The Breach News

New Cyber Attack Targets Regions Bank and SunTrust

October 11, 2012

As predicted by the Izz ad-Din al-Qassam Cyber Fighters, another distributed denial-of-service (DDoS) attack has struck the websites of Regions Financial Corp (regions.com) and SunTrust. These cyber assaults inundate the banks’ sites with excessive traffic, resulting in slow service or complete unavailability. In a Pastebin post dated October 8, the hacktivist group announced plans for several attacks: on Capital One on October 9, SunTrust on October 10, and Regions Financial Corp on October 11—and they successfully executed their threats. A spokesperson for SunTrust, Michael McCoy, confirmed that the bank’s site experienced heightened traffic, leading to intermittent availability for some online functions. Just days prior, Regions representatives had informed Fox Business that they were aware of the threats and were “taking every measure.”

Cyber Attack Targets Regions Bank and SunTrust On October 11, 2012, Regions Financial Corp and SunTrust fell victim to a significant distributed denial-of-service (DDoS) attack. This breach was executed by the hacktivist group Izz ad-Din al-Qassam Cyber Fighters, who had previously announced their plans to target these financial institutions in…

Read More

New Cyber Attack Targets Regions Bank and SunTrust

October 11, 2012

As predicted by the Izz ad-Din al-Qassam Cyber Fighters, another distributed denial-of-service (DDoS) attack has struck the websites of Regions Financial Corp (regions.com) and SunTrust. These cyber assaults inundate the banks’ sites with excessive traffic, resulting in slow service or complete unavailability. In a Pastebin post dated October 8, the hacktivist group announced plans for several attacks: on Capital One on October 9, SunTrust on October 10, and Regions Financial Corp on October 11—and they successfully executed their threats. A spokesperson for SunTrust, Michael McCoy, confirmed that the bank’s site experienced heightened traffic, leading to intermittent availability for some online functions. Just days prior, Regions representatives had informed Fox Business that they were aware of the threats and were “taking every measure.”

Newly Decoded Sabotage Malware May Have Aimed at Iran’s Nuclear Program—Predating Stuxnet

Recent analysis by cybersecurity experts has revealed the emergence of a sophisticated piece of malware known as Fast16, which operates with self-replicating capabilities resembling those of a worm. This code is particularly alarming due to its ability to propagate through network shares on Windows systems. According to findings, Fast16 utilizes…

Read MoreNewly Decoded Sabotage Malware May Have Aimed at Iran’s Nuclear Program—Predating Stuxnet

Remote Code Execution Risks Discovered in Commvault: Pre-Auth Exploit Chains Identified

August 21, 2025
Category: Vulnerability / Software Security

Commvault has issued updates to address four critical security vulnerabilities that could enable remote code execution on affected instances. The identified vulnerabilities arise in Commvault versions prior to 11.36.60, detailed as follows:

  • CVE-2025-57788 (CVSS score: 6.9): This vulnerability in a known login mechanism permits unauthenticated attackers to execute API calls without needing user credentials.

  • CVE-2025-57789 (CVSS score: 5.3): A flaw during the setup process allows remote attackers to exploit default credentials for administrative access before the first admin login.

  • CVE-2025-57790 (CVSS score: 8.7): A path traversal vulnerability enables remote attackers to gain unauthorized file system access, leading to potential remote code execution.

  • CVE-2025-57791 (CVSS score: 6.9): A vulnerability that allows attackers to inject or manipulate command-line arguments passed to internal components, resulting in further exploitation.

Commvault Issues Critical Security Updates to Mitigate Remote Code Execution Vulnerabilities On August 21, 2025, Commvault announced significant updates aimed at addressing four critical security vulnerabilities that could potentially be exploited to execute remote code on vulnerable instances of its software. These vulnerabilities, which affect versions prior to 11.36.60, reveal…

Read More

Remote Code Execution Risks Discovered in Commvault: Pre-Auth Exploit Chains Identified

August 21, 2025
Category: Vulnerability / Software Security

Commvault has issued updates to address four critical security vulnerabilities that could enable remote code execution on affected instances. The identified vulnerabilities arise in Commvault versions prior to 11.36.60, detailed as follows:

  • CVE-2025-57788 (CVSS score: 6.9): This vulnerability in a known login mechanism permits unauthenticated attackers to execute API calls without needing user credentials.

  • CVE-2025-57789 (CVSS score: 5.3): A flaw during the setup process allows remote attackers to exploit default credentials for administrative access before the first admin login.

  • CVE-2025-57790 (CVSS score: 8.7): A path traversal vulnerability enables remote attackers to gain unauthorized file system access, leading to potential remote code execution.

  • CVE-2025-57791 (CVSS score: 6.9): A vulnerability that allows attackers to inject or manipulate command-line arguments passed to internal components, resulting in further exploitation.

