Malware / April 27, 2024
ThreatFabric researchers identified a new Android malware called Brokewell, which implements a wide range of device takeover capabilities. ThreatFabric researchers uncovered a new mobile malware named Brokewell, which is equipped with sophisticated device takeover features. The experts pointed out that this malware is actively evolving and poses a severe risk to the banking sector. The […]
Hacking / April 26, 2024
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites WordPress security scanner WPScan warns that threat actors are exploiting a critical SQL injection vulnerability in the plugin WordPress Automatic to inject malware into websites. The premium plugin “Automatic” developed by ValvePress enables users to automatically […]
Cyber Crime / April 26, 2024
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions. However, as cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector. The natural ambiguity of cryptocurrencies […]
Data Breach / April 26, 2024
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals in the United States. Kaiser Permanente is an American integrated managed care consortium, it is made up of three distinct but interdependent groups of entities: the Kaiser Foundation Health Plan, Inc. (KFHP) and its regional operating subsidiaries; Kaiser Foundation Hospitals; and the […]
Hacking / April 26, 2024
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks targeting the critical severity vulnerability CVE-2024-4040. CVE-2024-4040 is a CrushFTP VFS sandbox escape vulnerability. CrushFTP is a file transfer server software that enables secure and efficient file transfer capabilities. It supports various features such as […]
Cyber Crime / April 26, 2024
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country’s liquor supply. Skanlog, a critical distributor for Systembolaget, the Swedish government-owned retail chain suffered a ransomware attack. Systembolaget has a monopoly on the sale of alcoholic beverages containing more than 3.5% alcohol by volume. It operates stores across Sweden and is responsible […]
Security / April 25, 2024
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Cisco Talos this week warned that the nation-state actor UAT4356 (aka STORM-1849) has been exploiting two zero-day vulnerabilities in Adaptive Security […]
Hacking / April 25, 2024
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Cisa added the flaw to the KEV catalog after Microsoft reported that the Russia-linked APT28 group (aka âForest Blizzardâ, […]
Cyber Crime / April 25, 2024
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer Samourai. The U.S. Department of Justice (DoJ) has arrested two co-founders of the cryptocurrency mixer Samourai and seized the service. The allegations include claims of facilitating over $2 billion in illicit transactions and laundering more than $100 million in criminal […]
Security / April 25, 2024
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine. Google addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The vulnerability CVE-2024-4058 is a Type Confusion issue that resides in the ANGLE graphics layer engine. An attacker can exploit this vulnerability […]
APT / April 24, 2024
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Cisco Talos warned that the nation-state actor UAT4356 (aka STORM-1849) has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. […]
Breaking News / April 24, 2024
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners. Threat actors employed two different types of backdoors and targeted large corporate networks […]
Cyber warfare / April 24, 2024
The Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their role in cyberattacks against the U.S.. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions on four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. OFAC has also sanctioned […]
Hacking / April 24, 2024
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all day and severely impacted the council’s operations The Leicester City Council suffered a cyber attack that severely impacted the authority’s services in March and led to the leak of confidential documents. The ransomware group behind the attack leaked multiple documents, including rent statements and […]
APT / April 23, 2024
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities. The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities to steal defense technology information. North Korea-linked APT groups Lazarus, Andariel, and Kimsuky hacked multiple defense companies in South […]
Laws and regulations / April 23, 2024
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the commercial spyware business. The US Department of State is imposing visa restrictions on 13 individuals involved in the development and sale of commercial spyware or their immediate family members. The measure aims to counter the misuse of surveillance technology targeting […]
Hacking / April 23, 2024
A cyber attack has been disrupting operations at Synlab Italia, a leading provider of medical diagnosis services, since April 18. Since April 18, Synlab Italia, a major provider of medical diagnosis services, has been experiencing disruptions due to a cyber attack. The company initially cited technical issues as the cause leading to “temporary interruption of […]
APT / April 22, 2024
Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka âForest Blizzardâ, âFancybearâ or âStrontiumâ used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. Since at least June 2020, and possibly earlier, the cyberespionage […]
Cyber Crime / April 22, 2024
A financially motivated group named GhostR claims the theft of a sensitive database from World-Check and threatens to publish it. World-Check is a global database utilized by various organizations, including financial institutions, regulatory bodies, and law enforcement agencies, for assessing potential risks associated with individuals and entities. It compiles information from diverse sources like public […]
Security / April 22, 2024
Japan’s CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads to the server. Japan’s CERT warned that the WordPress plugin Forminator, developed by WPMU DEV, is affected by multiple vulnerabilities, including a flaw that allows unrestricted file uploads to the server. Forminator is a popular WordPress plugin that allows users […]
Cyber Crime / April 21, 2024
Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. A joint advisory published by CISA, the FBI, Europol, and the Netherlandsâ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 […]
Hacking / April 21, 2024
Threat actors target government entities in the Middle East with a new backdoor dubbed CR4T as part of an operation tracked as DuneQuixote. Researchers from Kaspersky discovered the DuneQuixote campaign in February 2024, but they believe the activity may have been active since 2023. Kaspersky discovered over 30 DuneQuixote dropper samples used in the campaign. […]
Security / April 21, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Critical CrushFTP zero-day exploited in attacks in the wild A French hospital was forced to reschedule […]
Hacking / April 20, 2024
Threat actors exploited a critical zero-day vulnerability in the CrushFTP enterprise in targeted attacks, Crowdstrike experts warn. CrushFTP is a file transfer server software that enables secure and efficient file transfer capabilities. It supports various features such as FTP, SFTP, FTPS, HTTP, HTTPS, WebDAV, and WebDAV SSL protocols, allowing users to transfer files securely over […]
Hacking / April 20, 2024
A French hospital was forced to return to pen and paper and postpone medical treatments after a cyber attack. A cyber attack hit Hospital Simone Veil in Cannes (CHC-SV) on Tuesday, impacting medical procedures and forcing personnel to return to pen and paper. The Hospital Simone Veil in Cannes is a public hospital located in Cannes, France. The […]
Security / April 19, 2024
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks. The security team at the organization promptly launched an investigation, logged out the threat actor, and engaged third-party forensics Incident […]
Security / April 19, 2024
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher Wray. FBI Director Christopher Wray warned this week that China-linked threat actors are preparing an attack against U.S. critical infrastructure, Reuters reported. According to the FBI chief, the Chinese hackers are waiting “for just the right moment to deal a […]
Cyber Crime / April 19, 2024
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack and the subsequent theft of data. The United Nations Development Programme (UNDP) is investigating an alleged ransomware attack that resulted in data theft. The United Nations Development Programme (UNDP) is a United Nations agency tasked with helping countries eliminate poverty and achieve sustainable economic growth and human development. The […]
Cyber Crime / April 18, 2024
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S. carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. FIN7 targeted employees who worked in the company’s IT department and had higher levels of […]
Hacking / April 18, 2024
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost. An international law enforcement operation, codenamed Nebulae and coordinated by Europol, led to the disruption of LabHost, which is one of the worldâs largest phishing-as-a-service platforms. Law enforcement from 19 countries participated in the operation which resulted in the arrest […]
Hacking / April 18, 2024
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since 2022. WithSecure researchers identified a new backdoor named Kapeka that has been used in attacks targeting victims in Eastern Europe since at least mid-2022. The backdoor is very sophisticated, it serves as both an initial toolkit and as a backdoor […]
Hacking / April 18, 2024
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly available exploit code exists. Cisco has addressed a high-severity Integrated Management Controller (IMC) vulnerability and is aware of a public exploit code for this issue. The PoC exploit code allows a local attacker to escalate privileges to root. Cisco Integrated […]
Cyber Crime / April 17, 2024
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server. The vulnerability is an improper authorization issue that can lead to […]
Security / April 17, 2024
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can lead to remote command execution. Ivanti addressed multiple flaws in its Avalanche mobile device management (MDM) solution, including two critical flaws, tracked as CVE-2024-24996 and CVE-2024-29204, that can lead to remote command execution. The MDM software allows administrators to configure, […]
Hacking / April 17, 2024
Researchers released an exploit code for the actively exploited vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS. Researchers at watchTowr Labs have released a technical analysis of the vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS and a proof-of-concept exploit that can be used to execute shell commands on vulnerable firewalls. CVE-2024-3400 (CVSS score of 10.0) is a […]
Hacking / April 17, 2024
Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. Â Cisco Talos researchers warn of large-scale credential brute-force attacks targeting multiple targets, including Virtual Private Network (VPN) services, web application authentication interfaces and SSH services since at least March 18, 2024. Â […]
Security / April 16, 2024
The PuTTY Secure Shell (SSH) and Telnet client are impacted by a critical vulnerability that could be exploited to recover private keys. PuTTY tools from 0.68 to 0.80 inclusive are affected by a critical vulnerability, tracked as CVE-2024-31497, that resides in the code that generates signatures from ECDSA private keys which use the NIST P521 curve. […]
Intelligence / April 16, 2024
Researchers warn of a renewed cyber espionage campaign targeting users in South Asia with the Apple iOS spyware LightSpy Blackberry researchers discovered a renewed cyber espionage campaign targeting South Asia with an Apple iOS spyware called LightSpy. The sophisticated mobile spyware has resurfaced after several months of inactivity, the new version of LightSpy, dubbed “F_Warehouse”, supports […]
Intelligence / April 16, 2024
Amidst rising tensions with China in the SCS, Resecurity observed a spike in malicious cyber activity targeting the Philippines in Q1 2024. Amidst rising tensions with China in the South China Sea, Resecurity has observed a significant spike in malicious cyber activity targeting the Philippines in Q1 2024, increasing nearly 325% compared to the same period […]
Cyber warfare / April 16, 2024
Czech transport minister warned that Russia conducted âthousandsâ of attempts to sabotage railways, attempting to interfere with train networks and signals. Early this month, the Czech transport minister Martin Kupka warned that Russia has conducted ‘thousands’ of attempts to sabotage European railways. The Czech Republicâs transport minister told the Financial Times that the attacks aim […]
Cyber Crime / April 16, 2024
The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker Nexperia and the theft of 1 TB of data from the company. The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB of the company’s data. Nexperia is a semiconductor manufacturer headquartered in Nijmegen, the Netherlands. It […]
Cyber Crime / April 15, 2024
Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. Cisco Duo warns of a data breach involving one of its telephony suppliers, compromising multifactor authentication (MFA) messages sent to customers via SMS and VOIP. The […]
Hacking / April 15, 2024
The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities in Moscow and beyond the Russian capital using a destructive ICS malware dubbed Fuxnet. The […]
Hacking / April 15, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added the CVE-2024-3400Â Palo Alto Networks PAN-OS Command Injection vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2024-3400 (CVSS score of 10.0) is a critical command injection vulnerability […]
APT / April 15, 2024
Threat actors have been exploiting the recently disclosed zero-day in Palo Alto Networks PAN-OS since March 26, 2024. Palo Alto Networks and Unit 42 are investigating the activity related to CVE-2024-3400 PAN-OS flaw and discovered that threat actors have been exploiting it since March 26, 2024. CVE-2024-3400 (CVSS score of 10.0) is a critical command […]
Cyber Crime / April 15, 2024
A joint investigation conducted by U.S. and Australian authorities led to the arrest of two key figures behind the Firebird RAT operation. A joint law enforcement operation conducted by the Australian Federal Police (AFP) and the FBI resulted in the arrest and charging of two individuals suspected of creating and selling the Firebird RAT, which […]
Cyber Crime / April 14, 2024
A threat actor claimed the hack of the Canadian retail chain Giant Tiger and leaked 2.8 million records on a hacker forum. A threat actor, who goes online with the moniker ShopifyGUY, claimed responsibility for hacking the Canadian retail chain Giant Tiger and leaked 2.8 million records on a hacker forum. Giant Tiger is a Canadian discount store […]
Breaking News / April 14, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Crooks manipulate GitHub’s search results to distribute malware BatBadBut flaw allowed an attacker to perform command […]
Cyber Crime / April 13, 2024
Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that threat actors are manipulating GitHub search results to deliver persistent malware to developers systems. Attackers behind this campaign create malicious repositories with popular names and topics, they were observed using techniques like automated updates and fake […]
Security / April 13, 2024
A critical vulnerability, named âBatBadButâ, impacts multiple programming languages, its exploitation can lead to command injection in Windows applications. The cybersecurity researcher RyotaK (@ryotkak ) discovered a critical vulnerability, dubbed BatBadBut, which impacts multiple programming languages. When specific conditions are satisfied, an attacker can exploit the flaw to perform command injection on Windows. “The BatBadBut is a vulnerability […]
Data Breach / April 12, 2024
Roku announced that 576,000 accounts were compromised in a new wave of credential stuffing attacks. Roku announced that 576,000 accounts were hacked in new credential stuffing attacks, threat actors used credentials stolen from third-party platforms. âCredential stuffing is a type of attack in which hackers use automation and lists of compromised usernames and passwords to defeat […]
Cyber Crime / April 12, 2024
Crooks targeted a LastPass employee using deepfake technology to impersonate the company’s CEO in a fraudulent scheme. In a fraudulent scheme, criminals used deepfake technology to impersonate LastPass ‘s CEO, targeting an employee of the company. The attack occurred this week, but the employed recognized the attack and the attempt failed. According to the password […]
Cyber Crime / April 12, 2024
TA547 group is targeting dozens of German organizations with an information stealer called Rhadamanthys, Proofpoint warns. Proofpoint researchers observed a threat actor, tracked as TA547, targeting German organizations with an email campaign delivering the Rhadamanthys malware. TA547 is a financially motivated threat actor that has been active since at least November 2017, it was observed conducting multiple […]
Security / April 11, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added the following D-Link multiple NAS devices flaws to its Known Exploited Vulnerabilities (KEV) catalog: The flaw CVE-2024-3272 is a Use of Hard-Coded Credentials Vulnerability impacting D-Link Multiple NAS […]
Data Breach / April 11, 2024
Business intelligence software company Sisense suffered a cyberattack that may have exposed sensitive information of major enterprises worldwide. Sisense, a business intelligence software company, experienced a cyberattack potentially exposing the sensitive data of global enterprises. The list of the company’s customers includes Nasdaq, Philips Healthcare, Verizon, and many others. The cyber attack made the headlines […]
Security / April 11, 2024
Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – The company reported that a packet processing […]
Security / April 11, 2024
Apple is warning iPhone users in over 90 countries of targeted mercenary spyware attacks, Reuters agency reported. Apple is alerting iPhone users in 92 countries about mercenary spyware attacks, reported Reuters. Reuters only mentioned India as one of the countries where users were targeted by the attacks. According to a threat notification email sent to […]
Security / April 11, 2024
Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware. Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed […]
Data Breach / April 10, 2024
Group Health Cooperative of South Central Wisconsin disclosed a data breach that impacted over 500,000 individuals. The Group Health Cooperative of South Central Wisconsin (GHC-SCW) is a non-profit organization that provides health insurance and medical care services to its members in the Madison metropolitan area of Wisconsin. The organization disclosed a data breach after a […]
Data Breach / April 10, 2024
AT&T confirmed that the data breach impacted 51 million former and current customers and is notifying them. AT&T revealed that the recently disclosed data breach impacts more than 51 million former and current customers and is notifying them. In March 2024, more than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached forum, vx-underground […]
Security / April 10, 2024
Fortinet addressed multiple issues in FortiOS and other products, including a critical remote code execution flaw in FortiClientLinux. Fortinet fixed a dozen vulnerabilities in multiple products, including a critical-severity remote code execution (RCE) issue, tracked as CVE-2023-45590 (CVSS score of 9.4), in FortiClientLinux. The vulnerability is an Improper Control of Generation of Code (‘Code Injection’) […]
Breaking News / April 10, 2024
Microsoft Patches Tuesday security updates for April 2024 addressed three Critical vulnerabilities, none actively exploited in the wild. Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues from Microsoft this year and the largest since at least 2017. The issues impact Microsoft […]
Uncategorized / April 10, 2024
As technology evolves and our dependence on digital systems increases, the cybersecurity threat landscape also rapidly changes, posing fresh challenges for organizations striving to protect their assets and data. The battle between cybersecurity defenders and malicious actors rages on in the vast digital expanse of today’s interconnected world. As technology advances and our reliance on […]
Hacking / April 09, 2024
Researchers found multiple vulnerabilities in LG webOS running on smart TVs that could allow attackers to gain root access to the devices. Bitdefender researchers discovered multiple vulnerabilities in LG webOS running on smart TVs that could be exploited to bypass authorization and gain root access on the devices. The vulnerabilities discovered by the researchers impact […]
Cyber Crime / April 09, 2024
Researchers discovered a sophisticated multi-stage attack that leverages ScrubCrypt to drop VenomRAT along with many malicious plugins. Fortinet researchers observed a threat actor sending out a phishing email containing malicious Scalable Vector Graphics (SVG) files. The email is crafted to trick recipients into clicking on an attachment, which downloads a ZIP file containing a Batch […]
Security / April 09, 2024
Google announced support for a V8 Sandbox in the Chrome web browser to protect users from exploits triggering memory corruption issues. Google has announced support for what’s called a V8 Sandbox in the Chrome web browser. The company included the V8 Sandbox in Chrome’s Vulnerability Reward Program (VRP). Chrome 123 is a sort of “beta” release for the sandbox designed to […]
Security / April 09, 2024
China-linked threat actors are using AI to carry out influence operations aimed at fueling social disorders in the U.S. and Taiwan. China is using generative artificial intelligence to carry out influence operations against foreign countries, including the U.S. and Taiwan, and fuel social disorders. According to the report published by the Microsoft Threat Analysis Center […]
Data Breach / April 08, 2024
Greylock McKinnon Associates, a service provider for the Department of Justice, suffered a data breach that exposed data of 341650 people. Greylock McKinnon Associates (GMA) provides expert economic analysis and litigation support to a diverse group of domestic and international clients in the legal profession, the business community, and government agencies, including the Department of […]
Hacking / April 08, 2024
Zero-day broker firm Crowdfense announced a 30 million USD offer as part of its Exploit Acquisition Program. Crowdfense is a world-leading research hub and acquisition platform focused on high-quality zero-day exploits and advanced vulnerability research. In 2019 the company made the headlines for its 10M USD bug bounty program along with its unique âVulnerability Research […]
Hacking / April 08, 2024
The U.S. Department of Health and Human Services (HHS) warns of attacks against IT help desks across the Healthcare and Public Health (HPH) sector. The U.S. Department of Health and Human Services (HHS) reported that threat actors are carrying out attacks against IT help desks across the Healthcare and Public Health (HPH) sector. The Health […]
Breaking News / April 07, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 Cisco warns of XSS flaw […]
Hacking / April 07, 2024
A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models. A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as , tracked as CVE-2024-3273, that impacts multiple end-of-life D-Link Network Attached Storage (NAS) device models. The flaw affects […]
Security / April 06, 2024
Experts warn of roughly 16,500 Ivanti Connect Secure and Poly Secure gateways still vulnerable to a remote code execution (RCE) flaw. Shadowserver researchers reported that roughly 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to the recently reported RCE flaw CVE-2024-21894. This week the company released security updates to address four security flaws […]
Security / April 06, 2024
Cisco warns customers of Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site scripting flaw. Cisco warns of a Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers Cross-Site scripting (XSS) flaw. The medium severity issue, tracked as CVE-2024-20362 (CVSS score 6.1), resides in the web-based management interface of Cisco Small Business […]
Hacking / April 05, 2024
Threat actors are exploiting critical Magento vulnerability CVE-2024-20720 to install a persistent backdoor on e-stores. Sansec researchers observed threat actors are exploiting the recently disclosed Magento vulnerability CVE-2024-20720 to deploy a persistent backdoor on e-stores. The vulnerability CVE-2024-20720Â (CVSS score of 9.1) is an OS Command (‘OS Command Injection’) vulnerability that could lead to arbitrary code […]
Cyber Crime / April 05, 2024
US hotel chain Omni Hotels & Resorts suffered a cyber attack that forced the company to shut down its systems. A cyberattack hit Omni Hotels & Resorts disrupting its services and forcing the company to shut down its systems. The hotel chain did not share details about the attack, however, the effects reported in the […]
Security / April 05, 2024
HTTP/2 CONTINUATION Flood: Researchers warn of a new HTTP/2 vulnerability that can be exploited to conduct powerful denial-of-service (DoS) attacks. HTTP messages can contain named fields in both header and trailer sections. CERT/CC experts explained that both header and trailer fields are serialized as field blocks in HTTP/2 to transmit them in multiple fragments to […]
Data Breach / April 04, 2024
US cancer center City of Hope suffered a data breach that impacted 800,000 individuals, personal and health information was compromised. City of Hope is a renowned cancer research and treatment center located in Duarte, California, United States. It is recognized for its comprehensive cancer care, innovative research, and compassionate patient support services. City of Hope […]
Security / April 04, 2024
Ivanti addressed four flaws impacting Connect Secure and Policy Secure Gateways that could lead to code execution and denial-of-service (DoS) condition. Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of vulnerabilities addressed by the company […]
Cyber Crime / April 04, 2024
Jackson County, Missouri, confirmed that a ransomware attack has disrupted several county services. A ransomware attack disrupted several services of the Jackson County, Missouri. The County Executive Frank White, Jr. declared a state of emergency. “Jackson County has confirmed a ransomware attack was responsible for the disruption of several county services today.” reads the statement […]
Hacking / April 03, 2024
Google fixed another Chrome zero-day vulnerability exploited during the Pwn2Own hacking competition in March. Google has addressed another zero-day vulnerability in the Chrome browser, tracked as CVE-2024-3159, that was exploited during the Pwn2Own hacking competition in March, 2024. The vulnerability CVE-2024-3159 is an out of bounds memory access in V8 JavaScript engine. The flaw was demonstrated […]
Malware / April 03, 2024
Resecurity researchers warn that a new Version of JsOutProx is targeting financial institutions in APAC and MENA via Gitlab abuse. Resecurity has detected a new version of JSOutProx, which is targeting financial services and organizations in the APAC and MENA regions. JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET. It employs the […]
Security / April 03, 2024
Google addressed several vulnerabilities in Android and Pixel devices, including two actively exploited flaws. Google addressed 28 vulnerabilities in Android and 25 flaws in Pixel devices. Two issues fixed by the IT giant, tracked as CVE-2024-29745 and CVE-2024-29748, are actively exploited in the wild. The most critical flaw addressed by the company impacts the System […]
Data Breach / April 03, 2024
Serious security breach hits EU police agency A batch of highly sensitive files containing the personal information of top Europol executives mysteriously disappeared last summer The website Politico reported that the Europol has suffered a serious security breach, a batch of sensitive files of top law enforcement officials, including Europol Executive Director Catherine De Bolle, […]
Hacking / April 02, 2024
A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection. Researchers from Defiantâs Wordfence research team disclosed a cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin that can lead to malicious script injection. The Unauthenticated Stored Cross-Site Scripting vulnerability was reported to Wordfence by the WordPress […]
Security / April 02, 2024
Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the âxzâ tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10. Red Hat urges users to immediately stop using […]
Laws and regulations / April 02, 2024
Google is going to delete data records related to the ‘Incognito Mode’ browsing activity to settle a class action lawsuit. Google has agreed to delete billions of data records related to users’ browsing activities in ‘Incognito Mode’ to settle a class action lawsuit. The class action, filed in 2020 by law firm Boies Schiller Flexner, […]
Data Breach / April 02, 2024
Threat actors claimed the hack of the PandaBuy online shopping platform and leaked data belonging to more than 1.3 million customers. At least two threat actors claimed the hack of the PandaBuy online shopping platform and leaked data of more than 1.3 million customers on a cybercrime forum. The member of the BreachForums ‘Sanggiero’ announced […]
Data Breach / April 01, 2024
The OWASP Foundation disclosed a data breach that impacted some members due to a misconfiguration of an old Wiki web server. The OWASP Foundation has disclosed a data breach that impacted some of its members. The OWASP (Open Web Application Security Project) Foundation is a nonprofit organization focused on improving the security of software. It […]
Malware / April 01, 2024
Researchers detected a new version of the Vultur banking trojan for Android with enhanced remote control and evasion capabilities. Researchers from NCC Group discovered a new version of the Vultur banking trojan for Android that includes new enhanced remote control and evasion capabilities. Some of the new features implemented in this variant include the ability […]
Cyber warfare / April 01, 2024
The US government announced establishing the Office of the Assistant Secretary of Defense for Cyber Policy. The US Defense Department announced establishing the Office of the Assistant Secretary of Defense for Cyber Policy (ASD(CP)) as directed in the National Defense Authorization Act for Fiscal Year 2023. The ASD(CP) will oversee DoD policy for cyber operations […]
Malware / April 01, 2024
Experts warn of info stealer malware, including Atomic Stealer, targeting Apple macOS users via malicious ads and rogue websites. Jamf Threat Labs researchers analyzed info stealer malware attacks targeting macOS users via malicious ads and rogue websites. One of the attacks spotted by the researchers relied on sponsored ads proposed to the users while searching […]
Breaking News / March 31, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Expert found a backdoor in XZ tools used many Linux distributions German BSI warns of 17,000 […]
Malware / March 31, 2024
A Linux variant of the DinodasRAT backdoor used in attacks against users in China, Taiwan, Turkey, and Uzbekistan, researchers from Kaspersky warn. Researchers from Kaspersky uncovered a Linux version of a multi-platform backdoor DinodasRAT that was employed in attacks targeting China, Taiwan, Turkey, and Uzbekistan. DinodasRAT (aka XDealer) is written in C++ and supports a broad range of capabilities to […]
Data Breach / March 31, 2024
AT&T confirmed that a data breach impacted 73 million current and former customers after its data were leaked on a cybercrime forum. In March 2024, more than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached forum, vx-underground researchers reported. The researchers confirmed that the leaked data is legitimate, however, it is […]
Malware / March 30, 2024
Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest versions of the âxzâ tools and libraries. Red Hat Information Risk and Security and Red […]
Security / March 30, 2024
The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. The German Federal Office for Information Security (BSI) issued an alert about at least 17,000 Microsoft Exchange servers in the country that are vulnerable to one or more critical vulnerabilities. The BSI also added […]
Hacking / March 29, 2024
Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. The company published a document containing recommendations against password spray attacks aimed at Remote […]
Data Breach / March 29, 2024
Hot Topic suffered credential stuffing attacks that exposed customers’ personal information and partial payment data. Hot Topic, Inc. is an American fast-fashion company specializing in counterculture-related clothing and accessories, as well as licensed music. The company was the victim of credential stuffing attacks against its website and mobile application on November 18-19 and November 25, 2023. The attackers detected suspicious login activity […]
Security / March 28, 2024
Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to trigger a denial-of-service (DoS) condition. Cisco this week released patches to address multiple IOS and IOS XE software vulnerabilities. An unauthenticated attacker can exploit several issues fixed by the IT giant to cause a denial-of-service (DoS) condition. Below are the […]
Hacking / March 28, 2024
Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. Google’s Threat Analysis Group (TAG) and its subsidiary Mandiant reported that in 2023 97 zero-day vulnerabilities were exploited in attacks, while in 2022 the actively exploited zero-day flaws were 62. In 2023, Google (TAG) and […]
Security / March 28, 2024
Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024. Google addressed several vulnerabilities in the Chrome web browser this week, including two zero-day vulnerabilities, tracked as CVE-2024-2886 and CVE-2024-2887, which were demonstrated during the Pwn2Own Vancouver 2024 hacking competition. The high-severity vulnerability CVE-2024-2886 is a […]
Security / March 27, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the 2023 Pwn2Own to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added the CVE-2023-24955Â Microsoft SharePoint Server Code Injection Vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Microsoft addressed the remote code execution flaw in SharePoint Server, […]
Security / March 27, 2024
This is the advantage of Data Detection and Response (DDR) for organizations aiming to build a real-time data defense. In cybersecurity, and in life, by the time you find out that something went wrong it is often too late. The advantage of Data Detection and Response (DDR) is that you no longer have to wait […]
APT / March 27, 2024
The Finnish Police attributed the attack against the parliament that occurred in March 2021 to the China-linked group APT31. The Finnish Police attributed the March 2021 attack on the parliament to the China-linked group APT31. The Finnish authorities investigated multiple offenses, including aggravated espionage, aggravated unlawful access to an information system, and aggravated violation of […]
Malware / March 26, 2024
A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. The Black Lotus Labs team at Lumen Technologies uncovered an updated version of âTheMoonâ bot targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices. The new version of the bot has been […]
APT / March 26, 2024
UK, Australia and New Zealand are accusing China-linked threat actors of cyber operations against UK institutions and parliamentarians. GCHQâs National Cyber Security Centre believes that China-linked cyberespionage group APT31 was responsible for cyber attacks against UK parliamentariansâ emails in 2021. The UK intelligence believes that China-linked threat actors also compromised the UK Electoral Commissionâs systems […]
APT / March 26, 2024
The US Treasury Department announced sanctions on two APT31 Chinese hackers linked to attacks against organizations in the US critical infrastructure sector. The US government announced sanctions against a pair of Chinese hackers (Zhao Guangzong and Ni Gaobin), alleged members of the China-linked APT31 group, who are responsible for âmalicious cyber operations targeting U.S. entities that operate […]
Security / March 25, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-48788 (CVSS score 9.3) is a critical pervasive SQL injection issue that resides […]
APT / March 25, 2024
In recent campaigns, Iran-linked APT group MuddyWater used a legitimate Remote Monitoring and Management (RMM) solution called Atera. Proofpoint researchers observed the Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, TA450, and Static Kitten) was behind a new phishing campaign in March 2024 that attempted to drop a legitimate Remote Monitoring and Management (RMM) solution called Atera on the target systems. […]
Cyber Crime / March 25, 2024
Researchers reported that over 100 organizations in Europe and US were targeted by a wave of large-scale StrelaStealer campaigns Palo Alto Networks’ Unit42 spotted a wave of large-scale StrelaStealer campaigns impacting over 100 organizations across the EU and US. The threat actors sent out spam emails with attachments that eventually launched the StrelaStealer malware. The […]
Hacking / March 25, 2024
Researchers demonstrated a new side-channel attack, named GoFetch, against Apple CPUs that could allow an attacker to obtain secret keys. A team of researchers from several US universities demonstrated a new microarchitectural side-channel attack named GoFetch that could allow attackers to extract secret keys from systems using Apple CPUs. GoFetch side-channel attack can extract secret […]
Breaking News / March 24, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Russia-linked APT29 targeted German political parties with WINELOADER backdoor Mozilla fixed Firefox zero-days exploited at Pwn2Own […]
Cyber Crime / March 24, 2024
During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams. During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams, coinciding with a surge in retail and online transactions. Middle Eastern enterprises, facing this heightened risk, are urged to bolster consumer protection and reinforce their […]
APT / March 23, 2024
