LATEST NEWS

VIEW ALL
New Krasue Linux RAT targets telecom companies in Thailand
Pierluigi Paganini December 07, 2023

A previously undetected Linux RAT dubbed Krasue has been observed targeting telecom companies in Thailand. Group-IB researchers discovered a previously undetected Linux remote access trojan called ...

Atlassian addressed four new RCE flaws in its products
Pierluigi Paganini December 06, 2023

Australian Software giant Atlassian addressed four critical Remote Code Execution (RCE) vulnerabilities in its products. Atlassian released security patches to address four critical remote c ...

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini December 06, 2023

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds four Qualcomm vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Secur ...

Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode
Pierluigi Paganini December 06, 2023

Researchers devised a new post-exploitation tampering technique to trick users into believing that their iPhone is in Lockdown Mode. Researchers from Jamf Threat Labs devised a new post-exploit ta ...

recent articles

Malware
New Krasue Linux RAT targets telecom companies in Thailand

A previously undetected Linux RAT dubbed Krasue has been observed targeting telecom companies in Thailand. Group-IB researchers discovered a previously undetected Linux remote access trojan called ...

Pierluigi Paganini December 07, 2023
Security
Atlassian addressed four new RCE flaws in its products

Australian Software giant Atlassian addressed four critical Remote Code Execution (RCE) vulnerabilities in its products. Atlassian released security patches to address four critical remote c ...

Pierluigi Paganini December 06, 2023
Security
CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds four Qualcomm vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Secur ...

Pierluigi Paganini December 06, 2023
Security
Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

Researchers devised a new post-exploitation tampering technique to trick users into believing that their iPhone is in Lockdown Mode. Researchers from Jamf Threat Labs devised a new post-exploit ta ...

Pierluigi Paganini December 06, 2023
Hacking
GST Invoice Billing Inventory exposes sensitive data to threat actors

GST Invoice Billing Inventory, a business accounting app for small and medium businesses with over 1M downloads has left a database open, exposing sensitive personal and corporate data up for grabs. ...

Pierluigi Paganini December 06, 2023
Security
Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw

The U.S. CISA warns that threat actors are actively exploiting a critical vulnerability in Adobe ColdFusion to breach government agencies. The U.S. Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini December 06, 2023
Security
ENISA published the ENISA Threat Landscape for DoS Attacks Report

ENISA published the ENISA Threat Landscape for DoS Attacks report to bring new insights to the DoS threat landscape. Denial-of-Service (DoS) attacks pose a persistent and significant security risk ...

Pierluigi Paganini December 05, 2023
APT
Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. Microsoft's Threat Intelligence is warning of Russi ...

Pierluigi Paganini December 05, 2023
Mobile
Google fixed critical zero-click RCE in Android

Google fixed a critical zero-click RCE vulnerability (CVE-2023-40088) with the release of the December 2023 Android security updates. Google December 2023 Android security updates addressed 85 vul ...

Pierluigi Paganini December 05, 2023
Malware
New P2PInfect bot targets routers and IoT devices

Cybersecurity researchers discovered a new variant of the P2PInfect botnet that targets routers and IoT devices. Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botne ...

Pierluigi Paganini December 04, 2023
Cyber Crime
Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

Microsoft warns of ongoing malvertising attacks using the DanaBot malware to deploy the CACTUS ransomware. Microsoft uncovered ongoing malvertising attacks using the DanaBot Trojan (Storm-1044) to ...

Pierluigi Paganini December 04, 2023
Cyber Crime
LockBit on a Roll - ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

The LockBit ransomware attack on the Industrial & Commercial Bank of China demonstrates the weakness of global financial system to cyberattacks. The ransomware breach that crippled U.S. Treasu ...

Pierluigi Paganini December 04, 2023
Security
Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass. Taiwanese vendor Zyxel addressed tens of vulnerabilities in its f ...

Pierluigi Paganini December 04, 2023
Malware
New Agent Raccoon malware targets the Middle East, Africa and the US

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. Unit42 researchers uncovered a new backdoor named Agent Raccoon, which is ...

Pierluigi Paganini December 03, 2023
Breaking News
Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini December 03, 2023
Hacking
Researchers devised an attack technique to extract ChatGPT training data

Researchers devised an attack technique that could have been used to trick ChatGPT into disclosing training data. A team of researchers from several universities and Google have demonstrated an at ...

Pierluigi Paganini December 02, 2023
Security
Fortune-telling website WeMystic exposes 13M+ user records

WeMystic, a website on astrology, numerology, tarot, and spiritual orientation, left an open database exposing 34GB of sensitive data about the platforms' users. Telling the future is a tricky bus ...

Pierluigi Paganini December 02, 2023
Security
Expert warns of Turtle macOS ransomware

The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices. The popular cyber security researcher Patrick Wardle published a detaile ...

Pierluigi Paganini December 01, 2023
Cyber Crime
Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

The Black Basta ransomware gang infected over 300 victims accumulating ransom payments exceeding $100 million since early 2022. The Black Basta ransomware group has been active since April 2022, l ...

Pierluigi Paganini December 01, 2023
Security
CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

US CISA added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Googl ...

Pierluigi Paganini December 01, 2023
Security
Apple addressed 2 new iOS zero-day vulnerabilities

Apple released emergency security updates to fix two actively exploited zero-day flaws impacting iPhone, iPad, and Mac devices. Apple released emergency security updates to address two zero-day vu ...

Pierluigi Paganini November 30, 2023
Hacking
Critical Zoom Room bug allowed to gain access to Zoom Tenants

A critical vulnerability in Zoom Room allowed threat actors to take over meetings and steal sensitive data. Researchers at AppOms discovered a vulnerability in Zoom Room as part of the HackerOne ...

Pierluigi Paganini November 30, 2023
Cyber Crime
Rhysida ransomware group hacked King Edward VII’s Hospital in London

The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. King Edward VII's Hospital is a private hospital located on Beaumont Street in the Marylebone district o ...

Pierluigi Paganini November 30, 2023
Security
Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-6345, in the Chrome browser. Google on Wednesday released security updates to addre ...

Pierluigi Paganini November 29, 2023
Hacking
Okta reveals additional attackers' activities in October 2023 Breach

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 20 ...

Pierluigi Paganini November 29, 2023
Security
Thousands of secrets lurk in app images on Docker Hub

Thousands of secrets have been left exposed on Docker Hub, a platform where web developers collaborate on their code for web applications. While some are harmless API keys, others could lead to unaut ...

Pierluigi Paganini November 29, 2023
Hacking
Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

Threat actors started exploiting a critical ownCloud vulnerability (CVE-2023-49103) that can lead to sensitive information disclosure. ownCloud is an open-source software platform designed for fil ...

Pierluigi Paganini November 28, 2023
Cyber Crime
International police operation dismantled a prominent Ukraine-based Ransomware group

An international law enforcement operation dismantled the core of a ransomware group operating from Ukraine. A joint law enforcement operation led by Europol and Eurojust, with the support of the ...

Pierluigi Paganini November 28, 2023
Cyber Crime
Daixin Team group claimed the hack of North Texas Municipal Water District

The Daixin Team group claims to have hacked the North Texas Municipal Water District (US) and threatened to leak the stolen data. The North Texas Municipal Water District (NTMWD) is a regional wa ...

Pierluigi Paganini November 28, 2023
Cyber Crime
Healthcare provider Ardent Health Services disclosed a ransomware attack

The US Healthcare provider Ardent Health Services disclosed that it was the victim of a ransomware attack last week. Ardent Health Services is a healthcare company that operates hospitals and othe ...

Pierluigi Paganini November 28, 2023
Cyber warfare
Ukraine's intelligence service hacked Russia's Federal Air Transport Agency, Rosaviatsia

Ukraine's intelligence service announced the hack of the Russian Federal Air Transport Agency, 'Rosaviatsia.' Ukraine's intelligence service announced they have hacked Russia's Federal Air Transpo ...

Pierluigi Paganini November 27, 2023
Hacktivism
Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania

Threat actors breached the Municipal Water Authority of Aliquippa in Pennsylvania and took control of a booster station. During the weekend, Iranian threat actors hacked the Municipal Water Author ...

Pierluigi Paganini November 27, 2023
Hacking
The hack of MSP provider CTS potentially impacted hundreds of UK law firms

The cyber attack that hit the managed service provider (MSP) CTS potentially impacted hundreds in the United Kingdom. CTS is a trusted provider of IT services to the legal sector in the UK. The co ...

Pierluigi Paganini November 27, 2023
Breaking News
Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini November 26, 2023
Cyber Crime
Rhysida ransomware gang claimed China Energy hack

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. The Rhysida ransomware gang added the China Energy Engineering ...

Pierluigi Paganini November 25, 2023
APT
North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply-chain attack The National Cyber Security Centre (NCSC) and Korea's National Int ...

Pierluigi Paganini November 25, 2023
Malware
Hamas-linked APT uses Rust-based SysJoker backdoor against Israel

Researchers reported that a Hamas-linked APT group is using a Rust-based SysJoker backdoor against Israeli entities. Check Point researchers observed a Hamas-linked APT group is using the SysJoker ...

Pierluigi Paganini November 25, 2023
Security
App used by hundreds of schools leaking children's data

Almost a million files with minors' data, including home addresses and photos were left open to anyone on the internet, posing a threat to children. During a recent investigation, the Cybernews re ...

Pierluigi Paganini November 24, 2023
Security
Microsoft launched its new Microsoft Defender Bounty Program

Microsoft announced this week it will pay up to $20,000 for security vulnerabilities in its Defender products. Microsoft launched its new Microsoft Defender Bounty Program with a focus on Defender ...

Pierluigi Paganini November 24, 2023
Hacking
Exposed Kubernetes configuration secrets can fuel supply chain attacks

Researchers warn of publicly exposed Kubernetes configuration secrets that could pose a threat of supply chain attack for organizations. Aqua Nautilus researchers warn of publicly exposed Kubernet ...

Pierluigi Paganini November 24, 2023
APT
North Korea-linked Konni APT uses Russian-language weaponized documents

North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware. FortiGuard Labs researchers observed the North Korea-linked Konni APT group using a weaponized ...

Pierluigi Paganini November 24, 2023
Malware
ClearFake campaign spreads macOS AMOS information stealer

Threat actors spread Atomic Stealer (AMOS) macOS information stealer via a bogus web browser update as part of the ClearFake campaign. Atomic Stealer (AMOS) macOS information stealer is now being ...

Pierluigi Paganini November 23, 2023
Data Breach
Welltok data breach impacted 8.5 million patients in the U.S.

Healthcare services provider Welltok disclosed a data breach that impacted nearly 8.5 million patients in the U.S. Welltok is a company that specializes in health optimization solutions. It provi ...

Pierluigi Paganini November 23, 2023
APT
North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

North Korea-linked APT group Diamond Sleet is distributing a trojanized version of the CyberLink software in a supply chain attack. Microsoft Threat Intelligence researchers uncovered a supply cha ...

