CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required

CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
This includes three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged commands

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
This includes three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged commands

, ,
https://thehackernews.com/2023/04/cisa-warns-of-5-actively-exploited.html

Taiwanese PC Company MSI Falls Victim to Ransomware Attack

Taiwanese PC Company MSI Falls Victim to Ransomware Attack,

Taiwanese PC company MSI (short for Micro-Star International) officially confirmed it was the victim of a cyber attack on its systems.
The company said it « promptly » initiated incident response and recovery measures after detecting « network anomalies. » It also said it alerted law enforcement agencies of the matter.
That said, MSI did not disclose any specifics about when the attack took place

,

Taiwanese PC company MSI (short for Micro-Star International) officially confirmed it was the victim of a cyber attack on its systems.
The company said it « promptly » initiated incident response and recovery measures after detecting « network anomalies. » It also said it alerted law enforcement agencies of the matter.
That said, MSI did not disclose any specifics about when the attack took place

, ,
https://thehackernews.com/2023/04/taiwanese-pc-company-msi-falls-victim.html

Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise

Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise,

The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation.
That’s according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed 

,

The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation.
That’s according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed 

, ,
https://thehackernews.com/2023/04/iran-based-hackers-caught-carrying-out.html

Apple Releases Updates to Address Zero-Day Flaws in iOS, iPadOS, macOS, and Safari

Apple Releases Updates to Address Zero-Day Flaws in iOS, iPadOS, macOS, and Safari,

Apple on Friday released security updates for iOS, iPadOS, macOS, and Safari web browser to address a pair of zero-day flaws that are being exploited in the wild.
The two vulnerabilities are as follows –

CVE-2023-28205 – A use after free issue in WebKit that could lead to arbitrary code execution when processing specially crafted web content.

CVE-2023-28206 – An out-of-bounds write issue in

,

Apple on Friday released security updates for iOS, iPadOS, macOS, and Safari web browser to address a pair of zero-day flaws that are being exploited in the wild.
The two vulnerabilities are as follows –

CVE-2023-28205 – A use after free issue in WebKit that could lead to arbitrary code execution when processing specially crafted web content.

CVE-2023-28206 – An out-of-bounds write issue in

, ,
https://thehackernews.com/2023/04/apple-releases-updates-to-address-zero.html

Expert-Led Webinar: Learn Proven Strategies to Secure Your Identity Perimeter

Expert-Led Webinar: Learn Proven Strategies to Secure Your Identity Perimeter,

The stakes are high when it comes to cybersecurity. No longer are we dealing with unskilled hackers trying to break into corporate systems with brute force. Today, cybercriminals are using highly sophisticated methods like social engineering, spear phishing, and BEC to target users directly and log in with valid credentials.
This is why the identity perimeter has become a critical battleground

,

The stakes are high when it comes to cybersecurity. No longer are we dealing with unskilled hackers trying to break into corporate systems with brute force. Today, cybercriminals are using highly sophisticated methods like social engineering, spear phishing, and BEC to target users directly and log in with valid credentials.
This is why the identity perimeter has become a critical battleground

, ,
https://thehackernews.com/2023/03/thn-webinar-3-research-backed-ways-to.html

Researchers Discover Critical Remote Code Execution Flaw in vm2 Sandbox Library

Researchers Discover Critical Remote Code Execution Flaw in vm2 Sandbox Library,

The maintainers of the vm2 JavaScript sandbox module have shipped a patch to address a critical flaw that could be abused to break out of security boundaries and execute arbitrary shellcode.
The flaw, which affects all versions, including and prior to 3.9.14, was reported by researchers from South Korea-based KAIST WSP Lab on April 6, 2023, prompting vm2 to release a fix with version 3.9.15 on

,

The maintainers of the vm2 JavaScript sandbox module have shipped a patch to address a critical flaw that could be abused to break out of security boundaries and execute arbitrary shellcode.
The flaw, which affects all versions, including and prior to 3.9.14, was reported by researchers from South Korea-based KAIST WSP Lab on April 6, 2023, prompting vm2 to release a fix with version 3.9.15 on

, ,
https://thehackernews.com/2023/04/researchers-discover-critical-remote.html

Researchers Uncover Thriving Phishing Kit Market on Telegram Channels

Researchers Uncover Thriving Phishing Kit Market on Telegram Channels,

In yet another sign that Telegram is increasingly becoming a thriving hub for cybercrime, researchers have found that threat actors are using the messaging platform to peddle phishing kits and help set up phishing campaigns.
« To promote their ‘goods,’ phishers create Telegram channels through which they educate their audience about phishing and entertain subscribers with polls like, ‘What type

,

In yet another sign that Telegram is increasingly becoming a thriving hub for cybercrime, researchers have found that threat actors are using the messaging platform to peddle phishing kits and help set up phishing campaigns.
« To promote their ‘goods,’ phishers create Telegram channels through which they educate their audience about phishing and entertain subscribers with polls like, ‘What type

, ,
https://thehackernews.com/2023/04/researchers-uncover-thriving-phishing.html

Ce malware indétectable est signé… ChatGPT

Ce malware indétectable est signé… ChatGPT,

malware chatgpt

ChatGPT est une arme redoutable pour les hackers. Avec l’aide de l’IA, il est possible de coder un dangereux malware indétectable… sans écrire une seule ligne de code.

,

malware chatgpt

ChatGPT est une arme redoutable pour les hackers. Avec l’aide de l’IA, il est possible de coder un dangereux malware indétectable… sans écrire une seule ligne de code.

, ,
https://www.01net.com/actualites/ce-malware-indetectable-est-signechatgpt.html

Des employés de Tesla se partagent des vidéos choquantes ou intimes prises par les caméras des véhicules

Des employés de Tesla se partagent des vidéos choquantes ou intimes prises par les caméras des véhicules,

Des enregistrements de caméras de voitures Tesla ont été partagés sur des forums de discussion internes par d’anciens salariés. Parmi les clips diffusés, celui d’un enfant percuté par une voiture ou des scènes intimes. La pratique pose des questions de respect de la vie privée évidentes.

,

Des enregistrements de caméras de voitures Tesla ont été partagés sur des forums de discussion internes par d’anciens salariés. Parmi les clips diffusés, celui d’un enfant percuté par une voiture ou des scènes intimes. La pratique pose des questions de respect de la vie privée évidentes.

, ,
https://www.01net.com/actualites/des-employes-de-tesla-se-partagent-des-videos-choquantes-ou-intimes-prises-par-les-cameras-des-vehicules.html

Microsoft Takes Legal Action to Disrupt Cybercriminals’ Illegal Use of Cobalt Strike Tool

Microsoft Takes Legal Action to Disrupt Cybercriminals’ Illegal Use of Cobalt Strike Tool

,

Microsoft said it teamed up with Fortra and Health Information Sharing and Analysis Center (Health-ISAC) to tackle the abuse of Cobalt Strike by cybercriminals to distribute malware, including ransomware.
To that end, the tech giant’s Digital Crimes Unit (DCU) revealed that it secured a court order in the U.S. to « remove illegal, legacy copies of Cobalt Strike so they can no longer be used by

,

Microsoft said it teamed up with Fortra and Health Information Sharing and Analysis Center (Health-ISAC) to tackle the abuse of Cobalt Strike by cybercriminals to distribute malware, including ransomware.
To that end, the tech giant’s Digital Crimes Unit (DCU) revealed that it secured a court order in the U.S. to « remove illegal, legacy copies of Cobalt Strike so they can no longer be used by

, ,
https://thehackernews.com/2023/04/microsoft-takes-legal-action-to-disrupt.html