+84949482065
A vulnerability in mental health app Feelyou exposed the email addresses of almost 78,000 users from 177 countries. The platform claimed that no other data has been impacted. More information…
The Minister for Foreign Affairs of Belgium claimed that several China-linked APT groups—APT27, APT30, and APT3—targeted the nation’s defense and interior ministries. Ref https://securityaffairs.co/wordpress/133425/apt/belgium-claims-china-hit-its-ministries.html
U.S. Cyber Command on Wednesday disclosed dozens of forms of malware that have been used against computer networks in Ukraine, including 20 never-before-seen samples of malicious code. More information https://therecord.media/cyber-command-shares-bevy-of-new-malware-used-against-ukraine/
A PowerShell script was found targeting cryptocurrency browser extensions or apps, including Edge, Chrome, and Brave. The hackers could replace a wallet address with their own to steal funds. Ref https://isc.sans.edu/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772
AWS fixed multiple flaws in the authentication process that could let unauthenticated users bypass the protection for privilege escalation. Identified as CVE-2022-2385, the bug is an error in parameter validation.…
Data privacy platform Privitar acquired software platform Kormoon for an undisclosed sum. The acquisition aims to expand Privitar’s data privacy capabilities and offerings. More https://www.helpnetsecurity.com/2022/07/13/privitar-kormoon/
An adware campaign by ABCsoup is leveraging 350 browser extension variants pretending to be a Google Translate add-on. The extensions can evade most endpoint security software. Ref https://blog.zimperium.com/abc-soup-the-malicious-adware-extension-with-350-variants/
Fake copyright infringement complaints are targeting website owners to disseminate the IcedID, BumbleBee, and BazarLoader malware. The campaign is conducted by TA578, who is using Yandex Forms for the same.…
In a joint cybersecurity advisory, the US Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) warn that threat actors are continuing to exploit…
Sonatype detected several malicious Python packages on the PyPI repository that have been stealing sensitive information, including AWS credentials, and uploading it to publicly exposed endpoints. Sonatype has reported the…
