Must Read

Cyber Crime / September 26, 2023

The Rhysida ransomware group hit the Kuwait Ministry of Finance

This week the Rhysida ransomware group claimed the hack of the Kuwait Ministry of Finance and added it to its Tor leak site. Last week a ransomware attack hit the Government of Kuwait, the attack took place on September 18 and the government experts immediately started the incident response procedures to block the threat. Below […]

Data Breach / September 26, 2023

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

The Better Outcomes Registry & Network (BORN), the Ontario birth registry disclosed a data breach affecting some 3.4 million people. The Better Outcomes Registry & Network (BORN) is a program and database used in the healthcare sector, particularly in maternal and child health, to collect, manage, and analyze health information for the purpose of improving […]

Malware / September 26, 2023

Xenomorph malware is back after months of hiatus and expands the list of targets

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. In February 2022, researchers from ThreatFabric first spotted the Xenomorph malware, which was distributed via the official Google Play […]

Cyber Crime / September 26, 2023

Smishing Triad Stretches Its Tentacles into the United Arab Emirates

Resecurity research found that the ‘Smishing Triad’ cybercrime group has expanded its phishing campaign into the United Arab Emirates (UAE). Resecurity research recently found that ‘Smishing Triad,’ a group specializing in phishing scams conducted via SMS (smishing attacks), has expanded its attack campaign into the United Arab Emirates (UAE). First identified by Resecurity in August, […]

Hacking / September 25, 2023

Crooks stole $200 million worth of assets from Mixin Network

Crooks stole $200 million from Mixin Network, a free, lightning fast and decentralized network for transferring digital assets. Mixin Network, the Hong Kong-based crypto firm behind a free, lightning fast and decentralized network for transferring digital assets announced it has suffered a $200 million cyber heist. The company suspended deposits and withdrawals immediately after the […]

Cyber warfare / September 25, 2023

A phishing campaign targets Ukrainian military entities with drone manual lures

A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. The campaign, codenamed STARK#VORTEX by Securonix, targets Ukrainian military entities and CERT-UA attributed it […]

Hacking / September 25, 2023

Alert! Patch your TeamCity instance to avoid server hack

Experts warn of a critical vulnerability in the TeamCity CI/CD server that can be exploited to take over a vulnerable server. JetBrains TeamCity is a popular and highly extensible Continuous Integration (CI) and Continuous Delivery (CD) server developed by JetBrains, a software development company known for its developer tools. TeamCity is designed to automate various […]

APT / September 25, 2023

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. The experts tracked the cluster as CL-STA-0046, the malicious activity spanned over six months between 2022-2023. The activity was characterized by the […]

Cyber Crime / September 25, 2023

Nigerian National pleads guilty to participating in a millionaire BEC scheme

A Nigerian national pleaded guilty to wire fraud and money laundering through business email compromise (BEC). The Nigerian national Kosi Goodness Simon-Ebo (29), who is residing in South Africa, pleaded guilty to conspiracy to commit wire fraud and conspiracy to commit money laundering through business email compromise (BEC). According to the US authorities, fraudulent activities […]

Malware / September 25, 2023

New variant of BBTok Trojan targets users of +40 banks in LATAM

A new variant of a banking trojan, called BBTok, targets users of over 40 banks in Latin America, particularly Brazil and Mexico. Check Point researchers warn of a new variant of a banking trojan, called BBTok, that is targeting users of over 40 banks in Latin America. The new malware campaign relies on new infection chains and […]

Malware / September 24, 2023

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Researchers discovered a previously undocumented sophisticated backdoor, named Deadglyph, used by the Stealth Falcon group for espionage in the Middle East ESET researchers discovered a very sophisticated and unknown backdoor, named Deadglyph, employed by the Stealth Falcon group for espionage in the Middle East. Stealth Falcon is a nation-state actor active since at least 2012, […]

Data Breach / September 24, 2023

Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

The Alphv ransomware group claims to have hacked Clarion, the global manufacturer of audio and video equipment for cars and other vehicles. The Alphv ransomware group added Clarion, the global manufacturer of audio and video equipment for cars and other vehicles, to the list of victims on its Tor leak site. Clarion Japan is the Japanese subsidiary […]

Breaking News / September 24, 2023

Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Government of Bermuda blames Russian threat actors for the cyber attack City of Dallas has set […]

Data Breach / September 24, 2023

National Student Clearinghouse data breach impacted approximately 900 US schools

U.S. educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. The National Student Clearinghouse (NSC) is a nonprofit organization based in the United States that provides educational verification and reporting services to educational institutions, employers, and other organizations The organization has disclosed a data breach that impacted approximately […]

Hacking / September 23, 2023

Government of Bermuda blames Russian threat actors for the cyber attack

The Government of Bermuda believes that the recent cyberattack against its IT infrastructure was launched by Russian threat actors. This week a cyber attack hit the Government of Bermuda causing the interruption of internet/email and phone services. The attack impacted all the government departments. “The Department of Information and Digital Technology (IDT) is working quickly […]

