MUST READ

Malicious Go Modules designed to wipe Linux systems

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 44

 | 

Security Affairs newsletter Round 522 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Rhysida Ransomware gang claims the hack of the Government of Peru

 | 

DragonForce group claims the theft of data after Co-op cyberattack

 | 

U.S. CISA adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog

 | 

Ireland's DPC fined TikTok €530M for sending EU user data to China

 | 

Microsoft sets all new accounts passwordless by default

 | 

Luxury department store Harrods suffered a cyberattack

 | 

U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog

 | 

Pro-Russia hacktivist group NoName057(16) is targeting Dutch organizations

 | 

FBI shared a list of phishing domains associated with the LabHost PhaaS platform

 | 

Canadian electric utility Nova Scotia Power and parent company Emera suffered a cyberattack

 | 

Two SonicWall SMA100 flaws actively exploited in the wild

 | 

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

 | 

Russia-linked group Nebulous Mantis targets NATO-related defense organizations

 | 

France links Russian APT28 to attacks on dozen French entities

 | 

Indian Court ordered to block email service Proton Mail

 | 

AirBorne flaws can lead to fully hijack Apple devices

 | 

U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog

 | 

SentinelOne warns of threat actors targeting its systems and high-value clients

 | 

Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024

 | 

VeriSource data breach impacted 4M individuals

 | 

U.S. CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog

 | 

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

 | 

Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia

 | 

A large-scale phishing campaign targets WordPress WooCommerce users

 | 

PoC rootkit Curing evades traditional Linux detection systems

 | 

Attackers chained Craft CMS zero-days attacks in the wild

 | 

Storm-1977 targets education sector with password spraying, Microsoft warns

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 43

 | 

Security Affairs newsletter Round 521 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

African multinational telco giant MTN Group disclosed a data breach

 | 

CEO of cybersecurity firm charged with installing malware on hospital systems

 | 

JPCERT warns of DslogdRAT malware deployed in Ivanti Connect Secure

 | 

SAP NetWeaver zero-day allegedly exploited by an initial access broker

 | 

Operation SyncHole: Lazarus APT targets supply chains in South Korea

 | 

Interlock ransomware gang started leaking data allegedly stolen from leading kidney dialysis firm DaVita

 | 

Yale New Haven Health (YNHHS) data breach impacted 5.5 million patients

 | 

Crooks exploit the death of Pope Francis

 | 

WhatsApp introduces Advanced Chat Privacy to protect sensitive communications

 | 

Android spyware hidden in mapping software targets Russian soldiers

 | 

Crypto mining campaign targets Docker environments with new evasion technique

 | 

The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

 | 

British retailer giant Marks & Spencer (M&S) is managing a cyber incident

 | 

Chinese Cybercriminals Released Z-NFC Tool for Payment Fraud

 | 

Millions of SK Telecom customers are potentially at risk following USIM data compromise

 | 

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms' sites

 | 

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

 | 

New sophisticated malware SuperCard X targets Androids via NFC relay attacks

 | 

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

 | 

Security Affairs newsletter Round 520 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Attackers exploited SonicWall SMA appliances since January 2025

 | 

ASUS routers with AiCloud vulnerable to auth bypass exploit

 | 

U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

 | 

Entertainment venue management firm Legends International disclosed a data breach

 | 

Node.js malvertising campaign targets crypto users

 | 

Apple released emergency updates for actively exploited flaws

 | 

U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog

 | 

CISA's 11-Month extension ensures continuity of MITRE's CVE Program

 | 

Cyber Threats Against Energy Sector Surge as Global Tensions Mount

 | 

Government contractor Conduent disclosed a data breach

 | 

Critical Apache Roller flaw allows to retain unauthorized access even after a password change

 | 

Meta will use public EU user data to train its AI models

 | 

Hertz disclosed a data breach following 2024 Cleo zero-day attack

 | 

Gladinet flaw CVE-2025-30406 actively exploited in the wild

 | 

New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms

 | 

Malicious NPM packages target PayPal users

 | 

Tycoon2FA phishing kit rolled out significant updates

 | 

South African telecom provider Cell C disclosed a data breach following a cyberattack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41

 | 

Security Affairs newsletter Round 519 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure

 | 

Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns

 | 

Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw

 | 

Laboratory Services Cooperative data breach impacts 1.6 Million People

 | 

Palo Alto warns of brute-force login attempts on PAN-OS GlobalProtect gateways indicating possible upcoming attacks

 | 

Gamaredon targeted the military mission of a Western country based in Ukraine

 | 

U.S. CISA adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

 | 

AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites

 | 

An APT group exploited ESET flaw to execute malware

 | 

Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected

 | 

National Social Security Fund of Morocco Suffers Data Breach

 | 

Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords

 | 

The US Treasury’s OCC disclosed an undetected major email breach for over a year

 | 

U.S. CISA adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog

 | 

WhatsApp fixed a spoofing flaw that could enable Remote Code Execution

 | 

Everest ransomware group’s Tor leak site offline after a defacement

 | 

Google fixed two actively exploited Android zero-days

 | 

U.S. CISA adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog

 | 

A member of the Scattered Spider cybercrime group pleads guilty

 | 

The controversial case of the threat actor EncryptHub

 | 

PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets

 | 

EDR-as-a-Service makes the headlines in the cybercrime landscape

 | 

Oracle privately notifies Cloud data breach to customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40

 | 

Security Affairs newsletter Round 518 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC

 | 

A flaw in Verizon’s iOS Call Filter app exposed call records of millions

 | 

Port of Seattle 's August data breach impacted 90,000 people

 | 

President Trump fired the head of U.S. Cyber Command and NSA

 | 

Critical flaw in Apache Parquet's Java Library allows remote code execution

 | 

CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware

 | 

39M secrets exposed: GitHub rolls out new security tools

 | 

China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March

 | 

Europol-led operation shuts down CSAM platform Kidflix, leading to 79 arrests

 | 

New Triada Trojan comes preinstalled on Android devices

 | 

New advanced FIN7's Anubis backdoor allows to gain full system control on Windows

 | 

U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog

 | 

Apple backported fixes for three actively exploited flaws to older devices

 | 

Spike in Palo Alto Networks scanner activity suggests imminent cyber threats

 | 

Microsoft warns of critical flaw in Canon printer drivers

 | 

CrushFTP CVE-2025-2825 flaw actively exploited in the wild

 | 

France’s antitrust authority fines Apple €150M for issues related to its App Tracking Transparency

 | 

Hiding WordPress malware in the mu-plugins directory to avoid detection

 | 

U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog

 | 

Russia-linked Gamaredon targets Ukraine with Remcos RAT

 | 

CoffeeLoader uses a GPU-based packer to evade detection

 | 

Morphing Meerkat phishing kits exploit DNS MX records

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 39

 | 

Security Affairs newsletter Round 517 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Sam’s Club Investigates Alleged Cl0p Ransomware Breach

 | 

FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme

 | 

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

 | 

Crooks are reviving the Grandoreiro banking trojan

 | 

Russian authorities arrest three suspects behind Mamont Android banking trojan

 | 

Mozilla fixed critical Firefox vulnerability CVE-2025-2857

 | 

U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog

 | 

Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

 | 

U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

 | 

Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)

 | 

New ReaderUpdate malware variants target macOS users

 | 

BlackLock Ransomware Targeted by Cybersecurity Firm

 | 

Google fixed the first actively exploited Chrome zero-day since the start of the year

 | 

Authentication bypass CVE-2025-22230 impacts VMware Windows Tools

 | 

Android malware campaigns use .NET MAUI to evade detection

 | 

Astral Foods, South Africa’s largest poultry producer, lost over $1M due to a cyberattack

 | 

A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia

 | 

Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

 | 

Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools

 | 

Attackers can bypass middleware auth checks by exploiting critical Next.js flaw

 | 

FBI warns of malicious free online document converters spreading malware

 | 

Cloak ransomware group hacked the Virginia Attorney General’s Office

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 38

 | 

Security Affairs newsletter Round 516 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

UAT-5918 ATP group targets critical Taiwan

 | 

U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash

 | 

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

 | 

RansomHub affiliate uses custom backdoor Betruger

 | 

Cisco Smart Licensing Utility flaws actively exploited in the wild

 | 

Pennsylvania State Education Association data breach impacts 500,000 individuals

 | 

Veeam fixed critical Backup & Replication flaw CVE-2025-23120

 | 

U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog

 | 

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

 | 

WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware

 | 

California Cryobank, the largest US sperm bank, disclosed a data breach

 | 

Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks

 | 

U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

 | 

Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft

 | 

ChatGPT SSRF bug quickly becomes a favorite attack vector

 | 

GitHub Action tj-actions/changed-files was compromised in supply chain attack

 | 

New StilachiRAT uses sophisticated techniques to avoid detection

 | 

Threat actors rapidly exploit new Apache Tomcat flaw following PoC release

 | 

Attackers use CSS to create evasive phishing messages

 | 

Researcher releases free GPU-Based decryptor for Linux Akira ransomware

 | 

Denmark warns of increased state-sponsored campaigns targeting the European telcos

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 37

 | 

Security Affairs newsletter Round 515 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.

 | 

New MassJacker clipper targets pirated software seekers

 | 

Cisco IOS XR flaw allows attackers to crash BGP process on routers

 | 

LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.

 | 

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

 | 

U.S. CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog

 | 

GitLab addressed critical auth bypass flaws in CE and EE

 | 

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

 | 

Meta warns of actively exploited flaw in FreeType library

 | 

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

 | 

China-linked APT UNC3886 targets EoL Juniper routers

 | 

U.S. CISA adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

 | 

Microsoft Patch Tuesday security updates for March 2025 fix six actively exploited zero-days

 | 

New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

 | 

Apple fixed the third actively exploited zero-day of 2025

 | 

Switzerland's NCSC requires cyberattack reporting for critical infrastructure within 24 hours

 | 

SideWinder APT targets maritime and nuclear sectors with enhanced toolset

 | 

U.S. CISA adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog

 | 

Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies

 | 

Elon Musk blames a massive cyberattack for the X outages

 | 

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

 | 

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

 | 

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

 | 

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

 | 

Feds seized $23 million in crypto stolen using keys from LastPass breaches

 | 

Undocumented hidden feature found in Espressif ESP32 microchip

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 36

 | 

Security Affairs newsletter Round 514 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Akira ransomware gang used an unsecured webcam to bypass EDR

 | 

Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies

 | 

Mirai-based botnets exploit CVE-2025-1316 zero-day in Edimax IP cameras

 | 

The Role of Differential Privacy in Protecting Sensitive Information in the Era of Artificial Intelligence

 | 

International law enforcement operation seized the domain of the Russian crypto exchange Garantex

 | 

Medusa Ransomware targeted over 40 organizations in 2025

 | 

Elastic patches critical Kibana flaw allowing code execution

 | 

The U.S. DoJ charges 12 Chinese nationals for state-linked cyber operations

 | 

Chinese Lotus Blossom APT targets multiple sectors with Sagerunex backdoor

 | 

China-linked APT Silk Typhoon targets IT Supply Chain

 | 

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

 | 

New Eleven11bot botnet infected +86K IoT devices

 | 

Polish Space Agency POLSA disconnected its network following a cyberattack

 | 

U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog

 | 

VMware fixed three actively exploited zero-days in ESX products

 | 

Digital nomads and risk associated with the threat of infiltred employees

 | 

Google fixed two actively exploited Android flaws

 | 

Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners

 | 

CISA maintains stance on Russian cyber threats despite policy shift

 | 

U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist

 | 

Serbian student activist’s phone hacked using Cellebrite zero-day exploit

 | 

Qilin ransomware gang claimed responsibility for the Lee Enterprises attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

 | 

Security Affairs newsletter Round 513 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Meta fired 20 employees for leaking information, more firings expected

 | 

Ransomware gangs exploit a Paragon Partition Manager BioNTdrv.sys driver zero-day

 | 

Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service

 | 

Attackers could hack smart solar systems and cause serious damages

 | 

Enhanced capabilities sustain the rapid growth of Vo1d botnet

 | 

Cisco fixed command injection and DoS flaws in Nexus switches

 | 

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)'s staff emails

 | 

FBI: North Korea-linked TraderTraitor is responsible for $1.5 Billion Bybit hack

 | 

Criminal group UAC-0173 targets the Notary Office of Ukraine

 | 

Cellebrite blocked Serbia from using its solution because misuse of the equipment for political reasons

 | 

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

 | 

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

 | 

U.S. CISA adds Microsoft Partner Center and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