Pierluigi Paganini November 23, 2023
Data Breach
Automotive parts giant AutoZone disclosed data breach after MOVEit hack

American retailer and distributor of automotive parts and accessories AutoZone discloses a data breach after a MOVEit attack. AutoZone is an American retailer and distributor of automotive parts a ...

Pierluigi Paganini November 23, 2023
Malware
New InfectedSlurs Mirai-based botnet exploits two zero-days

Mirai-based botnet InfectedSlurs has been spotted exploiting two zero-day RCE flaws to compromise routers and video recorder (NVR) devices. Akamai discovered a new Mirai-based DDoS botnet, named I ...

Pierluigi Paganini November 22, 2023
Hacktivism
SiegedSec hacktivist group hacked Idaho National Laboratory (INL)

The Idaho National Laboratory (INL) disclosed a data breach after the SiegedSec hacktivist group leaked stolen human resources data. SiegedSec hacktivists group claimed responsibility for the hack ...

Pierluigi Paganini November 22, 2023
Security
CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

US CISA adds Looney Tunables Linux flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Looney Tunables Linux ...

Pierluigi Paganini November 22, 2023
Hacking
Citrix provides additional measures to address Citrix Bleed

Citrix urges admins to kill NetScaler user sessions after patching their appliances against the CVE-2023-4966 Citrix Bleed vulnerability. Citrix is providing additional measures to admins who are ...

Pierluigi Paganini November 22, 2023
Digital ID
Tor Project removed several relays associated with a suspicious cryptocurrency scheme

The Tor Project removed several relays that were used as part of a cryptocurrency scheme and represented a threat to the users.  The Tor Project announced the removal of multiple network relays t ...

Pierluigi Paganini November 21, 2023
Malware
Experts warn of a surge in NetSupport RAT attacks against education and government sectors

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The Carbon Black Managed Detection & Response team is warning of a surge in the ...

Pierluigi Paganini November 21, 2023
Security
The Top 5 Reasons to Use an API Management Platform

Organizations need to govern and control the API ecosystem, this governance is the role of API management. Uber uses APIs (Application Programming Interfaces) to connect with third-party services ...

Pierluigi Paganini November 21, 2023
Data Breach
Canadian government impacted by data breaches of two of its contractors

The Canadian government discloses a data breach after threat actors hacked two of its contractors.  The Canadian government declared that two of its contractors,Brookfield Global Relocation S ...

Pierluigi Paganini November 20, 2023
Data Breach
Rhysida ransomware gang is auctioning data stolen from the British Library

The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The Rhysida ransomware gang added the British Library to th ...

Pierluigi Paganini November 20, 2023
APT
Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies

Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks. The Ukrainian National Security and Defense Council (NDSC) repor ...

Pierluigi Paganini November 20, 2023
APT
DarkCasino joins the list of APT groups exploiting WinRAR zero-day

The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831. Researchers at cybersecurity firm NSFOCUS analyzed DarkCasino attack pattern exploi ...

Pierluigi Paganini November 20, 2023
Cyber Crime
US teenager pleads guilty to his role in credential stuffing attack on a betting site

US teenager Joseph Garrison pleads guilty to carrying out a credential stuffing attack on a betting website. US teenager Joseph Garrison (19) has pleaded guilty to his involvement in a credential ...

Pierluigi Paganini November 20, 2023
Breaking News
Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini November 19, 2023
Malware
8Base ransomware operators use a new variant of the Phobos ransomware

8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the ...

Pierluigi Paganini November 19, 2023
APT
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB. Check Point researchers observed Russia-linked Gamaredon spreading the worm called  ...

Pierluigi Paganini November 18, 2023
Breaking News
The board of directors of OpenAI fired Sam Altman

OpenAI fired its CEO Sam Altman, and the Chief technology officer Mira Murati appointed interim CEO to lead the company. Sam Altman has been removed as CEO of OpenAI. The company announced that Mi ...

Pierluigi Paganini November 17, 2023
Data Breach
Medusa ransomware gang claims the hack of Toyota Financial Services

Toyota Financial Services discloses unauthorized activity on systems after the Medusa ransomware gang claimed to have hacked the company. Toyota Financial Services confirmed the discovery of unaut ...

Pierluigi Paganini November 17, 2023
Security
CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog

US CISA added three new vulnerabilities (tracked as CVE-2023-36584, CVE-2023-1671, and CVE-2023-2551) to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini November 17, 2023
APT
Zimbra zero-day exploited to steal government emails by four groups

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day (CVE-2023-37580) to steal emails from governments. Google Threat Analysis Group (TAG) researchers revealed t ...

Pierluigi Paganini November 16, 2023
Data Breach
Vietnam Post exposes 1.2TB of data, including email addresses

Vietnam Post Corporation, a Vietnamese government-owned postal service, exposed security logs and employee email addresses to external cyber threats Vietnam Post Corporation, a Vietnamese governme ...

Pierluigi Paganini November 16, 2023
Data Breach
Samsung suffered a new data breach

Samsung Electronics disclosed a data breach that exposed customer personal information to an unauthorized individual. Samsung Electronics suffered a data breach that exposed the personal informati ...

Pierluigi Paganini November 16, 2023
Malware
FBI and CISA warn of attacks by Rhysida ransomware gang

The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors. FBI and CISA published a joint Cybersecurity Advisory (CSA) to ...

Pierluigi Paganini November 16, 2023
Security
Critical flaw fixed in SAP Business One product

Enterprise software giant SAP addressed a critical improper access control vulnerability in its Business One product. SAP November 2023 Security Patch Day includes three new and three updated secu ...

Pierluigi Paganini November 15, 2023
Cyber Crime
Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

The Federal Bureau of Investigation (FBI) dismantled the infrastructure behind the illegal botnet proxy service IPStorm. The IPStorm botnet was first uncovered in May 2019 while targeting Windows ...

Pierluigi Paganini November 15, 2023
Security
Gamblers’ data compromised after casino giant Strendus fails to set password

Mexican online casino Strendus has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling. Strendus, one of the biggest online casinos in Mexico has ...

Pierluigi Paganini November 15, 2023
Security
VMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director Appliance

VMware disclosed a critical bypass vulnerability in VMware Cloud Director Appliance that can be exploited to bypass login restrictions when authenticating on certain ports. VMware disclosed an aut ...

Pierluigi Paganini November 15, 2023
APT
Danish critical infrastructure hit by the largest cyber attack in Denmark's history

Danish critical infrastructure was hit by the largest cyber attack on record that hit the country, according to Denmark's SektorCERT. In May, Danish critical infrastructure faced the biggest cyber ...

Pierluigi Paganini November 14, 2023
Cyber Crime
Major Australian ports blocked after a cyber attack on DP World

A cyber attack on the logistics giant DP World caused significant disruptions in the operations of several major Australian ports. A cyberattack hit the international logistics firm DP World Aust ...

Pierluigi Paganini November 14, 2023
Malware
Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024

Experts warn of an alarming rise in ransomware operations targeting the energy sector, including nuclear facilities and related research entities. Resecurity, Inc. (USA) protecting major Fortune 1 ...

Pierluigi Paganini November 14, 2023
Security
CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog

US CISA added four vulnerabilities (tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847) in Juniper devices to its Known Exploited Vulnerabilities catalog. The U.S. Cybe ...

Pierluigi Paganini November 13, 2023
Cyber Crime
LockBit ransomware gang leaked data stolen from Boeing

The LockBit ransomware group published data allegedly stolen from the aerospace giant Boeing in a recent attack. The Boeing Company, commonly known as Boeing, is one of the world’s largest aeros ...

Pierluigi Paganini November 13, 2023
APT
North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

North Korea-linked APT group Sapphire Sleet set up bogus skills assessment portals in attacks aimed at IT job seekers. The North Korea-linked APT group Sapphire Sleet (aka APT38, BlueNoroff, Cagey ...

Pierluigi Paganini November 13, 2023
Data Breach
The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital

The Lorenz extortion group leaked the data stolen from the Texas-based Cogdell Memorial Hospital. In early November, the Cogdell Memorial Hospital (Scurry County Hospital District) announced it w ...

Pierluigi Paganini November 12, 2023
Data Breach
The State of Maine disclosed a data breach that impacted 1.3M people

The State of Maine disclosed a data breach that impacted about 1.3 million people after an attack hit its MOVEit file transfer install. The State of Maine was the victim of the large-scale hack ...

Pierluigi Paganini November 12, 2023
Breaking News
Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini November 12, 2023
Cyber Crime
Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious Bu ...

Pierluigi Paganini November 11, 2023
Cyber Crime
Serbian pleads guilty to running ‘Monopoly’ dark web drug market

The Serbian citizen Milomir Desnica (33) has pleaded guilty to running the dark web Monopoly drug marketplace. Milomir Desnica, a 33-year-old Serbian citizen, admited to being responsible for oper ...

Pierluigi Paganini November 11, 2023
Data Breach
McLaren Health Care revealed that a data breach impacted 2.2 million people

McLaren Health Care (McLaren) experienced a data breach that compromised the sensitive personal information of approximately 2.2 million individuals. McLaren Health Care (McLaren) disclosed a data ...

Pierluigi Paganini November 10, 2023
Hacktivism
After ChatGPT, Anonymous Sudan took down the Cloudflare website

After ChatGPT, Anonymous Sudan took down the Cloudflare website with a distributed denial-of-service (DDoS) attack. The hacktivist group Anonymous Sudan claimed responsibility for the massive di ...

Pierluigi Paganini November 10, 2023
Hacking
Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

The Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack that disrupted trades in the US Treasury market. The Industrial and Commercial Bank of China (ICBC) announced it has ...

Pierluigi Paganini November 10, 2023
Hacking
SysAid zero-day exploited by Clop ransomware group

Microsoft spotted the exploitation of a SysAid zero-day vulnerability in limited attacks carried out by the Lace Tempest group. Microsoft reported the exploitation of a zero-day vulnerability, tra ...

Pierluigi Paganini November 10, 2023
Cyber Crime
Dolly.com pays ransom, attackers release data anyway

On-demand moving and delivery platform Dolly.com allegedly paid a ransom but crooks found an excuse not to hold their end of the bargain. Cybercriminals are hardly a trustworthy bunch. Case in poi ...

Pierluigi Paganini November 10, 2023
Hacktivism
DDoS attack leads to significant disruption in ChatGPT services

OpenAI confirmed that the outage suffered by ChatGPT and its API on Wednesday was caused by a distributed denial-of-service (DDoS) attack. OpenAI confirmed earlier today that the outage suffered ...

Pierluigi Paganini November 09, 2023
APT
Russian Sandworm disrupts power in Ukraine with a new OT attack

Mandiant reported that Russia-linked Sandworm APT used a novel OT attack to cause power outages during mass missile strikes on Ukraine. Mandiant researchers reported that Russia-linked APT group S ...

Pierluigi Paganini November 09, 2023
Security
Veeam fixed multiple flaws in Veeam ONE, including critical issues

Veeam addressed multiple vulnerabilities in its Veeam ONE IT infrastructure monitoring and analytics platform, including two critical issues. Veeam addressed four vulnerabilities (CVE-2023-38547, ...

