Category: Uncategorized
-

Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million [email protected] (The Hacker News)
A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims. Yaroslav Vasinskyi (aka Rabotnik), 24, along with his co-conspirators part of the REvil ransomware group orchestrated more than 2,500 ransomware attacks and demanded ransom payments inRead More
-
1,400 GitLab Servers Impacted by Exploited Vulnerability Ionut Arghire
CISA says a critical GitLab password reset flaw is being exploited in attacks and roughly 1,400 servers have not been patched. The post 1,400 GitLab Servers Impacted by Exploited Vulnerability appeared first on SecurityWeek. Read More
-
Russian Hackers Target Industrial Systems in North America, Europe Eduard Kovacs
Government agencies are sharing recommendations following attacks claimed by pro-Russian hacktivists on ICS/OT systems. The post Russian Hackers Target Industrial Systems in North America, Europe appeared first on SecurityWeek. Read More
-

When is One Vulnerability Scanner Not Enough? [email protected] (The Hacker News)
Like antivirus software, vulnerability scans rely on a database of known weaknesses. That’s why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept hasn’t existed in the vulnerability management space. The benefits of using multiple scanning engines Generally speakingRead More
-

Dropbox Discloses Breach of Digital Signature Service Affecting All Users [email protected] (The Hacker News)
Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product. The company, in a filing with the U.S. Securities and Exchange Commission (SEC), said it became aware of the “Read More
-

New “Goldoon” Botnet Targets D-Link Routers With Decade-Old Flaw [email protected] (The Hacker News)
A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks. The vulnerability in question is CVE-2015-2051 (CVSS score: 9.8), which affects D-Link DIR-645 routers and allows remote attackers to execute arbitraryRead More
-
Dropbox Data Breach Impacts Customer Information Eduard Kovacs
Dropbox says hackers breached its Sign production environment and accessed customer email addresses and hashed passwords. The post Dropbox Data Breach Impacts Customer Information appeared first on SecurityWeek. Read More
-

CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability [email protected] (The Hacker News)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild. Tracked as CVE-2023-7028 (CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified emailRead More
-

New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials [email protected] (The Hacker News)
A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests. “This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacentRead More
-
Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says Associated Press
UnitedHealth CEO Andrew Witty said in a U.S. Senate hearing that his company is still trying to understand why the server did not have the additional protection. The post Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says appeared first on SecurityWeek. Read More
