Sat.Jan 13, 2024

article thumbnail

GitLab fixed a critical zero-click account hijacking flaw

Security Affairs

GitLab addressed two critical flaws impacting both the Community and Enterprise Edition, including a critical zero-click account hijacking vulnerability GitLab has released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset.

article thumbnail

A Bloody Pig Mask Is Just Part of a Wild New Criminal Charge Against eBay

WIRED Threat Level

Plus: Chinese officials tracked people using AirDrop, Stuxnet mole’s identity revealed, AI chatbot hacking, and more.

Hacking 137
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Akira ransomware targets Finnish organizations

Security Affairs

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. The Finish National Cybersecurity Center (NCSC-FI) reported an increase in Akira ransomware attacks, targeting organizations in the country. Threat actors are wiping NAS and backup devices.

article thumbnail

Hacker spins up 1 million virtual servers to illegally mine crypto

Bleeping Computer

A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency. [.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential

VPN 137
article thumbnail

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches

The Hacker News

Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system.

Firewall 111

More Trending

article thumbnail

29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services

The Hacker News

A 29-year-old Ukrainian national has been arrested in connection with running a “sophisticated cryptojacking scheme,” netting them over $2 million (€1.8 million) in illicit profits. The person was apprehended in Mykolaiv, Ukraine, on January 9 by the National Police of Ukraine with support from Europol and an unnamed cloud service provider following “months of intensive collaboration.

111
111
article thumbnail

From TEA to ChaCha20: The Evolution of the Rimasuta Botnet

Penetration Testing

In June 2021, the cybersecurity landscape witnessed the emergence of a formidable player: Rimasuta botnet. It’s named after its unique usage of the TEA algorithm and has recently resurfaced in botnet observations. Initially discovered... The post From TEA to ChaCha20: The Evolution of the Rimasuta Botnet appeared first on Penetration Testing.

article thumbnail

Classic Baggie: A Delaware BEC Case calls him the leader of an International Criminal Organization

Security Boulevard

The U.S. Attorney's office in Delaware charged Olugbenga Lawal with being a major money launderer for a Nigerian-based international criminal organization that specialized in Business Email Compromise (#BEC) and Romance Scam. Lawal was charged with receiving more than $3 million USD (that would be more than ₦2,8 Billion!) and sending funds to Nigeria both through money transfer, but also buy purchasing and shipping more than $600,000 in vehicles.

Banking 72
article thumbnail

USENIX Security ’23 – Svetlana Abramova and Rainer Böhme – Anatomy of a High-Profile Data Breach: Dissecting the Aftermath of a Crypto-Wallet Case

Security Boulevard

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Svetlana Abramova and Rainer Böhme – Anatomy of a High-Profile Data Breach: Dissecting the Aftermath of a Crypto-Wallet Case appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Who’s Behind GoatRAT?

Security Boulevard

In this brief analysis I'll take a look at who's behind GoatRAT in terms of social media activity C&C servers and actual personally identifiable information. Personally identifiable information: hxxp://bit[.]ly/nubankmodulo hxxp://goatrat[.]com/apks/apk20[.]apk Sample MD5s: 6583a9b6b83738e0bf2a261fc04483e18772da3241e467fdef37a8e27b1869a7 9a8e85cf1bbd32c71f0efa42ffedf1a0 hxxp://api[.]goatrat[.]com:3008 Social Media: hxxp://t[.]me/sickoDevz hxxp://t[.]me/goatmalware Web site: hxxp://criminalm

Media 49