US-based financial services company Fidelity Investments warns 77,000 individuals of a data breach that exposed their personal information. U.S.-based financial services company Fidelity Investments is notifying 77,099 individuals that their personal information was compromised in an August cyberattack. The data breach occurred on August 17, 2024 and was discovered two days later, on August 19, 2024. […]
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A cyber attack hit Iranian government sites and nuclear facilities Ransomware operators exploited Veeam Backup & Replication flaw […]
U.S. and U.K. cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and JetBrains TeamCity servers on a large scale. Russia-linked cyber espionage group APT29 (aka SVR group, BlueBravo, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes) target vulnerable Zimbra and JetBrains TeamCity servers as part of a mass scale campaign, U.S. and U.K. cyber agencies warned. The Federal Bureau […]
As Middle East tensions rise, cyberattacks hit Iran’s government branches and nuclear facilities, following Israel’s response to Iran’s October 1 missile barrage. Amid escalating Middle East tensions, Iran faced major cyberattacks Saturday, disrupting its government branches and targeting nuclear facilities. The massive cyberattack followed Israel’s pledged response to Iran’s October 1 missile barrage, as regional […]
Sophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup & Replication. Sophos researchers warn that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. In early September 2024, Veeam released security updates to address multiple vulnerabilities impacting its products, […]
GitLab issued updates for CE and EE to address multiple flaws, including a critical bug allowing CI/CD pipeline runs on unauthorized branches. GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE) to address multiple vulnerabilities, including a critical bug, tracked as CVE-2024-9164 (CVSS score of 9.6), allowing CI/CD pipeline runs on unauthorized […]
OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and China-linked actors used ChatGPT for planning ICS attacks. OpenAI announced the disruption of over 20 cyber and influence operations this year, involving Iranian and Chinese state-sponsored hackers. The company uncovered the activities of three threat actors abusing ChatGPT to launch cyberattacks. One of […]
The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” The Internet Archive is an American nonprofit digital library website that provides free access to collections of digitized materials including websites, software applications, music, audiovisual, and print materials. As of September 5, 2024, the […]
Jscrambler researchers found a skimming campaign using unique JavaScript obfuscation with accented characters to hide a skimmer named Mongolian Skimmer. Jscrambler researchers uncovered a skimming campaign using unique JavaScript obfuscation with accented characters to hide a skimmer dubbed ‘Mongolian Skimmer.’ The attackers used unusual Unicode characters for variables and function names. The skimmer was named […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week, Fortinet addressed a critical flaw in FortiOS, tracked as CVE-2024-23113 (CVSS score 9.8). The issue if […]