Russia-linked threat actors employ the WINELOADER backdoor in recent attacks targeting German political parties. In late February, Mandiant researchers spotted the Russia-linked group APT29 using a new variant of the WINELOADER backdoor to target German political parties with a CDU-themed lure. This is the first time Mandiant observed the APT29 subcluster targeting political parties, suggesting […]
Hacking / March 23, 2024
Mozilla addressed two Firefox zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2024 hacking competition. Mozilla has done an amazing job addressing two zero-day vulnerabilities in the Firefox web browser exploited during the recent Pwn2Own Vancouver 2024 hacking competition. The researcher Manfred Paul (@_manfp), who won the competition, exploited the two vulnerabilities, respectively tracked CVE-2024-29944 and […]
Hacking / March 23, 2024
A large-scale malware campaign, tracked as Sign1, has already compromised 39,000 WordPress sites in the last six months. Sucurity researchers at Sucuri spotted a malware campaign, tracked as Sign1, which has already compromised 39,000 WordPress sites in the last six months. The experts discovered that threat actors compromised the websites implanting malicious JavaScript injections that […]
Cyber Crime / March 23, 2024
The German police seized the infrastructure of the darknet marketplace Nemesis Market disrupting its operation. An operation conducted by the Federal Criminal Police Office in Germany (BKA) and the Frankfurt cybercrime combating unit (ZIT) led to the seizure of the infrastructure of the darknet marketplace Nemesis Market in Germany and Lithuania. “On Wednesday , the […]
Hacking / March 22, 2024
A flaw in Dormakaba Saflok electronic locks, dubbed Unsaflok, can allow threat actors to open millions of doors worldwide. Researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana discovered a series of vulnerabilities, collectively named Unsaflok, in Dormakaba Saflok electronic RFID locks. The researchers explained that the issues be chained to forge keycards. Dormakaba Saflok electronic RFID […]
Hacking / March 22, 2024
Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned $1,132,500 for demonstrating 29 unique zero-days. Trend Microâs Zero Day Initiative (ZDI) announced that participants earned $1,132,500 on the Pwn2Own Vancouver 2024 hacking competition for demonstrating 29 unique zero-days. On day one, the Team Synacktiv successfully demonstrated exploits against a Tesla car. The researcher Manfred […]
Hacking / March 21, 2024
Researchers released a PoC exploit for a critical flaw in Fortinet’s FortiClient Enterprise Management Server (EMS) software, which is actively exploited. Security researchers at Horizon3 have released a proof-of-concept (PoC) exploit for a critical vulnerability, tracked as CVE-2023-48788 (CVSS score 9.3), in Fortinet’s FortiClient Enterprise Management Server (EMS) software. The vulnerability is now actively exploited […]
Hacking / March 21, 2024
Participants earned $732,500 on the first day of the Pwn2Own Vancouver 2024 hacking competition, a team demonstrated a Tesla hack. Participants earned $732,000 on the first day of the Pwn2Own Vancouver 2024 hacking competition for demonstrating 19 unique zero-days, announced Trend Microâs Zero Day Initiative (ZDI). The experts successfully demonstrated exploits against a Tesla car, […]
Hacking / March 21, 2024
Boffins devised a new application-layer loop DoS attack based on the UDP protocol that impacts major vendors, including Broadcom, Microsoft and MikroTik. Researchers from the CISPA Helmholtz Center for Information Security (Germany) devised a new denial-of-service (DoS) attack, called loop DoS attack, that hundreds of thousands of internet-facing systems from major vendors. The attack consists […]
Security / March 20, 2024
Atlassian fixed tens of vulnerabilities in Bamboo, Bitbucket, Confluence, and Jira products, including a critical flaw that can be very dangerous. Atlassian addressed multiple vulnerabilities in its Bamboo, Bitbucket, Confluence, and Jira products. The most severe vulnerability, tracked as CVE-2024-1597 (CVSS score of 10), is a SQL injection flaw that impacts the org.postgresql:postgresql third-party dependency of Bamboo […]
Breaking News / March 20, 2024
Multiple threat actors are exploiting the recently disclosed JetBrains TeamCity flaw CVE-2024-27198 in attacks in the wild. Trend Micro researchers are exploiting the recently disclosed vulnerabilities CVE-2024-27198Â (CVSS score: 9.8) and CVE-2024-27199 (CVSS score 7.3) security flaws in JetBrains TeamCity to deploy multiple malware families and gain administrative control over impacted systems. In early March, Rapid7 […]
Hacking / March 20, 2024
Researchers found a new variant of the BunnyLoader malware with a modular structure and new evasion capabilities. In October 2023, Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) called BunnyLoader, which was advertised for sale in multiple cybercrime forums since September 4, 2023. The BunnyLoader malware loader is written in C/C++ and is sold on various forums for […]
Hacking / March 20, 2024
The Pokemon Company resets some users’ passwords in response to hacking attempts against some of its users. The Pokemon Company announced it had reset the passwords for some accounts after it had detected hacking attempts, Techcrunch first reported. The company was likely the target of credential stuffing attacks. Credential stuffing is an attack in which hackers […]
Cyber Crime / March 19, 2024
Ukraine cyber police, along with the national police, arrested three hackers attempting to sell 100 million compromised emails and Instagram accounts. The Ukraine cyber police and the national police have arrested three individuals who are suspected to have hacked over 100 million emails and Instagram accounts worldwide and offered them for sale. The three men […]
Cyber warfare / March 19, 2024
A new variant of the Russia-linked wiper AcidRain, tracked as AcidPour, was spotted targeting Linux x86 devices. A new variant of a data wiper AcidRain, tracked as AcidPour, is specifically designed for targeting Linux x86 devices has been detected in the wild. Researchers at SentinelLabs first discovered the wiper AcidRain in March 2022. The malware […]
Hacking / March 19, 2024
On Sunday, two competitive esports players were hacked while participating at the Apex Legends Global Series tournament. Electronic Arts postponed the North American (NA) finals of the Apex Legends Global Series tournament after two competitive esports players were hacked during a match. The Apex Legends Global Series (ALGS) is the premier esports tournament for Apex Legends. It’s […]
APT / March 19, 2024
Trend Micro uncovered a sophisticated campaign conducted by Earth Krahang APT group that breached 70 organizations worldwide. Trend Micro researchers uncovered a sophisticated campaign conducted by a threat actor tracked as Earth Krahang while investigating the activity of China-linked APT Earth Lusca. The campaign seems active since at least early 2022 and focuses primarily on […]
Hacking / March 18, 2024
Fortra addressed a critical remote code execution vulnerability impacting its FileCatalyst file transfer product. Fortra has released updates to address a critical vulnerability, tracked as CVE-2024-25153 (CVSS score 9.8) impacting its FileCatalyst file transfer solution. A remote, unauthenticated attacker can exploit their vulnerability to execute arbitrary code on impacted servers. “A directory traversal within the âftpservletâ of the FileCatalyst […]
Hacking / March 18, 2024
Technology giant Fujitsu announced it had suffered a cyberattack that may have resulted in the theft of customer information. Japanese technology giant Fujitsu on Friday announced it had suffered a malware attack, threat actors may have stolen personal and customer information. The company revealed that multiple work computers were infected with malware, in response to […]
Hacking / March 18, 2024
A critical vulnerability in WordPress miniOrange’s Malware Scanner and Web Application Firewall plugins can allow site takeover. On March 1st, 2024, WordPress security firm Wordfence received a submission for a Privilege Escalation vulnerability in miniOrangeâs Malware Scanner as part of the company Bug Bounty initiative Extravaganza. This WordPress plugin has more than 10,000+ active installations. The […]
Uncategorized / March 18, 2024
Resecurity reported about the increasing wave of cyber incidents targeting the aerospace and aviation sectors. The experts emphasized the importance of rigorous cybersecurity risk assessments for airports and proactive threat intelligence in the context of the activity of major ransomware groups and advanced threat actors. As geopolitical tensions rise globally, there’s a heightened risk of […]
Hacking / March 18, 2024
Threat actors compromised at least 11 International Monetary Fund (IMF) email accounts earlier this year, the organization revealed. The International Monetary Fund (IMF) disclosed a security breach, threat actors compromsed 11 email accounts earlier this year. The agency discovered the incident on February 16, 2024, and immediately launched an investigation with the help of cybersecurity […]
Data Breach / March 17, 2024
Researchers at vx-underground first noticed that more than 70,000,000 records from AT&T were leaked on the Breached hacking forum. More than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached, vx-underground researchers reported. The researchers confirmed that the leaked data is legitimate, however, it is still unclear if the information was stolen […]
Hacking / March 17, 2024
Cybersecurity researchers discovered multiple GitHub repositories hosting cracked software that are used to drop the RisePro info-stealer. G-Data researchers found at least 13 such Github repositories hosting cracked software designed to deliver the RisePro info-stealer. The experts noticed that this campaign was named âgitgubâ by its operators. The researchers started the investigation following Arstechnicaâs story about […]
Breaking News / March 17, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. France Travail data breach impacted 43 Million people Scranton School District in Pennsylvania suffered a ransomware […]
Data Breach / March 16, 2024
Unemployment agency France Travail (PĂŽle Emploi) recently suffered a data breach that could impact 43 million people. On August 2023, the French government employment agency PĂŽle emploi suffered a data breach and notified 10 million individuals impacted by the security breach. The press release published by the agency states that its information systems are not […]
Cyber Crime / March 16, 2024
School districts continue to be under attack, schools in Scranton, Pennsylvania, are suffering a ransomware attack. This week, schools in Scranton, Pennsylvania, experienced a ransomware attack, resulting in IT outages. The Scranton School District is working with third-party forensic specialists to investigate the security breach and restore impacted systems. âThe attack is causing a temporary […]
Breaking News / March 16, 2024
North Korea-linked Lazarus APT group allegedly using again the mixer platform Tornado Cash to launder $23 million. North Korea-linked Lazarus APT group allegedly has reportedly resumed using the mixer platform Tornado Cash to launder $23 million. Blockchain cybersecurity firm Elliptic linked the theft of $112.5 million from exchange HTX, which took place in November 2023, […]
Cyber Crime / March 15, 2024
US DoJ sentenced a Moldovan national (31) to 42 months in federal prison for operating the E-Root cybercrime marketplace. U.S. District Court sentenced the Moldovan national (31) Sandu Boris Diaconu to 42 months in federal prison for conspiracy to commit access device and computer fraud and possession of 15 or more unauthorized access devices. Diaconu […]
Cyber warfare / March 15, 2024
Russian hackers have knocked down the GPS and communications of Defence Secretary Grant Shapps RAF Dassault Falcon 900 jet with electronic warfare attack. Defence Secretary Grant Shapps RAF Dassault Falcon 900 jet flew from Poland, where he visited British troops in Steadfast Defender, to the UK. The UK defence chief confirmed the complete support of […]
Security / March 14, 2024
Cisco this week addressed high-severity elevation of privilege and denial-of-service (DoS) vulnerabilities in IOS RX software. Cisco addressed multiple vulnerabilities in IOS RX software, including three high-severity issues that can be exploited to elevate privileges and trigger a denial-of-service (DoS) condition. The vulnerability CVE-2024-20320 is a Cisco IOS XR Software SSH privilege escalation vulnerability. The […]
Malware / March 14, 2024
Researchers recently uncovered a DarkGate campaign in mid-January 2024, which exploited Microsoft zero-day vulnerability. Researchers at the Zero Day Initiative (ZDI) recently uncovered a DarkGate campaign in mid-January 2024, which exploited the Windows zero-day flaw CVE-2024-21412 using fake software installers. CVE-2024-21412Â (CVSS score 8.1) is an Internet Shortcut Files Security Feature Bypass Vulnerability. An unauthenticated attacker […]
Data Breach / March 14, 2024
The ransomware attack that hit the systems of Nissan Oceania in December 2023 impacted roughly 100,000 individuals. Nissan Oceania, the regional division of the multinational carmaker, announced in December 2023 that it had suffered a cyber attack and launched an investigation into the incident. Nissan immediately notified the Australian Cyber Security Centre and the New […]
Hacking / March 14, 2024
Researchers analyzed ChatGPT plugins and discovered several types of vulnerabilities that could lead to data exposure and account takeover. Researchers from Salt Security discovered three types of vulnerabilities in ChatGPT plugins that can be could have led to data exposure and account takeovers. ChatGPT plugins are additional tools or extensions that can be integrated with […]
Security / March 13, 2024
Fortinet released security updates to address critical code execution vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS. Fortinet this week has released security updates to fix critical code execution vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS. The first vulnerability is an out-of-bounds write issue, tracked as CVE-2023-42789 (CVSS score 9.3), it can be exploited to execute unauthorized code […]
Data Breach / March 13, 2024
Acer Philippines disclosed a data breach after employee data was leaked by a threat actor on a hacking forum. Acer Philippines confirmed that employee data was compromised in an attack targeting a third-party service provider. Acer Inc. is a Taiwanese multinational company that produces computer hardware and electronics, Acer is investigating the security breach with the help […]
Cyber Crime / March 13, 2024
Threat actors behind the ransomware attacks that hit Stanford University in 2023 gained access to 27,000 people. Stanford University confirmed that threat actors behind the September 2023 ransomware attack had access to 27,000 people. The prestigious US university was the victim of a ransomware attack carried out by the Akira ransomware group. The Akira ransomware gang claimed […]
Security / March 12, 2024
Microsoft Patch Tuesday security updates for March 2024 addressed 59 security vulnerabilities in its products, including RCE flaws. Microsoft released Patch Tuesday security updates for March 2023 that address 59 security vulnerabilities in its products. The IT giant addressed vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; Azure; .NET Framework and Visual […]
Intelligence / March 12, 2024
Russiaâs Foreign Intelligence Service (SVR) claims that the US intelligence plans to interfere with its presidential election. Russia’s Foreign Intelligence Service (SVR) alleges that the US is plotting to interfere in its upcoming presidential election scheduled this month. According to SVR, US nation-state actors plan to launch cyber attacks against Russian voting systems to disrupt […]
Breaking News / March 12, 2024
Russian authorities have detained a South Korean national on cyber espionage charges, it is the first time for a Korean citizen. Russian authorities have arrested a South Korean citizen on charges of cyber espionage, marking the first instance involving a Korean national. “During the investigation of an espionage case, a South Korean citizen Baek Won-soon […]
Cyber Crime / March 12, 2024
Threat actors can abuse QR codes to carry out sophisticated scams, as reported by the Italian Postal Police in its recent alert. As is well known, QR codes are two-dimensional barcodes that can be read with a smartphone or other hand-held device. They are widely used to access information, services, or online payments quickly and […]
Hacking / March 11, 2024
A series of âintenseâ cyberattacks hit multiple French government agencies, revealed the prime ministerâs office. “Several “intense” cyberattacks targeted multiple French government agencies since Sunday night, as disclosed by the prime minister’s office.” The French minister’s office did not provide details about the attacks, however, the French agencies were likely hit with distributed denial-of-service (DDoS) […]
Hacking / March 11, 2024
BianLian ransomware group was spotted exploiting vulnerabilities in JetBrains TeamCity software in recent attacks. Researchers from GuidePoint Security noticed, while investigating a recent attack linked to the BianLian ransomware group, that the threat actors gained initial access to the target by exploiting flaws in a TeamCity server. The BianLian ransomware emerged in August 2022, the […]
Hacking / March 11, 2024
Researchers released technical specifics and a PoC exploit for a recently disclosed flaw in Progress Software OpenEdge Authentication Gateway and AdminServer. Researchers from Horizon3.ai have published technical details and a proof-of-concept (PoC) exploit for the critical security flaw CVE-2024-1403 in Progress Software OpenEdge Authentication Gateway and AdminServer. “The Progress OpenEdge team recently identified a security […]
Cyber Crime / March 11, 2024
The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. A financially motivated threat actor named Magnet Goblin made the headlines for rapidly adopting and exploiting 1-day vulnerabilities, CheckPoint warned. The group focuses on internet-facing services, in at least one instance the group exploited the […]
Hacking / March 11, 2024
Threat actors are hacking WordPress sites by exploiting a vulnerability, tracked as CVE-2023-6000, in old versions of the Popup Builder plugin. In January, Sucuri researchers reported that Balada Injector malware infected over 7100 WordPress sites using a vulnerable version of the Popup Builder WordPress plugin. Sucurity reported that on December 13th, the Balada Injector campaign started infecting […]
Intelligence / March 10, 2024
A report published by Lithuanian security services warned that China has escalated its espionage operations against Lithuania. A report released by Lithuanian security services has cautioned that China has intensified espionage activities targeting Lithuania. Previously, the government of Beijing was interested in information about the âfive poisonsâ (Taiwan, Hong Kong, Tibet, Xinjiang, and Falun Gong) […]
Breaking News / March 10, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Threat actors breached two crucial systems of the US CISA CISA adds JetBrains TeamCity bug to […]
Hacking / March 09, 2024
Threat actors hacked the systems of the Cybersecurity and Infrastructure Security Agency (CISA) by exploiting Ivanti flaws. The US Cybersecurity and Infrastructure Security Agency (CISA) agency was hacked in February, the Recorded Future News first reported. In response to the security breach, the agency had to shut down two crucial systems, as reported by a […]
Security / March 09, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a JetBrains TeamCity vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-27198 (CVSS Score 9.8) JetBrains TeamCity authentication bypass vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This week Rapid7 researchers disclosed two new critical security vulnerabilities, tracked as CVE-2024-27198 (CVSS score: […]
Hacking / March 09, 2024
Researchers warn that the critical vulnerability CVE-2024-21762 in Fortinet FortiOS could potentially impact 150,000 exposed devices. In February, Fortinet warned that the critical remote code execution vulnerability CVE-2024-21762 (CVSS score 9.6) in FortiOS SSL VPN was actively exploited in attacks in the wild. The security firm did not provide details about the attacks exploiting this vulnerability. The issue […]
Internet of Things / March 08, 2024
QNAP addressed three vulnerabilities in its NAS products that can be exploited to access devices. QNAP addressed three vulnerabilities in Network Attached Storage (NAS) devices that can be exploited to access the devices. The three flaws fixed are: The vulnerability CVE-2024-21899 (CVSS score 9.8) is the most severe of the above issues, it can be […]
Hacking / March 08, 2024
Microsoft revealed that Russia-linked APT group Midnight Blizzard recently breached its internal systems and source code repositories. Microsoft published an update on the attack that hit the company on January 12, 2024, the IT giant revealed that the Russia-linked Midnight Blizzard recently breached again its internal systems and source code repositories. In January, Microsoft warned […]
Security / March 08, 2024
Cisco addressed two high-severity vulnerabilities in Secure Client that could lead to code execution and unauthorized remote access VPN sessions. Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338. Cisco Secure Client is a security tool developed by Cisco that provides VPN (Virtual Private Network) access […]
Data Breach / March 08, 2024
The ransomware attack on Xplain impacted tens of thousands Federal government files, said the National Cyber Security Centre (NCSC) of Switzerland. The National Cyber Security Centre (NCSC) published a data analysis report on the data breach resulting from the ransomware attack on the IT services provider Xplain. The attack took place on May 23, 2023 […]
Cyber Crime / March 07, 2024
The FBI Internet Crime Complaint Center (IC3) 2023 report states that reported cybercrime losses reached $12.5 billion in 2023. The 2023 Internet Crime Report published the FBI’s Internet Crime Complaint Center (IC3) reveals that reported cybercrime losses reached $12.5 billion in 2023. The figure marks a 22% surge in reported losses compared to 2022. In […]
Cyber warfare / March 07, 2024
The national intelligence agency of Moldova warns of hybrid attacks from Russia ahead of the upcoming elections. The Moldovan national intelligence agency warns of hybrid attacks from Russia ahead of the upcoming elections. 2024 is a crucial year for Moldova; like more than 70 other countries worldwide, it will go to the polls, and the […]
Security / March 07, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS and iPadOS memory corruption vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week, Apple released emergency security updates to address two iOS zero-day vulnerabilities, respectively tracked as CVE-2024-23225 and […]
Hacking / March 07, 2024
A new Linux malware campaign campaign is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. Researchers from Cado Security observed a new Linux malware campaign targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. The threat actors behind this campaign employed previously undetected payloads, including four Golang binaries that are used to automate the […]
Breaking News / March 06, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel and Sunhillo SureLine vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The Android Pixel vulnerability, tracked as CVE-2023-21237, resides in applyRemoteView of NotificationContentInflater.java. The exploitation of this vulnerability could lead […]
Cyber Crime / March 06, 2024
Researchers warn that the cybercrime groups GhostSec and Stormous have joined forces in a new ransomware campaign. The GhostSec and Stormous ransomware gang are jointly conducting a ransomware campaign targeting various organizations in multiple countries, Cisco Talos reported. GhostSec is a financially motivated threat actor that is also involved in hacktivism-related operations. The group is […]
Cyber Crime / March 06, 2024
The wide torrent-based accessibility of these leaked victim files ensures the longevity of LockBit 3.0âs harmful impact. While embattled ransomware gang LockBit 3.0 fights for its survival following Operation Cronos, a coordinated takedown of the syndicateâs web infrastructure by global authorities, the availability of victim data leaked by the gang persists via peer-to-peer (P2P) torrent […]
Hacking / March 05, 2024
Apple released emergency security updates to address two new iOS zero-day vulnerabilities actively exploited in the wild against iPhone users. Apple released emergency security updates to address two iOS zero-day vulnerabilities, respectively tracked as CVE-2024-23225 and CVE-2024-23296, that were exploited in attacks against iPhone devices. CVE-2024-23225 is a Kernel memory corruption flaw, the company addressed it […]
Security / March 05, 2024
VMware released urgent patches to address critical ESXi sandbox escape vulnerabilities in the ESXi, Workstation, Fusion and Cloud Foundation products Virtualization giant VMware released urgent updates to fix critical ESXi sandbox escape vulnerabilities in the ESXi, Workstation, Fusion, and Cloud Foundation products. The most severe vulnerabilities can be exploited by an attacker with local admin […]
Laws and regulations / March 05, 2024
The U.S. government sanctioned two individuals and five entities linked to the development and distribution of the Predator spyware used to target Americans. Today, the Department of the Treasuryâs Office of Foreign Assets Control (OFAC) announced actions on two individuals and five entities associated with the Intellexa Consortium for their role in the development and […]
Hacking / March 05, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft Windows Kernel vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-21338 (CVSS Score 7.8) Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. An attacker can exploit this vulnerability to gain SYSTEM privileges. […]
Security / March 05, 2024
Two new security flaws in JetBrains TeamCity On-Premises software can allow attackers to take over affected systems. Rapid7 researchers disclosed two new critical security vulnerabilities, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score:7.3), in JetBrains TeamCity On-Premises. An attacker can exploit the vulnerabilities to take control of affected systems. Below are the descriptions for these vulnerabilities: […]
Cyber warfare / March 05, 2024
The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense claims that it hacked the Russian Ministry of Defense. The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense announced it had breached the Russian Ministry of Defense servers as part of a special operation, and exfiltrated confidential documents. Stolen documents include: The stolen documents […]
Data Breach / March 04, 2024
American Express warns customers that their credit cards were exposed due to a data breach experienced by a third-party merchant processor. American Express (Amex) notifies customers that their credit card information has been compromised in a data breach involving a third-party merchant processor. The company did not disclose the number of impacted customers. “We became […]
Social Networks / March 04, 2024
This is my interview with TRT International on the Meta dispute with EU consumer groups, which are calling on the bloc to sanction the company EU consumer groups are calling on the bloc to sanction the company Meta – which owns Facebook, Instagram and WhatsApp – for allegedly breaching privacy rules. Earlier this week, Meta […]
Hacking / March 04, 2024
Researcher HaxRob discovered a previously undetected Linux backdoor named GTPDOOR, designed to target telecom carrier networks. Security researcher HaxRob discovered a previously undetected Linux backdoor dubbed GTPDOOR, which is specifically crafted to carry out stealth cyber operations within mobile carrier networks. The researcher believes that the threat actors behind GTPDOOR focuses on systems proximate to […]
Data Breach / March 04, 2024
Threat actors stole sensitive and confidential data from the telecom giant Chunghwa Telecom Company, revealed the Ministry of National Defense. Chunghwa Telecom Company, Ltd. (literally Chinese Telecom Company) is the largest integrated telecom service provider in Taiwan, and the incumbent local exchange carrier of PSTN, Mobile, and broadband services in the country. Threat actors stole […]
Malware / March 04, 2024
A new Linux variant of the remote access trojan (RAT) BIFROSE (aka Bifrost) uses a deceptive domain mimicking VMware. Palo Alto Networks Unit 42 researchers discovered a new Linux variant of Bifrost (aka Bifrose) RAT that uses a deceptive domain (download.vmfare[.]com) that mimics the legitimate VMware domain. The Bifrost RAT has been active since 2004, […]
Hacking / March 03, 2024
Camera doorbells manufactured by the Chinese company Eken Group Ltd under the brands EKEN and Tuck are affected by major vulnerabilities. Researchers from Consumer Reports (CR) discovered severe vulnerabilities in doorbell cameras manufactured by the Chinese company Eken Group Ltd. The company produces video doorbells under the brand names EKEN and Tuck, its products are […]
Breaking News / March 03, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. authorities charged an Iranian national for long-running hacking campaign US cyber and law enforcement agencies […]
Security / March 03, 2024
A U.S. Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta. Meta won the litigation against the Israeli spyware vendor NSO Group, a U.S. Judge ordered the surveillance firm to hand over the source code for its Pegasus spyware and other products to the social network giant. […]
Hacking / March 02, 2024
The U.S. DoJ charged Iranian national Alireza Shafie Nasab for his role in attacks targeting U.S. government and defense entities. The U.S. Department of Justice (DoJ) charged Iranian national Alireza Shafie Nasab (39) for multi-year hacking campaign targeting U.S. defense contractors and private companies. Targeted entities include the U.S. Departments of the Treasury and State, […]
Cyber Crime / March 02, 2024
US CISA, the FBI, and MS-ISAC issued a joint CSA to warn of attacks involving Phobos ransomware variants observed as recently as February 2024 US CISA, the FBI, and MS-ISAC issued a joint cyber security advisory (CSA) to warn of attacks involving Phobos ransomware variants such as Backmydata, Devos, Eight, Elking, and Faust. The attacks […]
Cyber Crime / March 01, 2024
German police seized the largest German-speaking cybercrime marketplace Crimemarket and arrested one of its operators. The DĂŒsseldorf Police announced that a large-scale international law enforcement operation led to the seizure of the largest German-speaking cybercrime marketplace. “Under the direction of the North Rhine-Westphalia Cybercrime Central and Contact Office (ZAC NRW), an investigative commission at the DĂŒsseldorf […]
Hacking / March 01, 2024
The Five Eyes alliance warns of threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways. The Five Eyes intelligence alliance issued a joint cybersecurity advisory warning of threat actors exploiting known vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. The advisory provides details about the exploitation in […]
Cyber Crime / March 01, 2024
Crooks stole âŹ15.5 million from the European variety retail and discount company Pepco through a phishing attack. The Hungarian business of the European discount retailer Pepco Group has been the victim of a phishing attack, crooks stole about 15 million euros ($16.3 million). The group operates three distribution lines: Poundland in the United Kingdom, Dealz in […]
Security / March 01, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft Streaming Service vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added the CVE-2023-29360 (CVSS Score 8.4)Â Microsoft Streaming Service Untrusted pointer dereference vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. An attacker can exploit this vulnerability to gain SYSTEM privileges. […]
Hacking / February 29, 2024
A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns. Meta addressed a critical Facebook vulnerability that could have allowed attackers to take control of any account. The Nepalese researcher Samip Aryal described the flaw as a rate-limiting issue in a specific endpoint of Facebookâs password reset flow. […]
APT / February 29, 2024
A new threat actor, tracked as dubbed SPIKEDWINE, has been observed targeting officials in Europe with a previously undetected backdoor WINELOADER. Zscaler researchers warn that a previously unknown threat actor dubbed SPIKEDWINE has been observed targeting European officials. The cyberspies used a bait PDF document masqueraded as an invitation letter from the Ambassador of India, inviting diplomats to a wine-tasting […]
Cyber Crime / February 29, 2024
Experts warn that the LockBit ransomware group has started using updated encryptors in new attacks, after the recent law enforcement operation. The LockBit ransomware group appears to have fully recovered its operations following the recent law enforcement initiative, code-named Operation Cronos, which aimed to disrupt its activities. Researchers from Zscaler first observed the ransomware group […]
APT / February 29, 2024
North Korea-linked Lazarus APT exploited a zero-day flaw in the Windows AppLocker driver (appid.sys) to gain kernel-level access to target systems. Avast researchers observed North Korea-linked Lazarus APT group using an admin-to-kernel exploit for a zero-day vulnerability in the appid.sys AppLocker driver. The zero-day, tracked as CVE-2024-21338 has been addressed by Microsoft in the February […]
Data Breach / February 28, 2024
Pharmaceutical giant Cencora suffered a cyber attack and threat actors stole data from its infrastructure. Pharmaceutical giant Cencora disclosed a data breach after it was the victim of a cyberattack. Cencora, Inc., formerly known as AmerisourceBergen, is an American drug wholesale company and a contract research organization that was formed by the merger of Bergen Brunswig and AmeriSource in 2001. […]
Hacking / February 28, 2024
Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. In the ever-shifting digital arena, staying ahead of evolving threat trends is paramount for organizations aiming to safeguard their assets. Amidst this dynamic landscape, email stands as a primary battleground for cyber defense. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert […]
Cyber Crime / February 28, 2024
The FBI, CISA, and the Department of HHS warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. A cybersecurity alert published by the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted attacks conducted by ALPHV/Blackcat ransomware attacks. The US agencies released a report containing IOCs and […]
Breaking News / February 28, 2024
Russian cyberspies are compromising Ubiquiti EdgeRouters to evade detection, warns a joint advisory published by authorities. The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters (EdgeRouters) to evade detection in cyber […]
Cyber Crime / February 27, 2024
New threat actors have started exploiting ConnectWise ScreenConnect vulnerabilities, including the Black Basta and Bl00dy ransomware gangs. Multiple threat actors have started exploiting the recently disclosed vulnerabilities, tracked as CVE-2024-1709 (CVSS score of 10) and CVE-2024-1708 (CVSS score of 8.4), in the ConnectWise ScreenConnect software. ConnectWise recently warned of the following two critical vulnerabilities in […]
Hacking / February 27, 2024
Researchers warn of an XSS vulnerability, tracked as CVE-2023-40000, in the LiteSpeed Cache plugin for WordPress Patchstack researchers warn of an unauthenticated site-wide stored XSS vulnerability, tracked as CVE-2023-40000, that impacts the LiteSpeed Cache plugin for WordPress. The plugin LiteSpeed Cache (free version) is a popular caching plugin in WordPress which has over 4 million active installations. An unauthenticated […]
Breaking News / February 25, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Apple created post-quantum cryptographic protocol PQ3 for iMessage Russian hacker is set to face trial for […]
Cyber Crime / February 21, 2024
U.S. government offers rewards of up to $15 million for information that could lead to the identification or location of LockBit ransomware gang members and affiliates. The U.S. Department of State is offering a reward of up to $15 million for information leading to the identification or location of members of the Lockbit ransomware gang and […]
Malware / February 21, 2024
A new malware campaign targets Redis servers to deploy the mining crypto miner Migo on compromised Linux hosts. Caro Security researchers have observed a new malware campaign targeting Redis servers with a crypto miner dubbed Migo. The campaign stands out for the use of several novel system weakening techniques against the data store itself. Migo […]
Security / February 21, 2024
VMware urges customers to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the disclosure of a critical flaw CVE-2024-22245. VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the discovery of an arbitrary authentication relay flaw CVE-2024-22245Â (CVSS score: 9.6). A threat actor could trick a domain user with EAP installed in […]
Hacking / February 21, 2024
Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The vulnerability CVE-2024-21410 is a bypass vulnerability that can be exploited by an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both. […]
Security / February 20, 2024
ConnectWise addressed two critical vulnerabilities in its ScreenConnect remote desktop access product and urges customers to install the patches asap. ConnectWise warns of the following two critical vulnerabilities in its ScreenConnect remote desktop access product: Both vulnerabilities were reported on February 13, 2024, through the company vulnerability disclosure channel via the ConnectWise Trust Center. The […]
Cyber Crime / February 20, 2024
Law enforcement provided additional details about the international Operation Cronos that led to the disruption of the Lockbit ransomware operation. Yesterday, a joint law enforcement action, code-named Operation Cronos, conducted by law enforcement agencies from 11 countries disrupted the LockBit ransomware operation. Below is the image of the Tor leak site of the Lockbit ransomware gang that […]
Hacking / February 20, 2024
The Cactus ransomware gang claims the theft of 1.5TB of data from the Energy management and industrial automation firm Schneider Electric. The Cactus ransomware group claims responsibility for pilfering 1.5TB of data from the Energy management and industrial automation giant Schneider Electric. Schneider Electric is a multinational company that specializes in energy management, industrial automation, […]
Cyber Crime / February 19, 2024
An international law enforcement operation codenamed ‘Operation Cronos’ led to the disruption of the LockBit ransomware operation. A joint law enforcement action, code-named Operation Cronos, conducted by law enforcement agencies from 11 countries has disrupted the LockBit ransomware operation. Below is the image of the Tor leak site of the Lockbit ransomware gang that was […]
Cyber Crime / February 19, 2024
The Raccoon Infostealer operator, Mark Sokolovsky, was extradited to the US from the Netherlands to appear in a US court. In October 2020, the US Justice Department charged a Ukrainian national, Mark Sokolovsky (28), with computer fraud for allegedly infecting millions of computers with the Raccoon Infostealer. The man was held in the Netherlands, and he […]
APT / February 19, 2024
An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS flaws in Roundcube webmail servers to target over 80 organizations. Researchers from Recorded Futureâs Insikt Group identified a cyberespionage campaign carried out by an APT group, tracked as TAG-70, linked to Belarus and Russia. The nation-state actors are known to carry out […]
Cyber Crime / February 19, 2024
Resecurity has identified an increasing trend of cryptocurrency counterfeiting, the experts found several tokens impersonating major brands, government organizations and national fiat currencies. Resecurity has identified an increasing trend of cryptocurrency counterfeiting. Ongoing brand protection for Fortune 100 companies by cybersecurity company uncovered several tokens impersonating major brands, government organizations and even national fiat currencies. […]
Security / February 19, 2024
SolarWinds addressed three critical vulnerabilities in its Access Rights Manager (ARM) solution, including two RCE bugs. SolarWinds has fixed several Remote Code Execution (RCE) vulnerabilities in its Access Rights Manager (ARM) solution. Access Rights Manager (ARM) is a software solution designed to assist organizations in managing and monitoring access rights and permissions within their IT […]
Breaking News / February 18, 2024
Cybersecurity firm ESET has addressed a high-severity elevation of privilege vulnerability in its Windows security solution. ESET addressed a high-severity vulnerability, tracked as CVE-2024-0353 (CVSS score 7.8), in its Windows products. The vulnerability is a local privilege escalation issue that was submitted to the company by the Zero Day Initiative (ZDI). According to the advisory, […]
Breaking News / February 18, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware […]
Cyber Crime / February 17, 2024
A Ukrainian national pleaded guilty to his role in the Zeus and IcedID operations, which caused tens of millions of dollars in losses. Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. âVyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected […]
Cyber Crime / February 17, 2024
CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) in attacks in the wild. This week the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. The vulnerability CVE-2020-3259 is an information disclosure issue that resides […]
Security / February 16, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2020-3259 is an information disclosure issue that resides in the web services […]
Cyber Crime / February 16, 2024
The U.S. government offers rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. The U.S. Department of State is offering a reward of up to $10 million for information leading to the identification or location of the key figures behind the ALPHV/Blackcat ransomware operation. The […]
Hacking / February 16, 2024
U.S. CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that a threat actor gained access to an unnamed state government organization’s network environment via an administrator account belonging to a former employee. CISA and […]
APT / February 16, 2024
Russia-linked APT group Turla has been spotted targeting Polish non-governmental organizations (NGO) with a new backdoor dubbed TinyTurla-NG. Russia-linked cyberespionage group Turla has been spotted using a new backdoor dubbed TinyTurla-NG in attacks aimed at Polish non-governmental organizations. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle […]
Cyber Crime / February 15, 2024
The US authorities dismantled the Moobot botnet, which was controlled by the Russia-linked cyberespionage group APT28. A court order allowed US authorities to neutralize the Moobot botnet, a network of hundreds of small office/home office (SOHO) routers under the control of the Russia-linked group APT28. The botnet was used by the Russian state-sponsored hackers to […]
Hacking / February 15, 2024
On February 12, 2023, a cyber attack halted operations at five production plants of German battery manufacturer Varta. On February 13, German battery manufacturer Varta announced that a cyber attack forced the company to shut down IT systems. The attack disrupted operations at five production plants and the administration. VARTA AG is a leading global […]
APT / February 15, 2024
The office of South Korean President Yoon Suk Yeol said that North Korea-linked actors breached the personal emails of one of his staff members. The office of South Korean President Yoon Suk Yeol announced a security incident involving the compromise of personal emails belonging to a member of the presidential staff. The government attributes the […]
Hacking / February 15, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds 2 Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added the following two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week. Microsoft released Patch Tuesday security updates for February 2024 that resolved a total of 72 vulnerabilities, […]
APT / February 15, 2024
Microsoft and OpenAI warn that nation-state actors are using ChatGPT to automate some phases of their attack chains, including target reconnaissance and social engineering attacks. Multiple nation-state actors are exploiting artificial intelligence (AI) and large language models (LLMs), including OpenAI ChatGPT, to automate their attacks and increase their sophistication. According to a study conducted by […]
Security / February 14, 2024
Researchers reported that attackers can exploit the ‘command-not-found’ utility to trick users into installing rogue packages on Ubuntu systems. Cybersecurity researchers from cloud security firm Aqua discovered that it is possible to abuse, the popular utility ‘called ‘command-not-found’ that can lead to deceptive recommendations of malicious packages. “Aqua Nautilus researchers have identified a security issue […]
Security / February 14, 2024
Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software. The popular Video messaging giant Zoom released security updates to address seven vulnerabilities in its desktop and mobile applications, including a critical issue, tracked as CVE-2024-24691 (CVSS score of 9.6), in Windows software. The vulnerability CVE-2024-24691 […]
Security / February 14, 2024
Adobe Patch Tuesday security updates for February 2024 addressed more than 30 vulnerabilities in multiple products, including critical issues. Adobe Patch Tuesday security updates released by Adobe addressed over 30 vulnerabilities across various products, including critical issues. The software maker warned of critical flaws in popular products such as Adobe Acrobat and Reader, Adobe Commerce […]
Security / February 14, 2024
Microsoft Patch Tuesday security updates for February 2024 addressed 72 flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2024 resolved a total of 72 vulnerabilities, including two actively exploited zero-days. The vulnerabilities affect Microsoft Windows and Windows Components; Office and Office Components; Azure; .NET Framework and […]
Cyber Crime / February 13, 2024
Authorities in Romania reported that at least 100 hospitals went offline after a ransomware attack hit the Hipocrate platform. Authorities in Romania confirmed that a ransomware attack that targeted the Hipocrate Information System (HIS) has disrupted operations for at least 100 hospitals. Hipocrate Information System (HIS) is a software suite designed to manage the medical […]
Data Breach / February 13, 2024
Bank of America revealed that the personal information of some customers was stolen in a data breach affecting a third-party services provider. Bank of America began notifying some customers following a data breach at the third-party services provider Infosys McCamish System (IMS). The bank has sent notification letters to 57,000 customers, informing them that their […]
Reports / February 13, 2024
Maintainers behind the Ransomfeed platform have released Q3 Report 2023 including activities of 185 criminal groups operating worldwide. A comprehensive report delving into the intricate landscape of ransomware threats during the last four months of 2023 is out, with a meticulous focus on the monitoring activities conducted by the OSINT Ransomfeed platform (www.ransomfeed.it). Throughout this […]
Hacking / February 13, 2024
Resecurity has identified a growing trend of malicious cyber-activity targeting sovereign elections globally With more voters than ever in history heading to the polls in 2024, Resecurity has identified a growing trend of malicious cyber-activity targeting sovereign elections globally. In an era of unprecedented geopolitical volatility, this trend is particularly concerning, as Time Magazine notes […]
Cyber Crime / February 12, 2024
Researchers discovered a vulnerability in the code of the Rhysida ransomware that allowed them to develop a decryption tool. Cybersecurity researchers from Kookmin University and the Korea Internet and Security Agency (KISA) discovered an implementation vulnerability in the source code of the Rhysida ransomware. The experts exploited the vulnerability to reconstruct encryption keys and developed […]
Security / February 12, 2024
Residential Proxies vs. Datacenter Proxies: this blog post examines the contours of each type and provides info on how to choose the perfect proxy option In the robust landscape of the digital era, our need for privacy, security, and accessibility on the internet has never been more acute. Whether it’s for gathering market intelligence, ensuring […]
Hacking / February 12, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Roundcube Webmail Persistent Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2023-43770, to its Known Exploited Vulnerabilities (KEV) catalog. Roundcube is an open-source web-based email client. It […]
Security / February 12, 2024
The Canadian government is going to ban the tool Flipper Zero because it is abused by crooks to steal vehicles in the country. The Canadian government announced that it plans to ban the tool Flipper Zero, and similar hacking devices, to curb the surge in car thefts. Flipper Zero is a portable multi-tool for pentesters […]
Security / February 12, 2024
Exploring the Risks: Unveiling 9 Potential Techniques Hackers Employ to Exploit Public Wi-Fi and Compromise Your Sensitive Data We’ve all used public Wi-Fi: it’s convenient, saves our data, and speeds up browsing. But while we enjoy its benefits, hackers do too. Here, we’ll explore how cybercriminals exploit public Wi-Fi to access your private data and […]
Cyber Crime / February 12, 2024
The U.S. Justice Department (DoJ) seized the infrastructure that was used to sell the remote access trojan (RAT) Warzone RAT. The Justice Department announced the seizure of internet domains used to sell the remote access Trojan Warzone RAT (www.warzone[.]ws). The seizure is the result of an international law enforcement operation, federal authorities in Atlanta and […]
Malware / February 11, 2024
Raspberry Robin continues to evolve, it was spotted using two new one-day exploits for vulnerabilities either Discord to host samples. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious […]
Breaking News / February 11, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog macOS Backdoor RustDoor likely linked […]
Hacking / February 10, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added a Fortinet FortiOS Out-of-Bound write vulnerability, tracked as CVE-2024-21762, to its Known Exploited Vulnerabilities (KEV) catalog. This week Fortinet warned that the recently discovered critical remote code execution vulnerability in […]
Malware / February 10, 2024
Bitdefender Researchers linked a new macOS backdoor, named RustDoor, to the Black Basta and Alphv/BlackCat ransomware operations. Researchers from Bitdefender discovered a new macOS backdoor, dubbed RustDoor, which appears to be linked to ransomware operations Black Basta and Alphv/BlackCat. RustDoor is written in Rust language and supports multiple features. The malware impersonates a Visual Studio […]
Hacking / February 09, 2024
Researcher demonstrated how to exploit a signed Minifilter Driver in a BYOVD attack to terminate a specific process from the kernel. Exploiting a signed Minifilter Driver that can be used to used the BYOVD attack technique to a program able to terminate a specific process from the kernel. Exploiting a vulnerable Minifilter Driver to create […]
Data Breach / February 09, 2024
Black Basta ransomware gang claims the hack of the car maker Hyundai Motor Europe and the theft of three terabytes of their data. BleepingComputer reported that the Car maker Hyundai Motor Europe was breached by the Black Basta ransomware gang. The threat actors claim to have stolen three terabytes of data from the company. In […]
Hacking / February 09, 2024
Fortinet warns that the recently discovered critical remote code execution flaw in FortiOSÂ SSL VPN, tracked CVE-2024-21762, is being actively exploited. Fortinet is warning that the recently discovered critical remote code execution vulnerability in FortiOSÂ SSL VPN, tracked as CVE-2024-21762 (CVSS score 9.6), is actively exploited in attacks in the wild. The security firm did not provide […]
Security / February 09, 2024
Ivanti warns customers of a new authentication bypass vulnerability in its Connect Secure, Policy Secure, and ZTA gateway devices. Ivanti has warned customers of a new high-severity security vulnerability, tracked as CVE-2024-22024 (CVSS score 8.3), in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication. The vulnerability was […]
Security / February 09, 2024
26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technology. Recent Security Events Recent cyber security events have highlighted the persistent and evolving nature of online threats. Alongside these, it’s essential to consider VPN Chrome extension, which can add an extra layer […]
Cyber Crime / February 08, 2024
U.S. Government offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware group. The US Department of State announced rewards up to $10,000,000 for information leading to the identification and/or location of the leaders of the Hive ransomware group. The US government also offers […]
Internet of Things / February 08, 2024
Several media reported that three million electric toothbrushes were compromised and recruited into a DDoS botnet. Is it true? The Swiss newspaper Aargauer Zeitung first published the news of a DDoS attack, carried out on January 30, that involved three million compromised electric toothbrushes. The journalists reported that threat actors gained access to three million […]
APT / February 08, 2024
China-linked APT Volt Typhoon infiltrated a critical infrastructure network in the US and remained undetected for at least five years. US CISA, the NSA, the FBI, along with partner Five Eyes agencies, published a joint advisory to warn that China-linked APT Volt Typhoon infiltrated a critical infrastructure network in the US and remained undetected for […]
Security / February 08, 2024
CISCO fixed two critical flaws in Expressway Series collaboration gateways exposing vulnerable devices to cross-site request forgery (CSRF) attacks. Cisco addressed several vulnerabilities in its Expressway Series collaboration gateways, two of which, tracked as CVE-2024-20252 and CVE-2024-20254, are critical flaws that can lead to cross-site request forgery (CSRF) attacks. “Multiple vulnerabilities in the Cisco Expressway […]
Security / February 07, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chromium V8 Type Confusion bug, tracked as CVE-2023-4762, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability impacts Google Chrome prior to 116.0.5845.179, it allows a […]
Security / February 07, 2024
Fortinet warns of two critical OS command injection vulnerabilities in FortiSIEM that could allow remote attackers to execute arbitrary code Cybersecurity vendor Fortinet warned of two critical vulnerabilities in FortiSIEM, tracked as CVE-2024-23108 and CVE-2024-23109 (CVSS score 10), which could lead to remote code execution. “Multiple improper neutralization of special elements used in an OS […]
Hacking / February 07, 2024
A new vulnerability in JetBrains TeamCity On-Premises can be exploited by threat actors to take over vulnerable instances. JetBrains addressed a critical security vulnerability, tracked as CVE-2024-23917 (CVSS score 9.8) in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software. An attacker can trigger the vulnerability to take over vulnerable installs. “The vulnerability may […]
Hacking / February 07, 2024
The maintainers of Shim addressed six vulnerabilities, including a critical flaw that could potentially lead to remote code execution. The maintainers of ‘shim’ addressed six vulnerabilities with the release of version 15.8. The most severe of these vulnerabilities, tracked as CVE-2023-40547 (CVSS score: 9.8), can lead to remote code execution under specific circumstances. The vulnerability CVE-2023-40547 is […]
APT / February 07, 2024
China-linked APT group breached the Dutch Ministry of Defence last year and installed malware on compromised systems. Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a joint report warning that a China-linked APT group breached the Dutch Ministry of Defence last year. The effects of the attack were limited because […]
Hacking / February 06, 2024
Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. The latest report published by Google Threat Analysis Group (TAG), titled “Buying Spying, an in-depth report with our insights into Commercial Surveillance Vendors (CSVs)”, warns of the rise of commercial spyware vendors and the risks to free […]
Mobile / February 06, 2024
Google released Android âs February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution issue. Google released Android February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution flaw tracked as CVE-2024-0031. The vulnerability resides in the System and impacts Android Open Source Project (AOSP) versions 11, […]
Cyber Crime / February 06, 2024
A Belarusian and Cypriot national linked with the cryptocurrency exchange BTC-e is facing charges that can lead maximum penalty of 25 years in prison. Aliaksandr Klimenka, a Belarusian and Cypriot national linked with the now-defunct cryptocurrency exchange BTC-e, is facing charges with money laundering conspiracy and operation of an unlicensed money services business. “An indictment […]
Laws and regulations / February 06, 2024
The U.S. government imposes visa restrictions on individuals who are involved in the illegal use of commercial spyware. The U.S. State Department announced it is implementing a new policy to impose visa restrictions on individuals involved in the misuse of commercial spyware. The policy underscores the U.S. government’s commitment to addressing the misuse of surveillance software, […]
Cyber Crime / February 06, 2024
Hewlett Packard Enterprise (HPE) is investigating a new data breach after a threat actor claimed to have stolen data on a hacking forum. Hewlett Packard Enterprise (HPE) is investigating a new data breach, following the discovery of an offer on a hacking forum where a threat actor claimed to be selling the allegedly stolen data. […]
Hacking / February 05, 2024
The Ivanti SSRF vulnerability tracked as CVE-2024-21893 is actively exploited in attacks in the wild by multiple threat actors. The Ivanti Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2024-21893, is currently being actively exploited in real-world attacks by various threat actors. Last week Ivanti warned of two new high-severity vulnerabilities in its Connect Secure and Policy Secure solutions […]
Hacking / February 05, 2024
Airbus Navblue Flysmart+ Manager allowed attackers to tamper with the engine performance calculations and intercept data. Flysmart+ is a suite of apps for pilot EFBs, helping deliver efficient and safe departure and arrival of flights. Researchers from Pen Test Partners discovered a vulnerability in Navblue Flysmart+ Manager that can be exploited to tamper with the […]
Cyber Crime / February 05, 2024
Scammers stole HK$200 million (roughly $25,5 million) from a multi-national company using a deepfake conf call to trick an employee into transferring the funds. Scammers successfully stole HK$200 million (approximately $25.5 million) from a multinational company in Hong Kong by employing a deepfake video call to deceive an employee into transferring the funds. The employee […]
Hacking / February 05, 2024
Remote desktop software company AnyDesk announced that threat actors compromised its production environment. Remote desktop software company AnyDesk announced on Friday that threat actors had access to its production systems. The security breach was discovered as a result of a security audit, the company immediately notified relevant authorities. AnyDesk did not reveal if it has […]
Data Breach / February 04, 2024
What is Data Security Posture Management (DSPM) and how you can mitigate the risks of data leaks such as the ‘Mother of All Breaches’ Cybersecurity researchers recently uncovered what is now being dubbed the ‘Mother of all Breaches.’ With over 26 billion personal records exposed, this data leak has set a new, unfortunate record in […]
Cyber warfare / February 04, 2024
The US government issued sanctions against six Iranian government officials linked to cyberattacks against critical infrastructure organizations. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on six Iranian government officials associated with cyberattacks targeting critical infrastructure organizations in the US and abroad. “Today, the Department of the Treasuryâs Office of […]
Cyber Crime / February 04, 2024
A cyber attack forced Lurie Children’s Hospital in Chicago to take IT systems offline with a severe impact on its operations. The Lurie Children’s Hospital in Chicago took IT systems offline after a cyberattack. The security incident severely impacted normal operations also causing the delay of medical care. Lurie Children’s Hospital is one of the […]
Cyber Crime / February 04, 2024
Resecurity identified bad actors offering a significant number of AnyDesk customer credentials for sale on the Dark Web. Such information being available for cybercriminals could act as a catalyst for new attacks, including targeted phishing campaigns. Having additional context about a particular customer, the probability of a successful compromise could increase significantly. For example, one […]
Breaking News / February 04, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Clorox estimates the costs of the August cyberattack will exceed $49 Million Mastodon fixed a flaw […]
Security / February 03, 2024
Cleaning products giant Clorox estimates the economic impact of the cyber attack that hit the company in August 2023 at $49 million. The Clorox Company is a multinational consumer goods company that specializes in the production and marketing of various household and professional cleaning, health, and personal care products. The cleaning product giant announced in mid-August […]
Hacking / February 03, 2024
A vulnerability impacting the decentralized social network Mastodon can be exploited by threat actors to impersonate and take over any account. A security flaw, tracked as CVE-2024-23832 (CVSS score 9.4), in the decentralized social network Mastodon can be exploited to impersonate and take over any account. The issue is caused by insufficient origin validation in […]
Hacking / February 02, 2024
Albaniaâs Institute of Statistics (INSTAT) announced that it was targeted by a sophisticated cyberattack that affected some of its systems. A sophisticated cyberattack on Wednesday hit Albaniaâs Institute of Statistics (INSTAT). The institute confirmed that the attack affected some of its systems. Albaniaâs Institute of Statistics (INSTAT) promptly activated emergency protocols to respond to the […]
Cyber Crime / February 02, 2024
An international law enforcement operation, named Synergia, led to the arrest of 31 individuals involved in ransomware, banking malware, and phishing attacks. Operation Synergia was led by Interpol and ran from September to November 2023 involving law enforcement agencies from 50 countries. The international law enforcement operation was launched to curb the escalation and professionalisation […]
Intelligence / February 02, 2024
A former software engineer with the U.S. CIA has been sentenced to 40 years in prison for leaking classified documents. Former CIA employee Joshua Adam Schulte has been sentenced to 40 years in prison for passing classified documents to WikiLeaks and for possessing child pornographic material. “Damian Williams, the United States Attorney for the Southern District […]
Hacking / February 02, 2024
Cloudflare revealed that a nation-state actor breached its internal Atlassian server, gaining access to the internal wiki and its bug database (Atlassian Jira). The incident took place on Thanksgiving Day, November 23, 2023, and Cloudflare immediately began an investigation with the help of CrowdStrike. The company pointed out that no customer data or systems were […]
Malware / February 02, 2024
The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. The Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a malware campaign that has infected at least 2,000 computers in the country with the PurpleFox malware (aka ‘DirtyMoe‘). “The […]
Cyber Crime / February 01, 2024
A US man has been sentenced to federal prison for his role in a fraudulent scheme that resulted in the theft of millions of dollars through SIM swapping. Daniel James Junk (22) of Portland was sentenced to 72 months in federal prison for his role in a scheme that resulted in the theft of millions […]
Security / February 01, 2024
CISA is ordering federal agencies to disconnect Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. For the first time since its establishment, CISA is ordering federal agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. The CISA’s emergency directive orders to disconnect all instances […]
APT / February 01, 2024
Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices. The attackers were observed exploiting CVE-2023-46805 and CVE-2024-21887 […]
Cyber Crime / February 01, 2024
German police seized 50,000 Bitcoin from the former operator of the now-defunct piracy website movie2k.to. The police in Saxony, Germany, have seized 50,000 Bitcoin (more than $2.1 billion at the current exchange rate) from the former operator of the now-defunct piracy site movie2k. “This is the most extensive security of Bitcoins by law enforcement authorities […]
Cyber Crime / January 31, 2024
Crooks stole around $112 million worth of Ripple XRP from the crypto wallet of Rippleâs co-founder Chris Larsen. This week, crooks stole around $112 million worth of the Ripple-focused cryptocurrency XRP from a crypto wallet belonging to the Rippleâs co-founder and executive chairman Chris Larsen. Larsen pointed out that the hackers compromised his personal XRP […]
Security / January 31, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer […]
Hacking / January 31, 2024
Ivanti warns of two new vulnerabilities in its Connect Secure and Policy Secure products, one of which is actively exploited in the wild. Ivanti is warning of two new high-severity vulnerabilities in its Connect Secure and Policy Secure solutions respectively tracked as CVE-2024-21888Â (CVSS score: 8.8) and CVE-2024-21893Â (CVSS score: 8.2). The software company also warned that […]
Malware / January 31, 2024
Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. Researchers from cybersecurity firm Synacktiv published […]
Security / January 31, 2024
Sensitive data and trading activity of over 300K traders leaked online by international fintech firm Direct Trading Technologies. Direct Trading Technologies, an international fintech company, jeopardized over 300K traders by leaking their sensitive data and trading activity, thereby putting them at risk of an account takeover. On October 27th, the Cybernews research team discovered a […]
Breaking News / January 30, 2024
Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions. The Qualys Threat Research Unit discovered four security vulnerabilities in the GNU Library C (glibc), including a heap-based buffer overflow tracked as CVE-2023-6246. GNU C Library (glibc) is a free software library that provides essential system […]
Laws and regulations / January 30, 2024
Italian data protection authority regulator authority Garante said that ChatGPT violated European Union data privacy regulations. The Italian data protection authority regulator authority, known as “Garante per la protezione dei dati personali”, announced it has notified OpenAI that ChatGPT violated the EU data protection regulation GDPR. In early April 2023, the Italian Data Protection Authority temporarily […]
Data Breach / January 30, 2024
Data of 750 million Indian mobile subscribers was offered for sale on dark web hacker forums earlier in January. CloudSEK researchers warned that a database containing data of 750 million Indian mobile subscribers was offered for sale on dark web hacker forums earlier in January. According to the researchers, at least two cybercrime gangs, CYBO […]
Security / January 30, 2024
Juniper Networks released out-of-band updates to fix high-severity flaws in SRX Series and EX Series that can allow attackers to take over unpatched systems. Juniper Networks has released out-of-band updates to address two high-severity flaws, tracked as CVE-2024-21619 and CVE-2024-21620, in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible […]
Cyber Crime / January 30, 2024
Hundreds of compromised credentials of customers of RIPE, APNIC, AFRINIC, and LACNIC are available on the dark web, Resecurity warns. Resecurity conducted a thorough scan of the Dark Web and identified over 1,572 compromised customers of RIPE, Asia-Pacific Network Information Centre (APNIC), the African Network Information Centre (AFRINIC), and the Latin America and Caribbean Network […]
Data Breach / January 30, 2024
Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. Schneider Electric is a multinational company that specializes in energy management, industrial automation, and digital transformation. BleepingComputer first reported the attack that hit the Sustainability Business division of the company on January 17th. BleepingComputer contacted Schneider Electric which […]
Data Breach / January 29, 2024
Researchers discovered that Mercedes-Benz accidentally left a private key online exposing internal data, including the companyâs source code. RedHunt Labs researchers discovered that Mercedes-Benz unintentionally left a private key accessible online, thereby exposing internal data, including the company’s source code. It’s unclear if the data leak exposed customer data, RedHunt Labs shared its findings with […]
Hacking / January 29, 2024
A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords by tricking users into opening a specially crafted file. The vulnerability CVE-2023-35636 impacting Microsoft Outlook is a Microsoft Outlook information disclosure issue that could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords. NTLMv2, which stands […]
Intelligence / January 29, 2024
The U.S. National Security Agency (NSA) admitted to buying internet browsing records from data brokers to monitor Americans’ activity online without a court order. U.S. Senator Ron Wyden, D-Ore., released documents that confirmed the National Security Agency (NSA) buys Americansâ internet browsing records without a court order. The data acquired by the intelligence agency can […]
Intelligence / January 29, 2024
Ukraine’s security service (SBU) detained an alleged member of the pro-Russia hacker group “the Cyber Army of Russia.” Ukraine’s security service, the SBU, announced that it has identified and detained an alleged member of the pro-Russia hacker group known as the Cyber Army of Russia. The news was first reported by The Record Media. The hacktivists […]
Hacking / January 28, 2024
Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released. Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897, have been made public. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers […]
Cyber Crime / January 28, 2024
Medusa ransomware gang claimed responsibility for the attack against the Kansas City Area Transportation Authority (KCATA). On January 23, 2023, the Kansas City Area Transportation Authority (KCATA) suffered a ransomware attack. The Kansas City Area Transportation Authority (KCATA) is a public transit agency in metropolitan Kansas City. It operates the Metro Area Express (MAX) bus […]
Breaking News / January 28, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center Participants earned more than $1.3M […]
Hacktivism / January 27, 2024
The Main Intelligence Directorate of Ukraine’s Ministry of Defense states that pro-Ukraine hackers wiped 2 petabytes of data from a Russian research center. The Main Directorate of Intelligence of the Ministry of Defense of Ukraine revealed that pro-Ukraine hackers group “BO Team” wiped the database of the Far Eastern Scientific Research Center of Space Hydrometeorology […]
Hacking / January 27, 2024
Bug bounty hunters earned more than $1.3 million for hacking Teslas, infotainment systems, and electric vehicle chargers at the Pwn2Own Automotive competition. The Zero Day Initiativeâs Pwn2Own Automotive competition has ended, participants demonstrated 49 zero-day vulnerabilities affecting automotive products earning a total of $1,323,750. The amazing Synacktiv team won the competition and earned a total […]
Cyber Crime / January 26, 2024
The Russian national malware developer Vladimir Dunaev was sentenced to more than 5 years in prison for his role in the TrickBot operation. The Russian national Vladimir Dunaev (40) has been sentenced in the US to 64 months in prison for his role in the development and distribution of the TrickBot malware. Vladimir Dunaev was […]
APT / January 26, 2024
Microsoft revealed that Russia-linked APT Midnight Blizzard has been targeting organizations worldwide in a cyberespionage campaign. Microsoft announced that the Russia-linked APT Midnight Blizzard that hit the company in late November 2023 has been targeting organizations worldwide as part of a large-scale cyberespionage campaign. The IT giant also confirmed that is currently notifying impacted organizations. […]
Security / January 26, 2024
Jenkins maintainers addressed several security vulnerabilities, including a critical remote code execution (RCE) flaw. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers build, test and deploy their applications, it has hundreds of thousands of active installations worldwide with more than 1 […]
Hacking / January 26, 2024
Researchers hacked the Tesla infotainment system and found 24 zero-days on day 2 of Pwn2Own Automotive 2024 hacking competition. White hat hackers from the Synacktiv Team (@Synacktiv) compromised the Tesla infotainment system on the second day of the Pwn2Own Automotive 2024 hacking competition. The bug hunters chained two vulnerabilities to hack the Tesla infotainment system, […]
Reports / January 25, 2024
The 2023 RedSense report covers long-term observations we have made regarding intel trends and interconnectivity. These observations were made by analyzing numerous 2023 threat findings and discoveries, and include references to case studies that were reported on by RedSense throughout the year. Trend Analysis Ghost Group Operations: A notable increase in covert ‘ghost groups’ like […]
Security / January 25, 2024
Cisco addressed a critical flaw in its Unified Communications and Contact Center Solutions products that could lead to remote code execution. Cisco released security patches to address a critical vulnerability, tracked as CVE-2024-20253 (CVSS score of 9.9), impacting multiple Unified Communications and Contact Center Solutions products. An unauthenticated, remote attacker can exploit the flaw to […]
Security / January 25, 2024
Hewlett Packard Enterprise (HPE) revealed that Russia-linked APT group Midnight Blizzard gained access to its Microsoft Office 365 email system. Hewlett Packard Enterprise (HPE) revealed that alleged Russia-linked cyberespionage group Midnight Blizzard gained access to its Microsoft Office 365 cloud-based email environment. The attackers were collecting information on the cybersecurity division of the company and […]
Hacking / January 25, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Atlassian Confluence Data Center and Server Template Injection bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Atlassian Confluence Data Center and Server Template Injection bug, tracked as CVE-2023-22527, to its Known Exploited Vulnerabilities (KEV) catalog. Atlassian recently warned of a critical […]
Hacking / January 24, 2024
Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028. GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset. The flaw can be exploited […]
Hacking / January 24, 2024
Researchers released PoC exploit code for a recently disclosed critical authentication bypass flaw in Fortra’s GoAnywhere MFT (Managed File Transfer). Researchers with cybersecurity firm Horizon3’s Attack Team published technical details of the recently disclosed vulnerability CVE-2024-0204 impacting Fortra GoAnywhere MFT. The security experts also published a proof-of-concept (PoC) exploit that allows the creation of new admin users on vulnerable […]
Security / January 24, 2024
Splunk addressed multiple vulnerabilities in Splunk Enterprise, including a high-severity flaw impacting Windows installs. Splunk addressed multiple vulnerabilities in Splunk Enterprise, including a high-severity flaw, tracked as CVE-2024-23678 (CVSS score 7.5), impacting the Windows version. According to the advisory, Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3 does not correctly sanitize path input data. […]
Hacking / January 23, 2024
Fortra addressed a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) product. Fortra warns customers of a new authentication bypass vulnerability tracked as CVE-2024-0204 (CVSS score 9.8), impacting the GoAnywhere MFT (Managed File Transfer) product. Fortra GoAnywhere Managed File Transfer is a comprehensive solution for secure file transfer, data encryption, and compliance management. It provides […]
