An unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail.
ESET, which identified the activity, attributed it with medium confidence to the Russia-aligned cyberespionage group Turla (aka Iron Hunter, Pensive Ursa, Secret Blizzard, Snake, Uroburos, and Venomous
The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG (TTNG).
"The attackers compromised the first system, established persistence and added exclusions to antivirus products running on these endpoints as part of their preliminary post-compromise actions," Cisco
Details have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive information on the device without users' consent.
The vulnerability, tracked as CVE-2024-23204 (CVSS score: 7.5), was addressed by Apple on January 22, 2024, with the release of iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, and
The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign targeting Polish non-governmental organizations in December 2023.
"TinyTurla-NG, just like TinyTurla, is a small 'last chance' backdoor that is left behind to be used when all other unauthorized access/backdoor mechanisms have failed or been
Image Source: JFrog Security Research
Patches have been released forΒ two security flawsΒ impacting the Curl data transfer library, the most severe of which could potentially result in code execution.
The list of vulnerabilities is as follows -
CVE-2023-38545Β (CVSS score: 7.5) - SOCKS5 heap-based buffer overflow vulnerability
CVE-2023-38546Β (CVSS score: 5.0) - Cookie injection with none file
CVE-
The maintainers of theΒ Curl libraryΒ have released an advisory warning of two security vulnerabilities that are expected to be addressed as part of an forthcoming update set for release on October 11, 2023.
ThisΒ includesΒ a high-severity and a low-severity flaw tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, respectively.
Additional details about the issues and the exact version
Login
FreshRSS