPass employee targeted via an audio deepfake call | TA547 targets German organizations with Rhadamanthys malware | CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulner
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
New EvilQuest ransomware targets macOS users ...
Two kids found a screensaver bypass in Linux Mint
Winnti APT Group targeted Hong Kong Universities