Security News
A vulnerability in Barracuda Networks' Email Security Gateway appliances has been exploited by attackers, the company has warned. CVE-2023-2868 is a critical remote command injection vulnerability affecting only physical Barracuda Email Security Gateway appliances, versions 5.1.3.001 - 9.2.0.006.
We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.
PHP software package repository Packagist revealed that an "Attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.json with their own message but did not otherwise make any malicious changes," Packagist's Nils Adermann said.
Hackers exploited a Level Finance smart contract vulnerability to drain 214,000 LVL tokens from the decentralized exchange and swapped them for 3,345 BNB, worth approximately $1,100,000. While Level Finance said the attack did not affect its liquidity pool and the DAO treasury, and the exploit was isolated from all other contracts, the LVL token lost roughly 50% of its value immediately after the attack was made known.
A Chinese APT hacking group known as 'Evasive Panda' is linked to a mysterious attack that distributed the MsgBot malware as part of an automatic update for the Tencent QQ messaging app. ESET reports that the malicious MsgBot malware payload was delivered to victims as a Tencent QQ software update from legitimate URLs and IP addresses belonging to the software developer.
KuCoin's Twitter account was hacked, allowing attackers to promote a fake giveaway scam that led to the theft of over $22.6K in cryptocurrency. While the account was hacked for only 45 minutes, the crypto exchange says it was enough time for its followers to send 22 Bitcoin and Ethereum transactions, allowing the hackers to steal $22,600.
Websites of multiple U.S. universities are serving Fortnite and 'gift card' spam. BleepingComputer confirmed the malicious campaign was live, and had targeted additional scholastic websites including that of the University of Michigan.
Attackers are hacking into poorly secured and Interned-exposed Microsoft SQL servers to deploy Trigona ransomware payloads and encrypt all files. Exe service, which they use to launch the Trigona ransomware as svchost.
This week meet a reader we'll Regomize as "Wesley", who 25 years ago was about to embark on a thesis in mechanical engineering, continuing the work done by a more senior student who was working towards his doctorate. The senior student readily agreed, but the days passed, and Wesley still didn't have the data he needed.
Hackers are compromising websites to inject scripts that display fake Google Chrome automatic update errors that distribute malware to unaware visitors. BleepingComputer has found numerous sites hacked in this malware distribution campaign, including adult sites, blogs, news sites, and online stores.