Ionut Arghire

Recent Apache Struts 2 Vulnerability in Attacker Crosshairs

Attackers are attempting to exploit a critical RCE flaw in Apache Struts 2 after researchers publish PoC code.

December 15, 2023

New Threat Actor Uses SQL Injection Attacks to Steal Data From APAC Companies

GambleForce uses SQL injections to hack gambling, government, retail, and travel websites to steal sensitive information.

December 14, 2023

Microsoft Disrupts Cybercrime Service That Created 750 Million Fraudulent Accounts

Microsoft disrupts Storm-1152, a cybercrime-as-a-service business facilitating phishing, identity theft, and DDoS attacks.

December 14, 2023

Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies

US, UK, and Poland warn of Russia-linked cyberespionage group’s broad exploitation of recent TeamCity vulnerability.

December 14, 2023

Zero Networks Raises $20 Million to Secure Access to Enterprise Assets

Cybersecurity startup Zero Networks has raised $20 million in a Series B funding round led by US Venture Partners.

December 13, 2023

CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines

CISA is asking for public opinion on SCuBA secure configuration baselines for nine Google Workspace services.

December 13, 2023

Chrome 120 Update Patches High-Severity Vulnerabilities

A Chrome 120 security update resolves nine vulnerabilities, including five high-severity flaws reported externally.

December 13, 2023

Sophos Patches EOL Firewalls Against Exploited Vulnerability

Sophos has patched EOL Firewall versions against a critical flaw exploited in the wild, after identifying a new exploit.

December 13, 2023

SAP Patches Critical Vulnerability in Business Technology Platform

SAP patches multiple vulnerabilities in the Business Technology Platform, including a critical elevation of privilege bug.

December 12, 2023

Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution

Critical remote code execution flaws in Backup Migration and Elementor plugins expose WordPress sites to attacks.

December 12, 2023

Sandman Cyberespionage Group Linked to China

A recent emergence on the threat landscape, the Sandman APT appears linked to a Chinese hacking group.

December 12, 2023

Toyota Germany Says Customer Data Stolen in Ransomware Attack

Toyota Germany is informing customers that their personal data has been stolen in a ransomware attack last month.

December 12, 2023

‘5Ghoul’ Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems

Researchers call attention to 14 security defects that can be exploited to drop and freeze 5G connections on smartphones and routers.

December 11, 2023

Norton Healthcare Ransomware Hack: 2.5 Million Personal Records Stolen

Compromised data includes names, dates of birth, Social Security numbers, health and insurance information, and driver’s license numbers.

December 11, 2023

North Korean Hackers Developing Malware in Dlang Programming Language

North Korean hackers have used Dlang-based malware in attacks against manufacturing, agriculture, and physical security organizations.

December 11, 2023

Apache Patches Critical RCE Vulnerability in Struts 2

Apache has addressed a critical-severity Struts 2 file upload vulnerability that could lead to remote code execution.

December 11, 2023

ProvenRun Banks €15 Million for Secure Connected Vehicle Software

French startup ProvenRun raises €15 million investment to build secure software for connected vehicles and IoT devices.

December 8, 2023

WordPress 6.4.2 Patches Remote Code Execution Vulnerability

WordPress 6.4.2 patches a flaw that could be chained with another vulnerability to execute arbitrary code.

December 8, 2023

Russian APT Used Zero-Click Outlook Exploit

Russian threat actor APT28 has been exploiting a no-interaction Outlook vulnerability in attacks against 14 countries.

December 8, 2023

Android, Linux, Apple Devices Exposed to Bluetooth Keystroke Injection Attacks

A Bluetooth authentication bypass allows attackers to connect to vulnerable Android, Linux, and Apple devices and inject keystrokes.

December 8, 2023

SECURITYWEEK NETWORK:

ICS:

Ionut Arghire

Recent Apache Struts 2 Vulnerability in Attacker Crosshairs

New Threat Actor Uses SQL Injection Attacks to Steal Data From APAC Companies

Microsoft Disrupts Cybercrime Service That Created 750 Million Fraudulent Accounts

Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies

Zero Networks Raises $20 Million to Secure Access to Enterprise Assets

CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines

Chrome 120 Update Patches High-Severity Vulnerabilities

Sophos Patches EOL Firewalls Against Exploited Vulnerability

SAP Patches Critical Vulnerability in Business Technology Platform

Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution

Sandman Cyberespionage Group Linked to China

Toyota Germany Says Customer Data Stolen in Ransomware Attack

‘5Ghoul’ Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems

Norton Healthcare Ransomware Hack: 2.5 Million Personal Records Stolen

North Korean Hackers Developing Malware in Dlang Programming Language

Apache Patches Critical RCE Vulnerability in Struts 2

ProvenRun Banks €15 Million for Secure Connected Vehicle Software

WordPress 6.4.2 Patches Remote Code Execution Vulnerability

Russian APT Used Zero-Click Outlook Exploit

Android, Linux, Apple Devices Exposed to Bluetooth Keystroke Injection Attacks

Featured

Vulnerabilities

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

Vulnerabilities

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

Hacker Conversations

Hacker Conversations: Isira Adithya, the Evolution of an Ethical Hacker

Artificial Intelligence

AI and Cybersecurity – Everything You Wanted to Know, But Were Afraid to Ask

ICS/OT

Cal Water Investigating Iranian Hackers’ Claims

Network Security

Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks

Ransomware

Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer

Latest News

Identity & Access

Webinar Today: How Modern Breaches Bypass MFA and Evade Detection

Funding/M&A

1Password Acquires Apono in Reported $250M-$300M Deal

Artificial Intelligence

Tenet Security Emerges From Stealth With $6 Million Seed Funding

ICS/OT

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software

Malware & Threats

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

Vulnerabilities

Oracle’s Second Monthly Security Updates Deliver 245 Patches

Vulnerabilities

Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities

Daily Briefing Newsletter