LATEST NEWS

VIEW ALL
New attacks against banking, cyber Jihad or cyber warfare acts?
Pierluigi Paganini December 20, 2012

Last week the hacker group known as "Izz ad-Din al-Qassam Cyber Fighters" announced a series of attacks against principal banking and financial institutions publishing a message on Pastebin profile. ...

Iran, the cyber shooting range, new malware detected
Pierluigi Paganini December 19, 2012

On December 16th the Iranian Maher center issued an advisory warning of a new "targeted data wiping" malware discovered during an investigation. First analysis of the center revealed that the malic ...

Saudi Aramco, war of information on the cyber attack
Pierluigi Paganini December 18, 2012

Last summer a series of cyber attacks hit energy sector, one of the world’s largest oil companies the Saudi Aramco was attacked by a group named the Cutting Sword of Justice. Hackers used the Shamo ...

Group-IB: Banking trojan «Carberp» sales were reborn with bootkit module
Pierluigi Paganini December 17, 2012

During the last week introduced you the excellent work done by the Group-IB, a security firm resident of the Moscow-based Skolkovo Foundation that has received a grant in the amount of 30m rubles (ap ...

recent articles

Data Breach
Cybersecurity giant Fortinet discloses a data breach

Fortinet disclosed a data breach after a threat actor claimed the theft of 440GB of files from the company's Microsoft Sharepoint server. Today, Fortinet told Cyber Daily that a threat actor gaine ...

Pierluigi Paganini September 12, 2024
Cyber Crime
Singapore Police arrest six men allegedly involved in a cybercrime syndicate

The Singapore Police Force (SPF) has arrested six individuals for their role in the operations of a cybercrime ring in the country. The Singapore Police Force (SPF) arrested five Chinese nationals ...

Pierluigi Paganini September 12, 2024
Security
Adobe Patch Tuesday security updates fixed multiple critical issues in the company's products

Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS. Adobe Patch Tuesday security updates addressed multip ...

Pierluigi Paganini September 12, 2024
Cyber Crime
Highline Public Schools school district suspended its activities following a cyberattack

Highline Public Schools, a school district in Washington state, remains closed following a cyberattack that occurred two days ago. Two days ago Highline Public Schools (HPS), a school district in ...

Pierluigi Paganini September 11, 2024
Malware
RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR

Researchers observed the RansomHub ransomware group using the TDSSKiller tool to disable endpoint detection and response (EDR) systems. The RansomHub ransomware gang is using the TDSSKiller tool t ...

Pierluigi Paganini September 11, 2024
Security
Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM) that can let attackers achieve remote code execution on the core server Ivanti Endpoint Management (EPM) software is ...

Pierluigi Paganini September 11, 2024
Security
Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited zero-day flaws. Microsoft Patch Tuesday security updates for September 2024 addres ...

Pierluigi Paganini September 11, 2024
Malware
Quad7 botnet evolves to more stealthy tactics to evade detection

The Quad7 botnet evolves and targets new  SOHO devices, including Axentra media servers, Ruckus wireless routers and Zyxel VPN appliances. The Sekoia TDR team identified additional implants assoc ...

Pierluigi Paganini September 10, 2024
Cyber warfare
Poland thwarted cyberattacks that were carried out by Russia and Belarus

Poland 's security officials announced that they successfully thwarted cyberattacks that were carried out by Russia and Belarus. Poland security services announced they have thwarted a cyber opera ...

Pierluigi Paganini September 10, 2024
Security
U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and I ...

Pierluigi Paganini September 10, 2024
Data Breach
Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals

Payment gateway provider Slim CD disclosed a data breach, credit card and personal data of almost 1.7 million individuals were compromised. The electronic payment gateway Slim CD disclosed a data ...

Pierluigi Paganini September 10, 2024
Intelligence
Predator spyware operation is back with a new infrastructure

Researchers warn of a fresh cluster of activity associated with the Predator spyware using a new infrastructure, following the U.S. sanctions against the Intellexa Consortium. Recorded Future rese ...

Pierluigi Paganini September 09, 2024
APT
TIDRONE APT targets drone manufacturers in Taiwan

A previously undocumented threat actor tracked TIDRONE targets organizations in military and satellite industries in Taiwan. Trend Micro spotted an allegedly China-linked threat actor, tracked TID ...

Pierluigi Paganini September 09, 2024
Malware
Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. Researchers at Fortinet FortiGuard Labs reported that thr ...

Pierluigi Paganini September 09, 2024
Security
Progress Software fixed a maximum severity flaw in LoadMaster

Progress Software released an emergency to address a maximum severity vulnerability in its LoadMaster products. Progress Software released an emergency fix for a critical vulnerability, tracked as ...

Pierluigi Paganini September 09, 2024
Cyber Crime
Feds indicted two alleged administrators of WWH Club dark web marketplace

Russian And Kazakhstani men indicted for operating the Dark Web cybercriminals marketplace WWH Club and other crime forums and markets. Alex Khodyrev (35) from Kazakhstan) and Pavel Kublitskii (37 ...

Pierluigi Paganini September 08, 2024
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 10

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. BlackSuit Ransomware Dissecting the Cicada   &nb ...

Pierluigi Paganini September 08, 2024
Breaking News
Security Affairs newsletter Round 488 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini September 08, 2024
Security
U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infra ...

Pierluigi Paganini September 07, 2024
Security
A flaw in WordPress LiteSpeed Cache Plugin allows account takeover

A critical flaw in the LiteSpeed Cache plugin for WordPress could allow unauthenticated users to take control of arbitrary accounts. The LiteSpeed Cache plugin is a popular caching plugin for Word ...

Pierluigi Paganini September 07, 2024
Data Breach
Car rental company Avis discloses a data breach

Car rental giant Avis disclosed a data breach that impacted one of its business applications in August compromising customers' personal information. Car rental company Avis notified customers impa ...

Pierluigi Paganini September 06, 2024
Hacking
SonicWall warns that SonicOS bug exploited in attacks

Recently fixed access control SonicOS vulnerability, tracked as CVE-2024-40766, is potentially exploited in attacks in the wild, SonicWall warns. SonicWall warns that a recently fixed access cont ...

Pierluigi Paganini September 06, 2024
Security
Apache fixed a new remote code execution flaw in Apache OFBiz

Apache addressed a remote code execution vulnerability affecting the Apache OFBiz open-source enterprise resource planning (ERP) system. Apache fixed a high-severity vulnerability, tracked as CVE ...

Pierluigi Paganini September 06, 2024
Cyber warfare
Russia-linked GRU Unit 29155 targeted critical infrastructure globally

The United States and its allies state that Russia-linked threat actors operating under the GRU are behind global critical infrastructure attacks. The FBI, CISA, and NSA linked threat actors from ...

Pierluigi Paganini September 06, 2024
Security
Veeam fixed a critical flaw in Veeam Backup & Replication software

Veeam addressed 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. Veeam security updates to address multiple vulnerabilities impacting its ...

Pierluigi Paganini September 05, 2024
Malware
Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

The Chinese-speaking threat actor Earth Lusca used the new backdoor KTLVdoor in an attack against a trading company in China. Trend Micro Researchers spotted the Chinese-speaking threat actor Eart ...

Pierluigi Paganini September 05, 2024
APT
Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?

A cyber attack hit the German air traffic control agency (DFS) disrupting its operations, experts attribute it to Russia-linked group APT28. A cyber attack targeted the German Air Traffic Control ...

Pierluigi Paganini September 05, 2024
Hacking
Quishing, an insidious threat to electric car owners

Quishing is a type of phishing attack where crooks use QR codes to trick users into providing sensitive information or downloading malware. In recent years, the spread of electric cars has led to ...

Pierluigi Paganini September 05, 2024
Security
Discontinued D-Link DIR-846 routers are affected by code execution flaws. Replace them!

D-Link warns of multiple remote code execution vulnerabilities impacting its discontinued DIR-846 router series. Networking hardware vendor D-Link wars of multiple remote code execution (RCE) vul ...

Pierluigi Paganini September 04, 2024
Hacktivism
Head Mare hacktivist group targets Russia and Belarus

A group of hacktivist known as Head Mare took advantage of the recent CVE-2023-38831 WinRAR flaw in attacks against organizations in Russia and Belarus. Kaspersky researchers reported that a h ...

Pierluigi Paganini September 04, 2024
Security
Zyxel fixed critical OS command injection flaw in multiple routers

Taiwanese manufacturer Zyxel addressed a critical OS command injection flaw affecting multiple models of its business routers. Zyxel has released security updates to address a critical vulnerabili ...

Pierluigi Paganini September 04, 2024
Security
VMware fixed a code execution flaw in Fusion hypervisor

VMware released a patch to address a high-severity code execution flaw in its Fusion hypervisor, users are urged to apply it. VMware addressed a high-severity code execution vulnerability, tracke ...

Pierluigi Paganini September 03, 2024
Hacking
Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Vulnerabilities in Microsoft apps for macOS could allow attackers to steal permissions and access sensitive data. Cisco Talos researchers discovered eight vulnerabilities in Microsoft apps for mac ...

Pierluigi Paganini September 03, 2024
Cyber Crime
Three men plead guilty to running MFA bypass service OTP.Agency

Three men have pleaded guilty to operating OTP.Agency, an online service that allowed crooks to bypass Multi-Factor authentication (MFA). Three men, Callum Picari (22), Vijayasidhurshan Vijayanath ...

Pierluigi Paganini September 03, 2024
Hacking
Transport for London (TfL) is dealing with an ongoing cyberattack

Transport for London (TfL) is investigating an ongoing cyberattack, however, customer information was compromised. Transport for London (TfL) is investigating an ongoing cyberattack. However, the ...

Pierluigi Paganini September 02, 2024
Cyber Crime
Lockbit gang claims the attack on the Toronto District School Board (TDSB)

The Toronto District School Board (TDSB) confirmed that student information was compromised in the June Lockbit ransomware attack. The Toronto District School Board (TDSB) confirmed that students' ...

Pierluigi Paganini September 02, 2024
Cyber Crime
A new variant of Cicada ransomware targets VMware ESXi systems

A new ransomware-as-a-service (RaaS) operation called Cicada3301 has emerged in the threat landscape and already targeted tens of companies. Cicada3301 is a new ransomware-as-a-service (RaaS) oper ...

Pierluigi Paganini September 02, 2024
Hacking
An air transport security system flaw allowed to bypass airport security screenings

A vulnerability in an air transport security system allowed unauthorized individuals to bypass airport security screenings. The Known Crewmember (KCM) and Cockpit Access Security System (CASS) pro ...

Pierluigi Paganini September 01, 2024
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 9

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev ...

Pierluigi Paganini September 01, 2024
Breaking News
Security Affairs newsletter Round 487 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini September 01, 2024
Security
Fortra fixed two severe issues in FileCatalyst Workflow, including a critical flaw

Cybersecurity and automation company Fortra addressed two vulnerabilities in FileCatalyst Workflow software, including a critical-severity flaw. Cybersecurity and automation company Fortra release ...

Pierluigi Paganini August 30, 2024
Hacking
South Korea-linked group APT-C-60 exploited a WPS Office zero-day

South Korea-linked group APT-C-60 exploited a zero-day in the Windows version of WPS Office to target East Asian countries. South Korea-linked group APT-C-60 exploited a zero-day, tracked as CVE� ...

Pierluigi Paganini August 30, 2024
Cyber Crime
Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

Threat actors are actively exploiting a critical flaw in the Atlassian Confluence Data Center and Confluence Server in cryptocurrency mining campaigns. The critical vulnerability CVE-2023-22527   ...

Pierluigi Paganini August 30, 2024
APT
Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. Google TAG (Threat Analysis Group) researchers observed th ...

Pierluigi Paganini August 30, 2024
Security
Cisco addressed a high-severity flaw in NX-OS software

Cisco addressed multiple vulnerabilities impacting NX-OS software, including a high-severity flaw in the DHCPv6 relay agent. Cisco released security updates for NX-OS software that address multipl ...

Pierluigi Paganini August 29, 2024
Malware
Corona Mirai botnet spreads via AVTECH CCTV zero-day 

An instance of the Corona Mirai botnet spreads via AVTECH CCTV zero-day and multiple previously known vulnerabilities. Akamai's Security Intelligence and Response Team (SIRT) has detected a botne ...

Pierluigi Paganini August 29, 2024
Security
Telegram CEO Pavel Durov charged in France for facilitating criminal activities

French prosecutors charged CEO Telegram Pavel Durov with facilitating various criminal activities on the messaging platform. French prosecutors have formally charged Telegram CEO Pavel Durov with ...

Pierluigi Paganini August 29, 2024
APT
Iran-linked group APT33 adds new Tickler malware to its arsenal

Iran-linked group APT33 used new Tickler malware in attacks against organizations in the government, defense, satellite, oil and gas sectors. Microsoft researchers reported that the Iran-linked cy ...

Pierluigi Paganini August 29, 2024
Security
U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ( ...

Pierluigi Paganini August 28, 2024
Data Breach
Young Consulting data breach impacts 954,177 individuals

A ransomware attack by the BlackSuit group on Young Consulting compromised the personal information of over 950,000 individuals. Software solutions provider Young Consulting disclosed a data breac ...

Pierluigi Paganini August 28, 2024
Malware
BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085

BlackByte ransomware operators are exploiting a recently patched VMware ESXi hypervisors vulnerability in recent attacks. Cisco Talos observed the BlackByte ransomware group exploiting the recentl ...

Pierluigi Paganini August 28, 2024
Cyber Crime
US offers $2.5M reward for Belarusian man involved in mass malware distribution

The US Department of State offers a $2.5 million reward for information leading to the arrest of a Belarusian cybercriminal involved in the mass malware distribution. The US Department of State an ...

Pierluigi Paganini August 28, 2024
Uncategorized
U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)� ...

Pierluigi Paganini August 28, 2024
APT
China-linked APT Volt Typhoon exploited a zero-day in Versa Director

China-linked APT group Volt Typhoon exploited a zero-day flaw in Versa Director to upload a custom webshell in target networks. China-linked APT Volt Typhoon exploited a zero-day vulnerability, tr ...

Pierluigi Paganini August 27, 2024
Cyber Crime
Researchers unmasked the notorious threat actor USDoD

CrowdStrike researchers have identified the notorious hacker USDoD who is behind several high-profile data leaks. The notorious hacker USDoD (aka EquationCorp), who is known for high-profile data ...

Pierluigi Paganini August 27, 2024
Digital ID
The Dutch Data Protection Authority (DPA) has fined Uber a record €290M

The Dutch Data Protection Authority (DPA) has fined Uber a record €290M for violating the EU data protection regulation while sending sensitive driver data to the U.S. The Dutch Data Protection ...

Pierluigi Paganini August 27, 2024
Hacking
Google addressed the tenth actively exploited Chrome zero-day this year

Google released emergency security updates to fix the tenth actively exploited Chrome zero-day vulnerability this year. Google released a security update to address a new Chrome zero-day vulnerabi ...

Pierluigi Paganini August 26, 2024
Security
SonicWall addressed an improper access control issue in its firewalls

SonicWall addressed a critical flaw in its firewalls that could allow attackers to achieve unauthorized access to the devices. SonicWall has released security updates to address a critical vulnera ...

Pierluigi Paganini August 26, 2024
Hacking
A cyberattack impacted operations at the Port of Seattle and Sea-Tac Airport

A cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport, websites and phone systems were impacted. Media reported that the Port of Seattle, which also ...

Pierluigi Paganini August 26, 2024
Malware
Linux malware sedexp uses udev rules for persistence and evasion

Researchers spotted a new stealthy Linux malware named sedexp that uses Linux udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions spotted a new malware family, called se ...

Pierluigi Paganini August 26, 2024
Cyber Crime
France police arrested Telegram CEO Pavel Durov

French police arrested Pavel Durov, founder and chief executive of Telegram, due to the lack of content moderation that advantaged criminal activity. Pavel Durov, the founder and CEO of Teleg ...

