MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 32

 | 

Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

PlayStation Network outage has been going on for over 24 hours

 | 

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

 | 

Russia's intelligence recruits Ukrainians for terror attacks via messaging apps

 | 

Hospital Sisters Health System impacted 882,782 individuals

 | 

Attackers used a public ASP.NET machine to conduct ViewState code injection attacks

 | 

U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog

 | 

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

 | 

Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

 | 

U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog

 | 

SparkCat campaign target crypto wallets using OCR to steal recovery phrases

 | 

International Civil Aviation Organization (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists

 | 

Online food ordering and delivery platform GrubHub discloses a data breach

 | 

Netgear urges users to upgrade two flaws impacting WiFi router models

 | 

AMD fixed a flaw that allowed to load malicious microcode

 | 

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

 | 

Google fixed actively exploited kernel zero-day flaw

 | 

Web Skimmer found on at least 17 websites, including Casio UK

 | 

Crazy Evil gang runs over 10 highly specialized social media scams

 | 

Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?

 | 

Texas is the first state to ban DeepSeek on government devices

 | 

Law enforcement seized the domains of HeartSender cybercrime marketplaces

 | 

Security Affairs newsletter Round 509 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

 | 

Ransomware attack hit Indian multinational Tata Technologies

 | 

A ransomware attack forced New York Blood Center to reschedule appointments

 | 

Contec CMS8000 patient monitors contain a hidden backdoor

 | 

Community Health Center data breach impacted over 1 million patients

 | 

Italy's data protection authority Garante blocked the DeepSeek AI platform

 | 

Broadcom fixed information disclosure flaws in VMware Aria Operations

 | 

DeepSeek database exposed highly sensitive information

 | 

TeamViewer fixed a vulnerability in Windows client and host applications

 | 

Operation Talent: An international law enforcement operation seized Cracked, Nulled and other cybercrime websites

 | 

PHP package Voyager flaws expose to one-click RCE exploits

 | 

Italy’s Data Protection Authority Garante requested information from Deepseek

 | 

U.S. CISA adds Apple products' flaw to its Known Exploited Vulnerabilities catalog

 | 

Aquabot variant v3 targets Mitel SIP phones

 | 

Critical remote code execution bug found in Cacti framework

 | 

Attackers actively exploit a critical zero-day in Zyxel CPE Series devices

 | 

Attackers exploit SimpleHelp RMM Software flaws for initial access

 | 

VMware fixed a flaw in Avi Load Balancer

 | 

EU announced sanctions on three members of Russia's GRU Unit 29155

 | 

Chinese AI platform DeepSeek faced a "large-scale" cyberattack

 | 

Apple fixed the first actively exploited zero-day of 2025

 | 

TalkTalk confirms data breach involving a third-party platform

 | 

Multiple Git flaws led to credentials compromise

 | 

GamaCopy targets Russia mimicking Russia-linked Gamaredon APT

 | 

ESXi ransomware attacks use SSH tunnels to avoid detection

 | 

Attackers allegedly stole $69 million from cryptocurrency platform Phemex

 | 

Change Healthcare data breach exposed the private data of over half the U.S.

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 30

 | 

Security Affairs newsletter Round 508 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Cisco warns of a ClamAV bug with PoC exploit

 | 

Subaru Starlink flaw allowed experts to remotely hack cars

 | 

U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog

 | 

J-magic malware campaign targets Juniper routers

 | 

SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild

 | 

U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog

 | 

Pwn2Own Automotive 2025 Day 2: organizers awarded $335,500

 | 

Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

 | 

Cisco addresses a critical privilege escalation bug in Meeting Management

 | 

U.S. President Donald Trump granted a "full and unconditional pardon" to Ross Ulbricht, Silk Road creator

 | 

Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days

 | 

Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations

 | 

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

 | 

Former CIA analyst pleaded guilty to leaking top-secret documents

 | 

New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers

 | 

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

 | 

Experts found multiple flaws in Mercedes-Benz infotainment system

 | 

HPE is investigating IntelBroker's claims of the company hack

 | 

Esperts found new DoNot Team APT group's Android malware

 | 

Malicious npm and PyPI target Solana Private keys to steal funds from victims' wallets

 | 

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 29

 | 

Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks

 | 

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

 | 

EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies

 | 

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

 | 

Russia-linked APT Star Blizzard targets WhatsApp accounts

 | 

Prominent US law firm Wolf Haldenstein disclosed a data breach

 | 

Clop Ransomware exploits Cleo File Transfer flaw: dozens of claims, disputed breaches

 | 

MikroTik botnet relies on DNS misconfiguration to spread malware

 | 

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

 | 

Microsoft Patch Tuesday updates for January 2025 fixed three actively exploited flaws

 | 

U.S. CISA adds Fortinet FortiOS flaw to its Known Exploited Vulnerabilities catalog

 | 

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

 | 

CVE-2024-44243 macOS flaw allows persistent malware installation

 | 

FBI deleted China-linked PlugX malware from over 4,200 US computers

 | 

Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware

 | 

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

 | 

Threat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency miners

 | 

U.S. CISA adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

 | 

Inexperienced actors developed the FunkSec ransomware using AI tools

 | 

Credit Card Skimmer campaign targets WordPress via database injection

 | 

Microsoft took legal action against crooks who developed a tool to abuse its AI-based services

 | 

Pro-Russia hackers NoName057 targets Italy again after Zelensky's visit to the country

 | 

Security Affairs newsletter Round 506 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

How a researcher earned $100,000 hacking a Facebook server

 | 

DoJ charged three Russian citizens with operating crypto-mixing services

 | 

U.S. cannabis dispensary STIIIZY disclosed a data breach

 | 

A novel PayPal phishing campaign hijacks accounts

 | 

Banshee macOS stealer supports new evasion mechanisms

 | 

Researchers disclosed details of a now-patched Samsung zero-click flaw

 | 

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

 | 

China-linked APT group MirrorFace targets Japan

 | 

U.S. Medical billing provider Medusind suffered a sata breach

 | 

U.S. CISA adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog

 | 

SOC Scalability: How AI Supports Growth Without Overloading Analysts

 | 

SonicWall warns of an exploitable SonicOS vulnerability

 | 

Gayfemboy Botnet targets Four-Faith router vulnerability

 | 

Meta replaces fact-checking with community notes post 'Cultural Tipping Point'

 | 

U.S. CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog

 | 

Threat actors breached the Argentina’s airport security police (PSA) payroll

 | 

US adds Tencent to the list of companies supporting Chinese military

 | 

Nessus scanner agents went offline due to a faulty plugin update

 | 

China-linked Salt Typhoon APT compromised more US telecoms than previously known

 | 

PLAYFULGHOST backdoor supports multiple information stealing features

 | 

Nuclei flaw allows signature bypass and code execution

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 27

 | 

Security Affairs newsletter Round 505 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Malicious npm packages target Ethereum developers

 | 

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

 | 

FireScam Android info-stealing malware supports spyware capabilities

 | 

Richmond University Medical Center data breach impacted 674,033 individuals

 | 

Apple will pay $95 Million to settle lawsuit over Siri's alleged eavesdropping

 | 

LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113

 | 

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

 | 

A US soldier was arrested for leaking presidential call logs

 | 

DoubleClickjacking allows clickjacking on major websites

 | 

Russian media outlets Telegram channels blocked in European countries

 | 

Three Russian-German nationals charged with suspicion of secret service agent activity

 | 

Lumen reports that it has locked out the Salt Typhoon group from its network

 | 

Proposed updates to HIPAA Security Rule mandate to restore the loss of certain relevant electronic information systems and data within 72 hours

 | 

U.S. Treasury sanctions Russian and Iranian entities for interfering in the presidential election

 | 

Rhode Island ’s data from health benefits system leaked on the dark web

 | 

Hacking campaign compromised at least 16 Chrome browser extensions

 | 

An X user claimed a 7-Zip zero-day vulnerability, but 7-Zip's creator says is a fake

 | 

Cisco states that the second data leak is linked to the one from October

 | 

Threat actors attempt to exploit a flaw in Four-Faith routers

 | 

ZAGG disclosed a data breach that exposed its customers' credit card data

 | 

China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 26

 | 

Security Affairs newsletter Round 504 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Pro-Russia group NoName targeted the websites of Italian airports

 | 

North Korea actors use OtterCookie malware in Contagious Interview campaign

 | 

Experts warn of a surge in activity associated FICORA and Kaiten botnets

 | 

Brazilian citizen charged for threatening to release data stolen from a company in 2020

 | 

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

 | 

A ransomware attack disrupted services at Pittsburgh Regional Transit

 | 

A cyber attack hit Japan Airlines delaying ticket sales for flights

 | 

Apache fixed a critical SQL Injection in Apache Traffic Control

 | 

BellaCPP, Charming Kitten's BellaCiao variant written in C++

 | 

DMM Bitcoin $308M Bitcoin heist linked to North Korea

 | 

Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code

 | 

Apache Foundation fixed a severe Tomcat vulnerability

 | 

Italy's data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations

 | 

U.S. CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog

 | 

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

 | 

Lazarus APT targeted employees at an unnamed nuclear-related organization

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 25

 | 

Security Affairs newsletter Round 503 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

US charged Dual Russian and Israeli National as LockBit Ransomware developer

 | 

BadBox rapidly grows, 190,000 Android devices infected

 | 

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

 | 

Sophos fixed critical vulnerabilities in its Firewall product

 | 

U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalog

 | 

Raccoon Infostealer operator sentenced to 60 months in prison

 | 

Mirai botnet targets SSR devices, Juniper Networks warns

 | 

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

 | 

CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army

 | 

US considers banning TP-Link routers over cybersecurity concerns

 | 

Russia-linked APT29 group used red team tools in rogue RDP attacks

 | 

Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677

 | 

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

 | 

Texas Tech University data breach impacted 1.4 million individuals

 | 

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

 | 

Russia FSB relies on Ukrainian minors for criminal activities disguised as "quest games"

 | 

U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog

 | 

ConnectOnCall data breach impacted over 900,000 individuals

 | 

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

 | 

Multiple flaws in Volkswagen Group's infotainment unit allow for vehicle compromise

 | 

PUMAKIT, a sophisticated rootkit that uses advanced stealth mechanisms 

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 24

 | 

Security Affairs newsletter Round 502 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

 | 

U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog

 | 

German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox

 | 

U.S. authorities seized cybercrime marketplace Rydox

 | 

Experts discovered the first mobile malware families linked to Russia's Gamaredon

 | 

US Bitcoin ATM operator Byte Federal suffered a data breach

 | 

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

 | 

Operation PowerOFF took down 27 DDoS platforms across 15 countries

 | 

Russia's Secret Blizzard APT targets Ukraine with Kazuar backdoor

 | 

Ivanti fixed a maximum severity vulnerability in its CSA solution

 | 

Operation Digital Eye: China-linked relies on Visual Studio Code Remote Tunnels to spy on Europen entities

 | 

Chinese national charged for hacking thousands of Sophos firewalls

 | 

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE - Smishing Triad in Action

 | 

U.S. CISA adds Microsoft Windows CLFS driver flaw to its Known Exploited Vulnerabilities catalog

 | 

Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day

 | 

SAP fixed critical SSRF flaw in NetWeaver's Adobe Document Services

 | 

Romanian energy supplier Electrica Group is facing a ransomware attack

 | 

Deloitte denied its systems were hacked by Brain Cipher ransomware group

 | 

Mandiant devised a technique to bypass browser isolation using QR codes

 | 

2023 Anna Jaques Hospital data breach impacted over 310,000 people

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 23

 | 

Security Affairs newsletter Round 501 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

RedLine info-stealer campaign targets Russian businesses through pirated corporate software

 | 

8Base ransomware group hacked Croatia's Port of Rijeka

 | 

Romania ’s election systems hit by 85,000 attacks ahead of presidential vote

 | 

New Atrium Health data breach impacts 585,000 individuals

 | 

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

 | 

Hundred of CISCO switches impacted by bootloader flaw

 | 

Operation Destabilise dismantled Russian money laundering networks

 | 

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

 | 

China-linked APT Salt Typhoon has breached telcos in dozens of countries

 | 

Black Basta ransomware gang hit BT Group

 | 

Authorities shut down Crimenetwork, the Germany's largest crime marketplace

 | 

Veeam addressed critical Service Provider Console (VSPC) bug

 | 

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

 | 

U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog

 | 

The ASA flaw CVE-2014-2120 is being actively exploited in the wild

 | 

DMM Bitcoin halts operations six months after a $300 million cyber heist

 | 

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

 | 

Poland probes Pegasus spyware abuse under the PiS government

 | 

Tor Project needs 200 WebTunnel bridges more to bypass Russia' censorship

 | 

Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

 | 

How threat actors can use generative artificial intelligence?

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22

 | 

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Hackers stole millions of dollars from Uganda Central Bank

 | 

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

 | 

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

 | 

Zello urges users to reset passwords following a cyber attack

 | 

A cyberattack impacted operations at UK Wirral University Teaching Hospital

 | 

T-Mobile detected network intrusion attempts and blocked them

 | 

ProjectSend critical flaw actively exploited in the wild, experts warn

 | 

Bootkitty is the first UEFI Bootkit designed for Linux systems

 | 

VMware fixed five vulnerabilities in Aria Operations product

 | 

Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries

 | 

Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Europe and North America

 | 

The source code of Banshee Stealer leaked online

 | 

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

 | 

Thai police arrested Chinese hackers involved in SMS blaster attacks

 | 

Zyxel firewalls targeted in recent ransomware attacks

 | 

Malware campaign abused flawed Avast Anti-Rootkit driver

 | 

Russia-linked APT TAG-110 uses targets Europe and Asia

 | 

Russia-linked threat actors threaten the UK and its allies, minister to say

 | 

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

DoJ seized credit card marketplace PopeyeTools and charges its administrators

 | 

A cyberattack on gambling giant IGT disrupted portions of its IT systems

 | 

China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane

 | 

Microsoft seized 240 sites used by the ONNX phishing service

 | 

U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog

 | 

More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days

 | 

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

 | 

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

 | 

Threat actor sells data of over 750,000 patients from a French hospital

 | 

Decade-old local privilege escalation bugs impacts Ubuntu needrestart package

 | 

Ford data breach involved a third-party supplier

 | 

Hacker obtained documents tied to lawsuit over Matt Gaetz's sexual misconduct allegations

 | 

Apple addressed two actively exploited zero-day vulnerabilities

 | 

Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events

 | 

Russian Phobos ransomware operator faces cybercrime charges

 | 

Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals

 | 

Recently disclosed VMware vCenter Server bugs are actively exploited in attacks

 | 

Foreign adversary hacked email communications of the Library of Congress says

 | 

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

 | 

Increased GDPR Enforcement Highlights the Need for Data Security

 | 

Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 20

 | 

A botnet exploits e GeoVision zero-day to compromise EoL devices

 | 

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

 | 

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

 | 

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

 | 

U.S. CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog

 | 

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

 | 

Bitdefender released a decryptor for the ShrinkLocker ransomware

 | 

China's Volt Typhoon botnet has re-emerged

 | 

Zoom addressed two high-severity issues in its platform

 | 

Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days

 | 

Ahold Delhaize experienced a cyber incident affecting several of its U.S. brands

 | 

A cyberattack on payment systems blocked cards readers across stores and gas stations in Israel

 | 

Apple indeed added a feature called "inactivity reboot" in iOS 18.1 that reboots locked devices

 | 

Ymir ransomware, a new stealthy ransomware grow in the wild

 | 

Amazon discloses employee data breach after May 2023 MOVEit attacks

 | 

A new fileless variant of Remcos RAT observed in the wild

 | 

A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 19

 | 

Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

 | 

Mazda Connect flaws allow to hack some Mazda vehicles

 | 

Veeam Backup & Replication exploit reused in new Frag ransomware attack

 | 

Texas oilfield supplier Newpark Resources suffered a ransomware attack

 | 

Palo Alto Networks warns of potential RCE in PAN-OS management interface

 | 

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

 | 

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

 | 

DPRK-linked BlueNoroff used macOS malware with novel persistence

 | 

Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

 | 

Critical bug in Cisco UWRB access points allows attackers to run commands as root

 | 

INTERPOL: Operation Synergia II disrupted +22,000 malicious IPs

 | 

Memorial Hospital and Manor suffered a ransomware attack

 | 

South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users

 | 

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices

 | 

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

 | 

U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog

 | 

Canadian authorities arrested alleged Snowflake hacker

 | 

Android flaw CVE-2024-43093 may be under limited, targeted exploitation

 | 

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

 | 

Nigerian man Sentenced to 26+ years in real estate phishing scams

 | 

Russian disinformation campaign active ahead of 2024 US election

 | 

International law enforcement operation shut down DDoS-for-hire platform Dstat.cc