Hacking / January 23, 2024
The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022. The Australian government announced sanctions for Aleksandr Gennadievich Ermakov (aka GustaveDore, aiiis_ermak, blade_runner, JimJones), a Russian national who is a member of the REvil ransomware group. The man is responsible for the cyber attacks […]
Hacking / January 23, 2024
Financial services company LoanDepot disclosed a data breach that impacted roughly 16.6 million individuals. LoanDepot is a financial services company that primarily operates as a mortgage lender. It is one of the largest nonbank lenders in the United States. The company provides a range of mortgage and non-mortgage loan products and services. LoanDepot disclosed this […]
Cyber Crime / January 23, 2024
The Black Basta ransomware gang claimed to have hacked the UK water utility Southern Water, a major player in the UK water industry. Southern Water is a private utility company responsible for collecting and treating wastewater in Hampshire, the Isle of Wight, West Sussex, East Sussex and Kent, and for providing public water supply to […]
Security / January 23, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds VMware vCenter Server Out-of-Bounds Write bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a VMware vCenter Server Out-of-Bounds Write bug, tracked as CVE-2023-34048, to its Known Exploited Vulnerabilities (KEV) catalog. vCenter Server is a critical component in VMware virtualization and cloud computing […]
Breaking News / January 22, 2024
Cybersecurity researcher Bob Dyachenko and CyberNews researchers discovered the largest data leak ever discovered. The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak is almost certainly the largest ever discovered. There are data leaks, and then thereâs this. A […]
Security / January 22, 2024
Apple addressed the first zero-day vulnerability that impacts iPhones, Macs, and Apple TVs. The issue is actively exploited in the wild. Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. This is the first actively exploited zero-day vulnerability fixed by the company this year. The […]
Cyber Crime / January 22, 2024
Adaptive phishing campaigns are emerging as an increasingly sophisticated threat in the cybersecurity landscape. The phenomenon This phenomenon represents an evolution of traditional phishing tactics, as attackers seek to overcome defenses using more personalized and targeted approaches. In an adaptive phishing campaign, attackers gather specific information about victims through various sources, such as social media, […]
Malware / January 22, 2024
Researchers warn of a spike in attacks exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell. Trustwave researchers observed a surge in attacks exploiting a now-patched flaw in Apache ActiveMQ, in many cases aimed at delivering a malicious code that borrows the code from the open-source web shell Godzilla. Threat actors conceal […]
Data Breach / January 22, 2024
Resecurity researchers warn of massive leak of stolen Thai personally identifiable information (PII) on the dark web by cybercriminals. Resecurity has detected a noticeable increase in data leaks from consumer-focused platforms in Thailand, confirming that threat actors are actively targeting the personal data of citizens now at the beginning of 2024. Thailand is swiftly becoming […]
Malware / January 22, 2024
Researchers warned that pirated applications have been employed to deliver a backdoor to Apple macOS users. Jamf Threat Labs researchers warned that pirated applications have been utilized to distribute a backdoor to Apple macOS users. The researchers noticed that the apps appear similar to ZuRu malware, they allow operators to download and execute multiple payloads […]
Cyber Crime / January 21, 2024
The LockBit ransomware gang claimed to have hacked Subway, the American multinational fast food restaurant franchise. Subway IP LLC is an American multinational fast-food restaurant franchise that specializes in submarine sandwiches (subs), wraps, salads, and drinks. The Lockbit ransomware group added Subway to the list of victims on its Tor data leak site and threatened to leak […]
Breaking News / January 21, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT […]
Cyber Crime / January 20, 2024
Conor Brian Fitzpatrick, the admin of the BreachForums hacking forum, has been sentenced to 20 years supervised release. Conor Brian Fitzpatrick, the admin of the BreachForums hacking forum, was sentenced to 20 years of supervised release. In July, Conor Brian Fitzpatrick agreed to plead guilty to a three-count criminal information charging the defendant with conspiracy to […]
Data Breach / January 19, 2024
American global apparel and footwear company VF Corp revealed that the December data breach impacted 35.5 million customers. VF Corporation is an American global apparel and footwear company that owns 13 brands. In 2015, the company controlled 55% of the U.S. backpack market with the JanSport, Dickies, Eastpak, Timberland, Smartwool, Vans, and The North Face brands. In December 2023, VF […]
APT / January 19, 2024
China-linked group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. Mandiant researchers reported that China-linked APT group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. vCenter Server is a critical component in VMware virtualization and cloud computing software suite. It serves as a […]
Reports / January 19, 2024
Ransomware groups claimed that they successfully targeted 4191 victims in 2023, Cybernews researchers report. According to the Ransomlooker tool, the number of ransomware attack victims increased by 128.17% compared to the previous year (2022), with 1837 additional incidents. Based on Ransomlooker, a free Cybernews tool for monitoring the dark web and other hidden areas of […]
Hacking / January 19, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM flaw CVE-2023-35082 to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti EPMM flaw CVE-2023-35082 (CVSS score: 9.8) vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. At the end of July, Ivanti disclosed a security vulnerability impacting Endpoint Manager Mobile (EPMM), tracked […]
Security / January 19, 2024
Can quantum computing break cryptography? Can it do it within a personâs lifetime? Will it be a cryptopocalypse, as some experts suggest? Can quantum computing break cryptography? Sure, it can. Can it do it within a personâs lifetime? Yes. In fact, it will likely achieve this sometime within your career. Will it be a cryptopocalypse, […]
Security / January 19, 2024
Kansas State University (K-State) suffered a cybersecurity incident that has disrupted part of its network and services. Kansas State University (K-State) suffered a cybersecurity incident that impacted a portion of its network and services. On January, 16, 2023, the University K-State announced it was experiencing a disruption to certain network systems, including VPN, K-State Today […]
Hacking / January 18, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chrome and Citrix flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This week Citrix warned customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, […]
APT / January 18, 2024
Google warns that the Russia-linked threat actor COLDRIVER expands its targeting and is developing a custom malware. The ColdRiver APT (aka âSeaborgiumâ, “Callisto”, âStar Blizzardâ, âTA446â) is a Russian cyberespionage group that has been targeting government officials, military personnel, journalists and think tanks since at least 2015. In the past, the groupâs activity involved persistent phishing […]
Hacking / January 18, 2024
Experts found multiple flaws, collectively named PixieFail, in the network protocol stack of an open-source reference implementation of the UEFI. Quarkslab researchers discovered nine vulnerabilities, collectively tracked as e PixieFAIL, affecting the IPv6 network protocol stack of EDK II, TianoCore’s open source reference implementation of UEFI. Unified Extensible Firmware Interface (UEFI) is a specification that defines the […]
Malware / January 18, 2024
Researchers devised a “lightweight method,” called iShutdown, to determine whether Apple iOS devices have been infected with spyware. Cybersecurity researchers from Kaspersky have identified a “lightweight method,” called iShutdown, to identify the presence of spyware on Apple iOS devices. The method allow to discover stealthy and poweful surveillance software like NSO Group‘s Pegasus, Intellexa‘s Predator, QuaDream‘s Reign. The researchers focused on an […]
Hacking / January 17, 2024
Switzerland believes that the attack claimed by pro-Russian group NoName that hit the government websites is retaliation for Zelenskyâs presence at Davos. Switzerland believes that the cyberattack carried out by pro-Russia group NoName disrupted access to some government websites, following Ukrainian President Volodymyr Zelenskyâs visit to Davos. “We took a look at Switzerland, where the World Economic […]
Security / January 17, 2024
GitHub rotated some credentials after the discovery of a flaw that allowed access to the environment variables of a production container. After GitHub became aware of a vulnerability through its bug bounty program, the Microsoft-owned company rotated some credentials. The vulnerability, tracked as CVE-2024-0200 (CVSS score 7.2), allowed access to the environment variables of a production container […]
Cyber Crime / January 17, 2024
U.S. CISA and the FBI warned of AndroxGh0st malware used to create a botnet for victim identification and exploitation in target networks. US CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA) to warn of AndroxGh0st malware. The malware is spreading to create a botnet for victim identification and exploitation in target networks. […]
Hacking / January 17, 2024
Citrix fixed two actively exploited zero-day vulnerabilities impacting Netscaler ADC and Gateway appliances. Citrix warns customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, impacting Netscaler ADC and Gateway appliances. “Exploits of these CVEs on unmitigated appliances have been observed. Cloud Software Group strongly urges affected customers […]
Security / January 16, 2024
Google has addressed the first Chrome zero-day vulnerability of the year that is actively being exploited in the wild. Google has released security updates to address the first Chrome zero-day vulnerability of the year that is actively being exploited in the wild. The high-serverity vulnerability, tracked as CVE-2024-0519, is an out of bounds memory access […]
Breaking News / January 16, 2024
Atlassian warns of a critical remote code execution issue in Confluence Data Center and Confluence Server that impacts older versions. Atlassian warns of a critical remote code execution vulnerability, tracked as CVE-2023-22527 (CVSS score 10.0), in Confluence Data Center and Confluence Server that impacts older versions. The vulnerability is a template injection vulnerability that can […]
Security / January 16, 2024
VMware warns customers of a critical vulnerability impacting its Aria Automation multi-cloud infrastructure automation platform. VMware Aria Automation (formerly vRealize Automation) is a modern cloud automation platform that simplifies and streamlines the deployment, management, and governance of cloud infrastructure and applications. It provides a unified platform for automating tasks across multiple cloud environments, including VMware […]
Hacking / January 16, 2024
Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. Last week, software firm Ivanti reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. The flaw CVE-2023-46805 (CVSS score […]
Security / January 16, 2024
Researchers warn of high-severity vulnerability affecting Bosch BCC100 thermostats. Researchers from Bitdefender discovered a high-severity vulnerability affecting Bosch BCC100 thermostats. The researchers discovered a vulnerability, tracked as CVE-2023-49722 (CVSS score: 8.3), that can be exploited by an attacker on the same network to replace the device firmware with a rogue version. The vulnerability was reported […]
Hacking / January 15, 2024
Researchers from Bishop Fox found over 178,000 SonicWall next-generation firewalls (NGFW) publicly exploitable. SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656, that could potentially lead to remote code execution. Despite a proof-of-concept exploit for the flaw CVE-2023-0656 was publicly released, the vendor is not […]
Hacking / January 15, 2024
Threat actors exploit a recent Windows SmartScreen bypass flaw CVE-2023-36025 to deliver the Phemedrone info stealer. Trend Micro researchers uncovered a malware campaign exploiting the vulnerability CVE-2023-36025 (CVSS score 8.8) to deploy a previously unknown strain of the malware dubbed Phemedrone Stealer. The vulnerability was addressed by Microsoft with the release of Patch Tuesday security updates for […]
Malware / January 15, 2024
Balada Injector malware infected more than 7100 WordPress sites using a vulnerable version of the Popup Builder plugin. In September, Sucuri researchers reported that more than 17,000 WordPress websites had been compromised in September with the Balada Injector. The researchers noticed that the number of Balada Injector infections has doubled compared with August 2023. The Balada […]
Hacking / January 15, 2024
Researchers devised a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners. Cybersecurity researchers from cyber security firm Aqua have uncovered a new attack targeting Apache Hadoop and Flink applications. The attacks exploit misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency cryptocurrency miners. The researchers reported that the attack […]
Hacking / January 15, 2024
Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware. Apple released Magic Keyboard Firmware Update 2.0.6 to address a recently disclosed Bluetooth keyboard injection issue tracked as CVE-2024-0230. The flaw is a session management issue that can be exploited by an attacker with physical access to the accessory […]
Breaking News / January 13, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed […]
Security / January 13, 2024
GitLab addressed two critical flaws impacting both the Community and Enterprise Edition, including a critical zero-click account hijacking vulnerability GitLab has released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset. The flaw […]
Security / January 12, 2024
Juniper Networks fixed a critical pre-auth remote code execution (RCE) flaw, tracked as CVE-2024-21591, in its SRX Series firewalls and EX Series switches. Juniper Networks released security updates to address a critical pre-auth remote code execution (RCE) vulnerability, tracked as CVE-2024-21591, that resides in SRX Series firewalls and EX Series switches. The vulnerability resides in […]
Deep Web / January 12, 2024
Investigators from Resecurityâs HUNTER (HUMINT) warn that Indonesia is increasingly being targeted by cyber-threat actors. Investigators from Resecurityâs HUNTER (HUMINT) have found that Indonesia is increasingly being targeted by cyber-threat actors who have staged attacks that pose significant long-term risks to the integrity of the countryâs elections. These findings coincide with the critical and fast-approaching […]
Hacking / January 12, 2024
Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity firm VulnCheck have created a proof-of-concept (PoC) exploit code for the recently disclosed critical flaw CVE-2023-51467 (CVSS score: 9.8) in the Apache OfBiz. In December, experts warned of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) […]
Security / January 12, 2024
Liquipedia, an online e-sports platform run by Team Liquid, exposed a database revealing its usersâ email addresses and other details. Users of the e-sports knowledge base were exposed via a publicly accessible and passwordless MongoDB database, the Cybernews research team has discovered. The database was closed after researchers informed Liquipediaâs admins about the issue. Liquipedia […]
Security / January 11, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti Connect Secure and Policy Secure flaws, tracked as CVE-2024-21887 and CVE-2023-46805, and Microsoft SharePoint Server flaw CVE-2023-29357 to its Known Exploited Vulnerabilities (KEV) catalog. Software firm […]
Hacking / January 11, 2024
Ivanti revealed that two threat actors are exploiting two zero-day vulnerabilities in its Connect Secure (ICS) and Policy Secure. Software firm Ivanti reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. The flaw CVE-2023-46805 (CVSS score 8.2) is […]
Cyber Crime / January 11, 2024
The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. The X account of the Google-owned firm Mandiant has over 120,000 followers. Once […]
Security / January 11, 2024
Cisco addressed a critical Unity Connection security flaw that can be exploited by an unauthenticated attacker to get root privileges. Cisco has addressed a critical flaw, tracked as CVE-2024-20272, in its Unity Connection that can be exploited by a remote, unauthenticated attacker to gain root privileges on vulnerable devices. Cisco Unity Connection is a messaging […]
Cyber Crime / January 10, 2024
A U.S. District Court sentenced ShinyHunters hacker Sebastien Raoult to three years in prison and ordered him to pay more than $5 million in restitution. The member of the ShinyHunters hacker group Sebastien Raoult was sentenced in U.S. District Court in Seattle to three years in prison and more than $5 million in restitution for […]
Data Breach / January 10, 2024
The Healthcare services provider HMG Healthcare has disclosed a data breach that impacted 40 affiliated nursing facilities. In November 2023, the Healthcare services provider HMG Healthcare discovered a data breach that exposed personal health information related to residents and employees at HMG affiliated nursing facilities. The company immediately launched an investigation into the incident and […]
Hacking / January 10, 2024
Threat actors hacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish the fake news on the Bitcoin ETF approval. Hackers hijacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish fake news on the Bitcoin ETF approval. “Today the SEC […]
Cyber Crime / January 10, 2024
Researchers and the Dutch Police released a decryptor for the Tortilla variant of the Babuk ransomware after the arrest of its operator. Cisco Talos researchers obtained a decryptor for the Babuk Tortilla ransomware variant. The experts were able to extract and share the private decryption key used by the ransomware operators. Talos experts shared the key […]
Security / January 09, 2024
Microsoft Patch Tuesday security updates for January 2024 addressed a total of 49 flaws, including two critical vulnerabilities. Microsoft Patch Tuesday security updates for January 2024 fixed 49 flaws in Microsoft Windows and Windows Components; Office and Office Components; Azure; .NET Framework and Visual Studio; SQL Server; Windows Hyper-V; and Internet Explorer. The IT giant […]
Security / January 09, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Superset vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Superset flaw, tracked as CVE-2023-27524, to its Known Exploited Vulnerabilities (KEV) catalog. Apache Superset is an open-source Data Visualization and Data Exploration Platform, it is written in Python and based on […]
Cyber Crime / January 09, 2024
A hacker group that calls itself Anonymous Arabic is distributing a stealthy remote access trojan called Silver RAT. Cyfirma researchers observed threat actors called âAnonymous Arabicâ distributing a C# remote access trojan called Silver RAT. The malware supports multiple capabilities, including bypassing anti-viruses and covertly launching hidden applications, browsers, and keyloggers. The hacker group is active on […]
Cyber Crime / January 08, 2024
Documents belonging to the Swiss Air Force were leaked on the dark web as a result of cyberattack on a US security provider. Documents belonging to the Swiss Air Force were leaked on the dark web after the US security company Ultra Intelligence & Communications suffered a data breach. Ultra Intelligence & Communications provides critical […]
Cyber Crime / January 08, 2024
19 individuals worldwide were charged in a transnational cybercrime investigation of the now defunct xDedic marketplace. The U.S. DoJ charged 19 individuals worldwide for their role in the operations of the now-defunct xDedic Marketplace. In January 2019, law enforcement agencies in the US and Europe announced the seizure of the popular xDedic marketplace, an underground market offering for sale […]
Malware / January 08, 2024
A new variant of the Bandook remote access trojan (RAT) was spotted in attacks aimed at Windows machines. Reseachers from Fortinet observed a new variant of a remote access trojan dubbed Bandook that has been used in phishing attacks against Windows users. Bandook has been active since 2007, it has been continuously developed since then and was […]
Hacking / January 07, 2024
A cyber attack hit the Beirut International Airport, Rafic Hariri (Lebanon), threat actors breached the Flight Information Display System (FIDS). Threat actors hit the Beirut International Airport Rafic Hariri in Lebanon and breached the Flight Information Display System (FIDS). Rafic Hariri International Airport is the main international airport serving Beirut, the capital of Lebanon. The […]
Breaking News / January 07, 2024
Bit24.cash has inadvertently exposed sensitive data belonging to nearly 230,000 users, as revealed by Cybernews research. Due to its limited access to foreign financial markets, Iran has embraced cryptocurrency significantly. Last year, Iranian crypto exchanges facilitated transactions totaling nearly $3 billion. Almost all incoming crypto volume in Iran adheres to Know Your Customer (KYC) requirements. […]
Breaking News / January 07, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers […]
APT / January 07, 2024
Sea Turtle cyber espionage group targeted telco, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. Researchers from Dutch security firm Hunt & Hackett observed Sea Turtle cyber espionage group (aka Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) targeting telco, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. The […]
APT / January 06, 2024
Researchers discovered a macOS backdoor, called SpectralBlur, which shows similarities with a North Korean APT’s malware family. Security researcher Greg Lesnewich discovered a backdoor, called SpectralBlur, that targets Apple macOS. The backdoor shows similarities with the malware family KANDYKORN (aka SockRacket), which was attributed to the North Korea-linked Lazarus sub-group known as BlueNoroff (aka TA444). KandyKorn is an […]
Laws and regulations / January 06, 2024
Merck has resolved a dispute with insurers regarding a $1.4 billion claim arising from the NotPetya malware incident. Merck and its insurers have agreed with a $1.4 billion claim arising from the large-scale NotPetya cyberattack. Merck & Co., Inc., known as Merck Sharp & Dohme (MSD) outside the United States and Canada, is an American […]
Cyber Crime / January 05, 2024
A threat actor announced the sale of the source code and a cracked version of the Zeppelin ransomware builder for $500. Researchers from cybersecurity firm KELA reported that a threat actor announced on a cybercrime forum the sale of the source code and a cracked version of the Zeppelin ransomware builder for $500. The seller clarified that it has […]
Cyber warfare / January 05, 2024
Ukrainian authorities revealed that Russia-linked APT Sandworm had been inside telecom giant Kyivstar at least since May 2023. Russia-linked APT group Sandworm was inside Ukrainian telecoms giant Kyivstar from at least May 2023, the head of Ukraine’s Security Service of Ukraine’s (SBU) told Reuters. “This attack is a big message, a big warning, not only to […]
Security / January 05, 2024
Ivanti fixed a critical vulnerability in its Endpoint Manager (EPM) solution that could lead to remote code execution (RCE) on vulnerable servers Ivanti has released security updates to address a critical vulnerability, tracked as CVE-2023-39336 (CVSS score 9.6), impacting its Endpoint Manager (EPM) solution. The exploitation of this vulnerability could lead to remote code execution […]
Security / January 05, 2024
The MyEstatePoint Property Search app leaked data on nearly half a million of its users, exposing their names and plain-text passwords, the Cybernews research team has found. The all-in-one real estate app MyEstatePoint Property Search left a publicly accessible MongoDB server containing the sensitive details of its app users. The app, developed by NJ Technologies, […]
Hacking / January 04, 2024
An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker âSnowâ, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. The customers of the company were not able to access […]
Data Breach / January 04, 2024
Healthcare technology company HealthEC disclosed a data breach that exposed the personal information of 4.5 million Individuals. Healthcare technology company HealthEC (HEC) disclosed a data breach that impacted 4.5 million customers of its business partners. HealthEC is a healthcare technology company that provides solutions for care coordination, population health management, and value-based care. The company’s […]
Malware / January 04, 2024
Researchers discovered three malicious packages in the PyPI repository targeting Linux systems with a cryptocurrency miner. Fortinet researchers discovered three malicious packages in the open-source PyPI repository. The three packages named modularseven, driftme, and catme were designed to target Linux systems to deploy a crypto miner. The packages have the same author, known as “sastra”, […]
Hacking / January 04, 2024
The X account of cybersecurity giant Mandiant was hacked, attackers used it to impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. The X account of the Google-owned firm Mandiant has […]
Cyber Crime / January 03, 2024
Crooks created a new tool that uses Artificial Intelligence (AI) for creating fraudulent invoices used for wire fraud and BEC. Resecurity has uncovered a cybercriminal faction known as “GXC Team“, who specializes in crafting tools for online banking theft, ecommerce deception, and internet scams. Around November 11th, 2023, the group’s leader, operating under the alias […]
Security / January 03, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome and Perl library flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: CVE-2023-7024 – The vulnerability is a Heap […]
Reports / January 03, 2024
Sometimes, you canât even trust links with your own domain. As the Cybernews research team has discovered, some BMW subdomains were vulnerable to redirect vulnerability, enabling attackers to forge links leading to malicious sites through them. Cybernews researchers have discovered two BMW subdomains that were vulnerable to SAP redirect vulnerability. They were used to access […]
Cyber Crime / January 03, 2024
Crypto platform Orbit Chain suffered a cyberattack, threat actors have stolen more than $81 million worth of cryptocurrency. Orbit Chain has suffered a security breach that has resulted in the theft of more than $81 million worth of cryptocurrency. Orbit Chain is a multi-asset blockchain platform that connects various blockchains through Inter-Blockchain Communication (IBC). It […]
Intelligence / January 03, 2024
Ukraineâs SBU revealed that Russia-linked threat actors hacked surveillance cameras to spy on air defense forces and critical infrastructure in Kyiv. Ukraineâs SBU announced they shut down two surveillance cameras that were allegedly hacked by the Russian intelligence services to spy on air defense forces and critical infrastructure in Kyiv. The surveillance cameras were located […]
Malware / January 02, 2024
JinxLoader is a new Go-based loader that was spotted delivering next-stage malware such as Formbook and XLoader. Researchers from Palo Alto Networks and Symantec warned of a new Go-based malware loader called JinxLoader, which is being used to deliver next-stage payloads such as Formbook and XLoader. The name of the threat comes from a League of Legends character. Palo […]
Hacking / January 02, 2024
Researchers discovered an SSH vulnerability, called Terrapin, that could allow an attacker to downgrade the connection’s security. Security researchers from Ruhr University Bochum (Fabian BĂ€umer, Marcus Brinkmann, Jörg Schwenk) discovered a vulnerability, called Terrapin (CVE-2023-48795, CVSS score 5.9), in the Secure Shell (SSH) cryptographic network protocol. An attacker can trigger the flaw to downgrade the […]
Hacking / January 02, 2024
Hudson Researchers reported that a mysterious hacker launched a series of attacks against industry-leading companies in Iran. Hudson Researchers reported that on December 20th, a hacker using the moniker ‘irleaks’ announced the availability for sale of over 160,000,000 records allegedly stolen from 23 leading insurance companies in Iran. The hacker claims that stolen data includes […]
Breaking News / January 01, 2024
These are the Top 2023 Security Affairs cybersecurity stories ⊠enjoy it. CYBERCRIMINALS LAUNCHED âLEAKSMASâ EVENT IN THE DARK WEB EXPOSING MASSIVE VOLUMES OF LEAKED PII AND COMPROMISED DATA Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. 1.7 TB OF DATA STOLEN FROM DIGITAL INTELLIGENCE FIRM CELLEBRITE LEAKED ONLINE […]
Hacking / January 01, 2024
CloudSEK researchers analyzed a zero-day exploit that can allow the generation of persistent Google cookies through token manipulation. In October 2023, a developer known as PRISMA first uncovered an exploit that allows the generation of persistent Google cookies through token manipulation. An attacker can use the exploit to access Google services, even after a user’s […]
Cyber Crime / January 01, 2024
The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. Coop is one of the largest retail and grocery providers in Sweden, with approximately 800 stores across the country. The stores are co-owned by 3.5 million members in 29 consumer associations. All surplus that is created […]
Laws and regulations / December 31, 2023
Google has agreed to settle a $5 billion privacy lawsuit, which alleged that the company monitored individuals using the Chrome “incognito” mode. Google agreed to settle a $5 billion privacy lawsuit over claims that the company monitored online activity of people who used the ‘incognito’ mode in its Chrome web browser. The class action, filed […]
Breaking News / December 31, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. INC RANSOM ransomware gang claims to have breached Xerox Corp Spotify music converter TuneFab puts users […]
Cyber Crime / December 30, 2023
The INC RANSOM ransomware group claims to have hacked the American multinational corporation Xerox Corp. Xerox Corp provides document management solutions worldwide. The company’s Document Technology segment offers desktop monochrome and color printers, multifunction printers, copiers, digital printing presses, and light production devices; and production printing and publishing systems for the graphic communications marketplace and […]
Security / December 30, 2023
TuneFab converter, used to convert copyrighted music from streaming platforms such as Spotify, Amazonâs Audible, or Apple Music, has exposed its users’ private data. Cybernews research showed that the platform has exposed more than 151 million parsed records with usersâ IP addresses, userArea, userIDs, emails, and device info. The leak was caused by a misconfiguration […]
Security / December 29, 2023
Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania, a government agency reported. Albania’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed that cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania. The telecom carrier disclosed the cyber attack with a […]
APT / December 29, 2023
Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of a new cyber espionage campaign carried out by the Russia-linked group APT28 (aka âForest Blizzardâ, âFancybearâ or âStrontiumâ). The group employed previously undetected malware such as […]
Security / December 29, 2023
An exposed database and secrets on a third-party app puts Clash of Clans players at risk of attacks from threat actors. The Cybernews research team has discovered that the Clash Base Designer Easy Copy app exposed its Firebase database and user-sensitive information. With 100,000 downloads on the Google Play store, the app enables Clash of […]
Malware / December 29, 2023
The Resecurity’s HUNTER unit spotted a new version of the Meduza stealer (version (2.2)) that was released in the dark web. On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). One of the key significant improvements are support of more software clients (including browser-based […]
Intelligence / December 28, 2023
Experts discovered that Operation Triangulation targeting Apple iOS devices leveraged an undocumented hardware feature. Researchers from the Russian cybersecurity firm Kaspersky discovered that threat actors behind the Operation Triangulation exploited an undocumented hardware feature to target Apple iOS devices. In early June, Kaspersky uncovered a previously unknown APT group that is targeting iOS devices with zero-click exploits as part […]
Deep Web / December 28, 2023
Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple actors on the Dark Web releasing substantial data leaks. Over 50 million records containing PII of consumers from around the world have been leaked. The actual damage resulting […]
Cyber Crime / December 28, 2023
A Lockbit ransomware attack against the German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) caused service disruptions at three hospitals. German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) announced it has suffered service disruptions at three hospitals (Bielefeld, Rheda-WiedenbrĂŒck, and Herford) after a Lockbit ransomware attack. The security incident could have a serious impact on the local […]
Security / December 28, 2023
Experts warn of a zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Experts warn of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. An attacker can trigger the vulnerability, tracked as CVE-2023-51467, to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) […]
Malware / December 27, 2023
Researchers discovered a new Android malware dubbed Xamalicious that can take full control of the device and perform fraudulent actions. McAfee Mobile Research Team discovered a new Android backdoor dubbed Xamalicious that can take full control of the device and perform fraudulent actions. The malware has been implemented with Xamarin, an open-source framework that allows […]
Breaking News / December 27, 2023
Security firm Barracuda addressed a new zero-day, affecting its Email Security Gateway (ESG) appliances, that is actively exploited by the China-linked UNC4841 group. On December 21, network and email cybersecurity firm Barracuda started releasing security updates to address a zero-day, tracked as CVE-2023-7102, in Email Security Gateway (ESG) appliances. The vulnerability has been actively exploited by […]
Security / December 27, 2023
Governments should recognize electoral processes as critical infrastructure and enact laws to regulate the use of generative Artificial Intelligence. Elections are scheduled in several countries worldwide in 2024, with potential geopolitical implications. Key events include the European Parliament elections in June, the U.S. presidential elections in November, and the French and German presidential elections in […]
Hacking / December 27, 2023
Researchers warn of attacks against poorly managed Linux SSH servers that mainly aim at installing DDoS bot and CoinMiner. Researchers at AhnLab Security Emergency Response Center (ASEC) are warning about attacks targeting poorly managed Linux SSH servers, primarily focused on installing DDoS bots and CoinMiners. In the reconnaissance phase, the threat actors perform IP scanning […]
Data Breach / December 27, 2023
St Vincentâs Health Australia, the largest Australian healthcare provider, suffered a data breach after a cyber attack. St Vincentâs Health Australia is the largest non-profit healthcare provider in the country, The healthcare system was hit by a cyberattack that resulted in a data breach. St Vincentâs Health Australia reported the incident to local authorities and […]
Cyber Crime / December 26, 2023
The Rhysida ransomware group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. Abdali Hospital is a multi-specialty hospital located in the modern development of Al-Abdali, Amman, Jordan. Abdali Hospital provides care to patients in numerous specialties. Apart from its general surgery section, it has specialists in orthopedics and rheumatology, gynecology, urology and endocrinology, neurology, nephrology, pulmonology, internal medicine, oncology, […]
Malware / December 26, 2023
Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. The Carbanak gang was first discovered by Kaspersky Lab in 2015, the group has stolen at least $300 million […]
Reports / December 26, 2023
Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape Forecast. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 100 and government agencies worldwide, has compiled a comprehensive forecast outlining the imminent threats and novel security challenges anticipated in the upcoming year. These projections stem from an in-depth analysis of the underground economy’s evolution on […]
Hacking / December 25, 2023
The threat actor UAC-0099 is exploiting a flaw in the WinRAR to deliver LONEPAGE malware in attacks against Ukraine. A threat actor, tracked as UAC-0099, continues to target Ukraine. In some attacks, the APT group exploited a high-severity WinRAR flaw CVE-2023-38831 to deliver the LONEPAGE malware. UAC-0099 threat actor has targeted Ukraine since mid-2022, it was spotted […]
APT / December 25, 2023
Microsoft reports that the Iran-linked APT33 group is targeting defense contractors worldwide with FalseFont backdoor. Microsoft says the APT33 (aka Peach Sandstorm, Holmium, Elfin, and Magic Hound) Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack against organizations in the Defense Industrial Base (DIB) sector. “Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to […]
Breaking News / December 25, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. LockBit ransomware gang claims to have breached accountancy firm Xeinadin Mobile virtual network operator Mint Mobile […]
Security / December 24, 2023
A joint law enforcement operation led by Europol and the ENISA, along with private security firms, identified 443 online shops compromised with digital skimming. Europol and ENISA collaborated in a joint law enforcement operation uncovering 443 online shops affected by digital skimming. The operation is part of EMPACTÂ priority, a law enforcement activity targeting the criminals […]
