Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
Government of...
CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog
US CISA added the flaw CVE-2023-41179 in Trend Micro Apex and other security products to its Known Exploited Vulnerabilities catalog.
US Cybersecurity and Infrastructure Security Agency (CISA) added the high-severity flaw CVE-2023-41179 (CVSS score 7.2) affecting Trend Micro Apex One and Worry-Free Business Security...
Space and defense tech maker Exail Technologies exposes database access
Exail Technologies, a high-tech manufacturer whose clients include the US Coast Guard, exposed sensitive company data that could’ve enabled attackers to access its databases.
Exail, a French high-tech industrial group, left exposed a publicly accessible environment (.env) file with database...
Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions
Pro-Russia hacker group NoName is suspected to have launched a cyberattack that caused border checkpoint outages at several Canadian airports.
A massive DDoS cyber attack, likely carried out by Pro-Russia hacker group NoName, severely impacted operations at several Canadian airports...
Experts found critical flaws in Nagios XI network monitoring software
Researchers discovered multiple vulnerabilities in the Nagios XI network and IT infrastructure monitoring and management solution.
Researchers discovered four vulnerabilities (CVE-2023-40931, CVE-2023-40932, CVE-2023-40933, CVE-2023-40934) in the Nagios XI network and IT infrastructure monitoring solution that could lead to information disclosure...
International Criminal Court hit with a cyber attack
A cyberattack hit the International Criminal Court (ICC) disclosed a cyberattack this week, its systems were compromised last week.
The International Criminal Court (ICC) announced that threat actors have breached its systems last week. The experts at the International Criminal...
GitLab addressed critical vulnerability CVE-2023-5009
GitLab rolled out security patches to address a critical vulnerability, tracked as CVE-2023-5009, that can be exploited to run pipelines as another user.
GitLab has released security patches to address a critical vulnerability, tracked as CVE-2023-5009 (CVSS score: 9.6), that allows an...
Trend Micro addresses actively exploited zero-day in Apex One and other security Products
Trend Micro addressed a zero-day code execution vulnerability (CVE-2023-41179) in Apex One that has been actively exploited in the wild.
Trend Micro has released security updates to patch an actively exploited zero-day vulnerability, tracked as CVE-2023-41179, impacting endpoint security products,...
Recent cyber attack is causing Clorox products shortage
The cyber attack that hit the cleaning products manufacturer Clorox in August is still affecting the supply of the products to customers.
The Clorox Company is a multinational consumer goods company that specializes in the production and marketing of various...
Microsoft AI research division accidentally exposed 38TB of sensitive data
Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020.
Cybersecurity firm Wiz discovered that the Microsoft AI research division accidentally leaked 38TB of sensitive while publishing a bucket of open-source training data...
FBI hacker USDoD leaks highly sensitive TransUnion data
Researchers from vx-underground reported that FBI hacker ‘USDoD‘ leaked sensitive data from consumer credit reporting agency TransUnion.
TransUnion is an American consumer credit reporting agency. TransUnion collects and aggregates information on over one billion individual consumers in over thirty countries, including “200...
Dangerous permissions detected in top Android health apps
Leading Android health apps expose users to avoidable threats like surveillance and identity theft, due to their risky permissions. Cybernews has the story.
The Android challenge
In the digital age, mobile applications have become an integral part of our lives, transforming...
UK Greater Manchester Police disclosed a data breach
UK Greater Manchester Police (GMP) disclosed a data breach, threat actors had access to some of its employees’ personal information.
UK Greater Manchester Police (GMP) announced that threat actors had access to the personal information of some of its employees...
Kubernetes flaws could lead to remote code execution on Windows endpoints
Researchers discovered three security flaws in Kubernetes that can lead to remote code execution on Windows endpoints.
Akamai researchers recently discovered a high-severity vulnerability in Kubernetes tracked as CVE-2023-3676 (CVSS 8.8). This identification of this issue led to the discovery of two...
Threat actor leaks sensitive data belonging to Airbus
The multinational aerospace corporation Airbus has launched an investigation into the recent leak of information allegedly stolen from the company.
The multinational aerospace corporation Airbus announced that it is investigating a data leak after cybersecurity firm Hudson Rock reported that a hacker posted information...
BEC Scammer Pleads Guilty to Part in $6m Scheme
Nigerian was extradited to the US from Canada
Researchers Spot Novel “Deadglyph” Backdoor
Malware is linked to UAE-backed spies
Almost US 900 Schools Breached Via MOVEit
National Student Clearinghouse reveals more details of incident
Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection
Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time.
"While this activity occurred around the same time and in some instances even simultaneously...