Pierluigi Paganini August 25, 2024
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 8

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Meet UULoader: An Emerging and Evasive Malicious Installer ...

Pierluigi Paganini August 25, 2024
Breaking News
Security Affairs newsletter Round 486 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini August 25, 2024
Hacking
U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Versa Director bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA ...

Pierluigi Paganini August 25, 2024
Hacking
Hackers can take over Ecovacs home robots to spy on their owners

Recently, researchers warned vacuum and lawn mower robots made by Ecovacs could be hacked to spy on their owners, the company will fix it. During the recent Def Con hacking conference, security r ...

Pierluigi Paganini August 24, 2024
Cyber Crime
Russian national arrested in Argentina for laundering money of crooks and Lazarus APT

A Russian national was arrested in Argentina for laundering proceeds from illicit actors, including North Korea-linked Lazarus Group. This week, the Argentine Federal Police (PFA) arrested a Russi ...

Pierluigi Paganini August 24, 2024
Cyber Crime
Qilin ransomware steals credentials stored in Google Chrome

Sophos researchers investigated a Qilin ransomware breach attack that led to the theft of credentials stored in Google Chrome browsers. Sophos researchers investigated a Qilin ransomware attack wh ...

Pierluigi Paganini August 23, 2024
Cyber Crime
Phishing attacks target mobile users via progressive web applications (PWA)

Cybercriminals use progressive web applications (PWA) to impersonate banking apps and steal credentials from mobile users. ESET researchers detailed a phishing campaign against mobile users that ...

Pierluigi Paganini August 23, 2024
Uncategorized
Member of cybercrime group Karakurt charged in the US

The Russian national Deniss Zolotarjovs has been charged in a U.S. court for his role in the Karakurt cybercrime gang. Deniss Zolotarjovs (33), a Russian cybercriminal, has been charged in a U.S. ...

Pierluigi Paganini August 23, 2024
Malware
New malware Cthulhu Stealer targets Apple macOS users

Cato Security found a new info stealer, called Cthulhu Stealer, that targets Apple macOS and steals a wide range of information. Cado Security researchers have discovered a malware-as-a-service (M ...

Pierluigi Paganini August 23, 2024
APT
China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches

China-linked APT group Velvet Ant exploited a recently disclosed zero-day in Cisco switches to take over the network appliance. Researchers at cybersecurity firm Sygnia reported that the China-lin ...

Pierluigi Paganini August 23, 2024
Hacking
A cyberattack hit US oil giant Halliburton

US oil giant Halliburton announced that it was hit by a cyberattack that is affecting operations at its Houston, Texas offices. Halliburton, a major U.S. oil company, announced that a cyberattack ...

Pierluigi Paganini August 22, 2024
Hacking
U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersec ...

Pierluigi Paganini August 22, 2024
Hacking
SolarWinds fixed a hardcoded credential issue in Web Help Desk

SolarWinds fixed a hardcoded credential flaw in its Web Help Desk (WHD) software that could allow attackers to gain unauthorized access to vulnerable instances. SolarWinds has addressed a new secu ...

Pierluigi Paganini August 22, 2024
Hacking
A cyberattack disrupted operations of US chipmaker Microchip Technology

Semiconductor manufacturer Microchip Technology announced that its operations were disrupted by a cyberattack. U.S. chipmaker Microchip Technology suffered a cyberattack that disrupted operations ...

Pierluigi Paganini August 22, 2024
Hacking
Google addressed the ninth actively exploited Chrome zero-day this year

Google released emergency security updates to fix the ninth actively exploited Chrome zero-day vulnerability this year. ​​Google released an emergency security update to address a Chrome zero- ...

Pierluigi Paganini August 22, 2024
Security
GitHub fixed a new critical flaw in the GitHub Enterprise Server 

GitHub addressed three vulnerabilities in its GitHub Enterprise Server product, including a critical authentication flaw. GitHub addressed three security vulnerabilities impacting the GitHub Enter ...

Pierluigi Paganini August 22, 2024
Security
Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio

Researchers have disclosed a critical security vulnerability in Microsoft's Copilot Studio that could lead to the exposure of sensitive information. Researchers disclosed a critical security vulne ...

Pierluigi Paganini August 21, 2024
Malware
North Korea-linked APT used a new RAT called MoonPeak

North Korea-linked APT Kimsuky is likely behind a new remote access trojan called MoonPeak used in a recent campaign spotted by Cisco Talos. Cisco Talos researchers uncovered the infrastructure us ...

Pierluigi Paganini August 21, 2024
APT
Pro-Russia group Vermin targets Ukraine with a new malware family

The Computer Emergency Response Team of Ukraine (CERT-UA) warned of new phishing attacks, carried out by the Vermin group, distributing a malware. The Computer Emergency Response Team of Ukraine ...

Pierluigi Paganini August 21, 2024
Hacking
A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloning

A flaw in millions of RFID cards manufactured by Shanghai Fudan Microelectronics allows these contactless cards to be cloned instantly. Researchers from security firm Quarkslab discovered a backdo ...

Pierluigi Paganini August 21, 2024
Malware
Ransomware payments rose from $449.1 million to $459.8 million

Blockchain analysis firm Chainalysis revealed that ransomware payments rose by approximately 2%, from $449.1 million to $459.8 million. Blockchain analysis firm Chainalysis revealed that while ove ...

Pierluigi Paganini August 20, 2024
Malware
Previously unseen Msupedge backdoor targeted a university in Taiwan

Experts spotted a previously undetected backdoor, dubbed Msupedge, that was employed in an attack against a university in Taiwan.  Broadcom Symantec researchers discovered a previously undetected ...

Pierluigi Paganini August 20, 2024
Hacking
Oracle NetSuite misconfiguration could lead to data exposure

Researchers discovered thousands of Oracle NetSuite e-stores that are vulnerable to data leak, sensitive customer information is at risk. Cybersecurity researchers from AppOmni warn of a potential ...

Pierluigi Paganini August 20, 2024
Data Breach
Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum

Toyota has confirmed a data breach after a threat actor leaked 240GB of data stolen from its infrastructure on a cybercrime forum. Toyota disclosed a data breach after a threat actor leaked an arc ...

Pierluigi Paganini August 20, 2024
Hacking
CISA adds Jenkins Command Line Interface (CLI) bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Jenkins Command Line Interface (CLI) bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructu ...

Pierluigi Paganini August 19, 2024
Cyber Crime
Researchers uncovered new infrastructure linked to the cybercrime group FIN7

Team Cymru, Silent Push and Stark Industries Solutions researchers uncovered a new infrastructure linked to the cybercrime group FIN7. Researchers from Team Cymru identified two clusters potential ...

Pierluigi Paganini August 19, 2024
Hacking
Experts warn of exploit attempt for Ivanti vTM bug

Researchers at the Shadowserver Foundation observed an exploit attempt based on the public PoC for Ivanti vTM bug CVE-2024-7593. Researchers at the Shadowserver Foundation observed an exploit att ...

Pierluigi Paganini August 19, 2024
APT
Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT

Microsoft addressed a zero-day vulnerability actively exploited by the North-Korea-linked Lazarus APT group. Microsoft has addressed a zero-day vulnerability, tracked as CVE-2024-38193 (CVSS sco ...

Pierluigi Paganini August 19, 2024
Malware
The Mad Liberator ransomware group uses social-engineering techniques

New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. The Sophos X-Ops Incident Response team warned that a n ...

Pierluigi Paganini August 19, 2024
Hacking
From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

Boffins demonstrated the vulnerability of fingerprint recognition systems to dictionary attacks using 'MasterPrints, 'which are fingerprints that can match multiple other prints. A team of researc ...

Pierluigi Paganini August 18, 2024
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Deciphering the Brain Cipher Ransomware   Ideal ...

Pierluigi Paganini August 18, 2024
Breaking News
Security Affairs newsletter Round 485 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini August 18, 2024
Cyber Crime
Large-scale extortion campaign targets publicly accessible environment variable files (.env)

A large-scale extortion campaign compromised multiple organizations by exploiting publicly accessible environment variable files (.env). Palo Alto Unit 42 researchers uncovered a large-scale extor ...

Pierluigi Paganini August 18, 2024
Intelligence
OpenAI dismantled an Iranian influence operation targeting the U.S. presidential election

OpenAI announced it had dismantled an Iranian influence operation that was producing content related to the U.S. Presidential election. OpenAI has dismantled an Iran-linked influence operation, tr ...

Pierluigi Paganini August 17, 2024
Data Breach
National Public Data confirms a data breach

Background check service National Public Data confirms a data breach that exploded millions of social security numbers and other sensitive information.  Background check service National Public D ...

Pierluigi Paganini August 17, 2024
Security
CISA adds SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security ...

Pierluigi Paganini August 16, 2024
Deep Web
Russian national sentenced to 40 months for selling stolen data on the dark web

A Russian national was sentenced to over three years in prison for selling stolen information and credentials on a dark web marketplace. The 27-year-old Russian national Georgy Kavzharadze (also k ...

Pierluigi Paganini August 16, 2024
Malware
Banshee Stealer, a new macOS malware with a monthly subscription price of $3,000

Russian cybercriminals are advertising a new macOS malware called Banshee Stealer with a monthly subscription price of $3,000. In August 2024, Russian crooks advertised a macOS malware called BANS ...

Pierluigi Paganini August 16, 2024
Security
Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Many Google Pixel devices shipped since September 2017 have included a vulnerable app that could be exploited for malicious purposes. Many Google Pixel devices shipped since September 2017 have i ...

Pierluigi Paganini August 16, 2024
Hacking
Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack

Microsoft addressed a critical zero-click Windows remote code execution (RCE) in the TCP/IP stack that impacts all systems with IPv6 enabled. Microsoft urges customers to fix a critical TCP/IP rem ...

Pierluigi Paganini August 16, 2024
Cyber Crime
A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter

A cybercrime group linked to the RansomHub ransomware was spotted using a new tool designed to kill EDR software. Sophos reports that a cybercrime group, likely linked to the RansomHub ransomware ...

Pierluigi Paganini August 15, 2024
Security
Google disrupted hacking campaigns carried out by Iran-linked APT42

Google disrupted a hacking campaign carried out by the Iran-linked APT group APT42 targeting the US presidential election. Google announced that it disrupted a hacking campaign carried out by Iran ...

Pierluigi Paganini August 15, 2024
Cyber Crime
Black Basta ransomware gang linked to a SystemBC malware campaign

Experts linked an ongoing social engineering campaign, aimed at deploying the malware SystemBC, to the Black Basta ransomware group. Rapid7 researchers uncovered a new social engineering campaign ...

Pierluigi Paganini August 15, 2024
Hacking
A massive cyber attack hit Central Bank of Iran and other Iranian banks

Iranian news outlet reported that a major cyber attack targeted the Central Bank of Iran (CBI) and several other banks causing disruptions. Iran International reported that a massive cyber attack ...

Pierluigi Paganini August 15, 2024
APT
China-linked APT Earth Baku targets Europe, the Middle East, and Africa

China-linked threat actor Earth Baku expanded its operations in Europe, the Middle East, and Africa starting in late 2022. China-linked APT group Earth Baku (a threat actor associated with APT41) ...

Pierluigi Paganini August 14, 2024
Security
SolarWinds addressed a critical RCE in all Web Help Desk versions

SolarWinds addressed a critical remote code execution vulnerability in its Web Help Desk solution for customer support. SolarWinds fixed a critical vulnerability, tracked as CVE-2024-289 ...

Pierluigi Paganini August 14, 2024
Data Breach
Kootenai Health data breach impacted 464,000 patients

Kootenai Health suffered a data breach impacting over 464,000 patients following a 3AM ransomware attack. Kootenai Health disclosed a data breach impacting over 464,088 patients following the leak ...

Pierluigi Paganini August 14, 2024
Security
Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs

Microsoft's August 2024 Patch Tuesday addressed 90 vulnerabilities, including six that are actively exploited. Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Micros ...

Pierluigi Paganini August 14, 2024
Hacking
A PoC exploit code is available for critical Ivanti vTM bug

Ivanti warned of a critical authentication bypass flaw in its Virtual Traffic Manager (vTM) appliances that can allow attackers to create rogue administrator accounts. Ivanti addressed a critical ...

Pierluigi Paganini August 13, 2024
Hacking
Elon Musk claims that a DDoS attack caused problems with the livestream interview with Donald Trump

Elon Musk claims that the livestream interview with Donald Trump on the X social media platform was impacted by a cyberattack. Elon Musk claims that a massive DDoS attack caused problems with the ...

Pierluigi Paganini August 13, 2024
APT
CERT-UA warns of a phishing campaign targeting government entities

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukrain ...

Pierluigi Paganini August 13, 2024
Intelligence
US DoJ dismantled remote IT worker fraud schemes run by North Korea

The U.S. DoJ arrested a Tennessee man for running a "laptop farm" that enabled North Korea-linked IT workers to obtain remote jobs with American companies. The U.S. Justice Department arrested Mat ...

Pierluigi Paganini August 13, 2024
Security
A FreeBSD flaw could allow remote code execution, patch it now!

FreeBSD Project maintainers addressed a high-severity flaw in OpenSSH that could allow remote code execution with elevated privileges. The maintainers of the FreeBSD Project have released urgent s ...

Pierluigi Paganini August 12, 2024
APT
EastWind campaign targets Russian organizations with sophisticated backdoors

A campaign tracked as EastWind is targeting Russian government and IT organizations with PlugY and GrewApacha Backdoors. In late July 2024, Kaspersky researchers detected a series of targeted cybe ...

Pierluigi Paganini August 12, 2024
Hacking
Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE

Microsoft found four bugs in OpenVPN that could be chained to achieve remote code execution and local privilege escalation. During the Black Hat USA 2024 conference, Microsoft researchers disclose ...

Pierluigi Paganini August 12, 2024
Cyber warfare
Foreign nation-state actors hacked Donald Trump’s campaign

Donald Trump's campaign reported that its emails were hacked by "foreign sources hostile to the United States." Donald Trump's presidential campaign announced it was hacked, a spokesman attributes ...

Pierluigi Paganini August 11, 2024
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Surge in Magniber ransomware attacks impact home users worldw ...

Pierluigi Paganini August 11, 2024
Breaking News
Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini August 11, 2024
Cyber Crime
ADT disclosed a data breach that impacted more than 30,000 customers

Physical security firm ADT disclosed a data breach, threat actors stole information from 30,000 customers and leaked it. ADT is a provider of alarm and physical security systems, it employs more t ...

Pierluigi Paganini August 11, 2024
Cyber Crime
Is the INC ransomware gang behind the attack on McLaren hospitals?

A INC Ransom ransomware attack this week disrupted IT and phone systems at McLaren Health Care hospitals. On Tuesday, an INC Ransom ransomware attack hit the McLaren Health Care hospitals and disr ...

Pierluigi Paganini August 10, 2024
Cyber Crime
Crooks took control of a cow milking robot causing the death of a cow

Crooks took control of a cow milking robot and demanded a ransom from a farmer who refused to pay it, resulting in the death of a cow. An extortion attempt had a tragic outcome, cybercriminals too ...

Pierluigi Paganini August 10, 2024
Hacking
Sonos smart speakers flaw allowed to eavesdrop on users

NCC Group discovered vulnerabilities in Sonos smart speakers, including a flaw that could have allowed to eavesdrop on users. Researchers from NCC Group have discovered multiple vulnerabilities in ...

Pierluigi Paganini August 10, 2024
Uncategorized
Five zero-days impacts EoL Cisco Small Business IP Phones. Replace them with newer models asap!

Cisco warns of critical remote code execution zero-day vulnerabilities impacting end-of-life Small Business SPA 300 and SPA 500 series IP phones. Cisco warns of multiple critical remote code execu ...

Pierluigi Paganini August 09, 2024
Hacking
CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Sec ...