Data Breach / December 24, 2023
Video game publisher Ubisoft is investigating reports of an alleged data breach after popular researchers shared evidence of the hack. Ubisoft, the popular video game publisher, is examining reports of a potential data breach following the disclosure of evidence by prominent researchers vx-underground. The researchers reported that on December 20, 2023, an unknown threat actor […]
Cyber Crime / December 23, 2023
The LockBit ransomware claims to have hacked accountancy firm Xeinadin threatens to leak the alleged stolen data. The LockBit ransomware claims responsibility for hacking the Xeinadin accountancy firm and threatens to disclose the alleged stolen data. Xeinadin has over 60,000 clients across the UK and Ireland. In 2021, a significant endorsement came from Exponent, one […]
Data Breach / December 23, 2023
Mobile virtual network operator Mint Mobile suffered a new data breach, threat actors had access to customers’ personal information. Mint Mobile experienced a recent data breach, exposing customers’ personal information to unauthorized access by threat actors. Mint Mobile is a mobile virtual network operator (MVNO) that offers prepaid mobile phone services. As an MVNO, Mint […]
Cyber Crime / December 22, 2023
The Akira ransomware group announced it had breached the network of Nissan Australia, the Australian branch of the car maker giant. The Akira ransomware gang claimed to have breached Nissan Australia and to have stolen around 100GB of files from the carmaker giant. The company refused to pay the ransom and the ransomware gang threatened […]
Cyber Crime / December 22, 2023
A member of the Lapsus$ cyber extortion group, Arion Kurtaj, has been sentenced to an indefinite hospital order. The UK Southwark Crown Court has sentenced Arion Kurtaj, a prominent member of the international cyber extortion gang Lapsus$, to an indefinite hospital order. Over the years, the Lapsus$ gang compromised many high-profile companies such as NVIDIA, Samsung, Ubisoft, Mercado […]
Security / December 22, 2023
An exposed instance contained information for a customer relationship management (CRM) system that likely belongs to Goyzer, a real estate property management software maker, the Cybernews research team has discovered. The data was leaked via a publicly exposed and passwordless MongoDB database, which has since been closed. Businesses employ MongoDB to organize and store large […]
Security / December 21, 2023
ESET fixes a high-severity flaw in Secure Traffic Scanning Feature that could have been exploited to cause web browsers to trust sites that should not be trusted. ESET has addressed a vulnerability (CVE-2023-5594, CVSS score 7.5) in the Secure Traffic Scanning Feature, preventing potential exploitation that could lead web browsers to trust websites using certificates […]
Cyber Crime / December 21, 2023
Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882, to spread the Agent Tesla malware. Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882 (CVSS score: 7.8), as part of phishing campaigns to spread the Agent Tesla malware. Agent Tesla is a spyware that is used to spy on the […]
Breaking News / December 21, 2023
More than 22,000 users of Blink Mobility should take the necessary steps to protect themselves against the risk of identity theft. The Cybernews research team has discovered that their personal data was exposed in a leak. Los Angeles-based electric car-sharing provider Blink Mobility left a misconfigured MongoDB database open to the public. Its metadata was […]
Security / December 20, 2023
Google has released emergency updates to address a new actively exploited zero-day vulnerability in the Chrome browser. Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. The flaw has been addressed with the release of version 120.0.6099.129 for Mac,Linux and 120.0.6099.129/130 for Windows which will […]
Cyber Crime / December 20, 2023
The German police seized the dark web marketplace Kingdom Market as a result of an international law enforcement operation. The Federal Criminal Police Office in Germany (BKA) and the internet-crime combating unit of Frankfurt (ZIT), along with law enforcement agencies from multiple countries (United States, Switzerland, Moldova, and Ukraine), conducted an operation that resulted in […]
Cyber Crime / December 20, 2023
An international law enforcement operation, named HAECHI IV, led to the arrest of approximately 3,500 suspects and the seizure of roughly $300 million worth of assets. Interpol this week announced that an international law enforcement operation, named HAECHI IV, led to the arrest of approximately 3,500 suspects and the seizure of roughly $300 million worth […]
Malware / December 20, 2023
JaskaGO is a new Go-based information stealer malware that targets both Windows and Apple macOS systems, experts warn. Researchers from AT&T Alien Labs uncovered a previously undetected Go-based information stealer dubbed JaskaGO that targets Windows and macOS systems. JaskaGO is a sophisticated malware that supports an extensive array of commands and can maintain persistence in different ways. The […]
Data Breach / December 20, 2023
By neglecting to set a password, a BMW dealer in India has jeopardized the entire network of car dealerships in the country and put its clients at risk. The Cybernews research team has discovered that the Bengaluru branch of BMW Kun Exclusive, a BMW dealership in India, has exposed sensitive data to the public. The […]
Data Breach / December 19, 2023
Comcastâs Xfinity discloses a data breach after a cyber attack hit the company by exploiting the CitrixBleed vulnerability. Comcast’s Xfinity is notifying its customers about the compromise of their data in a cyberattack that involved the exploitation of the CitrixBleed flaw. CitrixBleed is a critical vulnerability, tracked as CVE-2023-4966, in Citrix NetScaler ADC (Application Delivery […]
Breaking News / December 19, 2023
The Federal Bureau of Investigation (FBI) announced the seizure of the Tor leak site of the AlphV/Blackcat ransomware group. The FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure. BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victims is […]
Cyber Crime / December 19, 2023
Smishing Triad: Researchers warn crooks impersonating UAE Federal Authority for Identity and citizenship ahead of the Holiday Season Resecurity, Inc. (USA) has identified a new fraudulent campaign by the Smishing Triad gang in which they are impersonating the United Arab Emirates Federal Authority for Identity and Citizenship. This campaign involves malicious SMS/iMessage texts that pretend […]
Cyber Crime / December 19, 2023
An alleged Lockbit 3.0 ransomware attack on the Italian cloud service provider Westpole disrupted multiple services of local and government organizations and municipalities. A cyber attack hit on December 8, 2023 the Italian cloud service provider Westpole, which is specialized in digital services for public administration. The incident impacted a Westpole’s customer company named PA […]
Malware / December 18, 2023
Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. So, how do you protect against them? Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network. These […]
Hacktivism / December 18, 2023
A group of Pro-Israel hacktivists, called Predatory Sparrow, is suspected of having carried out a cyber attack against petrol stations across Iran. A Pro-Israel hacktivist group, called Predatory Sparrow (or Gonjeshke Darande in Persian), is suspected of having carried out a cyber attack against petrol stations across Iran. Iranian state TV and Israeli local media […]
Cyber Crime / December 18, 2023
Experts warn of a new phishing campaign distributing the QakBot malware, months after law enforcement dismantled its infrastructure. In August, the FBI announced that the Qakbot botnet was dismantled as a result of an international law enforcement operation named Operation âDuck Hunt.â Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The […]
Hacking / December 18, 2023
A supply chain attack against Crypto hardware wallet maker Ledger resulted in the theft of $600,000 in virtual assets. Threat actors pushed a malicious version of the “@ledgerhq/connect-kit” npm module developed by crypto hardware wallet maker Ledger, leading to the theft of more than $600,000 in virtual assets. Once the attack was discovered, the Crypto hardware wallet maker […]
Hacking / December 17, 2023
MongoDB on Saturday announced it is investigating a cyberattack that exposed customer account metadata and contact information. MongoDB on Saturday disclosed it is investigating a cyber attack against certain corporate systems. MongoDB is a US company that developed the popular open-source NoSQL database management system. The cyber attack was discovered on December 13, 2023, and […]
Hacking / December 17, 2023
The Mirai-based botnet InfectedSlurs was spotted targeting QNAP VioStor NVR (Network Video Recorder) devices. In November, Akamai warned of a new Mirai-based DDoS botnet, named InfectedSlurs, actively exploiting two zero-day vulnerabilities to infect routers and video recorder (NVR) devices. The researchers discovered the botnet in October 2023, but they believe it has been active since […]
Breaking News / December 17, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center New NKAbuse malware […]
Malware / December 16, 2023
Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse, which is the first malware abusing NKN technology. Researchers from Kasperskyâs Global Emergency Response Team (GERT) and GReAT uncovered a new multiplatform malware dubbed NKAbuse. The malicious code is written in Go language, it is the first malware that relies on the NKN technology for data exchange […]
Cyber Crime / December 15, 2023
The Snatch ransomware group announced it had hacked the food giant Kraft Heinz, the company is investigating the claims. Kraft Heinz is an American food company, it is one of the largest food and beverage manufacturers globally. Kraft Heinz produces a wide range of popular food products, including condiments, sauces, cheese, snacks, and ready-to-eat meals. […]
Security / December 15, 2023
Security flaws in Netgate pfSense firewall solution can potentially lead to arbitrary code execution on vulnerable devices. pfSense is a popular open-source firewall solution maintained by Netgate, researchers discovered multiple security issues affecting it. Researchers from SonarCloud discovered several security issues, Cross-Site Scripting (XSS) vulnerabilities and a Command Injection vulnerability in pfSense CE (CVE-2023-42325, CVE-2023-42327, CVE-2023-42326). The […]
Cyber Crime / December 15, 2023
Resecurity has uncovered a meaningful link between three major ransomware groups, BianLian, White Rabbit, and Mario Ransomware. Based on a recent Digital Forensics & Incident Response (DFIR) engagement with a law enforcement agency (LEA) and one of the leading investment organizations in Singapore (and other victims), Resecurity (USA) has uncovered a meaningful link between three […]
Security / December 15, 2023
GokuMarket, a centralized crypto exchange owned by ByteX, left an open instance, revealing the details of virtually all of its users, the Cybernews research team has discovered. The leak comes after the team discovered an unprotected MongoDB instance, which stored information on GokuMarket crypto exchange users. Businesses employ MongoDB to organize and store large swaths […]
Data Breach / December 15, 2023
The Idaho National Laboratory (INL) announced that it has suffered a data breach impacting more than 45,000 individuals. In November, the hacktivist group SiegedSec claimed responsibility for the hack of The Idaho National Laboratory (INL) and leaked stolen human resources data. SiegedSec is a threat actor that last year carried out multiple attacks against U.S. organizations, […]
Security / December 14, 2023
Users of Ubiquiti WiFi products started reporting that they are accessing other peopleâs devices when logging into their accounts. Some users of Ubiquiti wifi products started reporting unexpected access to security camera footage, photos, and other devices upon logging into their accounts. Ubiquiti allows its customers to access and manage their devices through a proprietary […]
APT / December 14, 2023
Russia-linked cyber espionage group APT29 has been targeting JetBrains TeamCity servers since September 2023. Experts warn that the Russia-linked APT29 group has been observed targeting JetBrains TeamCity servers to gain initial access to the targets’ networks. The APT29 group (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) exploited the flaw CVE-2023-42793 in TeamCity to carry out […]
Security / December 14, 2023
Microsoft’s Digital Crimes Unit seized multiple domains used by cybercrime group Storm-1152 to sell fraudulent Outlook accounts. Microsoft’s Digital Crimes Unit seized multiple domains used by a cybercrime group, tracked as Storm-1152, to sell fraudulent accounts. Storm-1152 operates illicit websites and social media pages, selling fake Microsoft accounts and tools to bypass identity verification software […]
Cyber Crime / December 14, 2023
French police arrested a Russian national who is suspected of laundering money resulting from the criminal activity of the Hive ransomware gang. The French authorities arrested in Paris a Russian national who is suspected of laundering criminal proceeds for the Hive ransomware gang. “A Russian, suspected of having recovered in cryptocurrencies the money taken from […]
APT / December 14, 2023
Researchers linked a sophisticated botnet, tracked as KV-Botnet, to the operation of the China-linked threat actor Volt Typhoon. The Black Lotus Labs team at Lumen Technologies linked a small office/home office (SOHO) router botnet, tracked as KV-Botnet to the operations of China-linked threat actor Volt Typhoon. The botnet is comprised of two complementary activity clusters, […]
Security / December 13, 2023
A Joint Committee on the National Security Strategy (JCNSS) warns of the high risk of a catastrophic ransomware attack on the UK government. The British government is accused of failing to mitigate the risk of ransomware attacks. According to a parliamentary report published by the Joint Committee on the National Security Strategy (JCNSS) the UK […]
Hacking / December 13, 2023
Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. The attackers compromise user accounts to create, modify, and grant high privileges to OAuth applications to carry out malicious activity […]
Security / December 13, 2023
Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. Sophos backports the fix for the critical code injection vulnerability CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering that threat actors are actively exploiting the flaw in attacks in the wild. The security firm reported […]
Security / December 13, 2023
Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products, including a zero-day. Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products. The vulnerabilities addressed by the company impact Microsoft Windows and Windows Components; Office and Office Components; Azure, Microsoft Edge (Chromium-based); Windows Defender; Windows DNS […]
Cyber warfare / December 12, 2023
The Ukrainian government’s military intelligence service announced the hack of the Russian Federal Taxation Service (FNS). Hackers of the Main Intelligence Directorate of the Ministry of Defense of Ukraine announced they have compromised the Russian Federal Taxation Service (FNS). The military intelligence service said that the hack was the result of a successful special operation […]
Hacking / December 12, 2023
Kyivstar, the largest Ukraine service provider, was hit by a cyber attack that paralyzed its services. The attack is linked to the ongoing conflict. Kyivstar, the largest Ukraine service provider was down after a major cyber attack. The Ukrainian telecommunications company provides communication services and data transmission based on a broad range of fixed and mobile technologies, […]
Security / December 12, 2023
The Dubai Taxi Company (DTC) app, which provides taxi, limousine, and other transport services, left a database open to the public, exposing sensitive customer and driver data. Dubai Taxi Company, a subsidiary of Dubaiâs Roads and Transport Authority, leaked a trove of sensitive information from the DTC app, the Cybernews research team has found. Over […]
APT / December 12, 2023
North Korea-linked APT group Lazarus was spotted exploiting Log4j vulnerabilities to deploy previously undocumented remote access trojans. The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs). Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least […]
Security / December 12, 2023
Apple rolled out emergency security updates to backport patches for two actively exploited zero-day flaws to older devices. The company released iOS 17.2 and iPadOS 17.2 which address a dozen of security flaws. The most severe flaw is a memory corruption issue that resides in the ImageIO. Successful exploitation of the flaw may lead to arbitrary code […]
Data Breach / December 11, 2023
Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data. “Due to an attack on the systems, unauthorized persons gained access to personal data. Affected customers have now […]
Hacking / December 11, 2023
The Apache Software Foundation addressed a critical remote code execution vulnerability in the Apache Struts 2 open-source framework. The Apache Software Foundation released security updates to address a critical file upload vulnerability in the Struts 2 open-source framework. Successful exploitation of the flaw, tracked as CVE-2023-50164, could lead to remote code execution. A remote attacker […]
Security / December 11, 2023
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: Researchers at cybersecurity firm Praetorian discovered the two vulnerabilities […]
Security / December 11, 2023
ENISA has signed a Working Arrangement with the US CISA to enhance capacity-building, best practices exchange and awareness. The European Union Agency for Cybersecurity (ENISA) has signed a Working Arrangement with the Cybersecurity and Infrastructure Security Agency (CISA) to enhance cooperation on capacity-building, best practices exchange, and situational awareness. In the increasingly complex geopolitical environment, […]
Hacking / December 10, 2023
Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts. The security researcher Jose Rodriguez (@VBarraquito) discovered a new lock screen bypass vulnerability for Android 14 and 13. A threat actor with physical access to a device can access photos, contacts, browsing history and more. […]
Security / December 10, 2023
WordPress 6.4.2 addressed a security vulnerability that could be chained with another flaw to achieve remote code execution. WordPress released a security update to address a flaw that can be chained with another issue to gain remote code execution. According to the advisory, the RCE flaw is not directly exploitable in the core, however, threat […]
Breaking News / December 10, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hacktivists hacked an Irish water utility and interrupted the water supply 5Ghoul flaws impact hundreds of […]
Hacktivism / December 09, 2023
Threat actors launched a cyberattack on an Irish water utility causing the interruption of the power supply for two days. Threat actors hacked a small water utility in Ireland and interrupted the water supply for two days. The victim of the attack is a private group water utility in the Erris area, the incident impacted […]
Hacking / December 09, 2023
A set of flaws, collectively called 5Ghoul, in the firmware implementation of 5G mobile network modems from major vendors impacts Android and iOS devices. A team of researchers from the Singapore University of Technology and Design discovered a set of security vulnerabilities in the firmware implementation of 5G mobile network modems from major chipset vendors. The […]
Data Breach / December 09, 2023
Kentucky health system Norton Healthcare disclosed a data breach after it was a victim of a ransomware attack in May. Norton Healthcare disclosed a data breach after a ransomware attack that hit the organization on May 9, 2023. The security breach exposed personal information belonging to patients, employees, and dependents. The health system notified federal […]
Hacking / December 08, 2023
Researchers devised a novel attack vector for process injection, dubbed Pool Party, that evades EDR solutions. Researchers from cybersecurity firm SafeBreach devised a set of process injection techniques, dubbed Pool Party, that allows bypassing EDR solutions. They presented the technique at Black Hat Europe 2023. The experts relied on the less-explored Windows thread pools to discover […]
Cyber Crime / December 08, 2023
Anatoly Legkodymov, the founder of the Bitzlato cryptocurrency exchange has pleaded in a money-laundering scheme. Anatoly Legkodymov (41) (aka Anatolii Legkodymov, Gandalf, and Tolik), the Russian founder of the unlicensed Bitzlato cryptocurrency exchange, has pleaded guilty in a money-laundering scheme. The police arrested Legkodymov in Miami in January, he was charged in a U.S. federal […]
Mobile / December 08, 2023
An Android app with over 100k Google Play downloads and a 4.5-star average rating has let an open instance go unchecked, leaving sensitive user data up for grabs. The Cybernews team discovered the Android app Barcode to Sheet leaking sensitive user information and enterprise data stored by app creators. Barcode to Sheet has over 100k […]
APT / December 07, 2023
The UK NCSC and Microsoft warned that Russia-linked threat actor Callisto Group is targeting organizations worldwide. The UK National Cyber Security Centre (NCSC) and Microsoft reported that the Russia-linked APT group Callisto Group is targeting organizations worldwide. The nation-state actor is carrying out spear-phishing attacks for cyberespionage purposes. The Callisto APT group (aka “Seaborgium“, “Star […]
Security / December 07, 2023
Japanese carmaker Nissan announced it has suffered a cyberattack impacting the internal systems at Nissan Oceania. Nissan Oceania, the regional division of the multinational carmaker, announced it had suffered a cyber attack and launched an investigation into the incident. Nissan already notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre. […]
Malware / December 07, 2023
A previously undetected Linux RAT dubbed Krasue has been observed targeting telecom companies in Thailand. Group-IB researchers discovered a previously undetected Linux remote access trojan called Krasue has been employed in attacks aimed at telecom companies in Thailand. The Krasue Remote Access Trojan (RAT)Â has remained undetected since at least 2021 when it was registered on […]
Security / December 06, 2023
Australian Software giant Atlassian addressed four critical Remote Code Execution (RCE) vulnerabilities in its products. Atlassian released security patches to address four critical remote code execution vulnerabilities in its products. Below is the list of vulnerabilities addressed by the vendor: It’s unclear if the above issues are actively exploited in attacks in the wild. At the end of […]
Security / December 06, 2023
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds four Qualcomm vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualcomm vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: The vendor addressed the flaws CVE-2023-33106, CVE-2023-33107, and CVE-2023-33063 in October 2023. […]
Security / December 06, 2023
Researchers devised a new post-exploitation tampering technique to trick users into believing that their iPhone is in Lockdown Mode. Researchers from Jamf Threat Labs devised a new post-exploit tampering technique to trick users that their compromised iPhone is running in Lockdown Mode while they are performing malicious activities. The researchers pointed out that the issue […]
Hacking / December 06, 2023
GST Invoice Billing Inventory, a business accounting app for small and medium businesses with over 1M downloads has left a database open, exposing sensitive personal and corporate data up for grabs. The popular and reputable GST Invoice Billing Inventory (previously known as Book Keeper) app is one of the thousands of apps on the Google […]
Security / December 06, 2023
The U.S. CISA warns that threat actors are actively exploiting a critical vulnerability in Adobe ColdFusion to breach government agencies. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about threat actors actively exploiting a critical vulnerability (CVE-2023-26360) in Adobe ColdFusion to breach government agencies. The flaw is an Improper Access Control that can allow […]
Security / December 05, 2023
ENISA published the ENISA Threat Landscape for DoS Attacks report to bring new insights to the DoS threat landscape. Denial-of-Service (DoS) attacks pose a persistent and significant security risk for organizations. Over the past few years, threat actors have increasingly had access to cost-effective and efficient means and services to carry out such kinds of […]
APT / December 05, 2023
Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. Microsoft’s Threat Intelligence is warning of Russia-linked cyber-espionage group APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, […]
Mobile / December 05, 2023
Google fixed a critical zero-click RCE vulnerability (CVE-2023-40088) with the release of the December 2023 Android security updates. Google December 2023 Android security updates addressed 85 vulnerabilities, including a critical zero-click remote code execution (RCE) flaw tracked as CVE-2023-40088. The vulnerability resides in Android’s System component, it doesn’t require additional privileges to be triggered. An […]
Malware / December 04, 2023
Cybersecurity researchers discovered a new variant of the P2PInfect botnet that targets routers and IoT devices. Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. This variant has been compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture. The new bot supports updated […]
Cyber Crime / December 04, 2023
Microsoft warns of ongoing malvertising attacks using the DanaBot malware to deploy the CACTUS ransomware. Microsoft uncovered ongoing malvertising attacks using the DanaBot Trojan (Storm-1044) to deploy the CACTUS ransomware. Microsoft the campaign to the ransomware operator Storm-0216 (Twisted Spider, UNC2198). Storm-0216 has historically used Qakbot malware for initial access, but has switched to other […]
Cyber Crime / December 04, 2023
The LockBit ransomware attack on the Industrial & Commercial Bank of China demonstrates the weakness of global financial system to cyberattacks. The ransomware breach that crippled U.S. Treasury trading operations at an American subsidiary of Industrial & Commercial Bank of China Ltd. on November 8 has laid bare the vulnerability of the global financial system […]
Security / December 04, 2023
Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass. Taiwanese vendor Zyxel addressed tens of vulnerabilities in its firewalls and access points. The addressed issues are tracked as CVE-2023-35136, CVE-2023-35139, CVE-2023-37925, CVE-2023-37926, CVE-2023-4397, CVE-2023-4398, CVE-2023-5650, CVE-2023-5797, CVE-2023-5960. Threat actors can exploit the vulnerabilities to steal cookies, access configuration files, carry out command injection and denial-of-service […]
Malware / December 03, 2023
Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. Unit42 researchers uncovered a new backdoor named Agent Raccoon, which is being used in attacks against organizations in the Middle East, Africa, and the U.S. The malware was used in attacks against multiple industries, including […]
Breaking News / December 03, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Researchers devised an attack technique to extract ChatGPT training data Fortune-telling website WeMystic exposes 13M+ user […]
Hacking / December 02, 2023
Researchers devised an attack technique that could have been used to trick ChatGPT into disclosing training data. A team of researchers from several universities and Google have demonstrated an attack technique against ChetGPT that allowed them to extract several megabytes of ChatGPTâs training data. The researchers were able to query the model at a cost […]
Security / December 02, 2023
WeMystic, a website on astrology, numerology, tarot, and spiritual orientation, left an open database exposing 34GB of sensitive data about the platforms’ users. Telling the future is a tricky business, and failure to foretell your own mishaps doesn’t help. The content platform WeMystic is a good example of this, with the Cybernews research team discovering […]
Security / December 01, 2023
The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices. The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. Wardle pointed out that since Turtle was uploaded on Virus Total, it was labeled as malicious by 24 anti-malware solutions, suggesting […]
Cyber Crime / December 01, 2023
The Black Basta ransomware gang infected over 300 victims accumulating ransom payments exceeding $100 million since early 2022. The Black Basta ransomware group has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. Â A joint research by Elliptic and Corvus Insurance revealed that the group accumulated at least […]
Security / December 01, 2023
US CISA added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two issues are: CVE-2023-6345 – The CVE-2023-5217 is a high-severity integer overflow in Skia. Skia is an open-source 2D graphics library that provides […]
Security / November 30, 2023
Apple released emergency security updates to fix two actively exploited zero-day flaws impacting iPhone, iPad, and Mac devices. Apple released emergency security updates to address two zero-day vulnerabilities impacting iPhone, iPad, and Mac devices. The flaws are actively exploited in attacks in the wild, both issues reside in the WebKit browser engine. The first vulnerability, […]
Hacking / November 30, 2023
A critical vulnerability in Zoom Room allowed threat actors to take over meetings and steal sensitive data. Researchers at AppOms discovered a vulnerability in Zoom Room as part of the HackerOne live hacking event H1-4420. Zoom Rooms is a feature of the Zoom video conferencing platform designed to enhance collaboration in physical meeting spaces, such as conference […]
Cyber Crime / November 30, 2023
The Rhysida ransomware group claimed to have hacked King Edward VIIâs Hospital in London. King Edward VII’s Hospital is a private hospital located on Beaumont Street in the Marylebone district of central London. It is a leading provider of acute and specialist medical care, with a focus on musculoskeletal health, urology, women’s health, and digestive […]
Security / November 29, 2023
Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-6345, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day, tracked as CVE-2023-6345, in the Chrome browser. The CVE-2023-5217 is a high-severity integer overflow in Skia. Skia is an open-source 2D graphics library […]
Hacking / November 29, 2023
Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including […]
Security / November 29, 2023
Thousands of secrets have been left exposed on Docker Hub, a platform where web developers collaborate on their code for web applications. While some are harmless API keys, others could lead to unauthorized access, data breaches, or identity theft, the latest Cybernews research reveals. The Docker Hub store has at least 5,493 container images that […]
Hacking / November 28, 2023
Threat actors started exploiting a critical ownCloud vulnerability (CVE-2023-49103) that can lead to sensitive information disclosure. ownCloud is an open-source software platform designed for file synchronization and sharing. It allows individuals and organizations to create their own private cloud storage services, giving them control over their data while facilitating collaboration and file access across multiple […]
Cyber Crime / November 28, 2023
An international law enforcement operation dismantled the core of a ransomware group operating from Ukraine. A joint law enforcement operation led by Europol and Eurojust, with the support of the police from seven nations, has arrested in Ukraine the core members of a ransomware group. The police arrested the kingpin along with four other suspects […]
Cyber Crime / November 28, 2023
The Daixin Team group claims to have hacked the North Texas Municipal Water District (US) and threatened to leak the stolen data. The North Texas Municipal Water District (NTMWD) is a regional water district that provides wholesale water, wastewater treatment, and solid waste services to a group of member cities and customers in North Texas, […]
Cyber Crime / November 28, 2023
The US Healthcare provider Ardent Health Services disclosed that it was the victim of a ransomware attack last week. Ardent Health Services is a healthcare company that operates hospitals and other medical facilities in the United States. It is a for-profit health system with a focus on acquiring, managing, and improving hospitals. Ardent Health Services […]
Cyber warfare / November 27, 2023
Ukraine’s intelligence service announced the hack of the Russian Federal Air Transport Agency, ‘Rosaviatsia.’ Ukraine’s intelligence service announced they have hacked Russia’s Federal Air Transport Agency, ‘Rosaviatsia.’ The attack is the result of a complex special cyber operation. “The Defence Intelligence of Ukraine informs that as a result of a successful complex special operation in […]
Hacktivism / November 27, 2023
Threat actors breached the Municipal Water Authority of Aliquippa in Pennsylvania and took control of a booster station. During the weekend, Iranian threat actors hacked the Municipal Water Authority of Aliquippa (MWAA) and took control of one of their booster stations. The Authority pointed out that the attack did not impact the operations at the […]
Hacking / November 27, 2023
The cyber attack that hit the managed service provider (MSP) CTS potentially impacted hundreds in the United Kingdom. CTS is a trusted provider of IT services to the legal sector in the UK. The company announced that it is investigating a cyber attack that caused a service outage. The incident impacted a portion of the […]
Breaking News / November 26, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Rhysida ransomware gang claimed China Energy hack North Korea-linked APT Lazarus is using a MagicLine4NX zero-day […]
Cyber Crime / November 25, 2023
The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. The Rhysida ransomware gang added the China Energy Engineering Corporation to the list of victims on its Tor leak site. The China Energy Engineering Corporation (CEEC) is a state-owned company in China that operates in the energy and […]
APT / November 25, 2023
UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply-chain attack The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) released a joint warning that the North Korea-linked Lazarus hacking group is exploiting a zero-day vulnerability in the MagicLine4NX software to carry out […]
Malware / November 25, 2023
Researchers reported that a Hamas-linked APT group is using a Rust-based SysJoker backdoor against Israeli entities. Check Point researchers observed a Hamas-linked APT group is using the SysJoker backdoor against Israeli entities. In December 2021, security experts from Intezer first discovered the SysJoker backdoor, which is able to infect Windows, macOS, and Linux systems. The version […]
Security / November 24, 2023
Almost a million files with minors’ data, including home addresses and photos were left open to anyone on the internet, posing a threat to children. During a recent investigation, the Cybernews research team discovered that IT company Appscook â which develops applications used by more than 600 schools in India and Sri Lanka for education […]
Security / November 24, 2023
Microsoft announced this week it will pay up to $20,000 for security vulnerabilities in its Defender products. Microsoft launched its new Microsoft Defender Bounty Program with a focus on Defender products and services. The company will pay up to $20,000 for the vulnerabilities in its Defender products. The bug bounty program starts with Defender for […]
Hacking / November 24, 2023
Researchers warn of publicly exposed Kubernetes configuration secrets that could pose a threat of supply chain attack for organizations. Aqua Nautilus researchers warn of publicly exposed Kubernetes configuration secrets that put organizations at risk of supply chain attacks. The experts noticed that these misconfigurations impact hundreds of organizations and open-source projects. Impacted entities include SAPâs […]
APT / November 24, 2023
North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware. FortiGuard Labs researchers observed the North Korea-linked Konni APT group using a weaponized Russian-language Word document in an ongoing phishing campaign. The KONNI RAT was first spotted by Cisco Talos researchers in 2017, it has been undetected since 2014 and was employed in highly […]
Malware / November 23, 2023
Threat actors spread Atomic Stealer (AMOS) macOS information stealer via a bogus web browser update as part of the ClearFake campaign. Atomic Stealer (AMOS) macOS information stealer is now being delivered via a fake browser update chain tracked as ClearFake, Malwarebytes researchers warn. The malware focuses on macOS, designed to pilfer sensitive information from the […]
Data Breach / November 23, 2023
Healthcare services provider Welltok disclosed a data breach that impacted nearly 8.5 million patients in the U.S. Welltok is a company that specializes in health optimization solutions. It provides a platform that leverages data-driven insights to engage individuals in their health and well-being. The platform aims to personalize and optimize health programs for individuals, employers, […]
APT / November 23, 2023
North Korea-linked APT group Diamond Sleet is distributing a trojanized version of the CyberLink software in a supply chain attack. Microsoft Threat Intelligence researchers uncovered a supply chain attack carried out by North Korea-linked APT Diamond Sleet (ZINC) involving a trojanized variant of a CyberLink software. The attackers used a malware-laced version of a legitimate […]
Data Breach / November 23, 2023
American retailer and distributor of automotive parts and accessories AutoZone discloses a data breach after a MOVEit attack. AutoZone is an American retailer and distributor of automotive parts and accessories. The company is one of the largest aftermarket automotive parts and accessories retailers in the United States. AutoZone operates 7,140 stores across the United States, […]
Malware / November 22, 2023
