Internet Security

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

April 27, 2023 add comment
Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., Europe, the Middle East and India. Iran-linked Charming Kitten group, (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) made the headlines... Read more »

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

April 26, 2023 add comment
China-linked threat actor tracked as Alloy Taurus is using a Linux variant of the PingPull backdoor and a new tool dubbed Sword2033. Researchers from Palo Alto Networks Unit 42 recently observed... Read more »

A component in Huawei network appliances could be used to take down Germany’s telecoms networks

April 26, 2023 add comment
German government warns that technology to regulate power consumption in Huawei network appliances could be used for sabotage purposes.  In March, the interior ministry announced it was conducting an... Read more »

Thousands of publicly-exposed Apache Superset installs exposed to RCE attacks

April 26, 2023 add comment
Apache Superset open-source data visualization platform is affected by an insecure default configuration that could lead to remote code execution. Apache Superset is an open-source data visualization and data exploration... Read more »

Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline

April 26, 2023 add comment
Pro-Russia hacking group Zarya caused a cybersecurity incident at a Canadian gas pipeline, the critical infrastructure sector is on alert. A Canadian gas pipeline suffered a cyber security incident,... Read more »

SLP flaw allows DDoS attacks with an amplification factor as high as 2200 times

April 25, 2023 add comment
A flaw in the Service Location Protocol (SLP), tracked as CVE-2023-29552, can allow to carry out powerful DDoS attacks. A high-severity security vulnerability (CVE-2023-29552, CVSS score: 8.6) impacting the... Read more »

VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023

April 25, 2023 add comment
VMware addressed zero-day flaws that can be chained to achieve arbitrary code execution on Workstation and Fusion software hypervisors. VMware released security updates to address two zero-day vulnerabilities (CVE-2023-20869,... Read more »

A new Mirai botnet variant targets TP-Link Archer A21

April 25, 2023 add comment
Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451) in TP-Link Archer A21 in recent attacks. Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet... Read more »

Google researchers found multiple security issues in Intel TDX

April 25, 2023 add comment
Google Cloud Security and Project Zero researchers found multiple vulnerabilities in the Intel Trust Domain Extensions (TDX). Google Cloud Security and Project Zero researchers, working with Intel experts, discovered... Read more »

Google Authenticator App now supports Google Account synchronization

April 25, 2023 add comment
Google announced that its Authenticator app for Android and iOS now supports Google Account synchronization. Google announced that its Google Authenticator app for both iOS and Android now supports... Read more »
Subscribe to our Newsletter