Recent Security News
-
BLOODALCHEMY provides backdoor to southeast Asian nations’ secrets
October 16, 2023 at 11:23AM Security researchers have discovered a backdoor called “BLOODALCHEMY” that targets x86 systems and is being used in attacks against governments and organizations in the Association of Southeast Asian Nations (ASEAN). The backdoor is part of the REF5961 intrusion set, which is believed to be linked to a group with ties…
-
Fake ‘RedAlert’ rocket alert app for Israel installs Android spyware
October 16, 2023 at 11:23AM A malicious version of the ‘RedAlert – Rocket Alerts’ app is targeting Israeli Android users. The fake app, distributed from the website “redalerts[.]me,” appears legitimate but installs spyware on the device. It requests additional permissions and collects data from the user, encrypting and uploading it to a hardcoded IP address.…
-
CISA, FBI urge admins to patch Atlassian Confluence immediately
October 16, 2023 at 11:08AM CISA, FBI, and MS-ISAC have issued a warning to network administrators to immediately patch their Atlassian Confluence servers due to a critical privilege escalation flaw (CVE-2023-22515) that is actively being exploited. The flaw affects Confluence Data Center and Server 8.0.0 and later versions. Atlassian has released security updates and advised…
-
Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks
October 16, 2023 at 10:46AM The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint Cybersecurity Advisory (CSA) about the active exploitation of CVE-2023-22515, a vulnerability in Atlassian Confluence Data Center and Server. This vulnerability allows cyber threat actors to gain…
-
Signal Pours Cold Water on Zero-Day Exploit Rumors
October 16, 2023 at 10:36AM Signal denies the existence of a zero-day exploit in its encrypted chat app, dismissing viral rumors as baseless. The rumored vulnerability involves the “generate link preview” feature, which has known privacy and security risks. Signal checked with contacts within the US Government, as claimed by the report, and found no…