Mirai-based botnet InfectedSlurs has been spotted exploiting two zero-day RCE flaws to compromise routers and video recorder (NVR) devices. Akamai warned of a new Mirai-based DDoS botnet, named InfectedSlurs, actively exploiting two zero-day vulnerabilities to infect routers and video recorder (NVR) devices. The researchers discovered the botnet in October 2023, but they believe it has […]
Hacktivism / November 22, 2023
The Idaho National Laboratory (INL) disclosed a data breach after the SiegedSec hacktivist group leaked stolen human resources data. SiegedSec hacktivists group claimed responsibility for the hack of The Idaho National Laboratory (INL) and leaked stolen human resources data. SiegedSec is a threat actor that last year carried out multiple attacks against U.S. organizations, especially […]
Security / November 22, 2023
US CISA adds Looney Tunables Linux flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Looney Tunables Linux vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2023-4911 (CVSS score 7.8), aka Looney Tunables, is a buffer overflow issue that resides in the GNU C Libraryâs dynamic loader ld.so while processing the […]
Hacking / November 22, 2023
Citrix urges admins to kill NetScaler user sessions after patching their appliances against the CVE-2023-4966 Citrix Bleed vulnerability. Citrix is providing additional measures to admins who are patching their NetScaler appliances against the CVE-2023-4966 ‘Citrix Bleed‘ vulnerability. The company is urging admins to drop all active user sessions and terminate all persistent ones. “If you […]
Digital ID / November 21, 2023
The Tor Project removed several relays that were used as part of a cryptocurrency scheme and represented a threat to the users. The Tor Project announced the removal of multiple network relays that were involved in a cryptocurrency scheme. A Tor network relay is a server that operates within the Tor network and routes data […]
Malware / November 21, 2023
Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The Carbon Black Managed Detection & Response team is warning of a surge in the number of new infections related to NetSupport RAT in the last few weeks. The most impacted sectors are education, government, and business services. NetSupport […]
Security / November 21, 2023
Organizations need to govern and control the API ecosystem, this governance is the role of API management. Uber uses APIs (Application Programming Interfaces) to connect with third-party services such as Google Maps and Twilio, which helps to improve the user experience; Salesforce provides APIs that allow developers to build custom applications on top of their […]
Data Breach / November 20, 2023
The Canadian government discloses a data breach after threat actors hacked two of its contractors. The Canadian government declared that two of its contractors,Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, have been hacked, resulting in the exposure of sensitive information belonging to an undisclosed number of government employees. Data belonging […]
Data Breach / November 20, 2023
The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site. The British Library is a research library in London that is the national library of the […]
APT / November 20, 2023
Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks. The Ukrainian National Security and Defense Council (NDSC) reported that APT29 (aka SVR group, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes) has been exploiting the CVE-2023-38831 vulnerability in WinRAR in recent attacks. APT29 along with APT28 cyber espionage group was involved in the Democratic National Committee […]
APT / November 20, 2023
The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831. Researchers at cybersecurity firm NSFOCUS analyzed DarkCasino attack pattern exploiting the WinRAR zero-day vulnerability tracked as CVE-2023-38831. The economically motivated APT group used specially crafted archives in phishing attacks against forum users through online trading forum posts. “DarkCasino is an APT […]
Cyber Crime / November 20, 2023
US teenager Joseph Garrison pleads guilty to carrying out a credential stuffing attack on a betting website. US teenager Joseph Garrison (19) has pleaded guilty to his involvement in a credential stuffing campaign that targeted user accounts at a fantasy sports and betting website.3 On or about November 18, 2022, the man launched a credential […]
Breaking News / November 19, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Israeli man sentenced to 80 months in prison for providing hacker-for-hire services Russian APT Gamaredon uses […]
Malware / November 19, 2023
8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. Phobos variants are usually distributed by the SmokeLoader, but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. The […]
APT / November 18, 2023
Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB. Check Point researchers observed Russia-linked Gamaredon spreading the worm called LitterDrifter via USB in attacks against Ukraine. Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) has been active since 2014 and its activity focuses on Ukraine, the group was observed using the multistage backdoor Pteranodon/Pterodo. The Gamaredon APT group continues to carry out […]
Breaking News / November 17, 2023
OpenAI fired its CEO Sam Altman, and the Chief technology officer Mira Murati appointed interim CEO to lead the company. Sam Altman has been removed as CEO of OpenAI. The company announced that Mira Murati, the Chief Technology Officer, has been appointed as interim CEO. He was distrusted by the board for his behavior, for […]
Data Breach / November 17, 2023
Toyota Financial Services discloses unauthorized activity on systems after the Medusa ransomware gang claimed to have hacked the company. Toyota Financial Services confirmed the discovery of unauthorized activity on systems in a limited number of its locations. “Toyota Financial Services Europe & Africa recently identified unauthorised activity on systems in a limited number of its […]
Security / November 17, 2023
US CISA added three new vulnerabilities (tracked as CVE-2023-36584, CVE-2023-1671, and CVE-2023-2551) to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the three added vulnerabilities: According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known […]
APT / November 16, 2023
Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day (CVE-2023-37580) to steal emails from governments. Google Threat Analysis Group (TAG)Â researchers revealed that a zero-day vulnerability, tracked as CVE-2023-37580Â (CVSS score: 6.1), in the Zimbra Collaboration email software was exploited by four different threat actors to steal email data, user credentials, and authentication tokens […]
Data Breach / November 16, 2023
Vietnam Post Corporation, a Vietnamese government-owned postal service, exposed security logs and employee email addresses to external cyber threats Vietnam Post Corporation, a Vietnamese government-owned postal service, left its security logs and employee email addresses accessible to outside cyber snoopers, Cybernews researchers have discovered. The exposed sensitive data could spell trouble if accessed by malicious […]
Data Breach / November 16, 2023
Samsung Electronics disclosed a data breach that exposed customer personal information to an unauthorized individual. Samsung Electronics suffered a data breach that exposed the personal information of some of its customers to an unauthorized individual. The security breach was discovered on November 13, 2023, and impacted customers who made purchases from the Samsung UK online […]
Malware / November 16, 2023
The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors. FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks against organizations across multiple industry sectors. The report is part of the ongoing #StopRansomware effort that disseminates advisories about tactics, techniques, and […]
Security / November 15, 2023
Enterprise software giant SAP addressed a critical improper access control vulnerability in its Business One product. SAP November 2023 Security Patch Day includes three new and three updated security notes. The most severe “hot news” is an improper access control vulnerability, tracked as CVE-2023-31403 (CVSS score of 9.6), that impacts SAP Business One product installation. […]
Cyber Crime / November 15, 2023
The Federal Bureau of Investigation (FBI) dismantled the infrastructure behind the illegal botnet proxy service IPStorm. The IPStorm botnet was first uncovered in May 2019 while targeting Windows systems, not experts from Intezer reported that the bot evolved to infect other platforms, including Android, Linux, and Mac devices. IPStorm botnet continues to infect systems across […]
Security / November 15, 2023
Mexican online casino Strendus has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling. Strendus, one of the biggest online casinos in Mexico has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling. The data was likely compromised by unauthorized actors. […]
Security / November 15, 2023
VMware disclosed a critical bypass vulnerability in VMware Cloud Director Appliance that can be exploited to bypass login restrictions when authenticating on certain ports. VMware disclosed an authentication bypass vulnerability, tracked as CVE-2023-34060 (CVSS score 9.8), in its Cloud Director Appliance that can be exploited by an attacker with network access to the appliance bypassing login […]
APT / November 14, 2023
Danish critical infrastructure was hit by the largest cyber attack on record that hit the country, according to Denmark’s SektorCERT. In May, Danish critical infrastructure faced the biggest cyber attack on record that hit the country, reported SektorCERT, Denmark’s Computer Security Incident Response Team (CSIRT) for the critical infrastructure sectors. A first wave of attacks […]
Cyber Crime / November 14, 2023
A cyber attack on the logistics giant DP World caused significant disruptions in the operations of several major Australian ports. A cyberattack hit the international logistics firm DP World Australia and disrupted the operations in major Australian ports. DP World is a global leader in logistics, providing comprehensive supply chain solutions to the world’s largest shipping […]
Malware / November 14, 2023
Experts warn of an alarming rise in ransomware operations targeting the energy sector, including nuclear facilities and related research entities. Resecurity, Inc. (USA) protecting major Fortune 100 and government agencies globally has identified an alarming rise in ransomware operators targeting the energy sector, including nuclear facilities and related research entities. Over the last year, ransomware […]
Security / November 13, 2023
US CISA added four vulnerabilities (tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847)Â in Juniper devices to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new vulnerabilities to its Known Exploited Vulnerabilities catalog, five issues impacting Juniper Junos OS and one impacting the SysAid SysAid IT support software. Below is the list […]
Cyber Crime / November 13, 2023
The LockBit ransomware group published data allegedly stolen from the aerospace giant Boeing in a recent attack. The Boeing Company, commonly known as Boeing, is one of the worldâs largest aerospace manufacturers and defense contractors. In 2022, Boeing recorded $66.61 billion in sales, the aerospace giant has 156,000 (2022). At the end of October, the Lockbit ransomware […]
APT / November 13, 2023
North Korea-linked APT group Sapphire Sleet set up bogus skills assessment portals in attacks aimed at IT job seekers. The North Korea-linked APT group Sapphire Sleet (aka APT38, BlueNoroff, CageyChameleon, and CryptoCore) is considered a sub-group of the popular Lazarus APT group. The APT groupâs campaigns focus on cryptocurrency exchanges, venture capital firms, and banks. […]
Data Breach / November 12, 2023
The Lorenz extortion group leaked the data stolen from the Texas-based Cogdell Memorial Hospital. In early November, the Cogdell Memorial Hospital (Scurry County Hospital District) announced it was experiencing a computer network incident that prevented the hospital from accessing some of its systems and severely limiting the operability of its phone system. The hospital immediately […]
Data Breach / November 12, 2023
The State of Maine disclosed a data breach that impacted about 1.3 million people after an attack hit its MOVEit file transfer install. The State of Maine was the victim of the large-scale hacking campaign that targeted organizations using the MOVEit file transfer tool. The Government organization disclosed a data breach that impacted about 1.3 million individuals. Threat actors […]
Breaking News / November 12, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Police seized BulletProftLink phishing-as-a-service (PhaaS) platform Serbian pleads guilty to running âMonopolyâ dark web drug market […]
Cyber Crime / November 11, 2023
The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. A joint international operation conducted by the Malaysian police, the FBI, and the Australian Federal Police took down several domains employed in the cybercriminal operation. “We seized around RM960,000 […]
Cyber Crime / November 11, 2023
The Serbian citizen Milomir Desnica (33) has pleaded guilty to running the dark web Monopoly drug marketplace. Milomir Desnica, a 33-year-old Serbian citizen, admited to being responsible for operating the illicit Monopoly drug marketplace on the dark web. The man pleaded guilty today in U.S. District Court in the District of Columbia to charges of […]
Data Breach / November 10, 2023
McLaren Health Care (McLaren) experienced a data breach that compromised the sensitive personal information of approximately 2.2 million individuals. McLaren Health Care (McLaren) disclosed a data breach that occurred between late July and August. The security breach exposed the sensitive personal information of 2,192,515 people. McLaren Health Care is a nonprofit health care organization based in […]
Hacktivism / November 10, 2023
After ChatGPT, Anonymous Sudan took down the Cloudflare website with a distributed denial-of-service (DDoS) attack. The hacktivist group Anonymous Sudan claimed responsibility for the massive distributed denial-of-service (DDoS) attack that took down the website of Cloudflare. Cloudflare confirmed that a DDoS attack took down its website for a few minutes and ponited out that it did not […]
Hacking / November 10, 2023
The Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack that disrupted trades in the US Treasury market. The Industrial and Commercial Bank of China (ICBC) announced it has contained a ransomware attack that disrupted the U.S. Treasury market and impacted some fixed income and equities transactions “The Securities Industry and Financial Markets […]
Hacking / November 10, 2023
Microsoft spotted the exploitation of a SysAid zero-day vulnerability in limited attacks carried out by the Lace Tempest group. Microsoft reported the exploitation of a zero-day vulnerability, tracked as CVE-2023-47246, in the SysAid IT support software in limited attacks. The IT giant linked the attacks to the Clop ransomware gang (aka Lace Tempest). The company reported the flaw […]
Cyber Crime / November 10, 2023
On-demand moving and delivery platform Dolly.com allegedly paid a ransom but crooks found an excuse not to hold their end of the bargain. Cybercriminals are hardly a trustworthy bunch. Case in point: Dolly.com. The Cybernews research team believes that the platform suffered a ransomware attack and at least partially paid the ransom â but was […]
Hacktivism / November 09, 2023
OpenAI confirmed that the outage suffered by ChatGPT and its API on Wednesday was caused by a distributed denial-of-service (DDoS) attack. OpenAIÂ confirmed earlier today that the outage suffered by ChatGPT and its API on Wednesday was caused by a distributed denial-of-service (DDoS) attack. “We are dealing with periodic outages due to an abnormal traffic pattern […]
APT / November 09, 2023
Mandiant reported that Russia-linked Sandworm APT used a novel OT attack to cause power outages during mass missile strikes on Ukraine. Mandiant researchers reported that Russia-linked APT group Sandworm employed new operational technology (OT) attacks that caused power outages while the Russian army was conducting mass missile strikes on critical infrastructure in Ukraine in October. […]
Security / November 07, 2023
Veeam addressed multiple vulnerabilities in its Veeam ONE IT infrastructure monitoring and analytics platform, including two critical issues. Veeam addressed four vulnerabilities (CVE-2023-38547, CVE-2023-38548, CVE-2023-38549, CVE-2023-41723) in the Veeam ONE IT infrastructure monitoring and analytics platform. The vulnerability CVE-2023-38547 (CVSS score 9.9) can be exploited by an unauthenticated attacker to gain information about the SQL […]
Security / November 07, 2023
Pro-Palestinian hackers group ‘Soldiers of Solomon’ claims to have hacked one of the largest Israeli flour plants causing severe damage to the operations. The Pro-Palestinian hackers group ‘Soldiers of Solomon’ announced that it had breached the infrastructure of the production plant of Flour Mills Ltd, a multinational company engaged in the processing and marketing of […]
APT / November 07, 2023
Iran-linked Agonizing Serpens group has been targeting Israeli organizations with destructive cyber attacks since January. Iran-linked Agonizing Serpens group (aka Agrius, BlackShadow, Pink Sandstorm, DEV-0022) has been targeting Israeli organizations in higher education and tech sectors with destructive cyber attacks since January 2023. Palo Alto Networks’ s Unit 42 researchers reported that threat actors first attempt to steal sensitive […]
Security / November 06, 2023
Experts warn threat actors that started exploiting a recent critical flaw CVE-2023-22518 in Confluence Data Center and Confluence Server. Over the weekend threat actors started exploiting a recently disclosed vulnerability (CVE-2023-22518) in all versions of Atlassian Confluence Data Center and Confluence Server. Atlassian last week warned of the CVE-2023-22518Â (CVSS score 9.1), the issue is an […]
Security / November 06, 2023
Taiwanese vendor QNAP warns of two critical command injection flaws in the QTS operating system and applications on its NAS devices. Taiwanese vendor QNAP Systems addressed two critical command injection vulnerabilities, tracked as CVE-2023-23368 and CVE-2023-23369, that impact the QTS operating system and applications on its network-attached storage (NAS) devices. The vulnerability CVE-2023-23368 (CVSS score […]
Hacking / November 06, 2023
Google warns of multiple threat actors that are leveraging its Calendar service as a command-and-control (C2) infrastructure. Google warns of multiple threat actors sharing a public proof-of-concept (PoC) exploit, named Google Calendar RAT, that relies on Calendar service to host command-and-control (C2) infrastructure. Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, it […]
Cyber Crime / November 06, 2023
Threat actors infected more than 10,000 devices worldwide with the ‘PrivateLoader’ and ‘Amadey’ loaders to recruit them into the proxy botnet ‘Socks5Systemz.’ Bitsight researchers uncovered a proxy botnet delivered, tracked as Socks5Systemz, which was delivered by PrivateLoader and Amadey loaders. The name Socks5Systemz comes from the name of the unique login panel consistently present in […]
Breaking News / November 05, 2023
The Treasury Department sanctioned a Russian woman accused of laundering virtual currency on behalf of cybercriminals. The Department of the Treasuryâs Office of Foreign Assets Control (OFAC) on Friday sanctioned Ekaterina Zhdanova, a Russian national, for her role in laundering and managing virtual currency on behalf of Russian elites, ransomware operators, and other threat actors. âThrough […]
Breaking News / November 05, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Kinsing threat actors probed the Looney Tunables flaws in recent attacks ZDI discloses four zero-day flaws […]
APT / November 05, 2023
North Korea-linked Lazarus group is using new KandyKorn macOS Malware in attacks against blockchain engineers. North Korea-linked Lazarus APT group were spotted using new KandyKorn macOS malware in attacks against blockchain engineers, reported Elastic Security Labs. “KandyKorn is an advanced implant with a variety of capabilities to monitor, interact with, and avoid detection. It utilizes […]
Hacking / November 04, 2023
Kinsing threat actors are exploiting the recently disclosed Linux privilege escalation flaw Looney Tunables to target cloud environments. Researchers are cloud security firm Aqua have observed threat actors exploiting the recently disclosed Linux privilege escalation flaw Looney Tunables in attacks against cloud environments. The vulnerability Looney Tunables (CVE-2023-4911 (CVSS score 7.8)) is a buffer overflow issue that […]
Hacking / November 03, 2023
Researchers disclosed four zero-day flaws in Microsoft Exchange that can be remotely exploited to execute arbitrary code or disclose sensitive information on vulnerable installs. Trend Micro’s Zero Day Initiative (ZDI) disclosed four zero-day vulnerabilities in Microsoft Exchange that can be remotely exploited by an authenticated attacker to execute arbitrary code or disclose sensitive information on […]
Data Breach / November 03, 2023
Threat actors who breached the Okta customer support system also gained access to files belonging to 134 customers. Threat actors who breached the Okta customer support system in October gained access to files belonging to 134 customers, the company revealed. Some of the files accessed by the attackers are HAR files that contained session tokens. […]
Mobile / November 03, 2023
Kaspersky researchers are warning of multiple WhatsApp mods that embed a spyware module dubbed CanesSpy. Kaspersky researchers discovered multiple WhatsApp mods that embed a spyware module dubbed CanesSpy. mods are modifications or alterations made to an application, often by third-party developers or users. These modifications can serve various purposes, such as adding new features, customizing the app’s […]
Cyber warfare / November 03, 2023
The FSB arrested two Russian hackers who are accused of having helped Ukrainian entities carry out cyberattacks on critical infrastructure targets. The Russian intelligence agency Federal Security Service (FSB) arrested two individuals who are suspected of supporting Ukrainian entities to carry out cyberattacks to disrupt Russian critical infrastructure. The two men are facing high treason […]
APT / November 03, 2023
Iran-linked cyberespionage group MuddyWater is targeting Israeli entities in a new spear-phishing campaign. Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, and Static Kitten) is targeting Israeli entities in a new spear-phishing campaign, Deep Instinctâs Threat Research team reported. The phishing messages were aimed at deploying a legitimate remote administration tool called Advanced Monitoring Agent. This is the first time that the Iranian […]
Data Breach / November 02, 2023
Clop ransomware gang gained access to the email addresses of more than 632K US federal employees at the departments of Defense and Justice. Russian-speaking Clop ransomware group gained access to the email addresses of about 632,000 US federal employees at the departments of Defense and Justice. The security breach is the result of the MOVEit […]
Data Breach / November 02, 2023
Okta warns approximately 5,000 employees that their personal information was compromised due to a third-party vendor data breach. Cloud identity and access management solutions provider Okta warns nearly 5,000 employees that their personal information was exposed due to a data breach suffered by the third-party vendor Rightway Healthcare. According to the data breach notification, Rightway […]
Hacking / November 02, 2023
Rapid7 researchers warn of the suspected exploitation of a recently disclosed critical security flaw (CVE-2023-46604) in the Apache ActiveMQ. Cybersecurity researchers at Rapid7 are warning of the suspected exploitation of the recently disclosed critical vulnerability CVE-2023-46604 in the Apache ActiveMQ. Apache ActiveMQ is an open-source message broker software that serves as a message-oriented middleware (MOM) […]
Cyber Crime / November 02, 2023
Boeing confirmed it is facing a cyber incident that hit its global services division, the company pointed out that flight safety isnât affected. The Boeing Company, commonly known as Boeing, is one of the worldâs largest aerospace manufacturers and defense contractors.  In 2022, Boeing recorded $66.61 billion in sales, the aerospace giant has 156,000 (2022). Last week, the […]
Data Breach / November 02, 2023
Data leaks containing Aadhaar IDs in India were caused by the insecurity of 3rd parties while aggregating such information for KYC. According to Resecurity, a global cybersecurity provider protecting Fortune 500 companies and governments globally, one of the key issues leading to data leaks containing Aadhaar IDs in India is the insecurity of 3rd parties […]
Cyber Crime / November 02, 2023
Researchers speculate that the recent shutdown of the Mozi botnet was the response of its authors to the pressure from Chinese law enforcement. ESET researchers speculate that the recent shutdown of the Mozi botnet was the result of its operators’ choice, possibly due to pressure from Chinese authorities. Mozi is an IoT botnet that borrows the […]
Hacking / November 01, 2023
US CISA added two vulnerabilities, tracked as CVE-2023-46747 and CVE-2023-46748, in BIG-IP to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerabilities CVE-2023-46747 and CVE-2023-46748 in BIG-IP to its Known Exploited Vulnerabilities catalog. CISA has the two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The two […]
Security / November 01, 2023
Experts warn that threat actors started exploiting the critical flaw CVE-2023-46747 in F5 BIG-IP installs less than five days after PoC exploit disclosure. F5 this week warned customers about a critical security vulnerability, tracked as CVE-2023-46747 (CVSS 9.8), that impacts BIG-IP and could result in unauthenticated remote code execution. The vulnerability resides in the configuration […]
Malware / November 01, 2023
A pro-Hamas hacker group is targeting Israeli entities using a new Linux-based wiper malware dubbed BiBi-Linux Wiper. During a forensics investigation, Security Joes Incident Response team discovered a new Linux Wiper malware they tracked as BiBi-Linux Wiper. Pro-Hamas hacktivist group used the wiper to destroy the infrastructure of Israeli companies. The researchers noticed that the malware […]
Hacking / November 01, 2023
Last weekend, the British Library suffered a cyberattack that caused a major IT outage, impacting many of its services. The British Library is facing a major outage that impacts the website and many of its services following a cyber attack that took place on October 28. The British Library is the national library of the […]
Security / October 31, 2023
Atlassian warned of a critical security vulnerability, tracked as CVE-2023-22518, in the Confluence Data Center and Server. Atlassian is warning of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server. The vulnerability is an improper authorization issue that can lead to significant data loss if […]
Deep Web / October 31, 2023
World-in-HD (WiHD), a French private video torrent community, left an open instance exposing the emails and passwords of all of its users and administrators. WiHD, a popular torrent tracker specializing in HD movies, inadvertently exposed tens of thousands of its users, the Cybernews research team has recently discovered. WiHD is a private tracker dedicated to […]
Hacking / October 31, 2023
Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. Researchers from Researchers at Horizon3.ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. Cisco recently warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited […]
Intelligence / October 31, 2023
Canada banned the Chinese messaging app WeChat and Kaspersky antivirus on government mobile devices due to privacy and security risks. The Government of Canada announced a ban on the use of the WeChat and Kaspersky applications on government-issued mobile devices due to privacy and security risks. The ban will be effective starting from October 30, […]
Cyber Crime / October 30, 2023
A man from Orlando was sentenced to prison for SIM Swapping conspiracy that led to the theft of approximately $1M in cryptocurrency. Jordan Dave Persad (20), from Orlando, Florida, was sentenced to 30 months in prison for SIM Swapping conspiracy, followed by three years of supervised release. He pleaded guilty to Conspiracy to Commit Computer […]
Hacking / October 30, 2023
eSentire researchers devised a new attack technique, named Wiki-Slack attack, that can be used to redirect business professionals to malicious websites. eSentire Threat Response Unit (TRU) security researchers discovered a new attack technique, named Wiki-Slack attack, that can be used to redirect business professionals to malicious websites. The attackers choose a subject in Wikipedia that can be […]
Security / October 30, 2023
HackerOne announced that it has awarded over $300 million bug hunters as part of its bug bounty programs since the launch of its platform. HackerOne announced that it has surpassed $300 million in total all-time rewards on the HackerOne platform. Thirty white hat hackers have earned more than one million dollars submitting vulnerabilities through the […]
Malware / October 30, 2023
A sophisticated malware tracked as StripedFly remained undetected for five years and infected approximately one million devices. Researchers from Kaspersky discovered a sophisticated malware, dubbed StripedFly, that remained under the radar for five years masquerading as a cryptocurrency miner. In 2022, the researchers detected within the WININIT.EXE process an older code that was associated with […]
Hacktivism / October 29, 2023
IT Army of Ukraine hacktivists have temporarily disrupted internet services in some of the territories that have been occupied by Russia. Ukrainian hacktivists belonging to the IT Army of Ukraine group have temporarily disabled internet services in some of the territories that have been occupied by the Russian army. After the invasion of the Crimea and […]
Breaking News / October 29, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023 Lockbit ransomware gang claims […]
Hacking / October 28, 2023
The Pwn2Own Toronto 2023 hacking competition is over, bug hunters earned $1,038,500 for 58 zero-day exploits. The Pwn2Own Toronto 2023 hacking competition is over, the organizers awarded $1,038,250 for 58 unique 0-days. The Team Viettel (@vcslab) won the Master of Pwn with $180K and 30 points. The vulnerabilities exploited by the experts have been disclosed […]
Cyber Crime / October 27, 2023
The Lockbit ransomware gang claims to have hacked the aerospace manufacturer and defense contractor Boeing and threatened to leak the stolen data. The Boeing Company, commonly known as Boeing, is one of the world’s largest aerospace manufacturers and defense contractors. Â In 2022, Boeing recorded $66.61Â billion in sales, the aerospace giant has 156,000Â (2022). The Lockbit ransomware […]
Security / October 27, 2023
How residential proxies using real IPs from diverse locations enable businesses to gather comprehensive and accurate data from the web Since the adoption of the first digital tools and connection to the internet, the competitive business environment has revolutionized and transformed the ways modern companies conduct business operations. With the help of Information Technologies (IT), […]
Hacking / October 27, 2023
F5 warns customers of a critical vulnerability impacting BIG-IP that could lead to unauthenticated remote code execution. F5 is warning customers about a critical security vulnerability, tracked as CVE-2023-46747 (CVSS 9.8), that impacts BIG-IP and could result in unauthenticated remote code execution. The vulnerability resides in the configuration utility component, it was reported by Michael […]
Data Breach / October 27, 2023
Hello Alfred, an in-home hospitality app, left a database accessible without password protection, exposing almost 170,000 records containing private user data. Hello Alfred is a one-stop application allowing real estate developers and property managers to provide in-home services and maintenance to residents. It also enables landlords to collect rent in-app. Residents using the platform get an […]
Hacking / October 26, 2023
Boffins devised a new iLeakage side-channel speculative execution attack exploits Safari to steal sensitive data from Macs, iPhones, and iPads. A team of researchers from the University of Michigan, Georgia Institute of Technology, and Ruhr University Bochum has devised a transient side-channel speculative execution attack that exploits the Safari web browser to steal sensitive information […]
Hacking / October 26, 2023
Cloudflare mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks exploiting the flaw HTTP/2 Rapid Reset. Cloudflare DDoS threat report of 2023 states that the company has mitigated thousands of hyper-volumetric HTTP distributed denial-of-service attacks. 89 of the attacks mitigated by the company exceeded 100 million requests per second (rps), the largest attack peaked at […]
Data Breach / October 26, 2023
Japanese watchmaker Seiko revealed that the attack that suffered earlier this year was carried out by the Black Cat ransomware gang. On August 10, 2023, the Japanese maker of watches Seiko disclosed a data breach following a cyber attack. âSeiko Group Corporation (hereinafter referred to as âthe Companyâ or âweâ) has confirmed that on July […]
APT / October 26, 2023
Russia-linked threat actor Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software. Russian APT group Winter Vivern (aka TA473) has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023. ESET researchers pointed out that is a different vulnerability than CVE-2020-35730, that the group exploited in other attacks. The Winter […]
Hacking / October 25, 2023
The Pwn2Own Toronto 2023 hacking contest has begun and during the first day, participants received $438,750 in prizes! During the Day 1 of the Pwn2Own Toronto 2023 hacking contest, the organization has awarded a total of $438,750 in prizes! Team Orca of Sea Security received the greatest rewards of the day, the researchers chained two […]
Security / October 25, 2023
VMware addressed a critical out-of-bounds write vulnerability, tracked as CVE-2023-34048, that impacts vCenter Server. vCenter Server is a critical component in VMware virtualization and cloud computing software suite. It serves as a centralized and comprehensive management platform for VMware’s virtualized data centers. The vulnerability CVE-2023-34048 (CVSS score 9.8) is an out-of-bounds write vulnerability in the implementation of […]
Security / October 25, 2023
Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks. On October 10, Citrix published a security bulletin related to a critical vulnerability, tracked as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices. […]
Data Breach / October 25, 2023
On September 18th, the Cybernews research team discovered two publicly hosted environment files (.env) attributed to New England Biolabs. Leaving environment files open to the public is one of the simplest mistakes that web admins can make, but it can have disastrous consequences. Despite leaving some of its sensitive credentials exposed, New England Biolabs seems […]
Intelligence / October 24, 2023
A former NSA employee has pleaded guilty to charges of attempting to transmit classified defense information to Russia. Jareh Sebastian Dalke (31), a former NSA employee has admitted to attempting to convey classified defense information to Russia, pleading guilty to the charges. The man pleaded guilty today to six counts of attempting to transmit classified […]
Hacking / October 24, 2023
VMware is aware of the availability of a proof-of-concept (PoC) exploit code for an authentication bypass flaw in VMware Aria Operations for Logs. VMware warned customers of the availability of a proof-of-concept (PoC) exploit code for an authentication bypass vulnerability, tracked as CVE-2023-34051, in VMware Aria Operations for Logs (formerly known as vRealize Log Insight). The […]
Hacking / October 24, 2023
1Password detected suspicious activity on its Okta instance after the recent compromise of the Okta support system. The password management and security application 1Password announced it had detected suspicious activity on its Okta instance on September 29, but excluded that user data was exposed. The activity is linked to the recent attack on the Okta […]
Security / October 24, 2023
Hundreds of millions of PII records belonging to Indian residents, including Aadhaar cards, are being offered for sale on the Dark Web. PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web In early October, Resecurityâs HUNTER (HUMINT) unit identified hundreds of millions of personally identifiable information (PII) records […]
Cyber Crime / October 24, 2023
The Spanish police have arrested 34 members of the cybercriminal group that is accused of having stolen data of over four million individuals. The Spanish police have arrested 34 members of a cybercriminal group that is suspected to have stolen data of over four million individuals. The authorities conducted 16 searches in Madrid, MĂĄlaga, Huelva, […]
Security / October 23, 2023
US CISA added the vulnerability CVE-2023-20273 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2023-20273 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The vulnerability is an unspecified issue in the web user interface. An attacker can chain this flaw with CVE-2023-20198 to leverage the new […]
Hacking / October 23, 2023
Cisco found a second IOS XE zero-day vulnerability, tracked as CVE-2023-20273, which is actively exploited in attacks in the wild. Cisco last week warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance […]
Hacking / October 23, 2023
The City of Philadelphia discloses a data breach that resulted from a cyber attack that took place on May 24 and that compromised City email accounts. The City of Philadelphia announced it is investigating a data breach after attackers that threat actors broke some of City email accounts containing personal and protected health information. The […]
Security / October 23, 2023
Researchers discovered three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product. Security researchers discovered three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product. SolarWinds Access Rights Manager (ARM) is a software solution developed by IT management and monitoring software provider SolarWinds, it was designed to help organizations […]
Intelligence / October 23, 2023
