According to MetaMask and Phantom, a new ‘Demonic’ vulnerability might disclose a crypto wallet’s secret recovery phrase, allowing attackers to steal NFTs and bitcoin contained within it. Seeds, also known as recovery phrases, are a collection of words that serve…
An email compromise incident in April allowed attackers to obtain access to confidential user credentials. On April 5, Kaiser Permanente had a data breach as a result of an email hack, which could have exposed the medical records of roughly…
A “dangerous piece of functionality” has been uncovered in Microsoft 365 suite that can be exploited by attackers to ransom files stored on SharePoint and OneDrive and attack cloud infrastructure. The cloud ransomware attack can start file-encrypting malware to “encrypt…
Syslogk, a new Linux rootkit malware that uses specially designed “magic packets” to awaken a dormant backdoor on the system, is being utilised in assaults to mask dangerous activities. The malware is now in active development, and its creators appear…
A recent Golang-based peer-to-peer (P2P) botnet has been targeting Linux servers in the education sector since it emerged in March 2022. Akami Security Research calls the malware Panchan and says that the malware “utilizes its built-in concurrency features to maximize…
The Health and personal data of around 70,000 Kaiser Permanente patients in Washington state have been stolen as hackers accessed the U.S. healthcare giant’s email system. The data breach, which happened in early April, jeopardised the patient’s first and last…
Unauthorized attackers were able to access backups thanks to serious security flaws in Fujitsu’s cloud storage infrastructure. The flaw specifically affected the FUJITSU ETERNUS CS8000 Control Center, which was fortunately patched after the bug was reported. As a result, users…
A new hardware attack known as PACMAN has been shown against Apple’s M1 processor chipsets, potentially allowing a destructive actor to get arbitrary code execution on macOS machines. In a new study, MIT scientists Joseph Ravichandran, Weon Taek Na, Jay…
Cybersecurity researchers have shared details of two medium-security vulnerabilities in Mitel 6800/6900 desk phones, and if the vulnerabilities are successfully exploited, the attackers can get root privileges on the devices. The flaws were called CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8);…
For first access to corporate networks, ransomware gangs are now targeting a newly patched and actively exploited remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances. This OGNL injection vulnerability (CVE-2022-26134) allows unauthenticated attackers to remotely…