Apple Issues Critical Security Updates for Zero-Day Vulnerabilities Amid Active Exploits

On May 4, 2021, Apple launched urgent security updates for iOS, macOS, and watchOS to tackle three zero-day vulnerabilities and to enhance protections for a fourth flaw that may have been actively exploited. These vulnerabilities, primarily affecting WebKit—the engine behind Safari and other browsers on iOS—could allow attackers to execute arbitrary code on targeted devices. Here’s a summary of the three security issues:

  • CVE-2021-30663: An integer overflow vulnerability exploitable via crafted web content, potentially leading to code execution. This was mitigated through improved input validation.

  • CVE-2021-30665: A memory corruption issue that could be leveraged to create malicious web content, resulting in code execution. This was remedied with enhanced state management.

  • CVE-2021-30666: A buffer overflow vulnerability that might be exploited to generate malicious web content, leading to…

Apple Issues Critical Security Patches for Zero-Day Vulnerabilities Amid Active Exploits On May 3, 2021, Apple announced the release of a suite of security updates for its operating systems, including iOS, macOS, and watchOS, aimed at addressing several pressing vulnerabilities. Notably, these updates specifically target three zero-day flaws tied to…

Read More

Apple Issues Critical Security Updates for Zero-Day Vulnerabilities Amid Active Exploits

On May 4, 2021, Apple launched urgent security updates for iOS, macOS, and watchOS to tackle three zero-day vulnerabilities and to enhance protections for a fourth flaw that may have been actively exploited. These vulnerabilities, primarily affecting WebKit—the engine behind Safari and other browsers on iOS—could allow attackers to execute arbitrary code on targeted devices. Here’s a summary of the three security issues:

  • CVE-2021-30663: An integer overflow vulnerability exploitable via crafted web content, potentially leading to code execution. This was mitigated through improved input validation.

  • CVE-2021-30665: A memory corruption issue that could be leveraged to create malicious web content, resulting in code execution. This was remedied with enhanced state management.

  • CVE-2021-30666: A buffer overflow vulnerability that might be exploited to generate malicious web content, leading to…

miniFlame: Newly Uncovered Cyber Espionage Malware

October 15, 2012

Kaspersky has revealed a new cyber espionage malware called “miniFlame,” which is directly associated with the infamous Flame malware. This latest sophisticated tool, linked to previous espionage software known as Flame and Gauss, functions as a “high-precision surgical attack” mechanism aimed at targets in Lebanon, Iran, and other regions.

Identified by Kaspersky Lab experts in July 2012, miniFlame, also referred to as SPE, was initially recognized as a component of Flame. It appears to be deployed to enhance spying capabilities on computers that have already been infected with Flame and Gauss. Analysis indicates that some variants of miniFlame were developed in 2010 and 2011, with several still active today. Development of this malicious software could date back to as early as 2007. “MiniFlame is a high precision attack tool,” stated Alexander Gostev, Chief Security Expert at Kaspersky.

Discovery of miniFlame Malware Marks a New Era in Cyber Espionage On October 15, 2012, cybersecurity firm Kaspersky Lab revealed the emergence of a new type of malware known as miniFlame. Directly associated with the more notorious Flame malware, miniFlame represents a sophisticated cyber espionage tool that has been linked…

Read More

miniFlame: Newly Uncovered Cyber Espionage Malware

October 15, 2012

Kaspersky has revealed a new cyber espionage malware called “miniFlame,” which is directly associated with the infamous Flame malware. This latest sophisticated tool, linked to previous espionage software known as Flame and Gauss, functions as a “high-precision surgical attack” mechanism aimed at targets in Lebanon, Iran, and other regions.

Identified by Kaspersky Lab experts in July 2012, miniFlame, also referred to as SPE, was initially recognized as a component of Flame. It appears to be deployed to enhance spying capabilities on computers that have already been infected with Flame and Gauss. Analysis indicates that some variants of miniFlame were developed in 2010 and 2011, with several still active today. Development of this malicious software could date back to as early as 2007. “MiniFlame is a high precision attack tool,” stated Alexander Gostev, Chief Security Expert at Kaspersky.

Harvester APT Expands Surveillance Efforts with New GoGra Linux Malware

A nation-state-sponsored Advanced Persistent Threat (APT) group known as Harvester has allegedly developed a new backdoor dubbed GoGra, designed to infiltrate and monitor Linux systems in India and Afghanistan. This group has been active since at least June 2021 and initially targeted Windows platforms primarily across South Asia, but recent…

Read MoreHarvester APT Expands Surveillance Efforts with New GoGra Linux Malware

Former Developer Sentenced to Four Years for Sabotaging Ohio Employer with Kill-Switch Malware