The Philippine defense ordered its personnel to stop using AI-based applications to generate personal portraits. The Philippine defense warned of the risks of using AI-based applications to generate personal portraits and ordered its personnel to stop using them. On October 14, Defense Secretary Gilberto Teodoro Jr. issued the directive to ban the AI-based applications. “Defense […]
Malware / October 23, 2023
Researchers linked Vietnamese threat actors to the string of DarkGate malware attacks on entities in the U.K., the U.S., and India. WithSecure researchers linked the recent attacks using the DarkGate malware to a Vietnamese cybercrime group previously known for the usage of Ducktail stealer. DarkGate is a commodity malware that is offered with a model […]
Intelligence / October 22, 2023
MI5 chief warns Chinese cyber espionage reached an epic scale, more than 20,000 people in the UK have now been targeted. The head of MI5, Ken McCallum, warns that Chinese spies targeted more than 20,000 people in the UK. During a meeting of security chiefs of the Five Eyes alliance held in California, McCallum told […]
Intelligence / October 22, 2023
The International Criminal Court revealed the recent attack was carried out by a threat actor for espionage purposes. The International Criminal Court shared additional information about the cyberattack that hit the organizations in September. In September, the International Criminal Court (ICC) announced that threat actors have breached its systems last week. The experts at the […]
Breaking News / October 22, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A threat actor is selling access to Facebook and Instagram’s Police Portal Threat actors breached Okta […]
Cyber Crime / October 21, 2023
A threat actor is selling access to Facebook and Instagram’s Police Portal used by law enforcement agencies to request data relating to users under investigation. Cyber security researcher Alon Gal, co-founder & CTO of Hudson Rock, first reported that a threat actor is selling access to Facebook and Instagram’s Police Portal. The portal allows law […]
Data Breach / October 21, 2023
Okta revealed that threat actors breached its support case management system and stole sensitive data that can be used in future attacks. Okta says that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valide users. Okta […]
Security / October 21, 2023
The U.S. government seized 17 website domains used by North Korean IT workers in a fraudulent scheme to defraud businesses worldwide. The U.S. government announced the seizure of 17 website domains used by North Korean information technology (IT) workers as part of a fraudulent scheme illicit scheme to defraud businesses worldwide. The illicit funds defraud U.S. and […]
Cyber Crime / October 20, 2023
A joint international law enforcement investigation led to the arrest of a malware developer who was involved in the Ragnar Locker ransomware operation. Yesterday we became aware of a joint law enforcement operation that led to the seizure of the Ragnar Locker ransomwareâs infrastructure. The police on Thursday seized the Tor negotiation and data leak sites, groupâs […]
Hacking / October 20, 2023
US CISA added the vulnerability CVE-2021-1435 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2021-1435 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The vulnerability is a command injection vulnerability in the web user interface that could allow a remote, authenticated attacker to inject commands that […]
Hacking / October 20, 2023
More than 40,000 Cisco IOS XE devices have been compromised in attacks exploiting recently disclosed critical vulnerability CVE-2023-20198. Researchers from LeakIX used the indicators of compromise (IOCs) released by Cisco Talos and found around 30k Cisco IOS XE devices (routers, switches, VPNs) that were infected by exploiting the CVE-2023-20198. Most of the infected devices were […]
Cyber Crime / October 19, 2023
An international law enforcement operation shuts down the infrastructure of the Ragnar Locker ransomware operation. Law enforcement from the US, Europe, Germany, France, Italy, Japan, Spain, Netherlands, Czech Republic, and Latvia conducted a joint operation that led to the seizure of the Ragnar Locker ransomware’s infrastructure. The police on Thursday seized the Tor negotiation and […]
Security / October 19, 2023
Iâm proud to announce the release of the 11th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2023 (ETL) report, which is the annual analysis of the state of the cybersecurity threat landscape. This is the 11th edition of the […]
APT / October 19, 2023
North Korea-linked threat actors are actively exploiting a critical vulnerability CVE-2023-42793 in JetBrains TeamCity. Microsoft warns that North Korea-linked threat actors are actively exploiting a critical security vulnerability, tracked as CVE-2023-42793 (CVSS score: 9.8), in JetBrains TeamCity. CVE-2023-42793 is an authentication bypass issue affecting the on-premises version of TeamCity. An attacker can exploit the flaw to steal […]
APT / October 19, 2023
Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the […]
Data Breach / October 18, 2023
Hundreds of thousands of clients who opted-in for a screen warranty were exposed when DNA Micro leaked data from its systems. The Cybernews research team found that DNA Micro, a California-based IT company, exposed the sensitive data of more than 820,000 customers due to a misconfiguration in its systems. The victims most affected by the […]
Hacking / October 18, 2023
Experts reported that the vulnerability CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been exploited in attacks since late August. On October 10, Citrix published a security bulletin related to a critical vulnerability, tracked as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices. “Exploits of CVE-2023-4966 on unmitigated appliances have been observed.” reported Citrix. “Cloud Software Group strongly urges customers of […]
Hacking / October 18, 2023
A vulnerability in Synology DiskStation Manager (DSM) could be exploited to decipher an administrator’s password. Researchers from Claroty’s Team82 discovered a vulnerability, tracked as CVE-2023-2729 (CVSS score 5.9), in Synology DiskStation Manager (DSM). Team82 discovered the use of a weak random number generator in Synologyâs DiskStation Manager (DSM) Linux-based operating system running on the NAS […]
Hacking / October 18, 2023
Taiwanese manufacturer D-Link confirmed a data breach after a threat actor offered for sale on BreachForums stolen data. The global networking equipment and technology company D-Link confirmed a data breach after a threat actor earlier this month offered for sale on the BreachForums platform the stolen data. The company became aware of the a claim of data […]
Breaking News / October 17, 2023
Threat actors exploited the recently disclosed zero-day flaw (CVE-2023-20198) in a large-scale hacking campaign on Cisco IOS XE devices. Threat actors have exploited the recently disclosed critical zero-day vulnerability (CVE-2023-20198) to compromise thousands of Cisco IOS XE devices, security firm VulnCheck warns. Cisco this week warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), […]
APT / October 17, 2023
Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between May and September 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA). According to public sources, the threat actors targeted ICS of at […]
Cyber Crime / October 17, 2023
What is the impact of ransomware on organizations? One employee’s mistake can cost a company millions of dollars. Studies show that human error is the root cause of more than 80% of all cyber breaches, whether malicious or unintended. The recent debilitating cyberattacks on casino and resort giants MGM and Caesars are no exception. How […]
Malware / October 17, 2023
Threat actors are targeting Israeli Android users with a malicious version of the ‘RedAlert â Rocket Alerts’ that hide spyware. A threat actor is targeting Israeli Android users with a spyware-laced version of the ‘RedAlert â Rocket Alerts’ app, Cloudflare warns. RedAlert – Rocket Alerts is a mobile app that provides real-time alerts about incoming […]
Hacking / October 16, 2023
Cisco warned customers of a critical zero-day vulnerability in its IOS XE Software that is actively exploited in attacks. Cisco warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance […]
Hacking / October 16, 2023
Encrypted messaging app Signal denied claims of an alleged zero-day flaw in its platform after a responsible investigation. The popular encrypted messaging app Signal denied claims of an alleged zero-day vulnerability in its platform. The company launched an investigation into the claims after they have seen the vague viral reports alleging a zero-day vulnerability. “PSA: […]
Malware / October 16, 2023
Microsoft thwarted a large-scale hacking campaign carried out by Akira ransomware operators targeting an unknown industrial organization. Microsoft announced that its Microsoft Defender for Endpoint helped to block a large-scale hacking campaign carried out by Akira ransomware operators (tracked by Microsoft as Storm-1567) The attack took place in early June 2023 and aimed at an industrial engineering […]
Cyber Crime / October 16, 2023
Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. From July to September, researchers from Trend Micro observed a malicious campaign DarkGate campaign abusing instant messaging platforms to deliver a VBA loader script to victims. The threat actors abused popular messaging platforms such as Skype and Teams […]
Cyber Crime / October 15, 2023
The Alphv ransomware group added the Morrison Community Hospital to its dark web leak site. Threat actors continue to target hospitals. The ALPHV/BlackCat ransomware group claims to have hacked the Morrison Community Hospital and added it to its dark web Tor leak site. The group claims to have stolen 5TB of patients’ and employeeâs information, […]
Breaking News / October 15, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Lockbit ransomware gang demanded an 80 million ransom to CDW CISA warns of vulnerabilities and misconfigurations […]
Cyber Crime / October 14, 2023
The Lockbit ransomware gang claims to have hacked the technology services giant CDW and threatens to leak the stolen data. The technology services giant CDW announced it has launched an investigation into claims made by the Lockbit ransomware gang that added the company to the list of victims on its leak site. CDW Corporation is […]
Breaking News / October 14, 2023
CISA warns organizations of vulnerabilities and misconfigurations that are known to be exploited in ransomware operations. The US cybersecurity agency CISA is sharing knowledge about vulnerabilities and misconfigurations exploited in ransomware attacks. The initiative is part of its Ransomware Vulnerability Warning Pilot (RVWP) program which launched this year. The US Agency is sharing this information […]
APT / October 13, 2023
A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. Cybersecurity company Check Point uncovered a malicious activity, tracked as Stayin’ Alive, that is targeting high-profile government and telecom entities in Asian countries, including Vietnam, Uzbekistan, Pakistan, and Kazakhstan. The campaign has been active since at least 2021, threat actors employed downloaders […]
Uncategorized / October 13, 2023
FBI and CISA published a joint Cybersecurity Advisory (CSA) to disseminate IOCs, TTPs, and detection methods associated with AvosLocker ransomware. The joint Cybersecurity Advisory (CSA) published by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) provides known IOCs, TTPs, and detection methods associated with the AvosLocker ransomware variant employed […]
Hacking / October 13, 2023
In September more than 17,000 WordPress websites have been compromised by the Balada Injector malware. Sucuri researchers reported that more than 17,000 WordPress websites have been compromised in September with the Balada Injector. The researchers noticed that the number of Balada Injector infections has doubled compared with August. The Balada injector is a malware family that […]
Malware / October 12, 2023
Ransomlooker monitors ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide. Cybernews presented Ransomlooker, a tool to monitor ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide. The researchers have created the tool to help cybersecurity experts in their daily jobs by providing real-time updates and actionable insights. It offers various […]
Cyber Crime / October 12, 2023
This post analyzed the numerous phishing campaigns targeting users and organizations in Italy. Phishing is a ploy to trick users into revealing personal or financial information through an e-mail, Web site, and even through instant messaging. Particularly very popular is so-called brand phishing, which occurs when criminals impersonate the official website of a well-known brand […]
Cyber Crime / October 12, 2023
Researchers observed a new Magecart web skimming campaign changing the websites’ default 404 error page to steal credit cards. Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the websiteâs default 404 error page to hide malicious code. The attacks are targeting a large number of Magento and WooCommerce websites, […]
Hacking / October 11, 2023
US CISA added the flaw CVE-2023-21608 in Adobe Acrobat Reader to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog, including a high-severity flaw (CVE-2023-21608) (CVSS score: 7.8) in Adobe Acrobat Reader. The flaw is a use-after-free issue, an attacker can trigger the flaw to achieve […]
Malware / October 11, 2023
A Mirai-based DDoS botnet tracked as IZ1H9 has added thirteen new exploits to target routers from different vendors, including D-Link, Zyxel, and TP-Link. Fortinet researchers observed a new Mirai-based DDoS botnet, tracked as IZ1H9, that added thirteen new payloads to target routers from multiple vendors, including D-Link, Zyxel, TP-Link, and TOTOLINK. The experts observed a surge in botnet […]
Data Breach / October 11, 2023
Airline Air Europa disclosed a data breach and warned customers to cancel their credit cards after threat actors accessed their card information. Air Europa is a Spanish airline and a subsidiary of the Globalia Corporation. It operates as a full-service carrier, providing passenger and cargo services to various destinations, both domestic and international. Air Europa […]
Cyber warfare / October 11, 2023
Gaza: Resecurity identified threat actors exploiting the conflict to weaponize psychological operations (PSYOPs) campaigns. Amidst the outbreak of war on the Gaza Strip last weekend, Resecurity (Los Angeles-based cybersecurity company protecting Fortune 100) has identified multiple cyber-threat actors staging online psychological operations (PSYOPs) campaigns to manipulate public opinion regarding the escalating Israeli-Palestinian conflict. PSYOPs are […]
Security / October 11, 2023
Microsoft Patch Tuesday security updates for October 2023 fixed three actively exploited zero-day vulnerabilities. Microsoft Patch Tuesday security updates for October 2023 addressed a total of 103 vulnerabilities in Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; ASP.NET Core and Visual Studio; Azure; Microsoft Dynamics; and Skype for Business. Three of the […]
Hacking / October 10, 2023
A new DDoS technique named ‘HTTP/2 Rapid Reset’ is actively employed in attacks since August enabling record-breaking attacks. Researchers disclosed a new zero-day DDoS attack technique, named ‘HTTP/2 Rapid Reset’, that was exploited since August in record-breaking attacks. Google announced to have observed a new series of massive DDoS attacks that reached a peak of […]
Hacking / October 10, 2023
Many poorly configured security cameras are exposed to hacktivists in Israel and Palestine, placing the owners using them and the people around them at substantial risk. After the Hamas attacks on Israel, the cyber war has also started between both sides and their supporters. Hacktivists have already targeted SCADA and ICS systems in Israel and Palestine, and […]
Hacking / October 10, 2023
A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts. libcue provides an […]
Hacktivism / October 10, 2023
Both pro-Israeli and pro-Palestinian hacktivists have joined the fight and are targeting SCADA and ICS systems. Both pro-Israeli and pro-Palestinian hacktivists have joined the fight in the cyber realm. Industrial control systems (ICS) seem to be one of the most lucrative targets for them, and there are hundreds exposed. After Hamas gunmen killed hundreds of […]
Hacking / October 09, 2023
IBM observed a credential harvesting campaign that is targeting Citrix NetScaler gateways affected by the CVE-2023-3519 vulnerability. IBM’s X-Force researchers reported that threat actors are conducting a large-scale credential harvesting campaign exploiting the recent CVE-2023-3519 vulnerability (CVSS score: 9.8) in Citrix NetScaler Gateways. At the end of July, Citrix warned customers that the CVE-2023-3519 flaw in NetScaler […]
Malware / October 09, 2023
A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. Cybersecurity researchers 3xp0rt reported that a threat actor that goes online with the moniker ‘kapuchin0’ (and also uses the alias Gookee) has leaked the source code of the HelloKitty ransomware on the XSS forum. kapuchin0 claims […]
Hacking / October 09, 2023
Microsoft linked a Gaza-based threat actor tracked as Storm-1133 to a series of attacks aimed at private organizations in Israel. The fourth annual Digital Defense Report published by Microsoft linked a series of attacks against organizations in Israel to a Gaza-based threat actor that is tracking the campaign as Storm-1133. The Storm-1133 activity was observed in early […]
Data Breach / October 09, 2023
Flagstar Bank announced a data breach suffered by a third-party service provider exposed the personal information of over 800,000 US customers. Flagstar Bank is warning 837,390 US customers that their personal information was exposed after threat actors breached the third-party service provider Fiserv. Flagstar Bank is an American commercial bank headquartered in Troy, Michigan, it is a […]
Malware / October 09, 2023
Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain. The experts reported that at least 74,000 […]
Breaking News / October 08, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. QakBot threat actors are still operational after the August takedown Ransomware attack on MGM Resorts costs […]
APT / October 08, 2023
North Korea-linked APT group Lazarus has laundered $900 million worth of cryptocurrency, Elliptic researchers reported. Researchers from blockchain analytics firm Elliptic reported that threat actors has already laundered a record $7 billion through cross-chain crime. The term “Cross-chain crime” is used to refer to the swapping of cryptoassets between different tokens or blockchains to launder […]
Cyber Crime / October 07, 2023
Threat actors behind the QakBot malware are still active, since August they are carrying out a phishing campaign delivering Ransom Knight ransomware and Remcos RAT. In August, the FBI announced that the Qakbot botnet was dismantled as a result of an international law enforcement operation named Operation âDuck Hunt.â Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an […]
Cyber Crime / October 06, 2023
Hospitality and entertainment company MGM Resorts announced that the costs of the recent ransomware attack costs exceeded $110 million. In September the hospitality and entertainment company MGM Resorts was hit by a ransomware attack that shut down its systems at MGM Hotels and Casinos. The incident affected hotel reservation systems in the United States and […]
Breaking News / October 06, 2023
The creation of a dedicated emergency number for cybersecurity could provide an effective solution to this rapidly growing challenge The growing threat of cybercrime is calling for new and innovative defense strategies. While the phone number for physical emergencies is already time-tested, the absence of a similar hotline for cybercrimes is a significant gap in […]
Hacking / October 06, 2023
Researchers published PoC exploits for CVE-2023-4911 vulnerability (aka Looney Tunables) impacting most popular Linux distributions. The vulnerability CVE-2023-4911 (CVSS score 7.8) is a buffer overflow issue that resides in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. An attacker can trigger the vulnerability to execute code with elevated privileges. “A […]
Security / October 06, 2023
Cisco addressed a critical Static Credentials Vulnerability, tracked as CVE-2023-20101, impacting Emergency Responder. Cisco released security updates to address a critical vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), impacting Emergency Responder. A remote, unauthenticated attacker can exploit the vulnerability to log in to susceptible systems using hard-coded credentials that cannot be changed. The vulnerability was discovered as […]
Intelligence / October 06, 2023
Belgian intelligence agency State Security Service (VSSE) fears that Chinese giant Alibaba is spying on logistics to gather financial intelligence. The Belgian intelligence service VSSE revealed that is investigating potential cyber espionage activities carried out by Chinese firms, including the Alibaba Group Holding, at a cargo airport in Liege. According to the Financial Times, Alibaba […]
Hacking / October 05, 2023
The U.S. CISA added JetBrains TeamCity and Windows vulnerabilities to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the JetBrains TeamCity flaw CVE-2023-42793Â (CVSS score: 9.8) and Windows bug CVE-2023-28229Â (CVSS score: 7.0) to its Known Exploited Vulnerabilities Catalog. Below are the descriptions of the two vulnerabilities: According to Binding Operational Directive […]
Hacking / October 05, 2023
NATO is investigating claims that a group called SiegedSec has breached its systems and leaked a cache of unclassified documents online. NATO announced it is investigating claims that a politically motivated threat actor called SiegedSec has breached its systems and leaked unclassified documents online. âNATO cyber experts are actively addressing incidents affecting some unclassified NATO […]
Data Breach / October 05, 2023
Researcher discovered that global B2B CRM provider Really Simple Systems exposed online a non-password-protected database with million records. Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained over 3 million records. The documents appeared to be associated with internal invoices, communications, and customerâs stored CRM files. Upon further research, records […]
Data Breach / October 05, 2023
Sony Interactive Entertainment has notified current and former employees and their family members about a data breach. Sony Interactive Entertainment (SIE) has notified current and former employees and their family members about a data breach that exposed their personal information. Sony notified about 6,800 individuals, it confirmed that the security breach was the result of the […]
Hacking / October 04, 2023
Apple released emergency security updates to address a new actively exploited zero-day vulnerability impacting iPhone and iPad devices. Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting iPhone and iPad devices. The vulnerability is a privilege escalation issue that resides in the Kernel, it was addressed […]
Hacking / October 04, 2023
Atlassian fixed a critical zero-day flaw in its Confluence Data Center and Server software, which has been exploited in the wild. Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software. The flaw CVE-2023-22515 is a privilege escalation vulnerability […]
Hacking / October 04, 2023
International mobile virtual network operator Lyca Mobile announced it has been the victim of a cyber attack that disrupted its network. Lyca Mobile is a mobile virtual network operator (MVNO) that provides prepaid mobile phone services to customers in several countries worldwide. A mobile virtual network operator doesn’t own its own physical wireless network infrastructure […]
Security / October 04, 2023
Chipmaker Qualcomm addressed 17 vulnerabilities in various components and warns of three other actively exploited zero-day flaws. Chipmaker Qualcomm released security updates to address 17 vulnerabilities in several components. Three out of 17 flaws are rated Critical, 13 are rated High, and one is rated Medium in severity. The company is also warning that three […]
Reports / October 04, 2023
The DRM Report Q2 2023 report provides a detailed insight into the ransomware threat landscape during the period between May and August 2023. In an era where digitalization has woven its web into the very fabric of our lives, the dark underbelly of the digital realm continues to pose an ever-growing threat. Ransomware, a menace […]
Cyber Crime / October 04, 2023
Threat actors exploited an open redirection vulnerability in the job search platform Indeed to carry out phishing attacks. Researchers from the cybersecurity firm Menlo Security reported that threat actors exploited an open redirection vulnerability in the job search platform Indeed in phishing attacks. The phishing attacks were aimed at senior executives across various industries, primarily […]
Data Breach / October 03, 2023
A misconfiguration in the Metropolitan Transportation Commission (MTC) systems caused a leak of over 26K files, exposing clientsâ parking permits and home addresses. The MTC is a governmental agency responsible for regional transportation planning and financing in the San Francisco Bay Area. The latest research by Cybernews shows that the agency left public access to […]
Malware / October 03, 2023
Cybersecurity researchers spotted a new malware-as-a-service (MaaS) called BunnyLoader that’s appeared in the threat landscape. Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023. The BunnyLoader malware loader is written in C/C++ and is sold on various forums for $250 for […]
Breaking News / October 03, 2023
Researchers have identified the exfiltration infrastructure of a LockBit affiliate while investigating a LockBit extortion incident that occurred in Q3 2023. Executive Summary NOTE: This version of the report has been redacted for TLP:WHITE disclosure. Introduction Digging into ransomware infections always provides valuable insights. This time, we investigated peculiar details of a recent Lockbit-based intrusion […]
Malware / October 03, 2023
Researchers from cybersecurity firm TG Soft are warning Italian entities and companies of LockBit 3.0 Black and BlackCat/AlphV attacks. In the last few weeks, two cybercriminal groups that have also targeted Italian entities and businesses, are back in the news; they are LockBit 3.0 Black and BlackCat/AlphV, which had already been reported by the media in the first decade of […]
Data Breach / October 03, 2023
The European Telecommunications Standards Institute (ETSI) disclosed a data breach, threat actors had access to a database of its users. Threat actors stole a database containing the list of users of the portal of the European Telecommunications Standards Institute (ETSI). The European Telecommunications Standards Institute is an independent, not-for-profit organization based in Europe. The organization […]
Hacking / October 02, 2023
Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Softwareâs WS_FTP products. Progress Software recently warned customers to address a critical severity vulnerability, tracked as CVE-2023-40044 (CVSS score 10), in its WS_FTP Server software which is used by thousands of IT teams worldwide. The vulnerability was discovered by researchers at the […]
Data Breach / October 02, 2023
The National Logistics Portal (NLP), a newly launched platform to manage all port operations in India, left public access to sensitive data, posing the risk of a potential takeover by threat actors. On September 24th, researchers discovered that the NLP platform was exposing sensitive credentials, secrets, and encryption keys via publicly available JS files. In […]
APT / October 02, 2023
North Korea-linked APT group Lazarus impersonated Meta’s recruiters in an attack against a Spanish company in the Aerospace industry. ESET researchers linked the North Korea-linked Lazarus APT Group to a cyber attack targeting an unnamed Spanish aerospace firm. The cyberspies impersonated Meta’s recruiters to lure employees with trojanized coding challenges. The state-sponsored hackers deployed several tools, including […]
Data Breach / October 02, 2023
Experts warn that the recent attack on building automation giant Johnson Controls may have exposed data of the Department of Homeland Security (DHS). Johnson Controls International plc is a multinational conglomerate with a diversified portfolio of products and services primarily focused on building technologies and solutions. The company provides HVAC (heating, ventilation, and air conditioning), […]
Cyber Crime / October 01, 2023
The ALPHV/BlackCat ransomware gang added McLaren Health Care to the list of victims on its Tor leak site. McLaren Health Care is a not-for-profit healthcare system based in Michigan, United States. It is one of the largest integrated health systems in the state and serves a significant portion of the population through its network of […]
Breaking News / October 01, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress […]
Cyber Crime / September 30, 2023
The ALPHV/BlackCat ransomware gang added the hotel chain Motel One to the list of victims on its Tor leak site. Motel One is a German hotel chain that offers budget-friendly accommodations primarily targeted at business and leisure travelers. It is known for its stylish and design-focused hotels that aim to provide a comfortable and affordable […]
Cyber Crime / September 30, 2023
The U.S. Federal Bureau of Investigation (FBI) warns of dual ransomware attacks aimed at the same victims. The U.S. Federal Bureau of Investigation (FBI) is warning of dual ransomware attacks, a new worrisome trend in the threat landscape that sees threat actors targeting the same victims two times. “As of July 2023, the FBI noted […]
Breaking News / September 30, 2023
Progress Software has addressed a critical severity vulnerability in its WS_FTP Server software used by thousands of IT teams worldwide. Progress Software warned customers to address a critical severity vulnerability, tracked as CVE-2023-40044 (CVSS score 10), in its WS_FTP Server software which is used by thousands of IT teams worldwide. “The WS_FTP team recently discovered […]
Security / September 30, 2023
A child abuse site has been taken down following a request to German law enforcement by Cybernews research team. A hacker collective, who wanted to remain anonymous, has been relentlessly hunting online crooks who benefit from videos of children being abused. This week, they discovered a website dedicated to pedophiles â it was full of […]
Hacking / September 29, 2023
Experts warn of a critical zero-day vulnerability, tracked as CVE-2023-42115, in all versions of Exim mail transfer agent (MTA) software. A critical zero-day vulnerability, tracked as CVE-2023-42115 (CVSS score 9.8), affects all versions of Exim mail transfer agent (MTA) software. A remote, unauthenticated attacker, can exploit the vulnerability to gain remote code execution (RCE) on Internet-exposed […]
Hacking / September 29, 2023
China-linked threat actors stole around 60,000 emails from U.S. State Department after breaching Microsoft’s Exchange email platform in May. China-linked hackers who breached Microsoft’s email platform in May have stolen tens of thousands of emails from U.S. State Department accounts, a Senate staffer told Reuters this week. During a briefing by U.S. State Department IT officials, […]
Data Breach / September 29, 2023
The World Baseball Softball Confederation (WBSC) left open a data repository exposing nearly 50,000 files, some of which were highly sensitive, the Cybernews research team has discovered. On June 5th, our researchers discovered a misconfigured Amazon Web Services (AWS) bucket storing nearly 48,000 files. A bucket is a container for storing data within AWSâs cloud […]
Security / September 29, 2023
US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) affecting Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities Catalog. The issue is an Expression Language (EL) injection via the UserResource resource, […]
Hacking / September 28, 2023
Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. Cisco warned customers to install security updates to address an actively exploited zero-day vulnerability, tracked as CVE-2023-20109 (CVS 6.6), that resides in IOS and IOS XE software. The vulnerability resides in […]
Cyber Crime / September 28, 2023
Johnson Controls International suffered a ransomware attack that impacted the operations of the company and its subsidiaries. Johnson Controls International plc is a multinational conglomerate with a diversified portfolio of products and services primarily focused on building technologies and solutions. The company provides HVAC (heating, ventilation, and air conditioning), solutions for building automation, fire and […]
Hacking / September 28, 2023
Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-5217, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day flaw in the Chrome browser which is tracked as CVE-2023-5217. The CVE-2023-5217 is a high-severity heap buffer overflow that affects vp8 encoding in […]
Hacking / September 27, 2023
A Russian zero-day broker is willing to pay $20 million for zero-day exploits for iPhones and Android mobile devices. The Russian zero-day broker firm Operation Zero is increasing payouts for top-tier mobile exploits. The company is willing to pay up to $20,000,000 for zero-day exploits for iPhone and Android devices. The Russian company pointed out […]
APT / September 27, 2023
US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. US and Japanese intelligence, law enforcement and cybersecurity agencies warn of a China-linked APT, tracked as BlackTech (aka Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda), that planted backdoor in Cisco router firmware […]
Hacking / September 27, 2023
Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format. The flaw was initially tracked […]
Security / September 27, 2023
DarkBeam left an Elasticsearch and Kibana interface unprotected, exposing records from previously reported and non-reported data breaches. The leaked logins present cybercriminals with almost limitless attack capabilities. DarkBeam, a digital risk protection firm, left an Elasticsearch and Kibana interface unprotected, exposing records with user emails and passwords from previously reported and non-reported data breaches. According […]
Data Breach / September 27, 2023
Following the recently announced data leak from Sony, Ransomed.vc group claimed the hack of the Japanese giant NTT Docomo. Following the recently announced data leak from Sony, the notorious ransomware syndicate Ransomed.vc announced a new victim today in face of the largest Japanese telecommunication giant NTT Docomo. Notably, the announcement came almost synchronously with the […]
Security / September 27, 2023
Data lineage is the visualization and tracking of data as it moves through various stages of its lifecycle. In an age where data drives decisions and fuels innovation, understanding the journey of data from its inception to its final destination is paramount. Data lineage provides this understanding. Data lineage is the visualization and tracking of […]
Data Breach / September 26, 2023
Sony launched an investigation into an alleged data breach after the RansomedVC group claimed the hack of the company. Sony announced it is investigating allegations of a data breach after the RansomedVC extortion group claimed to have hacked the company and added the company to its Tor leak site. âWe are currently investigating the situation, […]
Data Breach / September 26, 2023
Researchers discovered that Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months, the Cybernews research team has discovered. This increases the risk of passengersâ personal information, such as emails, names, […]
Cyber Crime / September 26, 2023
This week the Rhysida ransomware group claimed the hack of the Kuwait Ministry of Finance and added it to its Tor leak site. Last week a ransomware attack hit the Government of Kuwait, the attack took place on September 18 and the government experts immediately started the incident response procedures to block the threat. Below […]
Data Breach / September 26, 2023
The Better Outcomes Registry & Network (BORN), the Ontario birth registry disclosed a data breach affecting some 3.4 million people. The Better Outcomes Registry & Network (BORN) is a program and database used in the healthcare sector, particularly in maternal and child health, to collect, manage, and analyze health information for the purpose of improving […]
Malware / September 26, 2023
A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. In February 2022, researchers from ThreatFabric first spotted the Xenomorph malware, which was distributed via the official Google Play […]
Cyber Crime / September 26, 2023
Resecurity research found that the ‘Smishing Triad’ cybercrime group has expanded its phishing campaign into the United Arab Emirates (UAE). Resecurity research recently found that ‘Smishing Triad,’ a group specializing in phishing scams conducted via SMS (smishing attacks), has expanded its attack campaign into the United Arab Emirates (UAE). First identified by Resecurity in August, […]
Hacking / September 25, 2023
Crooks stole $200 million from Mixin Network, a free, lightning fast and decentralized network for transferring digital assets. Mixin Network, the Hong Kong-based crypto firm behind a free, lightning fast and decentralized network for transferring digital assets announced it has suffered a $200 million cyber heist. The company suspended deposits and withdrawals immediately after the […]
Cyber warfare / September 25, 2023
A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. The campaign, codenamed STARK#VORTEX by Securonix, targets Ukrainian military entities and CERT-UA attributed it […]
Hacking / September 25, 2023
Experts warn of a critical vulnerability in the TeamCity CI/CD server that can be exploited to take over a vulnerable server. JetBrains TeamCity is a popular and highly extensible Continuous Integration (CI) and Continuous Delivery (CD) server developed by JetBrains, a software development company known for its developer tools. TeamCity is designed to automate various […]
APT / September 25, 2023
A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. The experts tracked the cluster as CL-STA-0046, the malicious activity spanned over six months between 2022-2023. The activity was characterized by the […]
Cyber Crime / September 25, 2023
A Nigerian national pleaded guilty to wire fraud and money laundering through business email compromise (BEC). The Nigerian national Kosi Goodness Simon-Ebo (29), who is residing in South Africa, pleaded guilty to conspiracy to commit wire fraud and conspiracy to commit money laundering through business email compromise (BEC). According to the US authorities, fraudulent activities […]
