Novel backdoor used in Charming Kitten attacks Attacks involving the new BASICSTAR backdoor have been deployed by Iranian advanced persistent threat operation Charming Kitten, also known as Charming Cypress, Mint Sandstorm, APT35, TA453, and Yellow Garuda, against Middle East policy experts between September and October last year, according to The Hacker News.
Major Minnesota-based regional internet service provider U.S. Internet had internal emails and emails from thousands of individuals served by its Securence division spanning over a decade exposed due to an unsecured server, according to Krebs on Security.
Attacks exploiting the critical Domain Name System Security Extensions vulnerability, tracked as CVE-2023-50387 and dubbed "KeyTrap," could be deployed against systems leveraging DNSSEC-validating DNS resolvers and facilitate a massive disruption of the internet, SecurityWeek reports.
BleepingComputer reports that organizations have been advised by Microsoft regarding the active exploitation of a critical Exchange Server zero-day flaw, tracked as CVE-2024-21410, prior to it being remediated as part of this month's Patch Tuesday.
The U.S. Department of Defense has begun informing current and former employees, partners, and job applicants regarding the potential exposure of their personally identifiable information stemming from a service provider's inadvertent leak of several emails between Feb. 3 and Feb. 20, 2023, reports DefenseScoop.
Organizations have been warned by the Cybersecurity and Infrastructure Security Agency regarding ongoing attacks exploiting a cross-site scripting vulnerability impacting various versions of the Roundcube email server, tracked as CVE-2023-43770, reports BleepingComputer.
