Security Affairs newsletter Round 462 by Pierluigi Paganini
Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION
|
Threat actors breached two crucial systems of the US CISA
|
CISA adds JetBrains TeamCity bug to its Known Exploited Vulnerabilities catalog
|
Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices
|
QNAP fixed three flaws in its NAS devices, including an authentication bypass
|
Russia-linked Midnight Blizzard breached Microsoft systems again
|
Cisco addressed severe flaws in its Secure Client
|
|
2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023
|
National intelligence agency of Moldova warns of Russia attacks ahead of the presidential election
|
CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog
|
|
CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
|
Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks
|
LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage
|
Apple emergency security updates fix two new iOS zero-days
|
VMware urgent updates addressed Critical ESXi Sandbox Escape bugs
|
US Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacks
|
|
Experts disclosed two severe flaws in JetBrains TeamCity On-Premises software
|
Ukraine’s GUR hacked the Russian Ministry of Defense
|
Some American Express customers’ data exposed in a third-party data breach
|
META hit with privacy complaints by EU consumer groups
|
New GTPDOOR backdoor is designed to target telecom carrier networks
|
Threat actors hacked Taiwan-based Chunghwa Telecom
|
New Linux variant of BIFROSE RAT uses deceptive domain strategies
|
Eken camera doorbells allow ill-intentioned individuals to spy on you
|
Security Affairs newsletter Round 461 by Pierluigi Paganini – INTERNATIONAL EDITION
|
U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp
|
U.S. authorities charged an Iranian national for long-running hacking campaign
|
US cyber and law enforcement agencies warn of Phobos ransomware attacks
|
Police seized Crimemarket, the largest German-speaking cybercrime marketplace
|
Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws
|
Crooks stole €15 Million from European retail company Pepco
|
CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog
|
Researchers found a zero-click Facebook account takeover
|
New SPIKEDWINE APT group is targeting officials in Europe
|
Is the LockBit gang resuming its operation?
|
Lazarus APT exploited zero-day in Windows driver to gain kernel privileges
|
Pharmaceutical giant Cencora discloses a data breach
|
Unmasking 2024’s Email Security Landscape
|
FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector
|
Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations
|
Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs
|
XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk
|
Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION
|
US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES
|
New Redis miner Migo uses novel system weakening techniques
|
Critical flaw found in deprecated VMware EAP. Uninstall it immediately
|
Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers
|
ConnectWise fixed critical flaws in ScreenConnect remote access tool
|
More details about Operation Cronos that disrupted Lockbit operation
|
|
Operation Cronos: law enforcement disrupted the LockBit operation
|
A Ukrainian Raccoon Infostealer operator is awaiting trial in the US
|
|
How BRICS Got “Rug Pulled” – Cryptocurrency Counterfeiting is on the Rise
|
SolarWinds addressed critical RCEs in Access Rights Manager (ARM)
|
ESET fixed high-severity local privilege escalation bug in Windows products
|
Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION
|
Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes
|
CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks
|
|
US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders
|
U.S. CISA: hackers breached a state government organization
|
Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs
|
US Gov dismantled the Moobot botnet controlled by Russia-linked APT28
|
A cyberattack halted operations at Varta production plants
|
North Korea-linked actors breached the emails of a Presidential Office member
|
CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog
|
Nation-state actors are using AI services and LLMs for cyberattacks
|
Abusing the Ubuntu ‘command-not-found’ utility to install malicious packages
|
Zoom fixed critical flaw CVE-2024-24691 in Windows software
|
Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader
|
Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days
|
A ransomware attack took 100 Romanian hospitals down
|
Bank of America customer data compromised after a third-party services provider data breach
|
Ransomfeed – Third Quarter Report 2023 is out!
|
Global Malicious Activity Targeting Elections is Skyrocketing
|
Researchers released a free decryption tool for the Rhysida Ransomware
|
Residential Proxies vs. Datacenter Proxies: Choosing the Right Option
|
CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog
|
Canada Gov plans to ban the Flipper Zero to curb car thefts
|
9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data
|
US Feds arrested two men involved in the Warzone RAT operation
|
Raspberry Robin spotted using two new 1-day LPE exploits
|
Security Affairs newsletter Round 458 by Pierluigi Paganini – INTERNATIONAL EDITION
|
CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog
|
macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations
|
Exploiting a vulnerable Minifilter Driver to create a process killer
|
Black Basta ransomware gang hacked Hyundai Motor Europe
|
Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN
|
Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices
|
26 Cyber Security Stats Every User Should Be Aware Of in 2024
|
US offers $10 million reward for info on Hive ransomware group leaders
|
Unraveling the truth behind the DDoS attack from electric toothbrushes
|
China-linked APT Volt Typhoon remained undetected for years in US infrastructure
|
Cisco fixes critical Expressway Series CSRF vulnerabilities
|
CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog
|
Fortinet addressed two critical FortiSIEM vulnerabilities
|
Experts warn of a critical bug in JetBrains TeamCity On-Premises
|
Critical shim bug impacts every Linux boot loader signed in the past decade
|
China-linked APT deployed malware in a network of the Dutch Ministry of Defence
|
Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG
|
Google fixed an Android critical remote code execution flaw
|
A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e
|
U.S. Gov imposes visa restrictions on individuals misusing Commercial Spyware
|
HPE is investigating claims of a new security breach
|
Experts warn of a surge of attacks targeting Ivanti SSRF flaw
|
How to hack the Airbus NAVBLUE Flysmart+ Manager
|
Crooks stole $25.5 million from a multinational firm using a ‘deepfake’ video call
|
Software firm AnyDesk disclosed a security breach
|
The ‘Mother of all Breaches’: Navigating the Aftermath and Fortifying Your Data with DSPM
|
US government imposed sanctions on six Iranian intel officials
|
A cyberattack impacted operations at Lurie Children’s Hospital
|
AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web
|
Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION
|
Clorox estimates the costs of the August cyberattack will exceed $49 Million
|
Mastodon fixed a flaw that can allow the takeover of any account
|
Iranian hackers breached Albania’s Institute of Statistics (INSTAT)
|
Operation Synergia led to the arrest of 31 individuals
|
Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison
|
Cloudflare breached on Thanksgiving Day, but the attack was promptly contained
|
PurpleFox malware infected at least 2,000 computers in Ukraine
|
Man sentenced to six years in prison for stealing millions in cryptocurrency via SIM swapping
|
CISA orders federal agencies to disconnect Ivanti VPN instances by February 2
|
Multiple malware used in attacks exploiting Ivanti VPN flaws
|
Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k
|
Crooks stole around $112 million worth of XRP from Ripple’s co-founder
|
CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog
|
Ivanti warns of a new actively exploited zero-day
|
Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware
|
Data leak at fintech giant Direct Trading Technologies
|
Root access vulnerability in GNU Library C (glibc) impacts many Linux distros
|
Italian data protection authority said that ChatGPT violated EU privacy laws
|
750 million Indian mobile subscribers’ data offered for sale on dark web
|
Juniper Networks released out-of-band updates to fix high-severity flaws
|
Hundreds of network operators’ credentials found circulating in Dark Web
|
Cactus ransomware gang claims the Schneider Electric hack
|
Mercedes-Benz accidentally exposed sensitive data, including source code
|
Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords
|
NSA buys internet browsing records from data brokers without a warrant
|
Ukraine’s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’
|
Multiple PoC exploits released for Jenkins flaw CVE-2024-23897
|
Medusa ransomware attack hit Kansas City Area Transportation Authority
|
Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION
|
Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center
|
Participants earned more than $1.3M at the Pwn2Own Automotive competition
|
A TrickBot malware developer sentenced to 64 months in prison
|
Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns
|
Watch out, experts warn of a critical flaw in Jenkins
|
Pwn2Own Automotive 2024 Day 2 – Tesla hacked again
|
Yearly Intel Trend Review: The 2023 RedSense report
|
Cisco warns of a critical bug in Unified Communications products, patch it now!
|
Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)
|
CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog
|
5379 GitLab servers vulnerable to zero-click account takeover attacks
|
Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204
|
Splunk fixed high-severity flaw impacting Windows versions
|
Watch out, a new critical flaw affects Fortra GoAnywhere MFT
|
Australian government announced sanctions for Medibank hacker
|
LoanDepot data breach impacted roughly 16.6 individuals
|
Black Basta gang claims the hack of the UK water utility Southern Water
|
CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog
|
Mother of all breaches – a historic data leak reveals 26 billion records: check what’s exposed
|
Apple fixed actively exploited zero-day CVE-2024-23222
|
“My Slice”, an Italian adaptive phishing campaign
|
Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell
|
Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web
|
Backdoored pirated applications targets Apple macOS users
|
LockBit ransomware gang claims the attack on the sandwich chain Subway
|
Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION
|
Admin of the BreachForums hacking forum sentenced to 20 years supervised release
|
VF Corp December data breach impacts 35 million customers
|
China-linked APT UNC3886 exploits VMware zero-day since 2021
|
Ransomware attacks break records in 2023: the number of victims rose by 128%
|
U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082
|
The Quantum Computing Cryptopocalypse – I’ll Know It When I See It
|
Kansas State University suffered a serious cybersecurity incident
|
CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog
|
Google TAG warns that Russian COLDRIVER APT is using a custom backdoor
|
PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts
|
iShutdown lightweight method allows to discover spyware infections on iPhones
|
Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos
|
Github rotated credentials after the discovery of a vulnerability
|
FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation
|
Citrix warns admins to immediately patch NetScaler for actively exploited zero-days
|
Google fixed the first actively exploited Chrome zero-day of 2024
|
Atlassian fixed critical RCE in older Confluence versions
|
VMware fixed a critical flaw in Aria Automation. Patch it now!
|
Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws
|
Experts warn of a vulnerability affecting Bosch BCC100 Thermostat
|
Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack
|
Phemedrone info stealer campaign exploits Windows smartScreen bypass
|
Balada Injector continues to infect thousands of WordPress sites
|
Attackers target Apache Hadoop and Flink to deliver cryptominers
|
Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic
|
Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION
|
GitLab fixed a critical zero-click account hijacking flaw
|
Juniper Networks fixed a critical RCE bug in its firewalls and switches
|
Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election
|
Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467
|
Team Liquid’s wiki leak exposes 118K users
|
CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog
|
Two zero-day bugs in Ivanti Connect Secure actively exploited
|
X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected
|
Cisco fixed critical Unity Connection vulnerability CVE-2024-20272
|
ShinyHunters member sentenced to three years in prison
|
HMG Healthcare disclosed a data breach
|
|
Decryptor for Tortilla variant of Babuk ransomware released
|
Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws
|
CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog
|
Syrian group Anonymous Arabic distributes stealthy malware Silver RAT
|
Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications
|
DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace
|
Long-existing Bandook RAT targets Windows machines
|
A cyber attack hit the Beirut International Airport
|
Iranian crypto exchange Bit24.cash leaks user passports and IDs
|
Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION
|
Turkish Sea Turtle APT targets Dutch IT and Telecom firms
|
Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea
|
Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages
|
The source code of Zeppelin Ransomware sold on a hacking forum
|
Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months
|
Ivanti fixed a critical EPM flaw that can result in remote code execution
|
MyEstatePoint Property Search Android app leaks user passwords
|
Hacker hijacked Orange Spain RIPE account causing internet outage to company customers
|
HealthEC data breach impacted more than 4.5 Million people
|
Experts found 3 malicious packages hiding crypto miners in PyPi repository
|
Crooks hacked Mandiant X account to push cryptocurrency scam
|
Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud
|
CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
|
Don’t trust links with known domains: BMW affected by redirect vulnerability
|
Hackers stole more than $81 million worth of crypto assets from Orbit Chain
|
|
Experts warn of JinxLoader loader used to spread Formbook and XLoader
|
Terrapin attack allows to downgrade SSH protocol security
|
Multiple organizations in Iran were breached by a mysterious hacker
|
Top 2023 Security Affairs cybersecurity stories
|
Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies
|
Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop
|
Google agreed to settle a $5 billion privacy lawsuit
|
Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION
|
INC RANSOM ransomware gang claims to have breached Xerox Corp
|
Spotify music converter TuneFab puts users at risk
|
Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania
|
Russia-linked APT28 used new malware in a recent phishing campaign
|
Clash of Clans gamers at risk while using third-party app
|
New Version of Meduza Stealer Released in Dark Web
|
Operation Triangulation attacks relied on an undocumented hardware feature
|
|
Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network
|
Experts warn of critical Zero-Day in Apache OfBiz
|
Xamalicious Android malware distributed through the Play Store
|
Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841
|
Elections 2024, artificial intelligence could upset world balances
|
Experts analyzed attacks against poorly managed Linux SSH servers
|
A cyberattack hit Australian healthcare provider St Vincent’s Health Australia
|
Rhysida ransomware group hacked Abdali Hospital in Jordan
|
Carbanak malware returned in ransomware attacks
|
Resecurity Released a 2024 Cyber Threat Landscape Forecast
|
APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw
|
Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor
|
Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION
|
Europol and ENISA spotted 443 e-stores compromised with digital skimming
|
Video game giant Ubisoft investigates reports of a data breach
|
LockBit ransomware gang claims to have breached accountancy firm Xeinadin
|
Mobile virtual network operator Mint Mobile discloses a data breach
|
Akira ransomware gang claims the theft of sensitive data from Nissan Australia
|
Member of Lapsus$ gang sentenced to an indefinite hospital order
|
Real estate agency exposes details of 690k customers
|
ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products
|
Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware
|
Data leak exposes users of car-sharing service Blink Mobility
|
Google addressed a new actively exploited Chrome zero-day
|
German police seized the dark web marketplace Kingdom Market
|
Law enforcement Operation HAECHI IV led to the seizure of $300 Million
|
Sophisticated JaskaGO info stealer targets macOS and Windows
|
BMW dealer at risk of takeover by cybercriminals
|
Comcast’s Xfinity customer data exposed after CitrixBleed attack
|
FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it
|
|
The ransomware attack on Westpole is disrupting digital services for Italian public administration
|
Info stealers and how to protect against them
|
Pro-Israel Predatory Sparrow hacker group disrupted services at around 70% of Iran’s fuel stations
|
Qakbot is back and targets the Hospitality industry
|
A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K
|
MongoDB investigates a cyberattack, customer data exposed
|
InfectedSlurs botnet targets QNAP VioStor NVR vulnerability
|
Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION
|
New NKAbuse malware abuses NKN decentralized P2P network protocol
|
Snatch ransomware gang claims the hack of the food giant Kraft Heinz
|
Multiple flaws in pfSense firewall can lead to arbitrary code execution
|
BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign
|
Data of over a million users of the crypto exchange GokuMarket exposed
|
Idaho National Laboratory data breach impacted 45,047 individuals
|
Ubiquiti users claim to have access to other people’s devices
|
Russia-linked APT29 spotted targeting JetBrains TeamCity servers
|
Microsoft seized the US infrastructure of the Storm-1152 cybercrime group
|
French authorities arrested a Russian national for his role in the Hive ransomware operation
|
China-linked APT Volt Typhoon linked to KV-Botnet
|
UK Home Office is ignoring the risk of ‘catastrophic ransomware attacks,’ report warns
|
OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks
|
Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks
|
December 2023 Microsoft Patch Tuesday fixed 4 critical flaws
|
Ukrainian military intelligence service hacked the Russian Federal Taxation Service
|
Kyivstar, Ukraine’s largest mobile carrier brought down by a cyber attack
|
Dubai’s largest taxi app exposes 220K+ users
|
Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware
|
Apple released iOS 17.2 to address a dozen of security flaws
|
Toyota Financial Services discloses a data breach
|
Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2
|
CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog
|
CISA and ENISA signed a Working Arrangement to enhance cooperation
|
Researcher discovered a new lock screen bypass bug for Android 14 and 13
|
WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw
|
Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION
|
Hacktivists hacked an Irish water utility and interrupted the water supply
|
5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips
|
Norton Healthcare disclosed a data breach after a ransomware attack
|
Bypassing major EDRs using Pool Party process injection techniques
|
Founder of Bitzlato exchange has pleaded for unlicensed money transmitting
|
Android barcode scanner app exposes user passwords
|
UK and US expose Russia Callisto Group’s activity and sanction members
|
A cyber attack hit Nissan Oceania
|
New Krasue Linux RAT targets telecom companies in Thailand
|
Atlassian addressed four new RCE flaws in its products
|
CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog
|
Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode
|
GST Invoice Billing Inventory exposes sensitive data to threat actors
|
Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw
|
ENISA published the ENISA Threat Landscape for DoS Attacks Report
|
Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts
|
Google fixed critical zero-click RCE in Android
|
New P2PInfect bot targets routers and IoT devices
|
Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware
|
LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order
|
Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices
|
New Agent Raccoon malware targets the Middle East, Africa and the US
|
Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION
|
Researchers devised an attack technique to extract ChatGPT training data
|
Fortune-telling website WeMystic exposes 13M+ user records
|
Expert warns of Turtle macOS ransomware
|
|
CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog
|
Apple addressed 2 new iOS zero-day vulnerabilities
|
Critical Zoom Room bug allowed to gain access to Zoom Tenants
|
Rhysida ransomware group hacked King Edward VII’s Hospital in London
|
Google addressed the sixth Chrome Zero-Day vulnerability in 2023
|
Okta reveals additional attackers’ activities in October 2023 Breach
|
Thousands of secrets lurk in app images on Docker Hub
|
Threat actors started exploiting critical ownCloud flaw CVE-2023-49103
|
International police operation dismantled a prominent Ukraine-based Ransomware group
|
Daixin Team group claimed the hack of North Texas Municipal Water District
|
Healthcare provider Ardent Health Services disclosed a ransomware attack
|
Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia
|
|
The hack of MSP provider CTS potentially impacted hundreds of UK law firms
|
Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION
|
Rhysida ransomware gang claimed China Energy hack
|
North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack
|
Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
|
App used by hundreds of schools leaking children’s data
|
Microsoft launched its new Microsoft Defender Bounty Program
|
Exposed Kubernetes configuration secrets can fuel supply chain attacks
|
North Korea-linked Konni APT uses Russian-language weaponized documents
|
ClearFake campaign spreads macOS AMOS information stealer
|
Welltok data breach impacted 8.5 million patients in the U.S.
|
North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software
|
Automotive parts giant AutoZone disclosed data breach after MOVEit hack
|
New InfectedSlurs Mirai-based botnet exploits two zero-days
|
SiegedSec hacktivist group hacked Idaho National Laboratory (INL)
|
CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog
|
Citrix provides additional measures to address Citrix Bleed
|
Tor Project removed several relays associated with a suspicious cryptocurrency scheme
|
Experts warn of a surge in NetSupport RAT attacks against education and government sectors
|
The Top 5 Reasons to Use an API Management Platform
|
Canadian government impacted by data breaches of two of its contractors
|
Rhysida ransomware gang is auctioning data stolen from the British Library
|
Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies
|
DarkCasino joins the list of APT groups exploiting WinRAR zero-day
|
US teenager pleads guilty to his role in credential stuffing attack on a betting site
|
Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION
|
8Base ransomware operators use a new variant of the Phobos ransomware
|
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
|
The board of directors of OpenAI fired Sam Altman
|
Medusa ransomware gang claims the hack of Toyota Financial Services
|
CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog
|
Zimbra zero-day exploited to steal government emails by four groups
|
Vietnam Post exposes 1.2TB of data, including email addresses
|
Samsung suffered a new data breach
|
FBI and CISA warn of attacks by Rhysida ransomware gang
|
Critical flaw fixed in SAP Business One product
|
Law enforcement agencies dismantled the illegal botnet proxy service IPStorm
|
Gamblers’ data compromised after casino giant Strendus fails to set password
|
|
Danish critical infrastructure hit by the largest cyber attack in Denmark’s history
|
Major Australian ports blocked after a cyber attack on DP World
|
Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024
|
CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog
|
LockBit ransomware gang leaked data stolen from Boeing
|
North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals
|
The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital
|
The State of Maine disclosed a data breach that impacted 1.3M people
|
Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION
|
Police seized BulletProftLink phishing-as-a-service (PhaaS) platform
|
Serbian pleads guilty to running ‘Monopoly’ dark web drug market
|
McLaren Health Care revealed that a data breach impacted 2.2 million people
|
After ChatGPT, Anonymous Sudan took down the Cloudflare website
|
Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack
|
SysAid zero-day exploited by Clop ransomware group
|
Dolly.com pays ransom, attackers release data anyway
|
DDoS attack leads to significant disruption in ChatGPT services
|
Russian Sandworm disrupts power in Ukraine with a new OT attack
|
Veeam fixed multiple flaws in Veeam ONE, including critical issues
|
|
Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks
|
Critical Confluence flaw exploited in ransomware attacks
|
QNAP fixed two critical vulnerabilities in QTS OS and apps
|
Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure
|
Socks5Systemz proxy service delivered via PrivateLoader and Amadey
|
US govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actors
|
Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION
|
Lazarus targets blockchain engineers with new KandyKorn macOS Malware
|
Kinsing threat actors probed the Looney Tunables flaws in recent attacks
|
ZDI discloses four zero-day flaws in Microsoft Exchange
|
Okta customer support system breach impacted 134 customers
|
Multiple WhatsApp mods spotted containing the CanesSpy Spyware
|
Russian FSB arrested Russian hackers who supported Ukrainian cyber operations
|
MuddyWater has been spotted targeting two Israeli entities
|
Clop group obtained access to the email addresses of about 632,000 US federal employees
|
Okta discloses a new data breach after a third-party vendor was hacked
|
Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware
|
Boeing confirmed its services division suffered a cyberattack
|
Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India
|
Who is behind the Mozi Botnet kill switch?
|
CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog
|
Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748
|
Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper
|
British Library suffers major outage due to cyberattack
|
Critical Atlassian Confluence flaw can lead to significant data loss
|
WiHD leak exposes details of all torrent users
|
Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198
|
Canada bans WeChat and Kaspersky apps on government-issued mobile devices
|
|
Wiki-Slack attack allows redirecting business professionals to malicious websites
|
HackerOne awarded over $300 million bug hunters
|
StripedFly, a complex malware that infected one million devices without being noticed
|
IT Army of Ukraine disrupted internet providers in territories occupied by Russia
|
Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION
|
Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023
|
Lockbit ransomware gang claims to have stolen data from Boeing
|
How to Collect Market Intelligence with Residential Proxies?
|
F5 urges to address a critical flaw in BIG-IP
|
Hello Alfred app exposes user data
|
iLeakage attack exploits Safari to steal data from Apple devices
|
Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps
|
Seiko confirmed a data breach after BlackCat attack
|
Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks
|
Pwn2Own Toronto 2023 Day 1 – organizers awarded $438,750 in prizes
|
VMware addressed critical vCenter flaw also for End-of-Life products
|
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately
|
New England Biolabs leak sensitive data
|
Former NSA employee pleads guilty to attempted selling classified documents to Russia
|
Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!
|
How did the Okta Support breach impact 1Password?
|
PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web
|
Spain police dismantled a cybercriminal group who stole the data of 4 million individuals
|
CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
|
Cisco warns of a second IOS XE zero-day used to infect devices worldwide
|
City of Philadelphia suffers a data breach
|
SolarWinds fixed three critical RCE flaws in its Access Rights Manager product
|
Don’t use AI-based apps, Philippine defense ordered its personnel
|
Vietnamese threat actors linked to DarkGate malware campaign
|
MI5 chief warns of Chinese cyber espionage reached an unprecedented scale
|
The attack on the International Criminal Court was targeted and sophisticated
|
Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION
|
A threat actor is selling access to Facebook and Instagram’s Police Portal
|
Threat actors breached Okta support system and stole customers’ data
|
US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide
|
Alleged developer of the Ragnar Locker ransomware was arrested
|
CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
|
Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198
|
Law enforcement operation seized Ragnar Locker group’s infrastructure
|
THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!
|
North Korea-linked APT groups actively exploit JetBrains TeamCity flaw
|
Multiple APT groups exploited WinRAR flaw CVE-2023-38831
|
Californian IT company DNA Micro leaks private mobile phone data
|
|
A flaw in Synology DiskStation Manager allows admin account takeover
|
D-Link confirms data breach, but downplayed the impact
|
CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems
|
Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers
|
Ransomware realities in 2023: one employee mistake can cost a company millions
|
Malware-laced ‘RedAlert – Rocket Alerts’ app targets Israeli users
|
Cisco warns of active exploitation of IOS XE zero-day
|
Signal denies claims of an alleged zero-day flaw in its platform
|
Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm
|
DarkGate malware campaign abuses Skype and Teams
|
The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital
|
Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION
|
Lockbit ransomware gang demanded an 80 million ransom to CDW
|
CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks
|
|
FBI and CISA published a new advisory on AvosLocker ransomware
|
More than 17,000 WordPress websites infected with the Balada Injector in September
|
Ransomlooker, a new tool to track and analyze ransomware groups’ activities
|
Phishing, the campaigns that are targeting Italy
|
A new Magecart campaign hides the malicious code in 404 error page
|
CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog
|
Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers
|
Air Europa data breach exposed customers’ credit cards
|
#OpIsrael, #FreePalestine & #OpSaudiArabia – How Cyber Actors Capitalize On War Actions Via Psy-Ops
|
Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws
|
New ‘HTTP/2 Rapid Reset’ technique behind record-breaking DDoS attacks
|
Exposed security cameras in Israel and Palestine pose significant risks
|
A flaw in libcue library impacts GNOME Linux systems
|
Hacktivists in Palestine and Israel after SCADA and other industrial control systems
|
Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519
|
The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum
|
Gaza-linked hackers and Pro-Russia groups are targeting Israel
|
Flagstar Bank suffered a data breach once again
|
Android devices shipped with backdoored firmware as part of the BADBOX network
|
Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition
|
North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime
|
QakBot threat actors are still operational after the August takedown
|
Ransomware attack on MGM Resorts costs $110 Million
|
Cybersecurity, why a hotline number could be important?
|
Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables
|
Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!
|
Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege
|
CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog
|
NATO is investigating a new cyber attack claimed by the SiegedSec group
|
Global CRM Provider Exposed Millions of Clients’ Files Online
|
Sony sent data breach notifications to about 6,800 individuals
|
Apple fixed the 17th zero-day flaw exploited in attacks
|
Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks
|
A cyberattack disrupted Lyca Mobile services
|
Chipmaker Qualcomm warns of three actively exploited zero-days
|
DRM Report Q2 2023 – Ransomware threat landscape
|
Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform
|
San Francisco’s transport agency exposes drivers’ parking permits and addresses
|
BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums
|
Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)
|
Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV
|
European Telecommunications Standards Institute (ETSI) suffered a data breach
|
WS_FTP flaw CVE-2023-40044 actively exploited in the wild
|
|
North Korea-linked Lazarus targeted a Spanish aerospace company
|
Ransomware attack on Johnson Controls may have exposed sensitive DHS data
|
BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care
|
Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition
|
ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One
|
FBI warns of dual ransomware attacks
|
Progress Software fixed two critical severity flaws in WS_FTP Server
|
Child abuse site taken down, organized child exploitation crime suspected – exclusive
|
A still unpatched zero-day RCE impacts more than 3.5M Exim servers
|
Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach
|
Misconfigured WBSC server leaks thousands of passports
|
CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog
|
Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109
|
Dark Angels Team ransomware group hit Johnson Controls
|
GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023
|
Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices
|
China-linked APT BlackTech was spotted hiding in Cisco router firmware
|
Watch out! CVE-2023-5129 in libwebp library affects millions applications
|
DarkBeam leaks billions of email and password combinations
|
|
Top 5 Problems Solved by Data Lineage
|
Threat actors claim the hack of Sony, and the company investigates
|
Canadian Flair Airlines left user data leaking for months
|
The Rhysida ransomware group hit the Kuwait Ministry of Finance
|
BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients
|
Xenomorph malware is back after months of hiatus and expands the list of targets
|
Smishing Triad Stretches Its Tentacles into the United Arab Emirates
|
Crooks stole $200 million worth of assets from Mixin Network
|
A phishing campaign targets Ukrainian military entities with drone manual lures
|
Alert! Patch your TeamCity instance to avoid server hack
|
Is Gelsemium APT behind a targeted attack in Southeast Asian Government?
|
Nigerian National pleads guilty to participating in a millionaire BEC scheme
|
New variant of BBTok Trojan targets users of +40 banks in LATAM
|
Deadglyph, a very sophisticated and unknown backdoor targets the Middle East
|
Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars
|
Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition
|
National Student Clearinghouse data breach impacted approximately 900 US schools
|
Government of Bermuda blames Russian threat actors for the cyber attack
|
|
|
Information of Air Canada employees exposed in recent cyberattack
|
Sandman APT targets telcos with LuaDream backdoor
|
Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws
|
Ukrainian hackers are behind the Free Download Manager supply chain attack
|
Space and defense tech maker Exail Technologies exposes database access
|
|
Experts found critical flaws in Nagios XI network monitoring software
|
The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs
|
International Criminal Court hit with a cyber attack
|
GitLab addressed critical vulnerability CVE-2023-5009
|
Trend Micro addresses actively exploited zero-day in Apex One and other security Products
|
ShroudedSnooper threat actors target telecom companies in the Middle East
|
Recent cyber attack is causing Clorox products shortage
|
Earth Lusca expands its arsenal with SprySOCKS Linux malware
|
Microsoft AI research division accidentally exposed 38TB of sensitive data
|
German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals
|
|
FBI hacker USDoD leaks highly sensitive TransUnion data
|
North Korea’s Lazarus APT stole almost $240 million in crypto assets since June
|
Clop gang stolen data from major North Carolina hospitals
|
CardX released a data leak notification impacting their customers in Thailand
|
Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition
|
TikTok fined €345M by Irish DPC for violating children’s privacy
|
Dariy Pankov, the NLBrute malware author, pleads guilty
|
Dangerous permissions detected in top Android health apps
|
Caesars Entertainment paid a ransom to avoid stolen data leaks
|
Free Download Manager backdoored to serve Linux malware for more than 3 years
|
|
The iPhone of a Russian journalist was infected with the Pegasus spyware
|
Kubernetes flaws could lead to remote code execution on Windows endpoints
|
Threat actor leaks sensitive data belonging to Airbus
|
A new ransomware family called 3AM appears in the threat landscape
|
Redfly group infiltrated an Asian national grid as long as six months
|
Mozilla fixed a critical zero-day in Firefox and Thunderbird
|
Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws
|
Save the Children confirms it was hit by cyber attack
|
Adobe fixed actively exploited zero-day in Acrobat and Reader
|
A new Repojacking attack exposed over 4,000 GitHub repositories to hack
|
MGM Resorts hit by a cyber attack
|
Anonymous Sudan launched a DDoS attack against Telegram
|
|
GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023
|
CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog
|
UK and US sanctioned 11 members of the Russia-based TrickBot gang
|
New HijackLoader malware is rapidly growing in popularity in the cybercrime community
|
Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable
|
Evil Telegram campaign: Trojanized Telegram apps found on Google Play
|
Rhysida Ransomware gang claims to have hacked three more US hospitals
|
Akamai prevented the largest DDoS attack on a US financial company
|
Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition
|
US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog
|
Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital
|
North Korea-linked threat actors target cybersecurity experts with a zero-day
|
Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks
|
Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware
|
Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs
|
A malvertising campaign is delivering a new version of the macOS Atomic Stealer
|
Two flaws in Apache SuperSet allow to remotely hack servers
|
Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake
|
Google addressed an actively exploited zero-day in Android
|
A zero-day in Atlas VPN Linux Client leaks users’ IP address
|
MITRE and CISA release Caldera for OT attack emulation
|
ASUS routers are affected by three critical remote code execution flaws
|
Hackers stole $41M worth of crypto assets from crypto gambling firm Stake
|
Freecycle data breach impacted 7 Million users
|
Meta disrupted two influence campaigns from China and Russia
|
A massive DDoS attack took down the site of the German financial agency BaFin
|
“Smishing Triad” Targeted USPS and US Citizens for Data Theft
|
University of Sydney suffered a security breach caused by a third-party service provider
|
Cybercrime will cost Germany $224 billion in 2023
|
PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks
|
Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition
|
LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)
|
UNRAVELING EternalBlue: inside the WannaCry’s enabler
|
Researchers released a free decryptor for the Key Group ransomware
|
Fashion retailer Forever 21 data breach impacted +500,000 individuals
|
Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware
|
Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication
|
Paramount Global disclosed a data breach
|
|
Abusing Windows Container Isolation Framework to avoid detection by security products
|
Critical RCE flaw impacts VMware Aria Operations Networks
|
UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw
|
|
FIN8-linked actor targets Citrix NetScaler systems
|
Japan’s JPCERT warns of new ‘MalDoc in PDF’ attack technique
|
Attackers can discover IP address by sending a link over the Skype mobile app
|
Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software
|
Cloud and hosting provider Leaseweb took down critical systems after a cyber attack
|
Crypto investor data exposed by a SIM swapping attack against a Kroll employee
|
China-linked Flax Typhoon APT targets Taiwan
|
Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035
|
Resecurity identified a zero-day vulnerability in Schneider Electric Accutech Manager
|
About Author
