Skip to Content

Security Advisories Notices Update on 2022-12-08

National Cyber Awareness System #StopRansomware: Cuba Ransomware CISA Releases Three Industrial Control Systems Advisories CISA Releases Seven Industrial Control Systems Advisories CISA Adds Two Known Exploited Vulnerabilities to Catalog Mozilla Security Advisories Security Vulnerabilities fixed in Thunderbird 102.5.1 mfsa2022-50 Ubuntu Security Notices USN-5755-2: Linux kernel vulnerabilities USN-5756-2: Linux kernel (GKE) vulnerabilities USN-5758-1: Linux kernel vulnerabilities …

Read More about Security Advisories Notices Update on 2022-12-08

Samsung, MediaTek, and other Android platform certs were leaked and used to sign malware

Platform certificates from major Android vendors and software makers have leaked and were used to sign malware, the Android Security Team discovered last month. Platform certificates are digital certificates used by Android OEMs and ODMs to sign versions of the Android OS they deploy on their devices, their firmware, and official vendor apps they might …

Read More about Samsung, MediaTek, and other Android platform certs were leaked and used to sign malware

Car Hacking Bugs

Updated on 2022-12-04: Researchers find bugs allowing access, remote control of cars Not a great week for car makers. @samwcyo and team discovered two sets of flaws — one affecting Hyundai and Genesis cars and another affecting Honda, Nissan, Infiniti and Acura vehicles. The bugs allow remote access and control over thousands of cars made …

Read More about Car Hacking Bugs

Cl0p ransomware attack

Updated on 2022-12-04 U.K. water supplier hacked: Not a great week for the 1.7 million customers of South Staffs Water and Cambridge Water in the U.K., whose parent company has confirmed a breach of customer bank details — though it’s not saying how many customers are actually affected (assume the worst). The water supplier is …

Read More about Cl0p ransomware attack

Vatican DDoS Attack

Updated on 2022-12-01: Vatican DDoS The official website of the Vatican went offline on Wednesday following a DDoS attack carried out by pro-Russian hacktivists. As CNA points out, the attack came a day after Moscow criticized Pope Francis’s latest condemnation of Russia’s invasion of Ukraine. Read more: The Vatican says it’s been hacked — again …

Read More about Vatican DDoS Attack

Predatory lending apps

Updated on 2022-12-01: Predatory lending apps Mobile security firm Lookout found 251 Android and 35 iOS lending apps that engaged in predatory and abusive behavior toward their users. The apps offered users loans but, in return, requested access to excessive permissions and personal user information, such as contacts, local files, and SMS messages. The apps …

Read More about Predatory lending apps

Trigona ransomware

Updated on 2022-12-01 There’s also a new ransomware strain in town, and its name is Trigona. Read more: Trigona ransomware spotted in increasing attacks worldwide Overview A previously unidentified ransomware has reemerged as the new Trigona ransomware and launched a new Tor site to accept ransom payments in Monero. Read more: Trigona ransomware spotted in …

Read More about Trigona ransomware

Schoolyard Bully Android Trojan

Updated on 2022-12-01 Schoolyard Bully Mobile security firm Zimperium said it discovered a new Android trojan named Schoolyard Bully that has been active since 2018. Disguised as educational apps in both the Google Play Store and other third-party app stores, this malware has been downloaded more than 300,000 times across 71 countries. Zimperium says the …

Read More about Schoolyard Bully Android Trojan

APT37 CloudMensis ScarCruft’s Dolphin Backdoor Attack

Updated on 2022-12-02 North Korea-linked APT37, aka ScarCruft, was found leveraging a previously undocumented backdoor, named Dolphin, against South Korean entities. Read more: Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin Updated on 2022-12-01: ScarCruft’s Dolphin ESET has put out a report on Dolphin, a new backdoor they spotted in attacks carried out by …

Read More about APT37 CloudMensis ScarCruft’s Dolphin Backdoor Attack

e-Tugra vulnerabilities

Updated on 2022-12-01: e-Tugra vulnerabilities Security researcher Ian Carroll has disclosed a series of misconfigurations in the infrastructure of e-Tugra, a Turkey-based certificate authority. Carroll said the misconfigured infrastructure allowed them to get access to backend systems controlling the CA’s systems and even to massive troves of highly-sensitive customer data. Read more: Security concerns with …

Read More about e-Tugra vulnerabilities

UK High Court Judge: Cryptocurrency Exchanges Must Reveal Information Linked to Alleged Thieves

A UK high court judge has ordered half a dozen cryptocurrency exchanges to divulge the identities of account holders allegedly linked to a 2020 cryptocurrency heist. The incident involved the theft of what was worth at the time $10.7 million in digital assets. In his ruling, High Court Justice Christopher Butcher said the exchanges must …

Read More about UK High Court Judge: Cryptocurrency Exchanges Must Reveal Information Linked to Alleged Thieves

CISA Adds Oracle Fusion Middleware Flaw to Known Exploited Vulnerabilities Catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) has added an unspecified vulnerability in Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) catalog. The flaw affects Oracle Fusion Middleware Access Manager and “allows an unauthenticated attacker with network access via HTTP to take over the Access Manager product.” CISA has specified a mitigation due …

Read More about CISA Adds Oracle Fusion Middleware Flaw to Known Exploited Vulnerabilities Catalog
Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.