Pierluigi Paganini August 09, 2024
Intelligence
Russian cyber spies stole data and emails from UK government systems

Earlier this year, Russian cyber spies breached UK government systems and stole sensitive data and emails, reported The Record media. Earlier this year, Russia’s foreign intelligence service sto ...

Pierluigi Paganini August 09, 2024
Hacking
0.0.0.0 Day flaw allows malicious websites to bypass security in major browsers

An 18-year-old bug, dubbed "0.0.0.0 Day," allows malicious websites to bypass security in Chrome, Firefox, and Safari to breach local networks. Oligo Security's research team warns of an 18-year ...

Pierluigi Paganini August 08, 2024
Hacking
FBI and CISA update a joint advisory on the BlackSuit Ransomware group

FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the document provides TTPs and IOCs as recently as July 2024. CISA, in collaboration with the FBI, has published a joint ...

Pierluigi Paganini August 08, 2024
Cyber Crime
Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

The Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware and offers alleged stolen data for 25 BTC. Bayhealth Hospital is a technologically advanced not-for-profit healt ...

Pierluigi Paganini August 08, 2024
Hacking
Critical XSS bug in Roundcube Webmail allows attackers to steal emails and sensitive data

Researchers warn of flaws in the Roundcube webmail software that could be exploited to steal sensitive information from target accounts. Sonar’s Vulnerability Research Team discovered a critical ...

Pierluigi Paganini August 07, 2024
Malware
New Android spyware LianSpy relies on Yandex Cloud to avoid detection

A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian users since at least 2021. In March 2024, cybersecurity researchers from Kaspersky discovered previously unknown An ...

Pierluigi Paganini August 07, 2024
Hacking
Hackers breached MDM firm Mobile Guardian and wiped thousands of devices

Threat actors breached the UK-based mobile device management (MDM) firm Mobile Guardian and remotely wiped thousands of devices. Hackers breached the mobile device management (MDM) firm Mobile Gu ...

Pierluigi Paganini August 07, 2024
Cyber Crime
A ransomware attack hit French museum network

The Réunion des Musées Nationaux network, including Paris' Grand Palais and other museums, was hit by a ransomware attack. A ransomware attack hit the Réunion des Musées Nationaux network, inc ...

Pierluigi Paganini August 06, 2024
Security
CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security ...

Pierluigi Paganini August 06, 2024
Breaking News
Google warns of an actively exploited Android kernel flaw

Google addressed an actively exploited high-severity vulnerability, tracked as CVE-2024-36971, impacting the Android kernel. Google fixed a high-severity flaw, tracked as CVE-2024-36971, impacting ...

Pierluigi Paganini August 06, 2024
Uncategorized
Should Organizations Pay Ransom Demands?

Ransomware attacks are the most significant risk for modern organizations, why organizations should avoid paying ransoms. Ransomware attacks are the most significant risk for modern organizations, ...

Pierluigi Paganini August 06, 2024
APT
North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

South Korea's National Cyber Security Center (NCSC) reported that North Korea-linked hackers hijacked VPN software updates to deploy malware. South Korea's national security and intelligence agenc ...

Pierluigi Paganini August 06, 2024
Hacking
Researchers warn of a new critical Apache OFBiz flaw

Researchers urge organizations using Apache OFBiz to address a critical bug, following reports of active exploitation of another flaw. Experts urge organizations to address a new critical vulnerab ...

Pierluigi Paganini August 05, 2024
Data Breach
Keytronic incurred approximately $17 million of expenses following ransomware attack

Printed circuit board assembly (PCBA) manufacturer Keytronic reported that a recent ransomware attack led to expenses and lost revenue exceeding $17 million. In June, Keytronic disclosed a data br ...

Pierluigi Paganini August 05, 2024
ICS-SCADA
A flaw in Rockwell Automation ControlLogix 1756 could expose critical control systems to unauthorized access

A security bypass bug in Rockwell Automation ControlLogix 1756 devices could allow unauthorized access to vulnerable devices. A high-severity security bypass vulnerability, tracked as CVE-2024-624 ...

Pierluigi Paganini August 05, 2024
Breaking News
China-linked APT41 breached Taiwanese research institute

China-linked group APT41 breached a Taiwanese government-affiliated research institute using ShadowPad and Cobalt Strike. Cisco Talos researchers reported that the China-linked group compromised a ...

Pierluigi Paganini August 05, 2024
APT
Chinese StormBamboo APT compromised ISP to deliver malware

A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. Volexity researchers reported that a China-linked AP ...

Pierluigi Paganini August 04, 2024
Data Breach
Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach

Jerico Pictures Inc., operating as National Public Data, exposed the personal information of nearly 3 billion individuals in an April data breach. A proposed class action claims that Jerico Pictur ...

Pierluigi Paganini August 04, 2024
Malware
Security Affairs Malware Newsletter - Round 5

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Unplugging PlugX: Sinkholing the PlugX USB worm botnet & ...

Pierluigi Paganini August 04, 2024
Breaking News
Security Affairs newsletter Round 483 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini August 04, 2024
Laws and regulations
US sued TikTok and ByteDance for violating children’s privacy laws

The U.S. Department of Justice has sued TikTok and its parent company, ByteDance, for extensive violations of children's privacy laws. The Justice Department and the Federal Trade Commission (FTC) ...

Pierluigi Paganini August 03, 2024
APT
Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware

A Russia-linked APT used a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. Palo Alto researchers reported that a Russia-linked threat actor known as Fightin ...

Pierluigi Paganini August 03, 2024
Security
Investors sued CrowdStrike over false claims about its Falcon platform

Investors have sued CrowdStrike because the cybersecurity firm made false claims about its Falcon platform. Investors have sued CrowdStrike because the company made false and misleading claims on ...

Pierluigi Paganini August 02, 2024
Hacking
Avtech camera vulnerability actively exploited in the wild, CISA warns

CISA warned that an Avtech camera vulnerability, which is still unpatched, is being actively exploited in the wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an ad ...

Pierluigi Paganini August 02, 2024
Uncategorized
U.S. released Russian cybercriminals in diplomatic prisoner exchange

Today, 24 prisoners were released in an international swap between Russia and Western countries, including convicted  Russian cybercriminals. In the recent international prisoner swap two not ...

Pierluigi Paganini August 02, 2024
Hacking
Sitting Ducks attack technique exposes over a million domains to hijacking

Researchers warn of an attack vector in the DNS, called the Sitting Ducks, that exposes over a million domains to hackers' takeover. Researchers from Eclypsium and Infoblox have identified an att ...

Pierluigi Paganini August 02, 2024
Hacking
Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

Shadowserver researchers reported that over 20,000 internet-exposed VMware ESXi instances are affected by the actively exploited flaw CVE-2024-37085. Researchers at the Shadowserver Foundation rep ...

Pierluigi Paganini August 01, 2024
Malware
BingoMod Android RAT steals money from victims' bank accounts and wipes data

BingoMod is a new Android malware that can wipe devices after stealing money from the victims' bank accounts. Researchers at Cleafy discovered a new Android malware, called 'BingoMod,' that can w ...

Pierluigi Paganini August 01, 2024
Cyber Crime
A ransomware attack disrupted operations at OneBlood blood bank

OneBlood, a non-profit blood bank serving over 300 U.S. hospitals, suffered a ransomware attack that disrupted its medical operations. OneBlood is a non-profit organization that provides blood and ...

Pierluigi Paganini July 31, 2024
Mobile
Apple fixed dozens of vulnerabilities in iOS and macOS

Apple has issued security updates to address multiple vulnerabilities across iOS, macOS, tvOS, visionOS, watchOS, and Safari. Apple released security updates to address multiple vulnerabilities in ...

Pierluigi Paganini July 31, 2024
Cyber Crime
Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET researchers observed multiple phishi ...

Pierluigi Paganini July 31, 2024
Uncategorized
A Fortune 50 company paid a record-breaking $75 million ransom

Zscaler researchers revealed that a company paid a record-breaking $75 million ransom to the Dark Angels ransomware group. Zscaler discovered a record-breaking ransom payment of US$75 million made ...

Pierluigi Paganini July 31, 2024
Security
CISA adds VMware ESXi bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a VMware ESXi bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ...

Pierluigi Paganini July 30, 2024
Mobile
Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

A new version of the Mandrake Android spyware has been found in five apps on Google Play, which have been downloaded over 32,000 times since 2022. Researchers from Kaspersky discovered a new vers ...

Pierluigi Paganini July 30, 2024
Breaking News
SideWinder phishing campaign targets maritime facilities in multiple countries

The APT group SideWinder launched a new espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. SideWinder (also known as Razor Tiger, Rattlesnake, an ...

Pierluigi Paganini July 30, 2024
Hacking
A crafty phishing campaign targets Microsoft OneDrive users

Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research ...

Pierluigi Paganini July 30, 2024
Cyber Crime
Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085

Microsoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that multiple ransomware gangs are exploiting the re ...

Pierluigi Paganini July 29, 2024
Hacking
Acronis Cyber Infrastructure bug actively exploited in the wild

Acronis warns of a critical vulnerability in its Acronis Cyber Infrastructure (ACI) solution that is being actively exploited in the wild. Acronis is warning of a critical vulnerability, tracked ...

Pierluigi Paganini July 29, 2024
Hacking
Fake Falcon crash reporter installer used to target German Crowdstrike users

CrowdStrike warns about a new threat actor targeting German customers by exploiting a recent issue with Falcon Sensor updates. On July 24, 2024, CrowdStrike experts identified a spear-phishing ca ...

Pierluigi Paganini July 29, 2024
Intelligence
Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware

Belarus-linked APT group GhostWriter targeted Ukrainian organizations with a malware family known as PicassoLoader, used to deliver various malicious payloads. The Ukrainian Government's Computer ...

Pierluigi Paganini July 29, 2024
Cyber Crime
French authorities launch disinfection operation to eradicate PlugX malware from infected hosts

French authorities and Europol are conducting a "disinfection operation" targeting hosts compromised by the PlugX malware. The French authorities, with the help of Europol, have launched on July ...

Pierluigi Paganini July 28, 2024
Breaking News
Security Affairs Malware Newsletter - Round 4

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Play Ransomware Group’s New Linux Variant Targets ESXi, Sho ...

Pierluigi Paganini July 28, 2024
Breaking News
Security Affairs newsletter Round 482 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini July 28, 2024
Cyber warfare
Ukraine's cyber operation shut down the ATM services of major Russian banks

Ukraine launched a massive cyber operation that shut down the ATM services of the biggest Russian banks on July 27, reported the Kyiv Post. Ukraine has launched a massive cyberattack against ATMs ...

Pierluigi Paganini July 27, 2024
Security
A bug in Chrome Password Manager caused user credentials to disappear

Google addressed a Chrome's Password Manager bug that caused user credentials to disappear temporarily for more than 18 hours. Google has addressed a bug in Chrome's Password Manager that caused u ...

Pierluigi Paganini July 26, 2024
Security
BIND updates fix four high-severity DoS bugs in the DNS software suite

The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS bugs in the DNS software suite. The Internet Systems Consortium (ISC) released secu ...

Pierluigi Paganini July 26, 2024
Breaking News
Terrorist Activity is Accelerating in Cyberspace - Risk Precursor to Summer Olympics and Elections

Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks. Yesterday Federal Bureau of Investigation (FBI) Director Christopher Wray express ...

Pierluigi Paganini July 26, 2024
Security
Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server

Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. Telerik Report Server is a web-based application designed for c ...

Pierluigi Paganini July 25, 2024
Hacking
Critical bug in Docker Engine allowed attackers to bypass authorization plugins

A critical flaw in some versions of Docker Engine can be exploited to bypass authorization plugins (AuthZ) under specific circumstances. A vulnerability, tracked as CVE-2024-41110 (CVSS score ...

Pierluigi Paganini July 25, 2024
Security
Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers

The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs researchers obse ...

Pierluigi Paganini July 25, 2024
Cyber Crime
Michigan Medicine data breach impacted 56953 patients

A cyber attack against Michigan Medicine resulted in the compromise of the personal and health information of approximately 57,000 patients. The academic medical center of the University of Michig ...

Pierluigi Paganini July 25, 2024
Breaking News
U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infra ...

Pierluigi Paganini July 24, 2024
APT
China-linked APT group uses new Macma macOS backdoor version

China-linked APT group Daggerfly (aka Evasive Panda, Bronze Highland) Evasive Panda has been spotted using an updated version of the macOS backdoor Macma. The China-linked APT group Daggerfly (a ...

Pierluigi Paganini July 24, 2024
Malware
FrostyGoop ICS malware targets Ukraine

In April 2024, Dragos researchers spotted the malware FrostyGoop that interacts with Industrial Control Systems (ICS) using the Modbus protocol. In April 2024, Dragos researchers discovered a new ...

Pierluigi Paganini July 23, 2024
Malware
Hackers abused swap files in e-skimming attacks on Magento sites

Threat actors abused swap files in compromised Magento websites to hide credit card skimmer and harvest payment information. Security researchers from Sucuri observed threat actors using swap fil ...

Pierluigi Paganini July 23, 2024
Hacktivism
US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group

The US government sanctioned two Russian hacktivists for their cyberattacks targeting critical infrastructure, including breaches of water facilities. The United States sanctioned Russian hacktivi ...

Pierluigi Paganini July 23, 2024
Hacking
EvilVideo, a Telegram Android zero-day allowed sending malicious APKs disguised as videos

EvilVideo is a zero-day in the Telegram App for Android that allowed attackers to send malicious APK payloads disguised as videos. ESET researchers discovered a zero-day exploit named EvilVideo th ...

Pierluigi Paganini July 22, 2024
Malware
SocGholish malware used to spread AsyncRAT malware

The JavaScript downloader SocGholish (aka FakeUpdates) is being used to deliver the AsyncRAT and the legitimate open-source project BOINC. Huntress researchers observed the JavaScript downloader m ...

Pierluigi Paganini July 22, 2024
Cyber Crime
UK police arrested a 17-year-old linked to the Scattered Spider gang

Law enforcement arrested a 17-year-old boy from Walsall, U.K., for suspected involvement in the Scattered Spider cybercrime syndicate. Law enforcement in the U.K. arrested a 17-year-old teenager f ...

Pierluigi Paganini July 22, 2024
Malware
Security Affairs Malware Newsletter - Round 3

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Hardening of HardBit    10,000 Victims a Da ...

Pierluigi Paganini July 21, 2024
Breaking News
Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini July 21, 2024
Hacking
U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog. The ...

Pierluigi Paganini July 21, 2024
Malware
Threat actors attempted to capitalize CrowdStrike incident

CrowdStrike warns that threat actors are exploiting the recent IT outage caused by their faulty update to distribute Remcos RAT malware. CrowdStrike spotted threat actors attempting to benefit fr ...

Pierluigi Paganini July 20, 2024
Cyber Crime
Russian nationals plead guilty to participating in the LockBit ransomware group

Two Russian nationals pleaded guilty to participating in the LockBit ransomware group and carrying out attacks against victims worldwide. Two foreign nationals, Ruslan Magomedovich Astamirov and M ...

Pierluigi Paganini July 20, 2024
Security
MediSecure data breach impacted 12.9 million individuals

Personal and health information of 12.9 million individuals was exposed in a ransomware attack on Australian digital prescription services provider MediSecure. MediSecure is a company that provide ...

Pierluigi Paganini July 19, 2024
Security
CrowdStrike update epic fail crashed Windows systems worldwide

Windows machines worldwide displayed BSoD screen following a faulty update pushed out by cybersecurity firm CrowdStrike. A faulty update released by CrowdStrike Falcon is causing Windows systems t ...

Pierluigi Paganini July 19, 2024
Security
Cisco fixed a critical flaw in Security Email Gateway that could allow attackers to add root users

Cisco has addressed a critical vulnerability that could allow attackers to add new root users to Security Email Gateway (SEG) appliances. Cisco fixed a critical vulnerability, tracked as CVE-2024- ...