Mobile / September 22, 2023

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. Researchers from the Citizen Lab and Google’s Threat Analysis Group (TAG) revealed that the three Apple zero-days addressed this week were used as part of an exploit to install Cytrox Predator spyware. Apple this week […]

Hacking / September 22, 2023

CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog

US CISA added the flaw CVE-2023-41179 in Trend Micro Apex and other security products to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the high-severity flaw CVE-2023-41179 (CVSS score 7.2) affecting Trend Micro Apex One and Worry-Free Business Security to its Known Exploited Vulnerabilities Catalog. Trend Micro this week has released security updates to patch […]

Data Breach / September 22, 2023

Information of Air Canada employees exposed in recent cyberattack

Air Canada, the flag carrier and largest airline of Canada, announced that the personal information of some employees was exposed as a result of a recent cyberattack. Air Canada, the flag carrier and largest airline of Canada, announced that threat actors had access to the personal information of some employees during a recent cyberattack. “An […]

APT / September 22, 2023

Sandman APT targets telcos with LuaDream backdoor

A previously undocumented APT dubbed Sandman targets telecommunication service providers in the Middle East, Western Europe, and South Asia. A joint research conducted by SentinelLabs and QGroup GmbH revealed that a previously undetected APT group, dubbed Sandman, is targeting telecommunication service providers in the Middle East, Western Europe, and South Asia. The APT group is […]

Hacking / September 21, 2023

Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws

Apple released emergency security updates to address three new actively exploited zero-day vulnerabilities. Apple released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild. The three flaws were discovered by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School […]

Hacking / September 21, 2023

Ukrainian hackers are behind the Free Download Manager supply chain attack

The recently discovered Free Download Manager (FDM) supply chain attack, which distributed Linux malware, started back in 2020. The maintainers of Free Download Manager (FDM) confirmed that the recently discovered supply chain attack dates back to 2020. Recently, researchers from Kaspersky reported the discovery of a free download manager site that has been compromised to […]

Data Breach / September 21, 2023

Space and defense tech maker Exail Technologies exposes database access

Exail Technologies, a high-tech manufacturer whose clients include the US Coast Guard, exposed sensitive company data that could’ve enabled attackers to access its databases. Exail, a French high-tech industrial group, left exposed a publicly accessible environment (.env) file with database credentials, the Cybernews research team has discovered. The company, formed in 2022 after ECA Group […]

Hacking / September 21, 2023

Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions

Pro-Russia hacker group NoName is suspected to have launched a cyberattack that caused border checkpoint outages at several Canadian airports. A massive DDoS cyber attack, likely carried out by Pro-Russia hacker group NoName, severely impacted operations at several Canadian airports last week, reported Recorded Future News. Canada Border Services Agency (CBSA) was able to mitigate […]

Security / September 20, 2023

Experts found critical flaws in Nagios XI network monitoring software

Researchers discovered multiple vulnerabilities in the Nagios XI network and IT infrastructure monitoring and management solution. Researchers discovered four vulnerabilities (CVE-2023-40931, CVE-2023-40932, CVE-2023-40933, CVE-2023-40934) in the Nagios XI network and IT infrastructure monitoring solution that could lead to information disclosure and privilege escalation. Nagios XI provides monitoring of all mission-critical infrastructure components including applications, services, operating […]

Deep Web / September 20, 2023

The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs

Finnish police announced the takedown of the dark web marketplace PIILOPUOTI which focuses on the sale of illegal narcotics. Finnish Customs announced the seizure of the dark web marketplace Piilopuoti as part of an international law enforcement operation. The dark web marketplace PIILOPUOTI has been active since May 18, 2022. “The site operated as a […]

Hacking / September 20, 2023

International Criminal Court hit with a cyber attack

A cyberattack hit the International Criminal Court (ICC) disclosed a cyberattack this week, its systems were compromised last week. The International Criminal Court (ICC) announced that threat actors have breached its systems last week. The experts at the International Criminal Court discovered the intrusion after having detected anomalous activity affecting its information systems. The International […]

Security / September 20, 2023

GitLab addressed critical vulnerability CVE-2023-5009

GitLab rolled out security patches to address a critical vulnerability, tracked as CVE-2023-5009, that can be exploited to run pipelines as another user. GitLab has released security patches to address a critical vulnerability, tracked as CVE-2023-5009 (CVSS score: 9.6), that allows an attacker to run pipelines as another user. The issue resides in GitLab EE and affects […]

Hacking / September 20, 2023

Trend Micro addresses actively exploited zero-day in Apex One and other security Products

Trend Micro addressed a zero-day code execution vulnerability (CVE-2023-41179) in Apex One that has been actively exploited in the wild. Trend Micro has released security updates to patch an actively exploited zero-day vulnerability, tracked as CVE-2023-41179, impacting endpoint security products, including Apex One, Apex One SaaS, and Worry-Free Business Security products.  According to the security […]

