• February cyber incident will cost molten metal flow engineering firm Vesuvius £3.5 million

    Vesuvius, a leader in molten metal flow engineering and technology, revealed that the February cyber incident will cost it £3.5 million Vesuvius is a global leader in molten metal flow engineering and technology, it employs more than 10,000 people and is listed on the London Stock Exchange. In February the company disclosed a security breach The post February cyber incident will cost molten metal flow engineering firm Vesuvius £3.5 million appeared first on Security Affairs.

  • NPM packages found containing the TurkoRat infostealer

    Experts discovered two malicious packages in the npm package repository, both were laced with an open-source info-stealer called TurkoRat. ReversingLabs discovered two malicious packages, respectively named nodejs-encrypt-agent and nodejs-cookie-proxy-agent, in the npm package repository containing an open-source info-stealer called TurkoRat. TurkoRat is an information-stealing malware that can obtain a broad range of data from the infected machine, The post NPM packages found containing the TurkoRat infostealer appeared first on Security Affairs.

  • Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

    The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. Infected devices were used for multiple malicious activities, including traffic redirections through mobile proxies, info-stealing, click fraud, and The post Lemon Group gang pre-infected 9 million Android devices for fraudulent activities appeared first on Security Affairs.

  • Apple fixed three new actively exploited zero-day vulnerabilities

    Apple released security updates to address three zero-day vulnerabilities in iPhones, Macs, and iPads that are actively exploited in attacks. Apple has addressed three new zero-day vulnerabilities that are actively exploited in attacks in the wild to hack into iPhones, Macs, and iPads. The three vulnerabilities, tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, reside in the The post Apple fixed three new actively exploited zero-day vulnerabilities appeared first on Security Affairs.

  • KeePass 2.X Master Password Dumper allows retrieving the KeePass master password

    A researcher published a PoC tool to retrieve the master password from KeePass by exploiting the CVE-2023-32784 vulnerability. Security researcher Vdohney released a PoC tool called KeePass 2.X Master Password Dumper that allows retrieving the master password for KeePass. The tool exploits the unpatched KeePass vulnerability, tracked CVE-2023-32784, to retrieve the master password from the memory The post KeePass 2.X Master Password Dumper allows retrieving the KeePass master password appeared first on Security Affairs.

  • Admin of the darknet carding platform Skynet Market pleads guilty

    A US national has pleaded guilty to operating the carding site Skynet Market and selling financial information belonging to tens of thousands of US victims. The U.S. national Michael D. Mihalo, aka Dale Michael Mihalo Jr. and ggmccloud1, pleaded guilty to operating a carding site on the dark web called Skynet Market and selling financial The post Admin of the darknet carding platform Skynet Market pleads guilty appeared first on Security Affairs.

    fr_FRFrançais