Category: Securityaffairs

More than a million GitHub repositories potentially vulnerable to RepoJackingSecurity Affairs
23
Jun
2023

More than a million GitHub repositories potentially vulnerable to RepoJackingSecurity Affairs

Researchers reported that millions of GitHub repositories are likely vulnerable to an attack called RepoJacking. A study conducted by Aqua…

New Mirai botnet targets tens of flaws in popular IoT devicesSecurity Affairs
22
Jun
2023

New Mirai botnet targets tens of flaws in popular IoT devicesSecurity Affairs

Since March 2023, Unit 42 researchers have observed a variant of the Mirai botnet spreading by targeting tens of flaws…

Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect SecureSecurity Affairs
22
Jun
2023

Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect SecureSecurity Affairs

The proof-of-concept (PoC) exploit code for high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure was published online. A security researcher has…

UK regulator Ofcom hacked with a MOVEit zero-daySecurity Affairs
22
Jun
2023

Norton parent firm Gen Digital, was victim of a MOVEit ransomware attackSecurity Affairs

Norton parent firm, Gen Digital, was the victim of a ransomware attack that exploited the recently disclosed MOVEit zero-day vulnerability….

Apple fixed actively exploited zero-day flaws in iOS,macOS,& SafariSecurity Affairs
22
Jun
2023

Apple fixed actively exploited zero-day flaws in iOS,macOS,& SafariSecurity Affairs

Apple rolled out security updates to address actively exploited zero-day flaws in iOS, iPadOS, macOS, watchOS, and Safari. Apple addressed…

Analyzing the TriangleDB implant used in Operation TriangulationSecurity Affairs
22
Jun
2023

Analyzing the TriangleDB implant used in Operation TriangulationSecurity Affairs

Kaspersky provided more details about Operation Triangulation, including the exploitation chain and the implant used by the threat actors. Kaspersky…

APT28 hacked Roundcube email servers of Ukrainian entitiesSecurity Affairs
21
Jun
2023

APT28 hacked Roundcube email servers of Ukrainian entitiesSecurity Affairs

Russia-linked APT28 group hacked into Roundcube email servers belonging to multiple Ukrainian organizations. A joint investigation conducted by Ukraine’s Computer…

New Condi DDoS botnet targets TP-Link Wi-Fi routersSecurity Affairs
21
Jun
2023

New Condi DDoS botnet targets TP-Link Wi-Fi routersSecurity Affairs

Researchers discovered a new strain of malware called Condi that targets TP-Link Archer AX21 (AX1800) Wi-Fi routers. Fortinet FortiGuard Labs Researchers discovered a…

Critical RCE CVE-2023-20887 in VMware vRealize exploited in the wildSecurity Affairs
21
Jun
2023

Critical RCE CVE-2023-20887 in VMware vRealize exploited in the wildSecurity Affairs

VMware is warning customers that critical remote code execution vulnerability CVE-2023-20887 is being actively exploited in attacks. VMware is warning…

3CX data exposed, third-party to blameSecurity Affairs
20
Jun
2023

3CX data exposed, third-party to blameSecurity Affairs

A third-party vendor of 3CX, a popular Voice over Internet Protocol (VoIP) comms provider, left an open server and exposed…

New Tsunami botnet targets Linux SSH serversSecurity Affairs
20
Jun
2023

New Tsunami botnet targets Linux SSH serversSecurity Affairs

Researchers warn of an ongoing Tsunami DDoS botnet campaign targeting inadequately protected Linux SSH servers. Researchers from AhnLab Security Emergency…

Zyxel addressed critical flaw CVE-2023-27992 in NAS DevicesSecurity Affairs
20
Jun
2023

Zyxel addressed critical flaw CVE-2023-27992 in NAS DevicesSecurity Affairs

Zyxel released security updates to address a critical vulnerability affecting its network-attached storage (NAS) devices. Zyxel released security updates to…