Crypto miner/stealer for hire, Typhon Stealer, received a new update, disclosed Palo Alto Networks. The new variant boasts enhanced anti-analysis techniques, as well as other stealing and file-grabber features. The malware leverages Telegram’s API and infrastructure to exfiltrate all stolen data.
The email states that Adobe has reset the password for the account associated with the users’ Adobe ID, as it may have been compromised in data breaches from other online services.
The critical issue, tracked as CVE-2023-1671 (CVSS score of 9.8), was identified in the warning page handler of the appliance and it could be exploited without authentication.
Hackers have released 16,000 Tasmanian education department documents on the dark web including school children’s personal information, the state government has confirmed.
The flaw was fixed in ThingsBoard version 3.4.2 by generating a random key for every new installation or upgrade to version 3.4.2 or later. If admins can’t upgrade immediately, they can manually change the default signing key for older versions.
NoName057(16) reportedly claimed it was behind DoS attacks against the Finnish parliament’s website on Tuesday, the day the country joined NATO. The country’s Technical Research Centre of Finland was also hacked, according to Finnish news site, YLE.
The Cybersecurity and Infrastructure Security Agency (CISA) has published eight Industrial Control Systems (ICS) advisories warning of critical flaws affecting products from Hitachi Energy, mySCADA Technologies, Industrial Control Links, and Nexx.
During the many years of Balada Injector’s operation since 2017, Sucuri researchers have observed consistent patterns of infection waves on a pretty regular basis. These waves tended to occur every couple of weeks, sometimes once a month.
The FBI, NJ State Homeland Security’s office, and the New Jersey attorney general’s office were all notified of the incident and are assisting in the investigation, several officials said.
Security teams ought to seize on the opportunities of failures of the past to make meaningful change in how we approach incident response, urged Sarah Armstrong-Smith, chief security advisor at Microsoft, during UK Cyber Week 2023.