Ionut Arghire

Cloud Forensics Firm Cado Security Raises $10 Million in Series A Funding

Cado Security, provider of a cloud-native digital forensics platform, has secured $10 million in Series A funding, which brings the total amount raised by the company to date to $11.5 million.

IBM: 44 Organizations Targeted in Attacks Aimed at COVID-19 Vaccine Cold Chain

More than 40 companies in 14 countries across Europe, the Americas, Africa and Asia were hit with spear-phishing emails.

Reddit Launches Public Bug Bounty Program

Reddit offers up to $10,000 for critical vulnerabilities that could be exploited for bulk data compromise.

Capcom Says Older VPN Device at Heart of Ransomware Attack

Capcom says data of 15,649 people was compromised and its internal systems are near to completely restored.

Another Critical Vulnerability Patched in SAP Commerce

On its April 2021 Security Patch Day, SAP released 14 security notes and 5 updates to previously released notes.

At Least 100 Million Devices Affected by "NAME:WRECK" DNS Flaws in TCP/IP Stacks

The NAME:WRECK vulnerabilities could be abused to cause denial of service, execute arbitrary code remotely, or take control of vulnerable devices.

Exploit Released for Critical Vulnerability Affecting QNAP NAS Devices

The security flaw impacts QNAP NAS devices running Surveillance Station and it could be abused to execute code remotely, without authentication.

CISA Details Malware Found on Hacked Exchange Servers

CISA publishes details on additional malware identified on compromised Microsoft Exchange servers, namely China Chopper webshells and DearCry ransomware.

Joker Android Trojan Lands in Huawei AppGallery App Store

Doctor Web reports that 10 modifications of the Joker malware that made it to the app store were downloaded by more than 530,000 users.

IcedID Trojan Operators Experimenting With New Delivery Methods

IcedID banking trojan operators send messages using contact forms in an attempt to trick victims into downloading malicious attachments.

Microsoft Open-Sources 'CyberBattleSim' Enterprise Environment Simulator

Microsoft's new 'CyberBattleSim' research toolkit supports the high-level abstract simulation of computer networks and cybersecurity concepts.

CISA Releases Tool to Detect Microsoft 365 Compromise

The new 'Aviary' dashboard will help visualize and analyze output from Sparrow, a CISA-developed tool for detecting potentially malicious activity in Microsoft Azure and Microsoft 365 environments.

LG Promises Three Years of OS Updates for Premium Android Smartphones

The South Korean company plans to exit the mobile phone market this summer, but will continue to support existing premium devices, for up to three years.

Collaboration Platforms Increasingly Abused for Malware Distribution, Data Exfiltration

Threat actors are abusing organizations’ reliance on communication services such as Discord and Slack to circumvent network protections and ensure effectiveness of attacks.

Cisco Patches Critical Flaw in SD-WAN vManage

Cisco patches a critical vulnerability in an SD-WAN software product but warned that a different high-risk bug in end-of-life small business routers will remain unpatched.

Cring Ransomware Targets Industrial Organizations

Cring ransomware operators exploit an old vulnerability in the FortiOS SSL VPN web portal to access enterprise networks, including the ones of industrial organisations.

Vulnerability in 'Domain Time II' Could Lead to Server, Network Compromise

An unauthenticated update process vulnerability could be abused for the download and execution of malware on servers.

Report: Supplier Impersonation Attacks a Major Risk

Proofpoint warns that attackers are leveraging compromised supplier accounts and supplier impersonation to send malware, steal credentials and perpetrate invoicing fraud.

Facebook Removes 14 Networks Fueling Deceptive Campaigns

Facebook cracks down on deceptive networks, including five that mainly targeted individuals outside their countries and nine focused on domestic audiences.

Google Patches Critical Code Execution Vulnerability in Android

Tens of high-severity elevation of privilege and information disclosure vulnerabilities were also addressed with the latest Android patches.

Threat Actors Quick to Target (Patched) SAP Vulnerabilities

A joint report from SAP and Onapsis warns that advanced threat actors are targeting new vulnerabilities in SAP applications within days after the availability of security patches.

APT Group Using Voice Changing Software in Spear-Phishing Campaign

Researchers report that a subgroup of the Molerats APT is employing voice changing software in attacks targeting regional adversaries and political opponents.

US DoD Launches Vuln Disclosure Program for Contractor Networks

In a new pilot program, the U.S. DoD invites the HackerOne community to remotely test the participating DoD contractors’ assets and report on any identified vulnerabilities.

China-Linked 'Cycldek' Hackers Target Vietnamese Government, Military

Kaspersky researchers warn that China-linked APT group Cycldek using custom malware in a series of recent attacks targeting government and military entities in Vietnam.

CISA, FBI Warn of Attacks Targeting Fortinet FortiOS

The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) warns that APT actors are exploiting Fortinet FortiOS vulnerabilities in attacks targeting commercial, government, and technology services networks.

SECURITYWEEK NETWORK:

Security Experts:

Recent articles by Ionut Arghire

Get the Daily Briefing

Popular Topics

Security Community

Stay Intouch

About SecurityWeek