VMware fixed three flaws in multiple products, including a virtual machine escape issue exploited at the GeekPwn 2022 hacking competition. VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked as CVE-2022-31705, that was exploited at the GeekPwn 2022 hacking competition. A working exploit for the CVE-2022-31705 vulnerability was demonstrated by […]
Citrix urges customers to update their installs to fix actively exploited zero-day (CVE-2022-27518) in Citrix ADC and Gateway. Citrix urges administrators to apply security updates for a zero-day vulnerability, tracked as CVE-2022-27518, in Citrix ADC and Gateway. The vulnerability is actively exploited by China-linked threat actors to gain access to target networks. “We are aware […]
LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The LockBit ransomware gang claims to have stolen 76Gb from the California Department of Finance and is threatening to leak the stolen data if the victims will not pay the ransom by December 24. On December 12, […]
A new Python backdoor is targeting VMware ESXi servers, allowing attackers to take over compromised systems. Juniper Networks researchers spotted a previously undocumented Python backdoor targeting VMware ESXi servers. The researchers discovered the backdoor in October 2022, experts pointed out the implant is notable for its simplicity, persistence and capabilities. The experts were not able […]
Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022. Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. At the end of July, a threat actor leaked data of 5.4 […]
Fortinet fixed an actively exploited FortiOSÂ SSL-VPN flaw that could allow a remote, unauthenticated attacker to execute arbitrary code on devices. Fortinet urges customers to update their installs to address an actively exploited FortiOSÂ SSL-VPN vulnerability, tracked as CVE-2022-42475, that could be exploited by an unauthenticated, remote attacker to execute arbitrary code on devices. The CVE-2022-42475 flaw […]
The Cybernews research team reported that Indiaâs government platform Global Pravasi Rishta Portal was leaking sensitive user data. Original post @ https://cybernews.com/security/indias-foreign-ministry-leaks-passport-details/ The Global Pravasi Rishta Portal, Indiaâs government platform for connecting with its overseas population, leaked sensitive data, including names and passport details. The Cybernews research team has been alerted that the Global Pravasi […]
Researchers spotted a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). In November 2022, Trend Micro researchers discovered a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). The Chaos RAT is based on an open-source project. Like the original project, the malware is able to terminate competing malware, security […]
A hack-for-hire group dubbed Evilnum is targeting travel and financial entities with the new Janicab malware variant. Kaspersky researchers reported that a hack-for-hire group dubbed Evilnum is targeting travel and financial entities. The attacks are part of a campaign aimed at legal and financial investment institutions in the Middle East and Europe. The campaign took place in 2020 […]
Researchers reported an increase in TrueBot infections, attackers have shifted from using malicious emails as their primary delivery method to other techniques. Cisco Talos researchers reported an increase in TrueBot infections, threat actors have shifted from using malicious emails as their primary attack vector to other techniques. Truebot has been active since 2017 and some researchers linked it to […]