Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op

After the French satirical magazine Charlie Hebdo launched a cartoon contest to mock Iran’s ruling cleric, a state-backed Iranian cyber unit struck back with a hack-and-leak campaign that was designed to provoke fear with the claimed pilfering of a big subscriber database, Microsoft security researchers say. The FBI blames the same Iranian...

1h

Feds Say Cyberattack Caused Suicide Helpline’s Outage

A cyberattack caused a nearly daylong outage of the nation’s new 988 mental health helpline late last year, federal officials told The Associated Press Friday. Lawmakers are now calling for the federal agency that oversees the program to prevent future attacks. “On December 1, the voice calling functionality of the 988 Lifeline was rendered...

1h

Big China Spy Balloon Moving East Over US, Pentagon Says

The Pentagon said at midday Friday that a Chinese spy balloon had moved eastward and was over the central United States, and that the U.S. rejected China’s claims that it was not being used for surveillance. Brig. Gen. Pat Ryder, Pentagon press secretary, refused to provide details on exactly where the balloon was or whether there was any...

1d

Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty

Former Ubiquiti employee Nickolas Sharp has admitted in court to abusing company-provided credentials to steal data and then attempting to extort the company, the Department of Justice announced. Sharp, 37, of Portland, Oregon, worked at the New York City-based IoT device maker between August 2018 and April 2021, as a senior developer who...

1d

Cyber Insights 2023: Venture Capital

About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum encryption,...

1d

Atlassian Warns of Critical Jira Service Management Vulnerability

Atlassian this week warned of a critical-severity authentication vulnerability in Jira Service Management Server and Data Center that could allow attackers to impersonate Jira users. Tracked as CVE-2023-22501 (CVSS score of 9.4), the flaw impacts Jira Service Management Server and Data Center versions 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, and...

1d

High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation

VMware has informed users about the availability of patches for a Workstation vulnerability that could be exploited by malicious hackers for privilege escalation. The flaw, tracked as CVE-2023-20854 and rated ‘high severity’, has been described by VMware as an arbitrary file deletion vulnerability affecting version 17.x on Windows.  ...

1d

Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication

Exploitation attempts targeting a critical-severity Oracle E-Business Suite vulnerability have been observed shortly after proof-of-concept (PoC) code was published. One of the major Oracle product lines, the E-Business Suite is a set of enterprise applications that help organizations automate processes such as supply chain management (SCM),...

1d

China Says It’s Looking Into Report of Spy Balloon Over US

China said Friday it is looking into reports that a Chinese spy balloon has been flying in U.S. airspace and urged calm, adding that it has “no intention of violating the territory and airspace of any sovereign country.” Foreign Ministry spokesperson Mao Ning also said she had no information about whether a trip to China by U.S. Secretary...

1d

GoAnywhere MFT Users Warned of Zero-Day Exploit

Users of the GoAnywhere secure managed file transfer (MFT) software have been warned about a zero-day exploit that malicious actors can target directly from the internet.  The GoAnywhere MFT is made by Fortra, known until recently as HelpSystems, and it’s designed to enable organizations to automate and secure the exchange of data with their...

1d