APT / September 19, 2023

ShroudedSnooper threat actors target telecom companies in the Middle East

ShroudedSnooper threat actors are targeting telecommunication service providers in the Middle East with a backdoor called HTTPSnoop. Cisco Talos researchers recently discovered a new stealthy implant dubbed HTTPSnoop that was employed in attacks against telecommunications providers in the Middle East. The HTTPSnoop backdoor supports novel techniques to interface with Windows HTTP kernel drivers and devices […]

Security / September 19, 2023

Recent cyber attack is causing Clorox products shortage

The cyber attack that hit the cleaning products manufacturer Clorox in August is still affecting the supply of the products to customers. The Clorox Company is a multinational consumer goods company that specializes in the production and marketing of various household and professional cleaning, health, and personal care products. The cleaning product giant announced in […]

APT / September 19, 2023

Earth Lusca expands its arsenal with SprySOCKS Linux malware

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca, discovered an encrypted file hosted on a server under the control of the group. Additional analysis led to the discovery of a […]

Data Breach / September 18, 2023

Microsoft AI research division accidentally exposed 38TB of sensitive data

Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020. Cybersecurity firm Wiz discovered that the Microsoft AI research division accidentally leaked 38TB of sensitive while publishing a bucket of open-source training data on GitHub. The exposed data exposed a disk backup of two employees’ workstations containing secrets, […]

Hacking / September 18, 2023

German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals

The head of Germany’s foreign intelligence service warns of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. Bruno Kahl, the President of the Bundesnachrichtendienst intelligence service since 2016, warned of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. After the Russian invasion of Ukraine, the German government […]

Hacking / September 18, 2023

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

Software development company Retool was the victim of a smishing attack that resulted in the compromise of 27 accounts of its cloud customers. Software development company Retool revealed that 27 accounts of its cloud customers were compromised as a result of an SMS-based social engineering attack. The company states that one of its employees was […]

Data Breach / September 18, 2023

FBI hacker USDoD leaks highly sensitive TransUnion data

Researchers from vx-underground reported that FBI hacker ‘USDoD‘ leaked sensitive data from consumer credit reporting agency TransUnion. TransUnion is an American consumer credit reporting agency. TransUnion collects and aggregates information on over one billion individual consumers in over thirty countries, including “200 million files profiling nearly every credit-active consumer in the United States”. A threat actor who […]

APT / September 18, 2023

North Korea's Lazarus APT stole almost $240 million in crypto assets since June

The North Korea-linked APT group Lazarus has stolen more than $240 million worth of cryptocurrency since June 2023, researchers warn. According to a report published by blockchain cyber security firm Elliptic, in the past 104 days, the North Korea-linked APT group Lazarus has stolen most of $240 million in crypto assets from multiple businesses, including […]

Cyber Crime / September 17, 2023

Clop gang stolen data from major North Carolina hospitals

Researchers at healthcare technology firm Nuance blame the Clop gang for a series of cyber thefts at major North Carolina hospitals. The Microsoft-owned healthcare technology firm Nuance revealed that the Clop extortion gang has stolen personal data on major North Carolina hospitals as part of the Progress MOVEit Transfer campaign. MOVEit Transfer is a managed file transfer that is used […]

Data Breach / September 17, 2023

CardX released a data leak notification impacting their customers in Thailand

One of Thailand’s major digital financial platforms, CardX, recently disclosed a data leak that affected their customers. According to the statement published on the CardX official website on September 15th, the company experienced a cybersecurity incident that exposed personal information related to personal loan and cash card applications. This information includes the customer’s first and […]

Breaking News / September 17, 2023

Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. TikTok fined €345M by Irish DPC for violating children’s privacy Iranian Peach Sandstorm group behind recent […]

Breaking News / September 16, 2023

TikTok fined €345M by Irish DPC for violating children’s privacy

The Irish Data Protection Commission (DPC) fined TikTok €345 million ($368 million) for violating the privacy of children. The Irish Data Protection Commission (DPC) fined TikTok €345 million for violating children’s privacy. The Irish data regulators discovered that the popular video-sharing app allowed adults to send direct messages to certain teenagers who have no family […]

Cyber Crime / September 15, 2023

Dariy Pankov, the NLBrute malware author, pleads guilty

The Russian national Dariy Pankov, aka dpxaker, has pleaded guilty to conspiracy to commit wire and computer fraud. The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The man has been extradited to the United States from Georgia.  In February 2023, Pankov was charged with conspiracy, access device fraud, […]

Security / September 15, 2023

Dangerous permissions detected in top Android health apps

Leading Android health apps expose users to avoidable threats like surveillance and identity theft, due to their risky permissions. Cybernews has the story. The Android challenge In the digital age, mobile applications have become an integral part of our lives, transforming the way we communicate, work, and entertain ourselves. With the vast array of apps […]

Cyber Crime / September 15, 2023

Caesars Entertainment paid a ransom to avoid stolen data leaks

Caesars Entertainment announced it has paid a ransom to avoid the leak of customer data stolen in a recent intrusion. Caesars Entertainment is the world’s most geographically diversified casino-entertainment company. It is the largest gaming company in the United States, with over 50 casinos and hotels in 13 U.S. states and five countries. The company […]