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 18

 | 

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

US Election 2024 – FBI warning about fake election videos

 | 

Chinese threat actors use Quad7 botnet in password-spray attacks

 | 

FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info

 | 

Sophos details five years of China-linked threat actors' activity targeting network devices worldwide

 | 

PTZOptics cameras zero-days actively exploited in the wild

 | 

New LightSpy spyware version targets iPhones with destructive capabilities

 | 

LottieFiles confirmed a supply chain attack on Lottie-Player

 | 

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

 | 

QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024

 | 

New version of Android malware FakeCall redirects bank calls to scammers

 | 

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

 | 

QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024

 | 

International law enforcement operation dismantled RedLine and Meta infostealers

 | 

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

 | 

Russia-linked espionage group UNC5812 targets Ukraine's military with malware

 | 

France’s second-largest telecoms provider Free suffered a cyber attack

 | 

A crime ring compromised Italian state databases reselling stolen info

 | 

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

 | 

Black Basta affiliates used Microsoft Teams in recent attacks

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 17

 | 

Four REvil Ransomware members sentenced for hacking and money laundering

 | 

Chinese cyber spies targeted phones used by Trump and Vance

 | 

Irish Data Protection Commission fined LinkedIn €310M for GDPR infringement

 | 

Change Healthcare data breach impacted over 100 million people

 | 

OnePoint Patient Care data breach impacted 795916 individuals

 | 

From Risk Assessment to Action: Improving Your DLP Response

 | 

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

 | 

Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24

 | 

Cisco fixed tens of vulnerabilities, including an actively exploited one

 | 

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

 | 

U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog

 | 

Digital Echo Chambers and Erosion of Trust - Key Threats to the US Elections

 | 

Crooks are targeting Docker API servers to deploy SRBMiner

 | 

Why DSPM is Essential for Achieving Data Privacy in 2024

 | 

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

 | 

Samsung zero-day flaw actively exploited in the wild

 | 

Experts warn of a new wave of Bumblebee malware attacks

 | 

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

 | 

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

 | 

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

 | 

Internet Archive was breached twice in a month

 | 

Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

 | 

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP

 | 

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

 | 

North Korea-linked APT37 exploited IE zero-day in a recent attack

 | 

Omni Family Health data breach impacts 468,344 individuals

 | 

Iran-linked actors target critical infrastructure organizations

 | 

macOS HM Surf flaw in TCC allows bypass Safari privacy settings

 | 

Two Sudanese nationals indicted for operating the Anonymous Sudan group

 | 

Russia-linked RomCom group targeted Ukrainian government agencies since late 2023

 | 

A critical flaw in Kubernetes Image Builder could allow attackers to gain root access

 | 

VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX

 | 

Brazil's Polícia Federal arrested the notorious hacker USDoD

 | 

Finnish Customs dismantled the dark web drugs market Sipulitie

 | 

U.S. CISA adds Microsoft Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog

 | 

GitHub addressed a critical vulnerability in Enterprise Server

 | 

A new Linux variant of FASTCash malware targets financial systems

 | 

WordPress Jetpack plugin critical flaw impacts 27 million sites

 | 

Pokemon dev Game Freak discloses data breach

 | 

U.S. CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog

 | 

Nation-state actor exploited three Ivanti CSA zero-days

 | 

Dutch police dismantled dual dark web market 'Bohemia/Cannabia'

 | 

Fidelity Investments suffered a second data breach this year

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15

 | 

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

 | 

A cyber attack hit Iranian government sites and nuclear facilities

 | 

Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks

 | 

GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline execution

 | 

Iran and China-linked actors used ChatGPT for preparing attacks

 | 

Internet Archive data breach impacted 31M users

 | 

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

 | 

U.S. CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog

 | 

Mozilla issued an urgent Firefox update to fix an actively exploited flaw

 | 

Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices

 | 

Cybercriminals Are Targeting AI Conversational Platforms

 | 

Awaken Likho APT group targets Russian government with a new implant

 | 

U.S. CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog

 | 

Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer

 | 

MoneyGram discloses data breach following September cyberattack

 | 

American Water shut down some of its systems following a cyberattack

 | 

Universal Music data breach impacted 680 individuals

 | 

FBCS data breach impacted 238,000 Comcast customers

 | 

Critical Apache Avro SDK RCE flaw impacts Java applications

 | 

Man pleads guilty to stealing over $37 Million worth of cryptocurrency

 | 

U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog

 | 

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

 | 

Security Affairs newsletter Round 492 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Google Pixel 9 supports new security features to mitigate baseband attacks

 | 

WordPress LiteSpeed Cache plugin flaw could allow site takeover

 | 

Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs

 | 

Google removed Kaspersky's security apps from the Play Store

 | 

New Perfctl Malware targets Linux servers in cryptomining campaign

 | 

Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group

 | 

Dutch police breached by a state actor

 | 

Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug

 | 

Telegram revealed it shared U.S. user data with law enforcement

 | 

U.S. CISA adds Ivanti Endpoint Manager (EPM) flaw to its Known Exploited Vulnerabilities catalog

 | 

14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries

 | 

Rhadamanthys information stealer introduces AI-driven capabilities

 | 

Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now!

 | 

Police arrested four new individuals linked to the LockBit ransomware operation

 | 

UMC Health System diverted patients following a ransomware attack

 | 

U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog

 | 

News agency AFP hit by cyberattack, client services impacted

 | 

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

 | 

Patelco Credit Union data breach impacted over 1 million people

 | 

Community Clinic of Maui discloses a data breach following May Lockbit ransomware attack

 | 

A British national has been charged for his execution of a hack-to-trade scheme

 | 

Critical NVIDIA Container Toolkit flaw could allow access to the underlying host

 | 

Israel army hacked the communication network of the Beirut Airport control tower

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13

 | 

Security Affairs newsletter Round 491 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Irish Data Protection Commission fined Meta €91 million for storing passwords in readable format

 | 

A cyberattack on Kuwait Health Ministry impacted hospitals in the country

 | 

Cyber vandalism on Wi-Fi networks at UK train stations spread an anti-Islam message

 | 

CUPS flaws allow remote code execution on Linux systems under certain conditions

 | 

U.S. sanctioned virtual currency exchanges Cryptex and PM2BTC for facilitating illegal activities

 | 

Hacking Kia cars made after 2013 using just their license plate

 | 

Critical RCE vulnerability found in OpenPLC

 | 

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

 | 

Privacy non-profit noyb claims that Firefox tracks users with privacy preserving feature

 | 

Data of 3,191 congressional staffers leaked in the dark web

 | 

New variant of Necro Trojan infected more than 11 million devices

 | 

U.S. CISA adds Ivanti Virtual Traffic Manager flaw to its Known Exploited Vulnerabilities catalog

 | 

Arkansas City water treatment facility switched to manual operations following a cyberattack

 | 

New Android banking trojan Octo2 targets European banks

 | 

A generative artificial intelligence malware used in phishing attacks

 | 

A cyberattack on MoneyGram caused its service outage

 | 

Did Israel infiltrate Lebanese telecoms networks?

 | 

Telegram will provide user data to law enforcement in response to legal requests

 | 

ESET fixed two privilege escalation flaws in its products

 | 

North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages

 | 

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

 | 

Hacktivist group Twelve is back and targets Russian entities

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 12

 | 

Security Affairs newsletter Round 490 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Noise Storms: Mysterious massive waves of spoofed traffic observed since 2020

 | 

Hackers stole over $44 million from Asian crypto platform BingX

 | 

OP KAERB: Europol dismantled phishing scheme targeting mobile users

 | 

Ukraine bans Telegram for government agencies, military, and critical infrastructure

 | 

Tor Project responded to claims that law enforcement can de-anonymize Tor users

 | 

UNC1860 provides Iran-linked APTs with access to Middle Eastern networks

 | 

US DoJ charged two men with stealing and laundering $230 Million worth of cryptocurrency

 | 

The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector

 | 

U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

 | 

Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw

 | 

International law enforcement operation dismantled criminal communication platform Ghost

 | 

U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog

 | 

SIEM for Small and Medium-Sized Enterprises: What you need to know

 | 

Experts warn of China-linked APT's Raptor Train IoT Botnet

 | 

Credential Flusher, understanding the threat and how to protect your login data

 | 

U.S. Treasury issued fresh sanctions against entities linked to the Intellexa Consortium

 | 

Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812

 | 

Remote attack on pagers used by Hezbollah caused 9 deaths and thousands of injuries

 | 

Chinese man charged for spear-phishing against NASA and US Government

 | 

U.S. CISA adds Microsoft Windows MSHTML Platform and Progress WhatsUp Gold bugs to its Known Exploited Vulnerabilities catalog

 | 

Taking Control Online: Ensuring Awareness of Data Usage and Consent

 | 

Qilin ransomware attack on Synnovis impacted over 900,000 patients

 | 

D-Link addressed three critical RCE in wireless router models

 | 

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

 | 

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager

 | 

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

 | 

Hacker tricked ChatGPT into providing detailed instructions to make a homemade bomb

 | 

Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

 | 

U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

 | 

Ivanti Cloud Service Appliance flaw is being actively exploited in the wild

 | 

GitLab fixed a critical flaw in GitLab CE and GitLab EE

 | 

New Linux malware called Hadooken targets Oracle WebLogic servers

 | 

Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach

 | 

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

 | 

Cybersecurity giant Fortinet discloses a data breach

 | 

Singapore Police arrest six men allegedly involved in a cybercrime syndicate

 | 

Adobe Patch Tuesday security updates fixed multiple critical issues in the company's products

 | 

Highline Public Schools school district suspended its activities following a cyberattack

 | 

RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR

 | 

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

 | 

Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days

 | 

Quad7 botnet evolves to more stealthy tactics to evade detection

 | 

Poland thwarted cyberattacks that were carried out by Russia and Belarus

 | 

U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog

 | 

Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals

 | 

Predator spyware operation is back with a new infrastructure

 | 

TIDRONE APT targets drone manufacturers in Taiwan

 | 

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

 | 

Progress Software fixed a maximum severity flaw in LoadMaster

 | 

Feds indicted two alleged administrators of WWH Club dark web marketplace

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 10

 | 

Security Affairs newsletter Round 488 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog

 | 

A flaw in WordPress LiteSpeed Cache Plugin allows account takeover

 | 

Car rental company Avis discloses a data breach

 | 

SonicWall warns that SonicOS bug exploited in attacks

 | 

Apache fixed a new remote code execution flaw in Apache OFBiz

 | 

Russia-linked GRU Unit 29155 targeted critical infrastructure globally

 | 

Veeam fixed a critical flaw in Veeam Backup & Replication software

 | 

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

 | 

Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?

 | 

Quishing, an insidious threat to electric car owners

 | 

Discontinued D-Link DIR-846 routers are affected by code execution flaws. Replace them!

 | 

Head Mare hacktivist group targets Russia and Belarus

 | 

Zyxel fixed critical OS command injection flaw in multiple routers

 | 

VMware fixed a code execution flaw in Fusion hypervisor

 | 

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

 | 

Three men plead guilty to running MFA bypass service OTP.Agency

 | 

Transport for London (TfL) is dealing with an ongoing cyberattack

 | 

Lockbit gang claims the attack on the Toronto District School Board (TDSB)

 | 

A new variant of Cicada ransomware targets VMware ESXi systems

 | 

An air transport security system flaw allowed to bypass airport security screenings

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 9

 | 

Security Affairs newsletter Round 487 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Fortra fixed two severe issues in FileCatalyst Workflow, including a critical flaw

 | 

South Korea-linked group APT-C-60 exploited a WPS Office zero-day

 | 

Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

 | 

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

 | 

Cisco addressed a high-severity flaw in NX-OS software

 | 

Corona Mirai botnet spreads via AVTECH CCTV zero-day 

 | 

Telegram CEO Pavel Durov charged in France for facilitating criminal activities

 | 

Iran-linked group APT33 adds new Tickler malware to its arsenal

 | 

U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog

 | 

Young Consulting data breach impacts 954,177 individuals

 | 

BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085

 | 

US offers $2.5M reward for Belarusian man involved in mass malware distribution

 | 

U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog

 | 

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

 | 

Researchers unmasked the notorious threat actor USDoD

 | 

The Dutch Data Protection Authority (DPA) has fined Uber a record €290M

 | 

Google addressed the tenth actively exploited Chrome zero-day this year

 | 

SonicWall addressed an improper access control issue in its firewalls

 | 

A cyberattack impacted operations at the Port of Seattle and Sea-Tac Airport

 | 

Linux malware sedexp uses udev rules for persistence and evasion

 | 

France police arrested Telegram CEO Pavel Durov

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 8

 | 

Security Affairs newsletter Round 486 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog

 | 

Hackers can take over Ecovacs home robots to spy on their owners

 | 

Russian national arrested in Argentina for laundering money of crooks and Lazarus APT

 | 

Qilin ransomware steals credentials stored in Google Chrome

 | 

Phishing attacks target mobile users via progressive web applications (PWA)

 | 

Member of cybercrime group Karakurt charged in the US

 | 

New malware Cthulhu Stealer targets Apple macOS users

 | 

China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches

 | 

A cyberattack hit US oil giant Halliburton

 | 

SolarWinds fixed a hardcoded credential issue in Web Help Desk

 | 

A cyberattack disrupted operations of US chipmaker Microchip Technology

 | 

Google addressed the ninth actively exploited Chrome zero-day this year

 | 

GitHub fixed a new critical flaw in the GitHub Enterprise Server 

 | 

Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio

 | 

North Korea-linked APT used a new RAT called MoonPeak

 | 

Pro-Russia group Vermin targets Ukraine with a new malware family

 | 

A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloning

 | 

Ransomware payments rose from $449.1 million to $459.8 million

 | 

Previously unseen Msupedge backdoor targeted a university in Taiwan

 | 

Oracle NetSuite misconfiguration could lead to data exposure

 | 

Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum

 | 

CISA adds Jenkins Command Line Interface (CLI) bug to its Known Exploited Vulnerabilities catalog

 | 

Researchers uncovered new infrastructure linked to the cybercrime group FIN7

 | 

Experts warn of exploit attempt for Ivanti vTM bug

 | 

Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT

 | 

The Mad Liberator ransomware group uses social-engineering techniques

 | 

From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7

 | 

Security Affairs newsletter Round 485 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

 | 

OpenAI dismantled an Iranian influence operation targeting the U.S. presidential election

 | 

National Public Data confirms a data breach

 | 

CISA adds SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalog

 | 

Russian national sentenced to 40 months for selling stolen data on the dark web

 | 

Banshee Stealer, a new macOS malware with a monthly subscription price of $3,000

 | 

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

 | 

Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack

 | 

A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter

 | 

Google disrupted hacking campaigns carried out by Iran-linked APT42

 | 

Black Basta ransomware gang linked to a SystemBC malware campaign

 | 

A massive cyber attack hit Central Bank of Iran and other Iranian banks

 | 

China-linked APT Earth Baku targets Europe, the Middle East, and Africa

 | 

SolarWinds addressed a critical RCE in all Web Help Desk versions

 | 

Kootenai Health data breach impacted 464,000 patients

 | 

Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs

 | 

A PoC exploit code is available for critical Ivanti vTM bug

 | 

Elon Musk claims that a DDoS attack caused problems with the livestream interview with Donald Trump

 | 

CERT-UA warns of a phishing campaign targeting government entities

 | 

US DoJ dismantled remote IT worker fraud schemes run by North Korea

 | 

A FreeBSD flaw could allow remote code execution, patch it now!

 | 

EastWind campaign targets Russian organizations with sophisticated backdoors

 | 

Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE

 | 

Foreign nation-state actors hacked Donald Trump’s campaign

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

 | 

Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

ADT disclosed a data breach that impacted more than 30,000 customers

 | 

Is the INC ransomware gang behind the attack on McLaren hospitals?

 | 

Crooks took control of a cow milking robot causing the death of a cow

 | 

Sonos smart speakers flaw allowed to eavesdrop on users

 | 

Five zero-days impacts EoL Cisco Small Business IP Phones. Replace them with newer models asap!

 | 

CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog

 | 

Russian cyber spies stole data and emails from UK government systems

 | 

0.0.0.0 Day flaw allows malicious websites to bypass security in major browsers

 | 

FBI and CISA update a joint advisory on the BlackSuit Ransomware group

 | 

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

 | 

Critical XSS bug in Roundcube Webmail allows attackers to steal emails and sensitive data

 | 

New Android spyware LianSpy relies on Yandex Cloud to avoid detection

 | 

Hackers breached MDM firm Mobile Guardian and wiped thousands of devices

 | 

A ransomware attack hit French museum network

 | 

CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog

 | 

Google warns of an actively exploited Android kernel flaw

 | 

Should Organizations Pay Ransom Demands?

 | 

North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

 | 

Researchers warn of a new critical Apache OFBiz flaw

 | 

Keytronic incurred approximately $17 million of expenses following ransomware attack

 | 

A flaw in Rockwell Automation ControlLogix 1756 could expose critical control systems to unauthorized access

 | 

China-linked APT41 breached Taiwanese research institute

 | 

Chinese StormBamboo APT compromised ISP to deliver malware

 | 

Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach

 | 

Security Affairs Malware Newsletter - Round 5

 | 

Security Affairs newsletter Round 483 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

