The Hacker News Daily Updates

Iranian OilRig hackers steal data from government organizations.

Views expressed in this cybersecurity, cybercrime summary are those of the reporters and correspondents.  Accessed on 03 February 2023, 1343 UTC.  Content provided by email subscription to "The Hacker News Daily Updates."

Source:  https://mail.google.com/mail/u/0/#inbox/FMfcgzGrcPQPQDPmXBXHwBVQXlrvrMXt (Latest cybersecurity news from "The Hacker News Daily Updates").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

The Hacker News news@news.nl00.net Unsubscribe

3:31 AM (14 minutes ago)
to me
The Hacker News Daily Updates
Newsletter
cover

Secure Web Gateway: The Essential Guide

In this paper we explore the nuances of SWGs. We’ll cover what they are and what they are not, as well as their appropriate role within an enterprise cybersecurity architecture.

Download NowSponsored
LATEST NEWSFeb 3, 2023

Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations

The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers," Trend Micro researchers Mohamed Fahmy, ...

Read More
TwitterFacebookLinkedIn

The Pivot: How MSPs can Turn a Challenge Into a Once-in-a-Decade Opportunity

Cybersecurity is quickly becoming one of the most significant growth drivers for Managed Service Providers (MSPs). That's the main insight from a recent study from Lumu: in North America, more than 80% of MSPs cite cybersecurity as a primary growth driver of their business. Service providers have a huge opportunity to expand their business and win new customers by developing their ...

Read More
TwitterFacebookLinkedIn

'There's no better compliance platform than Drata.' —Drata customer

Book a demo and discover why Drata has a 5-star rating on G2 for cloud compliance. (Review: https://www.g2.com/products/drata/reviews/drata-review-7392126) ...

Read More
TwitterFacebookLinkedIn

Atlassian's Jira Software Found Vulnerable to Critical Authentication Vulnerability

Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been described as a case of broken authentication with low attack complexity. ...

Read More
TwitterFacebookLinkedIn

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP - 13.1.5 14.1.4.6 - 14.1.5 15.1.5.1 - 15.1.8 16.1.2.2 - 16.1.3, and 17.0.0 "A format string vulnerability exists in iControl ...

Read More
TwitterFacebookLinkedIn

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on February 2 added two security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587 (CVSS score: 9.8), a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Applications Desktop Integrator product. ...

Read More
TwitterFacebookLinkedIn

New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities

The State Cyber Protection Centre (SCPC) of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and UAC-0010, has a track ...

Read More
TwitterFacebookLinkedIn

Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down?

Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion – with a T, not a B – it’s no wonder that cybersecurity is top of mind for leaders across all industries and regions. However, despite growing attention and budgets for cybersecurity in recent years, attacks have only ...

Read More
TwitterFacebookLinkedIn
cover

Secure Web Gateway: The Essential Guide

In this paper we explore the nuances of SWGs. We’ll cover what they are and what they are not, as well as their appropriate role within an enterprise cybersecurity architecture.

Download NowSponsored

Comments

Popular posts from this blog

The Cyberwire Daily Briefing

SecurityWeek Briefing

BleepingComputer.com