Malware / September 15, 2023

Free Download Manager backdoored to serve Linux malware for more than 3 years

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. While investigating a set of suspicious domains, the experts identified that the domain in question has […]

Cyber Crime / September 14, 2023

Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York

LockBit ransomware group breached two hospitals, the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York. The Lockbit ransomware group claims to have hacked two major hospitals, the Carthage Area Hospital and Claxton-Hepburn Medical Center. The two hospitals serve hundreds of thousands of people in upstate New York. The cyberattack took place at […]

Intelligence / September 14, 2023

The iPhone of a Russian journalist was infected with the Pegasus spyware

The iPhone of a prominent Russian journalist, who is at odds with Moscow, was infected with NSO Group’s Pegasus spyware. The iPhone of the Russian journalist Galina Timchenko was compromised with NSO Group’s Pegasus spyware. A joint investigation conducted by Access Now and the Citizen Lab revealed that the journalist, who is at odds with the Russian government, […]

Hacking / September 14, 2023

Kubernetes flaws could lead to remote code execution on Windows endpoints

Researchers discovered three security flaws in Kubernetes that can lead to remote code execution on Windows endpoints. Akamai researchers recently discovered a high-severity vulnerability in Kubernetes tracked as CVE-2023-3676 (CVSS 8.8). This identification of this issue led to the discovery of two more vulnerabilities tracked as CVE-2023-3893, and CVE-2023-3955 (CVSS 8.8). All three vulnerabilities were caused by […]

Data Breach / September 14, 2023

Threat actor leaks sensitive data belonging to Airbus

The multinational aerospace corporation Airbus has launched an investigation into the recent leak of information allegedly stolen from the company. The multinational aerospace corporation Airbus announced that it is investigating a data leak after cybersecurity firm Hudson Rock reported that a hacker posted information on thousands of the company’s vendors to the dark web. A threat actor who goes […]

Malware / September 13, 2023

A new ransomware family called 3AM appears in the threat landscape

3AM is a new strain of ransomware that was spotted in a single incident in which the threat actors failed to deploy the LockBit ransomware in the target infrastructure. Symantec’s Threat Hunter Team discovered a new ransomware family, which calls itself 3AM, that to date has only been deployed in a single incident in which the threat […]

Hacking / September 13, 2023

Redfly group infiltrated an Asian national grid as long as six months

A threat actor tracked as Redfly had infected the systems at a national grid located in an unnamed Asian country for six months starting in January. Symantec’s Threat Hunter Team discovered that a threat actor called Redfly used the ShadowPad backdoor to compromise a national grid in an Asian country for as long as six months earlier […]

Hacking / September 13, 2023

Mozilla fixed a critical zero-day in Firefox and Thunderbird

Mozilla addressed a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in attacks in the wild. Mozilla rolled out security updates to address a critical zero-day vulnerability, tracked as CVE-2023-4863, in Firefox and Thunderbird that has been actively exploited in the wild. The vulnerability is a heap buffer overflow in WebP […]

Security / September 13, 2023

Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws

Microsoft September 2023 Patch Tuesday addressed 59 new flaws, including two vulnerabilities under active attack. Microsoft September 2023 Patch Tuesday security updates addressed 59 vulnerabilities, including two actively exploited zero-day. The flaws addressed by the company impact Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; .NET and Visual Studio; Azure; Microsoft Dynamics; […]

Cyber Crime / September 12, 2023

Save the Children confirms it was hit by cyber attack

The international non-governmental organization (NGO) Save the Children International was recently hit with a cyberattack. The charity organization Save the Children International revealed that it was hit by a cyber attack. The company disclosed the security incident after the ransomware gang BianLian listed the organization on its Tor leak site. The BianLian extortion group claims […]

Security / September 12, 2023

Adobe fixed actively exploited zero-day in Acrobat and Reader

Software giant Adobe is warning of a critical security vulnerability in the PDF Acrobat and Reader that is actively exploited in the wild. Adobe Patch Tuesday security updates (APSB23-34) addressed a critical zero-day vulnerability actively exploited in the wild in attacks on Adobe Acrobat and Reader products. The vulnerability, tracked as CVE-2023-26369, is an out-of-bounds write […]

Hacking / September 12, 2023

A new Repojacking attack exposed over 4,000 GitHub repositories to hack

A critical vulnerability in GitHub could have exposed more than 4,000 code packages to Repojacking attack. Checkmarx researchers discovered a new vulnerability in GitHub could have exposed over 4,000 packages to repojacking attacks. In the RepoJacking attack, attackers claim the old username of a repository after the legitimate creator changed the username, then publish a rogue […]

Hacking / September 12, 2023

MGM Resorts hit by a cyber attack

Hospitality and entertainment company MGM Resorts was hit by a cyber attack that shut down its systems at MGM Hotels and Casinos. Hospitality and entertainment company MGM Resorts was the victim of a cyber attack, the IT infrastructure across the United States was shut down. The incident was discovered on Sunday and affected hotel reservation […]

