Vulnerabilities
- Several serious vulnerabilities detected in Dataprobe's iBoot iBoot PDUs that could allow devices to be exploited remotely
- More than 39,000 unauthenticated Redis instances on the internet targeted by a cryptocurrency mining campaign
- Atlassian Confluence vulnerability (CVE-2022-26134) used to deploy cryptominers and other malware
- Critical vulnerability in Oracle Cloud Infrastructure could allow unauthorised access to users' cloud storage
- Multiple Linux Kernel Vulnerabilities Identified
- High severity vulnerabilities found in Harbor open source artifact registry
- Netgear routers affected by vulnerability in FunJSQ game acceleration module
- More than 1,000 iOS apps detected exposing AWS credentials embedded in code
- Phishing campaign targets Instagram users by persuading them with verifying their accounts
- Google Chrome fixes 24 critical vulnerabilities
- Microsoft finds flaw in android app TikTok that allows attackers to hijack accounts
- Microsoft Azure suffers crash after Ubuntu update glitch
- Remote execution of unauthenticated code on a range of DrayTek Vigor routers
- VMware recommends administrators patch a critical authentication bypass vulnerability (CVE-2022-31656)
- 17 vulnerabilities detected in TCL LinkHub Mesh Wi-Fi system
- Millions of Arris routers vulnerable to path traversal attacks
- Vulnerability in Dahua security camera, identified as CVE-2022-30563, could enable RCE
- Microsoft publishes details of exploitation of an already patched vulnerability in macOS App Sandbox, identified as CVE-2022-26706
- New UEFI firmware bugs affect more than 70 Lenovo notebook models
- Two vulnerabilities in Adobe Acrobat Reader DC could allow arbitrary code to be executed
Cybersecurity
- Disgruntled developer leaks builder of new LockBit ransomware cryptor
- Cybercriminals steal $162 million from cryptocurrency marketplace maker Wintermute
- Hive ransomware claims cyberattack on New York racing association
- Kiwi Farms internet forum suffers breach, potentially revealing a wealth of user data
- American Airlines suffers data breach after employee email compromise
- Revolut suffers cyberattack that leaves 50,000 customer data exposed
- Guacamaya group has published 10 GB of military and police material from several Latin American countries
- Bosnia and Herzegovina investigates ransomware attack on the country's parliament
- Cybercriminals sell data of more than 219,000 Starbucks Singapore consumers
- New York ambulance and emergency services Empress EMS discloses data breach that exposed customer information
- Uber suffers cyberattack that leaves internal systems exposed and vulnerability reports stolen
- New group named "JuiceLedger" identified in connection with phishing and malware campaigns targeting users of P&IP platform
- Neopets confirms it has suffered a security incident that exposed information of more than 69 million members
- Actors behind the Ragnar Locker ransomware claim responsibility for attack on airline TAP Air Portugal
- Oil company Eni suffered a cyberattack that compromised its computer networks
- The International Centre for Migration Policy Development suffered a cyber-attack that led to a data breach
- Indian airline Akasa Air suffers data breach with customer information.
- COVID-19 data from Thailand's Department of Medical Sciences for sale on Dark Web
- Library services firm Baker & Taylor suffered a ransomware attack
- Nelnet data breach exposes 2.5 million student loan accounts
Malware
- Fake Zoom apps found downloading Vidar Stealer malware
- Threat actors abuse LinkedIn's Smart Links feature in phishing campaign
- Two-step phishing attack uses Powtoon Video to steal credentials
- New phishing campaign impersonating governments and embassies targets Russian and Chinese government targets
- Russian Sandworm group impersonates telecommunications providers to target Ukrainian entities
- New large-scale click-fraud campaign targets gamers by deploying malicious extensions
- Hive ransomware claims claim to cyberattack on Bell Canada subsidiary
- Russia-linked APT group Gamaredon targets Ukraine with a new infostealer
- Actors behind Ragnar Locker ransomware target the energy sector
- New Snake Keylogger campaign targets IT companies
- New JavaScript skimmer related to Magecart actors
- BianLian cross-platform ransomware attacks on the rise
- Remcos malware campaign dubbed Operation Red Octopus to spy on Ecuadorian businesses and government agencies
- Chinese threat actors launch campaign against Australian government using ScanBox framework
- Phishing campaign impersonating British Airways on Twitter under the guise of claiming lost luggage
- New malware campaign spoofing Google Translate distributes cryptocurrency mining malware in 11 countries
- Malicious plugins detected on 25,000 WordPress websites
- Iranian threat groups use Log4j security flaws against Israel
- Cybercriminals create fake game called Cthulhu World to distribute Raccoon Stealer, AsyncRAT, and RedLine malware
- LockBit ransomware gang improves its defense and implements triple extortion tactic
SIA, an Indra Group company, is the Indra Group's specialized cybersecurity company. It offers technologically advanced solutions and innovative services, taking the concept of cybersecurity one step further.
Indra is one of the leading global technology and consulting companies: the technology partner for key operations of client businesses worldwide.