Pierluigi Paganini November 07, 2023
Security
Pro-Palestinian hackers group 'Soldiers of Solomon' disrupted the production cycle of the biggest flour production plant in Israel

Pro-Palestinian hackers group 'Soldiers of Solomon' claims to have hacked one of the largest Israeli flour plants causing severe damage to the operations. The Pro-Palestinian hackers group 'Soldie ...

Pierluigi Paganini November 07, 2023
APT
Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

Iran-linked Agonizing Serpens group has been targeting Israeli organizations with destructive cyber attacks since January. Iran-linked Agonizing Serpens group (aka Agrius, BlackShadow,&n ...

Pierluigi Paganini November 07, 2023
Security
Critical Confluence flaw exploited in ransomware attacks

Experts warn threat actors that started exploiting a recent critical flaw CVE-2023-22518 in Confluence Data Center and Confluence Server. Over the weekend threat actors started exploiting a recent ...

Pierluigi Paganini November 06, 2023
Security
QNAP fixed two critical vulnerabilities in QTS OS and apps

Taiwanese vendor QNAP warns of two critical command injection flaws in the QTS operating system and applications on its NAS devices. Taiwanese vendor QNAP Systems addressed two critical command in ...

Pierluigi Paganini November 06, 2023
Hacking
Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Google warns of multiple threat actors that are leveraging its Calendar service as a command-and-control (C2) infrastructure. Google warns of multiple threat actors sharing a public proof-of-con ...

Pierluigi Paganini November 06, 2023
Cyber Crime
Socks5Systemz proxy service delivered via PrivateLoader and Amadey

Threat actors infected more than 10,000 devices worldwide with the 'PrivateLoader' and 'Amadey' loaders to recruit them into the proxy botnet 'Socks5Systemz.' Bitsight researchers uncovered a pro ...

Pierluigi Paganini November 06, 2023
Breaking News
US govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actors

The Treasury Department sanctioned a Russian woman accused of laundering virtual currency on behalf of cybercriminals. The Department of the Treasury’s Office of Foreign Assets Control (OFAC) on ...

Pierluigi Paganini November 05, 2023
Breaking News
Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini November 05, 2023
APT
Lazarus targets blockchain engineers with new KandyKorn macOS Malware

North Korea-linked Lazarus group is using new KandyKorn macOS Malware in attacks against blockchain engineers. North Korea-linked Lazarus APT group were spotted using new KandyKorn macOS malware i ...

Pierluigi Paganini November 05, 2023
Hacking
Kinsing threat actors probed the Looney Tunables flaws in recent attacks

Kinsing threat actors are exploiting the recently disclosed Linux privilege escalation flaw Looney Tunables to target cloud environments. Researchers are cloud security firm Aqua have observed th ...

Pierluigi Paganini November 04, 2023
Hacking
ZDI discloses four zero-day flaws in Microsoft Exchange

Researchers disclosed four zero-day flaws in Microsoft Exchange that can be remotely exploited to execute arbitrary code or disclose sensitive information on vulnerable installs. Trend Micro's Zer ...

Pierluigi Paganini November 03, 2023
Data Breach
Okta customer support system breach impacted 134 customers

Threat actors who breached the Okta customer support system also gained access to files belonging to 134 customers. Threat actors who breached the Okta customer support system in October gained ac ...

Pierluigi Paganini November 03, 2023
Mobile
Multiple WhatsApp mods spotted containing the CanesSpy Spyware

Kaspersky researchers are warning of multiple WhatsApp mods that embed a spyware module dubbed CanesSpy. Kaspersky researchers discovered multiple WhatsApp mods that embed a spyware module du ...

Pierluigi Paganini November 03, 2023
Cyber warfare
Russian FSB arrested Russian hackers who supported Ukrainian cyber operations

The FSB arrested two Russian hackers who are accused of having helped Ukrainian entities carry out cyberattacks on critical infrastructure targets. The Russian intelligence agency Federal Security ...

Pierluigi Paganini November 03, 2023
APT
MuddyWater has been spotted targeting two Israeli entities

Iran-linked cyberespionage group MuddyWater is targeting Israeli entities in a new spear-phishing campaign. Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, and&nbs ...

Pierluigi Paganini November 03, 2023
Data Breach
Clop group obtained access to the email addresses of about 632,000 US federal employees

Clop ransomware gang gained access to the email addresses of more than 632K US federal employees at the departments of Defense and Justice. Russian-speaking Clop ransomware group gained access to ...

Pierluigi Paganini November 02, 2023
Data Breach
Okta discloses a new data breach after a third-party vendor was hacked

Okta warns approximately 5,000 employees that their personal information was compromised due to a third-party vendor data breach. Cloud identity and access management solutions provider Okta warns ...

Pierluigi Paganini November 02, 2023
Hacking
Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware

Rapid7 researchers warn of the suspected exploitation of a recently disclosed critical security flaw (CVE-2023-46604) in the Apache ActiveMQ. Cybersecurity researchers at Rapid7 are warning of the ...

Pierluigi Paganini November 02, 2023
Cyber Crime
Boeing confirmed its services division suffered a cyberattack

Boeing confirmed it is facing a cyber incident that hit its global services division, the company pointed out that flight safety isn’t affected. The Boeing Company, commonly known as Boeing, is ...

Pierluigi Paganini November 02, 2023
Data Breach
Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India

Data leaks containing Aadhaar IDs in India were caused by the insecurity of 3rd parties while aggregating such information for KYC. According to Resecurity, a global cybersecurity provider protect ...

Pierluigi Paganini November 02, 2023
Cyber Crime
Who is behind the Mozi Botnet kill switch?

Researchers speculate that the recent shutdown of the Mozi botnet was the response of its authors to the pressure from Chinese law enforcement. ESET researchers speculate that the recent shutdown ...

Pierluigi Paganini November 02, 2023
Hacking
CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog

US CISA added two vulnerabilities, tracked as CVE-2023-46747 and CVE-2023-46748, in BIG-IP to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agenc ...

Pierluigi Paganini November 01, 2023
Security
Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

Experts warn that threat actors started exploiting the critical flaw CVE-2023-46747 in F5 BIG-IP installs less than five days after PoC exploit disclosure. F5 this week warned customers about a cr ...

Pierluigi Paganini November 01, 2023
Malware
Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper

A pro-Hamas hacker group is targeting Israeli entities using a new Linux-based wiper malware dubbed BiBi-Linux Wiper. During a forensics investigation, Security Joes Incident Response team di ...

Pierluigi Paganini November 01, 2023
Hacking
British Library suffers major outage due to cyberattack

Last weekend, the British Library suffered a cyberattack that caused a major IT outage, impacting many of its services. The British Library is facing a major outage that impacts the website and ma ...

Pierluigi Paganini November 01, 2023
Security
Critical Atlassian Confluence flaw can lead to significant data loss

Atlassian warned of a critical security vulnerability, tracked as CVE-2023-22518, in the Confluence Data Center and Server. Atlassian is warning of a critical security flaw, tracked as CVE-2023-2 ...

Pierluigi Paganini October 31, 2023
Deep Web
WiHD leak exposes details of all torrent users

World-in-HD (WiHD), a French private video torrent community, left an open instance exposing the emails and passwords of all of its users and administrators. WiHD, a popular torrent tracker specia ...

Pierluigi Paganini October 31, 2023
Hacking
Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. Researchers from Researchers at Horizon3.ai publicly released the exploit code ...

Pierluigi Paganini October 31, 2023
Intelligence
Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Canada banned the Chinese messaging app WeChat and Kaspersky antivirus on government mobile devices due to privacy and security risks. The Government of Canada announced a ban on the use of the We ...

Pierluigi Paganini October 31, 2023
Cyber Crime
Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency

A man from Orlando was sentenced to prison for SIM Swapping conspiracy that led to the theft of approximately $1M in cryptocurrency. Jordan Dave Persad (20), from Orlando, Florida, was sentenced t ...

Pierluigi Paganini October 30, 2023
Hacking
Wiki-Slack attack allows redirecting business professionals to malicious websites

eSentire researchers devised a new attack technique, named Wiki-Slack attack, that can be used to redirect business professionals to malicious websites. eSentire Threat Response Unit (TRU) secur ...

Pierluigi Paganini October 30, 2023
Security
HackerOne awarded over $300 million bug hunters

HackerOne announced that it has awarded over $300 million bug hunters as part of its bug bounty programs since the launch of its platform. HackerOne announced that it has surpassed $300 million in ...

Pierluigi Paganini October 30, 2023
Malware
StripedFly, a complex malware that infected one million devices without being noticed

A sophisticated malware tracked as StripedFly remained undetected for five years and infected approximately one million devices. Researchers from Kaspersky discovered a sophisticated malware, dubb ...

Pierluigi Paganini October 30, 2023
Hacktivism
IT Army of Ukraine disrupted internet providers in territories occupied by Russia

IT Army of Ukraine hacktivists have temporarily disrupted internet services in some of the territories that have been occupied by Russia. Ukrainian hacktivists belonging to the IT Army of Ukraine� ...

Pierluigi Paganini October 29, 2023
Breaking News
Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini October 29, 2023
Hacking
Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023

The Pwn2Own Toronto 2023 hacking competition is over, bug hunters earned $1,038,500 for 58 zero-day exploits. The Pwn2Own Toronto 2023 hacking competition is over, the organizers awarded $1,038,25 ...

Pierluigi Paganini October 28, 2023
Cyber Crime
Lockbit ransomware gang claims to have stolen data from Boeing

The Lockbit ransomware gang claims to have hacked the aerospace manufacturer and defense contractor Boeing and threatened to leak the stolen data. The Boeing Company, commonly known as Boeing, is ...

Pierluigi Paganini October 27, 2023
APT
France agency ANSSI warns of Russia-linked APT28 attacks on French entities

France National Agency for the Security of Information Systems warns that the Russia-linked APT28 group has breached several critical networks. The French National Agency for the Security of Infor ...

Pierluigi Paganini October 27, 2023
Security
How to Collect Market Intelligence with Residential Proxies?

How residential proxies using real IPs from diverse locations enable businesses to gather comprehensive and accurate data from the web Since the adoption of the first digital tools and connection ...

Pierluigi Paganini October 27, 2023
Hacking
F5 urges to address a critical flaw in BIG-IP

F5 warns customers of a critical vulnerability impacting BIG-IP that could lead to unauthenticated remote code execution. F5 is warning customers about a critical security vulnerability, tracked a ...

Pierluigi Paganini October 27, 2023
Data Breach
Hello Alfred app exposes user data

Hello Alfred, an in-home hospitality app, left a database accessible without password protection, exposing almost 170,000 records containing private user data. Hello Alfred is a one-stop applicat ...

Pierluigi Paganini October 27, 2023
Hacking
iLeakage attack exploits Safari to steal data from Apple devices

Boffins devised a new iLeakage side-channel speculative execution attack exploits Safari to steal sensitive data from Macs, iPhones, and iPads. A team of researchers from the University of Michiga ...

Pierluigi Paganini October 26, 2023
Hacking
Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps

Cloudflare mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks exploiting the flaw HTTP/2 Rapid Reset. Cloudflare DDoS threat report of 2023 states that the c ...