Hacking / September 12, 2023

Anonymous Sudan launched a DDoS attack against Telegram

Anonymous Sudan launched a DDoS attack against Telegram after the company suspended the account of the group. The hacker collective Anonymous Sudan (aka Storm-1359) has launched a distributed denial-of-service (DDoS) attack against Telegram in retaliation for the suspension of their primary account. “In a recent update, a well-known and notorious threat actor declared their targeting […]

APT / September 12, 2023

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

Iran-linked APT group Charming Kitten used a previously undocumented backdoor named Sponsor in attacks against entities in Brazil, Israel, and the U.A.E. ESET researchers observed a series of attacks, conducted by the Iran-linked APT group Charming Kitten (aka Ballistic Bobcat APT, APT35, Phosphorus, Newscaster, TA453, and Ajax Security Team), which are targeting various entities in Brazil, Israel, and the United Arab Emirates. The Charming […]

Hacking / September 11, 2023

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

Google rolled out emergency security updates to address a new Chrome zero-day (CVE-2023-4863) actively exploited in the wild. Google rolled out emergency security updates to address a zero-day vulnerability that has been actively exploited in attacks in the wild since the start of the year. The vulnerability, tracked as CVE-2023-4863, is the fourth actively exploited […]

Security / September 11, 2023

CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog

U.S. CISA adds vulnerabilities in Apple devices exploited to install NSO Group’s Pegasus spyware on iPhones to Known Exploited Vulnerabilities Catalog US Cybersecurity and Infrastructure Security Agency (CISA) added the security vulnerabilities chained in the zero-click iMessage exploit BLASTPASS to its Known Exploited Vulnerabilities Catalog. The two flaws, tracked as CVE-2023-41064 and CVE-2023-41061, were used to install NSO […]

Cyber Crime / September 11, 2023

UK and US sanctioned 11 members of the Russia-based TrickBot gang

The U.K. and U.S. governments sanctioned 11 more individuals who were alleged members of the Russia-based TrickBot cybercrime gang. The United States, in coordination with the United Kingdom, sanctioned eleven more individuals who are members of the Russia-based Trickbot cybercrime group. The sanctions were provided by the U.S. Department of the Treasury’s Office of Foreign […]

Cyber Crime / September 11, 2023

New HijackLoader malware is rapidly growing in popularity in the cybercrime community

Zscaler ThreatLabz detailed a new malware loader, named HijackLoader, which has grown in popularity over the past few months HijackLoader is a loader that is gaining popularity among the cybercriminal community. The malware is not sophisticated, however, unlike other loaders, it has a modular structure that allows supporting code injection and execution. The HijackLoader is […]

Security / September 11, 2023

Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable

CyberNews researchers discovered that many universities worldwide are leaking sensitive information and are even open to full takeover. Many universities worldwide, including some of the most prestigious, leave their webpages unpatched, leaking sensitive information, and even open to full takeovers, a Cybernews Research team investigation reveals. Among the 20 cases found, at least six websites […]

Malware / September 11, 2023

Evil Telegram campaign: Trojanized Telegram apps found on Google Play

Evil Telegram: a Trojanized version of the Telegram app was spotted on the Google Play Store, Kaspersky researchers reported. Researchers from Kaspersky discovered several Telegram mods on the Google Play Store that contained spyware, the campaign was tracked as Evil Telegram. One of the apps was downloaded more than ten million times before it was […]

Cyber Crime / September 10, 2023

Rhysida Ransomware gang claims to have hacked three more US hospitals

Rhysida Ransomware group added three more US hospitals to the list of victims on its Tor leak site after the PROSPECT MEDICAL attack. Recently the Rhysida ransomware group made the headlines because it announced the hack of Prospect Medical Holdings and the theft of sensitive information from the organization. In early August, a cyberattack disrupted […]

Cyber Crime / September 10, 2023

Akamai prevented the largest DDoS attack on a US financial company

Akamai announced it has mitigated the largest distributed denial-of-service (DDoS) attack on a U.S. financial company. Cybersecurity firm Akamai successfully identified and prevented a massive distributed denial-of-service (DDoS) attack targeting an unnamed, leading American financial institution. The attack took place last week and the malicious traffic peaked at 633.7 gigabits per second. The attack lasted for […]

Breaking News / September 10, 2023

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Ragnar Locker gang […]

Hacking / September 09, 2023

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog

US CISA added critical vulnerability CVE-2023-33246 in Apache RocketMQ to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-33246 (CVSS score 9.8) affecting Apache RocketMQ to its Known Exploited Vulnerabilities Catalog. Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. Threat actors […]

Hacking / September 09, 2023

Ragnar Locker gang leaks data stolen from the Israel's Mayanei Hayeshua hospital

The Ragnar Locker ransomware gang added Israel’s Mayanei Hayeshua hospital to the list of victims on its Tor leak site The Ragnar Locker ransomware gang claimed responsibility for an attack on Israel’s Mayanei Hayeshua hospital. The cybercrime group claims to have stolen 1 TB of data from the hospital and threatens to leak it. The […]