Malware / September 25, 2023
A new variant of a banking trojan, called BBTok, targets users of over 40 banks in Latin America, particularly Brazil and Mexico. Check Point researchers warn of a new variant of a banking trojan, called BBTok, that is targeting users of over 40 banks in Latin America. The new malware campaign relies on new infection chains and […]
Malware / September 24, 2023
Researchers discovered a previously undocumented sophisticated backdoor, named Deadglyph, used by the Stealth Falcon group for espionage in the Middle East ESET researchers discovered a very sophisticated and unknown backdoor, named Deadglyph, employed by the Stealth Falcon group for espionage in the Middle East. Stealth Falcon is a nation-state actor active since at least 2012, […]
Data Breach / September 24, 2023
The Alphv ransomware group claims to have hacked Clarion, the global manufacturer of audio and video equipment for cars and other vehicles. The Alphv ransomware group added Clarion, the global manufacturer of audio and video equipment for cars and other vehicles, to the list of victims on its Tor leak site. Clarion Japan is the Japanese subsidiary […]
Breaking News / September 24, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Government of Bermuda blames Russian threat actors for the cyber attack City of Dallas has set […]
Data Breach / September 24, 2023
U.S. educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. The National Student Clearinghouse (NSC) is a nonprofit organization based in the United States that provides educational verification and reporting services to educational institutions, employers, and other organizations The organization has disclosed a data breach that impacted approximately […]
Hacking / September 23, 2023
The Government of Bermuda believes that the recent cyberattack against its IT infrastructure was launched by Russian threat actors. This week a cyber attack hit the Government of Bermuda causing the interruption of internet/email and phone services. The attack impacted all the government departments. “The Department of Information and Digital Technology (IDT) is working quickly […]
Mobile / September 22, 2023
Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. Researchers from the Citizen Lab and Google’s Threat Analysis Group (TAG) revealed that the three Apple zero-days addressed this week were used as part of an exploit to install Cytrox Predator spyware. Apple this week […]
Hacking / September 22, 2023
US CISA added the flaw CVE-2023-41179 in Trend Micro Apex and other security products to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the high-severity flaw CVE-2023-41179 (CVSS score 7.2) affecting Trend Micro Apex One and Worry-Free Business Security to its Known Exploited Vulnerabilities Catalog. Trend Micro this week has released security updates to patch […]
Data Breach / September 22, 2023
Air Canada, the flag carrier and largest airline of Canada, announced that the personal information of some employees was exposed as a result of a recent cyberattack. Air Canada, the flag carrier and largest airline of Canada, announced that threat actors had access to the personal information of some employees during a recent cyberattack. “An […]
APT / September 22, 2023
A previously undocumented APT dubbed Sandman targets telecommunication service providers in the Middle East, Western Europe, and South Asia. A joint research conducted by SentinelLabs and QGroup GmbH revealed that a previously undetected APT group, dubbed Sandman, is targeting telecommunication service providers in the Middle East, Western Europe, and South Asia. The APT group is […]
Hacking / September 21, 2023
Apple released emergency security updates to address three new actively exploited zero-day vulnerabilities. Apple released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild. The three flaws were discovered by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School […]
Hacking / September 21, 2023
The recently discovered Free Download Manager (FDM) supply chain attack, which distributed Linux malware, started back in 2020. The maintainers of Free Download Manager (FDM) confirmed that the recently discovered supply chain attack dates back to 2020. Recently, researchers from Kaspersky reported the discovery of a free download manager site that has been compromised to […]
Data Breach / September 21, 2023
Exail Technologies, a high-tech manufacturer whose clients include the US Coast Guard, exposed sensitive company data that couldâve enabled attackers to access its databases. Exail, a French high-tech industrial group, left exposed a publicly accessible environment (.env) file with database credentials, the Cybernews research team has discovered. The company, formed in 2022 after ECA Group […]
Hacking / September 21, 2023
Pro-Russia hacker group NoName is suspected to have launched a cyberattack that caused border checkpoint outages at several Canadian airports. A massive DDoS cyber attack, likely carried out by Pro-Russia hacker group NoName, severely impacted operations at several Canadian airports last week, reported Recorded Future News. Canada Border Services Agency (CBSA) was able to mitigate […]
Security / September 20, 2023
Researchers discovered multiple vulnerabilities in the Nagios XI network and IT infrastructure monitoring and management solution. Researchers discovered four vulnerabilities (CVE-2023-40931, CVE-2023-40932, CVE-2023-40933, CVE-2023-40934) in the Nagios XI network and IT infrastructure monitoring solution that could lead to information disclosure and privilege escalation. Nagios XIÂ provides monitoring of all mission-critical infrastructure components including applications, services, operating […]
Deep Web / September 20, 2023
Finnish police announced the takedown of the dark web marketplace PIILOPUOTI which focuses on the sale of illegal narcotics. Finnish Customs announced the seizure of the dark web marketplace Piilopuoti as part of an international law enforcement operation. The dark web marketplace PIILOPUOTI has been active since May 18, 2022. “The site operated as a […]
Hacking / September 20, 2023
A cyberattack hit the International Criminal Court (ICC) disclosed a cyberattack this week, its systems were compromised last week. The International Criminal Court (ICC) announced that threat actors have breached its systems last week. The experts at the International Criminal Court discovered the intrusion after having detected anomalous activity affecting its information systems. The International […]
Security / September 20, 2023
GitLab rolled out security patches to address a critical vulnerability, tracked as CVE-2023-5009, that can be exploited to run pipelines as another user. GitLab has released security patches to address a critical vulnerability, tracked as CVE-2023-5009 (CVSS score: 9.6), that allows an attacker to run pipelines as another user. The issue resides in GitLab EE and affects […]
Hacking / September 20, 2023
Trend Micro addressed a zero-day code execution vulnerability (CVE-2023-41179) in Apex One that has been actively exploited in the wild. Trend Micro has released security updates to patch an actively exploited zero-day vulnerability, tracked as CVE-2023-41179, impacting endpoint security products, including Apex One, Apex One SaaS, and Worry-Free Business Security products. According to the security […]
APT / September 19, 2023
ShroudedSnooper threat actors are targeting telecommunication service providers in the Middle East with a backdoor called HTTPSnoop. Cisco Talos researchers recently discovered a new stealthy implant dubbed HTTPSnoop that was employed in attacks against telecommunications providers in the Middle East. The HTTPSnoop backdoor supports novel techniques to interface with Windows HTTP kernel drivers and devices […]
Security / September 19, 2023
The cyber attack that hit the cleaning products manufacturer Clorox in August is still affecting the supply of the products to customers. The Clorox Company is a multinational consumer goods company that specializes in the production and marketing of various household and professional cleaning, health, and personal care products. The cleaning product giant announced in […]
APT / September 19, 2023
China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca, discovered an encrypted file hosted on a server under the control of the group. Additional analysis led to the discovery of a […]
Data Breach / September 18, 2023
Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020. Cybersecurity firm Wiz discovered that the Microsoft AI research division accidentally leaked 38TB of sensitive while publishing a bucket of open-source training data on GitHub. The exposed data exposed a disk backup of two employeesâ workstations containing secrets, […]
Hacking / September 18, 2023
The head of Germanyâs foreign intelligence service warns of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. Bruno Kahl, the President of the Bundesnachrichtendienst intelligence service since 2016, warned of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. After the Russian invasion of Ukraine, the German government […]
Hacking / September 18, 2023
Software development company Retool was the victim of a smishing attack that resulted in the compromise of 27 accounts of its cloud customers. Software development company Retool revealed that 27 accounts of its cloud customers were compromised as a result of an SMS-based social engineering attack. The company states that one of its employees was […]
Data Breach / September 18, 2023
Researchers from vx-underground reported that FBI hacker ‘USDoD‘ leaked sensitive data from consumer credit reporting agency TransUnion. TransUnion is an American consumer credit reporting agency. TransUnion collects and aggregates information on over one billion individual consumers in over thirty countries, including “200 million files profiling nearly every credit-active consumer in the United States”. A threat actor who […]
APT / September 18, 2023
The North Korea-linked APT group Lazarus has stolen more than $240 million worth of cryptocurrency since June 2023, researchers warn. According to a report published by blockchain cyber security firm Elliptic, in the past 104 days, the North Korea-linked APT group Lazarus has stolen most of $240 million in crypto assets from multiple businesses, including […]
Cyber Crime / September 17, 2023
Researchers at healthcare technology firm Nuance blame the Clop gang for a series of cyber thefts at major North Carolina hospitals. The Microsoft-owned healthcare technology firm Nuance revealed that the Clop extortion gang has stolen personal data on major North Carolina hospitals as part of the Progress MOVEit Transfer campaign. MOVEit Transfer is a managed file transfer that is used […]
Data Breach / September 17, 2023
One of Thailand’s major digital financial platforms, CardX, recently disclosed a data leak that affected their customers. According to the statement published on the CardX official website on September 15th, the company experienced a cybersecurity incident that exposed personal information related to personal loan and cash card applications. This information includes the customer’s first and […]
Breaking News / September 17, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. TikTok fined âŹ345M by Irish DPC for violating childrenâs privacy Iranian Peach Sandstorm group behind recent […]
Breaking News / September 16, 2023
The Irish Data Protection Commission (DPC) fined TikTok âŹ345 million ($368 million) for violating the privacy of children. The Irish Data Protection Commission (DPC) fined TikTok âŹ345 million for violating childrenâs privacy. The Irish data regulators discovered that the popular video-sharing app allowed adults to send direct messages to certain teenagers who have no family […]
Cyber Crime / September 15, 2023
The Russian national Dariy Pankov, aka dpxaker, has pleaded guilty to conspiracy to commit wire and computer fraud. The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The man has been extradited to the United States from Georgia. In February 2023, Pankov was charged with conspiracy, access device fraud, […]
Security / September 15, 2023
Leading Android health apps expose users to avoidable threats like surveillance and identity theft, due to their risky permissions. Cybernews has the story. The Android challenge In the digital age, mobile applications have become an integral part of our lives, transforming the way we communicate, work, and entertain ourselves. With the vast array of apps […]
Cyber Crime / September 15, 2023
Caesars Entertainment announced it has paid a ransom to avoid the leak of customer data stolen in a recent intrusion. Caesars Entertainment is the world’s most geographically diversified casino-entertainment company. It is the largest gaming company in the United States, with over 50 casinos and hotels in 13 U.S. states and five countries. The company […]
Malware / September 15, 2023
Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. While investigating a set of suspicious domains, the experts identified that the domain in question has […]
Cyber Crime / September 14, 2023
LockBit ransomware group breached two hospitals, the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York. The Lockbit ransomware group claims to have hacked two major hospitals, the Carthage Area Hospital and Claxton-Hepburn Medical Center. The two hospitals serve hundreds of thousands of people in upstate New York. The cyberattack took place at […]
Intelligence / September 14, 2023
The iPhone of a prominent Russian journalist, who is at odds with Moscow, was infected with NSO Group’s Pegasus spyware. The iPhone of the Russian journalist Galina Timchenko was compromised with NSO Group’s Pegasus spyware. A joint investigation conducted by Access Now and the Citizen Lab revealed that the journalist, who is at odds with the Russian government, […]
Hacking / September 14, 2023
Researchers discovered three security flaws in Kubernetes that can lead to remote code execution on Windows endpoints. Akamai researchers recently discovered a high-severity vulnerability in Kubernetes tracked as CVE-2023-3676 (CVSS 8.8). This identification of this issue led to the discovery of two more vulnerabilities tracked as CVE-2023-3893, and CVE-2023-3955 (CVSS 8.8). All three vulnerabilities were caused by […]
Data Breach / September 14, 2023
The multinational aerospace corporation Airbus has launched an investigation into the recent leak of information allegedly stolen from the company. The multinational aerospace corporation Airbus announced that it is investigating a data leak after cybersecurity firm Hudson Rock reported that a hacker posted information on thousands of the company’s vendors to the dark web. A threat actor who goes […]
Malware / September 13, 2023
3AM is a new strain of ransomware that was spotted in a single incident in which the threat actors failed to deploy the LockBit ransomware in the target infrastructure. Symantecâs Threat Hunter Team discovered a new ransomware family, which calls itself 3AM, that to date has only been deployed in a single incident in which the threat […]
Hacking / September 13, 2023
A threat actor tracked as Redfly had infected the systems at a national grid located in an unnamed Asian country for six months starting in January. Symantecâs Threat Hunter Team discovered that a threat actor called Redfly used the ShadowPad backdoor to compromise a national grid in an Asian country for as long as six months earlier […]
Hacking / September 13, 2023
Mozilla addressed a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in attacks in the wild. Mozilla rolled out security updates to address a critical zero-day vulnerability, tracked as CVE-2023-4863, in Firefox and Thunderbird that has been actively exploited in the wild. The vulnerability is a heap buffer overflow in WebP […]
Security / September 13, 2023
Microsoft September 2023 Patch Tuesday addressed 59 new flaws, including two vulnerabilities under active attack. Microsoft September 2023 Patch Tuesday security updates addressed 59 vulnerabilities, including two actively exploited zero-day. The flaws addressed by the company impact Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; .NET and Visual Studio; Azure; Microsoft Dynamics; […]
Cyber Crime / September 12, 2023
The international non-governmental organization (NGO) Save the Children International was recently hit with a cyberattack. The charity organization Save the Children International revealed that it was hit by a cyber attack. The company disclosed the security incident after the ransomware gang BianLian listed the organization on its Tor leak site. The BianLian extortion group claims […]
Security / September 12, 2023
Software giant Adobe is warning of a critical security vulnerability in the PDF Acrobat and Reader that is actively exploited in the wild. Adobe Patch Tuesday security updates (APSB23-34) addressed a critical zero-day vulnerability actively exploited in the wild in attacks on Adobe Acrobat and Reader products. The vulnerability, tracked as CVE-2023-26369, is an out-of-bounds write […]
Hacking / September 12, 2023
A critical vulnerability in GitHub could have exposed more than 4,000 code packages to Repojacking attack. Checkmarx researchers discovered a new vulnerability in GitHub could have exposed over 4,000 packages to repojacking attacks. In the RepoJacking attack, attackers claim the old username of a repository after the legitimate creator changed the username, then publish a rogue […]
Hacking / September 12, 2023
Hospitality and entertainment company MGM Resorts was hit by a cyber attack that shut down its systems at MGM Hotels and Casinos. Hospitality and entertainment company MGM Resorts was the victim of a cyber attack, the IT infrastructure across the United States was shut down. The incident was discovered on Sunday and affected hotel reservation […]
Hacking / September 12, 2023
Anonymous Sudan launched a DDoS attack against Telegram after the company suspended the account of the group. The hacker collective Anonymous Sudan (aka Storm-1359) has launched a distributed denial-of-service (DDoS) attack against Telegram in retaliation for the suspension of their primary account. “In a recent update, a well-known and notorious threat actor declared their targeting […]
APT / September 12, 2023
Iran-linked APT group Charming Kitten used a previously undocumented backdoor named Sponsor in attacks against entities in Brazil, Israel, and the U.A.E. ESET researchers observed a series of attacks, conducted by the Iran-linked APT group Charming Kitten (aka Ballistic Bobcat APT, APT35, Phosphorus, Newscaster, TA453, and Ajax Security Team), which are targeting various entities in Brazil, Israel, and the United Arab Emirates. The Charming […]
Hacking / September 11, 2023
Google rolled out emergency security updates to address a new Chrome zero-day (CVE-2023-4863) actively exploited in the wild. Google rolled out emergency security updates to address a zero-day vulnerability that has been actively exploited in attacks in the wild since the start of the year. The vulnerability, tracked as CVE-2023-4863, is the fourth actively exploited […]
Security / September 11, 2023
U.S. CISA adds vulnerabilities in Apple devices exploited to install NSO Group’s Pegasus spyware on iPhones to Known Exploited Vulnerabilities Catalog US Cybersecurity and Infrastructure Security Agency (CISA) added the security vulnerabilities chained in the zero-click iMessage exploit BLASTPASS to its Known Exploited Vulnerabilities Catalog. The two flaws, tracked as CVE-2023-41064 and CVE-2023-41061, were used to install NSO […]
Cyber Crime / September 11, 2023
The U.K. and U.S. governments sanctioned 11 more individuals who were alleged members of the Russia-based TrickBot cybercrime gang. The United States, in coordination with the United Kingdom, sanctioned eleven more individuals who are members of the Russia-based Trickbot cybercrime group. The sanctions were provided by the U.S. Department of the Treasuryâs Office of Foreign […]
Cyber Crime / September 11, 2023
Zscaler ThreatLabz detailed a new malware loader, named HijackLoader, which has grown in popularity over the past few months HijackLoader is a loader that is gaining popularity among the cybercriminal community. The malware is not sophisticated, however, unlike other loaders, it has a modular structure that allows supporting code injection and execution. The HijackLoader is […]
Security / September 11, 2023
CyberNews researchers discovered that many universities worldwide are leaking sensitive information and are even open to full takeover. Many universities worldwide, including some of the most prestigious, leave their webpages unpatched, leaking sensitive information, and even open to full takeovers, a Cybernews Research team investigation reveals. Among the 20 cases found, at least six websites […]
Malware / September 11, 2023
Evil Telegram: a Trojanized version of the Telegram app was spotted on the Google Play Store, Kaspersky researchers reported. Researchers from Kaspersky discovered several Telegram mods on the Google Play Store that contained spyware, the campaign was tracked as Evil Telegram. One of the apps was downloaded more than ten million times before it was […]
Cyber Crime / September 10, 2023
Rhysida Ransomware group added three more US hospitals to the list of victims on its Tor leak site after the PROSPECT MEDICAL attack. Recently the Rhysida ransomware group made the headlines because it announced the hack of Prospect Medical Holdings and the theft of sensitive information from the organization. In early August, a cyberattack disrupted […]
Cyber Crime / September 10, 2023
Akamai announced it has mitigated the largest distributed denial-of-service (DDoS) attack on a U.S. financial company. Cybersecurity firm Akamai successfully identified and prevented a massive distributed denial-of-service (DDoS) attack targeting an unnamed, leading American financial institution. The attack took place last week and the malicious traffic peaked at 633.7 gigabits per second. The attack lasted for […]
Breaking News / September 10, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Ragnar Locker gang […]
Hacking / September 09, 2023
US CISA added critical vulnerability CVE-2023-33246 in Apache RocketMQ to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-33246 (CVSS score 9.8) affecting Apache RocketMQ to its Known Exploited Vulnerabilities Catalog. Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. Threat actors […]
Hacking / September 09, 2023
The Ragnar Locker ransomware gang added Israel’s Mayanei Hayeshua hospital to the list of victims on its Tor leak site The Ragnar Locker ransomware gang claimed responsibility for an attack on Israel’s Mayanei Hayeshua hospital. The cybercrime group claims to have stolen 1 TB of data from the hospital and threatens to leak it. The […]
Intelligence / September 08, 2023
North Korea-linked threat actors associated with North Korea exploited a zero-day flaw in attacks against cybersecurity experts. North Korea-linked threat actors were observed exploiting a zero-day vulnerability in an unnamed software to target cybersecurity researchers. The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, […]
Hacking / September 08, 2023
A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) is actively exploited by ransomware groups to gain initial access to corporate networks. An unauthenticated, remote attacker can exploit […]
Security / September 08, 2023
Citizen Lab reported that the actively exploited zero-days fixed by Apple are being used in Pegasus spyware attacks Researchers at Citizen Lab reported that the actively exploited zero-day flaws (CVE-2023-41064 and CVE-2023-41061) fixed by Apple are being used to infect devices with NSO Groupâs Pegasus spyware. According to the researchers, the two vulnerabilities were chained […]
Hacking / September 07, 2023
Apple rolled out emergency security updates to address two new actively exploited zero-day vulnerabilities impacting iPhones and Macs. The two Apple zero-day vulnerabilities, tracked as CVE-2023-41064 and CVE-2023-41061, reside in the Image I/O and Wallet frameworks. CVE-2023-41064 is a buffer overflow issue that was reported by researchers from researchers at Citizen Lab. The IT giant […]
Malware / September 07, 2023
Researchers spotted a new malvertising campaign targeting Mac users with a new version of the macOS stealer Atomic Stealer. Malwarebytes researchers have observed a new malvertising campaign distributing an updated version of the popular Atomic Stealer (AMOS) for Mac. The Atomic Stealer first appeared in the threat landscape in April 2023. In April Cyble Research […]
Hacking / September 07, 2023
A couple of security vulnerabilities in Apache SuperSet could be exploited by an attacker to gain remote code execution on vulnerable systems. Apache Superset is an open-source Data Visualization and Data Exploration Platform, it is written in Python and based on the Flask web framework. Version 2.1.1 addressed two vulnerabilities, respectively tracked as CVE-2023-39265 and CVE-2023-37941, that could be exploited […]
Hacking / September 07, 2023
Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. In July, Microsoft announced it had mitigated an attack conducted by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Storm-0558 threat actors focus on government agencies in Western Europe and […]
Hacking / September 06, 2023
Google released September 2023 Android security updates to address multiple flaws, including an actively exploited zero-day. Google released September 2023 Android security updates that address tens of vulnerabilities, including a zero-day flaw tracked as CVE-2023-35674 that was actively exploited in the wild. This high-severity vulnerability CVE-2023-35674 resides in the Framework component, a threat actor could […]
Hacking / September 06, 2023
Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can reveal the user’s IP address by visiting a website. A Reddit user with the handle ‘Educational-Map-8145’ published a proof of concept exploit for a zero-day flaw in the Linux client of Atlas VPN. The exploit code works against the latest version […]
Hacking / September 06, 2023
MITRE and CISA released a Caldera extension for OT that allows the emulation of attacks on operational technology systems. MITRE Caldera is an open-source adversary emulation platform that helps cybersecurity practitioners to automate security assessments. The tool is built on the MITRE ATT&CK framework, which is a widely-recognized framework for understanding and responding to cyber […]
Internet of Things / September 06, 2023
Three critical remote code execution vulnerabilities in ASUS routers potentially allow attackers to hijack the network devices. ASUS routers RT-AX55, RT-AX56U_V2, and RT-AC86U are affected by three critical remote code execution vulnerabilities that can potentially allow threat actors to take over the devices. The three vulnerabilities were reported by the Taiwanese CERT, below are their […]
Hacking / September 05, 2023
Crypto gambling site Stake suffered a security breach, and threat actors withdrew $41M of funds stolen including Tether and Ether. Researchers reported abnormally large withdrawals made from the crypto gambling site Stake to an account with no previous activity, a circumstance that suggests that threat actors have hacked the platform and stolen crypto assets, including […]
Security / September 05, 2023
The nonprofit organization Freecycle Network (Freecycle.org) confirmed that it has suffered a data breach that impacted more than 7 million users. The Freecycle Network (TFN,) is a private, nonprofit organization that coordinates a worldwide network of “gifting” groups to divert reusable goods from landfills. The organization confirmed that it has suffered a data breach that […]
Social Networks / September 05, 2023
Meta disrupted two influence campaigns orchestrated by China and Russia, the company blocked thousands of accounts and pages. Meta announced it has taken down two of the largest known covert influence operations originating from China and Russia. The social network giant revealed it has blocked thousands of accounts and pages across its platform. The company […]
Hacking / September 05, 2023
A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down. A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down for some days. It is not clear who is behind the DDoS attack, but the media speculate that it was launched […]
Cyber Crime / September 04, 2023
Resecurity has identified a large-scale smishing campaign, tracked as Smishing Triad, targeting the US Citizens. Earlier episodes have revealed victims from the U.K., Poland, Sweden, Italy, Indonesia, Japan and other countries – the group was impersonating the Royal Mail, New Zealand Postal Service (NZPOST), Correos (Spain), Postnord, Poste Italiane and the Italian Revenue Service (Agenzia […]
Hacking / September 04, 2023
The University of Sydney (USYD) suffered a security breach caused by a third-party service provider that exposed personal information of recent applicants. The University of Sydney (USYD) announced that a data breach suffered by a third-party service provider exposed the personal information of recently applied and enrolled international applicants. The University of Sydney immediately launched […]
Cyber Crime / September 04, 2023
Cybercrime will cost Germany 206 billion euros ($224 billion) in 2023, German digital association Bitkom told Reuters. According to the German digital association Bitkom, cybercrime will have a worrisome impact on the economy of the state in 2023. Bitkom estimated that cybercriminal activities, such as fraud, cyber espionage, the theft of intellectual property, sabotage, and […]
Hacking / September 03, 2023
Researcher released PoC exploit code for a recent critical flaw (CVE-2023-34039) in VMware Aria Operations for Networks. At the end of August, VMware released security updates to address two vulnerabilities in Aria Operations for Networks (formerly vRealize Network Insight), respectively tracked as CVE-2023-34039 (CVSS score: 9.8) and CVE-2023-20890 (CVSS score: 7.2). The vulnerability CVE-2023-34039 is […]
Breaking News / September 03, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. LockBit ransomware gang hit the Commission des services electriques de MontrĂ©al (CSEM) Social engineering attacks target […]
Cyber Crime / September 03, 2023
The LockBit ransomware gang claims to have breached the Commission des services electriques de MontrĂ©al (CSEM). The LockBit ransomware group continues to be one of the most active extortion gangs in the threat landscape. This week the gang claimed to have hacked the Commission des services electriques de MontrĂ©al (CSEM). The Commission des services Ă©lectriques […]
Hacking / September 01, 2023
WannaCry and NotPetya, probably two most damaging cyberattacks in recent history, were both only made possible because of EternalBlue. Here is how the NSA-developed cyber monster works, and how you should defend against it. What is the EternalBlue vulnerability? EternalBlue is a Windows exploit created by the US National Security Agency (NSA) and used in […]
Malware / September 01, 2023
Researchers released a free decryptor for the Key Group ransomware that allows victims to recover their data without paying a ransom. Threat intelligence firm EclecticIQ released a free decryption tool for the Key Group ransomware (aka keygroup777) that allows victims to recover their data without paying a ransom. The Key Group ransomware gang has been […]
Data Breach / August 31, 2023
Fashion retailer Forever 21 disclosed a data breach that exposed the personal information of more than 500,000 individuals. On March 20, 2023, the fashion retailer Forever 21 has discovered a cyber incident that impacted a limited number of systems. The company immediately launched an investigation into the incident with the help of leading cybersecurity firms. […]
Cyber warfare / August 31, 2023
Russia-linked threat actors have been targeting Android devices of the Ukrainian military with a new malware dubbed Infamous Chisel. GCHQâs National Cyber Security Centre and international partners reported that Russia-linked threat actors are using a new malware to target the Ukrainian military Government experts attribute the attack to the Russian military intelligence service the GRU. […]
Cyber Crime / August 31, 2023
Experts warn of ongoing credential stuffing and brute-force attacks targeting Cisco ASA (Adaptive Security Appliance) SSL VPNs. Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that […]
Data Breach / August 31, 2023
Multinational mass media conglomerate Paramount Global suffered a data breach after an unauthorized party accessed files from certain of its systems. Multinational mass media conglomerate Paramount Global disclosed a data breach. According to the data breach notification letter sent to the impacted individuals, an unauthorized party accessed files from certain systems of the company between […]
Security / August 31, 2023
The National Safety Council leaked thousands of emails and passwords of their members, including companies such as NASA and Tesla. The National Safety Council has leaked nearly 10,000 emails and passwords of their members, exposing 2000 companies, including governmental organizations and big corporations. The National Safety Council (NSC) is a non-profit organization in the United […]
Hacking / August 31, 2023
Researchers demonstrated how attackers can abuse the Windows Container Isolation Framework to bypass endpoint security solutions. Researcher Daniel Avinoam at the recent DEF CON hacking conference demonstrated how attackers can abuse the Windows Container Isolation Framework to bypass endpoint security solutions. The expert explained that Windows OS separates the file system from each container to the host […]
Security / August 30, 2023
VMware fixed two security flaws in Aria Operations for Networks that could be exploited to bypass authentication and gain remote code execution. VMware has released security updates to address two vulnerabilities in Aria Operations for Networks, respectively tracked as CVE-2023-34039 (CVSS score: 9.8) and CVE-2023-20890 (CVSS score: 7.2). The vulnerability CVE-2023-34039 is an authentication bypass […]
APT / August 29, 2023
China-linked threat actors breached government organizations worldwide with attacks exploiting Barracuda ESG zero-day. In June, Mandiant researchers linked the threat actor UNC4841 to the attacks that exploited the recently patched Barracuda ESG zero-day vulnerability to China. âThrough the investigation, Mandiant identified a suspected China-nexus actor, currently tracked as UNC4841, targeting a subset of Barracuda ESG […]
Intelligence / August 29, 2023
Japanâs National Center of Incident Readiness and Strategy for Cybersecurity (NISC) has been infiltrated for months. Threat actors have infiltrated Japanâs National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for as much as nine months. The intruders China-linked hackers may have gained access to sensitive data, according to three government and private sector […]
Hacking / August 29, 2023
A financially motivated actor linked to the FIN8 group exploits the CVE-2023-3519 RCE in attacks on Citrix NetScaler systems in massive attacks. Sophos X-Ops is tracking an ongoing campaign, which is targeting Citrix NetScaler systems, conducted by threat actors linked to the FIN8 group [BleepingComputer, SOCRadar]. The hackers are exploiting the remote code execution, tracked […]
Hacking / August 29, 2023
Japan’s JPCERT warns of a new recently detected ‘MalDoc in PDF’ attack that embeds malicious Word files into PDFs. Japan’s computer emergency response team (JPCERT) has recently observed a new attack technique, called ‘MalDoc in PDF’, that bypasses detection by embedding a malicious Word file into a PDF file. The researchers explained that a file […]
Hacking / August 28, 2023
A security researcher demonstrated how to discover a targetâs IP address by sending a link over the Skype mobile app. The security researcher Yossi discovered that is possible to discover a targetâs IP address by sending a link over the Skype mobile app. The researcher pointed out that the attack only requires the target to […]
Security / August 27, 2023
Cisco addressed three high-severity flaws in NX-OS and FXOS software that could cause denial-of-service (DoS) conditions. Cisco this week addressed multiple flaws in its products, including three high-severity flaws in NX-OS and FXOS software. An attacker can exploit these three issues to cause a denial-of-service (DoS) condition. Below is the list of flaws addressed by […]
Hacking / August 26, 2023
The cloud and hosting provider Leaseweb suffered a security breach that impacted some “critical” systems of the company. Global hosting and cloud services provider Leaseweb has disabled some “critical” systems following a recent security breach. The company informed its customers that is now working on restoring these systems. According to a notice of incident sent […]
Cyber Crime / August 26, 2023
Security consulting giant Kroll disclosed a data breach resulting from a SIM-swapping attack against one of its employees. Security consulting firm Kroll revealed that a SIM-swapping attack against one of its employees caused the theft of user information for multiple cryptocurrency platforms. Kroll is managing ongoing bankruptcy proceedings for the impacted organizations, including BlockFi, FTX, and Genesis. On August […]
APT / August 25, 2023
China-linked APT group Flax Typhoon targeted dozens of organizations in Taiwan as part of a suspected espionage campaign. Microsoft linked the Chinese APT Flax Typhoon (aka Ethereal Panda) to a cyber espionage campaign that targeted dozens of organizations in Taiwan. The researchers observed Flax Typhoon gaining and maintaining long-term access to Taiwanese organizationsâ networks with […]
Breaking News / August 24, 2023
Proof-of-concept exploit code for critical Ivanti Sentry authentication bypass flaw CVE-2023-38035 has been released. Researchers released a proof-of-concept (PoC) exploit code for critical Ivanti Sentry authentication bypass vulnerability CVE-2023-38035 (CVSS score 9.8). This week the software company Ivanti released urgent security patches to address the critical-severity vulnerability CVE-2023-38035 impacting the Ivanti Sentry (formerly MobileIron Sentry) product. […]
Security / July 11, 2023
Resecurity researchers identified a zero-day Buffer Overflow vulnerability in the Schneider Electric Accutech Manager product. Resecurity identified a zero-day vulnerability in the Schneider Electric Accutech Manager product. The vulnerability, labeled as CVE-2023-29414 and SEVD-2-23-192-03, has been rated high with a CVSS v3.1 Base Score of 7.8. This issue pertains to a Buffer Overflow exploitation (CWE-120) […]