GitVenom campaign targets gamers and crypto investors by posing as fake GitHub projects

 | 

LockBit taunts FBI Director Kash Patel with alleged “Classified” leak threat

 | 

EU sanctioned the leader of North Korea-linked APT groups

 | 

U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog

 | 

Russia warns financial sector organizations of IT service provider LANIT compromise

 | 

A large botnet targets M365 accounts with password spraying attacks

 | 

Australia bans Kaspersky over national security concerns

 | 

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

 | 

SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

 | 

Leaked Black Basta chat logs reveal the gang's operations

 | 

U.S. CISA adds Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 34

 | 

Security Affairs newsletter Round 512 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

 | 

Apple removes iCloud encryption in UK following backdoor demand

 | 

B1ack’s Stash released 1 Million credit cards

 | 

Atlassian fixed critical flaws in Confluence and Crowd

 | 

Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers

 | 

NailaoLocker ransomware targets EU healthcare-related entities

 | 

Microsoft fixed actively exploited flaw in Power Pages

 | 

Citrix addressed NetScaler console privilege escalation flaw

 | 

Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks

 | 

Russia-linked APTs target Signal messenger

 | 

Venture capital firm Insight Partners discloses security breach

 | 

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

 | 

U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog

 | 

Juniper Networks fixed a critical flaw in Session Smart Routers

 | 

China-linked APT group Winnti targets Japanese organizations since March 2024

 | 

Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers

 | 

New XCSSET macOS malware variant used in limited attacks

 | 

New Golang-based backdoor relies on Telegram for C2 communication

 | 

Pro-Russia collective NoName057(16) launched a new wave of DDoS attacks on Italian sites

 | 

whoAMI attack could allow remote code execution within AWS account

 | 

Storm-2372 used the device code phishing technique since August 2024

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 33

 | 

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog

 | 

Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug

 | 

China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws

 | 

Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks

 | 

Valve removed the game PirateFi from the Steam video game platform because contained a malware

 | 

China-linked APTs' tool employed in RA World Ransomware attack

 | 

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

 | 

Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron

 | 

Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel

 | 

North Korea-linked APT Emerald Sleet is using a new tactic

 | 

Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs

 | 

Attackers exploit a new zero-day to hijack Fortinet firewalls

 | 

OpenSSL patched high-severity flaw CVE-2024-12797

 | 

Progress Software fixed multiple high-severity LoadMaster flaws

 | 

Artificial intelligence (AI) as an Enabler for Enhanced Data Security

 | 

Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores

 | 

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

 | 

Apple fixes iPhone and iPad bug exploited in ‘extremely sophisticated attacks’

 | 

HPE is notifying individuals affected by a December 2023 attack

 | 

XE Group shifts from credit card skimming to exploiting zero-days

 | 

UK Gov demands backdoor to access Apple iCloud backups worldwide

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 32

 | 

Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

PlayStation Network outage has been going on for over 24 hours

 | 

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

 | 

Russia's intelligence recruits Ukrainians for terror attacks via messaging apps

 | 

Hospital Sisters Health System impacted 882,782 individuals

 | 

Attackers used a public ASP.NET machine to conduct ViewState code injection attacks

 | 

U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog

 | 

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

 | 

Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

 | 

U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog

 | 

SparkCat campaign target crypto wallets using OCR to steal recovery phrases

 | 

International Civil Aviation Organization (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists

 | 

Online food ordering and delivery platform GrubHub discloses a data breach

 | 

Netgear urges users to upgrade two flaws impacting WiFi router models

 | 

AMD fixed a flaw that allowed to load malicious microcode

 | 

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

 | 

Google fixed actively exploited kernel zero-day flaw

 | 

Web Skimmer found on at least 17 websites, including Casio UK

 | 

Crazy Evil gang runs over 10 highly specialized social media scams

 | 

Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?

 | 

Texas is the first state to ban DeepSeek on government devices

 | 

Law enforcement seized the domains of HeartSender cybercrime marketplaces

 | 

Security Affairs newsletter Round 509 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

 | 

Ransomware attack hit Indian multinational Tata Technologies

 | 

A ransomware attack forced New York Blood Center to reschedule appointments

 | 

Contec CMS8000 patient monitors contain a hidden backdoor

 | 

Community Health Center data breach impacted over 1 million patients

 | 

Italy's data protection authority Garante blocked the DeepSeek AI platform

 | 

Broadcom fixed information disclosure flaws in VMware Aria Operations

 | 

DeepSeek database exposed highly sensitive information

 | 

TeamViewer fixed a vulnerability in Windows client and host applications

 | 

Operation Talent: An international law enforcement operation seized Cracked, Nulled and other cybercrime websites

 | 

PHP package Voyager flaws expose to one-click RCE exploits

 | 

Italy’s Data Protection Authority Garante requested information from Deepseek

 | 

U.S. CISA adds Apple products' flaw to its Known Exploited Vulnerabilities catalog

 | 

Aquabot variant v3 targets Mitel SIP phones

 | 

Critical remote code execution bug found in Cacti framework

 | 

Attackers actively exploit a critical zero-day in Zyxel CPE Series devices

 | 

Attackers exploit SimpleHelp RMM Software flaws for initial access

 | 

VMware fixed a flaw in Avi Load Balancer

 | 

EU announced sanctions on three members of Russia's GRU Unit 29155

 | 

Chinese AI platform DeepSeek faced a "large-scale" cyberattack

 | 

Apple fixed the first actively exploited zero-day of 2025

 | 

TalkTalk confirms data breach involving a third-party platform

 | 

Multiple Git flaws led to credentials compromise

 | 

GamaCopy targets Russia mimicking Russia-linked Gamaredon APT

 | 

ESXi ransomware attacks use SSH tunnels to avoid detection

 | 

Attackers allegedly stole $69 million from cryptocurrency platform Phemex

 | 

Change Healthcare data breach exposed the private data of over half the U.S.

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 30

 | 

Security Affairs newsletter Round 508 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Cisco warns of a ClamAV bug with PoC exploit

 | 

Subaru Starlink flaw allowed experts to remotely hack cars

 | 

U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog

 | 

J-magic malware campaign targets Juniper routers

 | 

SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild

 | 

U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog

 | 

Pwn2Own Automotive 2025 Day 2: organizers awarded $335,500

 | 

Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

 | 

Cisco addresses a critical privilege escalation bug in Meeting Management

 | 

U.S. President Donald Trump granted a "full and unconditional pardon" to Ross Ulbricht, Silk Road creator

 | 

Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days

 | 

Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations

 | 

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

 | 

Former CIA analyst pleaded guilty to leaking top-secret documents

 | 

New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers

 | 

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

 | 

Experts found multiple flaws in Mercedes-Benz infotainment system

 | 

HPE is investigating IntelBroker's claims of the company hack

 | 

Esperts found new DoNot Team APT group's Android malware

 | 

Malicious npm and PyPI target Solana Private keys to steal funds from victims' wallets

 | 

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 29

 | 

Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks

 | 

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

 | 

EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies

 | 

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

 | 

Russia-linked APT Star Blizzard targets WhatsApp accounts

 | 

Prominent US law firm Wolf Haldenstein disclosed a data breach

 | 

Clop Ransomware exploits Cleo File Transfer flaw: dozens of claims, disputed breaches

 | 

MikroTik botnet relies on DNS misconfiguration to spread malware

 | 

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

 | 

Microsoft Patch Tuesday updates for January 2025 fixed three actively exploited flaws

 | 

U.S. CISA adds Fortinet FortiOS flaw to its Known Exploited Vulnerabilities catalog

 | 

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

 | 

CVE-2024-44243 macOS flaw allows persistent malware installation

 | 

FBI deleted China-linked PlugX malware from over 4,200 US computers

 | 

Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware

 | 

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

 | 

Threat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency miners

 | 

U.S. CISA adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

 | 

Inexperienced actors developed the FunkSec ransomware using AI tools

 | 

Credit Card Skimmer campaign targets WordPress via database injection

 | 

Microsoft took legal action against crooks who developed a tool to abuse its AI-based services

 | 

Pro-Russia hackers NoName057 targets Italy again after Zelensky's visit to the country

 | 

Security Affairs newsletter Round 506 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

How a researcher earned $100,000 hacking a Facebook server

 | 

DoJ charged three Russian citizens with operating crypto-mixing services

 | 

U.S. cannabis dispensary STIIIZY disclosed a data breach

 | 

A novel PayPal phishing campaign hijacks accounts

 | 

Banshee macOS stealer supports new evasion mechanisms

 | 

Researchers disclosed details of a now-patched Samsung zero-click flaw

 | 

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

 | 

China-linked APT group MirrorFace targets Japan

 | 

U.S. Medical billing provider Medusind suffered a sata breach

 | 

U.S. CISA adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog

 | 

SOC Scalability: How AI Supports Growth Without Overloading Analysts

 | 

SonicWall warns of an exploitable SonicOS vulnerability

 | 

Gayfemboy Botnet targets Four-Faith router vulnerability

 | 

Meta replaces fact-checking with community notes post 'Cultural Tipping Point'

 | 

U.S. CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog

 | 

Threat actors breached the Argentina’s airport security police (PSA) payroll

 | 

US adds Tencent to the list of companies supporting Chinese military

 | 

Nessus scanner agents went offline due to a faulty plugin update

 | 

China-linked Salt Typhoon APT compromised more US telecoms than previously known

 | 

PLAYFULGHOST backdoor supports multiple information stealing features

 | 

Nuclei flaw allows signature bypass and code execution

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 27

 | 

Security Affairs newsletter Round 505 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Malicious npm packages target Ethereum developers

 | 

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

 | 

FireScam Android info-stealing malware supports spyware capabilities

 | 

Richmond University Medical Center data breach impacted 674,033 individuals

 | 

Apple will pay $95 Million to settle lawsuit over Siri's alleged eavesdropping

 | 

LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113

 | 

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

 | 

A US soldier was arrested for leaking presidential call logs

 | 

DoubleClickjacking allows clickjacking on major websites

 | 

Russian media outlets Telegram channels blocked in European countries

 | 

Three Russian-German nationals charged with suspicion of secret service agent activity

 | 

Lumen reports that it has locked out the Salt Typhoon group from its network

 | 

Proposed updates to HIPAA Security Rule mandate to restore the loss of certain relevant electronic information systems and data within 72 hours

 | 

U.S. Treasury sanctions Russian and Iranian entities for interfering in the presidential election

 | 

Rhode Island ’s data from health benefits system leaked on the dark web

 | 

Hacking campaign compromised at least 16 Chrome browser extensions

 | 

An X user claimed a 7-Zip zero-day vulnerability, but 7-Zip's creator says is a fake

 | 

Cisco states that the second data leak is linked to the one from October

 | 

Threat actors attempt to exploit a flaw in Four-Faith routers

 | 

ZAGG disclosed a data breach that exposed its customers' credit card data

 | 

China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 26

 | 

Security Affairs newsletter Round 504 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Pro-Russia group NoName targeted the websites of Italian airports

 | 

North Korea actors use OtterCookie malware in Contagious Interview campaign

 | 

Experts warn of a surge in activity associated FICORA and Kaiten botnets

 | 

Brazilian citizen charged for threatening to release data stolen from a company in 2020

 | 

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

 | 

A ransomware attack disrupted services at Pittsburgh Regional Transit

 | 

A cyber attack hit Japan Airlines delaying ticket sales for flights

 | 

Apache fixed a critical SQL Injection in Apache Traffic Control

 | 

BellaCPP, Charming Kitten's BellaCiao variant written in C++

 | 

DMM Bitcoin $308M Bitcoin heist linked to North Korea

 | 

Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code

 | 

Apache Foundation fixed a severe Tomcat vulnerability

 | 

Italy's data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations

 | 

U.S. CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog

 | 

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

 | 

Lazarus APT targeted employees at an unnamed nuclear-related organization

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 25

 | 

Security Affairs newsletter Round 503 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

US charged Dual Russian and Israeli National as LockBit Ransomware developer

 | 

BadBox rapidly grows, 190,000 Android devices infected

 | 

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

 | 

Sophos fixed critical vulnerabilities in its Firewall product

 | 

U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalog

 | 

Raccoon Infostealer operator sentenced to 60 months in prison

 | 

Mirai botnet targets SSR devices, Juniper Networks warns

 | 

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

 | 

CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army

 | 

US considers banning TP-Link routers over cybersecurity concerns

 | 

Russia-linked APT29 group used red team tools in rogue RDP attacks

 | 

Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677

 | 

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

 | 

Texas Tech University data breach impacted 1.4 million individuals

 | 

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

 | 

Russia FSB relies on Ukrainian minors for criminal activities disguised as "quest games"

 | 

U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog

 | 

ConnectOnCall data breach impacted over 900,000 individuals

 | 

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

 | 

Multiple flaws in Volkswagen Group's infotainment unit allow for vehicle compromise

 | 

PUMAKIT, a sophisticated rootkit that uses advanced stealth mechanisms 

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 24

 | 

Security Affairs newsletter Round 502 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

 | 

U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog

 | 

German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox

 | 

U.S. authorities seized cybercrime marketplace Rydox

 | 

Experts discovered the first mobile malware families linked to Russia's Gamaredon

 | 

US Bitcoin ATM operator Byte Federal suffered a data breach

 | 

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

 | 

Operation PowerOFF took down 27 DDoS platforms across 15 countries

 | 

Russia's Secret Blizzard APT targets Ukraine with Kazuar backdoor

 | 

Ivanti fixed a maximum severity vulnerability in its CSA solution

 | 

Operation Digital Eye: China-linked relies on Visual Studio Code Remote Tunnels to spy on Europen entities

 | 

Chinese national charged for hacking thousands of Sophos firewalls

 | 

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE - Smishing Triad in Action

 | 

U.S. CISA adds Microsoft Windows CLFS driver flaw to its Known Exploited Vulnerabilities catalog

 | 

Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day

 | 

SAP fixed critical SSRF flaw in NetWeaver's Adobe Document Services

 | 

Romanian energy supplier Electrica Group is facing a ransomware attack

 | 

Deloitte denied its systems were hacked by Brain Cipher ransomware group

 | 

Mandiant devised a technique to bypass browser isolation using QR codes

 | 

2023 Anna Jaques Hospital data breach impacted over 310,000 people

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 23

 | 

Security Affairs newsletter Round 501 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

RedLine info-stealer campaign targets Russian businesses through pirated corporate software

 | 

8Base ransomware group hacked Croatia's Port of Rijeka

 | 

Romania ’s election systems hit by 85,000 attacks ahead of presidential vote

 | 

New Atrium Health data breach impacts 585,000 individuals

 | 

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

 | 

Hundred of CISCO switches impacted by bootloader flaw

 | 

Operation Destabilise dismantled Russian money laundering networks

 | 

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

 | 

China-linked APT Salt Typhoon has breached telcos in dozens of countries

 | 

Black Basta ransomware gang hit BT Group

 | 

Authorities shut down Crimenetwork, the Germany's largest crime marketplace

 | 

Veeam addressed critical Service Provider Console (VSPC) bug

 | 

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

 | 

U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog

 | 

The ASA flaw CVE-2014-2120 is being actively exploited in the wild

 | 

DMM Bitcoin halts operations six months after a $300 million cyber heist

 | 

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

 | 

Poland probes Pegasus spyware abuse under the PiS government

 | 

Tor Project needs 200 WebTunnel bridges more to bypass Russia' censorship

 | 

Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

 | 

How threat actors can use generative artificial intelligence?

