UK govt contractor MPD FM leaks employee passport dataSecurity Affairs
UK govt contractor MPD FM left an open instance that exposed employee passports, visas, and other sensitive data MPD FM, a facility management and security…
Category: Securityaffairs
Power Generator in South Africa hit with DroxiDat and Cobalt StrikeSecurity Affairs
Threat actors employed a new variant of the SystemBC malware, named DroxiDat, in attacks aimed at African critical infrastructure. Researchers from Kaspersky’s Global Research and Analysis…
From Commerce to CloudSecurity Affairs
API (or Application Programming Interface) is a ubiquitous term in the tech community today, and it’s one with a long history. As a concept, APIs…
Gafgyt botnet is targeting EoL Zyxel routers
Researchers warn that the Gafgyt botnet is actively exploiting a vulnerability impacting the end-of-life Zyxel P660HN-T1A router. A variant of the Gafgyt botnet is actively…
Charming Kitten APT is targeting Iranian dissidents in GermanySecurity Affairs
Germany’s Federal Office for the Protection of the Constitution (BfV) warns that the Charming Kitten APT group targeted Iranian dissidents in the country. The Federal…
Statc Stealer, a new sophisticated info-stealing malwareSecurity Affairs
Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new…
CISA discovered a new backdoor, named Whirlpool, used in Barracuda ESG attacksSecurity Affairs
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) observed a new backdoor, named Whirlpool, in attacks on Barracuda ESG appliances. The U.S. Cybersecurity & Infrastructure…
US Govt launches Artificial Intelligence Cyber ChallengeSecurity Affairs
The US Government House this week launched an Artificial Intelligence Cyber Challenge competition for creating a new generation of AI systems. On Wednesday, the United…
CISA adds actively exploited flaw in .NET, Visual Studio to its Known Exploited Vulnerabilities catalogSecurity Affairs
US CISA added zero-day vulnerability CVE-2023-38180 affecting .NET and Visual Studio to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added…
Data of all serving police officers Police Service of Northern Ireland (PSNI) mistakenly published onlineSecurity Affairs
Police Service of Northern Ireland (PSNI) mistakenly shared sensitive data of all 10,000 serving police officers in response to a FOI request. The Police Service…
Balada Injector still at large – new domains discoveredSecurity Affairs
The Balada Injector is still at large and still evading security software by utilizing new domain names and using new obfuscation. During a routine web…
EvilProxy used in massive cloud account takeover schemeSecurity Affairs
Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred…