information security news

Pierluigi Paganini December 04, 2024
U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Proself versions before Ver5.62, Ver1.65, and Ver1.08 are vulnerable to XXE attacks, allowing unauthenticated attackers […]

Pierluigi Paganini December 03, 2024
The ASA flaw CVE-2014-2120 is being actively exploited in the wild

Cisco warns customers that a decade-old ASA vulnerability, tracked as CVE-2014-2120, is being actively exploited in the wild. Cisco warns that the decade-old ASA vulnerability CVE-2014-2120 is being actively exploited in attacks in the wild, and urges customers to review the updated advisory. The vulnerability resides in the WebVPN login page of Cisco Adaptive Security […]

Pierluigi Paganini December 03, 2024
DMM Bitcoin halts operations six months after a $300 million cyber heist

The Japanese cryptocurrency platform DMM Bitcoin is closing its operations just six months after a $300 million cyber heist. DMM Bitcoin is a cryptocurrency exchange based in Japan, operated by DMM Group, a large Japanese e-commerce and entertainment conglomerate. Launched in 2018, the platform allows users to trade various cryptocurrencies, including Bitcoin, Ethereum, and Ripple, […]

Pierluigi Paganini December 03, 2024
Energy industry contractor ENGlobal Corporation discloses a ransomware attack

ENGlobal Corporation disclosed a ransomware attack, discovered on November 25, disrupting operations, in a filing to the SEC. A ransomware attack disrupted the operations of a major energy industry contractor, ENGlobal Corporation. Founded in 1985, ENGlobal Corporation designs automated control systems for commercial and government sectors, reporting $6 million in Q3 revenue and $18.4 million […]

Pierluigi Paganini December 03, 2024
Poland probes Pegasus spyware abuse under the PiS government

Poland probes Pegasus spyware abuse under the PiS government; ex-security chief Piotr Pogonowski arrested to testify before parliament. Poland’s government has been investigating the alleged misuse of Pegasus spyware by the previous administration and arrested the former head of Poland’s internal security service Piotr Pogonowski. News of the arrest of Piotr Pogonowski was first reported by the […]

Pierluigi Paganini December 03, 2024
BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws

The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. Cybersecurity researchers from ESET recently discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty. The bootkit allows attackers to disable the kernel’s signature verification feature and to preload two as yet unknown ELF […]

Pierluigi Paganini December 02, 2024
Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

The Tor Project seeks help deploying 200 WebTunnel bridges by year-end to counter government censorship. Recent reports from Russia show increased censorship targeting the Tor network, including blocking bridges, pluggable transports, and circumvention apps. Russian watchdog Roskomnadzor is making some bridges inaccessible, highlighting the urgent need for more WebTunnel bridges. WebTunnel is a stealthy bridge […]

Pierluigi Paganini December 02, 2024
Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

International law enforcement operation Operation HAECHI-V led to more than 5,500 suspects arrested and seized over $400 million. A global operation code-named Operation HAECHI V, involving 40 countries, resulted in 5,500+ arrests and seized $400M in assets. Operation HAECHI V (July-Nov 2024) targeted cyber frauds like phishing, romance scams, sextortion, investment fraud, online gambling, BEC, […]

Pierluigi Paganini December 01, 2024
Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. 15 SpyLoan Android apps found on Google Play had over 8 million installs Notorious ransomware programmer Mikhail Pavlovich […]

Pierluigi Paganini December 01, 2024
Hackers stole millions of dollars from Uganda Central Bank

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. Ugandan officials confirmed on Thursday that the national central bank suffered a security breach by financially-motivated threat actors. The police’s Criminal Investigations Department and the Auditor General are investigating the incident. A senior government official at the finance ministry confirmed that […]