Internet Security

APT41: The threat of KeyPlug against Italian industries

May 23, 2024 add comment
Tinexta Cyber’s Zlab Malware Team uncovered a backdoor known as KeyPlug employed in attacks against several Italian industries During an extensive investigation, Tinexta Cyber’s Zlab Malware Team uncovered a... Read more »

Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM)

May 23, 2024 add comment
Ivanti addressed multiple flaws in the Endpoint Manager (EPM), including remote code execution vulnerabilities. Ivanti this week rolled out security patches to address multiple critical vulnerabilities in the Endpoint... Read more »

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

May 23, 2024 add comment
A previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ has been targeting military and government entities since 2018. Bitdefender researchers discovered a previously unknown China-linked threat actor dubbed... Read more »

A consumer-grade spyware app found in check-in systems of 3 US hotels

May 23, 2024 add comment
A researcher discovered a consumer-grade spyware app on the check-in systems of at least three Wyndham hotels across the US. The security researcher Eric Daigle discovered a commercial spyware... Read more »

Critical Veeam Backup Enterprise Manager authentication bypass bug

May 22, 2024 add comment
A critical security vulnerability in Veeam Backup Enterprise Manager could allow threat actors to bypass authentication. A critical vulnerability, tracked as CVE-2024-29849 (CVSS score: 9.8), in Veeam Backup Enterprise Manager could... Read more »

Cybercriminals are targeting elections in India with influence campaigns

May 22, 2024 add comment
Resecurity warns of a surge in malicious cyber activity targeting the election in India, orchestrated by several independent hacktivist groups Resecurity has identified a spike of malicious cyber activity... Read more »

An ongoing malware campaign exploits Microsoft Exchange Server flaws

May 22, 2024 add comment
A threat actor is targeting organizations in Africa and the Middle East by exploiting Microsoft Exchange Server flaws to deliver malware. Positive Technologies researchers observed while responding to a... Read more »

Critical GitHub Enterprise Server Authentication Bypass bug. Fix it now!

May 22, 2024 add comment
GitHub addressed a vulnerability in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication. GitHub has rolled out security fixes to address a critical authentication... Read more »

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

May 22, 2024 add comment
The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. OmniVision Technologies is a company that specializes in developing advanced digital imaging solutions. In 2023,... Read more »

CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog

May 21, 2024 add comment
CISA adds NextGen Healthcare Mirth Connect deserialization of untrusted data vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a NextGen Healthcare Mirth... Read more »
Subscribe to our Newsletter