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22

 | 

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Hackers stole millions of dollars from Uganda Central Bank

 | 

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

 | 

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

 | 

Zello urges users to reset passwords following a cyber attack

 | 

A cyberattack impacted operations at UK Wirral University Teaching Hospital

 | 

T-Mobile detected network intrusion attempts and blocked them

 | 

ProjectSend critical flaw actively exploited in the wild, experts warn

 | 

Bootkitty is the first UEFI Bootkit designed for Linux systems

 | 

VMware fixed five vulnerabilities in Aria Operations product

 | 

Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries

 | 

Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Europe and North America

 | 

The source code of Banshee Stealer leaked online

 | 

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

 | 

Thai police arrested Chinese hackers involved in SMS blaster attacks

 | 

Zyxel firewalls targeted in recent ransomware attacks

 | 

Malware campaign abused flawed Avast Anti-Rootkit driver

 | 

Russia-linked APT TAG-110 uses targets Europe and Asia

 | 

Russia-linked threat actors threaten the UK and its allies, minister to say

 | 

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

DoJ seized credit card marketplace PopeyeTools and charges its administrators

 | 

A cyberattack on gambling giant IGT disrupted portions of its IT systems

 | 

China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane

 | 

Microsoft seized 240 sites used by the ONNX phishing service

 | 

U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog

 | 

More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days

 | 

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

 | 

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

 | 

Threat actor sells data of over 750,000 patients from a French hospital

 | 

Decade-old local privilege escalation bugs impacts Ubuntu needrestart package

 | 

Ford data breach involved a third-party supplier

 | 

Hacker obtained documents tied to lawsuit over Matt Gaetz's sexual misconduct allegations

 | 

Apple addressed two actively exploited zero-day vulnerabilities

 | 

Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events

 | 

Russian Phobos ransomware operator faces cybercrime charges

 | 

Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals

 | 

Recently disclosed VMware vCenter Server bugs are actively exploited in attacks

 | 

Foreign adversary hacked email communications of the Library of Congress says

 | 

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

 | 

Increased GDPR Enforcement Highlights the Need for Data Security

 | 

Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 20

 | 

A botnet exploits e GeoVision zero-day to compromise EoL devices

 | 

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

 | 

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

 | 

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

 | 

U.S. CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog

 | 

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

 | 

Bitdefender released a decryptor for the ShrinkLocker ransomware

 | 

China's Volt Typhoon botnet has re-emerged

 | 

Zoom addressed two high-severity issues in its platform

 | 

Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days

 | 

Ahold Delhaize experienced a cyber incident affecting several of its U.S. brands

 | 

A cyberattack on payment systems blocked cards readers across stores and gas stations in Israel

 | 

Apple indeed added a feature called "inactivity reboot" in iOS 18.1 that reboots locked devices

 | 

Ymir ransomware, a new stealthy ransomware grow in the wild

 | 

Amazon discloses employee data breach after May 2023 MOVEit attacks

 | 

A new fileless variant of Remcos RAT observed in the wild

 | 

A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 19

 | 

Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

 | 

Mazda Connect flaws allow to hack some Mazda vehicles

 | 

Veeam Backup & Replication exploit reused in new Frag ransomware attack

 | 

Texas oilfield supplier Newpark Resources suffered a ransomware attack

 | 

Palo Alto Networks warns of potential RCE in PAN-OS management interface

 | 

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

 | 

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

 | 

DPRK-linked BlueNoroff used macOS malware with novel persistence

 | 

Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

 | 

Critical bug in Cisco UWRB access points allows attackers to run commands as root

 | 

INTERPOL: Operation Synergia II disrupted +22,000 malicious IPs

 | 

Memorial Hospital and Manor suffered a ransomware attack

 | 

South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users

 | 

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices

 | 

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

 | 

U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog

 | 

Canadian authorities arrested alleged Snowflake hacker

 | 

Android flaw CVE-2024-43093 may be under limited, targeted exploitation

 | 

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

 | 

Nigerian man Sentenced to 26+ years in real estate phishing scams

 | 

Russian disinformation campaign active ahead of 2024 US election

 | 

International law enforcement operation shut down DDoS-for-hire platform Dstat.cc

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 18

 | 

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

US Election 2024 – FBI warning about fake election videos

 | 

Chinese threat actors use Quad7 botnet in password-spray attacks

 | 

FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info

 | 

Sophos details five years of China-linked threat actors' activity targeting network devices worldwide

 | 

PTZOptics cameras zero-days actively exploited in the wild

 | 

New LightSpy spyware version targets iPhones with destructive capabilities

 | 

LottieFiles confirmed a supply chain attack on Lottie-Player

 | 

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

 | 

QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024

 | 

New version of Android malware FakeCall redirects bank calls to scammers

 | 

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

 | 

QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024

 | 

International law enforcement operation dismantled RedLine and Meta infostealers

 | 

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

 | 

Russia-linked espionage group UNC5812 targets Ukraine's military with malware

 | 

France’s second-largest telecoms provider Free suffered a cyber attack

 | 

A crime ring compromised Italian state databases reselling stolen info

 | 

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

 | 

Black Basta affiliates used Microsoft Teams in recent attacks

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 17

 | 

Four REvil Ransomware members sentenced for hacking and money laundering

 | 

Chinese cyber spies targeted phones used by Trump and Vance

 | 

Irish Data Protection Commission fined LinkedIn €310M for GDPR infringement

 | 

Change Healthcare data breach impacted over 100 million people

 | 

OnePoint Patient Care data breach impacted 795916 individuals

 | 

From Risk Assessment to Action: Improving Your DLP Response

 | 

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

 | 

Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24

 | 

Cisco fixed tens of vulnerabilities, including an actively exploited one

 | 

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

 | 

U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog

 | 

Digital Echo Chambers and Erosion of Trust - Key Threats to the US Elections

 | 

Crooks are targeting Docker API servers to deploy SRBMiner

 | 

Why DSPM is Essential for Achieving Data Privacy in 2024

 | 

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

 | 

Samsung zero-day flaw actively exploited in the wild

 | 

Experts warn of a new wave of Bumblebee malware attacks

 | 

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

 | 

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

 | 

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

 | 

Internet Archive was breached twice in a month

 | 

Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

 | 

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP

 | 

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

 | 

North Korea-linked APT37 exploited IE zero-day in a recent attack

 | 

Omni Family Health data breach impacts 468,344 individuals

 | 

Iran-linked actors target critical infrastructure organizations

 | 

macOS HM Surf flaw in TCC allows bypass Safari privacy settings

 | 

Two Sudanese nationals indicted for operating the Anonymous Sudan group

 | 

Russia-linked RomCom group targeted Ukrainian government agencies since late 2023

 | 

A critical flaw in Kubernetes Image Builder could allow attackers to gain root access

 | 

VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX

 | 

Brazil's Polícia Federal arrested the notorious hacker USDoD

 | 

Finnish Customs dismantled the dark web drugs market Sipulitie

 | 

U.S. CISA adds Microsoft Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog

 | 

GitHub addressed a critical vulnerability in Enterprise Server

 | 

A new Linux variant of FASTCash malware targets financial systems

 | 

WordPress Jetpack plugin critical flaw impacts 27 million sites

 | 

Pokemon dev Game Freak discloses data breach

 | 

U.S. CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog

 | 

Nation-state actor exploited three Ivanti CSA zero-days

 | 

Dutch police dismantled dual dark web market 'Bohemia/Cannabia'

 | 

Fidelity Investments suffered a second data breach this year

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15

 | 

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

 | 

A cyber attack hit Iranian government sites and nuclear facilities

 | 

Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks

 | 

GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline execution

 | 

Iran and China-linked actors used ChatGPT for preparing attacks

 | 

Internet Archive data breach impacted 31M users

 | 

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

 | 

U.S. CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog

 | 

Mozilla issued an urgent Firefox update to fix an actively exploited flaw

 | 

Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices

 | 

Cybercriminals Are Targeting AI Conversational Platforms

 | 

Awaken Likho APT group targets Russian government with a new implant

 | 

U.S. CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog

 | 

Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer

 | 

MoneyGram discloses data breach following September cyberattack

 | 

American Water shut down some of its systems following a cyberattack

 | 

Universal Music data breach impacted 680 individuals

 | 

FBCS data breach impacted 238,000 Comcast customers

 | 

Critical Apache Avro SDK RCE flaw impacts Java applications

 | 

Man pleads guilty to stealing over $37 Million worth of cryptocurrency

 | 

U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog

 | 

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

 | 

Security Affairs newsletter Round 492 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Google Pixel 9 supports new security features to mitigate baseband attacks

 | 

WordPress LiteSpeed Cache plugin flaw could allow site takeover

 | 

Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs

 | 

Google removed Kaspersky's security apps from the Play Store

 | 

New Perfctl Malware targets Linux servers in cryptomining campaign

 | 

Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group

 | 

Dutch police breached by a state actor

 | 

Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug

 | 

Telegram revealed it shared U.S. user data with law enforcement

 | 

U.S. CISA adds Ivanti Endpoint Manager (EPM) flaw to its Known Exploited Vulnerabilities catalog

 | 

14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries

 | 

Rhadamanthys information stealer introduces AI-driven capabilities

 | 

Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now!

 | 

Police arrested four new individuals linked to the LockBit ransomware operation

 | 

UMC Health System diverted patients following a ransomware attack

 | 

U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog

 | 

News agency AFP hit by cyberattack, client services impacted

 | 

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

 | 

Patelco Credit Union data breach impacted over 1 million people

 | 

Community Clinic of Maui discloses a data breach following May Lockbit ransomware attack

 | 

A British national has been charged for his execution of a hack-to-trade scheme

 | 

Critical NVIDIA Container Toolkit flaw could allow access to the underlying host

 | 

Israel army hacked the communication network of the Beirut Airport control tower

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13

 | 

Security Affairs newsletter Round 491 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Irish Data Protection Commission fined Meta €91 million for storing passwords in readable format

 | 

A cyberattack on Kuwait Health Ministry impacted hospitals in the country

 | 

Cyber vandalism on Wi-Fi networks at UK train stations spread an anti-Islam message

 | 

CUPS flaws allow remote code execution on Linux systems under certain conditions

 | 

U.S. sanctioned virtual currency exchanges Cryptex and PM2BTC for facilitating illegal activities

 | 

Hacking Kia cars made after 2013 using just their license plate

 | 

Critical RCE vulnerability found in OpenPLC

 | 

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

 | 

Privacy non-profit noyb claims that Firefox tracks users with privacy preserving feature

 | 

Data of 3,191 congressional staffers leaked in the dark web

 | 

New variant of Necro Trojan infected more than 11 million devices

 | 

U.S. CISA adds Ivanti Virtual Traffic Manager flaw to its Known Exploited Vulnerabilities catalog

 | 

Arkansas City water treatment facility switched to manual operations following a cyberattack

 | 

New Android banking trojan Octo2 targets European banks

 | 

A generative artificial intelligence malware used in phishing attacks

 | 

A cyberattack on MoneyGram caused its service outage

 | 

Did Israel infiltrate Lebanese telecoms networks?

 | 

Telegram will provide user data to law enforcement in response to legal requests

 | 

ESET fixed two privilege escalation flaws in its products

 | 

North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages

 | 

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

 | 

Hacktivist group Twelve is back and targets Russian entities

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 12

 | 

Security Affairs newsletter Round 490 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Noise Storms: Mysterious massive waves of spoofed traffic observed since 2020

 | 

Hackers stole over $44 million from Asian crypto platform BingX

 | 

OP KAERB: Europol dismantled phishing scheme targeting mobile users

 | 

Ukraine bans Telegram for government agencies, military, and critical infrastructure

 | 

Tor Project responded to claims that law enforcement can de-anonymize Tor users

 | 

UNC1860 provides Iran-linked APTs with access to Middle Eastern networks

 | 

US DoJ charged two men with stealing and laundering $230 Million worth of cryptocurrency

 | 

The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector

 | 

U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

 | 

Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw

 | 

International law enforcement operation dismantled criminal communication platform Ghost

 | 

U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog

 | 

SIEM for Small and Medium-Sized Enterprises: What you need to know

 | 

Experts warn of China-linked APT's Raptor Train IoT Botnet

 | 

Credential Flusher, understanding the threat and how to protect your login data

 | 

U.S. Treasury issued fresh sanctions against entities linked to the Intellexa Consortium

 | 

Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812

 | 

Remote attack on pagers used by Hezbollah caused 9 deaths and thousands of injuries

 | 

Chinese man charged for spear-phishing against NASA and US Government

 | 

U.S. CISA adds Microsoft Windows MSHTML Platform and Progress WhatsUp Gold bugs to its Known Exploited Vulnerabilities catalog

 | 

Taking Control Online: Ensuring Awareness of Data Usage and Consent

 | 

Qilin ransomware attack on Synnovis impacted over 900,000 patients

 | 

D-Link addressed three critical RCE in wireless router models

 | 

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

 | 

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager

 | 

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

 | 

Hacker tricked ChatGPT into providing detailed instructions to make a homemade bomb

 | 

Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

 | 

U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

 | 

Ivanti Cloud Service Appliance flaw is being actively exploited in the wild

 | 

GitLab fixed a critical flaw in GitLab CE and GitLab EE

 | 

New Linux malware called Hadooken targets Oracle WebLogic servers

 | 

Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach

 | 

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

 | 

Cybersecurity giant Fortinet discloses a data breach

 | 

Singapore Police arrest six men allegedly involved in a cybercrime syndicate

 | 

Adobe Patch Tuesday security updates fixed multiple critical issues in the company's products

 | 

Highline Public Schools school district suspended its activities following a cyberattack

 | 

RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR

 | 

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

 | 

Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days

 | 

Quad7 botnet evolves to more stealthy tactics to evade detection

 | 

Poland thwarted cyberattacks that were carried out by Russia and Belarus

 | 

U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog

 | 

Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals

 | 

Predator spyware operation is back with a new infrastructure

 | 

TIDRONE APT targets drone manufacturers in Taiwan

 | 

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

 | 

Progress Software fixed a maximum severity flaw in LoadMaster

 | 

Feds indicted two alleged administrators of WWH Club dark web marketplace

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 10

 | 

Security Affairs newsletter Round 488 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog

 | 

A flaw in WordPress LiteSpeed Cache Plugin allows account takeover

 | 

Car rental company Avis discloses a data breach

 | 

SonicWall warns that SonicOS bug exploited in attacks

 | 

Apache fixed a new remote code execution flaw in Apache OFBiz

 | 

Russia-linked GRU Unit 29155 targeted critical infrastructure globally

 | 

Veeam fixed a critical flaw in Veeam Backup & Replication software

 | 

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

 | 

Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?

