Security News

Exploit released for Veeam bug allowing cleartext credential theft
2023-03-23 16:18

Cross-platform exploit code is now available for a high-severity Backup Service vulnerability impacting Veeam's Backup & Replication software. The flaw affects all VBR versions and can be exploited by unauthenticated attackers to breach backup infrastructure after stealing cleartext credentials and gaining remote code execution as SYSTEM. Veeam released security updates to address this vulnerability for VBR V11 and V12 on March 7, advising customers using older releases to upgrade to secure vulnerable devices running unsupported releases.

CloudPanel installations use the same SSL certificate private key
2023-03-23 15:56

Self-hosted web administration solution CloudPanel was found to have several security issues, including using the same SSL certificate private key across all installations and unintentional overwriting of firewall rules to default to weaker settings. Attackers would need to find fresh CloudPanel installations to exploit this problem, which is made possible by the third issue discovered by Rapid7.

Python info-stealing malware uses Unicode to evade detection
2023-03-23 15:09

A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers' account credentials and other sensitive data from compromised devices. The malicious package, named "Onyxproxy," uses a combination of different Unicode fonts in the source code to help it bypass automated scans and defenses that identify potentially malicious functions based on string matching.

Fake ChatGPT for Google extension hijacks Facebook accounts
2023-03-23 14:29

A new Chrome extension promising to augment users' Google searches with ChatGPT also leads to hijacked Facebook accounts, Guardio Labs researchers have found. In this case, when searching for ChatGPT via Google Search, users are served with a malicious sponsored ad that first redirects them to a fake ChatGPT for Google landing page, and then to the malicious extension on the official Chrome Store.

A common user mistake can lead to compromised Okta login credentials
2023-03-23 13:24

Logged failed logins into a company's Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found. Those credentials can then be used log in to any of the organization's platforms that use Okta single sign-on or - if the login credentials belong to an administrator - to gain privileged access to other systems or restricted network areas.

Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps
2023-03-23 11:55

An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications and conduct fraud. "Nexus provides all the main features to perform ATO attacks against banking portals and cryptocurrency services, such as credentials stealing and SMS interception."

Mass Ransomware Attack
2023-03-23 11:05

TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward. While the number of victims of the mass-hack is widening, the known impact is murky at best.

2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks
2023-03-23 10:39

CYE's new Cybersecurity Maturity Report 2023 tackles this question by shedding light on the strength of cybersecurity in different sectors, company sizes, and countries. Among countries, Norway scored the highest on overall cybersecurity maturity level, followed by Croatia and Japan.

Secure mail
2023-03-23 09:48

In the digital age of email, it's increasingly hard to spot a scam's threat to your security and react in time. Email remains the source for 94 percent of all cyber attacks according to some estimations, and the methods used to break in are continuously evolving.

Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers
2023-03-23 09:29

Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced in the first quarter of 2023. The intrusion set has been attributed to a Chinese cyber espionage actor associated with a long-running campaign dubbed Operation Soft Cell based on tooling overlaps.