Remove 06
Remove 2023 Remove Data Remove Information Security Remove Security
article thumbnail

SolarWinds addressed critical RCEs in Access Rights Manager (ARM)

Security Affairs

This type of tool is crucial for maintaining security, compliance, and efficient administration of user access to various resources, systems, and data. Critical 02/06/2024 02/06/2024 SolarWinds Access Rights Manager (ARM) 2023.2.3 Critical 02/06/2024 02/06/2024 SolarWinds Access Rights Manager (ARM) 2023.2.3

Access 134
article thumbnail

Okta reveals additional attackers’ activities in October 2023 Breach

Security Affairs

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. On Thursday, October 19, Okta advised customers of a security incident.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Security Affairs

Mandrake allows attackers to gain complete control over an infected device and exfiltrate sensitive data, it also implements a kill-switch feature (a special command called seppuku (Japanese form of ritual suicide)) that wipes all victims’ data and leaves no trace of malware.

Libraries 118
article thumbnail

Experts published PoC exploits for Arcserve UDP authentication bypass issue

Security Affairs

Data protection firm Arcserve addressed an authentication bypass vulnerability in its Unified Data Protection (UDP) backup software. Data protection vendor Arcserve addressed a high-severity bypass authentication flaw, tracked as CVE-2023-26258, in its Unified Data Protection (UDP) backup software.

article thumbnail

Balada Injector still at large – new domains discovered

Security Affairs

The Balada Injector is still at large and still evading security software by utilizing new domain names and using new obfuscation. This evidence suggests that the malware is still at large and still evading security software by utilizing new domain names and slight changes between the waves of obfuscated attacks. 206.76.55.162.clients.your-server.de

Access 97
article thumbnail

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

Security Affairs

In 2023 the state-sponsored group focused on nuclear agendas between China and North Korea, relevant to the ongoing war between Russia and Ukraine. Troll Stealer supports multiple stealing capabilities, it allows operators to gather files, screenshots, browser data, and system information. 06 Terminates its own process.

article thumbnail

New Loop DoS attack may target 300,000 vulnerable hosts

Security Affairs

Researchers from the CISPA Helmholtz Center for Information Security (Germany) devised a new denial-of-service (DoS) attack, called loop DoS attack, that hundreds of thousands of internet-facing systems from major vendors. Instead, it simply sends packets without waiting for acknowledgment or establishing a connection.