Pierluigi Paganini July 19, 2024
Hacking
SAPwned flaws in SAP AI core could expose customers' data

Researchers discovered security flaws in SAP AI Core cloud-based platform that could expose customers' data. Cybersecurity researchers at Wiz uncovered five security flaws, collectively tracked ...

Pierluigi Paganini July 18, 2024
Cyber Crime
Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. SentinelOne researchers warn that the financially motivat ...

Pierluigi Paganini July 18, 2024
Security
How to Protect Privacy and Build Secure AI Products

AI systems are transforming technology and driving innovation across industries. How to protect privacy and build secure AI products? How to Protect Privacy and Build Secure AI Products AI syst ...

Pierluigi Paganini July 18, 2024
Security
A critical flaw in Cisco SSM On-Prem allows attackers to change any user's password

A vulnerability in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers allows threat actors to change any user's password. Cisco has addressed a critical vulnerability, tracke ...

Pierluigi Paganini July 17, 2024
Data Breach
MarineMax data breach impacted over 123,000 individuals

The world's largest recreational boat and yacht retailer MarineMax, disclosed a data breach following a cyber attack. The world's largest recreational boat and yacht retailer MarineMax disclosed a ...

Pierluigi Paganini July 17, 2024
APT
Void Banshee exploits CVE-2024-38112 zero-day to spread malware

Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. An APT group tracked as Void Banshee was spotted exploiting the Windows zer ...

Pierluigi Paganini July 17, 2024
Cyber Crime
The Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal

Microsoft said that in Q2 2024, the Octo Tempest cybercrime gang added RansomHub and Qilin ransomware to its arsenal. In the second quarter of 2024, financially motivated threat actor Octo Tempest ...

Pierluigi Paganini July 17, 2024
Security
CISA adds OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security ...

Pierluigi Paganini July 16, 2024
Breaking News
Kaspersky leaves U.S. market following the ban on the sale of its software in the country

Kaspersky is leaving the U.S. market following the recent ban on the sales of its software imposed by the Commerce Department. Russian cybersecurity firm Kaspersky announced its exit from the U.S. ...

Pierluigi Paganini July 16, 2024
Mobile
FBI unlocked the phone of the suspect in the assassination attempt on Donald Trump

The FBI gained access to the password-protected phone of the suspect in the assassination attempt on Donald Trump. The independent website 404 Media first reported that the FBI had successfully ac ...

Pierluigi Paganini July 16, 2024
Malware
Ransomware groups target Veeam Backup & Replication bug

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The vulnerability CVE-2023-275327 (CVSS score of 7.5) impacts the ...

Pierluigi Paganini July 15, 2024
Cyber Crime
AT&T paid a $370,000 ransom to prevent stolen data from being leaked

Wired attributes the recently disclosed AT&T data breach to a hacker living in Turkey and reported the company paid a $370,000 ransom. An American hacker who lives in Turkey claimed responsibi ...

Pierluigi Paganini July 15, 2024
Malware
HardBit ransomware version 4.0 supports new obfuscation techniques

Cybersecurity researchers detailed a new version of the HardBit ransomware that supports new obfuscation techniques to avoid detection. The new version (version 4.0) of the HardBit ransomware come ...

Pierluigi Paganini July 15, 2024
Malware
Dark Gate malware campaign uses Samba file shares

A Dark Gate malware campaign from March-April 2024 demonstrates how attackers exploit legitimate tools and services to distribute malware. Palo Alto Networks Unit 42 researchers shared details abo ...

Pierluigi Paganini July 15, 2024
Malware
Security Affairs Malware Newsletter - Round 2

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. New Android Spyware Steals Data from Gamers and TikTok Users& ...

Pierluigi Paganini July 14, 2024
Breaking News
Security Affairs newsletter Round 480 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini July 14, 2024
Cyber Crime
Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

Ukrainian national Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID malware operations. The U.S. DoJ sentenced the Ukrainian national Vyacheslav Igorevich Pen ...

Pierluigi Paganini July 13, 2024
Data Breach
Rite Aid disclosed data breach following RansomHub ransomware attack

The American drugstore chain Rite Aid Corporation disclosed a data breach following the cyber attack that hit the company in June. The American drugstore chain giant Rite Aid suffered a data breac ...

Pierluigi Paganini July 13, 2024
Data Breach
New AT&T data breach exposed call logs of almost all customers

AT&T disclosed a new data breach that exposed phone call and text message records for approximately 110 million people. AT&T suffered a massive data breach, attackers stole the call logs f ...

Pierluigi Paganini July 12, 2024
Hacking
Critical flaw in Exim MTA could allow to deliver malware to users' inboxes

A critical vulnerability in Exim mail server allows attackers to deliver malicious executable attachments to mailboxes. Attackers can exploit a critical security flaw, tracked as CVE-2024-39929 (C ...

Pierluigi Paganini July 12, 2024
Security
Palo Alto Networks fixed a critical bug in the Expedition tool

Palo Alto Networks addressed five vulnerabilities impacting its products, including a critical authentication bypass issue. Palo Alto Networks released security updates to address five security ...

Pierluigi Paganini July 12, 2024
Cyber Crime
Smishing Triad Is Targeting India To Steal Personal and Payment Data at Scale

Resecurity has identified a new campaign by the Smishing Triad that is targeting India to steal personal and payment data at scale Resecurity (USA) identified a new campaign targeting India Post ( ...

Pierluigi Paganini July 12, 2024
Cyber Crime
October ransomware attack on Dallas County impacted over 200,000 people

The ransomware attack that hit Dallas County in October 2023 has impacted more than 200,000 individuals exposing their personal information. In October 2023 the Play ransomware group hit Dallas Co ...

Pierluigi Paganini July 12, 2024
Cyber Crime
CrystalRay operations have scaled 10x to over 1,500 victims

A threat actor known as CrystalRay targeted 1,500 victims since February using tools like SSH-Snake and various open-source utilities. The Sysdig Threat Research Team (TRT) first spotted the thr ...

Pierluigi Paganini July 11, 2024
Hacking
Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The Akamai Security Intelligence Response Team (SIRT) warns that multiple ...

Pierluigi Paganini July 11, 2024
Security
AI-Powered Russia's bot farm operates on X, US and its allies warn

The US and its allies disrupted an AI-powered Russia-linked bot farm on the social media platform X relying on the Meliorator AI software. The U.S. FBI and Cyber National Mission Force, along with ...

Pierluigi Paganini July 11, 2024
Security
VMware fixed critical SQL-Injection in Aria Automation product

VMware addressed a critical SQL-Injection vulnerability, tracked as CVE-2024-22280, impacting Aria Automation. Virtualization giant VMware addressed a high-severity SQL-injection vulnerability, tr ...

Pierluigi Paganini July 11, 2024
Security
Citrix fixed critical and high-severity bugs in NetScaler product

IT giant Citrix addressed multiple vulnerabilities, including critical and high-severity issues in its NetScaler product. Citrix released security updates to address critical and high-severity iss ...

Pierluigi Paganini July 10, 2024
Hacking
A new flaw in OpenSSH can lead to remote code execution

A vulnerability affects some versions of the OpenSSH secure networking suite, it can potentially lead to remote code execution. The vulnerability CVE-2024-6409 (CVSS score: 7.0) impacts select ver ...

Pierluigi Paganini July 10, 2024
Security
Microsoft Patch Tuesday for July 2024 fixed 2 actively exploited zero-days

Microsoft Patch Tuesday security updates for July 2024 addressed 139 flaws, including two actively exploited zero-days. Microsoft Patch Tuesday security updates for July 2024 addressed 139 vulnera ...

Pierluigi Paganini July 10, 2024
Security
U.S. CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Inf ...

Pierluigi Paganini July 10, 2024
Cyber Crime
Evolve Bank data breach impacted over 7.6 million individuals

The Lockbit ransomware attack on Evolve Bank has compromised the personal information of over 7.6 million individuals. At the end of June, the LockBit gang announced that it had breached ...

Pierluigi Paganini July 09, 2024
Data Breach
More than 31 million customer email addresses exposed following Neiman Marcus data breach

The recent data breach suffered by the American luxury department store chain Neiman Marcus has exposed more than 31 million customer email addresses. In May 2024, the American luxury retailer and ...

Pierluigi Paganini July 09, 2024
Malware
Avast released a decryptor for DoNex Ransomware and its predecessors

Avast developed and released a decryptor for the DoNex ransomware family that allows victims to recover their files for free. Avast researchers identified a cryptographic flaw in the DoNex ransomw ...

Pierluigi Paganini July 09, 2024
Data Breach
RockYou2024 compilation containing 10 billion passwords was leaked online

Threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. The Cybernews researchers reported that threat actors leaked the largest password comp ...

Pierluigi Paganini July 08, 2024
Hacking
Critical Ghostscript flaw exploited in the wild. Patch it now!

Threat actors are exploiting Ghostscript vulnerability CVE-2024-29510 to bypass the sandbox and achieve remote code execution. Threat actors are actively exploiting a Ghostscript vulnerability, tr ...

Pierluigi Paganini July 08, 2024
Hacking
Apple removed 25 VPN apps from the App Store in Russia following Moscow's requests

Apple removed several virtual private network (VPN) apps from its App Store in Russia following a request from the Russian Government. Russia is tightening its citizens' control over Internet acce ...

Pierluigi Paganini July 08, 2024
Security
CISA adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Securi ...

Pierluigi Paganini July 08, 2024
Security
Apache fixed a source code disclosure flaw in Apache HTTP Server

The Apache Foundation addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The Apache Software Foundation has addressed multiple vulnerabiliti ...

Pierluigi Paganini July 07, 2024
Malware
Security Affairs Malware Newsletter - Round 1

Today marks the launch of the Security Affairs newsletter, specializing in Malware. This newsletter complements the weekly one you already receive. Each week, it will feature a collection of the best ...

Pierluigi Paganini July 07, 2024
Breaking News
Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini July 07, 2024
Uncategorized
Alabama State Department of Education suffered a data breach following a blocked attack

Alabama’s education superintendent disclosed a data breach following a hacking attempt on the Alabama State Department of Education. The Alabama State Department of Education announced it had th ...

Pierluigi Paganini July 07, 2024
Malware
GootLoader is still active and efficient

Researchers warn that the malware GootLoader is still active and threat actors are still using it in their campaigns. Threat actors continue to use GootLoader malware in their campaigns, Cybereaso ...

Pierluigi Paganini July 06, 2024
Data Breach
Hackers stole OpenAI secrets in a 2023 security breach

The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised. OpenAI suffered a security breach in 2023, the ...

Pierluigi Paganini July 06, 2024
Data Breach
Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes

The threat actor Sp1d3rHunters leaked valid Taylor Swift ’s ERAS Tour barcodes threatening to leak more data and blackmailing Ticketmaster. A threat actor that goes online with the moniker Sp1d3 ...

Pierluigi Paganini July 05, 2024
Hacking
Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain

Cybersecurity company Censys has identified over 380,000 hosts that are still referencing the malicious polyfill.io domain. Censys reported that over 380,000 internet-exposed hosts are still refer ...

Pierluigi Paganini July 05, 2024
Cyber Crime
New Golang-based Zergeca Botnet appeared in the threat landscape

Researchers uncovered a new Golang-based botnet called Zergeca that can carry out distributed denial-of-service (DDoS) attacks. Researchers at the QiAnXin XLab team uncovered a new Golang-based bo ...

Pierluigi Paganini July 05, 2024
ICS-SCADA
Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus

Microsoft discovered two flaws in Rockwell Automation PanelView Plus that remote, unauthenticated attackers could exploit. Microsoft responsibly disclosed two vulnerabilities in Rockwell Automatio ...

Pierluigi Paganini July 05, 2024
Hacking
Hackers compromised Ethereum mailing list and launched a crypto draining attack

Hackers compromised Ethereum 's mailing list provider and sent phishing messages to the members attempting to drain their crypto funds. Hackers compromised Ethereum's mailing list provider and on ...

Pierluigi Paganini July 05, 2024
Cyber Crime
OVHcloud mitigated a record-breaking DDoS attack in April 2024

OVHcloud successfully mitigated a record-breaking DDoS attack in April, which reached 840 million packets per second (Mpps). The cloud services provider OVHcloud announced it has mitigated a recor ...

Pierluigi Paganini July 04, 2024
Data Breach
Healthcare fintech firm HealthEquity disclosed a data breach

Healthcare firm HealthEquity disclosed a data breach caused by a partner's compromised account that exposed protected health information. Healthcare fintech firm HealthEquity disclosed a data brea ...

Pierluigi Paganini July 04, 2024
Social Networks
Brazil data protection authority bans Meta from training AI models with data originating in the country

Brazil’s data protection authority temporarily banned Meta from using data originating in the country to train its artificial intelligence. Brazil's data protection authority, Autoridade Naciona ...

Pierluigi Paganini July 04, 2024
Security
Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform

Technology company Splunk released security updates to address 16 vulnerabilities in Splunk Enterprise and Cloud Platform. Technology company Splunk addressed 16 vulnerabilities in Splunk Enterpri ...

Pierluigi Paganini July 04, 2024
Cyber Crime
Operation Morpheus took down 593 Cobalt Strike servers used by threat actors

An international law enforcement operation code-named Operation Morpheus led to the takedown of 593 Cobalt Strike servers used by crooks. An international law enforcement operation, code-named Ope ...

Pierluigi Paganini July 03, 2024
Cyber Crime
LockBit group claims the hack of the Fairfield Memorial Hospital in the US

The LockBit ransomware group breached another hospital in the United States, the victim is the Fairfield Memorial Hospital in Illinois. It has happened again, another US healthcare organization su ...

Pierluigi Paganini July 03, 2024
Hacking
American Patelco Credit Union suffered a ransomware attack

The American credit union Patelco Credit Union shut down several of its banking systems to contain a ransomware attack. Patelco Credit Union is a member-owned, not-for-profit credit union that se ...

Pierluigi Paganini July 03, 2024
Intelligence
Polish government investigates Russia-linked cyberattack on state news agency

The Polish government is investigating a potential connection between Russia and a cyberattack on the country’s state news agency. The Polish government is investigating a suspected link between ...

Pierluigi Paganini July 03, 2024
Cyber Crime
Evolve Bank data breach impacted fintech firms Wise and Affirm

Fintech firms Wise and Affirm confirmed they were both impacted by the recent data breach suffered by Evolve Bank. Fintech companies Wise and Affirm have confirmed that they were both affected by ...

Pierluigi Paganini July 02, 2024
Data Breach
Prudential Financial data breach impacted over 2.5 million individuals

Prudential Financial confirmed that more than 2.5 million individuals were affected by the data breach it suffered in February 2024. The insurance company Prudential Financial confirmed that the d ...

Pierluigi Paganini July 02, 2024
Cyber Crime
Australian man charged for Evil Twin Wi-Fi attacks on domestic flights

An Australian man has been charged with carrying out 'Evil Twin' Wi-Fi attack during a domestic flight to steal user credentials and data. An Evil Twin Wi-Fi attack is a type of cyberattack where ...

Pierluigi Paganini July 02, 2024
APT
China-linked APT exploited Cisco NX-OS zero-day to deploy custom malware

Cisco fixed an actively exploited NX-OS zero-day, the flaw was exploited to install previously unknown malware as root on vulnerable switches. Cisco addressed an NX-OS zero-day, tracked as CVE-202 ...

Pierluigi Paganini July 02, 2024
Security
Critical unauthenticated remote code execution flaw in OpenSSH server

A critical flaw in the OpenSSH server can be exploited to achieve unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintainers addressed a critical ...

Pierluigi Paganini July 01, 2024
Cyber Crime
Monti gang claims the hack of the Wayne Memorial Hospital in Pennsylvania

Wayne Memorial Hospital in Pennsylvania was the victim of a cyber attack, Monti gang claimed to have hacked the healthcare infrastructure. Another critical infrastructure healthcare suffered a sec ...

Pierluigi Paganini July 01, 2024
Hacking
Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769

Experts spotted threat actors exploiting the critical vulnerability CVE-2024-0769 affects all D-Link DIR-859 WiFi routers. Researchers from cybersecurity firm GreyNoise have spotted exploitation a ...

Pierluigi Paganini July 01, 2024
Hacking
Russia-linked Midnight Blizzard stole email of more Microsoft customers

Microsoft warned more customers about email theft linked to the previously reported Midnight Blizzard hacking campaign. The Russia-linked cyberespionage group Midnight Blizzard continues to target ...

Pierluigi Paganini June 30, 2024
Hacking
Russia-linked group APT29 likely breached TeamViewer's corporate network

Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of TeamViewer 's corporate network. TeamViewer discovered that a threat actor has breached its corporate network and som ...

Pierluigi Paganini June 30, 2024
Breaking News
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini June 30, 2024
Data Breach
Infosys McCamish Systems data breach impacted over 6 million people

Infosys McCamish Systems (IMS) revealed that the 2023 data breach following the LockBit ransomware attack impacted 6 million individuals. IMS specializes in providing business process outsourcing ...

Pierluigi Paganini June 29, 2024
Hacking
A cyberattack shut down the University Hospital Centre Zagreb in Croatia

A cyber attack started targeting the University Hospital Centre Zagreb (KBC Zagreb) on Wednesday night, reported the Croatian Radiotelevision. A cyber attack began targeting the University Hospita ...

Pierluigi Paganini June 28, 2024
Hacking
US announces a $10M reward for Russia's GRU hacker behind attacks on Ukraine

The US DoJ announced charges against a member of Russia's military intelligence service GRU for conducting wiper attacks on Ukraine in 2022. The US Department of Justice (DoJ) announced charges ag ...

Pierluigi Paganini June 28, 2024
Cyber Crime
LockBit group falsely claimed the hack of the Federal Reserve

The LockBit ransomware group seems to have lied when they announced the hack of the US Federal Reserve. The real victim is the Evolve Bank. The LockBit ransomware group hasn't hacked the Federal R ...

Pierluigi Paganini June 27, 2024
Security
CISA adds GeoSolutionsGroup JAI-EXT, Linux Kernel, and Roundcube Webmail bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds GeoSolutionsGroup JAI-EXT, Linux Kernel, and Roundcube Webmail bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cyber ...

Pierluigi Paganini June 27, 2024
Malware
New P2Pinfect version delivers miners and ransomware on Redis servers

Researchers warn that the P2Pinfect worm is targeting Redis servers with ransomware and cryptocurrency mining payloads. Cado Security researchers warned that the P2Pinfect worm is employed in atta ...

Pierluigi Paganini June 27, 2024
Hacking
New MOVEit Transfer critical bug is actively exploited

Experts warn of active exploitation of a critical authentication bypass vulnerability in MOVEit Transfer file transfer software. Progress Software addressed two critical authentication bypass vuln ...

Pierluigi Paganini June 26, 2024
Malware
New Caesar Cipher Skimmer targets popular CMS used by e-stores

A new e-skimmer called Caesar Cipher Skimmer is used to compromise multiple CMS, including WordPress, Magento, and OpenCart. Sucuri researchers discovered a new e-skimmer, called Caesar Cipher Ski ...

Pierluigi Paganini June 26, 2024
Cyber Crime
Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw

Researchers warn that a Mirai-based botnet is exploiting a recently disclosed critical vulnerability in EoL Zyxel NAS devices. Researchers at the Shadowserver Foundation warn that a Mirai-based bo ...

Pierluigi Paganini June 25, 2024
Security
Wikileaks founder Julian Assange is free

WikiLeaks founder Julian Assange has been released in the U.K. and has left the country after five years in Belmarsh prison. Julian Assange is free after five years in Belmarsh prison, the WikiLe ...

Pierluigi Paganini June 25, 2024
Data Breach
CISA confirmed that its CSAT environment was breached in January.

CISA warned chemical facilities that its Chemical Security Assessment Tool (CSAT) environment was compromised in January. CISA warns chemical facilities that its Chemical Security Assessment Tool ...

Pierluigi Paganini June 25, 2024
Cyber Crime
Threat actors compromised 1,590 CoinStats crypto wallets

Threat actors breached 1,590 cryptocurrency wallets of the cryptocurrency portfolio management and tracking platform CoinStats. The cryptocurrency portfolio management and tracking platform CoinSt ...

Pierluigi Paganini June 24, 2024
Breaking News
Experts observed approximately 120 malicious campaigns using the Rafel RAT

Multiple threat actors are using an open-source Android remote administration tool called Rafel RAT to target Android Devices. Check Point Research identified multiple threat actors using Rafel, ...

Pierluigi Paganini June 24, 2024
Cyber Crime
LockBit claims the hack of the US Federal Reserve

The Lockbit ransomware group announced that it had breached the US Federal Reserve and exfiltrated 33 TB of sensitive data. The Lockbit ransomware group announced that it had breached the systems ...

Pierluigi Paganini June 24, 2024
Cyber Crime
Ransomware threat landscape Jan-Apr 2024: insights and challenges

Between Jan and Apr 2024, the global ransomware landscape witnessed significant activity, with 1420 ransomware claims reported worldwide. In the first four months of 2024, the global ransomware la ...

Pierluigi Paganini June 24, 2024
Breaking News
ExCobalt Cybercrime group targets Russian organizations in multiple sectors

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors with a previously unknown backdoor known as GoRed. Positive Technologies researchers reported that a cybercrime gan ...

Pierluigi Paganini June 24, 2024
Cyber Crime
Threat actor attempts to sell 30 million customer records allegedly stolen from TEG

A threat actor is offering for sale customer data allegedly stolen from the Australia-based live events and ticketing company TEG. TEG (Ticketek Entertainment Group) is an Australian company that ...

Pierluigi Paganini June 23, 2024
Security
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini June 23, 2024
Hacking
Threat actors are actively exploiting SolarWinds Serv-U bug CVE-2024-28995

Threat actors are actively exploiting a recently discovered vulnerability in SolarWinds Serv-U software using publicly available proof-of-concept (PoC) code. Threat actors are actively exploiting ...

Pierluigi Paganini June 23, 2024
Security
US government sanctions twelve Kaspersky Lab executives

The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned twelve Kaspersky Lab executives for their role in the Russian company. The Treasury Department's Office of Foreign Ass ...

Pierluigi Paganini June 22, 2024
Cyber Crime
Experts found a bug in the Linux version of RansomHub ransomware

The RansomHub ransomware operators added a Linux encryptor to their arsenal, the version targets VMware ESXi environments. RansomHub ransomware operation relies on a new Linux version of the encry ...

Pierluigi Paganini June 22, 2024
Hacking
UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware security firm Eclypsium discovered a vulnerability, ...

Pierluigi Paganini June 21, 2024
APT
Russia-linked APT Nobelium targets French diplomatic entities

French information security agency ANSSI reported that Russia-linked threat actor Nobelium is behind a series of cyber attacks that targeted French diplomatic entities. The French information sec ...

Pierluigi Paganini June 21, 2024
Laws and regulations
US bans sale of Kaspersky products due to risks to national security

The US government announced the ban on selling Kaspersky software due to security risks from Russia and urged citizens to replace it. The Biden administration announced it will ban the sale of Kas ...

Pierluigi Paganini June 20, 2024
Security
Atlassian fixed six high-severity bugs in Confluence Data Center and Server

Australian software company Atlassian addressed multiple high-severity vulnerabilities in its Confluence, Crucible, and Jira solutions. Atlassian June 2024 Security Bulletin addressed nine high-se ...

Pierluigi Paganini June 20, 2024
APT
China-linked spies target Asian Telcos since at least 2021

A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. The Symantec Threat Hunter Team reported that an alleged China-linked APT group has ...

Pierluigi Paganini June 20, 2024
Malware
New Rust infostealer Fickle Stealer spreads through various attack methods

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration A new Rust malware called Fickle Stealer spreads through various attack methods and steals sensitive information. ...

Pierluigi Paganini June 20, 2024
Hacking
An unpatched bug allows anyone to impersonate Microsoft corporate email accounts

A researcher discovered a flaw that allows attackers to impersonate Microsoft corporate email accounts and launch phishing attacks. The security researcher Vsevolod Kokorin (@Slonser) discovered ...

Pierluigi Paganini June 20, 2024
Cyber Crime
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale

Resecurity researchers warn of a new activity of Smishing Triad, which has expanded its operations to Pakistan. Resecurity has identified a new activity of Smishing Triad, which has expanded its o ...

Pierluigi Paganini June 20, 2024
Hacking
Alleged researchers stole $3 million from Kraken exchange

Alleged researchers have exploited a zero-day in Kraken crypto exchange to steal $3 million worth of cryptocurrency. Kraken Chief Security Officer Nick Percoco revealed that alleged security resea ...

Pierluigi Paganini June 19, 2024
Security
Google Chrome 126 update addresses multiple high-severity flaws

Google released Chrome 126 update that addresses a high-severity vulnerability demonstrated at the TyphoonPWN 2024 hacking competition. Google has issued a Chrome 126 security update, addressing s ...

Pierluigi Paganini June 19, 2024
Data Breach
Chip maker giant AMD investigates a data breach

AMD announced an investigation after a threat actor attempted to sell data allegedly stolen from its systems. AMD has launched an investigation after the threat actor IntelBroker announced they we ...

Pierluigi Paganini June 19, 2024
Cyber Crime
Cryptojacking campaign targets exposed Docker APIs

A malware campaign targets publicly exposed Docker API endpoints to deliver cryptocurrency miners and other payloads. Researchers at Datadog uncovered a new cryptojacking campaign linked to the at ...

Pierluigi Paganini June 19, 2024
Hacking
VMware fixed RCE and privilege escalation bugs in vCenter Server

VMware addressed vCenter Server vulnerabilities that can allow remote code execution or privilege escalation. VMware addressed multiple vCenter Server vulnerabilities that remote attackers can exp ...

Pierluigi Paganini June 18, 2024
Laws and regulations
Meta delays training its AI using public content shared by EU users 

Meta announced it is postponing the training of its large language models using public content from adult Facebook and Instagram users in the EU. Meta announced it is delaying the training of its ...

Pierluigi Paganini June 18, 2024
Data Breach
Keytronic confirms data breach after ransomware attack

Printed circuit board assembly (PCBA) manufacturer Keytronic disclosed a data breach after a ransomware attack. Keytronic has confirmed a data breach after a ransomware group leaked allegedly sto ...

Pierluigi Paganini June 18, 2024
Cyber Crime
The Financial Dynamics Behind Ransomware Attacks

Over the last few years, ransomware attacks have become one of the most prevalent and expensive forms of cybercrime. Initially, these attacks involved malicious software that encrypts a victim's ...

Pierluigi Paganini June 18, 2024
Deep Web
Empire Market owners charged with operating $430M dark web marketplace

Federal authorities charged two individuals with operating the dark web marketplace Empire Market that facilitated over $430 million in illegal transactions. Two men, Thomas Pavey (aka "Dopenugget ...

Pierluigi Paganini June 17, 2024
APT
China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign

Chinese cyberespionage group Velvet Ant was spotted using custom malware to target F5 BIG-IP appliances to breach target networks. In late 2023, Sygnia researchers responded to an incident suffere ...

Pierluigi Paganini June 17, 2024
Data Breach
LA County’s Department of Public Health (DPH) data breach impacted over 200,000 individuals

The County of Los Angeles’ Department of Public Health (DPH) disclosed a data breach that impacted more than 200,000 individuals. The LA County’s Department of Public Health announced that the ...

Pierluigi Paganini June 17, 2024
Cyber Crime
Spanish police arrested an alleged member of the Scattered Spider group

A joint law enforcement operation led to the arrest of a key member of the cybercrime group known as Scattered Spider. Spanish police arrested a 22-year-old British national who is suspected of be ...

Pierluigi Paganini June 17, 2024
Security
Online job offers, the reshipping and money mule scams

Offers that promise easy earnings can also bring with them a host of scams that deceive those who are genuinely seeking income opportunities. Often, behind these enticing offers are pyramid scheme ...

Pierluigi Paganini June 17, 2024
Breaking News
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini June 16, 2024
Security
ASUS fixed critical remote authentication bypass bug in several routers

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. ASUS addresses a critical remote authentication bypass vulnerabil ...

Pierluigi Paganini June 16, 2024
Cyber Crime
London hospitals canceled over 800 operations in the week after Synnovis ransomware attack

NHS England confirmed that multiple London hospitals impacted by the ransomware attack at Synnovis were forced to cancel planned operations. NHS England confirmed that the recent ransomware attack ...

Pierluigi Paganini June 15, 2024
Laws and regulations
DORA Compliance Strategy for Business Leaders

In January 2025, European financial and insurance institutions, their business partners and providers, must comply with DORA. In January 2025, financial and insurance institutions in Europe and an ...

Pierluigi Paganini June 14, 2024
Security
CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cyb ...

Pierluigi Paganini June 14, 2024
Hacking
City of Cleveland still working to fully restore systems impacted by a cyber attack

Early this week, the City of Cleveland suffered a cyber attack that impacted multiple services. The City is working to restore impacted systems. On Monday, the City of Cleveland announced it was t ...

Pierluigi Paganini June 14, 2024
Security
Google fixed an actively exploited zero-day in the Pixel Firmware

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tr ...

Pierluigi Paganini June 13, 2024
Security
Multiple flaws in Fortinet FortiOS fixed

Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution security issue. Fortinet addressed multiple vulnerabilities in FortiOS a ...

Pierluigi Paganini June 13, 2024
Hacking
CISA adds Arm Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Securit ...

Pierluigi Paganini June 12, 2024
Breaking News
Ukraine Police arrested a hacker who developed a crypter used by Conti and LockBit ransomware operation

The Ukraine cyber police arrested a Russian man for having developed the crypter component employed in Conti and LockBit ransomware operations. The Ukraine cyber police arrested a Russian man (2 ...

Pierluigi Paganini June 12, 2024
Security
JetBrains fixed IntelliJ IDE flaw exposing GitHub access tokens

JetBrains warned to fix a critical vulnerability in IntelliJ integrated development environment (IDE) apps that exposes GitHub access tokens. JetBrains warned customers to address a critical vulne ...

Pierluigi Paganini June 12, 2024
Security
Microsoft Patch Tuesday security updates for June 2024 fixed only one critical issue

Microsoft Patch Tuesday security updates for June 2024 addressed 49 vulnerabilities, only one of them is a publicly disclosed zero-day flaw. Microsoft Patch Tuesday security updates for June 2024 ...

Pierluigi Paganini June 12, 2024
Data Breach
Cylance confirms the legitimacy of data offered for sale in the dark web

A threat actor is selling the data belonging to BlackBerry’s Cylance cybersecurity unit, he demanded $750,000. A threat actor, that goes online with the moniker Sp1d3r, is selling the stolen dat ...

Pierluigi Paganini June 11, 2024
Hacking
Arm zero-day in Mali GPU Drivers actively exploited in the wild

Semiconductor and software design company Arm warns of an actively exploited zero-day vulnerability in Mali GPU Kernel Driver. Arm is warning of an actively exploited zero-day vulnerability, track ...

Pierluigi Paganini June 11, 2024
Hacking
Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. Patch it now!

A proof-of-concept (PoC) exploit code for a Veeam Backup Enterprise Manager authentication bypass flaw CVE-2024-29849 is publicly available. Researcher Sina Kheirkha analyzed the Veeam Backup Ent ...

Pierluigi Paganini June 11, 2024
Security
Japanese video-sharing platform Niconico was victim of a cyber attack

The Japanese video-sharing platform, Niconico, was forced to suspend its services following a cybersecurity incident. The Japanese video-sharing platform, Niconico, temporarily suspended its servi ...

