Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543, in Redis (Remote Dictionary Server) servers. Redis (remote dictionary server) […]
Data breaches can be devastating for organizations, these are 3 of the worst incidents that could have been prevented Data breaches can be devastating for organizations and even entire countries. Eliminating the risk of a data breach is nearly impossible, but some things can be done to reduce it significantly. Here are three of the […]
North Korea-linked ScarCruft group used a previously undocumented backdoor called Dolphin against targets in South Korea. ESET researchers discovered a previously undocumented backdoor called Dolphin that was employed by North Korea-linked ScarCruft group (aka APT37, Reaper, and Group123) in attacks aimed at targets in South Korea. ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers […]
LastPass disclosed a new security breach, threat actors had access to its cloud storage using information stolen in the August 2022 breach. Password management solution LastPass disclosed a new security breach, the attackers had access to a third-party cloud storage service using information stolen in the August 2022 breach. The impacted cloud storage service is […]
Googleâs Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. Officially, Variston claims to provide custom security solutions and custom patches for embedded system. The […]
Threat actors are exploiting interest in a popular TikTok challenge, dubbed Invisible Challenge, to trick users into downloading info-stealing malware. Threat actors are exploiting the popularity of a TikTok challenge, called Invisible Challenge, to trick users into downloading information-stealing malware, Checkmarx researchers warn. People participating in the Invisible Challenge have to apply a filter called Invisible […]
CyberNews experts discovered that ENC Security, a Netherlands software company, had been leaking critical business data since May 2021. Original post at https://cybernews.com/security/encsecurity-leaked-sensitive-data/ When you buy a Sony, Lexar, or Sandisk USB key or any other storage device, it comes with an encryption solution to keep your data safe. The software is developed by a […]
Cyble observed Initial Access Brokers (IABs) offering access to enterprise networks compromised via a critical flaw in Fortinet products. Researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical flaw, tracked as CVE-2022-40684, in Fortinet products. In early October, Fortinet addressed the critical authentication bypass flaw, […]
CISA added a critical flaw impacting Oracle Fusion Middleware, tracked as CVE-2021-35587, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability impacting Oracle Fusion Middleware, tracked as CVE-2021-35587 (CVSS 3.1 Base Score 9.8), to its Known Exploited Vulnerabilities Catalog. An unauthenticated attacker with network access via HTTP can […]
Irish data protection commission (DPC) fined Meta for not protecting Facebook’s users’ data from scraping. Meta has been fined âŹ265 million ($275.5 million) by the Irish data protection commission (DPC) for the data leak suffered by Facebook in 2021 that exposed the data belonging to millions of Facebook users. The Data Protection Commission is also imposing […]