Pierluigi Paganini October 26, 2023
Data Breach
Seiko confirmed a data breach after BlackCat attack

Japanese watchmaker Seiko revealed that the attack that suffered earlier this year was carried out by the Black Cat ransomware gang. On August 10, 2023, the Japanese maker of watches Seiko disclos ...

Pierluigi Paganini October 26, 2023
APT
Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Russia-linked threat actor Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software. Russian APT group Winter Vivern (aka TA473) has been observed exploiting a ze ...

Pierluigi Paganini October 26, 2023
Hacking
Pwn2Own Toronto 2023 Day 1 - organizers awarded $438,750 in prizes

The Pwn2Own Toronto 2023 hacking contest has begun and during the first day, participants received $438,750 in prizes! During the Day 1 of the Pwn2Own Toronto 2023 hacking contest, the organizatio ...

Pierluigi Paganini October 25, 2023
Security
VMware addressed critical vCenter flaw also for End-of-Life products

VMware addressed a critical out-of-bounds write vulnerability, tracked as CVE-2023-34048, that impacts vCenter Server. vCenter Server is a critical component in VMware virtualization and cloud c ...

Pierluigi Paganini October 25, 2023
Security
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway applia ...

Pierluigi Paganini October 25, 2023
Data Breach
New England Biolabs leak sensitive data

On September 18th, the Cybernews research team discovered two publicly hosted environment files (.env) attributed to New England Biolabs. Leaving environment files open to the public is one of the ...

Pierluigi Paganini October 25, 2023
Intelligence
Former NSA employee pleads guilty to attempted selling classified documents to Russia

A former NSA employee has pleaded guilty to charges of attempting to transmit classified defense information to Russia. Jareh Sebastian Dalke (31), a former NSA employee has admitted to attempting ...

Pierluigi Paganini October 24, 2023
Hacking
Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!

VMware is aware of the availability of a proof-of-concept (PoC) exploit code for an authentication bypass flaw in VMware Aria Operations for Logs. VMware warned customers of the availability of a ...

Pierluigi Paganini October 24, 2023
Hacking
How did the Okta Support breach impact 1Password?

1Password detected suspicious activity on its Okta instance after the recent compromise of the Okta support system. The password management and security application 1Password announced it had dete ...

Pierluigi Paganini October 24, 2023
Security
PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

Hundreds of millions of PII records belonging to Indian residents, including Aadhaar cards, are being offered for sale on the Dark Web. PII Belonging to Indian Citizens, Including their Aadhaar ID ...

Pierluigi Paganini October 24, 2023
Cyber Crime
Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

The Spanish police have arrested 34 members of the cybercriminal group that is accused of having stolen data of over four million individuals. The Spanish police have arrested 34 members of a cybe ...

Pierluigi Paganini October 24, 2023
Security
CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

US CISA added the vulnerability CVE-2023-20273 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulner ...

Pierluigi Paganini October 23, 2023
Hacking
Cisco warns of a second IOS XE zero-day used to infect devices worldwide

Cisco found a second IOS XE zero-day vulnerability, tracked as CVE-2023-20273, which is actively exploited in attacks in the wild. Cisco last week warned customers of a zero-day vulnerability, ...

Pierluigi Paganini October 23, 2023
Hacking
City of Philadelphia suffers a data breach

The City of Philadelphia discloses a data breach that resulted from a cyber attack that took place on May 24 and that compromised City email accounts. The City of Philadelphia announced it is inve ...

Pierluigi Paganini October 23, 2023
Security
SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

Researchers discovered three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product. Security researchers discovered three critical remote code execu ...

Pierluigi Paganini October 23, 2023
Intelligence
Don't use AI-based apps, Philippine defense ordered its personnel

The Philippine defense ordered its personnel to stop using AI-based applications to generate personal portraits. The Philippine defense warned of the risks of using AI-based applications to genera ...

Pierluigi Paganini October 23, 2023
Malware
Vietnamese threat actors linked to DarkGate malware campaign

Researchers linked Vietnamese threat actors to the string of DarkGate malware attacks on entities in the U.K., the U.S., and India. WithSecure researchers linked the recent attacks using the DarkG ...

Pierluigi Paganini October 23, 2023
Intelligence
MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

MI5 chief warns Chinese cyber espionage reached an epic scale, more than 20,000 people in the UK have now been targeted. The head of MI5, Ken McCallum, warns that Chinese spies targeted more than ...

Pierluigi Paganini October 22, 2023
Intelligence
The attack on the International Criminal Court was targeted and sophisticated

The International Criminal Court revealed the recent attack was carried out by a threat actor for espionage purposes. The International Criminal Court shared additional information about the cyber ...

Pierluigi Paganini October 22, 2023
Breaking News
Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini October 22, 2023
Cyber Crime
A threat actor is selling access to Facebook and Instagram's Police Portal

A threat actor is selling access to Facebook and Instagram's Police Portal used by law enforcement agencies to request data relating to users under investigation. Cyber security researcher Alon Ga ...

Pierluigi Paganini October 21, 2023
Data Breach
Threat actors breached Okta support system and stole customers' data

Okta revealed that threat actors breached its support case management system and stole sensitive data that can be used in future attacks. Okta says that threat actors broke into its support case m ...

Pierluigi Paganini October 21, 2023
Security
US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide

The U.S. government seized 17 website domains used by North Korean IT workers in a fraudulent scheme to defraud businesses worldwide. The U.S. government announced the seizure of 17 website doma ...

Pierluigi Paganini October 21, 2023
Cyber Crime
Alleged developer of the Ragnar Locker ransomware was arrested

A joint international law enforcement investigation led to the arrest of a malware developer who was involved in the Ragnar Locker ransomware operation. Yesterday we became aware of a joint law en ...

Pierluigi Paganini October 20, 2023
Hacking
CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

US CISA added the vulnerability CVE-2021-1435 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnera ...

Pierluigi Paganini October 20, 2023
Hacking
Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

More than 40,000 Cisco IOS XE devices have been compromised in attacks exploiting recently disclosed critical vulnerability CVE-2023-20198. Researchers from LeakIX used the indicators of compromis ...

Pierluigi Paganini October 20, 2023
Cyber Crime
Law enforcement operation seized Ragnar Locker group's infrastructure

An international law enforcement operation shuts down the infrastructure of the Ragnar Locker ransomware operation. Law enforcement from the US, Europe, Germany, France, Italy, Japan, Spain, Nethe ...

Pierluigi Paganini October 19, 2023
Security
THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

I’m proud to announce the release of the 11th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen Agency for cybersecurity ENISA releases ...

Pierluigi Paganini October 19, 2023
APT
North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

North Korea-linked threat actors are actively exploiting a critical vulnerability CVE-2023-42793 in JetBrains TeamCity. Microsoft warns that North Korea-linked threat actors are actively exploitin ...

Pierluigi Paganini October 19, 2023
APT
Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google's Threat Analysis Group (TAG) reported that in recent weeks ...

Pierluigi Paganini October 19, 2023
Data Breach
Californian IT company DNA Micro leaks private mobile phone data

Hundreds of thousands of clients who opted-in for a screen warranty were exposed when DNA Micro leaked data from its systems. The Cybernews research team found that DNA Micro, a California-based I ...

Pierluigi Paganini October 18, 2023
Hacking
Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

Experts reported that the vulnerability CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been exploited in attacks since late August. On October 10, Citrix published a security bulletin ...

Pierluigi Paganini October 18, 2023
Hacking
A flaw in Synology DiskStation Manager allows admin account takeover

A vulnerability in Synology DiskStation Manager (DSM) could be exploited to decipher an administrator's password. Researchers from Claroty's Team82 discovered a vulnerability, tracked as CVE-2023- ...

Pierluigi Paganini October 18, 2023
Hacking
D-Link confirms data breach, but downplayed the impact

Taiwanese manufacturer D-Link confirmed a data breach after a threat actor offered for sale on BreachForums stolen data. The global networking equipment and technology company D-Link confirmed a ...

Pierluigi Paganini October 18, 2023
Breaking News
CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems

Threat actors exploited the recently disclosed zero-day flaw (CVE-2023-20198) in a large-scale hacking campaign on Cisco IOS XE devices. Threat actors have exploited the recently disclosed critica ...

Pierluigi Paganini October 17, 2023
APT
Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between May and September 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised el ...

Pierluigi Paganini October 17, 2023
Cyber Crime
Ransomware realities in 2023: one employee mistake can cost a company millions

What is the impact of ransomware on organizations? One employee's mistake can cost a company millions of dollars. Studies show that human error is the root cause of more than 80% of all cyber brea ...

Pierluigi Paganini October 17, 2023
Malware
Malware-laced 'RedAlert - Rocket Alerts' app targets Israeli users 

Threat actors are targeting Israeli Android users with a malicious version of the 'RedAlert – Rocket Alerts' that hide spyware. A threat actor is targeting Israeli Android users with a spyware-l ...

Pierluigi Paganini October 17, 2023
Hacking
Cisco warns of active exploitation of IOS XE zero-day

Cisco warned customers of a critical zero-day vulnerability in its IOS XE Software that is actively exploited in attacks. Cisco warned customers of a zero-day vulnerability, tracked as CVE-2023-2 ...

Pierluigi Paganini October 16, 2023
Hacking
Signal denies claims of an alleged zero-day flaw in its platform

Encrypted messaging app Signal denied claims of an alleged zero-day flaw in its platform after a responsible investigation. The popular encrypted messaging app Signal denied claims of an alleged z ...

Pierluigi Paganini October 16, 2023
Malware
Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

Microsoft thwarted a large-scale hacking campaign carried out by Akira ransomware operators targeting an unknown industrial organization. Microsoft announced that its Microsoft Defender for Endpo ...

Pierluigi Paganini October 16, 2023
Cyber Crime
DarkGate malware campaign abuses Skype and Teams

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. From July to September, researchers from Trend Micro observed a ma ...

Pierluigi Paganini October 16, 2023
Cyber Crime
The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital

The Alphv ransomware group added the Morrison Community Hospital to its dark web leak site. Threat actors continue to target hospitals. The ALPHV/BlackCat ransomware group claims to have hacked th ...

Pierluigi Paganini October 15, 2023
Breaking News
Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini October 15, 2023
Cyber Crime
Lockbit ransomware gang demanded an 80 million ransom to CDW

The Lockbit ransomware gang claims to have hacked the technology services giant CDW and threatens to leak the stolen data. The technology services giant CDW announced it has launched an investiga ...

Pierluigi Paganini October 14, 2023
Breaking News
CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks

CISA warns organizations of vulnerabilities and misconfigurations that are known to be exploited in ransomware operations. The US cybersecurity agency CISA is sharing knowledge about vulnerabiliti ...

Pierluigi Paganini October 14, 2023
APT
Stayin' Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

A cyberespionage campaign, tracked as Stayin' Alive, targeted high-profile government and telecom entities in Asia. Cybersecurity company Check Point uncovered a malicious activity, tracked as  ...