Pierluigi Paganini June 10, 2024
Cyber Crime
UK NHS call for O-type blood donations following ransomware attack on London hospitals

The UK NHS issued an urgent call for O-type blood donations following the recent ransomware attack that hit several London hospitals. The UK National Health Service (NHS) issued an urgent call for ...

Pierluigi Paganini June 10, 2024
Data Breach
Christie’s data breach impacted 45,798 individuals

Auction house Christie’s revealed that the data breach caused by the recent ransomware attack impacted 45,000 individuals. At the end of May, the auction house Christie’s disclosed a data bre ...

Pierluigi Paganini June 10, 2024
Hacking
Sticky Werewolf targets the aviation industry in Russia and Belarus

Morphisec researchers observed a threat actor, tracked as Sticky Werewolf, targeting entities in Russia and Belarus. Sticky Werewolf is a threat actor that was first spotted in April 2023, initial ...

Pierluigi Paganini June 10, 2024
Data Breach
Frontier Communications data breach impacted over 750,000 individuals

Frontier Communications is notifying over 750,000 individuals that their personal information was stolen in a recent cyber attack. Last week, the RansomHub ransomware group claimed to have stolen ...

Pierluigi Paganini June 10, 2024
Breaking News
PHP addressed critical RCE flaw potentially impacting millions of servers

A new PHP for Windows remote code execution (RCE) flaw affects version 5.x and earlier versions, potentially impacting millions of servers worldwide. Researchers at cybersecurity firm DEVCORE disc ...

Pierluigi Paganini June 09, 2024
Security
Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini June 09, 2024
Security
SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform

SolarWinds addressed multiple vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a pentester working with NATO. SolarWinds announced security patches to address mul ...

Pierluigi Paganini June 07, 2024
Cyber Crime
Pandabuy was extorted twice by the same threat actor

Chinese shopping platform Pandabuy previously paid a ransom demand to an extortion group that extorted the company again this week. The story of the attack against the Chinese shopping platform Pa ...

Pierluigi Paganini June 07, 2024
Intelligence
UAC-0020 threat actor used the SPECTR Malware to target Ukraine's defense forces

Ukraine CERT-UA warned of cyber attacks targeting defense forces with SPECTR malware as part of a cyber espionage campaign dubbed SickSync. The Computer Emergency Response Team of Ukraine (CERT-UA ...

Pierluigi Paganini June 07, 2024
Cyber Crime
A new Linux version of TargetCompany ransomware targets VMware ESXi environments

A new Linux variant of the TargetCompany ransomware family targets VMware ESXi environments using a custom shell script. A new variant of the TargetCompany ransomware group uses a custom shell sc ...

Pierluigi Paganini June 06, 2024
Security
FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

The FBI is informing victims of LockBit ransomware it has obtained over 7,000 LockBit decryption keys that could allow some of them to decrypt their data. The FBI is inviting victims of LockBit ra ...

Pierluigi Paganini June 06, 2024
Malware
RansomHub operation is a rebranded version of the Knight RaaS

Researchers believe the RansomHub ransomware-as-a-service is a rebranded version of the Knight ransomware operation. Cybersecurity experts who analyzed the recently emerged ransomware operation Ra ...

Pierluigi Paganini June 06, 2024
Digital ID
Malware can steal data collected by the Windows Recall tool, experts warn

Cybersecurity researchers demonstrated how malware could potentially steal data collected by the new Windows Recall tool. The Recall feature of Microsoft Copilot+ is an AI-powered tool designed to ...

Pierluigi Paganini June 05, 2024
Breaking News
Cisco addressed Webex flaws used to compromise German government meetings

Cisco addressed vulnerabilities that were exploited to compromise the Webex meetings of the German government. In early May, German media outlet Zeit Online revealed that threat actors exploited v ...

Pierluigi Paganini June 05, 2024
Hacking
CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs

A vulnerability in the popular video-sharing platform TikTok allowed threat actors to take over the accounts of celebrities. Threat actors exploited a zero-day vulnerability in the video-sharing p ...

Pierluigi Paganini June 05, 2024
Security
Zyxel addressed three RCEs in end-of-life NAS devices

Zyxel Networks released an emergency security update to address critical vulnerabilities in end-of-life NAS devices. Zyxel Networks released an emergency security update to address three critical ...

Pierluigi Paganini June 05, 2024
Cyber Crime
A ransomware attack on Synnovis impacted several London hospitals

A ransomware attack that hit the provider of pathology and diagnostic services Synnovis severely impacted the operations of several London hospitals. A ransomware attack on pathology and diagnosti ...

Pierluigi Paganini June 04, 2024
Data Breach
RansomHub gang claims the hack of the telecommunications giant Frontier Communications

The RansomHub ransomware group added the American telecommunications company Frontier Comunications to the list of victims on its Tor leak site. The RansomHub ransomware group claimed to have stol ...

Pierluigi Paganini June 04, 2024
Cyber Crime
Cybercriminals attack banking customers in EU with V3B phishing kit - PhotoTAN and SmartID supported.

Resecurity uncovered a cybercriminal group that is providing a sophisticated phishing kit, named V3B, to target banking customers in the EU. Resecurity has uncovered a new cybercriminal group pro ...

Pierluigi Paganini June 04, 2024
Hacking
Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers

Researchers published a PoC exploit code for an authentication bypass vulnerability on Progress Telerik Report Servers. Researchers published a proof-of-concept (PoC) exploit code for an authentic ...

Pierluigi Paganini June 04, 2024
Security
Multiple flaws in Cox modems could have impacted millions of devices

Researcher discovered several authorization bypass vulnerabilities in Cox modems that potentially impacted millions of devices. The security researcher Sam Curry discovered multiple issues in Cox ...

Pierluigi Paganini June 04, 2024
Hacking
CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog

CISA adds Oracle WebLogic Server OS command injection vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Oracl ...

Pierluigi Paganini June 03, 2024
Cyber Crime
Spanish police shut down illegal TV streaming network

Spanish police dismantled a pirated TV streaming network that allowed its operators to earn over 5,300,000 euros since 2015. The Spanish National Police dismantled a network that illicitly distri ...

Pierluigi Paganini June 03, 2024
APT
APT28 targets key networks in Europe with HeadLace malware

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. Researchers at Insikt Group observed Russian GRU's unit APT28 targeti ...

Pierluigi Paganini June 03, 2024
Deep Web
Experts found information of European politicians on the dark web

Personal information of hundreds of British and EU politicians is available on dark web marketplaces. According to research conducted by Proton and Constella Intelligence, the email addresses and ...

Pierluigi Paganini June 03, 2024
Hacking
FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware

Russia-linked threat actor FlyingYeti is targeting Ukraine with a phishing campaign to deliver the PowerShell malware COOKBOX. Cloudflare researchers discovered phishing campaign conducted by a R ...

Pierluigi Paganini June 02, 2024
Breaking News
Security Affairs newsletter Round 474 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini June 02, 2024
Data Breach
Ticketmaster confirms data breach impacting 560 million customers

Ticketmaster owner Live Nation confirmed the Ticketmaster data breach that compromised the data of 560 million customers. ShinyHunters, the current administrator of BreachForums, recently cla ...

Pierluigi Paganini June 01, 2024
Hacking
Critical Apache Log4j2 flaw still threatens global finance

The vulnerability CVE-2021-44832 is Apache Log4j2 library is still a serious problem for multiple industries, expert warns it threatens global Finance. The independent cyber threat intelligence an ...

Pierluigi Paganini June 01, 2024
Security
Crooks stole more than $300M worth of Bitcoin from the exchange DMM Bitcoin

Crooks stole approximately 48.2 billion yen ($304 million) worth of Bitcoin from the Japanese cryptocurrency exchange DMM Bitcoin. The Japanese cryptocurrency exchange DMM Bitcoin announced that c ...

Pierluigi Paganini June 01, 2024
Data Breach
ShinyHunters is selling data of 30 million Santander customers

The threat actor ShinyHunters claims breach of Santander and is offering for sale bank data, including information for 30 million customers. A notorious threat actor ShinyHunters is offering a hug ...

Pierluigi Paganini May 31, 2024
Malware
Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours 

The Chalubo trojan destroyed over 600,000 SOHO routers from a single ISP, researchers from Lumen Technologies reported. Between October 25 and October 27, 2023, the Chalubo malware destroyed more ...

Pierluigi Paganini May 31, 2024
APT
LilacSquid APT targeted organizations in the U.S., Europe, and Asia since at least 2021

A previously undocumented APT group tracked as LilacSquid targeted organizations in the U.S., Europe, and Asia since at least 2021. Cisco Talos researchers reported that a previously undocumented ...

Pierluigi Paganini May 31, 2024
Data Breach
BBC disclosed a data breach impacting its Pension Scheme members

The BBC disclosed a data breach that exposed the personal information of BBC Pension Scheme members. The BBC disclosed a data breach that occurred on May 21. Threat actors gained access to files o ...

Pierluigi Paganini May 31, 2024
Security
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the f ...

Pierluigi Paganini May 30, 2024
Malware
Experts found a macOS version of the sophisticated LightSpy spyware

Researchers spotted a macOS version of the LightSpy surveillance framework that has been active in the wild since at least January 2024. Researchers from ThreatFabric discovered a macOS version of ...

Pierluigi Paganini May 30, 2024
Cyber Crime
Operation Endgame, the largest law enforcement operation ever against botnets

An international law enforcement operation, called Operation Endgame targeted multiple botnets and their operators. Between 27 and 29 May 2024, an international law enforcement operation coordinat ...

Pierluigi Paganini May 30, 2024
Cyber Crime
Law enforcement operation dismantled 911 S5 botnet

An international law enforcement operation led by the U.S. DoJ disrupted the 911 S5 botnet and led to the arrest of its administrator. The U.S. Justice Department led an international law enforcem ...

Pierluigi Paganini May 30, 2024
Cyber Crime
Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature

Identity and access management firm Okta warns of credential stuffing attacks targeting the Customer Identity Cloud (CIC) feature. Okta warns of credential stuffing attacks targeting its Custome ...

Pierluigi Paganini May 30, 2024
Digital ID
Check Point released hotfix for actively exploited VPN zero-day

Check Point released hotfixes for a VPN zero-day vulnerability, tracked as CVE-2024-24919, which is actively exploited in attacks in the wild. Check Point released hotfixes to address a VPN zero- ...

Pierluigi Paganini May 29, 2024
Data Breach
ABN Amro discloses data breach following an attack on a third-party provider

Dutch bank ABN Amro discloses data breach following a ransomware attack hit the third-party services provider AddComm. Dutch bank ABN Amro disclosed a data breach after third-party services provid ...

Pierluigi Paganini May 29, 2024
Cyber Crime
Christie disclosed a data breach after a RansomHub attack

Auction house Christie disclosed a data breach following a RansomHub cyber attack that occurred this month. Auction house Christie’s disclosed a data breach after the ransomware group RansomHub ...

Pierluigi Paganini May 28, 2024
Hacking
Experts released PoC exploit code for RCE in Fortinet SIEM

Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution. Security researchers at Horizon3's Attack Team released a proof-of-co ...

Pierluigi Paganini May 28, 2024
Malware
WordPress Plugin abused to install e-skimmers in e-commerce sites

Threat actors are exploiting a WordPress plugin to insert malicious PHP code in e-commerce sites and steal credit card data. Sucuri researchers observed threat actors using a PHP snippet WordPress ...

Pierluigi Paganini May 28, 2024
Hacking
TP-Link Archer C5400X gaming router is affected by a critical flaw

Researchers warn of a critical remote code execution vulnerability in TP-Link Archer C5400X gaming router. Researchers at OneKey discovered a a critical remote code execution (RCE) vulnerabil ...

Pierluigi Paganini May 28, 2024
Data Breach
Sav-Rx data breach impacted over 2.8 million individuals

Prescription service firm Sav-Rx disclosed a data breach that potentially impacted over 2.8 million people in the United States. Prescription service company Sav-Rx disclosed a data breach after 2 ...

Pierluigi Paganini May 27, 2024
Security
The Impact of Remote Work and Cloud Migrations on Security Perimeters

Organizations had to re-examine the traditional business perimeter and migrate to cloud-based tools to support distributed workforces. What is the impact? The almost overnight shift to remote work ...

Pierluigi Paganini May 27, 2024
Malware
New ATM Malware family emerged in the threat landscape

Experts warn of a new ATM malware family that is advertised in the cybercrime underground, it was developed to target Europe. A threat actor is advertising a new ATM malware family that claims to ...

Pierluigi Paganini May 27, 2024
Security
A high-severity vulnerability affects Cisco Firepower Management Center

Cisco addressed a SQL injection vulnerability in the web-based management interface of the Firepower Management Center (FMC) Software.  Cisco addressed a vulnerability, tracked as CVE-2024-20360 ...

Pierluigi Paganini May 27, 2024
Cyber warfare
CERT-UA warns of malware campaign conducted by threat actor UAC-0006

The Ukraine CERT-UA warns of a concerning increase in cyberattacks attributed to the financially-motivated threat actor UAC-0006. The Computer Emergency Response Team of Ukraine (CERT-UA) warned o ...

Pierluigi Paganini May 26, 2024
Breaking News
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini May 26, 2024
Hacking
Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack

Malicious actors compromised the JAVS Viewer installer to deliver the RustDoor malware in a supply chain attack. Rapid7 researchers warned that threat actors added a backdoor to the installer for ...

Pierluigi Paganini May 26, 2024
Cyber Crime
Fake AV websites used to distribute info-stealer malware

Threat actors used fake AV websites masquerading as legitimate antivirus products from Avast, Bitdefender, and Malwarebytes to distribute malware. In mid-April 2024, researchers at Trellix Advance ...

Pierluigi Paganini May 25, 2024
APT
MITRE December 2023 attack: Threat actors created rogue VMs to evade detection

The MITRE Corporation revealed that threat actors behind the December 2023 attacks created rogue virtual machines (VMs) within its environment. The MITRE Corporation has provided a new update abou ...

Pierluigi Paganini May 25, 2024
Hacking
An XSS flaw in GitLab allows attackers to take over accounts

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked ...

Pierluigi Paganini May 24, 2024
Hacking
Google fixes eighth actively exploited Chrome zero-day this year, the third in a month

Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in the Chrome browser. Google has released a new emergency security update to address a n ...

Pierluigi Paganini May 24, 2024
Security
CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog

CISA adds Apache Flink improper access control vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a NextGen Healt ...

Pierluigi Paganini May 24, 2024
Hacking
Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

The use of Dynamic DNS (DDNS) services embedded in appliances can potentially expose data and devices to attacks. The use of Dynamic DNS (DDNS) services embedded in appliances, such as those provi ...

Pierluigi Paganini May 24, 2024
Security
Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns

UK data watchdog is investigating Microsoft regarding the new Recall feature in Copilot+ PCs that captures screenshots of the user's laptop every few seconds. The UK data watchdog, the Information ...

Pierluigi Paganini May 24, 2024
APT
APT41: The threat of KeyPlug against Italian industries

Tinexta Cyber’s Zlab Malware Team uncovered a backdoor known as KeyPlug employed in attacks against several Italian industries During an extensive investigation, Tinexta Cyber’s Zlab Malware T ...

Pierluigi Paganini May 23, 2024
Security
Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM)

Ivanti addressed multiple flaws in the Endpoint Manager (EPM), including remote code execution vulnerabilities. Ivanti this week rolled out security patches to address multiple critical vulnerabil ...

Pierluigi Paganini May 23, 2024
APT
Chinese actor 'Unfading Sea Haze' remained undetected for five years

A previously unknown China-linked threat actor dubbed 'Unfading Sea Haze' has been targeting military and government entities since 2018. Bitdefender researchers discovered a previously unknown Ch ...