US sued TikTok and ByteDance for violating children’s privacy laws

 | 

Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware

 | 

Investors sued CrowdStrike over false claims about its Falcon platform

 | 

Avtech camera vulnerability actively exploited in the wild, CISA warns

 | 

U.S. released Russian cybercriminals in diplomatic prisoner exchange

 | 

Sitting Ducks attack technique exposes over a million domains to hijacking

 | 

Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

 | 

BingoMod Android RAT steals money from victims' bank accounts and wipes data

 | 

A ransomware attack disrupted operations at OneBlood blood bank

 | 

Apple fixed dozens of vulnerabilities in iOS and macOS

 | 

Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families

 | 

A Fortune 50 company paid a record-breaking $75 million ransom

 | 

CISA adds VMware ESXi bug to its Known Exploited Vulnerabilities catalog

 | 

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

 | 

SideWinder phishing campaign targets maritime facilities in multiple countries

 | 

A crafty phishing campaign targets Microsoft OneDrive users

 | 

Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085

 | 

Acronis Cyber Infrastructure bug actively exploited in the wild

 | 

Fake Falcon crash reporter installer used to target German Crowdstrike users

 | 

Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware

 | 

French authorities launch disinfection operation to eradicate PlugX malware from infected hosts

 | 

Security Affairs Malware Newsletter - Round 4

 | 

Security Affairs newsletter Round 482 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukraine's cyber operation shut down the ATM services of major Russian banks

 | 

A bug in Chrome Password Manager caused user credentials to disappear

 | 

BIND updates fix four high-severity DoS bugs in the DNS software suite

 | 

Terrorist Activity is Accelerating in Cyberspace - Risk Precursor to Summer Olympics and Elections

 | 

Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server

 | 

Critical bug in Docker Engine allowed attackers to bypass authorization plugins

 | 

Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers

 | 

Michigan Medicine data breach impacted 56953 patients

 | 

U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog

 | 

China-linked APT group uses new Macma macOS backdoor version

 | 

FrostyGoop ICS malware targets Ukraine

 | 

Hackers abused swap files in e-skimming attacks on Magento sites

 | 

US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group

 | 

EvilVideo, a Telegram Android zero-day allowed sending malicious APKs disguised as videos

 | 

SocGholish malware used to spread AsyncRAT malware

 | 

UK police arrested a 17-year-old linked to the Scattered Spider gang

 | 

Security Affairs Malware Newsletter - Round 3

 | 

Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog

 | 

Threat actors attempted to capitalize CrowdStrike incident

 | 

Russian nationals plead guilty to participating in the LockBit ransomware group

 | 

MediSecure data breach impacted 12.9 million individuals

 | 

CrowdStrike update epic fail crashed Windows systems worldwide

 | 

Cisco fixed a critical flaw in Security Email Gateway that could allow attackers to add root users

 | 

SAPwned flaws in SAP AI core could expose customers' data

 | 

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

 | 

How to Protect Privacy and Build Secure AI Products

 | 

A critical flaw in Cisco SSM On-Prem allows attackers to change any user's password

 | 

MarineMax data breach impacted over 123,000 individuals

 | 

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

 | 

The Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal

 | 

CISA adds OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog

 | 

Kaspersky leaves U.S. market following the ban on the sale of its software in the country

 | 

FBI unlocked the phone of the suspect in the assassination attempt on Donald Trump

 | 

Ransomware groups target Veeam Backup & Replication bug

 | 

AT&T paid a $370,000 ransom to prevent stolen data from being leaked

 | 

HardBit ransomware version 4.0 supports new obfuscation techniques

 | 

Dark Gate malware campaign uses Samba file shares

 | 

Security Affairs Malware Newsletter - Round 2

 | 

Security Affairs newsletter Round 480 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

 | 

Rite Aid disclosed data breach following RansomHub ransomware attack

 | 

New AT&T data breach exposed call logs of almost all customers

 | 

Critical flaw in Exim MTA could allow to deliver malware to users' inboxes

 | 

Palo Alto Networks fixed a critical bug in the Expedition tool

 | 

Smishing Triad Is Targeting India To Steal Personal and Payment Data at Scale

 | 

October ransomware attack on Dallas County impacted over 200,000 people

 | 

CrystalRay operations have scaled 10x to over 1,500 victims

 | 

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

 | 

AI-Powered Russia's bot farm operates on X, US and its allies warn

 | 

VMware fixed critical SQL-Injection in Aria Automation product

 | 

Citrix fixed critical and high-severity bugs in NetScaler product

 | 

A new flaw in OpenSSH can lead to remote code execution

 | 

Microsoft Patch Tuesday for July 2024 fixed 2 actively exploited zero-days

 | 

U.S. CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog

 | 

Evolve Bank data breach impacted over 7.6 million individuals

 | 

More than 31 million customer email addresses exposed following Neiman Marcus data breach

 | 

Avast released a decryptor for DoNex Ransomware and its predecessors

 | 

RockYou2024 compilation containing 10 billion passwords was leaked online

 | 

Critical Ghostscript flaw exploited in the wild. Patch it now!

 | 

Apple removed 25 VPN apps from the App Store in Russia following Moscow's requests

 | 

CISA adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog

 | 

Apache fixed a source code disclosure flaw in Apache HTTP Server

 | 

Security Affairs Malware Newsletter - Round 1

 | 

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Alabama State Department of Education suffered a data breach following a blocked attack

 | 

GootLoader is still active and efficient

 | 

Hackers stole OpenAI secrets in a 2023 security breach

 | 

Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes

 | 

Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain

 | 

New Golang-based Zergeca Botnet appeared in the threat landscape

 | 

Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus

 | 

Hackers compromised Ethereum mailing list and launched a crypto draining attack

 | 

OVHcloud mitigated a record-breaking DDoS attack in April 2024

 | 

Healthcare fintech firm HealthEquity disclosed a data breach

 | 

Brazil data protection authority bans Meta from training AI models with data originating in the country

 | 

Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform

 | 

Operation Morpheus took down 593 Cobalt Strike servers used by threat actors

 | 

LockBit group claims the hack of the Fairfield Memorial Hospital in the US

 | 

American Patelco Credit Union suffered a ransomware attack

 | 

Polish government investigates Russia-linked cyberattack on state news agency

 | 

Evolve Bank data breach impacted fintech firms Wise and Affirm

 | 

Prudential Financial data breach impacted over 2.5 million individuals

 | 

Australian man charged for Evil Twin Wi-Fi attacks on domestic flights

 | 

China-linked APT exploited Cisco NX-OS zero-day to deploy custom malware

 | 

Critical unauthenticated remote code execution flaw in OpenSSH server

 | 

Monti gang claims the hack of the Wayne Memorial Hospital in Pennsylvania

 | 

Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769

 | 

Russia-linked Midnight Blizzard stole email of more Microsoft customers

 | 

Russia-linked group APT29 likely breached TeamViewer's corporate network

 | 

Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Infosys McCamish Systems data breach impacted over 6 million people

 | 

A cyberattack shut down the University Hospital Centre Zagreb in Croatia

 | 

US announces a $10M reward for Russia's GRU hacker behind attacks on Ukraine

 | 

LockBit group falsely claimed the hack of the Federal Reserve

 | 

CISA adds GeoSolutionsGroup JAI-EXT, Linux Kernel, and Roundcube Webmail bugs to its Known Exploited Vulnerabilities catalog

 | 

New P2Pinfect version delivers miners and ransomware on Redis servers

 | 

New MOVEit Transfer critical bug is actively exploited

 | 

New Caesar Cipher Skimmer targets popular CMS used by e-stores

 | 

Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw

 | 

Wikileaks founder Julian Assange is free

 | 

CISA confirmed that its CSAT environment was breached in January.

 | 

Threat actors compromised 1,590 CoinStats crypto wallets

 | 

Experts observed approximately 120 malicious campaigns using the Rafel RAT

 | 

LockBit claims the hack of the US Federal Reserve

 | 

Ransomware threat landscape Jan-Apr 2024: insights and challenges

 | 

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

 | 

Threat actor attempts to sell 30 million customer records allegedly stolen from TEG

 | 

Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Threat actors are actively exploiting SolarWinds Serv-U bug CVE-2024-28995

 | 

US government sanctions twelve Kaspersky Lab executives

 | 

Experts found a bug in the Linux version of RansomHub ransomware

 | 

UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models

 | 

Russia-linked APT Nobelium targets French diplomatic entities

 | 

US bans sale of Kaspersky products due to risks to national security

 | 

Atlassian fixed six high-severity bugs in Confluence Data Center and Server

 | 

China-linked spies target Asian Telcos since at least 2021

 | 

New Rust infostealer Fickle Stealer spreads through various attack methods

 | 

An unpatched bug allows anyone to impersonate Microsoft corporate email accounts

 | 

Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale

 | 

Alleged researchers stole $3 million from Kraken exchange

 | 

Google Chrome 126 update addresses multiple high-severity flaws

 | 

Chip maker giant AMD investigates a data breach

 | 

Cryptojacking campaign targets exposed Docker APIs

 | 

VMware fixed RCE and privilege escalation bugs in vCenter Server

 | 

Meta delays training its AI using public content shared by EU users 

 | 

Keytronic confirms data breach after ransomware attack

 | 

The Financial Dynamics Behind Ransomware Attacks

 | 

Empire Market owners charged with operating $430M dark web marketplace

 | 

China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign

 | 

LA County’s Department of Public Health (DPH) data breach impacted over 200,000 individuals

 | 

Spanish police arrested an alleged member of the Scattered Spider group

 | 

Online job offers, the reshipping and money mule scams

 | 

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

ASUS fixed critical remote authentication bypass bug in several routers

 | 

London hospitals canceled over 800 operations in the week after Synnovis ransomware attack

 | 

DORA Compliance Strategy for Business Leaders

 | 

CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog

 | 

City of Cleveland still working to fully restore systems impacted by a cyber attack

 | 

Google fixed an actively exploited zero-day in the Pixel Firmware

 | 

Multiple flaws in Fortinet FortiOS fixed

 | 

CISA adds Arm Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog

 | 

Ukraine Police arrested a hacker who developed a crypter used by Conti and LockBit ransomware operation

 | 

JetBrains fixed IntelliJ IDE flaw exposing GitHub access tokens

 | 

Microsoft Patch Tuesday security updates for June 2024 fixed only one critical issue

 | 

Cylance confirms the legitimacy of data offered for sale in the dark web

 | 

Arm zero-day in Mali GPU Drivers actively exploited in the wild

 | 

Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. Patch it now!

 | 

Japanese video-sharing platform Niconico was victim of a cyber attack

 | 

UK NHS call for O-type blood donations following ransomware attack on London hospitals

 | 

Christie’s data breach impacted 45,798 individuals

 | 

Sticky Werewolf targets the aviation industry in Russia and Belarus

 | 

Frontier Communications data breach impacted over 750,000 individuals

 | 

PHP addressed critical RCE flaw potentially impacting millions of servers

 | 

Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform

 | 

Pandabuy was extorted twice by the same threat actor

 | 

UAC-0020 threat actor used the SPECTR Malware to target Ukraine's defense forces

 | 

A new Linux version of TargetCompany ransomware targets VMware ESXi environments

 | 

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

 | 

RansomHub operation is a rebranded version of the Knight RaaS

 | 

Malware can steal data collected by the Windows Recall tool, experts warn

 | 

Cisco addressed Webex flaws used to compromise German government meetings

 | 

CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs

 | 

Zyxel addressed three RCEs in end-of-life NAS devices

 | 

A ransomware attack on Synnovis impacted several London hospitals

 | 

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

 | 

Cybercriminals attack banking customers in EU with V3B phishing kit - PhotoTAN and SmartID supported.

 | 

Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers

 | 

Multiple flaws in Cox modems could have impacted millions of devices

 | 

CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog

 | 

Spanish police shut down illegal TV streaming network

 | 

APT28 targets key networks in Europe with HeadLace malware

 | 

Experts found information of European politicians on the dark web

 | 

FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware

 | 

Security Affairs newsletter Round 474 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ticketmaster confirms data breach impacting 560 million customers

 | 

Critical Apache Log4j2 flaw still threatens global finance

 | 

Crooks stole more than $300M worth of Bitcoin from the exchange DMM Bitcoin

 | 

ShinyHunters is selling data of 30 million Santander customers

 | 

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours 

 | 

LilacSquid APT targeted organizations in the U.S., Europe, and Asia since at least 2021

 | 

BBC disclosed a data breach impacting its Pension Scheme members

 | 

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

 | 

Experts found a macOS version of the sophisticated LightSpy spyware

 | 

Operation Endgame, the largest law enforcement operation ever against botnets

 | 

Law enforcement operation dismantled 911 S5 botnet

 | 

Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature

 | 

Check Point released hotfix for actively exploited VPN zero-day

 | 

ABN Amro discloses data breach following an attack on a third-party provider

 | 

Christie disclosed a data breach after a RansomHub attack

 | 

Experts released PoC exploit code for RCE in Fortinet SIEM

 | 

WordPress Plugin abused to install e-skimmers in e-commerce sites

 | 

TP-Link Archer C5400X gaming router is affected by a critical flaw

 | 

Sav-Rx data breach impacted over 2.8 million individuals

 | 

The Impact of Remote Work and Cloud Migrations on Security Perimeters

 | 

New ATM Malware family emerged in the threat landscape

 | 

A high-severity vulnerability affects Cisco Firepower Management Center

 | 

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

 | 

Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack

 | 

Fake AV websites used to distribute info-stealer malware

 | 

MITRE December 2023 attack: Threat actors created rogue VMs to evade detection

 | 

An XSS flaw in GitLab allows attackers to take over accounts

 | 

Google fixes eighth actively exploited Chrome zero-day this year, the third in a month

 | 

CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog

 | 

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

 | 

Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns

 | 

APT41: The threat of KeyPlug against Italian industries

 | 

Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM)

 | 

Chinese actor 'Unfading Sea Haze' remained undetected for five years

 | 

A consumer-grade spyware app found in check-in systems of 3 US hotels

 | 

Critical Veeam Backup Enterprise Manager authentication bypass bug

 | 

Cybercriminals are targeting elections in India with influence campaigns

 | 

Critical GitHub Enterprise Server Authentication Bypass bug. Fix it now!

 | 

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

 | 

CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog

 | 

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

 | 

Experts warn of a flaw in Fluent Bit utility that is used by major cloud platforms and firms

 | 

Experts released PoC exploit code for RCE in QNAP QTS

 | 

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

 | 

Two students uncovered a flaw that allows to use laundry machines for free

 | 

Grandoreiro Banking Trojan is back and targets banks worldwide

 | 

Healthcare firm WebTPA data breach impacted 2.5 million individuals

 | 

Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

 | 

North Korea-linked IT workers infiltrated hundreds of US firms

 | 

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

 | 

City of Wichita disclosed a data breach after the recent ransomware attack

 | 

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

 | 

CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog

 | 

North Korea-linked Kimsuky APT attack targets victims via Messenger

 | 

Electronic prescription provider MediSecure impacted by a ransomware attack

 | 

Google fixes seventh actively exploited Chrome zero-day this year, the third in a week

 | 

Santander: a data breach at a third-party provider impacted customers and employees

 | 

FBI seized the notorious BreachForums hacking forum

 | 

A Tornado Cash developer has been sentenced to 64 months in prison

 | 

Adobe fixed multiple critical flaws in Acrobat and Reader

 | 

Ransomware attack on Singing River Health System impacted 895,000 people

 | 

Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days

 | 

VMware fixed zero-day flaws demonstrated at Pwn2Own Vancouver 2024

 | 

MITRE released EMB3D Threat Model for embedded devices

 | 

Google fixes sixth actively exploited Chrome zero-day this year

 | 

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

 | 

Threat actors may have exploited a zero-day in older iPhones, Apple warns

 | 

City of Helsinki suffered a data breach

 | 

Russian hackers defaced local British news sites

 | 

Australian Firstmac Limited disclosed a data breach after cyber attack

 | 

Pro-Russia hackers targeted Kosovo’s government websites

 | 

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

 | 

Ohio Lottery data breach impacted over 538,000 individuals

 | 

Notorius threat actor IntelBroker claims the hack of the Europol

 | 

A cyberattack hit the US healthcare giant Ascension

 | 

Google fixes fifth actively exploited Chrome zero-day this year

 | 

Russia-linked APT28 targets government Polish institutions

 | 

Citrix warns customers to update PuTTY version installed on their XenCenter system manually

 | 

Dell discloses data breach impacting millions of customers

 | 

Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

 | 

Zscaler is investigating data breach claims

 | 

Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover

 | 

LockBit gang claimed responsibility for the attack on City of Wichita

 | 

New TunnelVision technique can bypass the VPN encapsulation

 | 

LiteSpeed Cache WordPress plugin actively exploited in the wild

 | 

Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

 | 

UK Ministry of Defense disclosed a third-party data breach exposing military personnel data 

 | 

Law enforcement agencies identified LockBit ransomware admin and sanctioned him

 | 

MITRE attributes the recent attack to China-linked UNC5221

 | 

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

 | 

City of Wichita hit by a ransomware attack

 | 

El Salvador suffered a massive leak of biometric data

 | 

Finland authorities warn of Android malware campaign targeting bank users

 | 

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

 | 

Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Blackbasta gang claimed responsibility for Synlab Italia attack

 | 

LockBit published data stolen from Simone Veil hospital in Cannes

 | 

Russia-linked APT28 and crooks are still using the Moobot botnet

 | 

Dirty stream attack poses billions of Android installs at risk

 | 

ZLoader Malware adds Zeus's anti-analysis feature

 | 

Ukrainian REvil gang member sentenced to 13 years in prison

 | 

HPE Aruba Networking addressed four critical ArubaOS RCE flaws

 | 

Threat actors hacked the Dropbox Sign production environment

 | 

CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog

 | 

Panda Restaurant Group disclosed a data breach

 | 

Ex-NSA employee sentenced to 262 months in prison for attempting to transfer classified documents to Russia

 | 

Cuttlefish malware targets enterprise-grade SOHO routers

 | 

A flaw in the R programming language could allow code execution

 | 

Muddling Meerkat, a mysterious DNS Operation involving China's Great Firewall

 | 

Notorious Finnish Hacker sentenced to more than six years in prison

 | 

CISA guidelines to protect critical infrastructure against AI-based threats

 | 

NCSC: New UK law bans default passwords on smart devices

 | 

The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data

 | 

Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023

 | 

Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals

 | 

Cyber-Partisans hacktivists claim to have breached Belarus KGB

 | 

The Los Angeles County Department of Health Services disclosed a data breach

 | 

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

 | 

ICICI Bank exposed credit card data of 17000 customers

 | 

Okta warns of unprecedented scale in credential stuffing attacks on online services

 | 

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Targeted operation against Ukraine exploited 7-year-old MS Office bug

 | 

Hackers may have accessed thousands of accounts on the California state welfare platform

 | 

Brokewell Android malware supports an extensive set of Device Takeover capabilities

 | 

Experts warn of an ongoing malware campaign targeting WP-Automatic plugin

 | 

Cryptocurrencies and cybercrime: A critical intermingling

 | 

Kaiser Permanente data breach may have impacted 13.4 million patients

 | 

Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug

 | 

Sweden’s liquor supply severely impacted by ransomware attack on logistics company

 | 

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

 | 

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

 | 

DOJ arrested the founders of crypto mixer Samourai for facilitating $2 Billion in illegal transactions

 | 

Google fixed critical Chrome vulnerability CVE-2024-4058

 | 

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

 | 

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

 | 

US offers a $10 million reward for information on four Iranian nationals

 | 

The street lights in Leicester City cannot be turned off due to a cyber attack

 | 

North Korea-linked APT groups target South Korean defense contractors

 | 

U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity

 | 

A cyber attack paralyzed operations at Synlab Italia

 | 

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

 | 

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

 | 

A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites

 | 

Akira ransomware received $42M in ransom payments from over 250 victims

 | 

DuneQuixote campaign targets the Middle East with a complex backdoor

 | 

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Critical CrushFTP zero-day exploited in attacks in the wild

