Cyber security aggregate rss news

Cyber security aggregator - feeds history

totals: cyware (7) thehackernews (2)

N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX

cyware Apr 22, 2023 Threat Intel & Info Sharing

The attack against 3CX first came to light on March 29, 2023, when it emerged that Windows and macOS versions of its communication software were trojanized to deliver a C/C++-based data miner named ICONIC Stealer by means of a downloader, SUDDENICON.

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug

cyware Apr 22, 2023 Threat Intel & Info Sharing

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws in MinIO, PaperCut, and Google Chrome, respectively, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining

cyware Apr 22, 2023 Breaches and Incidents

"The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack," cloud security firm Aqua said in a report shared with The Hacker News.

Cyware to Power Accenture’s Next-Generation Threat Intelligence Services

cyware Apr 22, 2023 Companies to Watch

While the Cyware team is thrilled with this significant opportunity, it also represents another step forward in its mission to enable Collective Defense across a wide range of communities.

CFPB says employee sent confidential data of 256,000 consumers to personal email

cyware Apr 22, 2023 Breaches and Incidents

An employee at the Consumer Financial Protection Bureau sent confidential data about hundreds of thousands of consumer accounts to their personal email, the agency told CNN on Thursday.

Google: Ukraine targeted by 60% of Russian phishing attacks in 2023

cyware Apr 22, 2023 Trends, Reports, Analysis

In most cases, the campaign goals include intelligence collection, operational disruptions, and leaking sensitive data through Telegram channels dedicated to causing information damage to Ukraine.

Infoblox Uncovers DNS Malware Toolkit & Urges Companies to Block Malicious Domains

cyware Apr 22, 2023 Malware and Vulnerabilities

Infoblox discovered activity from the remote access trojan (RAT) Pupy active in multiple enterprise networks in early April 2023. This C2 communication went undiscovered since April 2022.

Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach

thehackernews Apr 22, 2023 Feed

Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come courtesy of Symantec's Threat Hunter Team, confirm earlier suspicions that the

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug

thehackernews Apr 22, 2023 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows - CVE-2023-28432 (CVSS score - 7.5) - MinIO Information Disclosure Vulnerability CVE-2023-27350 (CVSS score - 9.8) - PaperCut MF/NG Improper Access Control

2023-04

202020212022202320242025

Aggregator history

Saturday, April 22

SAT

SUN

MON

TUE

WED

THU

FRI