Hacking

Pierluigi Paganini November 10, 2024
Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Mazda Connect flaws allow to hack some Mazda vehicles Veeam Backup & Replication exploit reused in new Frag […]

Pierluigi Paganini November 09, 2024
Mazda Connect flaws allow to hack some Mazda vehicles

Multiple vulnerabilities in the infotainment unit Mazda Connect could allow attackers to execute arbitrary code with root access. Trend Micro’s Zero Day Initiative warned of multiple vulnerabilities in the Mazda Connect infotainment system that could allow attackers to execute code with root privileges. This occurs due to improper input sanitization in the Mazda Connect CMU, […]

Pierluigi Paganini November 09, 2024
Veeam Backup & Replication exploit reused in new Frag ransomware attack

A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR) was also recently exploited to deploy Frag ransomware. In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. In early September 2024, Veeam released security updates to address multiple vulnerabilities impacting […]

Pierluigi Paganini November 08, 2024
Texas oilfield supplier Newpark Resources suffered a ransomware attack

Texas oilfield supplier Newpark Resources suffered a ransomware attack that disrupted its information systems and business applications. Texas oilfield supplier Newpark Resources revealed that a ransomware attack on October 29 disrupted access to some of its information systems and business applications. The company immediately activated its cybersecurity response plan and launched an investigation into the […]

Pierluigi Paganini November 07, 2024
U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2024-43093 – this week, Google warned that the vulnerability CVE-2024-43093 in the Android OS is […]

Pierluigi Paganini November 07, 2024
DPRK-linked BlueNoroff used macOS malware with novel persistence

SentinelLabs observed North Korea-linked threat actor BlueNoroff targeting businesses in the crypto industry with a new multi-stage malware. SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign tracked as “Hidden Risk.” The attackers, linked to BlueNoroff and past RustBucket campaigns, used fake cryptocurrency news emails […]

Pierluigi Paganini November 07, 2024
Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

Canada ordered ByteDance to shut down TikTok operations over security concerns but did not issue a full ban on the platform. The Canadian government ordered ByteDance to wind up TikTok Technology Canada, Inc. over security concerns following a national security review under the Investment Canada Act Canada’s decision to require ByteDance to dissolve the operations of […]

Pierluigi Paganini November 07, 2024
Critical bug in Cisco UWRB access points allows attackers to run commands as root

Cisco fixed a critical flaw in URWB access points, allowing attackers to run root commands, compromising industrial wireless automation security. Cisco has addressed a critical vulnerability, tracked as CVE-2024-20418, that could be exploited by unauthenticated, remote attackers to run commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points used for industrial wireless […]

Pierluigi Paganini November 06, 2024
Memorial Hospital and Manor suffered a ransomware attack

Georgia, a ransomware attack disrupted Memorial Hospital and Manor’s access to its Electronic Health Record system. A ransomware attack hit Memorial Hospital and Manor in Bainbridge, Georgia, and disrupted the access to its Electronic Health Record system. Memorial Hospital and Manor is a community hospital and healthcare facility that serves Decatur County and surrounding areas […]

Pierluigi Paganini November 06, 2024
South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users

South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users’ sensitive data, including political views and sexual orientation, with advertisers. South Korea’s data privacy watchdog, Personal Information Protection Commission (PIPC), fined Meta 21.62 billion won ($15.67 million) for illegally collecting sensitive personal information from Facebook users, including data about their political views and […]