 | 

A French hospital was forced to reschedule procedures after cyberattack

 | 

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

 | 

FBI chief says China is preparing to attack US critical infrastructure

 | 

United Nations Development Programme (UNDP) investigates data breach

 | 

FIN7 targeted a large U.S. carmaker with phishing attacks

 | 

Law enforcement operation dismantled phishing-as-a-service platform LabHost

 | 

Previously unknown Kapeka backdoor linked to Russian Sandworm APT

 | 

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

 | 

Linux variant of Cerber ransomware targets Atlassian servers

 | 

Ivanti fixed two critical flaws in its Avalanche MDM

 | 

Researchers released exploit code for actively exploited Palo Alto PAN-OS bug

 | 

Cisco warns of large-scale brute-force attacks against VPN and SSH services

 | 

PuTTY SSH Client flaw allows of private keys recovery

 | 

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

 | 

Misinformation and hacktivist campaigns targeting the Philippines skyrocket

 | 

Russia is trying to sabotage European railways, Czech minister said

 | 

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia 

 | 

Cisco Duo warns telephony supplier data breach exposed MFA SMS logs

 | 

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

 | 

CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog

 | 

Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor

 | 

U.S. and Australian police arrested Firebird RAT author and operator

 | 

Canadian retail chain Giant Tiger data breach may have impacted millions of customers

 | 

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Crooks manipulate GitHub's search results to distribute malware

 | 

BatBadBut flaw allowed an attacker to perform command injection on Windows

 | 

Roku disclosed a new security breach impacting 576,000 accounts

 | 

LastPass employee targeted via an audio deepfake call

 | 

TA547 targets German organizations with Rhadamanthys malware

 | 

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog

 | 

US CISA published an alert on the Sisense data breach

 | 

Palo Alto Networks fixed multiple DoS bugs in its firewalls

 | 

Apple warns of mercenary spyware attacks on iPhone users in 92 countries

 | 

Microsoft fixed two zero-day bugs exploited in malware attacks

 | 

Group Health Cooperative data breach impacted 530,000 individuals

 | 

AT&T states that the data breach impacted 51 million former and current customers

 | 

Fortinet fixed a critical remote code execution bug in FortiClientLinux

 | 

Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues

 | 

Cybersecurity in the Evolving Threat Landscape

 | 

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

 | 

ScrubCrypt used to drop VenomRAT along with many malicious plugins

 | 

Google announces V8 Sandbox to protect Chrome users

 | 

China is using generative AI to carry out influence operations

 | 

Greylock McKinnon Associates data breach exposed DOJ data of 341650 people

 | 

Crowdfense is offering a larger 30M USD exploit acquisition program

 | 

U.S. Department of Health warns of attacks against IT help desks

 | 

Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

 | 

More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

 | 

Cisco warns of XSS flaw in end-of-life small business routers

 | 

Magento flaw exploited to deploy persistent backdoor hidden in XML

 | 

Cyberattack disrupted services at Omni Hotels & Resorts

 | 

HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

 | 

US cancer center City of Hope: data breach impacted 827149 individuals

 | 

Ivanti fixed for 4 new issues in Connect Secure and Policy Secure

 | 

Jackson County, Missouri, discloses a ransomware attack

 | 

Google addressed another Chrome zero-day exploited at Pwn2Own in March

 | 

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

 | 

Google fixed two actively exploited Pixel vulnerabilities

 | 

Highly sensitive files mysteriously disappeared from EUROPOL headquarters

 | 

XSS flaw in WordPress WP-Members Plugin can lead to script injection

 | 

Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

 | 

Google agreed to erase billions of browser records to settle a class action lawsuit

 | 

PandaBuy data breach allegedly impacted over 1.3 million customers

 | 

OWASP discloses a data breach

 | 

New Vultur malware version includes enhanced remote control and evasion capabilities

 | 

Pentagon established the Office of the Assistant Secretary of Defense for Cyber Policy

 | 

Info stealer attacks target macOS users

 | 

Security Affairs newsletter Round 465 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

DinodasRAT Linux variant targets users worldwide

 | 

AT&T confirmed that a data breach impacted 73 million customers

 | 

Expert found a backdoor in XZ tools used many Linux distributions

 | 

German BSI warns of 17,000 unpatched Microsoft Exchange servers

 | 

Cisco warns of password-spraying attacks targeting Secure Firewall devices

 | 

American fast-fashion firm Hot Topic hit by credential stuffing attacks

 | 

Cisco addressed high-severity flaws in IOS and IOS XE software

 | 

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

 | 

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

 | 

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

 | 

The DDR Advantage: Real-Time Data Defense

 | 

Finnish police linked APT31 to the 2021 parliament attack

 | 

TheMoon bot infected 40,000 devices in January and February

 | 

UK, New Zealand against China-linked cyber operations

 | 

US Treasury Dep announced sanctions against members of China-linked APT31

 | 

CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog

 | 

Iran-Linked APT TA450 embeds malicious links in PDF attachments

 | 

StrelaStealer targeted over 100 organizations across the EU and US

 | 

GoFetch side-channel attack against Apple systems allows secret keys extraction

 | 

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr

 | 

Russia-linked APT29 targeted German political parties with WINELOADER backdoor

 | 

Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

 | 

Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites

 | 

German police seized the darknet marketplace Nemesis Market

 | 

Unsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic locks

 | 

Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days

 | 

Critical Fortinet's FortiClient EMS flaw actively exploited in the wild

 | 

Pwn2Own Vancouver 2024 Day 1 - team Synacktiv hacked a Tesla

 | 

New Loop DoS attack may target 300,000 vulnerable hosts

 | 

Critical flaw in Atlassian Bamboo Data Center and Server must be fixed immediately

 | 

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

 | 

BunnyLoader 3.0 surfaces in the threat landscape

 | 

Pokemon Company resets some users' passwords

 | 

Ukraine cyber police arrested crooks selling 100 million compromised accounts

 | 

New AcidPour wiper targets Linux x86 devices. Is it a Russia's weapon?

 | 

Players hacked during the matches of Apex Legends Global Series. Tournament suspended

 | 

Earth Krahang APT breached tens of government organizations worldwide

 | 

PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

 | 

Fujitsu suffered a malware attack and probably a data breach

 | 

Remove WordPress miniOrange plugins, a critical flaw can allow site takeover

 | 

The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats

 | 

Email accounts of the International Monetary Fund compromised

 | 

Threat actors leaked 70,000,000+ records allegedly stolen from AT&T

 | 

“gitgub” malware campaign targets Github users with RisePro info-stealer

 | 

Security Affairs newsletter Round 463 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

France Travail data breach impacted 43 Million people

 | 

Scranton School District in Pennsylvania suffered a ransomware attack

 | 

Lazarus APT group returned to Tornado Cash to launder stolen funds

 | 

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

 | 

UK Defence Secretary jet hit by an electronic warfare attack in Poland

 | 

Cisco fixed high-severity elevation of privilege and DoS bugs

 | 

Recent DarkGate campaign exploited Microsoft Windows zero-day

 | 

Nissan Oceania data breach impacted roughly 100,000 people

 | 

Researchers found multiple flaws in ChatGPT plugins

 | 

Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS

 | 

Acer Philippines disclosed a data breach after a third-party vendor hack

 | 

Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack

 | 

Microsoft Patch Tuesday security updates for March 2024 fixed 59 flaws

 | 

Russia's Foreign Intelligence Service (SVR) alleges US is plotting to interfere in presidential election

 | 

First-ever South Korean national detained for espionage in Russia

 | 

Insurance scams via QR codes: how to recognise and defend yourself

 | 

Massive cyberattacks hit French government agencies

 | 

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

 | 

Experts released PoC exploit for critical Progress Software OpenEdge bug

 | 

Magnet Goblin group used a new Linux variant of NerbianRAT malware

 | 

Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites

 | 

Lithuania security services warn of China's espionage against the country

 | 

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Threat actors breached two crucial systems of the US CISA

 | 

CISA adds JetBrains TeamCity bug to its Known Exploited Vulnerabilities catalog

 | 

Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices

 | 

QNAP fixed three flaws in its NAS devices, including an authentication bypass

 | 

Russia-linked Midnight Blizzard breached Microsoft systems again

 | 

Cisco addressed severe flaws in its Secure Client

 | 

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

 | 

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023

 | 

National intelligence agency of Moldova warns of Russia attacks ahead of the presidential election

 | 

CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog

 | 

Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers

 | 

CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

 | 

Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks

 | 

LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage

 | 

Apple emergency security updates fix two new iOS zero-days

 | 

VMware urgent updates addressed Critical ESXi Sandbox Escape bugs

 | 

US Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacks

 | 

CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

 | 

Experts disclosed two severe flaws in JetBrains TeamCity On-Premises software

 | 

Ukraine's GUR hacked the Russian Ministry of Defense

 | 

Some American Express customers' data exposed in a third-party data breach

 | 

META hit with privacy complaints by EU consumer groups

 | 

New GTPDOOR backdoor is designed to target telecom carrier networks

 | 

Threat actors hacked Taiwan-based Chunghwa Telecom

 | 

New Linux variant of BIFROSE RAT uses deceptive domain strategies

 | 

Eken camera doorbells allow ill-intentioned individuals to spy on you

 | 

Security Affairs newsletter Round 461 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

 | 

U.S. authorities charged an Iranian national for long-running hacking campaign

 | 

US cyber and law enforcement agencies warn of Phobos ransomware attacks

 | 

Police seized Crimemarket, the largest German-speaking cybercrime marketplace

 | 

Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws

 | 

Crooks stole €15 Million from European retail company Pepco

 | 

CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog

 | 

Researchers found a zero-click Facebook account takeover

 | 

New SPIKEDWINE APT group is targeting officials in Europe

 | 

Is the LockBit gang resuming its operation?

 | 

Lazarus APT exploited zero-day in Windows driver to gain kernel privileges

 | 

Pharmaceutical giant Cencora discloses a data breach

 | 

Unmasking 2024's Email Security Landscape

 | 

FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector

 | 

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

 | 

Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs

 | 

XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk

 | 

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

 | 

New Redis miner Migo uses novel system weakening techniques

 | 

Critical flaw found in deprecated VMware EAP. Uninstall it immediately

 | 

Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers

 | 

ConnectWise fixed critical flaws in ScreenConnect remote access tool

 | 

More details about Operation Cronos that disrupted Lockbit operation

 | 

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

 | 

Operation Cronos: law enforcement disrupted the LockBit operation

 | 

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

 | 

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

 | 

How BRICS Got "Rug Pulled" – Cryptocurrency Counterfeiting is on the Rise

 | 

SolarWinds addressed critical RCEs in Access Rights Manager (ARM)

 | 

ESET fixed high-severity local privilege escalation bug in Windows products

 | 

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

 | 

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

 | 

CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog

 | 

US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders

 | 

U.S. CISA: hackers breached a state government organization

 | 

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

 | 

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

 | 

A cyberattack halted operations at Varta production plants

 | 

North Korea-linked actors breached the emails of a Presidential Office member

 | 

CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog

 | 

Nation-state actors are using AI services and LLMs for cyberattacks

 | 

Abusing the Ubuntu 'command-not-found' utility to install malicious packages

 | 

Zoom fixed critical flaw CVE-2024-24691 in Windows software

 | 

Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader

 | 

Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days

 | 

A ransomware attack took 100 Romanian hospitals down

 | 

Bank of America customer data compromised after a third-party services provider data breach

 | 

Ransomfeed - Third Quarter Report 2023 is out!

 | 

Global Malicious Activity Targeting Elections is Skyrocketing

 | 

Researchers released a free decryption tool for the Rhysida Ransomware

 | 

Residential Proxies vs. Datacenter Proxies: Choosing the Right Option

 | 

CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog

 | 

Canada Gov plans to ban the Flipper Zero to curb car thefts

 | 

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

 | 

US Feds arrested two men involved in the Warzone RAT operation

 | 

Raspberry Robin spotted using two new 1-day LPE exploits

 | 

Security Affairs newsletter Round 458 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog

 | 

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

 | 

Exploiting a vulnerable Minifilter Driver to create a process killer

 | 

Black Basta ransomware gang hacked Hyundai Motor Europe

 | 

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

 | 

Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices

 | 

26 Cyber Security Stats Every User Should Be Aware Of in 2024

 | 

US offers $10 million reward for info on Hive ransomware group leaders

 | 

Unraveling the truth behind the DDoS attack from electric toothbrushes

 | 

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

 | 

Cisco fixes critical Expressway Series CSRF vulnerabilities

 | 

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

 | 

Fortinet addressed two critical FortiSIEM vulnerabilities

 | 

Experts warn of a critical bug in JetBrains TeamCity On-Premises

 | 

Critical shim bug impacts every Linux boot loader signed in the past decade

 | 

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

 | 

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

 | 

Google fixed an Android critical remote code execution flaw

 | 

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

 | 

U.S. Gov imposes visa restrictions on individuals misusing Commercial Spyware

 | 

HPE is investigating claims of a new security breach

 | 

Experts warn of a surge of attacks targeting Ivanti SSRF flaw 

 | 

How to hack the Airbus NAVBLUE Flysmart+ Manager

 | 

Crooks stole $25.5 million from a multinational firm using a 'deepfake' video call

 | 

Software firm AnyDesk disclosed a security breach

 | 

The 'Mother of all Breaches': Navigating the Aftermath and Fortifying Your Data with DSPM

 | 

US government imposed sanctions on six Iranian intel officials

 | 

A cyberattack impacted operations at Lurie Children's Hospital

 | 

AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web

 | 

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Clorox estimates the costs of the August cyberattack will exceed $49 Million

 | 

Mastodon fixed a flaw that can allow the takeover of any account

 | 

Iranian hackers breached Albania’s Institute of Statistics (INSTAT)

 | 

Operation Synergia led to the arrest of 31 individuals

 | 

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

 | 

Cloudflare breached on Thanksgiving Day, but the attack was promptly contained

 | 

PurpleFox malware infected at least 2,000 computers in Ukraine

 | 

Man sentenced to six years in prison for stealing millions in cryptocurrency via SIM swapping

 | 

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

 | 

Multiple malware used in attacks exploiting Ivanti VPN flaws

 | 

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

 | 

Crooks stole around $112 million worth of XRP from Ripple’s co-founder

 | 

CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

 | 

Ivanti warns of a new actively exploited zero-day

 | 

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

 | 

Data leak at fintech giant Direct Trading Technologies

 | 

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

 | 

Italian data protection authority said that ChatGPT violated EU privacy laws

 | 

750 million Indian mobile subscribers' data offered for sale on dark web

 | 

Juniper Networks released out-of-band updates to fix high-severity flaws

 | 

Hundreds of network operators’ credentials found circulating in Dark Web

 | 

Cactus ransomware gang claims the Schneider Electric hack

 | 

Mercedes-Benz accidentally exposed sensitive data, including source code

 | 

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

 | 

NSA buys internet browsing records from data brokers without a warrant

 | 

Ukraine’s SBU arrested a member of Pro-Russia hackers group 'Cyber Army of Russia'

 | 

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

 | 

Medusa ransomware attack hit Kansas City Area Transportation Authority

 | 

Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center

 | 

Participants earned more than $1.3M at the Pwn2Own Automotive competition

 | 

A TrickBot malware developer sentenced to 64 months in prison

 | 

Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns

 | 

Watch out, experts warn of a critical flaw in Jenkins

 | 

Pwn2Own Automotive 2024 Day 2 - Tesla hacked again

 | 

Yearly Intel Trend Review: The 2023 RedSense report

 | 

Cisco warns of a critical bug in Unified Communications products, patch it now!

 | 

Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)

 | 

CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog

 | 

5379 GitLab servers vulnerable to zero-click account takeover attacks

 | 

Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204

 | 

Splunk fixed high-severity flaw impacting Windows versions

 | 

Watch out, a new critical flaw affects Fortra GoAnywhere MFT

 | 

Australian government announced sanctions for Medibank hacker

 | 

LoanDepot data breach impacted roughly 16.6 individuals

 | 

Black Basta gang claims the hack of the UK water utility Southern Water

 | 

CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog

 | 

Mother of all breaches - a historic data leak reveals 26 billion records: check what's exposed

 | 

Apple fixed actively exploited zero-day CVE-2024-23222

 | 

“My Slice”, an Italian adaptive phishing campaign

 | 

Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell

 | 

Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web

 | 

Backdoored pirated applications targets Apple macOS users

 | 

LockBit ransomware gang claims the attack on the sandwich chain Subway

 | 

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Admin of the BreachForums hacking forum sentenced to 20 years supervised release

 | 

VF Corp December data breach impacts 35 million customers

 | 

China-linked APT UNC3886 exploits VMware zero-day since 2021

 | 

Ransomware attacks break records in 2023: the number of victims rose by 128%

 | 

U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082

 | 

The Quantum Computing Cryptopocalypse – I’ll Know It When I See It

 | 

Kansas State University suffered a serious cybersecurity incident

 | 

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

 | 

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

 | 

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

 | 

iShutdown lightweight method allows to discover spyware infections on iPhones

 | 

Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

 | 

Github rotated credentials after the discovery of a vulnerability

 | 

FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation

 | 

Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

 | 

Google fixed the first actively exploited Chrome zero-day of 2024

 | 

Atlassian fixed critical RCE in older Confluence versions

 | 

VMware fixed a critical flaw in Aria Automation. Patch it now!

