article thumbnail

Medibank Defends its Security Practices as its Ransomware Woes Worsen

IT Governance

In most cases, basic personal information – such as their name, date of birth, email address, phone number and gender – was exposed. The first was damaging enough, containing patients’ names, addresses and birthdates. Things got worse for Medibank after a second database was leaked , containing a file named “abortions”.

IT 106
article thumbnail

PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

Security Affairs

Fortra addressed a critical remote code execution vulnerability impacting its FileCatalyst file transfer product. impacting its FileCatalyst file transfer solution. “In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.”

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cisco confirms that data leaked by the Yanluowang ransomware gang were stolen from its systems

Security Affairs

“On September 11, 2022, the bad actors who previously published a list of file names from this security incident to the dark web, posted the actual contents of the same files to the same location on the dark web. .” Cisco continues to deny that the threat actors had access to the source code of its products.

article thumbnail

Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb

Security Affairs

The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756 , are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb. is an external control of file name or path in the keyUpload scriptlet of FortiNAC.

article thumbnail

New SPIKEDWINE APT group is targeting officials in Europe

Security Affairs

The ZIP archive contains an HTA file named wine.hta that contains obfuscated JavaScript code. The ZIP archive contains an HTA file named wine.hta that contains obfuscated JavaScript code. The PDF included a link to a fake questionnaire that redirects users to a mailcious ZIP archive hosted on a compromised site.

Archiving 102
article thumbnail

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

Security Affairs

The infection starts with a classic executable file with “ scr ” extension, an extension used by Windows to identify Screensaver artifacts. Upon execution, the malware writes a file named “ <random_name> tmp.db ” inside the “%AppData%LocalTemp” path through the usage of the Microsoft Utility “ regsvr32.exe

IT 127
article thumbnail

“gitgub” malware campaign targets Github users with RisePro info-stealer

Security Affairs

The experts noticed that this campaign was named “gitgub” by its operators. The analysis of the content used to inflate the file allowed the researcher to determine its actual size of 3.43 The file is utilized as a loader for the RisePro info-stealer (version 1.6). All unique passwords are stored in a file named “brute.txt”.

Passwords 106