WARNING: New Unpatched Microsoft Exchange Zero-Day Under Active Exploitation
Security researchers are warning of previously undisclosed flaws in fully patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to achieve remote code execution on affected systems. That's according to Vietnamese cybersecurity...
Fake CISO Profiles on LinkedIn Target Fortune 500s
Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may...
![S3 Ep102: Sorting fact from fiction in hyped-up cybersecurity news stories [Audio + Transcript]](https://cybersecuritynews.ie/wp-content/uploads/2022/09/s3-ep102-sorting-fact-from-fiction-in-hyped-up-cybersecurity-news-stories-audio-transcript-400x250.jpg)
S3 Ep102: Sorting fact from fiction in hyped-up cybersecurity news stories [Audio + Transcript]
by Paul Ducklin CUTTING THROUGH CYBERSECURITY NEWS HYPE With Paul Ducklin and Chester Wisniewski Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You can listen to us on...
Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware
A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. "The Prilex group has shown a high level of knowledge about credit and debit card...
Researchers Uncover Covert Attack Campaign Targeting Military Contractors
A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed...
Five Steps to Mitigate the Risk of Credential Exposure
Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft....
Swachh City Platform Suffers Data Breach Leaking 16 Million User Records
A threat actor by the name of LeakBase has shared a database containing personal information allegedly affecting 16 million users of Swachh City, an Indian complaint redressal platform. Leaked details include usernames, email addresses, password hashes, mobile...
Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacks
Several hacktivist groups are using Telegram and other tools to aid anti-government protests in Iran to bypass regime censorship restrictions amid ongoing unrest in the country following the death of Mahsa Amini in custody. "Key activities are data leaking and...
Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems
A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. "Chaos functionality includes the...
Optus breach – Aussie telco told it will have to pay to replace IDs
by Paul Ducklin Last week’s cyberintrusion at Australian telco Optus, which has about 10 million customers, has drawn the ire of the country’s government over how the breached company should deal with stolen ID details. Darkweb screenshots surfaced quickly after the...