A 55-year-old Chinese national has received a four-year prison sentence and three years of supervised release for deploying custom malware that targeted his former employer’s network. Davis Lu, 55, of Houston, Texas, was found guilty in March 2025 of intentionally damaging protected computers. He was arrested in April 2021 for misusing his position as a software developer to run malicious code on the company’s servers. While the company’s name was not disclosed, it has been identified as Eaton Corporation, a multinational power management firm based in Beachwood, Ohio. “The defendant violated his employer’s trust, using his technical expertise to disrupt network operations and causing significant financial losses to a U.S. company,” stated Acting Assistant Attorney General M…

Former Developer Sentenced for Sabotaging Employer with Kill-Switch Malware A 55-year-old man from Houston, Texas, has received a four-year prison sentence for the intentional disruption of his previous employer’s computer systems through custom malware. This case highlights significant cybersecurity vulnerabilities that organizations face from insider threats. Davis Lu, a Chinese…

Read More

Former Developer Sentenced to Four Years for Sabotaging Ohio Employer with Kill-Switch Malware

A 55-year-old Chinese national has received a four-year prison sentence and three years of supervised release for deploying custom malware that targeted his former employer’s network. Davis Lu, 55, of Houston, Texas, was found guilty in March 2025 of intentionally damaging protected computers. He was arrested in April 2021 for misusing his position as a software developer to run malicious code on the company’s servers. While the company’s name was not disclosed, it has been identified as Eaton Corporation, a multinational power management firm based in Beachwood, Ohio. “The defendant violated his employer’s trust, using his technical expertise to disrupt network operations and causing significant financial losses to a U.S. company,” stated Acting Assistant Attorney General M…

New Spectre Vulnerabilities in Intel and AMD CPUs Impact Billions of Devices

May 06, 2021

Since the revelation of Spectre, a serious vulnerability affecting modern processors, in January 2018, experts have warned that the issue is challenging to resolve, leading to its continued prevalence. Over three years later, researchers from the University of Virginia and the University of California, San Diego, have uncovered a new method of attack that circumvents existing Spectre defenses. This discovery places virtually all systems—including desktops, laptops, cloud servers, and smartphones—at significant risk once again. The initial disclosures of Spectre and Meltdown opened the floodgates to numerous attack variants, and the problem seems far from resolved, even as manufacturers strive to enhance security.

New Spectre Vulnerabilities in Intel and AMD Processors Impact Billions of Devices In a significant development for the cybersecurity landscape, researchers from the University of Virginia and the University of California, San Diego have identified new vulnerabilities associated with Spectre, a notorious family of exploits affecting modern microprocessors. First disclosed…

Read More

New Spectre Vulnerabilities in Intel and AMD CPUs Impact Billions of Devices

May 06, 2021

Since the revelation of Spectre, a serious vulnerability affecting modern processors, in January 2018, experts have warned that the issue is challenging to resolve, leading to its continued prevalence. Over three years later, researchers from the University of Virginia and the University of California, San Diego, have uncovered a new method of attack that circumvents existing Spectre defenses. This discovery places virtually all systems—including desktops, laptops, cloud servers, and smartphones—at significant risk once again. The initial disclosures of Spectre and Meltdown opened the floodgates to numerous attack variants, and the problem seems far from resolved, even as manufacturers strive to enhance security.

Strategies for Reducing Security Risks in Web Applications

With web applications being prime targets for cyberattacks, ensuring their security can feel like navigating a digital “Good, the Bad, and the Ugly.” Vulnerabilities in web applications now represent the largest threat vector for enterprise security. Addressing web application security is often more complex than securing infrastructure. Common vulnerabilities, such as Cross-Site Scripting (XSS), SQL Injection (SQLi), and file inclusion, persistently arise. Many of these security challenges can be mitigated using established security measures. However, a survey indicates that only 51% of organizations have coding teams perform security testing, and just 40% incorporate testing during the development phase. These vulnerabilities frequently lie outside the expertise of traditional network security teams. To assist you in grasping…

Minimizing Risks in Web Application Security: A Critical Imperative As web applications continue to emerge as prime targets for cybercriminals, the landscape of web application security resembles a complex narrative reminiscent of “The Good, the Bad and the Ugly.” In the current cybersecurity climate, vulnerabilities within web applications present the…

Read More

Strategies for Reducing Security Risks in Web Applications

With web applications being prime targets for cyberattacks, ensuring their security can feel like navigating a digital “Good, the Bad, and the Ugly.” Vulnerabilities in web applications now represent the largest threat vector for enterprise security. Addressing web application security is often more complex than securing infrastructure. Common vulnerabilities, such as Cross-Site Scripting (XSS), SQL Injection (SQLi), and file inclusion, persistently arise. Many of these security challenges can be mitigated using established security measures. However, a survey indicates that only 51% of organizations have coding teams perform security testing, and just 40% incorporate testing during the development phase. These vulnerabilities frequently lie outside the expertise of traditional network security teams. To assist you in grasping…