Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password. Then the attackers break into

Russian telco operator Rostelecom was involved in BGP hijacking incident that impacted hundreds of CDNs and cloud providers last week. Last week, Russia’s state-owned telco Rostelecom was involved in an apparent incident that hijacked the traffic for more than 200 content delivery networks (CDNs) and cloud hosting providers, including giants like Go

DarkHotel nation-state actor is exploiting a VPN zero-day to breach Chinese government agencies in Beijing and Shanghai Chinese security-firm Qihoo 360 has uncovered a hacking campaign conducted by a DarkHotel APT group (APT-C-06) aimed at Chinese government agencies in Beijing and Shanghai. State-sponsored hackers used a zero-day vulnerability in Sangfor

vpnMentor researchers discovered that the popular digital wallet application Key Ring exposed data belonging to millions of users in a huge data leak. The digital wallet application Key Ring recently exposed information from its 14 million users. Key Ring is a mobile application that allows users to create a digital wallet on their devices and us

The European Agency for Cybersecurity ENISA has released a tool for the mapping of international security standards to interdependencies’ indicators. ENISA has released a tool for the mapping of international security standards to interdependencies’ indicators that have been introduced and demonstrated in the report Good practices on interdependencies bet

A group of security researchers has found thousands of Android apps containing hidden backdoors and blacklists. Researchers from The Ohio State University, New York University, and CISPA Helmholtz Center for Information Security analyzed thousands of mobile applications for Android and discovered dangerous behavior, including backdoors and blacklists.

In this post, I decided to share the details of the Coronavirus-themed attacks launched from March 29 to April 04, 2020. Threat actors exploit the interest in the COVID19 outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below a list of attacks detected this week. March 30, 2020 – Your colleagu

A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Coronavirus-themed attacks March 22 – March 28, 2020FIN7 hackers target enterprises with weaponized USB drives via USPSSource code of Dharma ransomware now surfacing on public hacking forumsCrooks leverage Zooms popularity in Coronavirus outbreak to serve malware

Researchers spotted a new Coronavirus-themed attack, the messages pretend to be sent from the World Health Organization to deliver Lokibot infostealer. Security experts at FortiGuard Labs discovered a new Coronavirus-themed campaign using alleged messages from the World Health Organization (WHO) to deliver the LokiBot trojan. The campaign was uncovered

Twitter discloses a privacy issue in the way the Mozilla Firefox cached private files sent or received via DM for up to 7 days. Twitter admitted that the private files sent via Twitter DMs were cached inside the users’ Firefox browsers for up to seven days, even if users have logged off. The problem is related to the way the Mozilla Firefox web b

RiskIQ researchers spotted a new ongoing Magecart campaign that already compromised at least 19 different e-commerce websites. Researchers from security firm RiskIQ have uncovered a new ongoing Magecart campaign that already compromised at least 19 different e-commerce websites to steal customers’ payment card data. The experts discovered a new s

Mozilla releases Firefox version 74.0.1 to address two vulnerabilities exploited by threat actors in attacks in the wild, users should update their browsers asap. Mozilla is urging users to install the latest version of its browser, Firefox 74.0.1, which addresses two bugs that are being exploited in the wild by threat actors. The two vulnerabilities

A recently discovered strain of malware exploits the current COVID19 pandemic to render computers unusable by overwriting the MBR. SonicWall’s security researchers have discovered a new piece of malware that exploits the current COVID19 outbreak to render computers unusable by overwriting the master boot record (MBR). Unfortunately, this is one of the

Crooks target Android users working from home due to the Coronavirus outbreak with a Trojanized version of the popular video messaging app Zoom. Security experts from Bitdefender have spotted tainted versions of the Android Zoom video-conferencing application that is targeting users working from home due to the Coronavirus outbreak. Researchers detecte

The popular Zoom app is under scrutiny, experts have discovered a vulnerability that could be exploited to steal users’ Windows passwords. Experts warn of a ‘UNC path injection’ flaw that could be exploited by remote attackers to steal login credentials from Windows systems. Security experts and privacy advocates believe that the Zoo