Pierluigi Paganini October 13, 2023
Uncategorized
FBI and CISA published a new advisory on AvosLocker ransomware

FBI and CISA published a joint Cybersecurity Advisory (CSA) to disseminate IOCs, TTPs, and detection methods associated with AvosLocker ransomware. The joint Cybersecurity Advisory (CSA) published ...

Pierluigi Paganini October 13, 2023
Hacking
More than 17,000 WordPress websites infected with the Balada Injector in September

In September more than 17,000 WordPress websites have been compromised by the Balada Injector malware. Sucuri researchers reported that more than 17,000 WordPress websites have been compromised i ...

Pierluigi Paganini October 13, 2023
Malware
Ransomlooker, a new tool to track and analyze ransomware groups' activities

Ransomlooker monitors ransomware groups' extortion sites and delivers consolidated feeds of their claims worldwide. Cybernews presented Ransomlooker, a tool to monitor ransomware groups' extortio ...

Pierluigi Paganini October 12, 2023
Cyber Crime
Phishing, the campaigns that are targeting Italy

This post analyzed the numerous phishing campaigns targeting users and organizations in Italy. Phishing is a ploy to trick users into revealing personal or financial information through an e-mail ...

Pierluigi Paganini October 12, 2023
Cyber Crime
A new Magecart campaign hides the malicious code in 404 error page

Researchers observed a new Magecart web skimming campaign changing the websites' default 404 error page to steal credit cards. Researchers from the Akamai Security Intelligence Group unc ...

Pierluigi Paganini October 12, 2023
Hacking
CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

US CISA added the flaw CVE-2023-21608 in Adobe Acrobat Reader to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new fl ...

Pierluigi Paganini October 11, 2023
Malware
Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

A Mirai-based DDoS botnet tracked as IZ1H9 has added thirteen new exploits to target routers from different vendors, including D-Link, Zyxel, and TP-Link. Fortinet researchers observed a new Mir ...

Pierluigi Paganini October 11, 2023
Data Breach
Air Europa data breach exposed customers' credit cards

Airline Air Europa disclosed a data breach and warned customers to cancel their credit cards after threat actors accessed their card information. Air Europa is a Spanish airline and a subsidiary o ...

Pierluigi Paganini October 11, 2023
Cyber warfare
#OpIsrael, #FreePalestine & #OpSaudiArabia - How Cyber Actors Capitalize On War Actions Via Psy-Ops

Gaza: Resecurity identified threat actors exploiting the conflict to weaponize psychological operations (PSYOPs) campaigns. Amidst the outbreak of war on the Gaza Strip last weekend, Resecurity (L ...

Pierluigi Paganini October 11, 2023
Security
Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws

Microsoft Patch Tuesday security updates for October 2023 fixed three actively exploited zero-day vulnerabilities. Microsoft Patch Tuesday security updates for October 2023 addressed a total of 10 ...

Pierluigi Paganini October 11, 2023
Hacking
New 'HTTP/2 Rapid Reset' technique behind record-breaking DDoS attacks

A new DDoS technique named 'HTTP/2 Rapid Reset' is actively employed in attacks since August enabling record-breaking attacks. Researchers disclosed a new zero-day DDoS attack technique, named 'HT ...

Pierluigi Paganini October 10, 2023
Hacking
Exposed security cameras in Israel and Palestine pose significant risks

Many poorly configured security cameras are exposed to hacktivists in Israel and Palestine, placing the owners using them and the people around them at substantial risk. After the Hamas attacks on ...

Pierluigi Paganini October 10, 2023
Hacking
A flaw in libcue library impacts GNOME Linux systems

A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked a ...

Pierluigi Paganini October 10, 2023
Hacktivism
Hacktivists in Palestine and Israel after SCADA and other industrial control systems

Both pro-Israeli and pro-Palestinian hacktivists have joined the fight and are targeting SCADA and ICS systems. Both pro-Israeli and pro-Palestinian hacktivists have joined the fight in the cyber ...

Pierluigi Paganini October 10, 2023
Hacking
Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler gateways affected by the CVE-2023-3519 vulnerability. IBM's X-Force researchers reported that threat actors are con ...

Pierluigi Paganini October 09, 2023
Malware
The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. Cybersecurity researchers 3xp0rt reported that a threat actor ...

Pierluigi Paganini October 09, 2023
Hacking
Gaza-linked hackers and Pro-Russia groups are targeting Israel

Microsoft linked a Gaza-based threat actor tracked as Storm-1133 to a series of attacks aimed at private organizations in Israel. The fourth annual Digital Defense Report published by Microsoft l ...

Pierluigi Paganini October 09, 2023
Data Breach
Flagstar Bank suffered a data breach once again

Flagstar Bank announced a data breach suffered by a third-party service provider exposed the personal information of over 800,000 US customers. Flagstar Bank is warning 837,390 US customers that t ...

Pierluigi Paganini October 09, 2023
Malware
Android devices shipped with backdoored firmware as part of the BADBOX network

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security disc ...

Pierluigi Paganini October 09, 2023
Breaking News
Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini October 08, 2023
APT
North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime

North Korea-linked APT group Lazarus has laundered $900 million worth of cryptocurrency, Elliptic researchers reported. Researchers from blockchain analytics firm Elliptic reported that threat act ...

Pierluigi Paganini October 08, 2023
Cyber Crime
QakBot threat actors are still operational after the August takedown

Threat actors behind the QakBot malware are still active, since August they are carrying out a phishing campaign delivering Ransom Knight ransomware and Remcos RAT. In August, the FBI announced th ...

Pierluigi Paganini October 07, 2023
Cyber Crime
Ransomware attack on MGM Resorts costs $110 Million

Hospitality and entertainment company MGM Resorts announced that the costs of the recent ransomware attack costs exceeded $110 million. In September the hospitality and entertainment company MGM R ...

Pierluigi Paganini October 06, 2023
Breaking News
Cybersecurity, why a hotline number could be important?

The creation of a dedicated emergency number for cybersecurity could provide an effective solution to this rapidly growing challenge The growing threat of cybercrime is calling for new and innovat ...

Pierluigi Paganini October 06, 2023
Hacking
Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables

Researchers published PoC exploits for CVE-2023-4911 vulnerability (aka Looney Tunables) impacting most popular Linux distributions. The vulnerability CVE-2023-4911 (CVSS score 7.8) is a buffer ov ...

Pierluigi Paganini October 06, 2023
Security
Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

Cisco addressed a critical Static Credentials Vulnerability, tracked as CVE-2023-20101, impacting Emergency Responder. Cisco released security updates to address a critical vulnerability, tracked ...

Pierluigi Paganini October 06, 2023
Intelligence
Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege

Belgian intelligence agency State Security Service (VSSE) fears that Chinese giant Alibaba is spying on logistics to gather financial intelligence. The Belgian intelligence service VSSE revealed t ...

Pierluigi Paganini October 06, 2023
Hacking
CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog

The U.S. CISA added JetBrains TeamCity and Windows vulnerabilities to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the JetBra ...

Pierluigi Paganini October 05, 2023
Hacking
NATO is investigating a new cyber attack claimed by the SiegedSec group

NATO is investigating claims that a group called SiegedSec has breached its systems and leaked a cache of unclassified documents online. NATO announced it is investigating claims that a politicall ...

Pierluigi Paganini October 05, 2023
Data Breach
Global CRM Provider Exposed Millions of Clients’ Files Online

Researcher discovered that global B2B CRM provider Really Simple Systems exposed online a non-password-protected database with million records. Cybersecurity Researcher, Jeremiah Fowler, discovere ...

Pierluigi Paganini October 05, 2023
Data Breach
Sony sent data breach notifications to about 6,800 individuals

Sony Interactive Entertainment has notified current and former employees and their family members about a data breach. Sony Interactive Entertainment (SIE) has notified current and former employee ...

Pierluigi Paganini October 05, 2023
Hacking
Apple fixed the 17th zero-day flaw exploited in attacks

Apple released emergency security updates to address a new actively exploited zero-day vulnerability impacting iPhone and iPad devices. Apple released emergency security updates to address a new ...

Pierluigi Paganini October 04, 2023
Hacking
Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

Atlassian fixed a critical zero-day flaw in its Confluence Data Center and Server software, which has been exploited in the wild. Software giant Atlassian released emergency security updates to ad ...

Pierluigi Paganini October 04, 2023
Hacking
A cyberattack disrupted Lyca Mobile services

International mobile virtual network operator Lyca Mobile announced it has been the victim of a cyber attack that disrupted its network. Lyca Mobile is a mobile virtual network operator (MVNO) tha ...

Pierluigi Paganini October 04, 2023
Security
Chipmaker Qualcomm warns of three actively exploited zero-days

Chipmaker Qualcomm addressed 17 vulnerabilities in various components and warns of three other actively exploited zero-day flaws. Chipmaker Qualcomm released security updates to address 17 vulnera ...

Pierluigi Paganini October 04, 2023
Reports
DRM Report Q2 2023 - Ransomware threat landscape

The DRM Report Q2 2023 report provides a detailed insight into the ransomware threat landscape during the period between May and August 2023. In an era where digitalization has woven its web into ...

Pierluigi Paganini October 04, 2023
Cyber Crime
Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform

Threat actors exploited an open redirection vulnerability in the job search platform Indeed to carry out phishing attacks. Researchers from the cybersecurity firm Menlo Security reported that thre ...

Pierluigi Paganini October 04, 2023
Data Breach
San Francisco’s transport agency exposes drivers’ parking permits and addresses

A misconfiguration in the Metropolitan Transportation Commission (MTC) systems caused a leak of over 26K files, exposing clients’ parking permits and home addresses. The MTC is a governmental ag ...

Pierluigi Paganini October 03, 2023
Malware
BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Cybersecurity researchers spotted a new malware-as-a-service (MaaS) called BunnyLoader that's appeared in the threat landscape. Zscaler ThreatLabz researchers discovered a new malware-as-a-servi ...

Pierluigi Paganini October 03, 2023
Breaking News
Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Researchers have identified the exfiltration infrastructure of a LockBit affiliate while investigating a LockBit extortion incident that occurred in Q3 2023. Executive Summary We investigated ...

Pierluigi Paganini October 03, 2023
Malware
Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

Researchers from cybersecurity firm TG Soft are warning Italian entities and companies of LockBit 3.0 Black and BlackCat/AlphV attacks. In the last few weeks, two cybercriminal groups th ...

Pierluigi Paganini October 03, 2023
Data Breach
European Telecommunications Standards Institute (ETSI) suffered a data breach

The European Telecommunications Standards Institute (ETSI) disclosed a data breach, threat actors had access to a database of its users. Threat actors stole a database containing the list of users ...

Pierluigi Paganini October 03, 2023
Hacking
WS_FTP flaw CVE-2023-40044 actively exploited in the wild

Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Software’s WS_FTP products. Progress Software recently warned customers to address a ...

Pierluigi Paganini October 02, 2023
Data Breach
National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers

The National Logistics Portal (NLP), a newly launched platform to manage all port operations in India, left public access to sensitive data, posing the risk of a potential takeover by threat actors. ...

