Le Mans Endurance Management, operating the FIA World Endurance Championshipâs website, exposed the data of hundreds of drivers by leaking their IDs and driversâ licenses, the Cybernews research team has discovered. On June 16th, our researchers came across two misconfigured, meaning publicly exposed, Google Cloud Storage buckets. Both combined, they contained over 1.1 million files. […]
The online malware scanning service VirusTotal leaked data associated with some registered customers, German newspapers reported. German newspapers Der Spiegel and Der Standard reported that the online malware scanning service VirusTotal leaked data associated with some registered customers. At the end of June, a small file of 313 kilobytes containing a list of 5,600 names was exposed online. […]
The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The financially motivated group FIN8 (aka Syssphinx) was spotted using a revamped version of a backdoor tracked as Sardonic to deliver the BlackCat ransomware (aka Noberus ransomware). Sardonic is a sophisticated backdoor that supports a wide range of features that was designed […]
Threat actors are actively exploiting a critical flaw, tracked as CVE-2023-28121, in the WooCommerce Payments WordPress plugin. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2023-28121 (CVSS score: 9.8), in the WooCommerce Payments WordPress plugin. The flaw is an authentication bypass issue that can be exploited by an unauthenticated attacker to impersonate arbitrary […]
Software firm JumpCloud announced it was the victim of a sophisticated cyber attack carried out by a nation-state actor. JumpCloud is a cloud-based directory service platform designed to manage user identities, devices, and applications in a seamless and secure manner. It allows IT administrators to centralize and simplify their identity and access management tasks across […]
Adobe is warning customers of a critical ColdFusion pre-authentication RCE bug, tracked as CVE-2023-29300, which is actively exploited. Adobe warns customers of a critical ColdFusion pre-authentication remote code execution vulnerability, tracked as CVE-2023-29300 (CVSS score 9.8), that is actively exploited in attacks in the wild. “Adobe is aware that CVE-2023-29300 has been exploited in the […]
Cisco warns of a critical unauthenticated REST API access vulnerability, tracked as CVE-2023-20214, impacting its SD-WAN vManage. Cisco addressed a critical unauthenticated REST API access vulnerability, tracked as CVE-2023-20214 (CVSS Score 9.1), impacting its SD-WAN vManage. An unauthenticated, remote attacker can exploit the vulnerability to gain read permissions or limited write permissions to the configuration […]
The owner of the BreachForums Conor Brian Fitzpatrick, aka Pompompurin, pleads guilty to hacking charges. The owner of the BreachForums Conor Brian Fitzpatrick agrees to plead guilty to a three-count criminal information charging the defendant with conspiracy to commit access device fraud, solicitation for the purpose of offering access devices, and possession of child pornography. […]
The WormGPT case: How Generative artificial intelligence (AI) can improve the capabilities of cybercriminals and allows them to launch sophisticated attacks. Researchers from SlashNext warn of the dangers related to a new generative AI cybercrime tool dubbed WormGPT. Since chatbots like ChatGPT made the headlines, cybersecurity experts warned of potential abuses of Generative artificial intelligence (AI) […]
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial […]