A malicious Python package named ‘fabrice’ has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. […]
Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns
Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability.
“Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface,” the company said. “At this time, we do not know the specifics of the
“Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface,” the company said. “At this time, we do not know the specifics of the
Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering
The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021.
Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed money-transmitting business earlier this March.
The U.S. Department of Justice (DoJ)
Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed money-transmitting business earlier this March.
The U.S. Department of Justice (DoJ)
Critical Veeam RCE bug now used in Frag ransomware attacks
After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. […]
D-Link won’t fix critical flaw affecting 60,000 older NAS devices
More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit. […]
US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack
The US government’s CFPB sent an email with a simple directive: “Do NOT conduct CFPB work using mobile voice calls or text messages.”
The post US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack appeared first on SecurityWeek.
In Other News: China Hacked Singtel, GuLoader Attacks on Industrial Firms, Phone Use Warning in US Agency
Noteworthy stories that might have slipped under the radar: China’s Volt Typhoon hacked Singtel, GuLoader targets European industrial organizations, and US agency warns employees about phone use.
The post In Other News: China Hacked Singtel, GuLoader Attacks on Industrial Firms, Phone Use Warning in US Agency appeared first on SecurityWeek.
Unpatched Mazda Connect bugs let hackers install persistent malware
Attackers could exploit several vulnerabilities in the Mazda Connect infotainment unit, present in multiple car models including Mazda 3 (2014-2021), to execute arbitrary code with root permission. […]
Palo Alto Networks warns of potential PAN-OS RCE vulnerability
Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface. […]
Malwarebytes Acquires VPN Provider AzireVPN
Malwarebytes has acquired Sweden-based privacy-focused VPN provider AzireVPN to expand its product offerings.
The post Malwarebytes Acquires VPN Provider AzireVPN appeared first on SecurityWeek.