 | 

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

 | 

Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

 | 

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

 | 

Phemedrone info stealer campaign exploits Windows smartScreen bypass

 | 

Balada Injector continues to infect thousands of WordPress sites

 | 

Attackers target Apache Hadoop and Flink to deliver cryptominers

 | 

Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic

 | 

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

GitLab fixed a critical zero-click account hijacking flaw

 | 

Juniper Networks fixed a critical RCE bug in its firewalls and switches

 | 

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

 | 

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

 | 

Team Liquid’s wiki leak exposes 118K users

 | 

CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog

 | 

Two zero-day bugs in Ivanti Connect Secure actively exploited

 | 

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

 | 

Cisco fixed critical Unity Connection vulnerability CVE-2024-20272

 | 

ShinyHunters member sentenced to three years in prison

 | 

HMG Healthcare disclosed a data breach

 | 

Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval

 | 

Decryptor for Tortilla variant of Babuk ransomware released

 | 

Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws

 | 

CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog

 | 

Syrian group Anonymous Arabic distributes stealthy malware Silver RAT

 | 

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

 | 

DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace

 | 

Long-existing Bandook RAT targets Windows machines

 | 

A cyber attack hit the Beirut International Airport

 | 

Iranian crypto exchange Bit24.cash leaks user passports and IDs

 | 

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

 | 

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

 | 

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

 | 

The source code of Zeppelin Ransomware sold on a hacking forum

 | 

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

 | 

Ivanti fixed a critical EPM flaw that can result in remote code execution

 | 

MyEstatePoint Property Search Android app leaks user passwords

 | 

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

 | 

HealthEC data breach impacted more than 4.5 Million people

 | 

Experts found 3 malicious packages hiding crypto miners in PyPi repository

 | 

Crooks hacked Mandiant X account to push cryptocurrency scam

 | 

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

 | 

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

 | 

Don’t trust links with known domains: BMW affected by redirect vulnerability

 | 

Hackers stole more than $81 million worth of crypto assets from Orbit Chain

 | 

Ukraine’s SBU said that Russia's intelligence hacked surveillance cameras to direct a missile strike on Kyiv

 | 

Experts warn of JinxLoader loader used to spread Formbook and XLoader

 | 

Terrapin attack allows to downgrade SSH protocol security

 | 

Multiple organizations in Iran were breached by a mysterious hacker

 | 

Top 2023 Security Affairs cybersecurity stories

 | 

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

 | 

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

 | 

Google agreed to settle a $5 billion privacy lawsuit

 | 

Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

INC RANSOM ransomware gang claims to have breached Xerox Corp

 | 

Spotify music converter TuneFab puts users at risk

 | 

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania

 | 

Russia-linked APT28 used new malware in a recent phishing campaign

 | 

Clash of Clans gamers at risk while using third-party app

 | 

New Version of Meduza Stealer Released in Dark Web

 | 

Operation Triangulation attacks relied on an undocumented hardware feature

 | 

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

 | 

Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network

 | 

Experts warn of critical Zero-Day in Apache OfBiz

 | 

Xamalicious Android malware distributed through the Play Store

 | 

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

 | 

Elections 2024, artificial intelligence could upset world balances

 | 

Experts analyzed attacks against poorly managed Linux SSH servers

 | 

A cyberattack hit Australian healthcare provider St Vincent’s Health Australia

 | 

Rhysida ransomware group hacked Abdali Hospital in Jordan

 | 

Carbanak malware returned in ransomware attacks

 | 

Resecurity Released a 2024 Cyber Threat Landscape Forecast

 | 

APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw

 | 

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

 | 

Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Europol and ENISA spotted 443 e-stores compromised with digital skimming

 | 

Video game giant Ubisoft investigates reports of a data breach

 | 

LockBit ransomware gang claims to have breached accountancy firm Xeinadin

 | 

Mobile virtual network operator Mint Mobile discloses a data breach

 | 

Akira ransomware gang claims the theft of sensitive data from Nissan Australia

 | 

Member of Lapsus$ gang sentenced to an indefinite hospital order

 | 

Real estate agency exposes details of 690k customers

 | 

ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products

 | 

Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

 | 

Data leak exposes users of car-sharing service Blink Mobility

 | 

Google addressed a new actively exploited Chrome zero-day

 | 

German police seized the dark web marketplace Kingdom Market

 | 

Law enforcement Operation HAECHI IV led to the seizure of $300 Million

 | 

Sophisticated JaskaGO info stealer targets macOS and Windows

 | 

BMW dealer at risk of takeover by cybercriminals

 | 

Comcast’s Xfinity customer data exposed after CitrixBleed attack

 | 

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

 | 

Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season

 | 

The ransomware attack on Westpole is disrupting digital services for Italian public administration

 | 

Info stealers and how to protect against them

 | 

Pro-Israel Predatory Sparrow hacker group disrupted services at around 70% of Iran’s fuel stations

 | 

Qakbot is back and targets the Hospitality industry

 | 

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

 | 

MongoDB investigates a cyberattack, customer data exposed

 | 

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

 | 

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

New NKAbuse malware abuses NKN decentralized P2P network protocol

 | 

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

 | 

Multiple flaws in pfSense firewall can lead to arbitrary code execution

 | 

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

 | 

Data of over a million users of the crypto exchange GokuMarket exposed

 | 

Idaho National Laboratory data breach impacted 45,047 individuals

 | 

Ubiquiti users claim to have access to other people’s devices

 | 

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

 | 

Microsoft seized the US infrastructure of the Storm-1152 cybercrime group

 | 

French authorities arrested a Russian national for his role in the Hive ransomware operation

 | 

China-linked APT Volt Typhoon linked to KV-Botnet

 | 

UK Home Office is ignoring the risk of 'catastrophic ransomware attacks,' report warns

 | 

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

 | 

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

 | 

December 2023 Microsoft Patch Tuesday fixed 4 critical flaws

 | 

Ukrainian military intelligence service hacked the Russian Federal Taxation Service

 | 

Kyivstar, Ukraine's largest mobile carrier brought down by a cyber attack

 | 

Dubai’s largest taxi app exposes 220K+ users

 | 

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

 | 

Apple released iOS 17.2 to address a dozen of security flaws

 | 

Toyota Financial Services discloses a data breach

 | 

Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2

 | 

CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

 | 

CISA and ENISA signed a Working Arrangement to enhance cooperation

 | 

Researcher discovered a new lock screen bypass bug for Android 14 and 13

 | 

WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw

 | 

Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Hacktivists hacked an Irish water utility and interrupted the water supply

 | 

5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips

 | 

Norton Healthcare disclosed a data breach after a ransomware attack

 | 

Bypassing major EDRs using Pool Party process injection techniques

 | 

Founder of Bitzlato exchange has pleaded for unlicensed money transmitting

 | 

Android barcode scanner app exposes user passwords

 | 

UK and US expose Russia Callisto Group's activity and sanction members

 | 

A cyber attack hit Nissan Oceania

 | 

New Krasue Linux RAT targets telecom companies in Thailand

 | 

Atlassian addressed four new RCE flaws in its products

 | 

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

 | 

Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

 | 

GST Invoice Billing Inventory exposes sensitive data to threat actors

 | 

Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw

 | 

ENISA published the ENISA Threat Landscape for DoS Attacks Report

 | 

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

 | 

Google fixed critical zero-click RCE in Android

 | 

New P2PInfect bot targets routers and IoT devices

 | 

Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

 | 

LockBit on a Roll - ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

 | 

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

 | 

New Agent Raccoon malware targets the Middle East, Africa and the US

 | 

Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Researchers devised an attack technique to extract ChatGPT training data

 | 

Fortune-telling website WeMystic exposes 13M+ user records

 | 

Expert warns of Turtle macOS ransomware

 | 

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

 | 

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

 | 

Apple addressed 2 new iOS zero-day vulnerabilities

 | 

Critical Zoom Room bug allowed to gain access to Zoom Tenants

 | 

Rhysida ransomware group hacked King Edward VII’s Hospital in London

 | 

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

 | 

Okta reveals additional attackers' activities in October 2023 Breach

 | 

Thousands of secrets lurk in app images on Docker Hub

 | 

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

 | 

International police operation dismantled a prominent Ukraine-based Ransomware group

 | 

Daixin Team group claimed the hack of North Texas Municipal Water District

 | 

Healthcare provider Ardent Health Services disclosed a ransomware attack

 | 

Ukraine's intelligence service hacked Russia's Federal Air Transport Agency, Rosaviatsia

 | 

Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania

 | 

The hack of MSP provider CTS potentially impacted hundreds of UK law firms

 | 

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Rhysida ransomware gang claimed China Energy hack

 | 

North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

 | 

Hamas-linked APT uses Rust-based SysJoker backdoor against Israel

 | 

App used by hundreds of schools leaking children's data

 | 

Microsoft launched its new Microsoft Defender Bounty Program

 | 

Exposed Kubernetes configuration secrets can fuel supply chain attacks

 | 

North Korea-linked Konni APT uses Russian-language weaponized documents

 | 

ClearFake campaign spreads macOS AMOS information stealer

 | 

Welltok data breach impacted 8.5 million patients in the U.S.

 | 

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

 | 

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

 | 

New InfectedSlurs Mirai-based botnet exploits two zero-days

 | 

SiegedSec hacktivist group hacked Idaho National Laboratory (INL)

 | 

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

 | 

Citrix provides additional measures to address Citrix Bleed

 | 

Tor Project removed several relays associated with a suspicious cryptocurrency scheme

 | 

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

 | 

The Top 5 Reasons to Use an API Management Platform

 | 

Canadian government impacted by data breaches of two of its contractors

 | 

Rhysida ransomware gang is auctioning data stolen from the British Library

 | 

Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies

 | 

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

 | 

US teenager pleads guilty to his role in credential stuffing attack on a betting site

 | 

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

8Base ransomware operators use a new variant of the Phobos ransomware

 | 

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

 | 

The board of directors of OpenAI fired Sam Altman

 | 

Medusa ransomware gang claims the hack of Toyota Financial Services

 | 

CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog

 | 

Zimbra zero-day exploited to steal government emails by four groups

 | 

Vietnam Post exposes 1.2TB of data, including email addresses

 | 

Samsung suffered a new data breach

 | 

FBI and CISA warn of attacks by Rhysida ransomware gang

 | 

Critical flaw fixed in SAP Business One product

 | 

Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

 | 

Gamblers’ data compromised after casino giant Strendus fails to set password

 | 

VMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director Appliance

 | 

Danish critical infrastructure hit by the largest cyber attack in Denmark's history

 | 

Major Australian ports blocked after a cyber attack on DP World

 | 

Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024

 | 

CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog

 | 

LockBit ransomware gang leaked data stolen from Boeing

 | 

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

 | 

The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital

 | 

The State of Maine disclosed a data breach that impacted 1.3M people

 | 

Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

 | 

Serbian pleads guilty to running ‘Monopoly’ dark web drug market

 | 

McLaren Health Care revealed that a data breach impacted 2.2 million people

 | 

After ChatGPT, Anonymous Sudan took down the Cloudflare website

 | 

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

 | 

SysAid zero-day exploited by Clop ransomware group

 | 

Dolly.com pays ransom, attackers release data anyway

 | 

DDoS attack leads to significant disruption in ChatGPT services

 | 

Russian Sandworm disrupts power in Ukraine with a new OT attack

 | 

Veeam fixed multiple flaws in Veeam ONE, including critical issues

 | 

Pro-Palestinian hackers group 'Soldiers of Solomon' disrupted the production cycle of the biggest flour production plant in Israel

 | 

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

 | 

Critical Confluence flaw exploited in ransomware attacks

 | 

QNAP fixed two critical vulnerabilities in QTS OS and apps

 | 

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

 | 

Socks5Systemz proxy service delivered via PrivateLoader and Amadey

 | 

US govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actors

 | 

Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

 | 

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

 | 

ZDI discloses four zero-day flaws in Microsoft Exchange

 | 

Okta customer support system breach impacted 134 customers

 | 

Multiple WhatsApp mods spotted containing the CanesSpy Spyware

 | 

Russian FSB arrested Russian hackers who supported Ukrainian cyber operations

 | 

MuddyWater has been spotted targeting two Israeli entities

 | 

Clop group obtained access to the email addresses of about 632,000 US federal employees

 | 

Okta discloses a new data breach after a third-party vendor was hacked

 | 

Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware

 | 

Boeing confirmed its services division suffered a cyberattack

 | 

Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India

 | 

Who is behind the Mozi Botnet kill switch?

 | 

CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog

 | 

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

 | 

Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper

 | 

British Library suffers major outage due to cyberattack

 | 

Critical Atlassian Confluence flaw can lead to significant data loss

 | 

WiHD leak exposes details of all torrent users

 | 

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

 | 

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

 | 

Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency

 | 

Wiki-Slack attack allows redirecting business professionals to malicious websites

 | 

HackerOne awarded over $300 million bug hunters

 | 

StripedFly, a complex malware that infected one million devices without being noticed

 | 

IT Army of Ukraine disrupted internet providers in territories occupied by Russia

 | 

Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023

 | 

Lockbit ransomware gang claims to have stolen data from Boeing

 | 

How to Collect Market Intelligence with Residential Proxies?

 | 

F5 urges to address a critical flaw in BIG-IP

 | 

Hello Alfred app exposes user data

 | 

iLeakage attack exploits Safari to steal data from Apple devices

 | 

Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps

 | 

Seiko confirmed a data breach after BlackCat attack

 | 

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

 | 

Pwn2Own Toronto 2023 Day 1 - organizers awarded $438,750 in prizes

 | 

VMware addressed critical vCenter flaw also for End-of-Life products

 | 

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

 | 

New England Biolabs leak sensitive data

 | 

Former NSA employee pleads guilty to attempted selling classified documents to Russia

 | 

Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!

 | 

How did the Okta Support breach impact 1Password?

 | 

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

 | 

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

 | 

CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

 | 

Cisco warns of a second IOS XE zero-day used to infect devices worldwide

 | 

City of Philadelphia suffers a data breach

 | 

SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

 | 

Don't use AI-based apps, Philippine defense ordered its personnel

 | 

Vietnamese threat actors linked to DarkGate malware campaign

 | 

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

 | 

The attack on the International Criminal Court was targeted and sophisticated

 | 

Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

A threat actor is selling access to Facebook and Instagram's Police Portal

 | 

Threat actors breached Okta support system and stole customers' data

 | 

US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide

 | 

Alleged developer of the Ragnar Locker ransomware was arrested

 | 

CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

 | 

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

 | 

Law enforcement operation seized Ragnar Locker group's infrastructure

 | 

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

 | 

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

 | 

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

 | 

Californian IT company DNA Micro leaks private mobile phone data

 | 

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

 | 

A flaw in Synology DiskStation Manager allows admin account takeover

 | 

D-Link confirms data breach, but downplayed the impact

 | 

CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems

 | 

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

 | 

Ransomware realities in 2023: one employee mistake can cost a company millions

 | 

Malware-laced 'RedAlert - Rocket Alerts' app targets Israeli users 

 | 

Cisco warns of active exploitation of IOS XE zero-day

 | 

Signal denies claims of an alleged zero-day flaw in its platform

 | 

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

 | 

DarkGate malware campaign abuses Skype and Teams

 | 

The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital

 | 

Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Lockbit ransomware gang demanded an 80 million ransom to CDW

 | 

CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks

 | 

Stayin' Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

 | 

FBI and CISA published a new advisory on AvosLocker ransomware

 | 

More than 17,000 WordPress websites infected with the Balada Injector in September

 | 

Ransomlooker, a new tool to track and analyze ransomware groups' activities

 | 

Phishing, the campaigns that are targeting Italy

 | 

A new Magecart campaign hides the malicious code in 404 error page

 | 

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

 | 

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

 | 

Air Europa data breach exposed customers' credit cards

 | 

#OpIsrael, #FreePalestine & #OpSaudiArabia - How Cyber Actors Capitalize On War Actions Via Psy-Ops

 | 

Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws

 | 

New 'HTTP/2 Rapid Reset' technique behind record-breaking DDoS attacks

 | 

Exposed security cameras in Israel and Palestine pose significant risks

 | 

A flaw in libcue library impacts GNOME Linux systems

 | 

Hacktivists in Palestine and Israel after SCADA and other industrial control systems

 | 

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

 | 

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

 | 

Gaza-linked hackers and Pro-Russia groups are targeting Israel

 | 

Flagstar Bank suffered a data breach once again

 | 

Android devices shipped with backdoored firmware as part of the BADBOX network

 | 

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

 | 

North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime

 | 

QakBot threat actors are still operational after the August takedown

 | 

Ransomware attack on MGM Resorts costs $110 Million

 | 

Cybersecurity, why a hotline number could be important?

