Saturday , April 19 2025

Daily Cybersecurity update, July 31, 2023

01

The University of Guelph, Canada, is notifying students of a data breach involving personal information accessed through a third-party security company. The breach exposed student IDs, names, and dates of birth.
02
The BAZAN Group, Israel’s largest oil refinery operator, experienced a cyberattack, resulting in the inaccessibility of its website from most parts of the world. The Iranian threat group, Cyber Avengers, claimed responsibility.
03
Call of Duty: Modern Warfare 2 servers were taken offline due to a self-spreading worm, Trojan:Win32 Wacatac.B!ml, targeting PC gamers. It is believed that hackers used hacked lobbies to spread the virus.
04
A data breach in Arizona’s school voucher program exposed the personal information of thousands of students. The breach occurred on ClassWallet, the platform that handles payments for Arizona’s Empowerment Scholarship Account program.
05
Ransomware delivered through URLs has become the leading method for distributing ransomware, accounting for over 77% of cases in 2022 – found Unit 42. This is followed by emails at 12%.
06
The CISA published a report, revealing that a new malware, named Submarine, was used to backdoor Barracuda ESG appliances on federal agencies’ networks by the Chinese state-sponsored UNC4841 group.
07
The Patchwork threat group, suspected to be operating on behalf of India, was spotted targeting universities and research organizations in China using a backdoor called EyeShell.
08
Threat actors were found creating fake websites hosting trojanized software installers to lure unsuspecting users into downloading the Fruity downloader malware, which ultimately installs remote trojans such as Remcos RAT.
09
The Southern Association of Independent Schools (SAIS) was found leaking 680,000 records containing health records, background checks, financial budgets, and even confidential security reports of students, parents, and teachers, via an unprotected database.
10
The Biden administration introduced a national strategy to combat cyber workforce shortages. The plan emphasizes collaboration with stakeholders, investment in scholarships and grants, and bolstering the federal cyber workforce capable of effectively defending against cyber threats.

CVE-2025-2492
ASUS warns of critical auth bypass flaw in routers

Hackers can exploit a vulnerability in Asus routers to execute unauthorized functions. This serious issue, rated 9.2 out of 10,...
Read More
CVE-2025-2492  ASUS warns of critical auth bypass flaw in routers

16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia

According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new technique called "symlink". This number...
Read More
16,000+  Fortinet devices compromised with symlink backdoor, Mostly in Asia

Patch now! Critical Erlang/OTP SSH Vuln Allows UCE

A critical security flaw has been found in the Erlang/Open Telecom Platform (OTP) SSH implementation, allowing an attacker to run...
Read More
Patch now! Critical Erlang/OTP SSH Vuln Allows UCE

CISA warns of increasing risk tied to Oracle legacy Cloud leak

On Wednesday, CISA alerted about increased breach risks due to the earlier compromise of legacy Oracle Cloud servers, emphasizing the...
Read More
CISA warns of increasing risk tied to Oracle legacy Cloud leak

CVE-2025-20236
Cisco Patches Unauthenticated RCE Flaw in Webex App

Cisco issued a security advisory about a serious vulnerability in its Webex App that allows unauthenticated remote code execution (RCE)...
Read More
CVE-2025-20236  Cisco Patches Unauthenticated RCE Flaw in Webex App

Apple released emergency security updates for 2 zero-day vulns

On Wednesday, Apple released urgent operating system updates to address two security vulnerabilities that had already been exploited in highly...
Read More
Apple released emergency security updates for 2 zero-day vulns

Oracle Released Patched for 378 flaws for April 2025

On April 15, 2025, Oracle released a Critical Patch Update for 378 flaws for its products. The patch update covers...
Read More
Oracle Released Patched for 378 flaws for April 2025

CVE-2025-24054
Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild

Check Point Research warns of the active exploitation of a new vulnerability, CVE-2025-24054, which lets hackers leak NTLMv2-SSP hashes using...
Read More
CVE-2025-24054  Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild

Bengaluru firm got ransomware attack, Hacker demanded $70,000

Bengaluru's Whiteboard Technologies Pvt Ltd was hit by a ransomware attack, with hackers demanding a ransom of up to $70,000...
Read More
Bengaluru firm got ransomware attack, Hacker demanded $70,000

MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today

MITRE Vice President Yosry Barsoum warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness...
Read More
MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today

Check Also

Daily Security Update Dated: 18.12.2024

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data …

Leave a Reply

Your email address will not be published. Required fields are marked *