Pierluigi Paganini October 02, 2023
APT
North Korea-linked Lazarus targeted a Spanish aerospace company

North Korea-linked APT group Lazarus impersonated Meta's recruiters in an attack against a Spanish company in the Aerospace industry. ESET researchers linked the North Korea-linked Lazarus AP ...

Pierluigi Paganini October 02, 2023
Data Breach
Ransomware attack on Johnson Controls may have exposed sensitive DHS data

Experts warn that the recent attack on building automation giant Johnson Controls may have exposed data of the Department of Homeland Security (DHS). Johnson Controls International plc is a multin ...

Pierluigi Paganini October 02, 2023
Cyber Crime
BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care

The ALPHV/BlackCat ransomware gang added McLaren Health Care to the list of victims on its Tor leak site. McLaren Health Care is a not-for-profit healthcare system based in Michigan, United States ...

Pierluigi Paganini October 01, 2023
Breaking News
Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini October 01, 2023
Cyber Crime
ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

The ALPHV/BlackCat ransomware gang added the hotel chain Motel One to the list of victims on its Tor leak site. Motel One is a German hotel chain that offers budget-friendly accommodations primari ...

Pierluigi Paganini September 30, 2023
Cyber Crime
FBI warns of dual ransomware attacks

The U.S. Federal Bureau of Investigation (FBI) warns of dual ransomware attacks aimed at the same victims. The U.S. Federal Bureau of Investigation (FBI) is warning of dual ransomware attacks, a n ...

Pierluigi Paganini September 30, 2023
Breaking News
Progress Software fixed two critical severity flaws in WS_FTP Server

Progress Software has addressed a critical severity vulnerability in its WS_FTP Server software used by thousands of IT teams worldwide. Progress Software warned customers to address a critical se ...

Pierluigi Paganini September 30, 2023
Security
Child abuse site taken down, organized child exploitation crime suspected – exclusive

A child abuse site has been taken down following a request to German law enforcement by Cybernews research team. A hacker collective, who wanted to remain anonymous, has been relentlessly hunting ...

Pierluigi Paganini September 30, 2023
Hacking
A still unpatched zero-day RCE impacts more than 3.5M Exim servers

Experts warn of a critical zero-day vulnerability, tracked as CVE-2023-42115, in all versions of Exim mail transfer agent (MTA) software. A critical zero-day vulnerability, tracked as CVE-2023-421 ...

Pierluigi Paganini September 29, 2023
Hacking
Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

China-linked threat actors stole around 60,000 emails from U.S. State Department after breaching Microsoft's Exchange email platform in May. China-linked hackers who breached Microsoft's email pl ...

Pierluigi Paganini September 29, 2023
Data Breach
Misconfigured WBSC server leaks thousands of passports

The World Baseball Softball Confederation (WBSC) left open a data repository exposing nearly 50,000 files, some of which were highly sensitive, the Cybernews research team has discovered. On June ...

Pierluigi Paganini September 29, 2023
Security
CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the ...

Pierluigi Paganini September 29, 2023
Hacking
Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. Cisco warned customers to install security ...

Pierluigi Paganini September 28, 2023
Cyber Crime
Dark Angels Team ransomware group hit Johnson Controls

Johnson Controls International suffered a ransomware attack that impacted the operations of the company and its subsidiaries. Johnson Controls International plc is a multinational conglomerate wit ...

Pierluigi Paganini September 28, 2023
Hacking
GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-5217, in the Chrome browser. Google on Wednesday released security updates to addre ...

Pierluigi Paganini September 28, 2023
Hacking
Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices

A Russian zero-day broker is willing to pay $20 million for zero-day exploits for iPhones and Android mobile devices. The Russian zero-day broker firm Operation Zero is increasing payouts for top- ...

Pierluigi Paganini September 27, 2023
APT
China-linked APT BlackTech was spotted hiding in Cisco router firmware

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. US and Japanese intelligence, law enforcement ...

Pierluigi Paganini September 27, 2023
Hacking
Watch out! CVE-2023-5129 in libwebp library affects millions applications

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier f ...

Pierluigi Paganini September 27, 2023
Security
DarkBeam leaks billions of email and password combinations

DarkBeam left an Elasticsearch and Kibana interface unprotected, exposing records from previously reported and non-reported data breaches. The leaked logins present cybercriminals with almost limi ...

Pierluigi Paganini September 27, 2023
Data Breach
'Ransomed.vc' in the Spotlight - What is Known About the Ransomware Group Targeting Sony and NTT Docomo

Following the recently announced data leak from Sony, Ransomed.vc group claimed the hack of the Japanese giant NTT Docomo. Following the recently announced data leak from Sony, the notorious ranso ...

Pierluigi Paganini September 27, 2023
Security
Top 5 Problems Solved by Data Lineage

Data lineage is the visualization and tracking of data as it moves through various stages of its lifecycle. In an age where data drives decisions and fuels innovation, understanding the journey of ...

Pierluigi Paganini September 27, 2023
Data Breach
Threat actors claim the hack of Sony, and the company investigates

Sony launched an investigation into an alleged data breach after the RansomedVC group claimed the hack of the company. Sony announced it is investigating allegations of a data breach after the Ran ...

Pierluigi Paganini September 26, 2023
Data Breach
Canadian Flair Airlines left user data leaking for months

Researchers discovered that Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months Canadian Flair Airlines left credentials to sensitive ...

Pierluigi Paganini September 26, 2023
Cyber Crime
The Rhysida ransomware group hit the Kuwait Ministry of Finance

This week the Rhysida ransomware group claimed the hack of the Kuwait Ministry of Finance and added it to its Tor leak site. Last week a ransomware attack hit the Government of Kuwait, the attack ...

Pierluigi Paganini September 26, 2023
Data Breach
BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

The Better Outcomes Registry & Network (BORN), the Ontario birth registry disclosed a data breach affecting some 3.4 million people. The Better Outcomes Registry & Network (BORN) is a prog ...

Pierluigi Paganini September 26, 2023
Malware
Xenomorph malware is back after months of hiatus and expands the list of targets

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading ...

Pierluigi Paganini September 26, 2023
Cyber Crime
Smishing Triad Stretches Its Tentacles into the United Arab Emirates

Resecurity research found that the 'Smishing Triad' cybercrime group has expanded its phishing campaign into the United Arab Emirates (UAE). Resecurity research recently found that 'Smishing Triad ...

Pierluigi Paganini September 26, 2023
Hacking
Crooks stole $200 million worth of assets from Mixin Network

Crooks stole $200 million from Mixin Network, a free, lightning fast and decentralized network for transferring digital assets. Mixin Network, the Hong Kong-based crypto firm behind a free, lightn ...

Pierluigi Paganini September 25, 2023
Cyber warfare
A phishing campaign targets Ukrainian military entities with drone manual lures

A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign u ...

Pierluigi Paganini September 25, 2023
Hacking
Alert! Patch your TeamCity instance to avoid server hack

Experts warn of a critical vulnerability in the TeamCity CI/CD server that can be exploited to take over a vulnerable server. JetBrains TeamCity is a popular and highly extensible Continuous Integ ...

Pierluigi Paganini September 25, 2023
APT
Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Sout ...

Pierluigi Paganini September 25, 2023
Cyber Crime
Nigerian National pleads guilty to participating in a millionaire BEC scheme

A Nigerian national pleaded guilty to wire fraud and money laundering through business email compromise (BEC). The Nigerian national Kosi Goodness Simon-Ebo (29), who is residing in South Africa, ...

Pierluigi Paganini September 25, 2023
Malware
New variant of BBTok Trojan targets users of +40 banks in LATAM

A new variant of a banking trojan, called BBTok, targets users of over 40 banks in Latin America, particularly Brazil and Mexico. Check Point researchers warn of a new variant of a banking trojan ...

Pierluigi Paganini September 25, 2023
Malware
Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Researchers discovered a previously undocumented sophisticated backdoor, named Deadglyph, used by the Stealth Falcon group for espionage in the Middle East ESET researchers discovered a very sophi ...

Pierluigi Paganini September 24, 2023
Data Breach
Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

The Alphv ransomware group claims to have hacked Clarion, the global manufacturer of audio and video equipment for cars and other vehicles. The Alphv ransomware group added Clarion, the global ...

Pierluigi Paganini September 24, 2023
Breaking News
Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini September 24, 2023
Data Breach
National Student Clearinghouse data breach impacted approximately 900 US schools

U.S. educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. The National Student Clearinghouse (NSC) is a nonprofit o ...

Pierluigi Paganini September 24, 2023
Hacking
Government of Bermuda blames Russian threat actors for the cyber attack

The Government of Bermuda believes that the recent cyberattack against its IT infrastructure was launched by Russian threat actors. This week a cyber attack hit the Government of Bermuda causing t ...

Pierluigi Paganini September 23, 2023
Mobile
Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Citizen Lab and Google's TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. Researchers from the Citizen Lab and Google's Threat Analysis Gr ...

Pierluigi Paganini September 22, 2023
Hacking
CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog

US CISA added the flaw CVE-2023-41179 in Trend Micro Apex and other security products to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) a ...

Pierluigi Paganini September 22, 2023
Data Breach
Information of Air Canada employees exposed in recent cyberattack

Air Canada, the flag carrier and largest airline of Canada, announced that the personal information of some employees was exposed as a result of a recent cyberattack. Air Canada, the flag carrier ...

Pierluigi Paganini September 22, 2023
APT
Sandman APT targets telcos with LuaDream backdoor

A previously undocumented APT dubbed Sandman targets telecommunication service providers in the Middle East, Western Europe, and South Asia. A joint research conducted by SentinelLabs and QGroup G ...

Pierluigi Paganini September 22, 2023
Hacking
Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws

Apple released emergency security updates to address three new actively exploited zero-day vulnerabilities. Apple released emergency security updates to address three new zero-day vulnerabilities ...

Pierluigi Paganini September 21, 2023
Hacking
Ukrainian hackers are behind the Free Download Manager supply chain attack

The recently discovered Free Download Manager (FDM) supply chain attack, which distributed Linux malware, started back in 2020. The maintainers of Free Download Manager (FDM) confirmed that the re ...

Pierluigi Paganini September 21, 2023
Data Breach
Space and defense tech maker Exail Technologies exposes database access

Exail Technologies, a high-tech manufacturer whose clients include the US Coast Guard, exposed sensitive company data that could’ve enabled attackers to access its databases. Exail, a French hig ...

Pierluigi Paganini September 21, 2023
Hacking
Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions

Pro-Russia hacker group NoName is suspected to have launched a cyberattack that caused border checkpoint outages at several Canadian airports. A massive DDoS cyber attack, likely carried out by Pr ...

Pierluigi Paganini September 21, 2023
Security
Experts found critical flaws in Nagios XI network monitoring software

Researchers discovered multiple vulnerabilities in the Nagios XI network and IT infrastructure monitoring and management solution. Researchers discovered four vulnerabilities (CVE-2023-40931, CVE- ...

