Ionut Arghire

Security Experts:

WRITE FOR US

Contact Ionut Arghire

Ionut Arghire is an international correspondent for SecurityWeek.

Recent articles by Ionut Arghire

Controversial Web Host Epik Confirms Customer Data Exposed in Breach

Hackers accessed a non-public server and stole names, addresses, phone numbers, and in some cases credit card information.
Chrome 94 Update Patches Actively Exploited Zero-Day Vulnerability

Google ships an urgent fix for CVE-2021-37973, a use-after-free security bug in the Portals API that could lead to the execution of arbitrary code.
Threat Actor Targets Indian Government With Commercial RATs

Attacks delivering the Netwire and Warzone (AveMaria) RATs were employing lures themed around India's National Informatics Centre’s Kavach two-factor authentication application.
FamousSparrow Cyberspies Exploit ProxyLogon in Attacks on Governments, Hotels

Active since at least 2019, the hacking group is mainly focused on hotels, but also targeted engineering and law firms, and international organizations.
CISA Opens IPv6 Guidance to Public Feedback

The document is aimed at helping federal agencies secure their networks through the use of IPv6.
Web Security Provider Jscrambler Raises $15 Million

The company will use the investment to expand marketing and sales initiatives and accelerate product roadmap.
Apple Deprecates Outdated TLS Protocols in iOS, macOS

Support for the TLS 1.0 and 1.1 protocols will be completely removed from the company’s mobile and desktop platforms.
Cisco Patches Critical Vulnerabilities in IOS XE Software

The vulnerabilities could be exploited to execute arbitrary code remotely, cause a denial of service condition, or manipulate device configuration.
Attacks on Russian Government Orgs Exploit Recent Microsoft Office Zero-Day

Adversaries used malicious documents targeting the MSHTML vulnerability tracked as CVE-2021-40444 to compromise Russian state rocket center and interior ministry.
Netgear Patches Remote Code Execution Flaw in SOHO Routers

Netgear warns that an attacker on the same network as a vulnerable device could intercept and manipulate router traffic to execute code as root.
Remote Code Execution Vulnerability Found in AWS WorkSpaces

The vulnerability could be triggered when the victim opens a malicious WorkSpaces URI from the browser.
Google Working on Improving Memory Safety in Chrome

Chrome 94 was just released with patches for 19 vulnerabilities, including multiple high severity bugs discovered by external researchers.
Russia-Linked Turla APT Uses New Backdoor in Latest Attacks

Cisco Talos researchers say the backdoor is installed as a service and constantly contacts its command and control (C&C) to receive commands.
OpenOffice Vulnerability Exposes Users to Code Execution Attacks

Attackers could use crafted .dbf files to trigger the bug on the victim’s machine to run arbitrary code.
Identity Solutions Provider Saviynt Raises $130 Million

The company plans to invest in R&D and personnel, to meet demand for its cloud-based identity solution.
Attacks Targeting OMIGOD Vulnerability Ramping Up

Microsoft says it has been seeing various attempts to exploit the remote code execution vulnerability in the Open Management Infrastructure (OMI) framework.
Cybercriminals Linked to Italian Mafia Arrested by European Police

Operating out of Spain and Italy, the organized crime group defrauded hundreds of individuals, making roughly €10 million (approximately $11.7 million) in profits last year alone.
Attackers Use Linux Binaries as Loaders for Windows Malware

Limited in scope, the incidents abuse the Windows Subsystem for Linux (WSL) feature to cross the boundaries between operating systems and avoid detection.
Ongoing Phishing Campaign Targets APAC, EMEA Governments

Focused on credential harvesting, attackers have targeted the governments of at least 7 countries since spring 2020, with 15 phishing pages still active.
Nigerian Threat Actor Targeting Aviation Industry Since 2018

Running a small operation, the adversary has managed to remain under the radar for five years, despite being engaged in various malicious campaigns.
Operator of 'DownThem' DDoS Attack Service Convicted

The service had over 2,000 users and is believed to have been responsible for more than 200,000 distributed denial of service attacks.
Mirai Botnet Starts Exploiting OMIGOD Flaw as Microsoft Issues More Guidance

The Mirai botnet has started exploiting the OMIGOD vulnerability just as Microsoft released more guidance on protections.
U.S. Agencies Warn of APTs Exploiting Recent ADSelfService Plus Zero-Day

The critical security bug was patched last week, when Zoho was already seeing in-the-wild attacks targeting it.
Endpoint Security Platform Kolide Banks $17 Million Investment

Endpoint security platform Kolide gets a fresh round of capital from venture capital investors.
Google Helps OSTIF Boost Security of Open Source Projects

Google announced plans to support the Open Source Technology Improvement Fund in launching its Managed Audit Program to review critical open source projects.

SECURITYWEEK NETWORK:

Security Experts:

Ionut Arghire

Recent articles by Ionut Arghire

Get the Daily Briefing

Popular Topics

Security Community

Stay Intouch

About SecurityWeek