Pierluigi Paganini May 23, 2024
Uncategorized
A consumer-grade spyware app found in check-in systems of 3 US hotels

A researcher discovered a consumer-grade spyware app on the check-in systems of at least three Wyndham hotels across the US. The security researcher Eric Daigle discovered a commercial spyware app ...

Pierluigi Paganini May 23, 2024
Security
Critical Veeam Backup Enterprise Manager authentication bypass bug

A critical security vulnerability in Veeam Backup Enterprise Manager could allow threat actors to bypass authentication. A critical vulnerability, tracked as CVE-2024-29849 (CVSS score: 9.8), in ...

Pierluigi Paganini May 22, 2024
Cyber Crime
Cybercriminals are targeting elections in India with influence campaigns

Resecurity warns of a surge in malicious cyber activity targeting the election in India, orchestrated by several independent hacktivist groups Resecurity has identified a spike of malicious cyber ...

Pierluigi Paganini May 22, 2024
Hacking
Critical GitHub Enterprise Server Authentication Bypass bug. Fix it now!

GitHub addressed a vulnerability in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication. GitHub has rolled out security fixes to address a critical authentica ...

Pierluigi Paganini May 22, 2024
Data Breach
OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. OmniVision Technologies is a company that specializes in developing advanced digital ...

Pierluigi Paganini May 22, 2024
Security
CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog

CISA adds NextGen Healthcare Mirth Connect deserialization of untrusted data vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini May 21, 2024
Cyber Crime
Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States. Atlas is one of the largest national fuel distributors to 49 cont ...

Pierluigi Paganini May 21, 2024
Hacking
Experts warn of a flaw in Fluent Bit utility that is used by major cloud platforms and firms

A vulnerability in the Fluent Bit Utility, which is used by major cloud providers, can lead to DoS, information disclosure, and potentially RCE. Tenable researchers have discovered a severe vulner ...

Pierluigi Paganini May 21, 2024
Hacking
Experts released PoC exploit code for RCE in QNAP QTS

Experts warn of fifteen vulnerabilities in the QNAP QTS, the operating system for the Taiwanese vendor's NAS products. An audit of QNAP QTS conducted by WatchTowr Labs revealed fifteen vulnerabili ...

Pierluigi Paganini May 21, 2024
Cyber Crime
GitCaught campaign relies on Github and Filezilla to deliver multiple malware

Researchers discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors that used GitHub to distribute malware. Recorded Future's Insikt Group discovered a sophisticated cy ...

Pierluigi Paganini May 20, 2024
Hacking
Two students uncovered a flaw that allows to use laundry machines for free

Two students discovered a security flaw in over a million internet-connected laundry machines that could allow laundry for free. CSC ServiceWorks is a company that provides laundry services and ai ...

Pierluigi Paganini May 20, 2024
Malware
Grandoreiro Banking Trojan is back and targets banks worldwide

A new Grandoreiro banking trojan campaign has been ongoing since March 2024, following the disruption by law enforcement in January. IBM X-Force warns of a new Grandoreiro banking trojan ...

Pierluigi Paganini May 20, 2024
Data Breach
Healthcare firm WebTPA data breach impacted 2.5 million individuals

WebTPA, a third-party administrator that provides healthcare management and administrative services, disclosed a data breach. WebTPA is a third-party administrator that provides healthcare managem ...

Pierluigi Paganini May 19, 2024
Breaking News
Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini May 19, 2024
APT
North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

Symantec warns of a new Linux backdoor used by the North Korea-linked Kimsuky APT in a recent campaign against organizations in South Korea.  Symantec researchers observed the North Korea-linked ...

Pierluigi Paganini May 19, 2024
Intelligence
North Korea-linked IT workers infiltrated hundreds of US firms

The U.S. Justice Department charged five individuals, including a U.S. woman, for aiding North Korea-linked IT workers to infiltrate 300 firms. The Justice Department unsealed charges against an A ...

Pierluigi Paganini May 18, 2024
APT
Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Russia-linked Turla APT allegedly used two new backdoors, named Lunar malware and LunarMail, to target European government agencies. ESET researchers discovered two previously unknown backdoors na ...

Pierluigi Paganini May 17, 2024
Cyber Crime
City of Wichita disclosed a data breach after the recent ransomware attack

The City of Wichita disclosed a data breach after the ransomware attack that hit the Kansas's city earlier this month. On May 5th, 2024, the City of Wichita, Kansas, was the victim of a ransomware ...

Pierluigi Paganini May 17, 2024
Security
CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

CISA adds two D-Link DIR-600 and DIR-605 router vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the followi ...

Pierluigi Paganini May 17, 2024
Cyber Crime
CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog

CISA adds two Chrome zero-day vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added [1,2] the following vulnerabil ...

Pierluigi Paganini May 17, 2024
APT
North Korea-linked Kimsuky APT attack targets victims via Messenger

North Korea-linked Kimsuky APT group employs rogue Facebook accounts to target victims via Messenger and deliver malware. Researchers at Genians Security Center (GSC) identified a new at ...

Pierluigi Paganini May 17, 2024
Cyber Crime
Electronic prescription provider MediSecure impacted by a ransomware attack

Electronic prescription provider MediSecure in Australia suffered a ransomware attack likely originate from a third-party vendor. MediSecure is a company that provides digital health solutions, pa ...

Pierluigi Paganini May 16, 2024
Hacking
Google fixes seventh actively exploited Chrome zero-day this year, the third in a week

Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week. Google has released a new emergency security update to address a new vulner ...

Pierluigi Paganini May 16, 2024
Data Breach
Santander: a data breach at a third-party provider impacted customers and employees

The Spanish bank Santander disclosed a data breach at a third-party provider that impacted customers in Chile, Spain, and Uruguay. The Spanish financial institution Santander revealed a data breac ...

Pierluigi Paganini May 16, 2024
Cyber Crime
FBI seized the notorious BreachForums hacking forum

An international law enforcement operation coordinated by the FBI led to the seizure of the notorious BreachForums hacking forum. BreachForums is a cybercrime forum used by threat actors to purcha ...

Pierluigi Paganini May 15, 2024
Cyber Crime
A Tornado Cash developer has been sentenced to 64 months in prison

One of the developers of the Tornado Cash cryptocurrency mixer has been sentenced to 64 months in prison. Alexey Pertsev (29), one of the main developers of the Tornado Cash cryptocurrency mixer h ...

Pierluigi Paganini May 15, 2024
Security
Adobe fixed multiple critical flaws in Acrobat and Reader

Adobe addressed multiple code execution vulnerabilities in several products, including Adobe Acrobat and Reader. Adobe addressed multiple code execution vulnerabilities in its products, including ...

Pierluigi Paganini May 15, 2024
Data Breach
Ransomware attack on Singing River Health System impacted 895,000 people

The Singing River Health System revealed that the ransomware attack that hit the organization in August 2023 impacted 895,204 people. At the end of August 2023, the systems at three hospitals and ...

Pierluigi Paganini May 15, 2024
Security
Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days

Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across various products including an actively exploited zero-day. Microsoft Patch Tuesday security updates for May 2024 address ...

Pierluigi Paganini May 14, 2024
Hacking
VMware fixed zero-day flaws demonstrated at Pwn2Own Vancouver 2024

VMware fixed four flaws in its Workstation and Fusion desktop hypervisors, including three zero-days exploited at the Pwn2Own Vancouver 2024 VMware addressed four vulnerabilities in its Workstatio ...

Pierluigi Paganini May 14, 2024
Security
MITRE released EMB3D Threat Model for embedded devices

The non-profit technology organization MITRE released the EMB3D threat model for embedded devices used in critical infrastructure. MITRE announced the public release of its EMB3D threat model for ...

Pierluigi Paganini May 14, 2024
Hacking
Google fixes sixth actively exploited Chrome zero-day this year

Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability. Google has released emergency security updates to address a high-severity zero-day vulner ...

Pierluigi Paganini May 14, 2024
Malware
Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. New Jersey's Cybersecurity and Communications Integration Cell (NJCCIC)� ...

Pierluigi Paganini May 14, 2024
Hacking
Threat actors may have exploited a zero-day in older iPhones, Apple warns

Apple rolled out urgent security updates to address code execution vulnerabilities in iPhones, iPads, and macOS. Apple released urgent security updates to address multiple vulnerabilities in iPhon ...

Pierluigi Paganini May 13, 2024
Data Breach
City of Helsinki suffered a data breach

The City of Helsinki suffered a data breach that impacted tens of thousands of students, guardians, and personnel. The Police of Finland is investigating a data breach suffered by the City of Hels ...

Pierluigi Paganini May 13, 2024
Cyber Crime
Russian hackers defaced local British news sites

A group of hackers that defines itself as “first-class Russian hackers” claims the defacement of hundreds of local and regional British newspaper websites. A group claiming to be "first-class ...

Pierluigi Paganini May 13, 2024
Data Breach
Australian Firstmac Limited disclosed a data breach after cyber attack

Firstmac Limited disclosed a data breach after the new Embargo extortion group leaked over 500GB of data allegedly stolen from the company. Firstmac Limited, one of the largest non-bank lenders i ...

Pierluigi Paganini May 13, 2024
Hacking
Pro-Russia hackers targeted Kosovo’s government websites

Pro-Russia hackers targeted government websites in Kosovo in retaliation for the government's support to Ukraine with military equipment. Pro-Russia hackers targeted Kosovo government websites, in ...

Pierluigi Paganini May 12, 2024
Breaking News
Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini May 12, 2024
Cyber Crime
As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported. The FBI, CISA, HHS, and MS-ISAC have issued a joint Cybersecurity Adv ...

Pierluigi Paganini May 12, 2024
Data Breach
Ohio Lottery data breach impacted over 538,000 individuals

The cyber attack on the Ohio Lottery on Christmas Eve exposed the personal data of over 538,000 individuals. On Christmas Eve, a cyberattack targeting the Ohio Lottery resulted in the exposure of ...

Pierluigi Paganini May 11, 2024
Cyber Crime
Notorius threat actor IntelBroker claims the hack of the Europol

Notorius threat actor IntelBroker claims that Europol has suffered a data breach that exposed FOUO and other classified data. The threat actor IntelBroker announced on the cybercrime forum Breach ...

Pierluigi Paganini May 11, 2024
Hacking
A cyberattack hit the US healthcare giant Ascension

A cyberattack hit the US Healthcare giant Ascension and is causing disruption of the systems at hospitals in the country. Ascension is one of the largest private healthcare systems in the Unit ...

Pierluigi Paganini May 11, 2024
Hacking
Google fixes fifth actively exploited Chrome zero-day this year

Since the start of the year, Google released an update to fix the fifth actively exploited zero-day vulnerability in the Chrome browser. Google this week released security updates to address a zer ...

Pierluigi Paganini May 10, 2024
APT
Russia-linked APT28 targets government Polish institutions

CERT Polska warns of a large-scale malware campaign against Polish government institutions conducted by Russia-linked APT28. CERT Polska and CSIRT MON teams issued a warning about a large-scale ma ...

Pierluigi Paganini May 10, 2024
Security
Citrix warns customers to update PuTTY version installed on their XenCenter system manually

Citrix urges customers to manually address a PuTTY SSH client flaw that could allow attackers to steal a XenCenter admin's private SSH key. Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR ...

Pierluigi Paganini May 10, 2024
Breaking News
Dell discloses data breach impacting millions of customers

Dell disclosed a security breach that exposed millions of customers' names and physical mailing addresses. IT giant Dell suffered a data breach exposing customers’ names and physical addresses, ...

Pierluigi Paganini May 09, 2024
Cyber Crime
Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

Threat actors exploit recently disclosed Ivanti Connect Secure (ICS) vulnerabilities to deploy the Mirai botnet. Researchers from Juniper Threat Labs reported that threat actors are exploiting rec ...

Pierluigi Paganini May 09, 2024
Cyber Crime
Zscaler is investigating data breach claims

Cybersecurity firm Zscaler is investigating claims of a data breach after hackers offered access to its network. Cybersecurity firm Zscaler is investigating allegations of a data breach following ...

Pierluigi Paganini May 09, 2024
Security
Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover

Two high-severity vulnerabilities in BIG-IP Next Central Manager can be exploited to gain admin control and create hidden accounts on any managed assets. F5 has addressed two high-severity vulnera ...

Pierluigi Paganini May 09, 2024
Cyber Crime
LockBit gang claimed responsibility for the attack on City of Wichita

The LockBit ransomware group has added the City of Wichita to its Tor leak site and threatened to publish stolen data. Last week, the City of Wichita, Kansas, was the victim of a ransomware attack ...

Pierluigi Paganini May 08, 2024
Hacking
New TunnelVision technique can bypass the VPN encapsulation

TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack ...

Pierluigi Paganini May 08, 2024
Hacking
LiteSpeed Cache WordPress plugin actively exploited in the wild

Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to take over web sites. WPScan researchers reported that threat actors are exploiting a high- ...

Pierluigi Paganini May 08, 2024
Hacking
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

A critical Remote Code Execution vulnerability in the Tinyproxy service potentially impacted 50,000 Internet-Exposing hosts. Researchers from Cisco Talos reported a use-after-free vulnerability in ...

Pierluigi Paganini May 08, 2024
Data Breach
UK Ministry of Defense disclosed a third-party data breach exposing military personnel data 

The UK Ministry of Defense disclosed a data breach at a third-party payroll system that exposed data of armed forces personnel and veterans. The UK Ministry of Defense disclosed a data breach impa ...

Pierluigi Paganini May 08, 2024
Cyber Crime
Law enforcement agencies identified LockBit ransomware admin and sanctioned him

The FBI, UK National Crime Agency, and Europol revealed the identity of the admin of the LockBit operation and sanctioned him. The FBI, UK National Crime Agency, and Europol have unmasked the ...

Pierluigi Paganini May 07, 2024
Hacking
MITRE attributes the recent attack to China-linked UNC5221

MITRE published more details on the recent security breach, including a timeline of the attack and attribution evidence. MITRE has shared more details on the recent hack, including the new malware ...

Pierluigi Paganini May 07, 2024
Cyber Crime
Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

Alexander Vinnik, a Russian operator of virtual currency exchange BTC-e pleaded guilty to participating in a money laundering scheme. Alexander Vinnik, a Russian national, pleaded guilty to conspi ...

Pierluigi Paganini May 07, 2024
Security
City of Wichita hit by a ransomware attack

The City of Wichita in Kansas was forced to shut down its computer systems after a ransomware attack. The City of Wichita, Kansas, was the victim of a ransomware attack and shut down its network t ...

Pierluigi Paganini May 06, 2024
Data Breach
El Salvador suffered a massive leak of biometric data

Resecurity found a massive leak involving the exposure of personally identifiable information (PII) of over five million citizens of El Salvador on the Dark Web. Resecurity identified a massive le ...

Pierluigi Paganini May 06, 2024
Malware
Finland authorities warn of Android malware campaign targeting bank users

Finland's Transport and Communications Agency (Traficom) warned about an ongoing Android malware campaign targeting bank accounts. Traficom, Finland's Transport and Communications Agency, issued a ...

Pierluigi Paganini May 06, 2024
Cyber Crime
Ransomware drama: Law enforcement seized Lockbit group's website again

Law enforcement seized the Lockbit group's Tor website again and announced they will reveal more identities of its operators Law enforcement seized the Lockbit group's Tor website again. The autho ...

Pierluigi Paganini May 05, 2024
APT
NATO and the EU formally condemned Russia-linked APT28 cyber espionage

NATO and the European Union formally condemned cyber espionage operations carried out by the Russia-linked APT28 against European countries. NATO and the European Union condemned cyber espionage o ...

Pierluigi Paganini May 05, 2024
Security
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini May 05, 2024
Security
Blackbasta gang claimed responsibility for Synlab Italia attack

The Blackbasta extortion group claimed responsibility for the attack that in April severely impacted the operations of Synlab Italia. Since April 18, Synlab Italia, a major provider of medical dia ...