Pierluigi Paganini September 20, 2023
Deep Web
The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs

Finnish police announced the takedown of the dark web marketplace PIILOPUOTI which focuses on the sale of illegal narcotics. Finnish Customs announced the seizure of the dark web marketplace Piilo ...

Pierluigi Paganini September 20, 2023
Hacking
International Criminal Court hit with a cyber attack

A cyberattack hit the International Criminal Court (ICC) disclosed a cyberattack this week, its systems were compromised last week. The International Criminal Court (ICC) announced that threat act ...

Pierluigi Paganini September 20, 2023
Security
GitLab addressed critical vulnerability CVE-2023-5009

GitLab rolled out security patches to address a critical vulnerability, tracked as CVE-2023-5009, that can be exploited to run pipelines as another user. GitLab has released security patches to ad ...

Pierluigi Paganini September 20, 2023
Hacking
Trend Micro addresses actively exploited zero-day in Apex One and other security Products

Trend Micro addressed a zero-day code execution vulnerability (CVE-2023-41179) in Apex One that has been actively exploited in the wild. Trend Micro has released security updates to patch an activ ...

Pierluigi Paganini September 20, 2023
APT
ShroudedSnooper threat actors target telecom companies in the Middle East

ShroudedSnooper threat actors are targeting telecommunication service providers in the Middle East with a backdoor called HTTPSnoop. Cisco Talos researchers recently discovered a new stealthy impl ...

Pierluigi Paganini September 19, 2023
Security
Recent cyber attack is causing Clorox products shortage

The cyber attack that hit the cleaning products manufacturer Clorox in August is still affecting the supply of the products to customers. The Clorox Company is a multinational consumer goods compa ...

Pierluigi Paganini September 19, 2023
APT
Earth Lusca expands its arsenal with SprySOCKS Linux malware

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linke ...

Pierluigi Paganini September 19, 2023
Data Breach
Microsoft AI research division accidentally exposed 38TB of sensitive data

Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020. Cybersecurity firm Wiz discovered that the Microsoft AI research division accid ...

Pierluigi Paganini September 18, 2023
Hacking
German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals

The head of Germany’s foreign intelligence service warns of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. Bruno Kahl, the President of the Bundesnachrich ...

Pierluigi Paganini September 18, 2023
Hacking
Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

Software development company Retool was the victim of a smishing attack that resulted in the compromise of 27 accounts of its cloud customers. Software development company Retool revealed that 27 ...

Pierluigi Paganini September 18, 2023
Data Breach
FBI hacker USDoD leaks highly sensitive TransUnion data

Researchers from vx-underground reported that FBI hacker 'USDoD' leaked sensitive data from consumer credit reporting agency TransUnion. TransUnion is an American consumer credit reporti ...

Pierluigi Paganini September 18, 2023
APT
North Korea's Lazarus APT stole almost $240 million in crypto assets since June

The North Korea-linked APT group Lazarus has stolen more than $240 million worth of cryptocurrency since June 2023, researchers warn. According to a report published by blockchain cyber security f ...

Pierluigi Paganini September 18, 2023
Cyber Crime
Clop gang stolen data from major North Carolina hospitals

Researchers at healthcare technology firm Nuance blame the Clop gang for a series of cyber thefts at major North Carolina hospitals. The Microsoft-owned healthcare technology firm N ...

Pierluigi Paganini September 17, 2023
Data Breach
CardX released a data leak notification impacting their customers in Thailand

One of Thailand's major digital financial platforms, CardX, recently disclosed a data leak that affected their customers. According to the statement published on the CardX official website on Sep ...

Pierluigi Paganini September 17, 2023
Breaking News
Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini September 17, 2023
Breaking News
TikTok fined €345M by Irish DPC for violating children’s privacy

The Irish Data Protection Commission (DPC) fined TikTok €345 million ($368 million) for violating the privacy of children. The Irish Data Protection Commission (DPC) fined TikTok €345 million ...

Pierluigi Paganini September 16, 2023
Cyber Crime
Dariy Pankov, the NLBrute malware author, pleads guilty

The Russian national Dariy Pankov, aka dpxaker, has pleaded guilty to conspiracy to commit wire and computer fraud. The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrut ...

Pierluigi Paganini September 15, 2023
Security
Dangerous permissions detected in top Android health apps

Leading Android health apps expose users to avoidable threats like surveillance and identity theft, due to their risky permissions. Cybernews has the story. The Android challenge In the digital ...

Pierluigi Paganini September 15, 2023
Cyber Crime
Caesars Entertainment paid a ransom to avoid stolen data leaks

Caesars Entertainment announced it has paid a ransom to avoid the leak of customer data stolen in a recent intrusion. Caesars Entertainment is the world's most geographically diversified casino-en ...

Pierluigi Paganini September 15, 2023
Malware
Free Download Manager backdoored to serve Linux malware for more than 3 years

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manag ...

Pierluigi Paganini September 15, 2023
Cyber Crime
Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York

LockBit ransomware group breached two hospitals, the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York. The Lockbit ransomware group claims to have hacked two major hospita ...

Pierluigi Paganini September 14, 2023
Data Breach
UK Greater Manchester Police disclosed a data breach

UK Greater Manchester Police (GMP) disclosed a data breach, threat actors had access to some of its employees' personal information. UK Greater Manchester Police (GMP) announced that threat actors ...

Pierluigi Paganini September 14, 2023
Intelligence
The iPhone of a Russian journalist was infected with the Pegasus spyware

The iPhone of a prominent Russian journalist, who is at odds with Moscow, was infected with NSO Group's Pegasus spyware. The iPhone of the Russian journalist Galina Timchenko was compromised with ...

Pierluigi Paganini September 14, 2023
Hacking
Kubernetes flaws could lead to remote code execution on Windows endpoints

Researchers discovered three security flaws in Kubernetes that can lead to remote code execution on Windows endpoints. Akamai researchers recently discovered a high-severity vulnerability in Kub ...

Pierluigi Paganini September 14, 2023
Data Breach
Threat actor leaks sensitive data belonging to Airbus

The multinational aerospace corporation Airbus has launched an investigation into the recent leak of information allegedly stolen from the company. The multinational aerospace corporation Airb ...

Pierluigi Paganini September 14, 2023
Malware
A new ransomware family called 3AM appears in the threat landscape

3AM is a new strain of ransomware that was spotted in a single incident in which the threat actors failed to deploy the LockBit ransomware in the target infrastructure. Symantec’s Threat Hunte ...

Pierluigi Paganini September 13, 2023
Hacking
Redfly group infiltrated an Asian national grid as long as six months

A threat actor tracked as Redfly had infected the systems at a national grid located in an unnamed Asian country for six months starting in January. Symantec’s Threat Hunter Team discovered th ...

Pierluigi Paganini September 13, 2023
Hacking
Mozilla fixed a critical zero-day in Firefox and Thunderbird

Mozilla addressed a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in attacks in the wild. Mozilla rolled out security updates to address a critical ze ...

Pierluigi Paganini September 13, 2023
Security
Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws

Microsoft September 2023 Patch Tuesday addressed 59 new flaws, including two vulnerabilities under active attack. Microsoft September 2023 Patch Tuesday security updates addressed 59 vulnerabiliti ...

Pierluigi Paganini September 13, 2023
Cyber Crime
Save the Children confirms it was hit by cyber attack

The international non-governmental organization (NGO) Save the Children International was recently hit with a cyberattack. The charity organization Save the Children International revealed that it ...

Pierluigi Paganini September 12, 2023
Security
Adobe fixed actively exploited zero-day in Acrobat and Reader

Software giant Adobe is warning of a critical security vulnerability in the PDF Acrobat and Reader that is actively exploited in the wild. Adobe Patch Tuesday security updates (APSB23-34) addresse ...

Pierluigi Paganini September 12, 2023
Hacking
A new Repojacking attack exposed over 4,000 GitHub repositories to hack

A critical vulnerability in GitHub could have exposed more than 4,000 code packages to Repojacking attack. Checkmarx researchers discovered a new vulnerability in GitHub could have exposed over 4, ...

Pierluigi Paganini September 12, 2023
Hacking
MGM Resorts hit by a cyber attack

Hospitality and entertainment company MGM Resorts was hit by a cyber attack that shut down its systems at MGM Hotels and Casinos. Hospitality and entertainment company MGM Resorts was the victim o ...

Pierluigi Paganini September 12, 2023
Hacking
Anonymous Sudan launched a DDoS attack against Telegram

Anonymous Sudan launched a DDoS attack against Telegram after the company suspended the account of the group. The hacker collective Anonymous Sudan (aka Storm-1359) has launched a distributed deni ...

Pierluigi Paganini September 12, 2023
APT
Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

Iran-linked APT group Charming Kitten used a previously undocumented backdoor named Sponsor in attacks against entities in Brazil, Israel, and the U.A.E. ESET researchers observed a series of a ...

Pierluigi Paganini September 12, 2023
Hacking
GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

Google rolled out emergency security updates to address a new Chrome zero-day (CVE-2023-4863) actively exploited in the wild. Google rolled out emergency security updates to address a zero-day vul ...

Pierluigi Paganini September 11, 2023
Security
CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog

U.S. CISA adds vulnerabilities in Apple devices exploited to install NSO Group's Pegasus spyware on iPhones to Known Exploited Vulnerabilities Catalog US Cybersecurity and Infrastructure Security ...

Pierluigi Paganini September 11, 2023
Cyber Crime
UK and US sanctioned 11 members of the Russia-based TrickBot gang

The U.K. and U.S. governments sanctioned 11 more individuals who were alleged members of the Russia-based TrickBot cybercrime gang. The United States, in coordination with the United Kingdom, sanc ...

Pierluigi Paganini September 11, 2023
Cyber Crime
New HijackLoader malware is rapidly growing in popularity in the cybercrime community

Zscaler ThreatLabz detailed a new malware loader, named HijackLoader, which has grown in popularity over the past few months HijackLoader is a loader that is gaining popularity among the cybercrim ...

Pierluigi Paganini September 11, 2023
Security
Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable

CyberNews researchers discovered that many universities worldwide are leaking sensitive information and are even open to full takeover. Many universities worldwide, including some of the most pres ...

Pierluigi Paganini September 11, 2023
Malware
Evil Telegram campaign: Trojanized Telegram apps found on Google Play

Evil Telegram: a Trojanized version of the Telegram app was spotted on the Google Play Store, Kaspersky researchers reported. Researchers from Kaspersky discovered several Telegram mods on the Goo ...

Pierluigi Paganini September 11, 2023
Cyber Crime
Rhysida Ransomware gang claims to have hacked three more US hospitals

Rhysida Ransomware group added three more US hospitals to the list of victims on its Tor leak site after the PROSPECT MEDICAL attack. Recently the Rhysida ransomware group made the headlines becau ...

Pierluigi Paganini September 10, 2023
Cyber Crime
Akamai prevented the largest DDoS attack on a US financial company

Akamai announced it has mitigated the largest distributed denial-of-service (DDoS) attack on a U.S. financial company. Cybersecurity firm Akamai successfully identified and prevented a massive d ...

