Mirai code re-use in Gafgyt
Uptycs’ threat research team recently detected several variants of the Linux-based botnet malware family, “Gafgyt,”some of them re-used Mirai code. Uptycs’ threat research team recently detected several variants of the Linux-based botnet malware family, “Gafgyt”, via threat intelligence systems and our in-house osquery-based sandbox. Upon analysis, we identified several codes, techniques and implementations of Gafgyt, […]
Security Affairs - Read, think, share … Security is everyone's responsibility
US Gov sanctions Russia and expels 10 diplomats over SolarWinds hackSecurity Affairs
Cyber thieves move $760 million stolen in the 2016 Bitfinex heist
Over $760 million worth of Bitcoin that were stolen from cryptocurrency exchange Bitfinex in 2016 were moved to new accounts. More than $760 million worth of Bitcoin, stolen from Asian cryptocurrency exchange Bitfinex in 2016, were moved on Wednesday to new accounts. On August 2016, the Asian Bitfinex suffered a security breach that resulted in the […]
Security Affairs - Read, think, share … Security is everyone's responsibility
April 2021 Security Patch Day fixes a critical flaw in SAP CommerceSecurity Affairs
Security Affairs - Read, think, share … Security is everyone's responsibility
WhatsApp flaws could have allowed hackers to hack mobile devicesSecurity Affairs
FireEye: 650 new threat groups were tracked in 2020
FireEye published its M-Trend 2021 report based on the data collected during the investigation, 650 new threat groups were tracked in 2020 FireEye published its annual report, titled M-Trend 2021, which is based on the data collected during the investigation on security incidents it managed. Most of the incidents investigated by Mandiant (59%) in 2020 […]
Microsoft fixes 2 critical Exchange Server flaws reported by the NSA
Microsoft patch Tuesday security updates address four high and critical vulnerabilities in Microsoft Exchange Server that were reported by the NSA. Microsoft patch Tuesday security updates released today have addressed four critical and high severity vulnerabilities in Exchange Server (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483), some of these flaws were reported by the U.S. National Security Agency (NSA). All the […]
Sweden blames Russia for Swedish Sports Confederation hack
The Swedish Sports Confederation organization was compromised in 2017-18 by hackers working for Russian military intelligence, officials said. The Swedish Sports Confederation is the umbrella organisation of the Swedish sports movement, it was hacked by Russian military intelligence in a campaign conducted between December 2017 and May 2018, officials said. In the same period, Russia-linked […]
Microsoft fixes 2 critical Exchange Server flaws reported by the NSA
Microsoft patch Tuesday security updates address four high and critical vulnerabilities in Microsoft Exchange Server that were reported by the NSA. Microsoft patch Tuesday security updates released today have addressed four critical and high severity vulnerabilities in Exchange Server (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483), some of these flaws were reported by the U.S. National Security Agency (NSA). All the […]
Millions of devices impacted by NAME:WRECK flaws
Security experts disclosed nine flaws, collectively tracked as NAME:WRECK, affecting implementations of the DNS protocol in popular TCP/IP network communication stacks. Security researchers disclosed nine vulnerabilities, collectively tracked as NAME:WRECK, that affect implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices. The flaws were […]
Expert publicly released Chromium-based browsers exploit demonstrated at Pwn2Own 2021
An Indian security researcher has published a proof-of-concept (PoC) exploit code for a vulnerability impacting Google Chrome and other Chromium-based browsers. The Indian security researcher Rajvardhan Agarwal has publicly released a proof-of-concept exploit code for a recently discovered vulnerability that affects Google Chrome, Microsoft Edge, and other Chromium-based browsers (i.e. Opera, Brave). The researchers uploaded the PoC […]
Expired certificate caused a Pulse Secure VPN global scale outage
Pulse Secure VPN users were not able to login due to the expiration of a code signing certificate used to digitally sign and verify software components. Pulse Secure VPN users were not able to login after a code signing certificate used to digitally sign and verify software components has expired. Multiple users have reported on […]
Security Affairs - Read, think, share … Security is everyone's responsibility
Two former NSA Officials appointed by Joe Biden for prominent cyber rolesSecurity Affairs
Microsoft is open sourcing CyberBattleSim Enterprise Environment Simulator
Microsoft released as open-source the ‘CyberBattleSim Python-based toolkit which is an Enterprise Environment Simulator. Microsoft has recently announced the open-source availability of the Python-based enterprise environment simulator. named ‘CyberBattleSim.’ “CyberBattleSim is an experimentation research platform to investigate the interaction of automated agents operating in a simulated abstract enterprise network environment. The simulation provides a high-level […]