 | 

Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables

 | 

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

 | 

Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege

 | 

CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog

 | 

NATO is investigating a new cyber attack claimed by the SiegedSec group

 | 

Global CRM Provider Exposed Millions of Clients’ Files Online

 | 

Sony sent data breach notifications to about 6,800 individuals

 | 

Apple fixed the 17th zero-day flaw exploited in attacks

 | 

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

 | 

A cyberattack disrupted Lyca Mobile services

 | 

Chipmaker Qualcomm warns of three actively exploited zero-days

 | 

DRM Report Q2 2023 - Ransomware threat landscape

 | 

Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform

 | 

San Francisco’s transport agency exposes drivers’ parking permits and addresses

 | 

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

 | 

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

 | 

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

 | 

European Telecommunications Standards Institute (ETSI) suffered a data breach

 | 

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

 | 

National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers

 | 

North Korea-linked Lazarus targeted a Spanish aerospace company

 | 

Ransomware attack on Johnson Controls may have exposed sensitive DHS data

 | 

BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care

 | 

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

 | 

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

 | 

FBI warns of dual ransomware attacks

 | 

Progress Software fixed two critical severity flaws in WS_FTP Server

 | 

Child abuse site taken down, organized child exploitation crime suspected – exclusive

 | 

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

 | 

Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

 | 

Misconfigured WBSC server leaks thousands of passports

 | 

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

 | 

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

 | 

Dark Angels Team ransomware group hit Johnson Controls

 | 

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

 | 

Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices

 | 

China-linked APT BlackTech was spotted hiding in Cisco router firmware

 | 

Watch out! CVE-2023-5129 in libwebp library affects millions applications

 | 

DarkBeam leaks billions of email and password combinations

 | 

'Ransomed.vc' in the Spotlight - What is Known About the Ransomware Group Targeting Sony and NTT Docomo

 | 

Top 5 Problems Solved by Data Lineage

 | 

Threat actors claim the hack of Sony, and the company investigates

 | 

Canadian Flair Airlines left user data leaking for months

 | 

The Rhysida ransomware group hit the Kuwait Ministry of Finance

 | 

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

 | 

Xenomorph malware is back after months of hiatus and expands the list of targets

 | 

Smishing Triad Stretches Its Tentacles into the United Arab Emirates

 | 

Crooks stole $200 million worth of assets from Mixin Network

 | 

A phishing campaign targets Ukrainian military entities with drone manual lures

 | 

Alert! Patch your TeamCity instance to avoid server hack

 | 

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

 | 

Nigerian National pleads guilty to participating in a millionaire BEC scheme

 | 

New variant of BBTok Trojan targets users of +40 banks in LATAM

 | 

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

 | 

Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

 | 

Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

 | 

National Student Clearinghouse data breach impacted approximately 900 US schools

 | 

Government of Bermuda blames Russian threat actors for the cyber attack

 | 

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

 | 

CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog

 | 

Information of Air Canada employees exposed in recent cyberattack

 | 

Sandman APT targets telcos with LuaDream backdoor

 | 

Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws

 | 

Ukrainian hackers are behind the Free Download Manager supply chain attack

 | 

Space and defense tech maker Exail Technologies exposes database access

 | 

Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions

 | 

Experts found critical flaws in Nagios XI network monitoring software

 | 

The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs

 | 

International Criminal Court hit with a cyber attack

 | 

GitLab addressed critical vulnerability CVE-2023-5009

 | 

Trend Micro addresses actively exploited zero-day in Apex One and other security Products

 | 

ShroudedSnooper threat actors target telecom companies in the Middle East

 | 

Recent cyber attack is causing Clorox products shortage

 | 

Earth Lusca expands its arsenal with SprySOCKS Linux malware

 | 

Microsoft AI research division accidentally exposed 38TB of sensitive data

 | 

German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals

 | 

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

 | 

FBI hacker USDoD leaks highly sensitive TransUnion data

 | 

North Korea's Lazarus APT stole almost $240 million in crypto assets since June

 | 

Clop gang stolen data from major North Carolina hospitals

 | 

CardX released a data leak notification impacting their customers in Thailand

 | 

Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition

 | 

TikTok fined €345M by Irish DPC for violating children’s privacy

 | 

Dariy Pankov, the NLBrute malware author, pleads guilty

 | 

Dangerous permissions detected in top Android health apps

 | 

Caesars Entertainment paid a ransom to avoid stolen data leaks

 | 

Free Download Manager backdoored to serve Linux malware for more than 3 years

 | 

Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York

 | 

The iPhone of a Russian journalist was infected with the Pegasus spyware

 | 

Kubernetes flaws could lead to remote code execution on Windows endpoints

 | 

Threat actor leaks sensitive data belonging to Airbus

 | 

A new ransomware family called 3AM appears in the threat landscape

 | 

Redfly group infiltrated an Asian national grid as long as six months

 | 

Mozilla fixed a critical zero-day in Firefox and Thunderbird

 | 

Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws

 | 

Save the Children confirms it was hit by cyber attack

 | 

Adobe fixed actively exploited zero-day in Acrobat and Reader

 | 

A new Repojacking attack exposed over 4,000 GitHub repositories to hack

 | 

MGM Resorts hit by a cyber attack

 | 

Anonymous Sudan launched a DDoS attack against Telegram

 | 

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

 | 

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

 | 

CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog

 | 

UK and US sanctioned 11 members of the Russia-based TrickBot gang

 | 

New HijackLoader malware is rapidly growing in popularity in the cybercrime community

 | 

Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable

 | 

Evil Telegram campaign: Trojanized Telegram apps found on Google Play

 | 

Rhysida Ransomware gang claims to have hacked three more US hospitals

 | 

Akamai prevented the largest DDoS attack on a US financial company

 | 

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

 | 

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog

 | 

Ragnar Locker gang leaks data stolen from the Israel's Mayanei Hayeshua hospital

 | 

North Korea-linked threat actors target cybersecurity experts with a zero-day

 | 

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

 | 

Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

 | 

Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs

 | 

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

 | 

Two flaws in Apache SuperSet allow to remotely hack servers

 | 

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

 | 

Google addressed an actively exploited zero-day in Android

 | 

A zero-day in Atlas VPN Linux Client leaks users' IP address

 | 

MITRE and CISA release Caldera for OT attack emulation

 | 

ASUS routers are affected by three critical remote code execution flaws

 | 

Hackers stole $41M worth of crypto assets from crypto gambling firm Stake

 | 

Freecycle data breach impacted 7 Million users

 | 

Meta disrupted two influence campaigns from China and Russia

 | 

A massive DDoS attack took down the site of the German financial agency BaFin

 | 

"Smishing Triad" Targeted USPS and US Citizens for Data Theft

 | 

University of Sydney suffered a security breach caused by a third-party service provider

 | 

Cybercrime will cost Germany $224 billion in 2023

 | 

PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks

 | 

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

 | 

LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)

 | 

UNRAVELING EternalBlue: inside the WannaCry’s enabler

 | 

Researchers released a free decryptor for the Key Group ransomware

 | 

Fashion retailer Forever 21 data breach impacted +500,000 individuals

 | 

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

 | 

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

 | 

Paramount Global disclosed a data breach

 | 

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

 | 

Abusing Windows Container Isolation Framework to avoid detection by security products

 | 

Critical RCE flaw impacts VMware Aria Operations Networks

 | 

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

 | 

Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months

 | 

FIN8-linked actor targets Citrix NetScaler systems

 | 

Japan's JPCERT warns of new 'MalDoc in PDF' attack technique

 | 

Attackers can discover IP address by sending a link over the Skype mobile app

 | 

Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software

 | 

Cloud and hosting provider Leaseweb took down critical systems after a cyber attack

 | 

Crypto investor data exposed by a SIM swapping attack against a Kroll employee

 | 

China-linked Flax Typhoon APT targets Taiwan

 | 

Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035

 | 

Resecurity identified a zero-day vulnerability in Schneider Electric Accutech Manager

 | 

LATEST NEWS

VIEW ALL
Cyber Crime
Q2 2013 Superfecta report, constant increase for automated attacks
Pierluigi Paganini July 31, 2013

FireHost Secure cloud hosting company issued Q2 2013 Superfecta report that revealed a sharp increase in blended, automated attacks. FireHost announced the Q2 2013 Superfecta report, an interesting ...

Cyber warfare
Credit Card Redirection, the evolution of phishing
Pierluigi Paganini July 30, 2013

Researchers at Securi discover Credit Card Redirection attack technique to hijack credit card data during transactions on e-commerce sites. With the term credit card redirection is indicated the ille ...

Hacking
Spy agencies ban on Lenovo PCs due to backdoor vulnerabilities
Pierluigi Paganini July 29, 2013

Spy agencies reportedly have a long-standing ban on Lenovo PCs due to backdoor vulnerabilities that could allow an attacker to remotely access to the computers. Spy agencies reportedly have a long- ...

Hacking
Istanbul Ataturk International Airport targeted by a cyber attack
Pierluigi Paganini July 28, 2013

Media agencies reported news of a cyber attack against the Istanbul Ataturk International Airport, the passport control system at the departure terminal was hit causing many problems at the airport. ...

top articles

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea
January 06, 2024
Ukraine’s SBU said that Russia's intelligence hacked surveillance cameras to direct a missile strike on Kyiv
January 03, 2024
A cyber attack hit the Beirut International Airport
January 07, 2024
Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications
January 08, 2024
Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud
January 03, 2024

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Internet of Things

Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices

November 14, 2024

Hacking
U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog

August 22, 2024

Cyber Crime
Ransomware drama: Law enforcement seized Lockbit group's website again

May 05, 2024

APT
Zimbra zero-day exploited to steal government emails by four groups

November 16, 2023

Malware
FBI and CISA warn of attacks by Rhysida ransomware gang

November 16, 2023

recent articles

Malware
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 32

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Malicious packages deepseeek and deepseekai published in Pyth ...

Pierluigi Paganini February 09, 2025
Breaking News
Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini February 09, 2025
Hacking
PlayStation Network outage has been going on for over 24 hours

PlayStation Network has been down for nearly a day, with little communication from Sony, leaving players frustrated. PlayStation Network has been down for almost a day all over the world, Son ...

Pierluigi Paganini February 08, 2025
APT
Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

Researchers spotted North Korea's Kimsuky APT group launching spear-phishing attacks to deliver forceCopy info-stealer malware. Researchers from AhnLab Security Intelligence Center (ASEC) observed ...

Pierluigi Paganini February 08, 2025
Breaking News
Russia's intelligence recruits Ukrainians for terror attacks via messaging apps

Russia's intelligence recruits Ukrainians for terror attacks via messaging apps and forums, offering quick pay, Ukraine's law enforcement warns. According to Ukraine's law enforcement, Russian int ...

Pierluigi Paganini February 08, 2025
Data Breach
Hospital Sisters Health System impacted 882,782 individuals

The cyberattack on Hospital Sisters Health System in 2023 compromised the personal information of 883,000 individuals. The cyberattack that hit the infrastructure of the Hospital Sisters Health Sy ...

Pierluigi Paganini February 07, 2025
Hacking
Attackers used a public ASP.NET machine to conduct ViewState code injection attacks

Microsoft researchers warn that threat actors are delivering the Godzilla framework using a static ASP.NET machine. In December 2024, Microsoft Threat Intelligence researchers spotted a threat act ...

Pierluigi Paganini February 07, 2025
Hacking
U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity ...

Pierluigi Paganini February 06, 2025
Cyber Crime
Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain and the US. Spanish National Police arrested a hacker responsible for multiple cyberattack ...

Pierluigi Paganini February 06, 2025
APT
Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

The North Korea-linked APT group Lazarus uses a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign. Bitdefender researchers reported that the North Korea-linked&n ...

Pierluigi Paganini February 06, 2025
Hacking
U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux kernel vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agen ...

Pierluigi Paganini February 05, 2025
Security
U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog. Th ...

Pierluigi Paganini February 05, 2025
Malware
SparkCat campaign target crypto wallets using OCR to steal recovery phrases

In late 2024, Kaspersky experts discovered a malicious campaign, called SparkCat, spreading malware to target crypto wallets. In March 2023, ESET found malware in modified versions of messengers u ...

Pierluigi Paganini February 05, 2025
Data Breach
International Civil Aviation Organization (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists

The International Civil Aviation Organization (ICAO) is investigating a data breach affecting system and employee security. The International Civil Aviation Organization (ICAO), a specialized agen ...

Pierluigi Paganini February 05, 2025
Data Breach
Online food ordering and delivery platform GrubHub discloses a data breach

Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers and customers. This week the online food ordering and delivery firm GrubH ...

Pierluigi Paganini February 05, 2025
Security
Netgear urges users to upgrade two flaws impacting WiFi router models

Netgear disclosed two critical flaws impacting multiple WiFi router models and urges customers to address them. Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 ...

Pierluigi Paganini February 04, 2025
Security
AMD fixed a flaw that allowed to load malicious microcode

AMD released security patches to fix a flaw that could bypass SEV protection, letting attackers load malicious microcode. Researchers from Google disclosed an improper signature verification vulne ...

Pierluigi Paganini February 04, 2025
Malware
Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

Coyote Banking Trojan targets Brazilian users, stealing data from over 70 financial applications and websites. FortiGuard Labs researchers detected a campaign using LNK files executing PowerShell ...

Pierluigi Paganini February 04, 2025
Hacking
Google fixed actively exploited kernel zero-day flaw

The February 2025 Android security updates addressed 48 vulnerabilities, including a kernel zero-day flaw exploited in the wild. The February 2025 Android security updates addressed 48 vulnerabili ...

Pierluigi Paganini February 04, 2025
Malware
Web Skimmer found on at least 17 websites, including Casio UK

Casio Website Infected With Skimmer  A threat actor has installed a web skimmer on all pages of the Casio UK’s website, except the checkout page. Jscrambler researchers uncovered a web s ...

Pierluigi Paganini February 03, 2025
Cyber Crime
Crazy Evil gang runs over 10 highly specialized social media scams

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major ...

Pierluigi Paganini February 03, 2025
Security
Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?

US Sen. Ron Wyden warns of national security risks after Elon Musk ’s DOGE was given full access to sensitive Treasury systems. Sen. Ron Wyden warned of national security risks after Elon Musk � ...

Pierluigi Paganini February 03, 2025
Laws and regulations
Texas is the first state to ban DeepSeek on government devices

Texas bans DeepSeek and RedNote on government devices to block Chinese data-harvesting AI, citing security risks. Texas Governor Greg Abbott banned Chinese AI company DeepSeek and Chinese-owned so ...

Pierluigi Paganini February 03, 2025
Cyber Crime
Law enforcement seized the domains of HeartSender cybercrime marketplaces

U.S. and Dutch authorities seized 39 domains and servers linked to the HeartSender cybercrime group based in Pakistan. A joint law enforcement operation led to the seizure of 39 domains tied to a ...

Pierluigi Paganini February 03, 2025
Breaking News
Security Affairs newsletter Round 509 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini February 02, 2025
Security
WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp t ...

Pierluigi Paganini February 02, 2025
Cyber Crime
Ransomware attack hit Indian multinational Tata Technologies

Indian multinational technology company Tata Technologies suspended some IT services following a ransomware attack. Indian multinational Tata Technologies, a Tata Motors subsidiary, ...

Pierluigi Paganini February 02, 2025
Cyber Crime
A ransomware attack forced New York Blood Center to reschedule appointments

The New York Blood Center faced a ransomware attack on Sunday, forcing the healthcare organization to reschedule appointments. The New York Blood Center suffered a ransomware attack on Sunday, cau ...

Pierluigi Paganini February 01, 2025
Security
Contec CMS8000 patient monitors contain a hidden backdoor

The U.S. CISA and the FDA warned of a hidden backdoor in Contec CMS8000 and Epsimed MN-120 patient monitors. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug ...

Pierluigi Paganini February 01, 2025
Data Breach
Community Health Center data breach impacted over 1 million patients

Community Health Center (CHC) data breach impacted over 1 million patients in Connecticut, the healthcare provider started notifying them. Community Health Center (CHC) is a leading healthcare pro ...

Pierluigi Paganini January 31, 2025
Security
Italy's data protection authority Garante blocked the DeepSeek AI platform

Italy's data protection authority Garante blocked the DeepSeek AI service due to insufficient transparency regarding user data process. Italy's data protection watchdog has blocked Chinese artif ...

Pierluigi Paganini January 31, 2025
Security
Broadcom fixed information disclosure flaws in VMware Aria Operations

Broadcom patched five flaws in VMware Aria Operations and Aria Operations for Logs that could lead to privilege escalation and credential theft. Broadcom addressed the following vulnerabilities in ...

Pierluigi Paganini January 31, 2025
Data Breach
DeepSeek database exposed highly sensitive information

Chinese AI platform DeepSeek has publicly exposed two databases containing highly sensitive user and backend details. Wiz Research discovered a publicly accessible ClickHouse database belonging to ...

Pierluigi Paganini January 30, 2025
Security
TeamViewer fixed a vulnerability in Windows client and host applications

TeamViewer has patched a high-severity privilege escalation vulnerability affecting its Windows client and host applications. TeamViewer released security patches for a high-severity elevation of ...

Pierluigi Paganini January 30, 2025
Cyber Crime
Operation Talent: An international law enforcement operation seized Cracked, Nulled and other cybercrime websites

An international law enforcement operation targeted several major cybercrime websites, including Cracked, Nulled, Sellix, and StarkRDP.  An international law enforcement operation led by Europol, ...

Pierluigi Paganini January 30, 2025
Hacking
PHP package Voyager flaws expose to one-click RCE exploits

The open-source PHP package Voyager is affected by three vulnerabilities that could be exploited to achieve one-click remote code execution on affected instances. Voyager is a popular open-sourc ...

Pierluigi Paganini January 30, 2025
Digital ID
Italy’s Data Protection Authority Garante requested information from Deepseek

Italy’s data privacy regulator Garante has requested information from Chinese AI company DeepSeek regarding its data practices. Italy’s Data Protection Authority Garante has asked the AI firm ...

Pierluigi Paganini January 30, 2025
Hacking
U.S. CISA adds Apple products' flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products' flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CI ...

Pierluigi Paganini January 29, 2025
Breaking News
Aquabot variant v3 targets Mitel SIP phones

A new variant of the Mirai-based botnet Aquabot targets vulnerable Mitel SIP phones to recruit them into a DDoS botnet. Akamai researchers spotted a new variant of the Mirai-based botnet Aquabot t ...

Pierluigi Paganini January 29, 2025
Security
Critical remote code execution bug found in Cacti framework

A critical flaw in Cacti open-source network monitoring and fault management framework that could allow remote code execution. Cacti is an open-source platform that provides a robust and extensib ...

Pierluigi Paganini January 29, 2025
Hacking
Attackers actively exploit a critical zero-day in Zyxel CPE Series devices

Experts warn that threat actors are actively exploiting critical zero-day vulnerability, tracked as CVE-2024-40891, in Zyxel CPE Series devices. GreyNoise researchers are observing active exp ...

Pierluigi Paganini January 29, 2025
Security
Attackers exploit SimpleHelp RMM Software flaws for initial access

Threat actors exploit recently fixed SimpleHelp RMM software vulnerabilities to breach targeted networks, experts warn. Horizon3 researchers discovered three vulnerabilities, tracked as CVE-2024-5 ...

Pierluigi Paganini January 29, 2025
Security
VMware fixed a flaw in Avi Load Balancer

VMware fixed a high-risk blind SQL injection vulnerability in Avi Load Balancer, allowing attackers to exploit databases via crafted queries. VMware warns of a high-risk blind SQL injection vulner ...

Pierluigi Paganini January 28, 2025
Security
EU announced sanctions on three members of Russia's GRU Unit 29155

The EU sanctioned three members of Russia's GRU Unit 29155 for cyberattacks on Estonia's government agencies in 2020. The European Union announced sanctions for three members (Nikolay Korchagin, V ...

Pierluigi Paganini January 28, 2025
Security
Chinese AI platform DeepSeek faced a "large-scale" cyberattack

Chinese AI company DeepSeek has disabled registrations for its DeepSeek-V3 chat platform following a "large-scale" cyberattack. DeepSeek has designed a new AI platform that quickly gained attentio ...

Pierluigi Paganini January 28, 2025
Hacking
Apple fixed the first actively exploited zero-day of 2025

Apple addressed the first zero-day vulnerability of 2025, which is actively exploited in attacks in the wild aimed at iPhone users. Apple released security updates to address 2025's first zero-day ...

Pierluigi Paganini January 27, 2025
Cyber Crime
TalkTalk confirms data breach involving a third-party platform

UK telecommunications firm TalkTalk disclosed a data breach after a threat actor announced the hack on a cybercrime forum. UK telecommunications company TalkTalk confirmed a data breach after a th ...

Pierluigi Paganini January 27, 2025
Security
Multiple Git flaws led to credentials compromise

Vulnerabilities in the Git credential retrieval protocol could have allowed threat actors to access user credentials. Security researcher RyotaK from GMO Flatt Security Inc discovered multiple vul ...

Pierluigi Paganini January 27, 2025
APT
GamaCopy targets Russia mimicking Russia-linked Gamaredon APT

New threat actor GamaCopy mimics Russia-linked Gamaredon APT in attacks on Russian-speaking targets. The Knownsec 404 Advanced Threat Intelligence team recently analyzed attacks on Russian-speakin ...

Pierluigi Paganini January 27, 2025
Cyber Crime
ESXi ransomware attacks use SSH tunnels to avoid detection

Threat actors behind ESXi ransomware attacks target virtualized environments using SSH tunneling to avoid detection. Researchers at cybersecurity firm Sygnia warn that threat actors behind ESXi ra ...

Pierluigi Paganini January 27, 2025
Digital ID
Attackers allegedly stole $69 million from cryptocurrency platform Phemex

Crooks stole at least $69 million from Singapore-based cryptocurrency platform Phemex in an alleged cyberattack. Singapore-based crypto platform Phemex paused operations after a cyberattack that r ...

Pierluigi Paganini January 27, 2025
Data Breach
Change Healthcare data breach exposed the private data of over half the U.S.

The Change Healthcare data breach is worse than initially estimated: approximately 190 million people have been affected. The Change Healthcare data breach is worse than initially estimated, the i ...

Pierluigi Paganini January 26, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 30

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Gmail For Exfiltration: Malicious npm Packages Target Solana ...

Pierluigi Paganini January 26, 2025
Breaking News
Security Affairs newsletter Round 508 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini January 26, 2025
Uncategorized
Cisco warns of a ClamAV bug with PoC exploit

Cisco addressed a ClamAV denial-of-service (DoS) vulnerability, and experts warn of the availability of a proof-of-concept (PoC) exploit code. Cisco has released security updates to address a Clam ...

Pierluigi Paganini January 26, 2025
Security
Subaru Starlink flaw allowed experts to remotely hack cars

Subaru Starlink flaw exposed vehicles and customer accounts in the US, Canada, and Japan to remote attacks. Popular security researcher Sam Curry and he colleague Shubham Shah discovered a vulnera ...

Pierluigi Paganini January 25, 2025
Security
U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA1000 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security ...

Pierluigi Paganini January 24, 2025
Security
J-magic malware campaign targets Juniper routers

Threat actors are targeting Juniper routers with a custom backdoor in a campaign called code-named "J-magic," attackers are exploiting a Magic Packet flaw. Lumen Technologies researchers reported ...

Pierluigi Paganini January 24, 2025
Security
SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild

SonicWall warns customers of a critical zero-day vulnerability in SMA 1000 Series appliances, likely exploited in the wild. SonicWall is warning customers of a critical security vulnerability, tra ...

Pierluigi Paganini January 24, 2025
Breaking News
U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds JQuery vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CI ...

Pierluigi Paganini January 23, 2025
Hacking
Pwn2Own Automotive 2025 Day 2: organizers awarded $335,500

Bug hunters earned $129,000 for Tesla charger exploits and over $700,000 total in two days at Pwn2Own Automotive 2025. During Day 2 of Pwn2Own Automotive 2025 organizers awarded $335,500, which br ...

Pierluigi Paganini January 23, 2025
Hacking
Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

US agencies revealed Chinese threat actors used two advanced exploit chains to breach Ivanti Cloud Service Appliances (CSA). The US government’s cybersecurity and law enforcement revealed that C ...

Pierluigi Paganini January 23, 2025
Security
Cisco addresses a critical privilege escalation bug in Meeting Management

Cisco addressed a critical flaw in its Meeting Management that could allow it to gain administrator privileges on vulnerable instances. Cisco released security updates to fix a critical flaw, trac ...

Pierluigi Paganini January 23, 2025
Cyber Crime
U.S. President Donald Trump granted a "full and unconditional pardon" to Ross Ulbricht, Silk Road creator

Donald Trump pardoned Ross Ulbricht, creator of the notorious dark web, drug marketplace Silk Road , after 11 years in prison. Donald Trump pardoned Ross Ulbricht, creator of Silk Road, who was co ...

Pierluigi Paganini January 23, 2025
Hacking
Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days

Trend Micro’s Zero Day Initiative (ZDI) announced that $380K was awarded on Day 1 of Pwn2Own Automotive 2025. Trend Micro’s Zero Day Initiative (ZDI) announced that over $380,000 was awarded o ...

Pierluigi Paganini January 22, 2025
Cyber Crime
Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations

Two ransomware groups exploiting Microsoft 365 services and default settings to target internal enterprise users. Sophos researchers started investigating two distinct clusters of activity, tracke ...

Pierluigi Paganini January 22, 2025
Hacking
A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

A vulnerability in the 7-Zip file software allows attackers to bypass the Mark of the Web (MotW) Windows security feature. Attackers can exploit a vulnerability, tracked as CVE-2025-0411, in the f ...

Pierluigi Paganini January 22, 2025
Intelligence
Former CIA analyst pleaded guilty to leaking top-secret documents

A former CIA analyst, Asif William Rahman, pleaded guilty to leaking top-secret National Defense Information on social media in 2024. Asif William Rahman, a former CIA analyst with Top-Secret cle ...

Pierluigi Paganini January 21, 2025
Cyber Crime
New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers

Researchers warn of a campaign exploiting AVTECH IP cameras and Huawei HG532 routers to create a Mirai botnet variant called Murdoc Botnet. Murdoc Botnet is a new Mirai botnet variant that targets ...

Pierluigi Paganini January 21, 2025
Hacking
CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

CERT-UA warned of scammers impersonating the agency, using fake AnyDesk requests to conduct fraudulent security audits. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyber sc ...

Pierluigi Paganini January 21, 2025
Hacking
Experts found multiple flaws in Mercedes-Benz infotainment system

Kaspersky researchers shared details about multiple vulnerabilities impacting the Mercedes-Benz MBUX infotainment system. Kaspersky published research findings on the first-generation Mercedes-Ben ...

Pierluigi Paganini January 21, 2025
Data Breach
HPE is investigating IntelBroker's claims of the company hack

HPE is probing claims by the threat actor IntelBroker who is offering to sell alleged stolen source code and data from the company. Last week, the notorious threat actor IntelBroker announced on a ...

Pierluigi Paganini January 20, 2025
APT
Esperts found new DoNot Team APT group's Android malware

Researchers linked the threat actor DoNot Team to a new Android malware that was employed in highly targeted cyber attacks. CYFIRMA researchers linked a recently discovered Android malware to the ...

Pierluigi Paganini January 20, 2025
Cyber Crime
Malicious npm and PyPI target Solana Private keys to steal funds from victims' wallets

Researchers found malicious npm and PyPI packages capable of stealing and deleting sensitive data from infected systems. Socket researchers have identified multiple packages in the npm and Python ...

Pierluigi Paganini January 20, 2025
Security
Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Critical flaws in WGS-804HPT switches could be chained to gain remote code execution on Planet Technology's industrial devices. The Planet WGS-804HPT industrial switch is used in building and home ...

Pierluigi Paganini January 20, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 29

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Stealthy Credit Card Skimmer Targets WordPress Checkout Pages ...

Pierluigi Paganini January 19, 2025
Uncategorized
Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini January 19, 2025
Security
A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks

A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. A severe vulnerability, tracked as CVE-2 ...

Pierluigi Paganini January 19, 2025
Intelligence
U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

The U.S. Treasury's OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach. The U.S. Treasury Department's Office of Foreign A ...

Pierluigi Paganini January 18, 2025
Security
EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies

noyb files complaints against TikTok, AliExpress, and other Chinese companies for illegal EU user data transfers to China, violating data protection laws. Austrian privacy non-profit group None of ...

Pierluigi Paganini January 17, 2025
Security
ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

Researchers detailed a now-patched vulnerability that could allow a bypass of the Secure Boot mechanism in UEFI systems. ESET disclosed details of a now-patched vulnerability, tracked as CVE-2024- ...

Pierluigi Paganini January 17, 2025
APT
Russia-linked APT Star Blizzard targets WhatsApp accounts

The Russian group Star Blizzard targets WhatsApp accounts in a new spear-phishing campaign, shifting tactics to avoid detection. In November 2024, Microsoft researchers observed the Russia-linked ...

Pierluigi Paganini January 17, 2025
Data Breach
Prominent US law firm Wolf Haldenstein disclosed a data breach

The law firm Wolf Haldenstein disclosed a data breach that exposed the personal information of nearly 3.5 million individuals. The law firm Wolf Haldenstein disclosed a 2023 data breach that expos ...

Pierluigi Paganini January 16, 2025
Cyber Crime
Clop Ransomware exploits Cleo File Transfer flaw: dozens of claims, disputed breaches

The Clop ransomware gang claims dozens of victims from a Cleo file transfer vulnerability, though several companies dispute the breaches. The Clop ransomware group added 59 new companies to its le ...

Pierluigi Paganini January 16, 2025
Hacking
MikroTik botnet relies on DNS misconfiguration to spread malware

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that ex ...

Pierluigi Paganini January 16, 2025
Cyber Crime
Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group publish ...

Pierluigi Paganini January 16, 2025
Security
U.S. CISA adds Fortinet FortiOS flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security ...

Pierluigi Paganini January 15, 2025
Cyber Crime
Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AW ...

Pierluigi Paganini January 15, 2025
Hacking
CVE-2024-44243 macOS flaw allows persistent malware installation

Microsoft disclosed details of a vulnerability in Apple macOS that could have allowed an attacker to bypass the OS's System Integrity Protection (SIP). Microsoft disclosed details of a now-patched ...

Pierluigi Paganini January 15, 2025
Malware
FBI deleted China-linked PlugX malware from over 4,200 US computers

The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. Department of Justice reported. The Justice Department and FBI, along with intern ...

Pierluigi Paganini January 14, 2025
APT
Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware

Russia-linked threat actor UAC-0063 targets Kazakhstan to gather economic and political intelligence in Central Asia. Russia-linked threat actors UAC-0063 is targeting Kazakhstan as part of a cybe ...

Pierluigi Paganini January 14, 2025
Hacking
A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Experts warn of a new campaign targeting an alleged zero-day in Fortinet FortiGate firewalls with management interfaces exposed online. Arctic Wolf researchers observed a campaign targeting Fortin ...

Pierluigi Paganini January 14, 2025
Cyber Crime
Threat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency miners

A critical vulnerability in Aviatrix Controller is actively exploited to deploy backdoors and cryptocurrency miners in the wild. A security researcher Jakub Korepta discovered a critical vulnerabi ...

Pierluigi Paganini January 14, 2025
Security
U.S. CISA adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastruct ...

Pierluigi Paganini January 13, 2025
Cyber Crime
Inexperienced actors developed the FunkSec ransomware using AI tools

FunkSec, a new ransomware group that attacked more than 80 victims in December 2024, was developed using AI tools. The FunkSec ransomware-as-a-service (RaaS) group has been active since late 2024, ...

Pierluigi Paganini January 13, 2025
Malware
Credit Card Skimmer campaign targets WordPress via database injection

Stealthy credit card skimmer targets WordPress e-commerce sites, injecting malicious JavaScript into CMS database tables to evade detection. Sucuri researchers warn of a stealthy credit card skimm ...

Pierluigi Paganini January 13, 2025
Cyber Crime
Microsoft took legal action against crooks who developed a tool to abuse its AI-based services

In December, Microsoft sued a group for creating tools to bypass safety measures in its cloud AI products. Microsoft filed a complaint with the Eastern District Court of Virginia against ten indiv ...

Pierluigi Paganini January 13, 2025
Hacktivism
Pro-Russia hackers NoName057 targets Italy again after Zelensky's visit to the country

Over the weekend, Italy faced new waves of DDoS attacks carried out by pro-Russia group NoName057(16). Pro-Russia hackers Noname057(16) targeted Italian ministries, institutions, critical infrastr ...

Pierluigi Paganini January 12, 2025
Breaking News
Security Affairs newsletter Round 506 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini January 12, 2025
Hacking
How a researcher earned $100,000 hacking a Facebook server

Facebook paid $100,000 to a researcher for discovering a bug that granted him command access to an internal server in October 2024. TechCrunch first reported that Facebook awarded security researc ...

Pierluigi Paganini January 12, 2025
Cyber Crime
DoJ charged three Russian citizens with operating crypto-mixing services

The U.S. Department of Justice charged three Russian citizens with operating crypto-mixing services that helped crooks launder cryptocurrency. The U.S. Department of Justice (DoJ) charged Russian ...

Pierluigi Paganini January 11, 2025
Data Breach
U.S. cannabis dispensary STIIIZY disclosed a data breach

US marijuana dispensary STIIIZY warns customers of leaked IDs and passports following a November data breach. US marijuana dispensary STIIIZY disclosed a data breach after a vendor's point-of-sale ...

Pierluigi Paganini January 11, 2025
Cyber Crime
A novel PayPal phishing campaign hijacks accounts

Fortinet warns of a phishing campaign using legitimate links to hijack PayPal accounts, tricking users into granting unauthorized access. Fortinet uncovered a phishing campaign targeting PayPal us ...

Pierluigi Paganini January 11, 2025
Malware
Banshee macOS stealer supports new evasion mechanisms

Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. Check Point researchers discovered a new version of the Banshee macOS infostea ...

Pierluigi Paganini January 10, 2025
Hacking
Researchers disclosed details of a now-patched Samsung zero-click flaw

Researchers at Google Project Zero disclosed a now-patched zero-click vulnerability that affects Samsung devices. Google Project Zero researchers disclosed details about a now-patched zero-click v ...

Pierluigi Paganini January 10, 2025
Cyber Crime
Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. CrowdStrike disco ...

Pierluigi Paganini January 10, 2025
APT
China-linked APT group MirrorFace targets Japan

Japanese authorities attributed a cyber-espionage campaign targeting the country to the China-linked APT group MirrorFace. The National Police Agency (NPA) and the Cabinet Cyber Security Center in ...

Pierluigi Paganini January 10, 2025
Data Breach
U.S. Medical billing provider Medusind suffered a sata breach

Medusind, a medical billing provider, disclosed a data breach that occurred in December 2023 and affected over 360,000 individuals. Medusind is a company that provides medical billing, coding, and ...

Pierluigi Paganini January 09, 2025
Hacking
U.S. CISA adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity ...

Pierluigi Paganini January 09, 2025
Security
SOC Scalability: How AI Supports Growth Without Overloading Analysts

Scaling up a security operations center (SOC) is inevitable for many organizations. How AI supports growth without overloading analysts. Scaling up a security operations center (SOC) is inevitable ...

Pierluigi Paganini January 09, 2025
Security
SonicWall warns of an exploitable SonicOS vulnerability

SonicWall warns customers to address an authentication bypass vulnerability in its firewall's SonicOS that is "susceptible to actual exploitation." SonicWall is urging customers to upgrade the Son ...

Pierluigi Paganini January 08, 2025
Malware
Gayfemboy Botnet targets Four-Faith router vulnerability

Gayfemboy, a Mirai botnet variant, has been exploiting a flaw in Four-Faith industrial routers to launch DDoS attacks since November 2024. The Gayfemboy botnet was first identified in February 202 ...

Pierluigi Paganini January 08, 2025
Social Networks
Meta replaces fact-checking with community notes post 'Cultural Tipping Point'

Meta is replacing its fact-checking program with a "community notes" system, citing a shift in moderation strategy after a "cultural tipping point." Meta CEO Mark Zuckerberg announced that the fac ...

Pierluigi Paganini January 08, 2025
Security
U.S. CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrast ...

Pierluigi Paganini January 08, 2025
Uncategorized
Threat actors breached the Argentina’s airport security police (PSA) payroll

Threat actors breached Argentina’s airport security police (PSA) payroll, stealing data and deducting 2,000-5,000 pesos from salaries. Threat actors have breached Argentina’s airport security ...

Pierluigi Paganini January 07, 2025
Security
US adds Tencent to the list of companies supporting Chinese military

US adds Chinese multinational technology and entertainment conglomerate Tencent to the list of companies supporting the Chinese military. The US Department of Defense has added Chinese multination ...

Pierluigi Paganini January 07, 2025
Malware
Eagerbee backdoor targets govt entities and ISPs in the Middle East

Experts spotted new variants of the Eagerbee backdoor being used in attacks on government organizations and ISPs in the Middle East. Kaspersky researchers reported that new variants of the Eagerbe ...

Pierluigi Paganini January 07, 2025
Security
Nessus scanner agents went offline due to a faulty plugin update

Tenable disabled two Nessus scanner agent versions after a faulty plugin update caused agents to go offline. Tenable Nessus is a widely-used vulnerability scanning tool designed to identify and as ...

