QNAP fixed two critical vulnerabilities in QTS OS and apps
Taiwanese vendor QNAP warns of two critical command injection flaws in the QTS operating system and applications on its NAS…
Security
Crashing iPhones with a Flipper Zero
The Flipper Zero is an incredibly versatile hacking device. Now it can be used to in its vicinity by sending…
Testing with OpenAPI Specifications
The 2023 SANS Survey on API Security (Jun-2023) found that less than 50 percent of respondents have API security testing…
Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure
Google warns of multiple threat actors that are leveraging its Calendar service as a command-and-control (C2) infrastructure. Google warns of…
Socks5Systemz proxy service delivered via PrivateLoader and Amadey
Threat actors infected more than 10,000 devices worldwide with the ‘PrivateLoader’ and ‘Amadey’ loaders to recruit them into the proxy…
US govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actors
The Treasury Department sanctioned a Russian woman accused of laundering virtual currency on behalf of cybercriminals. The Department of the…
Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free…
Lazarus targets blockchain engineers with new KandyKorn macOS Malware
North Korea-linked Lazarus group is using new KandyKorn macOS Malware in attacks against blockchain engineers. North Korea-linked Lazarus APT group…
Kinsing threat actors probed the Looney Tunables flaws in recent attacks
Kinsing threat actors are exploiting the recently disclosed Linux privilege escalation flaw Looney Tunables to target cloud environments. Researchers are…
Weekly Update 372
Presently sponsored by: Need centralized and real-time visibility into threat detection and mitigation? We got you! Discover the CrowdSec Console…