 | 

Quishing, an insidious threat to electric car owners

 | 

Discontinued D-Link DIR-846 routers are affected by code execution flaws. Replace them!

 | 

Head Mare hacktivist group targets Russia and Belarus

 | 

Zyxel fixed critical OS command injection flaw in multiple routers

 | 

VMware fixed a code execution flaw in Fusion hypervisor

 | 

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

 | 

Three men plead guilty to running MFA bypass service OTP.Agency

 | 

Transport for London (TfL) is dealing with an ongoing cyberattack

 | 

Lockbit gang claims the attack on the Toronto District School Board (TDSB)

 | 

A new variant of Cicada ransomware targets VMware ESXi systems

 | 

An air transport security system flaw allowed to bypass airport security screenings

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 9

 | 

Security Affairs newsletter Round 487 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Fortra fixed two severe issues in FileCatalyst Workflow, including a critical flaw

 | 

South Korea-linked group APT-C-60 exploited a WPS Office zero-day

 | 

Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

 | 

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

 | 

Cisco addressed a high-severity flaw in NX-OS software

 | 

Corona Mirai botnet spreads via AVTECH CCTV zero-day 

 | 

Telegram CEO Pavel Durov charged in France for facilitating criminal activities

 | 

Iran-linked group APT33 adds new Tickler malware to its arsenal

 | 

U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog

 | 

Young Consulting data breach impacts 954,177 individuals

 | 

BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085

 | 

US offers $2.5M reward for Belarusian man involved in mass malware distribution

 | 

U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog

 | 

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

 | 

Researchers unmasked the notorious threat actor USDoD

 | 

The Dutch Data Protection Authority (DPA) has fined Uber a record €290M

 | 

Google addressed the tenth actively exploited Chrome zero-day this year

 | 

SonicWall addressed an improper access control issue in its firewalls

 | 

A cyberattack impacted operations at the Port of Seattle and Sea-Tac Airport

 | 

Linux malware sedexp uses udev rules for persistence and evasion

 | 

France police arrested Telegram CEO Pavel Durov

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 8

 | 

Security Affairs newsletter Round 486 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog

 | 

Hackers can take over Ecovacs home robots to spy on their owners

 | 

Russian national arrested in Argentina for laundering money of crooks and Lazarus APT

 | 

Qilin ransomware steals credentials stored in Google Chrome

 | 

Phishing attacks target mobile users via progressive web applications (PWA)

 | 

Member of cybercrime group Karakurt charged in the US

 | 

New malware Cthulhu Stealer targets Apple macOS users

 | 

China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches

 | 

A cyberattack hit US oil giant Halliburton

 | 

SolarWinds fixed a hardcoded credential issue in Web Help Desk

 | 

A cyberattack disrupted operations of US chipmaker Microchip Technology

 | 

Google addressed the ninth actively exploited Chrome zero-day this year

 | 

GitHub fixed a new critical flaw in the GitHub Enterprise Server 

 | 

Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio

 | 

North Korea-linked APT used a new RAT called MoonPeak

 | 

Pro-Russia group Vermin targets Ukraine with a new malware family

 | 

A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloning

 | 

Ransomware payments rose from $449.1 million to $459.8 million

 | 

Previously unseen Msupedge backdoor targeted a university in Taiwan

 | 

Oracle NetSuite misconfiguration could lead to data exposure

 | 

Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum

 | 

CISA adds Jenkins Command Line Interface (CLI) bug to its Known Exploited Vulnerabilities catalog

 | 

Researchers uncovered new infrastructure linked to the cybercrime group FIN7

 | 

Experts warn of exploit attempt for Ivanti vTM bug

 | 

Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT

 | 

The Mad Liberator ransomware group uses social-engineering techniques

 | 

From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7

 | 

Security Affairs newsletter Round 485 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

 | 

OpenAI dismantled an Iranian influence operation targeting the U.S. presidential election

 | 

National Public Data confirms a data breach

 | 

CISA adds SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalog

 | 

Russian national sentenced to 40 months for selling stolen data on the dark web

 | 

Banshee Stealer, a new macOS malware with a monthly subscription price of $3,000

 | 

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

 | 

Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack

 | 

A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter

 | 

Google disrupted hacking campaigns carried out by Iran-linked APT42

 | 

Black Basta ransomware gang linked to a SystemBC malware campaign

 | 

A massive cyber attack hit Central Bank of Iran and other Iranian banks

 | 

China-linked APT Earth Baku targets Europe, the Middle East, and Africa

 | 

SolarWinds addressed a critical RCE in all Web Help Desk versions

 | 

Kootenai Health data breach impacted 464,000 patients

 | 

Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs

 | 

A PoC exploit code is available for critical Ivanti vTM bug

 | 

Elon Musk claims that a DDoS attack caused problems with the livestream interview with Donald Trump

 | 

CERT-UA warns of a phishing campaign targeting government entities

 | 

US DoJ dismantled remote IT worker fraud schemes run by North Korea

 | 

A FreeBSD flaw could allow remote code execution, patch it now!

 | 

EastWind campaign targets Russian organizations with sophisticated backdoors

 | 

Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE

 | 

Foreign nation-state actors hacked Donald Trump’s campaign

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

 | 

Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

ADT disclosed a data breach that impacted more than 30,000 customers

 | 

Is the INC ransomware gang behind the attack on McLaren hospitals?

 | 

Crooks took control of a cow milking robot causing the death of a cow

 | 

Sonos smart speakers flaw allowed to eavesdrop on users

 | 

Five zero-days impacts EoL Cisco Small Business IP Phones. Replace them with newer models asap!

 | 

CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog

 | 

Russian cyber spies stole data and emails from UK government systems

 | 

0.0.0.0 Day flaw allows malicious websites to bypass security in major browsers

 | 

FBI and CISA update a joint advisory on the BlackSuit Ransomware group

 | 

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

 | 

Critical XSS bug in Roundcube Webmail allows attackers to steal emails and sensitive data

 | 

New Android spyware LianSpy relies on Yandex Cloud to avoid detection

 | 

Hackers breached MDM firm Mobile Guardian and wiped thousands of devices

 | 

A ransomware attack hit French museum network

 | 

CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog

 | 

Google warns of an actively exploited Android kernel flaw

 | 

Should Organizations Pay Ransom Demands?

 | 

North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

 | 

Researchers warn of a new critical Apache OFBiz flaw

 | 

Keytronic incurred approximately $17 million of expenses following ransomware attack

 | 

A flaw in Rockwell Automation ControlLogix 1756 could expose critical control systems to unauthorized access

 | 

China-linked APT41 breached Taiwanese research institute

 | 

Chinese StormBamboo APT compromised ISP to deliver malware

 | 

Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach

 | 

Security Affairs Malware Newsletter - Round 5

 | 

Security Affairs newsletter Round 483 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

US sued TikTok and ByteDance for violating children’s privacy laws

 | 

Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware

 | 

Investors sued CrowdStrike over false claims about its Falcon platform

 | 

Avtech camera vulnerability actively exploited in the wild, CISA warns

 | 

U.S. released Russian cybercriminals in diplomatic prisoner exchange

 | 

Sitting Ducks attack technique exposes over a million domains to hijacking

 | 

Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

 | 

BingoMod Android RAT steals money from victims' bank accounts and wipes data

 | 

A ransomware attack disrupted operations at OneBlood blood bank

 | 

Apple fixed dozens of vulnerabilities in iOS and macOS

 | 

Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families

 | 

A Fortune 50 company paid a record-breaking $75 million ransom

 | 

CISA adds VMware ESXi bug to its Known Exploited Vulnerabilities catalog

 | 

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

 | 

SideWinder phishing campaign targets maritime facilities in multiple countries

 | 

A crafty phishing campaign targets Microsoft OneDrive users

 | 

Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085

 | 

Acronis Cyber Infrastructure bug actively exploited in the wild

 | 

Fake Falcon crash reporter installer used to target German Crowdstrike users

 | 

Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware

 | 

French authorities launch disinfection operation to eradicate PlugX malware from infected hosts

 | 

Security Affairs Malware Newsletter - Round 4

 | 

Security Affairs newsletter Round 482 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukraine's cyber operation shut down the ATM services of major Russian banks

 | 

A bug in Chrome Password Manager caused user credentials to disappear

 | 

BIND updates fix four high-severity DoS bugs in the DNS software suite

 | 

Terrorist Activity is Accelerating in Cyberspace - Risk Precursor to Summer Olympics and Elections

 | 

Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server

 | 

Critical bug in Docker Engine allowed attackers to bypass authorization plugins

 | 

Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers

 | 

Michigan Medicine data breach impacted 56953 patients

 | 

U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog

 | 

China-linked APT group uses new Macma macOS backdoor version

 | 

FrostyGoop ICS malware targets Ukraine

 | 

Hackers abused swap files in e-skimming attacks on Magento sites

 | 

US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group

 | 

EvilVideo, a Telegram Android zero-day allowed sending malicious APKs disguised as videos

 | 

SocGholish malware used to spread AsyncRAT malware

 | 

UK police arrested a 17-year-old linked to the Scattered Spider gang

 | 

Security Affairs Malware Newsletter - Round 3

 | 

Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog

 | 

Threat actors attempted to capitalize CrowdStrike incident

 | 

Russian nationals plead guilty to participating in the LockBit ransomware group

 | 

MediSecure data breach impacted 12.9 million individuals

 | 

CrowdStrike update epic fail crashed Windows systems worldwide

 | 

Cisco fixed a critical flaw in Security Email Gateway that could allow attackers to add root users

 | 

SAPwned flaws in SAP AI core could expose customers' data

 | 

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

 | 

How to Protect Privacy and Build Secure AI Products

 | 

A critical flaw in Cisco SSM On-Prem allows attackers to change any user's password

 | 

MarineMax data breach impacted over 123,000 individuals

 | 

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

 | 

The Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal

 | 

CISA adds OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog

 | 

Kaspersky leaves U.S. market following the ban on the sale of its software in the country

 | 

FBI unlocked the phone of the suspect in the assassination attempt on Donald Trump

 | 

Ransomware groups target Veeam Backup & Replication bug

 | 

AT&T paid a $370,000 ransom to prevent stolen data from being leaked

 | 

HardBit ransomware version 4.0 supports new obfuscation techniques

 | 

Dark Gate malware campaign uses Samba file shares

 | 

Security Affairs Malware Newsletter - Round 2

 | 

Security Affairs newsletter Round 480 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

 | 

Rite Aid disclosed data breach following RansomHub ransomware attack

 | 

New AT&T data breach exposed call logs of almost all customers

 | 

Critical flaw in Exim MTA could allow to deliver malware to users' inboxes

 | 

Palo Alto Networks fixed a critical bug in the Expedition tool

 | 

Smishing Triad Is Targeting India To Steal Personal and Payment Data at Scale

 | 

October ransomware attack on Dallas County impacted over 200,000 people

 | 

CrystalRay operations have scaled 10x to over 1,500 victims

 | 

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

 | 

AI-Powered Russia's bot farm operates on X, US and its allies warn

 | 

VMware fixed critical SQL-Injection in Aria Automation product

 | 

Citrix fixed critical and high-severity bugs in NetScaler product

 | 

A new flaw in OpenSSH can lead to remote code execution

 | 

Microsoft Patch Tuesday for July 2024 fixed 2 actively exploited zero-days

 | 

U.S. CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog

 | 

Evolve Bank data breach impacted over 7.6 million individuals

 | 

More than 31 million customer email addresses exposed following Neiman Marcus data breach

 | 

Avast released a decryptor for DoNex Ransomware and its predecessors

 | 

RockYou2024 compilation containing 10 billion passwords was leaked online

 | 

Critical Ghostscript flaw exploited in the wild. Patch it now!

 | 

Apple removed 25 VPN apps from the App Store in Russia following Moscow's requests

 | 

CISA adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog

 | 

Apache fixed a source code disclosure flaw in Apache HTTP Server

 | 

Security Affairs Malware Newsletter - Round 1

 | 

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Alabama State Department of Education suffered a data breach following a blocked attack

 | 

GootLoader is still active and efficient

 | 

Hackers stole OpenAI secrets in a 2023 security breach

 | 

Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes

 | 

Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain

 | 

New Golang-based Zergeca Botnet appeared in the threat landscape

 | 

Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus

 | 

Hackers compromised Ethereum mailing list and launched a crypto draining attack

 | 

OVHcloud mitigated a record-breaking DDoS attack in April 2024

 | 

Healthcare fintech firm HealthEquity disclosed a data breach

 | 

Brazil data protection authority bans Meta from training AI models with data originating in the country

 | 

Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform

 | 

Operation Morpheus took down 593 Cobalt Strike servers used by threat actors

 | 

LockBit group claims the hack of the Fairfield Memorial Hospital in the US

 | 

American Patelco Credit Union suffered a ransomware attack

 | 

Polish government investigates Russia-linked cyberattack on state news agency

 | 

Evolve Bank data breach impacted fintech firms Wise and Affirm

 | 

Prudential Financial data breach impacted over 2.5 million individuals

 | 

Australian man charged for Evil Twin Wi-Fi attacks on domestic flights

 | 

China-linked APT exploited Cisco NX-OS zero-day to deploy custom malware

 | 

Critical unauthenticated remote code execution flaw in OpenSSH server

 | 

Monti gang claims the hack of the Wayne Memorial Hospital in Pennsylvania

 | 

Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769

 | 

Russia-linked Midnight Blizzard stole email of more Microsoft customers

 | 

Russia-linked group APT29 likely breached TeamViewer's corporate network

 | 

Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Infosys McCamish Systems data breach impacted over 6 million people

 | 

A cyberattack shut down the University Hospital Centre Zagreb in Croatia

 | 

US announces a $10M reward for Russia's GRU hacker behind attacks on Ukraine

 | 

LockBit group falsely claimed the hack of the Federal Reserve

 | 

CISA adds GeoSolutionsGroup JAI-EXT, Linux Kernel, and Roundcube Webmail bugs to its Known Exploited Vulnerabilities catalog

 | 

New P2Pinfect version delivers miners and ransomware on Redis servers

 | 

New MOVEit Transfer critical bug is actively exploited

 | 

New Caesar Cipher Skimmer targets popular CMS used by e-stores

 | 

Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw

 | 

Wikileaks founder Julian Assange is free

 | 

CISA confirmed that its CSAT environment was breached in January.