Pierluigi Paganini May 04, 2024
Cyber Crime
LockBit published data stolen from Simone Veil hospital in Cannes

LockBit ransomware operators have published sensitive data allegedly stolen from the Simone Veil hospital in Cannes. In April, a cyber attack hit the Hospital Simone Veil in Cannes (CHC-SV), impac ...

Pierluigi Paganini May 03, 2024
APT
Russia-linked APT28 and crooks are still using the Moobot botnet

The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations. Trend Micro researchers reported that the EdgeRouter botnet, called Moobot, used by the ...

Pierluigi Paganini May 03, 2024
Hacking
Dirty stream attack poses billions of Android installs at risk

Microsoft devised an attack technique, dubbed 'Dirty Stream,' impacting widely used Android applications, billions of installations are at risk. Microsoft is warning Android users about a new atta ...

Pierluigi Paganini May 03, 2024
Cyber Crime
ZLoader Malware adds Zeus's anti-analysis feature

Zloader continues to evolve, its authors added an anti-analysis feature that was originally present in the Zeus banking trojan. Zloader (aka Terdot, DELoader, or Silent Night) is a modular trojan ...

Pierluigi Paganini May 03, 2024
Breaking News
Ukrainian REvil gang member sentenced to 13 years in prison

A Ukrainian national, a member of the REvil group, has been sentenced to more than 13 years in prison for his role in extortion activities. The Ukrainian national, Yaroslav Vasinskyi (24), aka Rab ...

Pierluigi Paganini May 02, 2024
Security
HPE Aruba Networking addressed four critical ArubaOS RCE flaws

HPE Aruba Networking addressed four critical remote code execution vulnerabilities impacting its ArubaOS network operating system. HPE Aruba Networking released April 2024 security updates that ad ...

Pierluigi Paganini May 02, 2024
Hacking
Threat actors hacked the Dropbox Sign production environment

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached t ...

Pierluigi Paganini May 02, 2024
Security
CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog

CISA adds GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini May 02, 2024
Data Breach
Panda Restaurant Group disclosed a data breach

Panda Restaurant Group disclosed a data breach that occurred in March, resulting in the theft of associates' personal information. Panda Restaurant Group disclosed a data breach that occurred in M ...

Pierluigi Paganini May 02, 2024
Intelligence
Ex-NSA employee sentenced to 262 months in prison for attempting to transfer classified documents to Russia

A former U.S. NSA employee has been sentenced to nearly 22 years in prison for attempting to sell classified documents to Russia. Jareh Sebastian Dalke (32), of Colorado Springs, is a former emplo ...

Pierluigi Paganini May 01, 2024
Malware
Cuttlefish malware targets enterprise-grade SOHO routers

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. Researchers at Lumen’s Black Lotus Labs discovere ...

Pierluigi Paganini May 01, 2024
Security
A flaw in the R programming language could allow code execution

A flaw in the R programming language enables the execution of arbitrary code when parsing specially crafted RDS and RDX files. A vulnerability, tracked as CVE-2024-27322 (CVSS v3: 8.8), ...

Pierluigi Paganini May 01, 2024
APT
Muddling Meerkat, a mysterious DNS Operation involving China's Great Firewall

The China-linked threat actors Muddling Meerkat are manipulating DNS to probe networks globally since 2019. Infoblox researchers observed China-linked threat actors Muddling Meerkat using sophis ...

Pierluigi Paganini May 01, 2024
Cyber Crime
Notorious Finnish Hacker sentenced to more than six years in prison

Finnish hacker was sentenced to more than six years in prison for hacking into an online psychotherapy clinic and attempted extortion. A popular 26-year-old Finnish hacker Aleksanteri Kivimäki wa ...

Pierluigi Paganini April 30, 2024
Security
CISA guidelines to protect critical infrastructure against AI-based threats

The US government’s cybersecurity agency CISA published a series of guidelines to protect critical infrastructure against AI-based attacks. CISA collaborated with Sector Risk Management Agencies ...

Pierluigi Paganini April 30, 2024
Laws and regulations
NCSC: New UK law bans default passwords on smart devices

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. The U.K. National Cyber Security Centre (NCSC) is urging manuf ...

Pierluigi Paganini April 30, 2024
Laws and regulations
The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data

The Federal Communications Commission (FCC) fined the largest U.S. wireless carriers $200 million for sharing customers' real-time location data without consent. The FCC has fined four major U. ...

Pierluigi Paganini April 30, 2024
Mobile
Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023

Google announced they have prevented 2.28 million policy-violating apps from being published in the official Google Play. Google announced that in 2023, they have prevented 2.28 million policy-vio ...

Pierluigi Paganini April 29, 2024
Cyber Crime
Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals

Financial Business and Consumer Solutions (FBCS) suffered a data breach that exposed information 2 million individuals. Debt collection agency Financial Business and Consumer Solutions (FBCS) disc ...

Pierluigi Paganini April 29, 2024
Hacktivism
Cyber-Partisans hacktivists claim to have breached Belarus KGB

A Belarusian group of activist group claims to have infiltrated the network of the country’s main KGB agency. The Belarusian hacktivist group Cyber-Partisans claims to have infiltrated the netwo ...

Pierluigi Paganini April 29, 2024
Data Breach
The Los Angeles County Department of Health Services disclosed a data breach

The Los Angeles County Department of Health Services reported a data breach that exposed thousands of patients' personal and health information. The Los Angeles County Department of Health Service ...

Pierluigi Paganini April 29, 2024
Uncategorized
Multiple Brocade SANnav SAN Management SW flaws allow device compromise

Multiple flaws in Brocade SANnav storage area network (SAN) management application can allow to compromise impacted appliances. Multiple vulnerabilities found in the Brocade SANnav storage area ne ...

Pierluigi Paganini April 29, 2024
Security
ICICI Bank exposed credit card data of 17000 customers

ICICI Bank, a major private bank in India, mistakenly exposed the sensitive data of thousands of new credit cards to unintended recipients. ICICI Bank, one of the leading private banks in India, a ...

Pierluigi Paganini April 28, 2024
Hacking
Okta warns of unprecedented scale in credential stuffing attacks on online services

Identity and access management services provider Okta warned of a spike in credential stuffing attacks aimed at online services. In recent weeks, Okta observed a surge in credential stuffing attac ...

Pierluigi Paganini April 28, 2024
Breaking News
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini April 28, 2024
Hacking
Targeted operation against Ukraine exploited 7-year-old MS Office bug

A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike. Security experts at Deep Instinct Threat Lab have uncovered a targeted c ...

Pierluigi Paganini April 28, 2024
Data Breach
Hackers may have accessed thousands of accounts on the California state welfare platform

Threat actors accessed more than 19,000 online accounts on a California state platform for welfare programs. Threat actors breached over 19,000 online accounts on a California state platform dedic ...

Pierluigi Paganini April 27, 2024
Malware
Brokewell Android malware supports an extensive set of Device Takeover capabilities

ThreatFabric researchers identified a new Android malware called Brokewell, which implements a wide range of device takeover capabilities. ThreatFabric researchers uncovered a new mobile malware n ...

Pierluigi Paganini April 27, 2024
Hacking
Experts warn of an ongoing malware campaign targeting WP-Automatic plugin

A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites WordPress security scanner WPScan warns that threat actors are exploi ...

Pierluigi Paganini April 26, 2024
Cyber Crime
Cryptocurrencies and cybercrime: A critical intermingling

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new ...

Pierluigi Paganini April 26, 2024
Data Breach
Kaiser Permanente data breach may have impacted 13.4 million patients

Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals in the United States. Kaiser Permanente is an American integrated managed care  ...

Pierluigi Paganini April 26, 2024
Hacking
Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug

Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over 1,400 CrushFTP internet-facing servers are vulnerable to attac ...

Pierluigi Paganini April 26, 2024
Cyber Crime
Sweden’s liquor supply severely impacted by ransomware attack on logistics company

A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply.  Skanlog, a critical distributor for Systembolaget, the Swedish government-owned retail c ...

Pierluigi Paganini April 26, 2024
Security
CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following v ...

Pierluigi Paganini April 25, 2024
Hacking
CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-3 ...

Pierluigi Paganini April 25, 2024
Cyber Crime
DOJ arrested the founders of crypto mixer Samourai for facilitating $2 Billion in illegal transactions

The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer Samourai. The U.S. Department of Justice (DoJ) has arrested two co-founders of the cryptocur ...

Pierluigi Paganini April 25, 2024
Security
Google fixed critical Chrome vulnerability CVE-2024-4058

Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine. Google addressed four vulnerabilities in the Chrome web browser, includ ...

Pierluigi Paganini April 25, 2024
APT
Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Cisco Talos warned that the nation-state actor UAT4356 (aka ...

Pierluigi Paganini April 24, 2024
Breaking News
Hackers hijacked the eScan Antivirus update mechanism in malware campaign

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign ...

Pierluigi Paganini April 24, 2024
Cyber warfare
US offers a $10 million reward for information on four Iranian nationals

The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their role in cyberattacks against the U.S.. The U.S. Treasury Department's Office of Foreig ...

Pierluigi Paganini April 24, 2024
Hacking
The street lights in Leicester City cannot be turned off due to a cyber attack

A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all day and severely impacted the council's operations The Leicester City Council suffered a cybe ...

Pierluigi Paganini April 24, 2024
APT
North Korea-linked APT groups target South Korean defense contractors

The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities. The National Police Agency in South Korea warns that North Korea-link ...

Pierluigi Paganini April 23, 2024
Laws and regulations
U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity

The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the commercial spyware business. The US Department of State is imposing visa restrictions on 13 individ ...

Pierluigi Paganini April 23, 2024
Hacking
A cyber attack paralyzed operations at Synlab Italia

A cyber attack has been disrupting operations at Synlab Italia, a leading provider of medical diagnosis services, since April 18. Since April 18, Synlab Italia, a major provider of medical diagno ...

Pierluigi Paganini April 23, 2024
APT
Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “Forest Blizz ...

Pierluigi Paganini April 22, 2024
Cyber Crime
Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

A financially motivated group named GhostR claims the theft of a sensitive database from World-Check and threatens to publish it. World-Check is a global database utilized by various organizations ...

Pierluigi Paganini April 22, 2024
Security
A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites

Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads to the server. Japan's CERT warned that the WordPress plugin Forminator, developed b ...

Pierluigi Paganini April 22, 2024
Cyber Crime
Akira ransomware received $42M in ransom payments from over 250 victims

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. A joint advisory published by CISA, the FBI, Europol, ...

Pierluigi Paganini April 21, 2024
Hacking
DuneQuixote campaign targets the Middle East with a complex backdoor

Threat actors target government entities in the Middle East with a new backdoor dubbed CR4T as part of an operation tracked as DuneQuixote. Researchers from Kaspersky discovered the DuneQuixote ca ...

Pierluigi Paganini April 21, 2024
Security
Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly Securi ...

Pierluigi Paganini April 21, 2024
Hacking
Critical CrushFTP zero-day exploited in attacks in the wild

Threat actors exploited a critical zero-day vulnerability in the CrushFTP enterprise in targeted attacks, Crowdstrike experts warn. CrushFTP is a file transfer server software that enables secure ...

Pierluigi Paganini April 20, 2024
Hacking
A French hospital was forced to reschedule procedures after cyberattack

A French hospital was forced to return to pen and paper and postpone medical treatments after a cyber attack. A cyber attack hit Hospital Simone Veil in Cannes (CHC-SV) on Tuesday, impacting med ...

Pierluigi Paganini April 20, 2024
Security
MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its ...

Pierluigi Paganini April 19, 2024
Security
FBI chief says China is preparing to attack US critical infrastructure

China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher Wray. FBI Director Christopher Wray warned this week that China-linked t ...

Pierluigi Paganini April 19, 2024
Cyber Crime
United Nations Development Programme (UNDP) investigates data breach

The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack and the subsequent theft of data. The United Nations Development Programme (UNDP) i ...

Pierluigi Paganini April 19, 2024
Cyber Crime
FIN7 targeted a large U.S. carmaker with phishing attacks

BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S. carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the thre ...

Pierluigi Paganini April 18, 2024
Hacking
Law enforcement operation dismantled phishing-as-a-service platform LabHost

An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost. An international law enforcement operation, codenamed Nebulae and coordin ...

Pierluigi Paganini April 18, 2024
Hacking
Previously unknown Kapeka backdoor linked to Russian Sandworm APT

Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since 2022. WithSecure researchers identified a new backdoor named Kapek ...

Pierluigi Paganini April 18, 2024
Hacking
Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly available exploit code exists. Cisco has addressed a high-severity Integrated Man ...

Pierluigi Paganini April 18, 2024
Cyber Crime
Linux variant of Cerber ransomware targets Atlassian servers

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical ...

Pierluigi Paganini April 17, 2024
Security
Ivanti fixed two critical flaws in its Avalanche MDM

Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can lead to remote command execution. Ivanti addressed multiple flaws in its Avalanche ...

Pierluigi Paganini April 17, 2024
Hacking
Researchers released exploit code for actively exploited Palo Alto PAN-OS bug

Researchers released an exploit code for the actively exploited vulnerability CVE-2024-3400 in Palo Alto Networks' PAN-OS. Researchers at watchTowr Labs have released a technical analysis of the ...

Pierluigi Paganini April 17, 2024
Hacking
Cisco warns of large-scale brute-force attacks against VPN and SSH services

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.   Cisco Talos researchers wa ...

Pierluigi Paganini April 17, 2024
Security
PuTTY SSH Client flaw allows of private keys recovery

The PuTTY Secure Shell (SSH) and Telnet client are impacted by a critical vulnerability that could be exploited to recover private keys. PuTTY tools from 0.68 to 0.80 inclusive are affected by a ...

Pierluigi Paganini April 16, 2024
Intelligence
A renewed espionage campaign targets South Asia with iOS spyware LightSpy

Researchers warn of a renewed cyber espionage campaign targeting users in South Asia with the Apple iOS spyware LightSpy Blackberry researchers discovered a renewed cyber espionage campaign target ...

Pierluigi Paganini April 16, 2024
Intelligence
Misinformation and hacktivist campaigns targeting the Philippines skyrocket

Amidst rising tensions with China in the SCS, Resecurity observed a spike in malicious cyber activity targeting the Philippines in Q1 2024. Amidst rising tensions with China in the South China Se ...

Pierluigi Paganini April 16, 2024
Cyber warfare
Russia is trying to sabotage European railways, Czech minister said

Czech transport minister warned that Russia conducted ‘thousands’ of attempts to sabotage railways, attempting to interfere with train networks and signals. Early this month, the Czech transpo ...

Pierluigi Paganini April 16, 2024
Cyber Crime
Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia 

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker Nexperia and the theft of 1 TB of data from the company. The Dark Angels (Dunghill) ransomware group claims responsibil ...

Pierluigi Paganini April 16, 2024
Cyber Crime
Cisco Duo warns telephony supplier data breach exposed MFA SMS logs

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers.  Cisco Duo war ...

Pierluigi Paganini April 15, 2024
Hacking
Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. Industrial and enterprise IoT cybersecurity firm Claroty reported that ...

Pierluigi Paganini April 15, 2024
Hacking
CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infras ...

Pierluigi Paganini April 15, 2024
APT
Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor

Threat actors have been exploiting the recently disclosed zero-day in Palo Alto Networks PAN-OS since March 26, 2024. Palo Alto Networks and Unit 42 are investigating the activity related to CVE-2 ...

Pierluigi Paganini April 15, 2024
Cyber Crime
U.S. and Australian police arrested Firebird RAT author and operator

A joint investigation conducted by U.S. and Australian authorities led to the arrest of two key figures behind the Firebird RAT operation. A joint law enforcement operation conducted by the Austra ...

Pierluigi Paganini April 15, 2024