Intelligence / September 08, 2023

North Korea-linked threat actors target cybersecurity experts with a zero-day

North Korea-linked threat actors associated with North Korea exploited a zero-day flaw in attacks against cybersecurity experts. North Korea-linked threat actors were observed exploiting a zero-day vulnerability in an unnamed software to target cybersecurity researchers. The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, […]

Hacking / September 08, 2023

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) is actively exploited by ransomware groups to gain initial access to corporate networks. An unauthenticated, remote attacker can exploit […]

Security / September 08, 2023

Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

Citizen Lab reported that the actively exploited zero-days fixed by Apple are being used in Pegasus spyware attacks Researchers at Citizen Lab reported that the actively exploited zero-day flaws (CVE-2023-41064 and CVE-2023-41061) fixed by Apple are being used to infect devices with NSO Group’s Pegasus spyware.  According to the researchers, the two vulnerabilities were chained […]

Hacking / September 07, 2023

Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs

Apple rolled out emergency security updates to address two new actively exploited zero-day vulnerabilities impacting iPhones and Macs. The two Apple zero-day vulnerabilities, tracked as CVE-2023-41064 and CVE-2023-41061, reside in the Image I/O and Wallet frameworks. CVE-2023-41064 is a buffer overflow issue that was reported by researchers from researchers at Citizen Lab. The IT giant […]

Malware / September 07, 2023

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

Researchers spotted a new malvertising campaign targeting Mac users with a new version of the macOS stealer Atomic Stealer. Malwarebytes researchers have observed a new malvertising campaign distributing an updated version of the popular Atomic Stealer (AMOS) for Mac. The Atomic Stealer first appeared in the threat landscape in April 2023. In April Cyble Research […]

Hacking / September 07, 2023

Two flaws in Apache SuperSet allow to remotely hack servers

A couple of security vulnerabilities in Apache SuperSet could be exploited by an attacker to gain remote code execution on vulnerable systems. Apache Superset is an open-source Data Visualization and Data Exploration Platform, it is written in Python and based on the Flask web framework. Version 2.1.1 addressed two vulnerabilities, respectively tracked as CVE-2023-39265 and CVE-2023-37941, that could be exploited […]

Hacking / September 07, 2023

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. In July, Microsoft announced it had mitigated an attack conducted by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Storm-0558 threat actors focus on government agencies in Western Europe and […]

Hacking / September 06, 2023

Google addressed an actively exploited zero-day in Android

Google released September 2023 Android security updates to address multiple flaws, including an actively exploited zero-day. Google released September 2023 Android security updates that address tens of vulnerabilities, including a zero-day flaw tracked as CVE-2023-35674 that was actively exploited in the wild. This high-severity vulnerability CVE-2023-35674 resides in the Framework component, a threat actor could […]

Hacking / September 06, 2023

A zero-day in Atlas VPN Linux Client leaks users' IP address

Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can reveal the user’s IP address by visiting a website. A Reddit user with the handle ‘Educational-Map-8145’ published a proof of concept exploit for a zero-day flaw in the Linux client of Atlas VPN. The exploit code works against the latest version […]

Hacking / September 06, 2023

MITRE and CISA release Caldera for OT attack emulation

MITRE and CISA released a Caldera extension for OT that allows the emulation of attacks on operational technology systems. MITRE Caldera is an open-source adversary emulation platform that helps cybersecurity practitioners to automate security assessments. The tool is built on the MITRE ATT&CK framework, which is a widely-recognized framework for understanding and responding to cyber […]

Internet of Things / September 06, 2023

ASUS routers are affected by three critical remote code execution flaws

Three critical remote code execution vulnerabilities in ASUS routers potentially allow attackers to hijack the network devices. ASUS routers RT-AX55, RT-AX56U_V2, and RT-AC86U are affected by three critical remote code execution vulnerabilities that can potentially allow threat actors to take over the devices. The three vulnerabilities were reported by the Taiwanese CERT, below are their […]

Hacking / September 05, 2023

Hackers stole $41M worth of crypto assets from crypto gambling firm Stake

Crypto gambling site Stake suffered a security breach, and threat actors withdrew $41M of funds stolen including Tether and Ether. Researchers reported abnormally large withdrawals made from the crypto gambling site Stake to an account with no previous activity, a circumstance that suggests that threat actors have hacked the platform and stolen crypto assets, including […]

Security / September 05, 2023

Freecycle data breach impacted 7 Million users

The nonprofit organization Freecycle Network (Freecycle.org) confirmed that it has suffered a data breach that impacted more than 7 million users. The Freecycle Network (TFN,) is a private, nonprofit organization that coordinates a worldwide network of “gifting” groups to divert reusable goods from landfills. The organization confirmed that it has suffered a data breach that […]

Social Networks / September 05, 2023

Meta disrupted two influence campaigns from China and Russia

Meta disrupted two influence campaigns orchestrated by China and Russia, the company blocked thousands of accounts and pages. Meta announced it has taken down two of the largest known covert influence operations originating from China and Russia. The social network giant revealed it has blocked thousands of accounts and pages across its platform. The company […]