 | 

Threat actors compromised 1,590 CoinStats crypto wallets

 | 

Experts observed approximately 120 malicious campaigns using the Rafel RAT

 | 

LockBit claims the hack of the US Federal Reserve

 | 

Ransomware threat landscape Jan-Apr 2024: insights and challenges

 | 

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

 | 

Threat actor attempts to sell 30 million customer records allegedly stolen from TEG

 | 

Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Threat actors are actively exploiting SolarWinds Serv-U bug CVE-2024-28995

 | 

US government sanctions twelve Kaspersky Lab executives

 | 

Experts found a bug in the Linux version of RansomHub ransomware

 | 

UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models

 | 

Russia-linked APT Nobelium targets French diplomatic entities

 | 

US bans sale of Kaspersky products due to risks to national security

 | 

Atlassian fixed six high-severity bugs in Confluence Data Center and Server

 | 

China-linked spies target Asian Telcos since at least 2021

 | 

New Rust infostealer Fickle Stealer spreads through various attack methods

 | 

An unpatched bug allows anyone to impersonate Microsoft corporate email accounts

 | 

Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale

 | 

Alleged researchers stole $3 million from Kraken exchange

 | 

Google Chrome 126 update addresses multiple high-severity flaws

 | 

Chip maker giant AMD investigates a data breach

 | 

Cryptojacking campaign targets exposed Docker APIs

 | 

VMware fixed RCE and privilege escalation bugs in vCenter Server

 | 

Meta delays training its AI using public content shared by EU users 

 | 

Keytronic confirms data breach after ransomware attack

 | 

The Financial Dynamics Behind Ransomware Attacks

 | 

Empire Market owners charged with operating $430M dark web marketplace

 | 

China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign

 | 

LA County’s Department of Public Health (DPH) data breach impacted over 200,000 individuals

 | 

Spanish police arrested an alleged member of the Scattered Spider group

 | 

Online job offers, the reshipping and money mule scams

 | 

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

ASUS fixed critical remote authentication bypass bug in several routers

 | 

London hospitals canceled over 800 operations in the week after Synnovis ransomware attack

 | 

DORA Compliance Strategy for Business Leaders

 | 

CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog

 | 

City of Cleveland still working to fully restore systems impacted by a cyber attack

 | 

Google fixed an actively exploited zero-day in the Pixel Firmware

 | 

Multiple flaws in Fortinet FortiOS fixed

 | 

CISA adds Arm Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog

 | 

Ukraine Police arrested a hacker who developed a crypter used by Conti and LockBit ransomware operation

 | 

JetBrains fixed IntelliJ IDE flaw exposing GitHub access tokens

 | 

Microsoft Patch Tuesday security updates for June 2024 fixed only one critical issue

 | 

Cylance confirms the legitimacy of data offered for sale in the dark web

 | 

Arm zero-day in Mali GPU Drivers actively exploited in the wild

 | 

Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. Patch it now!

 | 

Japanese video-sharing platform Niconico was victim of a cyber attack

 | 

UK NHS call for O-type blood donations following ransomware attack on London hospitals

 | 

Christie’s data breach impacted 45,798 individuals

 | 

Sticky Werewolf targets the aviation industry in Russia and Belarus

 | 

Frontier Communications data breach impacted over 750,000 individuals

 | 

PHP addressed critical RCE flaw potentially impacting millions of servers

 | 

Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform

 | 

Pandabuy was extorted twice by the same threat actor

 | 

UAC-0020 threat actor used the SPECTR Malware to target Ukraine's defense forces

 | 

A new Linux version of TargetCompany ransomware targets VMware ESXi environments

 | 

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

 | 

RansomHub operation is a rebranded version of the Knight RaaS

 | 

Malware can steal data collected by the Windows Recall tool, experts warn

 | 

Cisco addressed Webex flaws used to compromise German government meetings

 | 

CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs

 | 

Zyxel addressed three RCEs in end-of-life NAS devices

 | 

A ransomware attack on Synnovis impacted several London hospitals

 | 

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

 | 

Cybercriminals attack banking customers in EU with V3B phishing kit - PhotoTAN and SmartID supported.

 | 

Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers

 | 

Multiple flaws in Cox modems could have impacted millions of devices

 | 

CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog

 | 

Spanish police shut down illegal TV streaming network

 | 

APT28 targets key networks in Europe with HeadLace malware

 | 

Experts found information of European politicians on the dark web

 | 

FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware

 | 

Security Affairs newsletter Round 474 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ticketmaster confirms data breach impacting 560 million customers

 | 

Critical Apache Log4j2 flaw still threatens global finance

 | 

Crooks stole more than $300M worth of Bitcoin from the exchange DMM Bitcoin

 | 

ShinyHunters is selling data of 30 million Santander customers

 | 

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours 

 | 

LilacSquid APT targeted organizations in the U.S., Europe, and Asia since at least 2021

 | 

BBC disclosed a data breach impacting its Pension Scheme members

 | 

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

 | 

Experts found a macOS version of the sophisticated LightSpy spyware

 | 

Operation Endgame, the largest law enforcement operation ever against botnets

 | 

Law enforcement operation dismantled 911 S5 botnet

 | 

Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature

 | 

Check Point released hotfix for actively exploited VPN zero-day

 | 

ABN Amro discloses data breach following an attack on a third-party provider

 | 

Christie disclosed a data breach after a RansomHub attack

 | 

Experts released PoC exploit code for RCE in Fortinet SIEM

 | 

WordPress Plugin abused to install e-skimmers in e-commerce sites

 | 

TP-Link Archer C5400X gaming router is affected by a critical flaw

 | 

Sav-Rx data breach impacted over 2.8 million individuals

 | 

The Impact of Remote Work and Cloud Migrations on Security Perimeters

 | 

New ATM Malware family emerged in the threat landscape

 | 

A high-severity vulnerability affects Cisco Firepower Management Center

 | 

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

 | 

Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack

 | 

Fake AV websites used to distribute info-stealer malware

 | 

MITRE December 2023 attack: Threat actors created rogue VMs to evade detection

 | 

An XSS flaw in GitLab allows attackers to take over accounts

 | 

Google fixes eighth actively exploited Chrome zero-day this year, the third in a month

 | 

CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog

 | 

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

 | 

Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns

 | 

APT41: The threat of KeyPlug against Italian industries

 | 

Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM)

 | 

Chinese actor 'Unfading Sea Haze' remained undetected for five years

 | 

A consumer-grade spyware app found in check-in systems of 3 US hotels

 | 

Critical Veeam Backup Enterprise Manager authentication bypass bug

 | 

Cybercriminals are targeting elections in India with influence campaigns

 | 

Critical GitHub Enterprise Server Authentication Bypass bug. Fix it now!

 | 

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

 | 

CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog

 | 

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

 | 

Experts warn of a flaw in Fluent Bit utility that is used by major cloud platforms and firms

 | 

Experts released PoC exploit code for RCE in QNAP QTS

 | 

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

 | 

Two students uncovered a flaw that allows to use laundry machines for free

 | 

Grandoreiro Banking Trojan is back and targets banks worldwide

 | 

Healthcare firm WebTPA data breach impacted 2.5 million individuals

 | 

Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

 | 

North Korea-linked IT workers infiltrated hundreds of US firms

 | 

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

 | 

City of Wichita disclosed a data breach after the recent ransomware attack

 | 

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

 | 

CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog

 | 

North Korea-linked Kimsuky APT attack targets victims via Messenger

 | 

Electronic prescription provider MediSecure impacted by a ransomware attack

 | 

Google fixes seventh actively exploited Chrome zero-day this year, the third in a week

 | 

Santander: a data breach at a third-party provider impacted customers and employees

 | 

FBI seized the notorious BreachForums hacking forum

 | 

A Tornado Cash developer has been sentenced to 64 months in prison

 | 

Adobe fixed multiple critical flaws in Acrobat and Reader

 | 

Ransomware attack on Singing River Health System impacted 895,000 people

 | 

Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days

 | 

VMware fixed zero-day flaws demonstrated at Pwn2Own Vancouver 2024

 | 

MITRE released EMB3D Threat Model for embedded devices

 | 

Google fixes sixth actively exploited Chrome zero-day this year

 | 

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

 | 

Threat actors may have exploited a zero-day in older iPhones, Apple warns

 | 

City of Helsinki suffered a data breach

 | 

Russian hackers defaced local British news sites

 | 

Australian Firstmac Limited disclosed a data breach after cyber attack

 | 

Pro-Russia hackers targeted Kosovo’s government websites

 | 

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

 | 

Ohio Lottery data breach impacted over 538,000 individuals

 | 

Notorius threat actor IntelBroker claims the hack of the Europol

 | 

A cyberattack hit the US healthcare giant Ascension

 | 

Google fixes fifth actively exploited Chrome zero-day this year

 | 

Russia-linked APT28 targets government Polish institutions

 | 

Citrix warns customers to update PuTTY version installed on their XenCenter system manually

 | 

Dell discloses data breach impacting millions of customers

 | 

Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

 | 

Zscaler is investigating data breach claims

 | 

Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover

 | 

LockBit gang claimed responsibility for the attack on City of Wichita

 | 

New TunnelVision technique can bypass the VPN encapsulation

 | 

LiteSpeed Cache WordPress plugin actively exploited in the wild

 | 

Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

 | 

UK Ministry of Defense disclosed a third-party data breach exposing military personnel data 

 | 

Law enforcement agencies identified LockBit ransomware admin and sanctioned him

 | 

MITRE attributes the recent attack to China-linked UNC5221

 | 

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

 | 

City of Wichita hit by a ransomware attack

 | 

El Salvador suffered a massive leak of biometric data

 | 

Finland authorities warn of Android malware campaign targeting bank users

 | 

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

 | 

Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Blackbasta gang claimed responsibility for Synlab Italia attack

 | 

LockBit published data stolen from Simone Veil hospital in Cannes

 | 

Russia-linked APT28 and crooks are still using the Moobot botnet

 | 

Dirty stream attack poses billions of Android installs at risk

 | 

ZLoader Malware adds Zeus's anti-analysis feature

 | 

Ukrainian REvil gang member sentenced to 13 years in prison

 | 

HPE Aruba Networking addressed four critical ArubaOS RCE flaws

 | 

Threat actors hacked the Dropbox Sign production environment

 | 

CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog

 | 

Panda Restaurant Group disclosed a data breach

 | 

Ex-NSA employee sentenced to 262 months in prison for attempting to transfer classified documents to Russia

 | 

Cuttlefish malware targets enterprise-grade SOHO routers

 | 

A flaw in the R programming language could allow code execution

 | 

Muddling Meerkat, a mysterious DNS Operation involving China's Great Firewall

 | 

Notorious Finnish Hacker sentenced to more than six years in prison

 | 

CISA guidelines to protect critical infrastructure against AI-based threats

 | 

NCSC: New UK law bans default passwords on smart devices

 | 

The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data

 | 

Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023

 | 

Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals

 | 

Cyber-Partisans hacktivists claim to have breached Belarus KGB

 | 

The Los Angeles County Department of Health Services disclosed a data breach

 | 

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

 | 

ICICI Bank exposed credit card data of 17000 customers

 | 

Okta warns of unprecedented scale in credential stuffing attacks on online services

 | 

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Targeted operation against Ukraine exploited 7-year-old MS Office bug

 | 

Hackers may have accessed thousands of accounts on the California state welfare platform

 | 

Brokewell Android malware supports an extensive set of Device Takeover capabilities

 | 

Experts warn of an ongoing malware campaign targeting WP-Automatic plugin

 | 

Cryptocurrencies and cybercrime: A critical intermingling

 | 

Kaiser Permanente data breach may have impacted 13.4 million patients

 | 

Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug

 | 

Sweden’s liquor supply severely impacted by ransomware attack on logistics company

 | 

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

 | 

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

 | 

DOJ arrested the founders of crypto mixer Samourai for facilitating $2 Billion in illegal transactions

 | 

Google fixed critical Chrome vulnerability CVE-2024-4058

 | 

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

 | 

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

 | 

US offers a $10 million reward for information on four Iranian nationals

 | 

The street lights in Leicester City cannot be turned off due to a cyber attack

 | 

North Korea-linked APT groups target South Korean defense contractors

 | 

U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity

 | 

A cyber attack paralyzed operations at Synlab Italia

 | 

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

 | 

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

 | 

A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites

 | 

Akira ransomware received $42M in ransom payments from over 250 victims

 | 

DuneQuixote campaign targets the Middle East with a complex backdoor

 | 

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Critical CrushFTP zero-day exploited in attacks in the wild

 | 

A French hospital was forced to reschedule procedures after cyberattack

 | 

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

 | 

FBI chief says China is preparing to attack US critical infrastructure

 | 

United Nations Development Programme (UNDP) investigates data breach

 | 

FIN7 targeted a large U.S. carmaker with phishing attacks

 | 

Law enforcement operation dismantled phishing-as-a-service platform LabHost

 | 

Previously unknown Kapeka backdoor linked to Russian Sandworm APT

 | 

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

 | 

Linux variant of Cerber ransomware targets Atlassian servers

 | 

Ivanti fixed two critical flaws in its Avalanche MDM

 | 

Researchers released exploit code for actively exploited Palo Alto PAN-OS bug

 | 

Cisco warns of large-scale brute-force attacks against VPN and SSH services

 | 

PuTTY SSH Client flaw allows of private keys recovery

 | 

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

 | 

Misinformation and hacktivist campaigns targeting the Philippines skyrocket

 | 

Russia is trying to sabotage European railways, Czech minister said

 | 

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia 

 | 

Cisco Duo warns telephony supplier data breach exposed MFA SMS logs

 | 

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

 | 

CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog

 | 

Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor

 | 

U.S. and Australian police arrested Firebird RAT author and operator

 | 

Canadian retail chain Giant Tiger data breach may have impacted millions of customers

 | 

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Crooks manipulate GitHub's search results to distribute malware

 | 

BatBadBut flaw allowed an attacker to perform command injection on Windows

 | 

Roku disclosed a new security breach impacting 576,000 accounts

 | 

LastPass employee targeted via an audio deepfake call

 | 

TA547 targets German organizations with Rhadamanthys malware

 | 

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog

 | 

US CISA published an alert on the Sisense data breach

 | 

Palo Alto Networks fixed multiple DoS bugs in its firewalls

 | 

Apple warns of mercenary spyware attacks on iPhone users in 92 countries

 | 

Microsoft fixed two zero-day bugs exploited in malware attacks

 | 

Group Health Cooperative data breach impacted 530,000 individuals

 | 

AT&T states that the data breach impacted 51 million former and current customers

 | 

Fortinet fixed a critical remote code execution bug in FortiClientLinux

 | 

Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues

 | 

Cybersecurity in the Evolving Threat Landscape

 | 

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

 | 

ScrubCrypt used to drop VenomRAT along with many malicious plugins

 | 

Google announces V8 Sandbox to protect Chrome users

 | 

China is using generative AI to carry out influence operations

 | 

Greylock McKinnon Associates data breach exposed DOJ data of 341650 people

 | 

Crowdfense is offering a larger 30M USD exploit acquisition program

 | 

U.S. Department of Health warns of attacks against IT help desks

 | 

Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

 | 

More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

 | 

Cisco warns of XSS flaw in end-of-life small business routers

 | 

Magento flaw exploited to deploy persistent backdoor hidden in XML

 | 

Cyberattack disrupted services at Omni Hotels & Resorts

 | 

HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

 | 

US cancer center City of Hope: data breach impacted 827149 individuals

 | 

Ivanti fixed for 4 new issues in Connect Secure and Policy Secure

 | 

Jackson County, Missouri, discloses a ransomware attack

 | 

Google addressed another Chrome zero-day exploited at Pwn2Own in March

 | 

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

 | 

Google fixed two actively exploited Pixel vulnerabilities

 | 

Highly sensitive files mysteriously disappeared from EUROPOL headquarters

 | 

XSS flaw in WordPress WP-Members Plugin can lead to script injection

 | 

Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

 | 

Google agreed to erase billions of browser records to settle a class action lawsuit

 | 

PandaBuy data breach allegedly impacted over 1.3 million customers

 | 

OWASP discloses a data breach

 | 

New Vultur malware version includes enhanced remote control and evasion capabilities

 | 

Pentagon established the Office of the Assistant Secretary of Defense for Cyber Policy

 | 

Info stealer attacks target macOS users

 | 

Security Affairs newsletter Round 465 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

DinodasRAT Linux variant targets users worldwide

 | 

AT&T confirmed that a data breach impacted 73 million customers

 | 

Expert found a backdoor in XZ tools used many Linux distributions

 | 

German BSI warns of 17,000 unpatched Microsoft Exchange servers

 | 

Cisco warns of password-spraying attacks targeting Secure Firewall devices

 | 

American fast-fashion firm Hot Topic hit by credential stuffing attacks

 | 

Cisco addressed high-severity flaws in IOS and IOS XE software

 | 

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

 | 

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

 | 

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

 | 

The DDR Advantage: Real-Time Data Defense

 | 

Finnish police linked APT31 to the 2021 parliament attack

 | 

TheMoon bot infected 40,000 devices in January and February

 | 

UK, New Zealand against China-linked cyber operations

 | 

US Treasury Dep announced sanctions against members of China-linked APT31

 | 

CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog

 | 

Iran-Linked APT TA450 embeds malicious links in PDF attachments

 | 

StrelaStealer targeted over 100 organizations across the EU and US

 | 

GoFetch side-channel attack against Apple systems allows secret keys extraction

 | 

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr

 | 

Russia-linked APT29 targeted German political parties with WINELOADER backdoor

 | 

Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

 | 

Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites

 | 

German police seized the darknet marketplace Nemesis Market

 | 

Unsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic locks

 | 

Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days

 | 

Critical Fortinet's FortiClient EMS flaw actively exploited in the wild

 | 

Pwn2Own Vancouver 2024 Day 1 - team Synacktiv hacked a Tesla

 | 

New Loop DoS attack may target 300,000 vulnerable hosts

 | 

Critical flaw in Atlassian Bamboo Data Center and Server must be fixed immediately

 | 

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

 | 

BunnyLoader 3.0 surfaces in the threat landscape

 | 

Pokemon Company resets some users' passwords

 | 

Ukraine cyber police arrested crooks selling 100 million compromised accounts

 | 

New AcidPour wiper targets Linux x86 devices. Is it a Russia's weapon?

 | 

Players hacked during the matches of Apex Legends Global Series. Tournament suspended

 | 

Earth Krahang APT breached tens of government organizations worldwide

 | 

PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

 | 

Fujitsu suffered a malware attack and probably a data breach

 | 

Remove WordPress miniOrange plugins, a critical flaw can allow site takeover

 | 

The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats

 | 

Email accounts of the International Monetary Fund compromised

 | 

Threat actors leaked 70,000,000+ records allegedly stolen from AT&T

 | 

“gitgub” malware campaign targets Github users with RisePro info-stealer

 | 

Security Affairs newsletter Round 463 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

France Travail data breach impacted 43 Million people

 | 

Scranton School District in Pennsylvania suffered a ransomware attack

 | 

Lazarus APT group returned to Tornado Cash to launder stolen funds

 | 

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

 | 

UK Defence Secretary jet hit by an electronic warfare attack in Poland

 | 

Cisco fixed high-severity elevation of privilege and DoS bugs

 | 

Recent DarkGate campaign exploited Microsoft Windows zero-day

 | 

Nissan Oceania data breach impacted roughly 100,000 people

 | 

Researchers found multiple flaws in ChatGPT plugins

 | 

Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS

 | 

Acer Philippines disclosed a data breach after a third-party vendor hack

 | 

Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack

 | 

Microsoft Patch Tuesday security updates for March 2024 fixed 59 flaws

 | 

Russia's Foreign Intelligence Service (SVR) alleges US is plotting to interfere in presidential election

 | 

First-ever South Korean national detained for espionage in Russia

 | 

Insurance scams via QR codes: how to recognise and defend yourself

 | 

Massive cyberattacks hit French government agencies

 | 

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

 | 

Experts released PoC exploit for critical Progress Software OpenEdge bug

 | 

Magnet Goblin group used a new Linux variant of NerbianRAT malware

 | 

Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites

 | 

Lithuania security services warn of China's espionage against the country

 | 

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Threat actors breached two crucial systems of the US CISA

 | 

CISA adds JetBrains TeamCity bug to its Known Exploited Vulnerabilities catalog

 | 

Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices

 | 

QNAP fixed three flaws in its NAS devices, including an authentication bypass

 | 

Russia-linked Midnight Blizzard breached Microsoft systems again

 | 

Cisco addressed severe flaws in its Secure Client

 | 

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

 | 

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023

 | 

National intelligence agency of Moldova warns of Russia attacks ahead of the presidential election

 | 

CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog

 | 

Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers

 | 

CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

 | 

Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks

 | 

LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage

 | 

Apple emergency security updates fix two new iOS zero-days

 | 

VMware urgent updates addressed Critical ESXi Sandbox Escape bugs

 | 

US Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacks

 | 

CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

 | 

Experts disclosed two severe flaws in JetBrains TeamCity On-Premises software

 | 

Ukraine's GUR hacked the Russian Ministry of Defense

 | 

Some American Express customers' data exposed in a third-party data breach

 | 

META hit with privacy complaints by EU consumer groups

 | 

New GTPDOOR backdoor is designed to target telecom carrier networks

 | 

Threat actors hacked Taiwan-based Chunghwa Telecom

 | 

New Linux variant of BIFROSE RAT uses deceptive domain strategies

 | 

Eken camera doorbells allow ill-intentioned individuals to spy on you

 | 

Security Affairs newsletter Round 461 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

 | 

U.S. authorities charged an Iranian national for long-running hacking campaign

 | 

US cyber and law enforcement agencies warn of Phobos ransomware attacks

 | 

Police seized Crimemarket, the largest German-speaking cybercrime marketplace

 | 

Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws

 | 

Crooks stole €15 Million from European retail company Pepco

 | 

CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog

 | 

Researchers found a zero-click Facebook account takeover

 | 

New SPIKEDWINE APT group is targeting officials in Europe

 | 

Is the LockBit gang resuming its operation?

 | 

Lazarus APT exploited zero-day in Windows driver to gain kernel privileges

 | 

Pharmaceutical giant Cencora discloses a data breach

 | 

Unmasking 2024's Email Security Landscape

 | 

FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector

 | 

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

 | 

Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs

 | 

XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk

 | 

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

 | 

New Redis miner Migo uses novel system weakening techniques

 | 

Critical flaw found in deprecated VMware EAP. Uninstall it immediately

 | 

Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers

 | 

ConnectWise fixed critical flaws in ScreenConnect remote access tool

 | 

More details about Operation Cronos that disrupted Lockbit operation

 | 

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

 | 

Operation Cronos: law enforcement disrupted the LockBit operation

 | 

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

 | 

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

 | 

How BRICS Got "Rug Pulled" – Cryptocurrency Counterfeiting is on the Rise

 | 

SolarWinds addressed critical RCEs in Access Rights Manager (ARM)

 | 

ESET fixed high-severity local privilege escalation bug in Windows products

 | 

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

 | 

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

 | 

CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog

 | 

US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders

 | 

U.S. CISA: hackers breached a state government organization

 | 

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

 | 

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

 | 

A cyberattack halted operations at Varta production plants

 | 

North Korea-linked actors breached the emails of a Presidential Office member

 | 

CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog

 | 

Nation-state actors are using AI services and LLMs for cyberattacks

 | 

Abusing the Ubuntu 'command-not-found' utility to install malicious packages

 | 

Zoom fixed critical flaw CVE-2024-24691 in Windows software

 | 

Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader

 | 

Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days

 | 

A ransomware attack took 100 Romanian hospitals down

 | 

Bank of America customer data compromised after a third-party services provider data breach

 | 

Ransomfeed - Third Quarter Report 2023 is out!

 | 

Global Malicious Activity Targeting Elections is Skyrocketing

 | 

Researchers released a free decryption tool for the Rhysida Ransomware

 | 

Residential Proxies vs. Datacenter Proxies: Choosing the Right Option

 | 

CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog

 | 

Canada Gov plans to ban the Flipper Zero to curb car thefts

 | 

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

 | 

US Feds arrested two men involved in the Warzone RAT operation

 | 

Raspberry Robin spotted using two new 1-day LPE exploits

 | 

Security Affairs newsletter Round 458 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog

 | 

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

 | 

Exploiting a vulnerable Minifilter Driver to create a process killer

 | 

Black Basta ransomware gang hacked Hyundai Motor Europe

 | 

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

 | 

Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices

 | 

26 Cyber Security Stats Every User Should Be Aware Of in 2024

 | 

US offers $10 million reward for info on Hive ransomware group leaders

 | 

Unraveling the truth behind the DDoS attack from electric toothbrushes

 | 

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

 | 

Cisco fixes critical Expressway Series CSRF vulnerabilities

 | 

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

 | 

Fortinet addressed two critical FortiSIEM vulnerabilities

 | 

Experts warn of a critical bug in JetBrains TeamCity On-Premises

 | 

Critical shim bug impacts every Linux boot loader signed in the past decade

 | 

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

 | 

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

 | 

Google fixed an Android critical remote code execution flaw

 | 

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

 | 

U.S. Gov imposes visa restrictions on individuals misusing Commercial Spyware

 | 

HPE is investigating claims of a new security breach

 | 

Experts warn of a surge of attacks targeting Ivanti SSRF flaw 

 | 

How to hack the Airbus NAVBLUE Flysmart+ Manager

 | 

Crooks stole $25.5 million from a multinational firm using a 'deepfake' video call

 | 

Software firm AnyDesk disclosed a security breach

 | 

The 'Mother of all Breaches': Navigating the Aftermath and Fortifying Your Data with DSPM

 | 

US government imposed sanctions on six Iranian intel officials

 | 

A cyberattack impacted operations at Lurie Children's Hospital

 | 

AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web

 | 

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Clorox estimates the costs of the August cyberattack will exceed $49 Million

 | 

Mastodon fixed a flaw that can allow the takeover of any account

 | 

Iranian hackers breached Albania’s Institute of Statistics (INSTAT)

 | 

Operation Synergia led to the arrest of 31 individuals

 | 

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

 | 

Cloudflare breached on Thanksgiving Day, but the attack was promptly contained

 | 

PurpleFox malware infected at least 2,000 computers in Ukraine

 | 

Man sentenced to six years in prison for stealing millions in cryptocurrency via SIM swapping

 | 

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

 | 

Multiple malware used in attacks exploiting Ivanti VPN flaws

 | 

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

 | 

Crooks stole around $112 million worth of XRP from Ripple’s co-founder

 | 

CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

 | 

Ivanti warns of a new actively exploited zero-day

 | 

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

 | 

Data leak at fintech giant Direct Trading Technologies

 | 

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

 | 

Italian data protection authority said that ChatGPT violated EU privacy laws

 | 

750 million Indian mobile subscribers' data offered for sale on dark web

 | 

Juniper Networks released out-of-band updates to fix high-severity flaws

 | 

Hundreds of network operators’ credentials found circulating in Dark Web

 | 

Cactus ransomware gang claims the Schneider Electric hack

 | 

Mercedes-Benz accidentally exposed sensitive data, including source code

 | 

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

 | 

NSA buys internet browsing records from data brokers without a warrant

 | 

Ukraine’s SBU arrested a member of Pro-Russia hackers group 'Cyber Army of Russia'

 | 

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

 | 

Medusa ransomware attack hit Kansas City Area Transportation Authority

 | 

Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center

 | 

Participants earned more than $1.3M at the Pwn2Own Automotive competition

 | 

A TrickBot malware developer sentenced to 64 months in prison

 | 

Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns

 | 

Watch out, experts warn of a critical flaw in Jenkins

 | 

Pwn2Own Automotive 2024 Day 2 - Tesla hacked again

 | 

Yearly Intel Trend Review: The 2023 RedSense report

 | 

Cisco warns of a critical bug in Unified Communications products, patch it now!

 | 

Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)

 | 

CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog

 | 

5379 GitLab servers vulnerable to zero-click account takeover attacks

 | 

Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204

 | 

Splunk fixed high-severity flaw impacting Windows versions

 | 

Watch out, a new critical flaw affects Fortra GoAnywhere MFT

 | 

Australian government announced sanctions for Medibank hacker

 | 

LoanDepot data breach impacted roughly 16.6 individuals

 | 

Black Basta gang claims the hack of the UK water utility Southern Water

 | 

CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog

 | 

Mother of all breaches - a historic data leak reveals 26 billion records: check what's exposed

 | 

Apple fixed actively exploited zero-day CVE-2024-23222

 | 

“My Slice”, an Italian adaptive phishing campaign

 | 

Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell

 | 

Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web

 | 

Backdoored pirated applications targets Apple macOS users

 | 

LockBit ransomware gang claims the attack on the sandwich chain Subway

 | 

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Admin of the BreachForums hacking forum sentenced to 20 years supervised release

 | 

VF Corp December data breach impacts 35 million customers

 | 

China-linked APT UNC3886 exploits VMware zero-day since 2021

 | 

Ransomware attacks break records in 2023: the number of victims rose by 128%

 | 

U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082

 | 

The Quantum Computing Cryptopocalypse – I’ll Know It When I See It

 | 

Kansas State University suffered a serious cybersecurity incident

 | 

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

 | 

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

 | 

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

 | 

iShutdown lightweight method allows to discover spyware infections on iPhones

 | 

Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

 | 

Github rotated credentials after the discovery of a vulnerability

 | 

FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation

 | 

Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

 | 

Google fixed the first actively exploited Chrome zero-day of 2024

 | 

Atlassian fixed critical RCE in older Confluence versions

 | 

VMware fixed a critical flaw in Aria Automation. Patch it now!

 | 

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

 | 

Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

 | 

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

 | 

Phemedrone info stealer campaign exploits Windows smartScreen bypass

 | 

Balada Injector continues to infect thousands of WordPress sites

 | 

Attackers target Apache Hadoop and Flink to deliver cryptominers

 | 

Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic

 | 

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

GitLab fixed a critical zero-click account hijacking flaw

 | 

Juniper Networks fixed a critical RCE bug in its firewalls and switches

 | 

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

 | 

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

 | 

Team Liquid’s wiki leak exposes 118K users

 | 

CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog

 | 

Two zero-day bugs in Ivanti Connect Secure actively exploited

 | 

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

 | 

Cisco fixed critical Unity Connection vulnerability CVE-2024-20272

 | 

ShinyHunters member sentenced to three years in prison

 | 

HMG Healthcare disclosed a data breach

 | 

Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval

 | 

Decryptor for Tortilla variant of Babuk ransomware released

 | 

Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws

 | 

CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog

 | 

Syrian group Anonymous Arabic distributes stealthy malware Silver RAT

 | 

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

 | 

DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace

 | 

Long-existing Bandook RAT targets Windows machines

 | 

A cyber attack hit the Beirut International Airport

 | 

Iranian crypto exchange Bit24.cash leaks user passports and IDs

 | 

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

 | 

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

 | 

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

 | 

The source code of Zeppelin Ransomware sold on a hacking forum

 | 

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

 | 

Ivanti fixed a critical EPM flaw that can result in remote code execution

 | 

MyEstatePoint Property Search Android app leaks user passwords

 | 

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

 | 

HealthEC data breach impacted more than 4.5 Million people

 | 

Experts found 3 malicious packages hiding crypto miners in PyPi repository

 | 

Crooks hacked Mandiant X account to push cryptocurrency scam

 | 

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

 | 

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

 | 

Don’t trust links with known domains: BMW affected by redirect vulnerability

 | 

Hackers stole more than $81 million worth of crypto assets from Orbit Chain

 | 

Ukraine’s SBU said that Russia's intelligence hacked surveillance cameras to direct a missile strike on Kyiv

 | 

Experts warn of JinxLoader loader used to spread Formbook and XLoader

 | 

Terrapin attack allows to downgrade SSH protocol security

 | 

Multiple organizations in Iran were breached by a mysterious hacker

 | 

Top 2023 Security Affairs cybersecurity stories

 | 

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

 | 

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

 | 

Google agreed to settle a $5 billion privacy lawsuit

 | 

Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

INC RANSOM ransomware gang claims to have breached Xerox Corp

 | 

Spotify music converter TuneFab puts users at risk

 | 

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania

 | 

Russia-linked APT28 used new malware in a recent phishing campaign

 | 

Clash of Clans gamers at risk while using third-party app

 | 

New Version of Meduza Stealer Released in Dark Web

 | 

Operation Triangulation attacks relied on an undocumented hardware feature

 | 

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

 | 

Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network

 | 

Experts warn of critical Zero-Day in Apache OfBiz

 | 

Xamalicious Android malware distributed through the Play Store

 | 

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

 | 

Elections 2024, artificial intelligence could upset world balances

 | 

Experts analyzed attacks against poorly managed Linux SSH servers

 | 

A cyberattack hit Australian healthcare provider St Vincent’s Health Australia

 | 

Rhysida ransomware group hacked Abdali Hospital in Jordan

 | 

Carbanak malware returned in ransomware attacks

 | 

Resecurity Released a 2024 Cyber Threat Landscape Forecast

 | 

APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw

 | 

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

 | 

Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Europol and ENISA spotted 443 e-stores compromised with digital skimming

 | 

Video game giant Ubisoft investigates reports of a data breach

 | 

LockBit ransomware gang claims to have breached accountancy firm Xeinadin

 | 

Mobile virtual network operator Mint Mobile discloses a data breach

 | 

Akira ransomware gang claims the theft of sensitive data from Nissan Australia

 | 

Member of Lapsus$ gang sentenced to an indefinite hospital order

 | 

Real estate agency exposes details of 690k customers

 | 

ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products

 | 

Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

 | 

Data leak exposes users of car-sharing service Blink Mobility

 | 

Google addressed a new actively exploited Chrome zero-day

 | 

German police seized the dark web marketplace Kingdom Market

 | 

Law enforcement Operation HAECHI IV led to the seizure of $300 Million

 | 

Sophisticated JaskaGO info stealer targets macOS and Windows

 | 

BMW dealer at risk of takeover by cybercriminals

 | 

Comcast’s Xfinity customer data exposed after CitrixBleed attack

 | 

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

 | 

Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season

 | 

The ransomware attack on Westpole is disrupting digital services for Italian public administration

 | 

Info stealers and how to protect against them

 | 

Pro-Israel Predatory Sparrow hacker group disrupted services at around 70% of Iran’s fuel stations

 | 

Qakbot is back and targets the Hospitality industry

 | 

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

 | 

MongoDB investigates a cyberattack, customer data exposed

 | 

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

 | 

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

New NKAbuse malware abuses NKN decentralized P2P network protocol

 | 

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

 | 

Multiple flaws in pfSense firewall can lead to arbitrary code execution

 | 

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

 | 

Data of over a million users of the crypto exchange GokuMarket exposed

 | 

Idaho National Laboratory data breach impacted 45,047 individuals

 | 

Ubiquiti users claim to have access to other people’s devices

 | 

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

 | 

Microsoft seized the US infrastructure of the Storm-1152 cybercrime group

 | 

French authorities arrested a Russian national for his role in the Hive ransomware operation

 | 

China-linked APT Volt Typhoon linked to KV-Botnet

 | 

UK Home Office is ignoring the risk of 'catastrophic ransomware attacks,' report warns

 | 

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

 | 

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

 | 

December 2023 Microsoft Patch Tuesday fixed 4 critical flaws

 | 

Ukrainian military intelligence service hacked the Russian Federal Taxation Service

 | 

Kyivstar, Ukraine's largest mobile carrier brought down by a cyber attack

 | 

Dubai’s largest taxi app exposes 220K+ users

 | 

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

 | 

Apple released iOS 17.2 to address a dozen of security flaws

 | 

Toyota Financial Services discloses a data breach

 | 

Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2

 | 

CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

 | 

CISA and ENISA signed a Working Arrangement to enhance cooperation

 | 

Researcher discovered a new lock screen bypass bug for Android 14 and 13

 | 

WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw

 | 

Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Hacktivists hacked an Irish water utility and interrupted the water supply

 | 

5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips

 | 

Norton Healthcare disclosed a data breach after a ransomware attack

 | 

Bypassing major EDRs using Pool Party process injection techniques

 | 

Founder of Bitzlato exchange has pleaded for unlicensed money transmitting

 | 

Android barcode scanner app exposes user passwords

 | 

UK and US expose Russia Callisto Group's activity and sanction members

 | 

A cyber attack hit Nissan Oceania

 | 

New Krasue Linux RAT targets telecom companies in Thailand

 | 

Atlassian addressed four new RCE flaws in its products

 | 

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

 | 

Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

 | 

GST Invoice Billing Inventory exposes sensitive data to threat actors

 | 

Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw

 | 

ENISA published the ENISA Threat Landscape for DoS Attacks Report

 | 

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

 | 

Google fixed critical zero-click RCE in Android

 | 

New P2PInfect bot targets routers and IoT devices

 | 

Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

 | 

LockBit on a Roll - ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

 | 

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

 | 

New Agent Raccoon malware targets the Middle East, Africa and the US

 | 

Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Researchers devised an attack technique to extract ChatGPT training data

 | 

Fortune-telling website WeMystic exposes 13M+ user records

 | 

Expert warns of Turtle macOS ransomware

 | 

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

 | 

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

 | 

Apple addressed 2 new iOS zero-day vulnerabilities

 | 

Critical Zoom Room bug allowed to gain access to Zoom Tenants

 | 

Rhysida ransomware group hacked King Edward VII’s Hospital in London

 | 

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

 | 

Okta reveals additional attackers' activities in October 2023 Breach

 | 

Thousands of secrets lurk in app images on Docker Hub

 | 

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

 | 

International police operation dismantled a prominent Ukraine-based Ransomware group

 | 

Daixin Team group claimed the hack of North Texas Municipal Water District

 | 

Healthcare provider Ardent Health Services disclosed a ransomware attack

 | 

Ukraine's intelligence service hacked Russia's Federal Air Transport Agency, Rosaviatsia

 | 

Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania

 | 

The hack of MSP provider CTS potentially impacted hundreds of UK law firms

 | 

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Rhysida ransomware gang claimed China Energy hack

 | 

North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

 | 

Hamas-linked APT uses Rust-based SysJoker backdoor against Israel

 | 

App used by hundreds of schools leaking children's data

 | 

Microsoft launched its new Microsoft Defender Bounty Program

 | 

Exposed Kubernetes configuration secrets can fuel supply chain attacks

 | 

North Korea-linked Konni APT uses Russian-language weaponized documents

 | 

ClearFake campaign spreads macOS AMOS information stealer

 | 

Welltok data breach impacted 8.5 million patients in the U.S.

 | 

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

 | 

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

 | 

New InfectedSlurs Mirai-based botnet exploits two zero-days

 | 

SiegedSec hacktivist group hacked Idaho National Laboratory (INL)

 | 

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

 | 

Citrix provides additional measures to address Citrix Bleed

 | 

Tor Project removed several relays associated with a suspicious cryptocurrency scheme

 | 

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

 | 

The Top 5 Reasons to Use an API Management Platform

 | 

Canadian government impacted by data breaches of two of its contractors

 | 

Rhysida ransomware gang is auctioning data stolen from the British Library

 | 

Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies

 | 

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

 | 

US teenager pleads guilty to his role in credential stuffing attack on a betting site

 | 

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

8Base ransomware operators use a new variant of the Phobos ransomware

 | 

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

 | 

The board of directors of OpenAI fired Sam Altman

 | 

Medusa ransomware gang claims the hack of Toyota Financial Services

 | 

CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog

 | 

Zimbra zero-day exploited to steal government emails by four groups

 | 

Vietnam Post exposes 1.2TB of data, including email addresses

 | 

Samsung suffered a new data breach

 | 

FBI and CISA warn of attacks by Rhysida ransomware gang

 | 

Critical flaw fixed in SAP Business One product

 | 

Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

 | 

Gamblers’ data compromised after casino giant Strendus fails to set password

 | 

VMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director Appliance

 | 

Danish critical infrastructure hit by the largest cyber attack in Denmark's history

 | 

Major Australian ports blocked after a cyber attack on DP World

 | 

Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024

 | 

CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog

 | 

LockBit ransomware gang leaked data stolen from Boeing

 | 

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

 | 

The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital

 | 

The State of Maine disclosed a data breach that impacted 1.3M people

 | 

Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

 | 

Serbian pleads guilty to running ‘Monopoly’ dark web drug market

 | 

McLaren Health Care revealed that a data breach impacted 2.2 million people

 | 

After ChatGPT, Anonymous Sudan took down the Cloudflare website

 | 

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

 | 

SysAid zero-day exploited by Clop ransomware group

 | 

Dolly.com pays ransom, attackers release data anyway

 | 

DDoS attack leads to significant disruption in ChatGPT services

 | 

Russian Sandworm disrupts power in Ukraine with a new OT attack

 | 

Veeam fixed multiple flaws in Veeam ONE, including critical issues

 | 

Pro-Palestinian hackers group 'Soldiers of Solomon' disrupted the production cycle of the biggest flour production plant in Israel

 | 

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

 | 

Critical Confluence flaw exploited in ransomware attacks

 | 

QNAP fixed two critical vulnerabilities in QTS OS and apps

 | 

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

 | 

Socks5Systemz proxy service delivered via PrivateLoader and Amadey

 | 

US govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actors

 | 

Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

 | 

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

 | 

ZDI discloses four zero-day flaws in Microsoft Exchange

 | 

Okta customer support system breach impacted 134 customers

 | 

Multiple WhatsApp mods spotted containing the CanesSpy Spyware

 | 

Russian FSB arrested Russian hackers who supported Ukrainian cyber operations

 | 

MuddyWater has been spotted targeting two Israeli entities

 | 

Clop group obtained access to the email addresses of about 632,000 US federal employees

 | 

Okta discloses a new data breach after a third-party vendor was hacked

 | 

Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware

 | 

Boeing confirmed its services division suffered a cyberattack

 | 

Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India

 | 

Who is behind the Mozi Botnet kill switch?

 | 

CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog

 | 

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

 | 

Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper

 | 

British Library suffers major outage due to cyberattack

 | 

Critical Atlassian Confluence flaw can lead to significant data loss

 | 

WiHD leak exposes details of all torrent users

 | 

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

 | 

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

 | 

Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency

 | 

Wiki-Slack attack allows redirecting business professionals to malicious websites

 | 

HackerOne awarded over $300 million bug hunters

 | 

StripedFly, a complex malware that infected one million devices without being noticed

 | 

IT Army of Ukraine disrupted internet providers in territories occupied by Russia

 | 

Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023

 | 

Lockbit ransomware gang claims to have stolen data from Boeing

 | 

How to Collect Market Intelligence with Residential Proxies?

 | 

F5 urges to address a critical flaw in BIG-IP

 | 

Hello Alfred app exposes user data

 | 

iLeakage attack exploits Safari to steal data from Apple devices

 | 

Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps

 | 

Seiko confirmed a data breach after BlackCat attack

 | 

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

 | 

Pwn2Own Toronto 2023 Day 1 - organizers awarded $438,750 in prizes

 | 

VMware addressed critical vCenter flaw also for End-of-Life products

 | 

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

 | 

New England Biolabs leak sensitive data

 | 

Former NSA employee pleads guilty to attempted selling classified documents to Russia

 | 

Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!

 | 

How did the Okta Support breach impact 1Password?

 | 

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

 | 

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

 | 

CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

 | 

Cisco warns of a second IOS XE zero-day used to infect devices worldwide

 | 

City of Philadelphia suffers a data breach

 | 

SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

 | 

Don't use AI-based apps, Philippine defense ordered its personnel

 | 

Vietnamese threat actors linked to DarkGate malware campaign

 | 

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

 | 

The attack on the International Criminal Court was targeted and sophisticated

 | 

Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

A threat actor is selling access to Facebook and Instagram's Police Portal

 | 

Threat actors breached Okta support system and stole customers' data

 | 

US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide

 | 

Alleged developer of the Ragnar Locker ransomware was arrested

 | 

CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

 | 

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

 | 

Law enforcement operation seized Ragnar Locker group's infrastructure

 | 

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

 | 

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

 | 

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

 | 

Californian IT company DNA Micro leaks private mobile phone data

 | 

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

 | 

A flaw in Synology DiskStation Manager allows admin account takeover

 | 

D-Link confirms data breach, but downplayed the impact

 | 

CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems

 | 

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

 | 

Ransomware realities in 2023: one employee mistake can cost a company millions

 | 

Malware-laced 'RedAlert - Rocket Alerts' app targets Israeli users 

 | 

Cisco warns of active exploitation of IOS XE zero-day

 | 

Signal denies claims of an alleged zero-day flaw in its platform

 | 

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

 | 

DarkGate malware campaign abuses Skype and Teams

 | 

The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital

 | 

Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Lockbit ransomware gang demanded an 80 million ransom to CDW

 | 

CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks

 | 

Stayin' Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

 | 

FBI and CISA published a new advisory on AvosLocker ransomware

 | 

More than 17,000 WordPress websites infected with the Balada Injector in September

 | 

Ransomlooker, a new tool to track and analyze ransomware groups' activities

 | 

Phishing, the campaigns that are targeting Italy

 | 

A new Magecart campaign hides the malicious code in 404 error page

 | 

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

 | 

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

 | 

Air Europa data breach exposed customers' credit cards

 | 

#OpIsrael, #FreePalestine & #OpSaudiArabia - How Cyber Actors Capitalize On War Actions Via Psy-Ops

 | 

Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws

 | 

New 'HTTP/2 Rapid Reset' technique behind record-breaking DDoS attacks

 | 

Exposed security cameras in Israel and Palestine pose significant risks

 | 

A flaw in libcue library impacts GNOME Linux systems

 | 

Hacktivists in Palestine and Israel after SCADA and other industrial control systems

 | 

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

 | 

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

 | 

Gaza-linked hackers and Pro-Russia groups are targeting Israel

 | 

Flagstar Bank suffered a data breach once again

 | 

Android devices shipped with backdoored firmware as part of the BADBOX network

 | 

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

 | 

North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime

 | 

QakBot threat actors are still operational after the August takedown

 | 

Ransomware attack on MGM Resorts costs $110 Million

 | 

Cybersecurity, why a hotline number could be important?

 | 

Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables

 | 

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

 | 

Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege

 | 

CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog

 | 

NATO is investigating a new cyber attack claimed by the SiegedSec group

 | 

Global CRM Provider Exposed Millions of Clients’ Files Online

 | 

Sony sent data breach notifications to about 6,800 individuals

 | 

Apple fixed the 17th zero-day flaw exploited in attacks

 | 

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

 | 

A cyberattack disrupted Lyca Mobile services

 | 

Chipmaker Qualcomm warns of three actively exploited zero-days

 | 

DRM Report Q2 2023 - Ransomware threat landscape

 | 

Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform

 | 

San Francisco’s transport agency exposes drivers’ parking permits and addresses

 | 

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

 | 

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

 | 

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

 | 

European Telecommunications Standards Institute (ETSI) suffered a data breach

 | 

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

 | 

National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers

 | 

North Korea-linked Lazarus targeted a Spanish aerospace company

 | 

Ransomware attack on Johnson Controls may have exposed sensitive DHS data

 | 

BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care

 | 

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

 | 

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

 | 

FBI warns of dual ransomware attacks

 | 

Progress Software fixed two critical severity flaws in WS_FTP Server

 | 

Child abuse site taken down, organized child exploitation crime suspected – exclusive

 | 

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

 | 

Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

 | 

Misconfigured WBSC server leaks thousands of passports

 | 

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

 | 

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

 | 

Dark Angels Team ransomware group hit Johnson Controls

 | 

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

 | 

Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices

 | 

China-linked APT BlackTech was spotted hiding in Cisco router firmware

 | 

Watch out! CVE-2023-5129 in libwebp library affects millions applications

 | 

DarkBeam leaks billions of email and password combinations

 | 

'Ransomed.vc' in the Spotlight - What is Known About the Ransomware Group Targeting Sony and NTT Docomo

 | 

Top 5 Problems Solved by Data Lineage

 | 

Threat actors claim the hack of Sony, and the company investigates

 | 

Canadian Flair Airlines left user data leaking for months

 | 

The Rhysida ransomware group hit the Kuwait Ministry of Finance

 | 

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

 | 

Xenomorph malware is back after months of hiatus and expands the list of targets

 | 

Smishing Triad Stretches Its Tentacles into the United Arab Emirates

 | 

Crooks stole $200 million worth of assets from Mixin Network

 | 

A phishing campaign targets Ukrainian military entities with drone manual lures

 | 

Alert! Patch your TeamCity instance to avoid server hack

 | 

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

 | 

Nigerian National pleads guilty to participating in a millionaire BEC scheme

 | 

New variant of BBTok Trojan targets users of +40 banks in LATAM

 | 

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

 | 

Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

 | 

Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

 | 

National Student Clearinghouse data breach impacted approximately 900 US schools

 | 

Government of Bermuda blames Russian threat actors for the cyber attack

 | 

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

 | 

CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog

 | 

Information of Air Canada employees exposed in recent cyberattack

 | 

Sandman APT targets telcos with LuaDream backdoor

 | 

Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws

 | 

Ukrainian hackers are behind the Free Download Manager supply chain attack

 | 

Space and defense tech maker Exail Technologies exposes database access

 | 

Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions

 | 

Experts found critical flaws in Nagios XI network monitoring software

 | 

The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs

 | 

International Criminal Court hit with a cyber attack

 | 

GitLab addressed critical vulnerability CVE-2023-5009

 | 

Trend Micro addresses actively exploited zero-day in Apex One and other security Products

 | 

ShroudedSnooper threat actors target telecom companies in the Middle East

 | 

Recent cyber attack is causing Clorox products shortage

 | 

Earth Lusca expands its arsenal with SprySOCKS Linux malware

 | 

Microsoft AI research division accidentally exposed 38TB of sensitive data

 | 

German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals

 | 

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

 | 

FBI hacker USDoD leaks highly sensitive TransUnion data

 | 

North Korea's Lazarus APT stole almost $240 million in crypto assets since June

 | 

Clop gang stolen data from major North Carolina hospitals

 | 

CardX released a data leak notification impacting their customers in Thailand

 | 

Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition

 | 

TikTok fined €345M by Irish DPC for violating children’s privacy

 | 

Dariy Pankov, the NLBrute malware author, pleads guilty

 | 

Dangerous permissions detected in top Android health apps

 | 

Caesars Entertainment paid a ransom to avoid stolen data leaks

 | 

Free Download Manager backdoored to serve Linux malware for more than 3 years

 | 

Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York

 | 

The iPhone of a Russian journalist was infected with the Pegasus spyware

 | 

Kubernetes flaws could lead to remote code execution on Windows endpoints

 | 

Threat actor leaks sensitive data belonging to Airbus

 | 

A new ransomware family called 3AM appears in the threat landscape

 | 

Redfly group infiltrated an Asian national grid as long as six months

 | 

Mozilla fixed a critical zero-day in Firefox and Thunderbird

 | 

Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws

 | 

Save the Children confirms it was hit by cyber attack

 | 

Adobe fixed actively exploited zero-day in Acrobat and Reader

 | 

A new Repojacking attack exposed over 4,000 GitHub repositories to hack

 | 

MGM Resorts hit by a cyber attack

 | 

Anonymous Sudan launched a DDoS attack against Telegram

 | 

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

 | 

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

 | 

CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog

 | 

UK and US sanctioned 11 members of the Russia-based TrickBot gang

 | 

New HijackLoader malware is rapidly growing in popularity in the cybercrime community

 | 

Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable

 | 

Evil Telegram campaign: Trojanized Telegram apps found on Google Play

 | 

Rhysida Ransomware gang claims to have hacked three more US hospitals

 | 

Akamai prevented the largest DDoS attack on a US financial company

 | 

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

 | 

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog

 | 

Ragnar Locker gang leaks data stolen from the Israel's Mayanei Hayeshua hospital

 | 

North Korea-linked threat actors target cybersecurity experts with a zero-day

 | 

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

 | 

Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

 | 

Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs

 | 

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

 | 

Two flaws in Apache SuperSet allow to remotely hack servers

 | 

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

 | 

Google addressed an actively exploited zero-day in Android

 | 

A zero-day in Atlas VPN Linux Client leaks users' IP address

 | 

MITRE and CISA release Caldera for OT attack emulation

 | 

ASUS routers are affected by three critical remote code execution flaws

 | 

Hackers stole $41M worth of crypto assets from crypto gambling firm Stake

 | 

Freecycle data breach impacted 7 Million users

 | 

Meta disrupted two influence campaigns from China and Russia

 | 

A massive DDoS attack took down the site of the German financial agency BaFin

 | 

"Smishing Triad" Targeted USPS and US Citizens for Data Theft

 | 

University of Sydney suffered a security breach caused by a third-party service provider

 | 

Cybercrime will cost Germany $224 billion in 2023

 | 

PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks

 | 

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

 | 

LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)

 | 

UNRAVELING EternalBlue: inside the WannaCry’s enabler

 | 

Researchers released a free decryptor for the Key Group ransomware

 | 

Fashion retailer Forever 21 data breach impacted +500,000 individuals

 | 

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

 | 

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

 | 

Paramount Global disclosed a data breach

 | 

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

 | 

Abusing Windows Container Isolation Framework to avoid detection by security products

 | 

Critical RCE flaw impacts VMware Aria Operations Networks

 | 

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

 | 

Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months

 | 

FIN8-linked actor targets Citrix NetScaler systems

 | 

Japan's JPCERT warns of new 'MalDoc in PDF' attack technique

 | 

Attackers can discover IP address by sending a link over the Skype mobile app

 | 

Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software

 | 

Cloud and hosting provider Leaseweb took down critical systems after a cyber attack

 | 

Crypto investor data exposed by a SIM swapping attack against a Kroll employee

 | 

China-linked Flax Typhoon APT targets Taiwan

 | 

Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035

 | 

Resecurity identified a zero-day vulnerability in Schneider Electric Accutech Manager

 |