A threat actor claimed the hack of the Canadian retail chain Giant Tiger and leaked 2.8 million records on a hacker forum. A threat actor, who goes online with the moniker ShopifyGUY, claimed responsibility for hacking the Canadian retail chain Giant Tiger and leaked 2.8 million records on a hacker forum. Giant Tiger is a Canadian discount store […]
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Crooks manipulate GitHub’s search results to distribute malware BatBadBut flaw allowed an attacker to perform command […]
Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that threat actors are manipulating GitHub search results to deliver persistent malware to developers systems. Attackers behind this campaign create malicious repositories with popular names and topics, they were observed using techniques like automated updates and fake […]
A critical vulnerability, named âBatBadButâ, impacts multiple programming languages, its exploitation can lead to command injection in Windows applications. The cybersecurity researcher RyotaK (@ryotkak ) discovered a critical vulnerability, dubbed BatBadBut, which impacts multiple programming languages. When specific conditions are satisfied, an attacker can exploit the flaw to perform command injection on Windows. “The BatBadBut is a vulnerability […]
Roku announced that 576,000 accounts were compromised in a new wave of credential stuffing attacks. Roku announced that 576,000 accounts were hacked in new credential stuffing attacks, threat actors used credentials stolen from third-party platforms. âCredential stuffing is a type of attack in which hackers use automation and lists of compromised usernames and passwords to defeat […]
Crooks targeted a LastPass employee using deepfake technology to impersonate the company’s CEO in a fraudulent scheme. In a fraudulent scheme, criminals used deepfake technology to impersonate LastPass ‘s CEO, targeting an employee of the company. The attack occurred this week, but the employed recognized the attack and the attempt failed. According to the password […]
TA547 group is targeting dozens of German organizations with an information stealer called Rhadamanthys, Proofpoint warns. Proofpoint researchers observed a threat actor, tracked as TA547, targeting German organizations with an email campaign delivering the Rhadamanthys malware. TA547 is a financially motivated threat actor that has been active since at least November 2017, it was observed conducting multiple […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added the following D-Link multiple NAS devices flaws to its Known Exploited Vulnerabilities (KEV) catalog: The flaw CVE-2024-3272 is a Use of Hard-Coded Credentials Vulnerability impacting D-Link Multiple NAS […]
Business intelligence software company Sisense suffered a cyberattack that may have exposed sensitive information of major enterprises worldwide. Sisense, a business intelligence software company, experienced a cyberattack potentially exposing the sensitive data of global enterprises. The list of the company’s customers includes Nasdaq, Philips Healthcare, Verizon, and many others. The cyber attack made the headlines […]
Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – The company reported that a packet processing […]