Pierluigi Paganini September 10, 2023
Breaking News
Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini September 10, 2023
Hacking
US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog

US CISA added critical vulnerability CVE-2023-33246 in Apache RocketMQ to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a critical ...

Pierluigi Paganini September 09, 2023
Hacking
Ragnar Locker gang leaks data stolen from the Israel's Mayanei Hayeshua hospital

The Ragnar Locker ransomware gang added Israel's Mayanei Hayeshua hospital to the list of victims on its Tor leak site The Ragnar Locker ransomware gang claimed responsibility for an attack on Isr ...

Pierluigi Paganini September 09, 2023
Intelligence
North Korea-linked threat actors target cybersecurity experts with a zero-day

North Korea-linked threat actors associated with North Korea exploited a zero-day flaw in attacks against cybersecurity experts. North Korea-linked threat actors were observed exploiting a zero-da ...

Pierluigi Paganini September 08, 2023
Hacking
Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adapti ...

Pierluigi Paganini September 08, 2023
Security
Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

Citizen Lab reported that the actively exploited zero-days fixed by Apple are being used in Pegasus spyware attacks Researchers at Citizen Lab reported that the actively exploited zero-day flaws ( ...

Pierluigi Paganini September 08, 2023
Hacking
Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs

Apple rolled out emergency security updates to address two new actively exploited zero-day vulnerabilities impacting iPhones and Macs. The two Apple zero-day vulnerabilities, tracked as CVE-2023-4 ...

Pierluigi Paganini September 07, 2023
Malware
A malvertising campaign is delivering a new version of the macOS Atomic Stealer

Researchers spotted a new malvertising campaign targeting Mac users with a new version of the macOS stealer Atomic Stealer. Malwarebytes researchers have observed a new malvertising campaign distr ...

Pierluigi Paganini September 07, 2023
Hacking
Two flaws in Apache SuperSet allow to remotely hack servers

A couple of security vulnerabilities in Apache SuperSet could be exploited by an attacker to gain remote code execution on vulnerable systems. Apache Superset is an open-source Data Visualizatio ...

Pierluigi Paganini September 07, 2023
Hacking
Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. In July, Microsoft announced it had mitigated an attack ...

Pierluigi Paganini September 07, 2023
Hacking
Google addressed an actively exploited zero-day in Android

Google released September 2023 Android security updates to address multiple flaws, including an actively exploited zero-day. Google released September 2023 Android security updates that address te ...

Pierluigi Paganini September 06, 2023
Hacking
A zero-day in Atlas VPN Linux Client leaks users' IP address

Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can reveal the user's IP address by visiting a website. A Reddit user with the handle 'Educational-Map-8145' published a ...

Pierluigi Paganini September 06, 2023
Hacking
MITRE and CISA release Caldera for OT attack emulation

MITRE and CISA released a Caldera extension for OT that allows the emulation of attacks on operational technology systems. MITRE Caldera is an open-source adversary emulation platform that helps c ...

Pierluigi Paganini September 06, 2023
Internet of Things
ASUS routers are affected by three critical remote code execution flaws

Three critical remote code execution vulnerabilities in ASUS routers potentially allow attackers to hijack the network devices. ASUS routers RT-AX55, RT-AX56U_V2, and RT-AC86U are affected by thre ...

Pierluigi Paganini September 06, 2023
Hacking
Hackers stole $41M worth of crypto assets from crypto gambling firm Stake

Crypto gambling site Stake suffered a security breach, and threat actors withdrew $41M of funds stolen including Tether and Ether. Researchers reported abnormally large withdrawals made from the c ...

Pierluigi Paganini September 05, 2023
Security
Freecycle data breach impacted 7 Million users

The nonprofit organization Freecycle Network (Freecycle.org) confirmed that it has suffered a data breach that impacted more than 7 million users. The Freecycle Network (TFN,) is a private, nonpro ...

Pierluigi Paganini September 05, 2023
Social Networks
Meta disrupted two influence campaigns from China and Russia

Meta disrupted two influence campaigns orchestrated by China and Russia, the company blocked thousands of accounts and pages. Meta announced it has taken down two of the largest known covert influ ...

Pierluigi Paganini September 05, 2023
Hacking
A massive DDoS attack took down the site of the German financial agency BaFin

A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down. A distributed denial-of-service (DDoS) attack took the site of the G ...

Pierluigi Paganini September 05, 2023
Cyber Crime
"Smishing Triad" Targeted USPS and US Citizens for Data Theft

Resecurity has identified a large-scale smishing campaign, tracked as Smishing Triad, targeting the US Citizens. Earlier episodes have revealed victims from the U.K., Poland, Sweden, Italy, Indon ...

Pierluigi Paganini September 04, 2023
Hacking
University of Sydney suffered a security breach caused by a third-party service provider

The University of Sydney (USYD) suffered a security breach caused by a third-party service provider that exposed personal information of recent applicants. The University of Sydney (USYD) announce ...

Pierluigi Paganini September 04, 2023
Cyber Crime
Cybercrime will cost Germany $224 billion in 2023

Cybercrime will cost Germany 206 billion euros ($224 billion) in 2023, German digital association Bitkom told Reuters. According to the German digital association Bitkom, cybercrime will have a wo ...

Pierluigi Paganini September 04, 2023
Hacking
PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks

Researcher released PoC exploit code for a recent critical flaw (CVE-2023-34039) in VMware Aria Operations for Networks. At the end of August, VMware released security updates to address two vulne ...

Pierluigi Paganini September 03, 2023
Breaking News
Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini September 03, 2023
Cyber Crime
LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)

The LockBit ransomware gang claims to have breached the Commission des services electriques de Montréal (CSEM). The LockBit ransomware group continues to be one of the most active extortion gangs ...

Pierluigi Paganini September 03, 2023
Hacking
UNRAVELING EternalBlue: inside the WannaCry’s enabler

WannaCry and NotPetya, probably two most damaging cyberattacks in recent history, were both only made possible because of EternalBlue. Here is how the NSA-developed cyber monster works, and how you s ...

Pierluigi Paganini September 01, 2023
Malware
Researchers released a free decryptor for the Key Group ransomware

Researchers released a free decryptor for the Key Group ransomware that allows victims to recover their data without paying a ransom. Threat intelligence firm EclecticIQ released a free decryption ...

Pierluigi Paganini September 01, 2023
Data Breach
Fashion retailer Forever 21 data breach impacted +500,000 individuals

Fashion retailer Forever 21 disclosed a data breach that exposed the personal information of more than 500,000 individuals. On March 20, 2023, the fashion retailer Forever 21 has discovered a cybe ...

Pierluigi Paganini August 31, 2023
Cyber warfare
Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

Russia-linked threat actors have been targeting Android devices of the Ukrainian military with a new malware dubbed Infamous Chisel. GCHQ’s National Cyber Security Centre and international partn ...

Pierluigi Paganini August 31, 2023
Cyber Crime
Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

Experts warn of ongoing credential stuffing and brute-force attacks targeting Cisco ASA (Adaptive Security Appliance) SSL VPNs. Cisco is aware of attacks conducted by Akira ransomware threat actor ...

Pierluigi Paganini August 31, 2023
Data Breach
Paramount Global disclosed a data breach

Multinational mass media conglomerate Paramount Global suffered a data breach after an unauthorized party accessed files from certain of its systems. Multinational mass media conglomerate Paramoun ...

Pierluigi Paganini August 31, 2023
Security
National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

The National Safety Council leaked thousands of emails and passwords of their members, including companies such as NASA and Tesla. The National Safety Council has leaked nearly 10,000 emails and p ...

Pierluigi Paganini August 31, 2023
Hacking
Abusing Windows Container Isolation Framework to avoid detection by security products

Researchers demonstrated how attackers can abuse the Windows Container Isolation Framework to bypass endpoint security solutions. Researcher Daniel Avinoam at the recent DEF CON hacking conferen ...

Pierluigi Paganini August 31, 2023
Security
Critical RCE flaw impacts VMware Aria Operations Networks

VMware fixed two security flaws in Aria Operations for Networks that could be exploited to bypass authentication and gain remote code execution. VMware has released security updates to address two ...

Pierluigi Paganini August 30, 2023
APT
UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

China-linked threat actors breached government organizations worldwide with attacks exploiting Barracuda ESG zero-day. In June, Mandiant researchers linked the threat actor UNC4841 to the attacks ...

Pierluigi Paganini August 29, 2023
Intelligence
Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months

Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) has been infiltrated for months. Threat actors have infiltrated Japan’s National Center of Incident Readines ...

Pierluigi Paganini August 29, 2023
Hacking
FIN8-linked actor targets Citrix NetScaler systems

A financially motivated actor linked to the FIN8 group exploits the CVE-2023-3519 RCE in attacks on Citrix NetScaler systems in massive attacks. Sophos X-Ops is tracking an ongoing campaign, which ...

Pierluigi Paganini August 29, 2023
Hacking
Japan's JPCERT warns of new 'MalDoc in PDF' attack technique

Japan's JPCERT warns of a new recently detected 'MalDoc in PDF' attack that embeds malicious Word files into PDFs. Japan's computer emergency response team (JPCERT) has recently observed a new att ...

Pierluigi Paganini August 29, 2023
Hacking
Attackers can discover IP address by sending a link over the Skype mobile app

A security researcher demonstrated how to discover a target’s IP address by sending a link over the Skype mobile app. The security researcher Yossi discovered that is possible to discover a targ ...

Pierluigi Paganini August 28, 2023
Security
Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software

Cisco addressed three high-severity flaws in NX-OS and FXOS software that could cause denial-of-service (DoS) conditions. Cisco this week addressed multiple flaws in its products, including three ...

Pierluigi Paganini August 27, 2023
Hacking
Cloud and hosting provider Leaseweb took down critical systems after a cyber attack

The cloud and hosting provider Leaseweb suffered a security breach that impacted some "critical" systems of the company. Global hosting and cloud services provider Leaseweb has disabled some "crit ...

Pierluigi Paganini August 26, 2023
Cyber Crime
Crypto investor data exposed by a SIM swapping attack against a Kroll employee

Security consulting giant Kroll disclosed a data breach resulting from a SIM-swapping attack against one of its employees. Security consulting firm Kroll revealed that a SIM-swappin ...

Pierluigi Paganini August 26, 2023
APT
China-linked Flax Typhoon APT targets Taiwan

China-linked APT group Flax Typhoon targeted dozens of organizations in Taiwan as part of a suspected espionage campaign. Microsoft linked the Chinese APT Flax Typhoon (aka Ethereal Panda) to a cy ...

Pierluigi Paganini August 25, 2023
Breaking News
Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035

Proof-of-concept exploit code for critical Ivanti Sentry authentication bypass flaw CVE-2023-38035 has been released. Researchers released a proof-of-concept (PoC) exploit code for critical Ivanti ...

Pierluigi Paganini August 24, 2023
Security
Resecurity identified a zero-day vulnerability in Schneider Electric Accutech Manager

Resecurity researchers identified a zero-day Buffer Overflow vulnerability in the Schneider Electric Accutech Manager product. Resecurity identified a zero-day vulnerability in the Schneider Elec ...

Pierluigi Paganini July 11, 2023