Pierluigi Paganini January 06, 2025
Intelligence
China-linked Salt Typhoon APT compromised more US telecoms than previously known

China-linked Salt Typhoon group that breached multiple US telecoms compromised more firms than previously known, WSJ says. The China-linked cyberespionage group Salt Typhoon targeted more US telec ...

Pierluigi Paganini January 06, 2025
Malware
PLAYFULGHOST backdoor supports multiple information stealing features

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. Google researchers analyzed a new malware f ...

Pierluigi Paganini January 06, 2025
Security
Nuclei flaw allows signature bypass and code execution

A vulnerability in Nuclei, an open-source vulnerability scanner, could allow attackers to bypass signature checks and execute malicious code. A high-severity security flaw, tracked as CVE-2024-43 ...

Pierluigi Paganini January 05, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 27

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. 7-Zip Zero-Day Exploit Dropped: A New Playground for Infostea ...

Pierluigi Paganini January 05, 2025
Breaking News
Security Affairs newsletter Round 505 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini January 05, 2025
Malware
Malicious npm packages target Ethereum developers

Malicious npm packages target Ethereum developers, impersonating Hardhat plugins to steal private keys and sensitive data. Hardhat, by the Nomic Foundation, is an essential Ethereum tool, enablin ...

Pierluigi Paganini January 04, 2025
Intelligence
US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

The U.S. Treasury Department sanctioned Chinese cybersecurity firm Integrity Tech for its involvement in attacks attributed to the Flax Typhoon group. The U.S. Treasury sanctioned a Chinese cybers ...

Pierluigi Paganini January 04, 2025
Malware
FireScam Android info-stealing malware supports spyware capabilities

FireScam malware steals credentials and financial data by monitoring Android app notifications and sending data to a Firebase database. Cybersecurity firm Cyfirma warns of the FireScam Android inf ...

Pierluigi Paganini January 03, 2025
Data Breach
Richmond University Medical Center data breach impacted 674,033 individuals

Richmond University Medical Center has confirmed that a ransomware attack in May 2023 affected 670,000 individuals. New York's Richmond University Medical Center confirmed a May 2023 ransomware at ...

Pierluigi Paganini January 03, 2025
Security
Apple will pay $95 Million to settle lawsuit over Siri's alleged eavesdropping

Apple has agreed to a $95 million settlement over a Siri eavesdropping lawsuit, denying any abuses. The settlement awaits judicial approval. Apple will pay $95 million to settle claims that its vi ...

Pierluigi Paganini January 03, 2025
Security
LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113

Experts warn of a new PoC exploit, LDAPNightmare, that targets a Windows LDAP flaw (CVE-2024-49113), causing crashes & reboots. The vulnerability CVE-2024-49113 (CVSS score of 7.5), named LDA ...

Pierluigi Paganini January 03, 2025
Security
Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. ShadowServer researchers reported that around 3.3 million POP3 and IMAP mail servers lack ...

Pierluigi Paganini January 03, 2025
Cyber Crime
A US soldier was arrested for leaking presidential call logs

US authorities have arrested soldier Cameron John Wagenius for his alleged involvement in leaking presidential phone records. US authorities arrested Cameron John Wagenius (20), a US Army soldier, ...

Pierluigi Paganini January 02, 2025
Hacking
DoubleClickjacking allows clickjacking on major websites

The "DoubleClickjacking" exploit bypasses protections on major websites, using a double-click sequence for clickjacking and account takeover attacks. DoubleClickjacking is a technique that allows ...

Pierluigi Paganini January 02, 2025
Security
Russian media outlets Telegram channels blocked in European countries

Telegram restricted access to Russian state-owned news channels in several European countries, including Poland, France, and Italy. Telegram blocked access to channels of multiple Russian state-ow ...

Pierluigi Paganini January 02, 2025
Intelligence
Three Russian-German nationals charged with suspicion of secret service agent activity

German authorities have charged three Russian-German nationals with suspicion of, among other things, secret service agent activity for the Russian government. German authorities have charged th ...

Pierluigi Paganini January 02, 2025
APT
Lumen reports that it has locked out the Salt Typhoon group from its network

Lumen reports that the Salt Typhoon hacking group, which targeted at least nine U.S. telecom firms, was locked out of its network. This week, a White House official confirmed that China-linked AP ...

Pierluigi Paganini January 02, 2025
Breaking News
Proposed updates to HIPAA Security Rule mandate to restore the loss of certain relevant electronic information systems and data within 72 hours

HHS OCR proposed updates to the HIPAA Security Rule to boost cybersecurity for electronic protected health information (ePHI). On December 27, 2024, the United States Department of Health and Huma ...

Pierluigi Paganini January 01, 2025
Laws and regulations
U.S. Treasury sanctions Russian and Iranian entities for interfering in the presidential election

The U.S. Treasury sanctioned entities for disinformation tied to Russian and Iranian intelligence before the 2024 presidential elections. The U.S. Treasury sanctioned entities for spreading disinf ...

Pierluigi Paganini January 01, 2025
Cyber Crime
Rhode Island ’s data from health benefits system leaked on the dark web

Rhode Island ’s health benefits system was hacked, and threat actors leaked residents' data on the dark web. Cybercriminals leaked data stolen from Rhode Island 's health benefits system on the ...

Pierluigi Paganini December 31, 2024
Hacking
Hacking campaign compromised at least 16 Chrome browser extensions

Threat actors compromised at least 16 Chrome browser extensions leading to the exposure of data from over 600,000 users. A supply chain attack compromised 16 Chrome browser extensions, exposing ...

Pierluigi Paganini December 31, 2024
Hacking
An X user claimed a 7-Zip zero-day vulnerability, but 7-Zip's creator says is a fake

An X user using the handle @NSA_Employee39 disclosed a zero-day vulnerability in the open-source file archive software 7-Zip. A verified X account, @NSA_Employee39, claimed to disclose a zero-day ...

Pierluigi Paganini December 31, 2024
Data Breach
Cisco states that the second data leak is linked to the one from October

Cisco confirmed the authenticity of the 4GB of leaked data, the data was compromised in a recent security breach, marking the second leak in the incident. Cisco confirmed the authenticity of the 4 ...

Pierluigi Paganini December 30, 2024
Hacking
Threat actors attempt to exploit a flaw in Four-Faith routers

VulnCheck researchers warn that threat actors are attempting to exploit a high-severity vulnerability impacting some Four-Faith routers. Cybersecurity firm VulnCheck warns that a high-severity fla ...

Pierluigi Paganini December 30, 2024
Data Breach
ZAGG disclosed a data breach that exposed its customers' credit card data

ZAGG Inc. notifies customers of credit card data breach, after threat actors hacked a third-party app from its e-commerce provider. ZAGG Inc. disclosed a data breach that exposed its customers' cr ...

Pierluigi Paganini December 30, 2024
APT
China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm

A White House official confirmed that China-linked threat actor Salt Typhoon breached a ninth U.S. telecommunications company. A White House official confirmed that China-linked APT group Salt Typ ...

Pierluigi Paganini December 29, 2024
Uncategorized
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 26

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Now You See Me, Now You Don’t: Using LLMs to Obfuscate Mali ...

Pierluigi Paganini December 29, 2024
Breaking News
Security Affairs newsletter Round 504 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini December 29, 2024
Security
Pro-Russia group NoName targeted the websites of Italian airports

Pro-Russia group NoName057 targets Italian sites, including Malpensa and Linate airports, in a new DDoS campaign amid rising geopolitical tensions. The pro-Russia group NoName57 continues its camp ...

Pierluigi Paganini December 28, 2024
Malware
North Korea actors use OtterCookie malware in Contagious Interview campaign

North Korea-linked threat actors are using the OtterCookie backdoor to target software developers with fake job offers. North Korea-linked threat actors were spotted using new malware called Otter ...

Pierluigi Paganini December 28, 2024
Uncategorized
Experts warn of a surge in activity associated FICORA and Kaiten botnets

FortiGuard Labs observed increased activity from two botnets, the Mirai variant "FICORA" and the Kaiten variant "CAPSAICIN". FortiGuard Labs researchers observed a surge in activity associated wit ...

Pierluigi Paganini December 27, 2024
Hacking
Brazilian citizen charged for threatening to release data stolen from a company in 2020

A Brazilian citizen faces U.S. charges for allegedly threatening to release data stolen from a company in a March 2020 security breach. The U.S. government has charged the Brazilian citizen Junior ...

Pierluigi Paganini December 27, 2024
Malware
A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Akamai researchers discovered a new Mirai botnet variant targeting a vulnerability in DigiEver DS-2105 Pro DVRs. Akamai researchers spotted a Mirai-based botnet that is exploiting an remote code e ...

Pierluigi Paganini December 26, 2024
Cyber Crime
A ransomware attack disrupted services at Pittsburgh Regional Transit

A ransomware attack on Pittsburgh Regional Transit (PRT) was the root cause of the agency's service disruptions. On December 23, 2024, Pittsburgh Regional Transit (PRT) announced it was actively r ...

Pierluigi Paganini December 26, 2024
Hacking
A cyber attack hit Japan Airlines delaying ticket sales for flights

A cyberattack hit Japan Airlines (JAL), causing the suspension of ticket sales for flights departing on Thursday. A cyber attack hit Japan Airlines (JAL) on Thursday, the offensive began at 7:24 a ...

Pierluigi Paganini December 26, 2024
Security
Apache fixed a critical SQL Injection in Apache Traffic Control

Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic Control. The Apache Software Foundation (ASF) released security u ...

Pierluigi Paganini December 26, 2024
Malware
BellaCPP, Charming Kitten's BellaCiao variant written in C++

Iran-linked APT group Charming Kitten has been observed using a new variant of the BellaCiao malware dubbed BellaCPP, Kaspersky researchers warn. The Iran-linked APT group Charming Kitten has been ...

Pierluigi Paganini December 25, 2024
Hacking
DMM Bitcoin $308M Bitcoin heist linked to North Korea

Japanese and U.S. authorities attributed the theft of $308 million cryptocurrency from DMM Bitcoin to North Korean cyber actors. Japanese and U.S. authorities linked the $308 million cyber heist t ...

Pierluigi Paganini December 25, 2024
Security
Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code

Adobe released out-of-band security updates to address a critical ColdFusion vulnerability, experts warn of a PoC exploit code available for it. Adobe released out-of-band security updates to ad ...

Pierluigi Paganini December 24, 2024
Security
Apache Foundation fixed a severe Tomcat vulnerability

The Apache Software Foundation fixed a Tomcat server software flaw that could lead to remote code execution under certain conditions. The Apache Software Foundation (ASF) addressed an important vu ...

Pierluigi Paganini December 24, 2024
Laws and regulations
Italy's data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations

Italy's data protection watchdog fined OpenAI €15 million for ChatGPT's improper collection of personal data. Italy’s privacy watchdog, Garante Privacy, fined OpenAI €15M after investigating ...

Pierluigi Paganini December 24, 2024
Hacking
U.S. CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security A ...

Pierluigi Paganini December 23, 2024
Laws and regulations
U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

A U.S. court ruled in favor of WhatsApp against NSO Group, holding the spyware vendor liable for exploiting a flaw to deliver Pegasus spyware. WhatsApp won a legal case against NSO Group in a U.S. ...

Pierluigi Paganini December 23, 2024
APT
Lazarus APT targeted employees at an unnamed nuclear-related organization

North Korea-linked Lazarus Group targeted employees of an unnamed nuclear-related organization in January 2024. Kaspersky researchers observed the North Korea-linked Lazarus Group targeting at lea ...

Pierluigi Paganini December 23, 2024
Breaking News
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 25

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Vishing via Microsoft Teams Facilitates DarkGate Malware Intr ...

Pierluigi Paganini December 22, 2024
Breaking News
Security Affairs newsletter Round 503 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini December 22, 2024
Uncategorized
US charged Dual Russian and Israeli National as LockBit Ransomware developer

US authorities charged a dual Russian and Israeli national for being a developer of the LockBit ransomware group. Rostislav Panev, 51, a dual Russian-Israeli national, was charged as a LockBit ran ...

Pierluigi Paganini December 22, 2024
Malware
BadBox rapidly grows, 190,000 Android devices infected

Experts uncovered a botnet of 190,000 Android devices infected by BadBox bot, primarily Yandex smart TVs and Hisense smartphones. Bitsight researchers uncovered new BADBOX infrastructure, company' ...

Pierluigi Paganini December 21, 2024
Cyber Crime
Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks, pleading guilty to fraud charges in June. Romanian national Daniel Christian Hulea, 30, was sent ...

Pierluigi Paganini December 21, 2024
Security
Sophos fixed critical vulnerabilities in its Firewall product

Sophos fixed three Sophos Firewall flaws that could lead to SQL injection, privileged SSH access to devices, and remote code execution. Sophos has addressed three vulnerabilities, respectively tra ...

Pierluigi Paganini December 20, 2024
Security
U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw to its Known Exploited Vulnerabilities cata ...

Pierluigi Paganini December 20, 2024
Cyber Crime
Raccoon Infostealer operator sentenced to 60 months in prison

Raccoon Infostealer operator Mark Sokolovsky was sentenced to 60 months in US prison and ordered to pay over $910,000 in restitution. The US Department of Justice sentenced the Ukrainian national ...

Pierluigi Paganini December 20, 2024
Malware
Mirai botnet targets SSR devices, Juniper Networks warns

Juniper Networks warns that a Mirai botnet is targeting SSR devices with default passwords after unusual activity was reported on December 11, 2024. Juniper Networks is warning that a Mirai botnet ...

Pierluigi Paganini December 19, 2024
Hacking
Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Fortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information disclosure. Fortinet warned of a now-patched Wireless LAN Manager (FortiWLM) vulnerabilit ...

Pierluigi Paganini December 19, 2024
APT
CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army

The Computer Emergency Response Team of Ukraine (CERT-UA) warns that the threat actor UAC-0125 abuses Cloudflare Workers services to target the Ukrainian army with Malware. The Computer Emergency ...

Pierluigi Paganini December 19, 2024
Uncategorized
US considers banning TP-Link routers over cybersecurity concerns

The U.S. government may ban TP-Link routers in 2025 if investigations confirm their use could pose a national security risk. The U.S. government is investigating whether TP-Link routers, linked to ...

Pierluigi Paganini December 19, 2024
APT
Russia-linked APT29 group used red team tools in rogue RDP attacks

Russia-linked APT29 group uses malicious RDP configuration files, adapting red teaming methods for cyberattacks to compromise systems. In October 2024, the Russia-linked cyber espionage group APT2 ...

Pierluigi Paganini December 18, 2024
Hacking
Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677

Researchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677. Researchers warn that threat actors are attempting to exploit the vul ...

Pierluigi Paganini December 18, 2024
Laws and regulations
Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Meta has been fined €251M ($263M) for a 2018 data breach affecting millions in the EU, marking another penalty for violating privacy laws. The Irish Data Protection Commission (DPC) fined Meta � ...

Pierluigi Paganini December 18, 2024
Data Breach
Texas Tech University data breach impacted 1.4 million individuals

Texas Tech University reports a data breach affecting 1.4 million, exposing personal, health, and financial data from its health sciences centers. Texas Tech University disclosed a data breach tha ...

Pierluigi Paganini December 17, 2024
Malware
The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry No ...

Pierluigi Paganini December 17, 2024
Intelligence
Russia FSB relies on Ukrainian minors for criminal activities disguised as "quest games"

Ukraine's SBU uncovered an FSB espionage campaign recruiting minors for criminal activities disguised as "quest games." The Security Service of Ukraine (SBU or SSU) uncovered a new espionage campa ...

Pierluigi Paganini December 17, 2024
Security
U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecu ...

Pierluigi Paganini December 17, 2024
Data Breach
ConnectOnCall data breach impacted over 900,000 individuals

ConnectOnCall disclosed a data breach impacting over 900,000 individuals, exposing their personal information. ConnectOnCall is a telehealth platform and after-hours on-call answering service desi ...

Pierluigi Paganini December 16, 2024
Malware
Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist's phone. In February 2024, Serbian journalist Slaviša Milanov was summ ...

Pierluigi Paganini December 16, 2024
Hacking
Multiple flaws in Volkswagen Group's infotainment unit allow for vehicle compromise

Researchers discovered multiple flaws in the infotainment systems of Volkswagen Group vehicles that could allow to track them in real-time. A team of security researchers from cybersecurity firm P ...

Pierluigi Paganini December 16, 2024
Malware
PUMAKIT, a sophisticated rootkit that uses advanced stealth mechanisms 

Researchers discovered PUMAKIT, a Linux rootkit capable of hiding files, escalating privileges, and evading system tools and detection. Elastic Security Lab researchers discovered a new loadable k ...

Pierluigi Paganini December 15, 2024
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 24

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. PROXY.AM Powered by Socks5Systemz Botnet  AppLite: A ...

Pierluigi Paganini December 15, 2024
Uncategorized
Security Affairs newsletter Round 502 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini December 15, 2024
Malware
IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

Iran-linked threat actors target IoT and OT/SCADA systems in US and Israeli infrastructure with IOCONTROL malware. Claroty's Team82 obtained a sample of a custom-built IoT/OT malware called IOCONT ...

Pierluigi Paganini December 14, 2024
Security
U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini December 14, 2024
Malware
German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox

The German agency BSI has sinkholed a botnet composed of 30,000 devices shipped with BadBox malware pre-installed. The Federal Office for Information Security (BSI) announced it had blocked commun ...

Pierluigi Paganini December 13, 2024
Cyber Crime
U.S. authorities seized cybercrime marketplace Rydox

The U.S. Department of Justice (DoJ) announced the seizure of the cybercrime marketplace Rydox ("rydox.ru" and "rydox[.]cc"). The U.S. Department of Justice (DoJ) seized Rydox, a cybercrime market ...

Pierluigi Paganini December 13, 2024
APT
Experts discovered the first mobile malware families linked to Russia's Gamaredon

The Russia-linked APT Gamaredon used two new Android spyware tools called BoneSpy and PlainGnome against former Soviet states. Lookout researchers linked the BoneSpy and PlainGnome Android surv ...