The Cyber ââPolice Department of the National Police of Ukraine dismantled a massive bot farm and seized 150,000 SIM cards. A gang of more than 100 individuals used fake social network accounts to conduct disinformation and psychological operations in support of the Russian government and its narrative on the invasion of Ukraine. The gang used […]
The U.S. government added surveillance technology vendors Cytrox and Intellexa to an economic blocklist for trafficking in cyber exploits. The Commerce Departmentâs Bureau of Industry and Security (BIS) added surveillance technology vendors Intellexa and Cytrox to the Entity List for trafficking in cyber exploits used to gain access to information systems. The Entity List maintained […]
Citrix is warning customers of an actively exploited critical vulnerability in NetScaler Application Delivery Controller (ADC) and Gateway. Citrix is warning customers of a critical vulnerability, tracked as CVE-2023-3519 (CVSS score: 9.8), in NetScaler Application Delivery Controller (ADC) and Gateway that is being actively exploited in the wild. The vulnerability, tracked as CVE-2023-3519 (CVSS score: 9.8), is a code injection that […]
Le Mans Endurance Management, operating the FIA World Endurance Championshipâs website, exposed the data of hundreds of drivers by leaking their IDs and driversâ licenses, the Cybernews research team has discovered. On June 16th, our researchers came across two misconfigured, meaning publicly exposed, Google Cloud Storage buckets. Both combined, they contained over 1.1 million files. […]
The online malware scanning service VirusTotal leaked data associated with some registered customers, German newspapers reported. German newspapers Der Spiegel and Der Standard reported that the online malware scanning service VirusTotal leaked data associated with some registered customers. At the end of June, a small file of 313 kilobytes containing a list of 5,600 names was exposed online. […]
The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The financially motivated group FIN8 (aka Syssphinx) was spotted using a revamped version of a backdoor tracked as Sardonic to deliver the BlackCat ransomware (aka Noberus ransomware). Sardonic is a sophisticated backdoor that supports a wide range of features that was designed […]
Threat actors are actively exploiting a critical flaw, tracked as CVE-2023-28121, in the WooCommerce Payments WordPress plugin. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2023-28121 (CVSS score: 9.8), in the WooCommerce Payments WordPress plugin. The flaw is an authentication bypass issue that can be exploited by an unauthenticated attacker to impersonate arbitrary […]
Software firm JumpCloud announced it was the victim of a sophisticated cyber attack carried out by a nation-state actor. JumpCloud is a cloud-based directory service platform designed to manage user identities, devices, and applications in a seamless and secure manner. It allows IT administrators to centralize and simplify their identity and access management tasks across […]
Adobe is warning customers of a critical ColdFusion pre-authentication RCE bug, tracked as CVE-2023-29300, which is actively exploited. Adobe warns customers of a critical ColdFusion pre-authentication remote code execution vulnerability, tracked as CVE-2023-29300 (CVSS score 9.8), that is actively exploited in attacks in the wild. “Adobe is aware that CVE-2023-29300 has been exploited in the […]
The admins of the darkweb Genesis Market announced the sale of their platform to a threat actor that will restart operations next month. In April, the FBI seized the Genesis Market, a black marketplace for stolen credentials that was launched in 2017. Genesis Market was an invite-only marketplace, but it was not complex to find invite […]