Hacking / September 05, 2023

A massive DDoS attack took down the site of the German financial agency BaFin

A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down. A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down for some days. It is not clear who is behind the DDoS attack, but the media speculate that it was launched […]

Cyber Crime / September 04, 2023

"Smishing Triad" Targeted USPS and US Citizens for Data Theft

Resecurity has identified a large-scale smishing campaign, tracked as Smishing Triad, targeting the US Citizens. Earlier episodes have revealed victims from the U.K., Poland, Sweden, Italy, Indonesia, Japan and other countries – the group was impersonating the Royal Mail, New Zealand Postal Service (NZPOST), Correos (Spain), Postnord, Poste Italiane and the Italian Revenue Service (Agenzia […]

Hacking / September 04, 2023

University of Sydney suffered a security breach caused by a third-party service provider

The University of Sydney (USYD) suffered a security breach caused by a third-party service provider that exposed personal information of recent applicants. The University of Sydney (USYD) announced that a data breach suffered by a third-party service provider exposed the personal information of recently applied and enrolled international applicants. The University of Sydney immediately launched […]

Cyber Crime / September 04, 2023

Cybercrime will cost Germany $224 billion in 2023

Cybercrime will cost Germany 206 billion euros ($224 billion) in 2023, German digital association Bitkom told Reuters. According to the German digital association Bitkom, cybercrime will have a worrisome impact on the economy of the state in 2023. Bitkom estimated that cybercriminal activities, such as fraud, cyber espionage, the theft of intellectual property, sabotage, and […]

Hacking / September 03, 2023

PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks

Researcher released PoC exploit code for a recent critical flaw (CVE-2023-34039) in VMware Aria Operations for Networks. At the end of August, VMware released security updates to address two vulnerabilities in Aria Operations for Networks (formerly vRealize Network Insight), respectively tracked as CVE-2023-34039 (CVSS score: 9.8) and CVE-2023-20890 (CVSS score: 7.2). The vulnerability CVE-2023-34039 is […]

Breaking News / September 03, 2023

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. LockBit ransomware gang hit the Commission des services electriques de MontrĂ©al (CSEM) Social engineering attacks target […]

Cyber Crime / September 03, 2023

LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)

The LockBit ransomware gang claims to have breached the Commission des services electriques de MontrĂ©al (CSEM). The LockBit ransomware group continues to be one of the most active extortion gangs in the threat landscape. This week the gang claimed to have hacked the Commission des services electriques de MontrĂ©al (CSEM). The Commission des services Ă©lectriques […]

Hacking / September 01, 2023

UNRAVELING EternalBlue: inside the WannaCry’s enabler

WannaCry and NotPetya, probably two most damaging cyberattacks in recent history, were both only made possible because of EternalBlue. Here is how the NSA-developed cyber monster works, and how you should defend against it. What is the EternalBlue vulnerability? EternalBlue is a Windows exploit created by the US National Security Agency (NSA) and used in […]

Malware / September 01, 2023

Researchers released a free decryptor for the Key Group ransomware

Researchers released a free decryptor for the Key Group ransomware that allows victims to recover their data without paying a ransom. Threat intelligence firm EclecticIQ released a free decryption tool for the Key Group ransomware (aka keygroup777) that allows victims to recover their data without paying a ransom. The Key Group ransomware gang has been […]

Data Breach / August 31, 2023

Fashion retailer Forever 21 data breach impacted +500,000 individuals

Fashion retailer Forever 21 disclosed a data breach that exposed the personal information of more than 500,000 individuals. On March 20, 2023, the fashion retailer Forever 21 has discovered a cyber incident that impacted a limited number of systems. The company immediately launched an investigation into the incident with the help of leading cybersecurity firms. […]

Cyber warfare / August 31, 2023

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

Russia-linked threat actors have been targeting Android devices of the Ukrainian military with a new malware dubbed Infamous Chisel. GCHQ’s National Cyber Security Centre and international partners reported that Russia-linked threat actors are using a new malware to target the Ukrainian military Government experts attribute the attack to the Russian military intelligence service the GRU. […]

Cyber Crime / August 31, 2023

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

Experts warn of ongoing credential stuffing and brute-force attacks targeting Cisco ASA (Adaptive Security Appliance) SSL VPNs. Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that […]

Data Breach / August 31, 2023

Paramount Global disclosed a data breach

Multinational mass media conglomerate Paramount Global suffered a data breach after an unauthorized party accessed files from certain of its systems. Multinational mass media conglomerate Paramount Global disclosed a data breach. According to the data breach notification letter sent to the impacted individuals, an unauthorized party accessed files from certain systems of the company between […]

Security / August 31, 2023

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

The National Safety Council leaked thousands of emails and passwords of their members, including companies such as NASA and Tesla. The National Safety Council has leaked nearly 10,000 emails and passwords of their members, exposing 2000 companies, including governmental organizations and big corporations. The National Safety Council (NSC) is a non-profit organization in the United […]

Hacking / August 31, 2023

Abusing Windows Container Isolation Framework to avoid detection by security products

Researchers demonstrated how attackers can abuse the Windows Container Isolation Framework to bypass endpoint security solutions. Researcher Daniel Avinoam at the recent DEF CON hacking conference demonstrated how attackers can abuse the Windows Container Isolation Framework to bypass endpoint security solutions. The expert explained that Windows OS separates the file system from each container to the host […]

Security / August 30, 2023

Critical RCE flaw impacts VMware Aria Operations Networks

VMware fixed two security flaws in Aria Operations for Networks that could be exploited to bypass authentication and gain remote code execution. VMware has released security updates to address two vulnerabilities in Aria Operations for Networks, respectively tracked as CVE-2023-34039 (CVSS score: 9.8) and CVE-2023-20890 (CVSS score: 7.2). The vulnerability CVE-2023-34039 is an authentication bypass […]

APT / August 29, 2023

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

China-linked threat actors breached government organizations worldwide with attacks exploiting Barracuda ESG zero-day. In June, Mandiant researchers linked the threat actor UNC4841 to the attacks that exploited the recently patched Barracuda ESG zero-day vulnerability to China. “Through the investigation, Mandiant identified a suspected China-nexus actor, currently tracked as UNC4841, targeting a subset of Barracuda ESG […]

Intelligence / August 29, 2023

Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months

Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) has been infiltrated for months. Threat actors have infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for as much as nine months. The intruders China-linked hackers may have gained access to sensitive data, according to three government and private sector […]

Hacking / August 29, 2023

FIN8-linked actor targets Citrix NetScaler systems

A financially motivated actor linked to the FIN8 group exploits the CVE-2023-3519 RCE in attacks on Citrix NetScaler systems in massive attacks. Sophos X-Ops is tracking an ongoing campaign, which is targeting Citrix NetScaler systems, conducted by threat actors linked to the FIN8 group [BleepingComputer, SOCRadar]. The hackers are exploiting the remote code execution, tracked […]

Hacking / August 29, 2023

Japan's JPCERT warns of new 'MalDoc in PDF' attack technique

Japan’s JPCERT warns of a new recently detected ‘MalDoc in PDF’ attack that embeds malicious Word files into PDFs. Japan’s computer emergency response team (JPCERT) has recently observed a new attack technique, called ‘MalDoc in PDF’, that bypasses detection by embedding a malicious Word file into a PDF file. The researchers explained that a file […]

Hacking / August 28, 2023

Attackers can discover IP address by sending a link over the Skype mobile app

A security researcher demonstrated how to discover a target’s IP address by sending a link over the Skype mobile app. The security researcher Yossi discovered that is possible to discover a target’s IP address by sending a link over the Skype mobile app. The researcher pointed out that the attack only requires the target to […]

Security / August 27, 2023

Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software

Cisco addressed three high-severity flaws in NX-OS and FXOS software that could cause denial-of-service (DoS) conditions. Cisco this week addressed multiple flaws in its products, including three high-severity flaws in NX-OS and FXOS software. An attacker can exploit these three issues to cause a denial-of-service (DoS) condition. Below is the list of flaws addressed by […]

Hacking / August 26, 2023

Cloud and hosting provider Leaseweb took down critical systems after a cyber attack

The cloud and hosting provider Leaseweb suffered a security breach that impacted some “critical” systems of the company. Global hosting and cloud services provider Leaseweb has disabled some “critical” systems following a recent security breach. The company informed its customers that is now working on restoring these systems. According to a notice of incident sent […]

Cyber Crime / August 26, 2023

Crypto investor data exposed by a SIM swapping attack against a Kroll employee

Security consulting giant Kroll disclosed a data breach resulting from a SIM-swapping attack against one of its employees. Security consulting firm Kroll revealed that a SIM-swapping attack against one of its employees caused the theft of user information for multiple cryptocurrency platforms. Kroll is managing ongoing bankruptcy proceedings for the impacted organizations, including BlockFi, FTX, and Genesis.  On August […]

APT / August 25, 2023

China-linked Flax Typhoon APT targets Taiwan

China-linked APT group Flax Typhoon targeted dozens of organizations in Taiwan as part of a suspected espionage campaign. Microsoft linked the Chinese APT Flax Typhoon (aka Ethereal Panda) to a cyber espionage campaign that targeted dozens of organizations in Taiwan. The researchers observed Flax Typhoon gaining and maintaining long-term access to Taiwanese organizations’ networks with […]

Breaking News / August 24, 2023

Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035

Proof-of-concept exploit code for critical Ivanti Sentry authentication bypass flaw CVE-2023-38035 has been released. Researchers released a proof-of-concept (PoC) exploit code for critical Ivanti Sentry authentication bypass vulnerability CVE-2023-38035 (CVSS score 9.8). This week the software company Ivanti released urgent security patches to address the critical-severity vulnerability CVE-2023-38035 impacting the Ivanti Sentry (formerly MobileIron Sentry) product. […]

Share this: