LiteSpeed Cache WordPress plugin actively exploited in the wild - Security Affairs
LiteSpeed Cache WordPress plugin actively exploited in the wild
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606
UK Ministry of Defense disclosed a third-party data breach exposing military personnel data
Law enforcement agencies identified LockBit ransomware admin and sanctioned him
MITRE attributes the recent attack to China-linked UNC5221
Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering
City of Wichita hit by a ransomware attack
El Salvador suffered a massive leak of biometric data
Finland authorities warn of Android malware campaign targeting bank users
NATO and the EU formally condemned Russia-linked APT28 cyber espionage
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Blackbasta gang claimed responsibility for Synlab Italia attack
LockBit published data stolen from Simone Veil hospital in Cannes
Russia-linked APT28 and crooks are still using the Moobot botnet
Dirty stream attack poses billions of Android installs at risk
ZLoader Malware adds Zeus's anti-analysis feature
Ukrainian REvil gang member sentenced to 13 years in prison
HPE Aruba Networking addressed four critical ArubaOS RCE flaws
Threat actors hacked the Dropbox Sign production environment
CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog
Panda Restaurant Group disclosed a data breach
Ex-NSA employee sentenced to 262 months in prison for attempting to transfer classified documents to Russia
Cuttlefish malware targets enterprise-grade SOHO routers
A flaw in the R programming language could allow code execution
Muddling Meerkat, a mysterious DNS Operation involving China's Great Firewall
Notorious Finnish Hacker sentenced to more than six years in prison
CISA guidelines to protect critical infrastructure against AI-based threats
NCSC: New UK law bans default passwords on smart devices
The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data
Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023
Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals
Cyber-Partisans hacktivists claim to have breached Belarus KGB
The Los Angeles County Department of Health Services disclosed a data breach
Multiple Brocade SANnav SAN Management SW flaws allow device compromise
ICICI Bank exposed credit card data of 17000 customers
Okta warns of unprecedented scale in credential stuffing attacks on online services
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Targeted operation against Ukraine exploited 7-year-old MS Office bug
Hackers may have accessed thousands of accounts on the California state welfare platform
Brokewell Android malware supports an extensive set of Device Takeover capabilities
Experts warn of an ongoing malware campaign targeting WP-Automatic plugin
Cryptocurrencies and cybercrime: A critical intermingling
Kaiser Permanente data breach may have impacted 13.4 million patients
Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug
Sweden’s liquor supply severely impacted by ransomware attack on logistics company
CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog
CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog
DOJ arrested the founders of crypto mixer Samourai for facilitating $2 Billion in illegal transactions
Google fixed critical Chrome vulnerability CVE-2024-4058
Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks
Hackers hijacked the eScan Antivirus update mechanism in malware campaign
US offers a $10 million reward for information on four Iranian nationals
The street lights in Leicester City cannot be turned off due to a cyber attack
North Korea-linked APT groups target South Korean defense contractors
U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity
A cyber attack paralyzed operations at Synlab Italia
Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw
Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities
A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites
Akira ransomware received $42M in ransom payments from over 250 victims
DuneQuixote campaign targets the Middle East with a complex backdoor
Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION
Critical CrushFTP zero-day exploited in attacks in the wild
A French hospital was forced to reschedule procedures after cyberattack
MITRE revealed that nation-state actors breached its systems via Ivanti zero-days
FBI chief says China is preparing to attack US critical infrastructure
United Nations Development Programme (UNDP) investigates data breach
FIN7 targeted a large U.S. carmaker with phishing attacks
Law enforcement operation dismantled phishing-as-a-service platform LabHost
Previously unknown Kapeka backdoor linked to Russian Sandworm APT
Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available
Linux variant of Cerber ransomware targets Atlassian servers
Ivanti fixed two critical flaws in its Avalanche MDM
Researchers released exploit code for actively exploited Palo Alto PAN-OS bug
Cisco warns of large-scale brute-force attacks against VPN and SSH services
PuTTY SSH Client flaw allows of private keys recovery
A renewed espionage campaign targets South Asia with iOS spyware LightSpy
Misinformation and hacktivist campaigns targeting the Philippines skyrocket
Russia is trying to sabotage European railways, Czech minister said
Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia
Cisco Duo warns telephony supplier data breach exposed MFA SMS logs
Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets
CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog
Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor
U.S. and Australian police arrested Firebird RAT author and operator
Canadian retail chain Giant Tiger data breach may have impacted millions of customers
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Crooks manipulate GitHub's search results to distribute malware
BatBadBut flaw allowed an attacker to perform command injection on Windows
Roku disclosed a new security breach impacting 576,000 accounts
LastPass employee targeted via an audio deepfake call
TA547 targets German organizations with Rhadamanthys malware
CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog
US CISA published an alert on the Sisense data breach
Palo Alto Networks fixed multiple DoS bugs in its firewalls
Apple warns of mercenary spyware attacks on iPhone users in 92 countries
Microsoft fixed two zero-day bugs exploited in malware attacks
Group Health Cooperative data breach impacted 530,000 individuals
AT&T states that the data breach impacted 51 million former and current customers
Fortinet fixed a critical remote code execution bug in FortiClientLinux
Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues
Cybersecurity in the Evolving Threat Landscape
Over 91,000 LG smart TVs running webOS are vulnerable to hacking
ScrubCrypt used to drop VenomRAT along with many malicious plugins
Google announces V8 Sandbox to protect Chrome users
China is using generative AI to carry out influence operations
Greylock McKinnon Associates data breach exposed DOJ data of 341650 people
Crowdfense is offering a larger 30M USD exploit acquisition program
U.S. Department of Health warns of attacks against IT help desks
Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION
Over 92,000 Internet-facing D-Link NAS devices can be easily hacked
More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894
Cisco warns of XSS flaw in end-of-life small business routers
Magento flaw exploited to deploy persistent backdoor hidden in XML
Cyberattack disrupted services at Omni Hotels & Resorts
HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks
US cancer center City of Hope: data breach impacted 827149 individuals
Ivanti fixed for 4 new issues in Connect Secure and Policy Secure
Jackson County, Missouri, discloses a ransomware attack
Google addressed another Chrome zero-day exploited at Pwn2Own in March
The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse
Google fixed two actively exploited Pixel vulnerabilities
Highly sensitive files mysteriously disappeared from EUROPOL headquarters
XSS flaw in WordPress WP-Members Plugin can lead to script injection
Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor
Google agreed to erase billions of browser records to settle a class action lawsuit
PandaBuy data breach allegedly impacted over 1.3 million customers
OWASP discloses a data breach
New Vultur malware version includes enhanced remote control and evasion capabilities
Pentagon established the Office of the Assistant Secretary of Defense for Cyber Policy
Info stealer attacks target macOS users
Security Affairs newsletter Round 465 by Pierluigi Paganini – INTERNATIONAL EDITION
DinodasRAT Linux variant targets users worldwide
AT&T confirmed that a data breach impacted 73 million customers
Expert found a backdoor in XZ tools used many Linux distributions
German BSI warns of 17,000 unpatched Microsoft Exchange servers
Cisco warns of password-spraying attacks targeting Secure Firewall devices
American fast-fashion firm Hot Topic hit by credential stuffing attacks
Cisco addressed high-severity flaws in IOS and IOS XE software
Google: China dominates government exploitation of zero-day vulnerabilities in 2023
Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024
CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog
The DDR Advantage: Real-Time Data Defense
Finnish police linked APT31 to the 2021 parliament attack
TheMoon bot infected 40,000 devices in January and February
UK, New Zealand against China-linked cyber operations
US Treasury Dep announced sanctions against members of China-linked APT31
CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog
Iran-Linked APT TA450 embeds malicious links in PDF attachments
StrelaStealer targeted over 100 organizations across the EU and US
GoFetch side-channel attack against Apple systems allows secret keys extraction
Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION
Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr
Russia-linked APT29 targeted German political parties with WINELOADER backdoor
Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024
Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites
German police seized the darknet marketplace Nemesis Market
Unsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic locks
Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days
Critical Fortinet's FortiClient EMS flaw actively exploited in the wild
Pwn2Own Vancouver 2024 Day 1 - team Synacktiv hacked a Tesla
New Loop DoS attack may target 300,000 vulnerable hosts
Critical flaw in Atlassian Bamboo Data Center and Server must be fixed immediately
Threat actors actively exploit JetBrains TeamCity flaws to deliver malware
BunnyLoader 3.0 surfaces in the threat landscape
Pokemon Company resets some users' passwords
Ukraine cyber police arrested crooks selling 100 million compromised accounts
New AcidPour wiper targets Linux x86 devices. Is it a Russia's weapon?
Players hacked during the matches of Apex Legends Global Series. Tournament suspended
Earth Krahang APT breached tens of government organizations worldwide
PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released
Fujitsu suffered a malware attack and probably a data breach
Remove WordPress miniOrange plugins, a critical flaw can allow site takeover
The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats
Email accounts of the International Monetary Fund compromised
Threat actors leaked 70,000,000+ records allegedly stolen from AT&T
“gitgub” malware campaign targets Github users with RisePro info-stealer
Security Affairs newsletter Round 463 by Pierluigi Paganini – INTERNATIONAL EDITION
France Travail data breach impacted 43 Million people
Scranton School District in Pennsylvania suffered a ransomware attack
Lazarus APT group returned to Tornado Cash to launder stolen funds
Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case
UK Defence Secretary jet hit by an electronic warfare attack in Poland
Cisco fixed high-severity elevation of privilege and DoS bugs
Recent DarkGate campaign exploited Microsoft Windows zero-day
Nissan Oceania data breach impacted roughly 100,000 people
Researchers found multiple flaws in ChatGPT plugins
Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS
Acer Philippines disclosed a data breach after a third-party vendor hack
Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack
Microsoft Patch Tuesday security updates for March 2024 fixed 59 flaws
Russia's Foreign Intelligence Service (SVR) alleges US is plotting to interfere in presidential election
First-ever South Korean national detained for espionage in Russia
Insurance scams via QR codes: how to recognise and defend yourself
Massive cyberattacks hit French government agencies
BianLian group exploits JetBrains TeamCity bugs in ransomware attacks
Experts released PoC exploit for critical Progress Software OpenEdge bug
Magnet Goblin group used a new Linux variant of NerbianRAT malware
Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites
Lithuania security services warn of China's espionage against the country
Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION
Threat actors breached two crucial systems of the US CISA
CISA adds JetBrains TeamCity bug to its Known Exploited Vulnerabilities catalog
Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices
QNAP fixed three flaws in its NAS devices, including an authentication bypass
Russia-linked Midnight Blizzard breached Microsoft systems again
Cisco addressed severe flaws in its Secure Client
Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.
2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023
National intelligence agency of Moldova warns of Russia attacks ahead of the presidential election
CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog
Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers
CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks
LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage
Apple emergency security updates fix two new iOS zero-days
VMware urgent updates addressed Critical ESXi Sandbox Escape bugs
US Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacks
CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
Experts disclosed two severe flaws in JetBrains TeamCity On-Premises software
Ukraine's GUR hacked the Russian Ministry of Defense
Some American Express customers' data exposed in a third-party data breach
META hit with privacy complaints by EU consumer groups
New GTPDOOR backdoor is designed to target telecom carrier networks
Threat actors hacked Taiwan-based Chunghwa Telecom
New Linux variant of BIFROSE RAT uses deceptive domain strategies
Eken camera doorbells allow ill-intentioned individuals to spy on you
Security Affairs newsletter Round 461 by Pierluigi Paganini – INTERNATIONAL EDITION
U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp
U.S. authorities charged an Iranian national for long-running hacking campaign
US cyber and law enforcement agencies warn of Phobos ransomware attacks
Police seized Crimemarket, the largest German-speaking cybercrime marketplace
Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws
Crooks stole €15 Million from European retail company Pepco
CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog
Researchers found a zero-click Facebook account takeover
New SPIKEDWINE APT group is targeting officials in Europe
Is the LockBit gang resuming its operation?
Lazarus APT exploited zero-day in Windows driver to gain kernel privileges
Pharmaceutical giant Cencora discloses a data breach
Unmasking 2024's Email Security Landscape
FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector
Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations
Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs
XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk
Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION
US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES
New Redis miner Migo uses novel system weakening techniques
Critical flaw found in deprecated VMware EAP. Uninstall it immediately
Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers
ConnectWise fixed critical flaws in ScreenConnect remote access tool
More details about Operation Cronos that disrupted Lockbit operation
Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric
Operation Cronos: law enforcement disrupted the LockBit operation
A Ukrainian Raccoon Infostealer operator is awaiting trial in the US
Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS
How BRICS Got "Rug Pulled" – Cryptocurrency Counterfeiting is on the Rise
SolarWinds addressed critical RCEs in Access Rights Manager (ARM)
ESET fixed high-severity local privilege escalation bug in Windows products
Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION
Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes
CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks
CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog
US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders
U.S. CISA: hackers breached a state government organization
Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs
US Gov dismantled the Moobot botnet controlled by Russia-linked APT28
A cyberattack halted operations at Varta production plants
North Korea-linked actors breached the emails of a Presidential Office member
CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog
Nation-state actors are using AI services and LLMs for cyberattacks
Abusing the Ubuntu 'command-not-found' utility to install malicious packages
Zoom fixed critical flaw CVE-2024-24691 in Windows software
Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader
Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days
A ransomware attack took 100 Romanian hospitals down
Bank of America customer data compromised after a third-party services provider data breach
Ransomfeed - Third Quarter Report 2023 is out!
Global Malicious Activity Targeting Elections is Skyrocketing
Researchers released a free decryption tool for the Rhysida Ransomware
Residential Proxies vs. Datacenter Proxies: Choosing the Right Option
CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog
Canada Gov plans to ban the Flipper Zero to curb car thefts
9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data
US Feds arrested two men involved in the Warzone RAT operation
Raspberry Robin spotted using two new 1-day LPE exploits
Security Affairs newsletter Round 458 by Pierluigi Paganini – INTERNATIONAL EDITION
CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog
macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations
Exploiting a vulnerable Minifilter Driver to create a process killer
Black Basta ransomware gang hacked Hyundai Motor Europe
Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN
Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices
26 Cyber Security Stats Every User Should Be Aware Of in 2024
US offers $10 million reward for info on Hive ransomware group leaders
Unraveling the truth behind the DDoS attack from electric toothbrushes
China-linked APT Volt Typhoon remained undetected for years in US infrastructure
Cisco fixes critical Expressway Series CSRF vulnerabilities
CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog
Fortinet addressed two critical FortiSIEM vulnerabilities
Experts warn of a critical bug in JetBrains TeamCity On-Premises
Critical shim bug impacts every Linux boot loader signed in the past decade
China-linked APT deployed malware in a network of the Dutch Ministry of Defence
Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG
Google fixed an Android critical remote code execution flaw
A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e
U.S. Gov imposes visa restrictions on individuals misusing Commercial Spyware
HPE is investigating claims of a new security breach
Experts warn of a surge of attacks targeting Ivanti SSRF flaw
How to hack the Airbus NAVBLUE Flysmart+ Manager
Crooks stole $25.5 million from a multinational firm using a 'deepfake' video call
Software firm AnyDesk disclosed a security breach
The 'Mother of all Breaches': Navigating the Aftermath and Fortifying Your Data with DSPM
US government imposed sanctions on six Iranian intel officials
A cyberattack impacted operations at Lurie Children's Hospital
AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web
Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION
Clorox estimates the costs of the August cyberattack will exceed $49 Million
Mastodon fixed a flaw that can allow the takeover of any account
Iranian hackers breached Albania’s Institute of Statistics (INSTAT)
Operation Synergia led to the arrest of 31 individuals
Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison
Cloudflare breached on Thanksgiving Day, but the attack was promptly contained
PurpleFox malware infected at least 2,000 computers in Ukraine
Man sentenced to six years in prison for stealing millions in cryptocurrency via SIM swapping
CISA orders federal agencies to disconnect Ivanti VPN instances by February 2
Multiple malware used in attacks exploiting Ivanti VPN flaws
Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k
Crooks stole around $112 million worth of XRP from Ripple’s co-founder
CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog
Ivanti warns of a new actively exploited zero-day
Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware
Data leak at fintech giant Direct Trading Technologies
Root access vulnerability in GNU Library C (glibc) impacts many Linux distros
Italian data protection authority said that ChatGPT violated EU privacy laws
750 million Indian mobile subscribers' data offered for sale on dark web
Juniper Networks released out-of-band updates to fix high-severity flaws
Hundreds of network operators’ credentials found circulating in Dark Web
Cactus ransomware gang claims the Schneider Electric hack
Mercedes-Benz accidentally exposed sensitive data, including source code
Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords
NSA buys internet browsing records from data brokers without a warrant
Ukraine’s SBU arrested a member of Pro-Russia hackers group 'Cyber Army of Russia'
Multiple PoC exploits released for Jenkins flaw CVE-2024-23897
Medusa ransomware attack hit Kansas City Area Transportation Authority
Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION
Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center
Participants earned more than $1.3M at the Pwn2Own Automotive competition
A TrickBot malware developer sentenced to 64 months in prison
Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns
Watch out, experts warn of a critical flaw in Jenkins
Pwn2Own Automotive 2024 Day 2 - Tesla hacked again
Yearly Intel Trend Review: The 2023 RedSense report
Cisco warns of a critical bug in Unified Communications products, patch it now!
Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)
CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog
5379 GitLab servers vulnerable to zero-click account takeover attacks
Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204
Splunk fixed high-severity flaw impacting Windows versions
Watch out, a new critical flaw affects Fortra GoAnywhere MFT
Australian government announced sanctions for Medibank hacker
LoanDepot data breach impacted roughly 16.6 individuals
Black Basta gang claims the hack of the UK water utility Southern Water
CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog
Mother of all breaches - a historic data leak reveals 26 billion records: check what's exposed
Apple fixed actively exploited zero-day CVE-2024-23222
“My Slice”, an Italian adaptive phishing campaign
Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell
Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web
Backdoored pirated applications targets Apple macOS users
LockBit ransomware gang claims the attack on the sandwich chain Subway
Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION
Admin of the BreachForums hacking forum sentenced to 20 years supervised release
VF Corp December data breach impacts 35 million customers
China-linked APT UNC3886 exploits VMware zero-day since 2021
Ransomware attacks break records in 2023: the number of victims rose by 128%
U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082
The Quantum Computing Cryptopocalypse – I’ll Know It When I See It
Kansas State University suffered a serious cybersecurity incident
CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog
Google TAG warns that Russian COLDRIVER APT is using a custom backdoor
PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts
iShutdown lightweight method allows to discover spyware infections on iPhones
Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos
Github rotated credentials after the discovery of a vulnerability
FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation
Citrix warns admins to immediately patch NetScaler for actively exploited zero-days
Google fixed the first actively exploited Chrome zero-day of 2024
Atlassian fixed critical RCE in older Confluence versions
VMware fixed a critical flaw in Aria Automation. Patch it now!
Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws
Experts warn of a vulnerability affecting Bosch BCC100 Thermostat
Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack
Phemedrone info stealer campaign exploits Windows smartScreen bypass
Balada Injector continues to infect thousands of WordPress sites
Attackers target Apache Hadoop and Flink to deliver cryptominers
Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic
Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION
GitLab fixed a critical zero-click account hijacking flaw
Juniper Networks fixed a critical RCE bug in its firewalls and switches
Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election
Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467
Team Liquid’s wiki leak exposes 118K users
CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog
Two zero-day bugs in Ivanti Connect Secure actively exploited
X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected
Cisco fixed critical Unity Connection vulnerability CVE-2024-20272
ShinyHunters member sentenced to three years in prison
HMG Healthcare disclosed a data breach
Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval
Decryptor for Tortilla variant of Babuk ransomware released
Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws
CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog
Syrian group Anonymous Arabic distributes stealthy malware Silver RAT
Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications
DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace
Long-existing Bandook RAT targets Windows machines
A cyber attack hit the Beirut International Airport
Iranian crypto exchange Bit24.cash leaks user passports and IDs
Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION
Turkish Sea Turtle APT targets Dutch IT and Telecom firms
Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea
Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages
The source code of Zeppelin Ransomware sold on a hacking forum
Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months
Ivanti fixed a critical EPM flaw that can result in remote code execution
MyEstatePoint Property Search Android app leaks user passwords
Hacker hijacked Orange Spain RIPE account causing internet outage to company customers
HealthEC data breach impacted more than 4.5 Million people
Experts found 3 malicious packages hiding crypto miners in PyPi repository
Crooks hacked Mandiant X account to push cryptocurrency scam
Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud
CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
Don’t trust links with known domains: BMW affected by redirect vulnerability
Hackers stole more than $81 million worth of crypto assets from Orbit Chain
Ukraine’s SBU said that Russia's intelligence hacked surveillance cameras to direct a missile strike on Kyiv
Experts warn of JinxLoader loader used to spread Formbook and XLoader
Terrapin attack allows to downgrade SSH protocol security
Multiple organizations in Iran were breached by a mysterious hacker
Top 2023 Security Affairs cybersecurity stories
Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies
Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop
Google agreed to settle a $5 billion privacy lawsuit
Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION
INC RANSOM ransomware gang claims to have breached Xerox Corp
Spotify music converter TuneFab puts users at risk
Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania
Russia-linked APT28 used new malware in a recent phishing campaign
Clash of Clans gamers at risk while using third-party app
New Version of Meduza Stealer Released in Dark Web
Operation Triangulation attacks relied on an undocumented hardware feature
Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data
Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network
Experts warn of critical Zero-Day in Apache OfBiz
Xamalicious Android malware distributed through the Play Store
Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841
Elections 2024, artificial intelligence could upset world balances
Experts analyzed attacks against poorly managed Linux SSH servers
A cyberattack hit Australian healthcare provider St Vincent’s Health Australia
Rhysida ransomware group hacked Abdali Hospital in Jordan
Carbanak malware returned in ransomware attacks
Resecurity Released a 2024 Cyber Threat Landscape Forecast
APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw
Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor
Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION
Europol and ENISA spotted 443 e-stores compromised with digital skimming
Video game giant Ubisoft investigates reports of a data breach
LockBit ransomware gang claims to have breached accountancy firm Xeinadin
Mobile virtual network operator Mint Mobile discloses a data breach
Akira ransomware gang claims the theft of sensitive data from Nissan Australia
Member of Lapsus$ gang sentenced to an indefinite hospital order
Real estate agency exposes details of 690k customers
ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products
Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware
Data leak exposes users of car-sharing service Blink Mobility
Google addressed a new actively exploited Chrome zero-day
German police seized the dark web marketplace Kingdom Market
Law enforcement Operation HAECHI IV led to the seizure of $300 Million
Sophisticated JaskaGO info stealer targets macOS and Windows
BMW dealer at risk of takeover by cybercriminals
Comcast’s Xfinity customer data exposed after CitrixBleed attack
FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it
Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season
The ransomware attack on Westpole is disrupting digital services for Italian public administration
Info stealers and how to protect against them
Pro-Israel Predatory Sparrow hacker group disrupted services at around 70% of Iran’s fuel stations
Qakbot is back and targets the Hospitality industry
A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K
MongoDB investigates a cyberattack, customer data exposed
InfectedSlurs botnet targets QNAP VioStor NVR vulnerability
Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION
New NKAbuse malware abuses NKN decentralized P2P network protocol
Snatch ransomware gang claims the hack of the food giant Kraft Heinz
Multiple flaws in pfSense firewall can lead to arbitrary code execution
BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign
Data of over a million users of the crypto exchange GokuMarket exposed
Idaho National Laboratory data breach impacted 45,047 individuals
Ubiquiti users claim to have access to other people’s devices
Russia-linked APT29 spotted targeting JetBrains TeamCity servers
Microsoft seized the US infrastructure of the Storm-1152 cybercrime group
French authorities arrested a Russian national for his role in the Hive ransomware operation
China-linked APT Volt Typhoon linked to KV-Botnet
UK Home Office is ignoring the risk of 'catastrophic ransomware attacks,' report warns
OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks
Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks
December 2023 Microsoft Patch Tuesday fixed 4 critical flaws
Ukrainian military intelligence service hacked the Russian Federal Taxation Service
Kyivstar, Ukraine's largest mobile carrier brought down by a cyber attack
Dubai’s largest taxi app exposes 220K+ users
Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware
Apple released iOS 17.2 to address a dozen of security flaws
Toyota Financial Services discloses a data breach
Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2
CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog
CISA and ENISA signed a Working Arrangement to enhance cooperation
Researcher discovered a new lock screen bypass bug for Android 14 and 13
WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw
Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION
Hacktivists hacked an Irish water utility and interrupted the water supply
5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips
Norton Healthcare disclosed a data breach after a ransomware attack
Bypassing major EDRs using Pool Party process injection techniques
Founder of Bitzlato exchange has pleaded for unlicensed money transmitting
Android barcode scanner app exposes user passwords
UK and US expose Russia Callisto Group's activity and sanction members
A cyber attack hit Nissan Oceania
New Krasue Linux RAT targets telecom companies in Thailand
Atlassian addressed four new RCE flaws in its products
CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog
Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode
GST Invoice Billing Inventory exposes sensitive data to threat actors
Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw
ENISA published the ENISA Threat Landscape for DoS Attacks Report
Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts
Google fixed critical zero-click RCE in Android
New P2PInfect bot targets routers and IoT devices
Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware
LockBit on a Roll - ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order
Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices
New Agent Raccoon malware targets the Middle East, Africa and the US
Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION
Researchers devised an attack technique to extract ChatGPT training data
Fortune-telling website WeMystic exposes 13M+ user records
Expert warns of Turtle macOS ransomware
Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022
CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog
Apple addressed 2 new iOS zero-day vulnerabilities
Critical Zoom Room bug allowed to gain access to Zoom Tenants
Rhysida ransomware group hacked King Edward VII’s Hospital in London
Google addressed the sixth Chrome Zero-Day vulnerability in 2023
Okta reveals additional attackers' activities in October 2023 Breach
Thousands of secrets lurk in app images on Docker Hub
Threat actors started exploiting critical ownCloud flaw CVE-2023-49103
International police operation dismantled a prominent Ukraine-based Ransomware group
Daixin Team group claimed the hack of North Texas Municipal Water District
Healthcare provider Ardent Health Services disclosed a ransomware attack
Ukraine's intelligence service hacked Russia's Federal Air Transport Agency, Rosaviatsia
Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania
The hack of MSP provider CTS potentially impacted hundreds of UK law firms
Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION
Rhysida ransomware gang claimed China Energy hack
North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack
Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
App used by hundreds of schools leaking children's data
Microsoft launched its new Microsoft Defender Bounty Program
Exposed Kubernetes configuration secrets can fuel supply chain attacks
North Korea-linked Konni APT uses Russian-language weaponized documents
ClearFake campaign spreads macOS AMOS information stealer
Welltok data breach impacted 8.5 million patients in the U.S.
North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software
Automotive parts giant AutoZone disclosed data breach after MOVEit hack
New InfectedSlurs Mirai-based botnet exploits two zero-days
SiegedSec hacktivist group hacked Idaho National Laboratory (INL)
CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog
Citrix provides additional measures to address Citrix Bleed
Tor Project removed several relays associated with a suspicious cryptocurrency scheme
Experts warn of a surge in NetSupport RAT attacks against education and government sectors
The Top 5 Reasons to Use an API Management Platform
Canadian government impacted by data breaches of two of its contractors
Rhysida ransomware gang is auctioning data stolen from the British Library
Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies
DarkCasino joins the list of APT groups exploiting WinRAR zero-day
US teenager pleads guilty to his role in credential stuffing attack on a betting site
Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION
8Base ransomware operators use a new variant of the Phobos ransomware
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
The board of directors of OpenAI fired Sam Altman
Medusa ransomware gang claims the hack of Toyota Financial Services
CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog
Zimbra zero-day exploited to steal government emails by four groups
Vietnam Post exposes 1.2TB of data, including email addresses
Samsung suffered a new data breach
FBI and CISA warn of attacks by Rhysida ransomware gang
Critical flaw fixed in SAP Business One product
Law enforcement agencies dismantled the illegal botnet proxy service IPStorm
Gamblers’ data compromised after casino giant Strendus fails to set password
VMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director Appliance
Danish critical infrastructure hit by the largest cyber attack in Denmark's history
Major Australian ports blocked after a cyber attack on DP World
Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024
CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog
LockBit ransomware gang leaked data stolen from Boeing
North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals
The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital
The State of Maine disclosed a data breach that impacted 1.3M people
Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION
Police seized BulletProftLink phishing-as-a-service (PhaaS) platform
Serbian pleads guilty to running ‘Monopoly’ dark web drug market
McLaren Health Care revealed that a data breach impacted 2.2 million people
After ChatGPT, Anonymous Sudan took down the Cloudflare website
Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack
SysAid zero-day exploited by Clop ransomware group
Dolly.com pays ransom, attackers release data anyway
DDoS attack leads to significant disruption in ChatGPT services
Russian Sandworm disrupts power in Ukraine with a new OT attack
Veeam fixed multiple flaws in Veeam ONE, including critical issues
Pro-Palestinian hackers group 'Soldiers of Solomon' disrupted the production cycle of the biggest flour production plant in Israel
Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks
Critical Confluence flaw exploited in ransomware attacks
QNAP fixed two critical vulnerabilities in QTS OS and apps
Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure
Socks5Systemz proxy service delivered via PrivateLoader and Amadey
US govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actors
Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION
Lazarus targets blockchain engineers with new KandyKorn macOS Malware
Kinsing threat actors probed the Looney Tunables flaws in recent attacks
ZDI discloses four zero-day flaws in Microsoft Exchange
Okta customer support system breach impacted 134 customers
Multiple WhatsApp mods spotted containing the CanesSpy Spyware
Russian FSB arrested Russian hackers who supported Ukrainian cyber operations
MuddyWater has been spotted targeting two Israeli entities
Clop group obtained access to the email addresses of about 632,000 US federal employees
Okta discloses a new data breach after a third-party vendor was hacked
Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware
Boeing confirmed its services division suffered a cyberattack
Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India
Who is behind the Mozi Botnet kill switch?
CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog
Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748
Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper
British Library suffers major outage due to cyberattack
Critical Atlassian Confluence flaw can lead to significant data loss
WiHD leak exposes details of all torrent users
Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198
Canada bans WeChat and Kaspersky apps on government-issued mobile devices
Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency
Wiki-Slack attack allows redirecting business professionals to malicious websites
HackerOne awarded over $300 million bug hunters
StripedFly, a complex malware that infected one million devices without being noticed
IT Army of Ukraine disrupted internet providers in territories occupied by Russia
Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION
Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023
Lockbit ransomware gang claims to have stolen data from Boeing
How to Collect Market Intelligence with Residential Proxies?
F5 urges to address a critical flaw in BIG-IP
Hello Alfred app exposes user data
iLeakage attack exploits Safari to steal data from Apple devices
Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps
Seiko confirmed a data breach after BlackCat attack
Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks
Pwn2Own Toronto 2023 Day 1 - organizers awarded $438,750 in prizes
VMware addressed critical vCenter flaw also for End-of-Life products
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately
New England Biolabs leak sensitive data
Former NSA employee pleads guilty to attempted selling classified documents to Russia
Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!
How did the Okta Support breach impact 1Password?
PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web
Spain police dismantled a cybercriminal group who stole the data of 4 million individuals
CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
Cisco warns of a second IOS XE zero-day used to infect devices worldwide
City of Philadelphia suffers a data breach
SolarWinds fixed three critical RCE flaws in its Access Rights Manager product
Don't use AI-based apps, Philippine defense ordered its personnel
Vietnamese threat actors linked to DarkGate malware campaign
MI5 chief warns of Chinese cyber espionage reached an unprecedented scale
The attack on the International Criminal Court was targeted and sophisticated
Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION
A threat actor is selling access to Facebook and Instagram's Police Portal
Threat actors breached Okta support system and stole customers' data
US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide
Alleged developer of the Ragnar Locker ransomware was arrested
CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198
Law enforcement operation seized Ragnar Locker group's infrastructure
THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!
North Korea-linked APT groups actively exploit JetBrains TeamCity flaw
Multiple APT groups exploited WinRAR flaw CVE-2023-38831
Californian IT company DNA Micro leaks private mobile phone data
Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August
A flaw in Synology DiskStation Manager allows admin account takeover
D-Link confirms data breach, but downplayed the impact
CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems
Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers
Ransomware realities in 2023: one employee mistake can cost a company millions
Malware-laced 'RedAlert - Rocket Alerts' app targets Israeli users
Cisco warns of active exploitation of IOS XE zero-day
Signal denies claims of an alleged zero-day flaw in its platform
Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm
DarkGate malware campaign abuses Skype and Teams
The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital
Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION
Lockbit ransomware gang demanded an 80 million ransom to CDW
CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks
Stayin' Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?
FBI and CISA published a new advisory on AvosLocker ransomware
More than 17,000 WordPress websites infected with the Balada Injector in September
Ransomlooker, a new tool to track and analyze ransomware groups' activities
Phishing, the campaigns that are targeting Italy
A new Magecart campaign hides the malicious code in 404 error page
CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog
Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers
Air Europa data breach exposed customers' credit cards
#OpIsrael, #FreePalestine & #OpSaudiArabia - How Cyber Actors Capitalize On War Actions Via Psy-Ops
Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws
New 'HTTP/2 Rapid Reset' technique behind record-breaking DDoS attacks
Exposed security cameras in Israel and Palestine pose significant risks
A flaw in libcue library impacts GNOME Linux systems
Hacktivists in Palestine and Israel after SCADA and other industrial control systems
Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519
The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum
Gaza-linked hackers and Pro-Russia groups are targeting Israel
Flagstar Bank suffered a data breach once again
Android devices shipped with backdoored firmware as part of the BADBOX network
Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition
North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime
QakBot threat actors are still operational after the August takedown
Ransomware attack on MGM Resorts costs $110 Million
Cybersecurity, why a hotline number could be important?
Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables
Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!
Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege
CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog
NATO is investigating a new cyber attack claimed by the SiegedSec group
Global CRM Provider Exposed Millions of Clients’ Files Online
Sony sent data breach notifications to about 6,800 individuals
Apple fixed the 17th zero-day flaw exploited in attacks
Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks
A cyberattack disrupted Lyca Mobile services
Chipmaker Qualcomm warns of three actively exploited zero-days
DRM Report Q2 2023 - Ransomware threat landscape
Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform
San Francisco’s transport agency exposes drivers’ parking permits and addresses
BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums
Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)
Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV
European Telecommunications Standards Institute (ETSI) suffered a data breach
WS_FTP flaw CVE-2023-40044 actively exploited in the wild
National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers
North Korea-linked Lazarus targeted a Spanish aerospace company
Ransomware attack on Johnson Controls may have exposed sensitive DHS data
BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care
Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition
ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One
FBI warns of dual ransomware attacks
Progress Software fixed two critical severity flaws in WS_FTP Server
Child abuse site taken down, organized child exploitation crime suspected – exclusive
A still unpatched zero-day RCE impacts more than 3.5M Exim servers
Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach
Misconfigured WBSC server leaks thousands of passports
CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog
Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109
Dark Angels Team ransomware group hit Johnson Controls
GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023
Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices
China-linked APT BlackTech was spotted hiding in Cisco router firmware
Watch out! CVE-2023-5129 in libwebp library affects millions applications
DarkBeam leaks billions of email and password combinations
'Ransomed.vc' in the Spotlight - What is Known About the Ransomware Group Targeting Sony and NTT Docomo
Top 5 Problems Solved by Data Lineage
Threat actors claim the hack of Sony, and the company investigates
Canadian Flair Airlines left user data leaking for months
The Rhysida ransomware group hit the Kuwait Ministry of Finance
BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients
Xenomorph malware is back after months of hiatus and expands the list of targets
Smishing Triad Stretches Its Tentacles into the United Arab Emirates
Crooks stole $200 million worth of assets from Mixin Network
A phishing campaign targets Ukrainian military entities with drone manual lures
Alert! Patch your TeamCity instance to avoid server hack
Is Gelsemium APT behind a targeted attack in Southeast Asian Government?
Nigerian National pleads guilty to participating in a millionaire BEC scheme
New variant of BBTok Trojan targets users of +40 banks in LATAM
Deadglyph, a very sophisticated and unknown backdoor targets the Middle East
Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars
Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition
National Student Clearinghouse data breach impacted approximately 900 US schools
Government of Bermuda blames Russian threat actors for the cyber attack
Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware
CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog
Information of Air Canada employees exposed in recent cyberattack
Sandman APT targets telcos with LuaDream backdoor
Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws
Ukrainian hackers are behind the Free Download Manager supply chain attack
Space and defense tech maker Exail Technologies exposes database access
Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions
Experts found critical flaws in Nagios XI network monitoring software
The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs
International Criminal Court hit with a cyber attack
GitLab addressed critical vulnerability CVE-2023-5009
Trend Micro addresses actively exploited zero-day in Apex One and other security Products
ShroudedSnooper threat actors target telecom companies in the Middle East
Recent cyber attack is causing Clorox products shortage
Earth Lusca expands its arsenal with SprySOCKS Linux malware
Microsoft AI research division accidentally exposed 38TB of sensitive data
German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals
Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry
FBI hacker USDoD leaks highly sensitive TransUnion data
North Korea's Lazarus APT stole almost $240 million in crypto assets since June
Clop gang stolen data from major North Carolina hospitals
CardX released a data leak notification impacting their customers in Thailand
Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition
TikTok fined €345M by Irish DPC for violating children’s privacy
Dariy Pankov, the NLBrute malware author, pleads guilty
Dangerous permissions detected in top Android health apps
Caesars Entertainment paid a ransom to avoid stolen data leaks
Free Download Manager backdoored to serve Linux malware for more than 3 years
Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York
The iPhone of a Russian journalist was infected with the Pegasus spyware
Kubernetes flaws could lead to remote code execution on Windows endpoints
Threat actor leaks sensitive data belonging to Airbus
A new ransomware family called 3AM appears in the threat landscape
Redfly group infiltrated an Asian national grid as long as six months
Mozilla fixed a critical zero-day in Firefox and Thunderbird
Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws
Save the Children confirms it was hit by cyber attack
Adobe fixed actively exploited zero-day in Acrobat and Reader
A new Repojacking attack exposed over 4,000 GitHub repositories to hack
MGM Resorts hit by a cyber attack
Anonymous Sudan launched a DDoS attack against Telegram
Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor
GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023
CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog
UK and US sanctioned 11 members of the Russia-based TrickBot gang
New HijackLoader malware is rapidly growing in popularity in the cybercrime community
Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable
Evil Telegram campaign: Trojanized Telegram apps found on Google Play
Rhysida Ransomware gang claims to have hacked three more US hospitals
Akamai prevented the largest DDoS attack on a US financial company
Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition
US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog
Ragnar Locker gang leaks data stolen from the Israel's Mayanei Hayeshua hospital
North Korea-linked threat actors target cybersecurity experts with a zero-day
Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks
Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware
Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs
A malvertising campaign is delivering a new version of the macOS Atomic Stealer
Two flaws in Apache SuperSet allow to remotely hack servers
Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake
Google addressed an actively exploited zero-day in Android
A zero-day in Atlas VPN Linux Client leaks users' IP address
MITRE and CISA release Caldera for OT attack emulation
ASUS routers are affected by three critical remote code execution flaws
Hackers stole $41M worth of crypto assets from crypto gambling firm Stake
Freecycle data breach impacted 7 Million users
Meta disrupted two influence campaigns from China and Russia
A massive DDoS attack took down the site of the German financial agency BaFin
"Smishing Triad" Targeted USPS and US Citizens for Data Theft
University of Sydney suffered a security breach caused by a third-party service provider
Cybercrime will cost Germany $224 billion in 2023
PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks
Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition
LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)
UNRAVELING EternalBlue: inside the WannaCry’s enabler
Researchers released a free decryptor for the Key Group ransomware
Fashion retailer Forever 21 data breach impacted +500,000 individuals
Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware
Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication
Paramount Global disclosed a data breach
National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization
Abusing Windows Container Isolation Framework to avoid detection by security products
Critical RCE flaw impacts VMware Aria Operations Networks
UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw
Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months
FIN8-linked actor targets Citrix NetScaler systems
Japan's JPCERT warns of new 'MalDoc in PDF' attack technique
Attackers can discover IP address by sending a link over the Skype mobile app
Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software
Cloud and hosting provider Leaseweb took down critical systems after a cyber attack
Crypto investor data exposed by a SIM swapping attack against a Kroll employee
China-linked Flax Typhoon APT targets Taiwan
Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035
Resecurity identified a zero-day vulnerability in Schneider Electric Accutech Manager
WPScan researchers reported that threat actors are exploiting a high-severity vulnerability in LiteSpeed Cache plugin for WordPress.
LiteSpeed Cache for WordPress (LSCWP) is an all-in-one site acceleration plugin, featuring an exclusive server-level cache and a collection of optimization features. The plugin has over 5 million active installations.
The vulnerability, tracked as CVE-2023-40000 CVSS score: 8.3, is an Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) issue in LiteSpeed Technologies LiteSpeed Cache that allows Stored XSS.
Attackers exploited the issue to create a rogue admin account, named wpsupp‑user and wp‑configuser, on vulnerable websites.
Upon creating admin accounts, threat actors can gain full control over the website.
Patchstack discovered the stored cross-site scripting (XSS) vulnerability in February 2024.
An unauthenticated user can trigger the issue to elevate privileges by using specially crafted HTTP requests.
WPScan reported that threat actors may inject a malicious script into vulnerable versions of the LiteSpeed plugin. The researchers observed a surge in access to a malicious URL on April 2nd and on April 27.
“The most common IP addresses that were probably scanning for vulnerable sites were 94.102.51.144, with 1,232,810 requests, and 31.43.191.220 with 70,472 requests.” reads WPScan. “The most common IP addresses that were probably scanning for vulnerable sites were 94.102.51.144, with 1,232,810 requests, and 31.43.191.220 with 70,472 requests.”
The vulnerability was fixed in October 2023 with the release of version 5.7.0.1.
Researchers provided indicators of compromise for these attacks, including malicious URLs involved in the campaign: https[:]//dns[.]startservicefounds.com/service/f[.]php, https[:]//api[.]startservicefounds[.]com, and https[:]//cache[.]cloudswiftcdn[.]com. The researchers also recommends to Watch out for IPs associated with the malware, such as 45.150.67.235.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, UK Ministry of Defense)
Hacking / May 08, 2024
Hacking / May 08, 2024
Data Breach / May 08, 2024
Cyber Crime / May 07, 2024
Hacking / May 07, 2024
To contact me write an email to:
Pierluigi Paganini :
[email protected]
Copyright@securityaffairs 2024
source
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606
UK Ministry of Defense disclosed a third-party data breach exposing military personnel data
Law enforcement agencies identified LockBit ransomware admin and sanctioned him
MITRE attributes the recent attack to China-linked UNC5221
Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering
City of Wichita hit by a ransomware attack
El Salvador suffered a massive leak of biometric data
Finland authorities warn of Android malware campaign targeting bank users
NATO and the EU formally condemned Russia-linked APT28 cyber espionage
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Blackbasta gang claimed responsibility for Synlab Italia attack
LockBit published data stolen from Simone Veil hospital in Cannes
Russia-linked APT28 and crooks are still using the Moobot botnet
Dirty stream attack poses billions of Android installs at risk
ZLoader Malware adds Zeus's anti-analysis feature
Ukrainian REvil gang member sentenced to 13 years in prison
HPE Aruba Networking addressed four critical ArubaOS RCE flaws
Threat actors hacked the Dropbox Sign production environment
CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog
Panda Restaurant Group disclosed a data breach
Ex-NSA employee sentenced to 262 months in prison for attempting to transfer classified documents to Russia
Cuttlefish malware targets enterprise-grade SOHO routers
A flaw in the R programming language could allow code execution
Muddling Meerkat, a mysterious DNS Operation involving China's Great Firewall
Notorious Finnish Hacker sentenced to more than six years in prison
CISA guidelines to protect critical infrastructure against AI-based threats
NCSC: New UK law bans default passwords on smart devices
The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data
Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023
Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals
Cyber-Partisans hacktivists claim to have breached Belarus KGB
The Los Angeles County Department of Health Services disclosed a data breach
Multiple Brocade SANnav SAN Management SW flaws allow device compromise
ICICI Bank exposed credit card data of 17000 customers
Okta warns of unprecedented scale in credential stuffing attacks on online services
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Targeted operation against Ukraine exploited 7-year-old MS Office bug
Hackers may have accessed thousands of accounts on the California state welfare platform
Brokewell Android malware supports an extensive set of Device Takeover capabilities
Experts warn of an ongoing malware campaign targeting WP-Automatic plugin
Cryptocurrencies and cybercrime: A critical intermingling
Kaiser Permanente data breach may have impacted 13.4 million patients
Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug
Sweden’s liquor supply severely impacted by ransomware attack on logistics company
CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog
CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog
DOJ arrested the founders of crypto mixer Samourai for facilitating $2 Billion in illegal transactions
Google fixed critical Chrome vulnerability CVE-2024-4058
Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks
Hackers hijacked the eScan Antivirus update mechanism in malware campaign
US offers a $10 million reward for information on four Iranian nationals
The street lights in Leicester City cannot be turned off due to a cyber attack
North Korea-linked APT groups target South Korean defense contractors
U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity
A cyber attack paralyzed operations at Synlab Italia
Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw
Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities
A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites
Akira ransomware received $42M in ransom payments from over 250 victims
DuneQuixote campaign targets the Middle East with a complex backdoor
Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION
Critical CrushFTP zero-day exploited in attacks in the wild
A French hospital was forced to reschedule procedures after cyberattack
MITRE revealed that nation-state actors breached its systems via Ivanti zero-days
FBI chief says China is preparing to attack US critical infrastructure
United Nations Development Programme (UNDP) investigates data breach
FIN7 targeted a large U.S. carmaker with phishing attacks
Law enforcement operation dismantled phishing-as-a-service platform LabHost
Previously unknown Kapeka backdoor linked to Russian Sandworm APT
Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available
Linux variant of Cerber ransomware targets Atlassian servers
Ivanti fixed two critical flaws in its Avalanche MDM
Researchers released exploit code for actively exploited Palo Alto PAN-OS bug
Cisco warns of large-scale brute-force attacks against VPN and SSH services
PuTTY SSH Client flaw allows of private keys recovery
A renewed espionage campaign targets South Asia with iOS spyware LightSpy
Misinformation and hacktivist campaigns targeting the Philippines skyrocket
Russia is trying to sabotage European railways, Czech minister said
Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia
Cisco Duo warns telephony supplier data breach exposed MFA SMS logs
Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets
CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog
Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor
U.S. and Australian police arrested Firebird RAT author and operator
Canadian retail chain Giant Tiger data breach may have impacted millions of customers
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Crooks manipulate GitHub's search results to distribute malware
BatBadBut flaw allowed an attacker to perform command injection on Windows
Roku disclosed a new security breach impacting 576,000 accounts
LastPass employee targeted via an audio deepfake call
TA547 targets German organizations with Rhadamanthys malware
CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog
US CISA published an alert on the Sisense data breach
Palo Alto Networks fixed multiple DoS bugs in its firewalls
Apple warns of mercenary spyware attacks on iPhone users in 92 countries
Microsoft fixed two zero-day bugs exploited in malware attacks
Group Health Cooperative data breach impacted 530,000 individuals
AT&T states that the data breach impacted 51 million former and current customers
Fortinet fixed a critical remote code execution bug in FortiClientLinux
Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues
Cybersecurity in the Evolving Threat Landscape
Over 91,000 LG smart TVs running webOS are vulnerable to hacking
ScrubCrypt used to drop VenomRAT along with many malicious plugins
Google announces V8 Sandbox to protect Chrome users
China is using generative AI to carry out influence operations
Greylock McKinnon Associates data breach exposed DOJ data of 341650 people
Crowdfense is offering a larger 30M USD exploit acquisition program
U.S. Department of Health warns of attacks against IT help desks
Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION
Over 92,000 Internet-facing D-Link NAS devices can be easily hacked
More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894
Cisco warns of XSS flaw in end-of-life small business routers
Magento flaw exploited to deploy persistent backdoor hidden in XML
Cyberattack disrupted services at Omni Hotels & Resorts
HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks
US cancer center City of Hope: data breach impacted 827149 individuals
Ivanti fixed for 4 new issues in Connect Secure and Policy Secure
Jackson County, Missouri, discloses a ransomware attack
Google addressed another Chrome zero-day exploited at Pwn2Own in March
The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse
Google fixed two actively exploited Pixel vulnerabilities
Highly sensitive files mysteriously disappeared from EUROPOL headquarters
XSS flaw in WordPress WP-Members Plugin can lead to script injection
Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor
Google agreed to erase billions of browser records to settle a class action lawsuit
PandaBuy data breach allegedly impacted over 1.3 million customers
OWASP discloses a data breach
New Vultur malware version includes enhanced remote control and evasion capabilities
Pentagon established the Office of the Assistant Secretary of Defense for Cyber Policy
Info stealer attacks target macOS users
Security Affairs newsletter Round 465 by Pierluigi Paganini – INTERNATIONAL EDITION
DinodasRAT Linux variant targets users worldwide
AT&T confirmed that a data breach impacted 73 million customers
Expert found a backdoor in XZ tools used many Linux distributions
German BSI warns of 17,000 unpatched Microsoft Exchange servers
Cisco warns of password-spraying attacks targeting Secure Firewall devices
American fast-fashion firm Hot Topic hit by credential stuffing attacks
Cisco addressed high-severity flaws in IOS and IOS XE software
Google: China dominates government exploitation of zero-day vulnerabilities in 2023
Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024
CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog
The DDR Advantage: Real-Time Data Defense
Finnish police linked APT31 to the 2021 parliament attack
TheMoon bot infected 40,000 devices in January and February
UK, New Zealand against China-linked cyber operations
US Treasury Dep announced sanctions against members of China-linked APT31
CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog
Iran-Linked APT TA450 embeds malicious links in PDF attachments
StrelaStealer targeted over 100 organizations across the EU and US
GoFetch side-channel attack against Apple systems allows secret keys extraction
Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION
Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr
Russia-linked APT29 targeted German political parties with WINELOADER backdoor
Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024
Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites
German police seized the darknet marketplace Nemesis Market
Unsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic locks
Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days
Critical Fortinet's FortiClient EMS flaw actively exploited in the wild
Pwn2Own Vancouver 2024 Day 1 - team Synacktiv hacked a Tesla
New Loop DoS attack may target 300,000 vulnerable hosts
Critical flaw in Atlassian Bamboo Data Center and Server must be fixed immediately
Threat actors actively exploit JetBrains TeamCity flaws to deliver malware
BunnyLoader 3.0 surfaces in the threat landscape
Pokemon Company resets some users' passwords
Ukraine cyber police arrested crooks selling 100 million compromised accounts
New AcidPour wiper targets Linux x86 devices. Is it a Russia's weapon?
Players hacked during the matches of Apex Legends Global Series. Tournament suspended
Earth Krahang APT breached tens of government organizations worldwide
PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released
Fujitsu suffered a malware attack and probably a data breach
Remove WordPress miniOrange plugins, a critical flaw can allow site takeover
The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats
Email accounts of the International Monetary Fund compromised
Threat actors leaked 70,000,000+ records allegedly stolen from AT&T
“gitgub” malware campaign targets Github users with RisePro info-stealer
Security Affairs newsletter Round 463 by Pierluigi Paganini – INTERNATIONAL EDITION
France Travail data breach impacted 43 Million people
Scranton School District in Pennsylvania suffered a ransomware attack
Lazarus APT group returned to Tornado Cash to launder stolen funds
Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case
UK Defence Secretary jet hit by an electronic warfare attack in Poland
Cisco fixed high-severity elevation of privilege and DoS bugs
Recent DarkGate campaign exploited Microsoft Windows zero-day
Nissan Oceania data breach impacted roughly 100,000 people
Researchers found multiple flaws in ChatGPT plugins
Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS
Acer Philippines disclosed a data breach after a third-party vendor hack
Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack
Microsoft Patch Tuesday security updates for March 2024 fixed 59 flaws
Russia's Foreign Intelligence Service (SVR) alleges US is plotting to interfere in presidential election
First-ever South Korean national detained for espionage in Russia
Insurance scams via QR codes: how to recognise and defend yourself
Massive cyberattacks hit French government agencies
BianLian group exploits JetBrains TeamCity bugs in ransomware attacks
Experts released PoC exploit for critical Progress Software OpenEdge bug
Magnet Goblin group used a new Linux variant of NerbianRAT malware
Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites
Lithuania security services warn of China's espionage against the country
Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION
Threat actors breached two crucial systems of the US CISA
CISA adds JetBrains TeamCity bug to its Known Exploited Vulnerabilities catalog
Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices
QNAP fixed three flaws in its NAS devices, including an authentication bypass
Russia-linked Midnight Blizzard breached Microsoft systems again
Cisco addressed severe flaws in its Secure Client
Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.
2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023
National intelligence agency of Moldova warns of Russia attacks ahead of the presidential election
CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog
Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers
CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks
LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage
Apple emergency security updates fix two new iOS zero-days
VMware urgent updates addressed Critical ESXi Sandbox Escape bugs
US Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacks
CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
Experts disclosed two severe flaws in JetBrains TeamCity On-Premises software
Ukraine's GUR hacked the Russian Ministry of Defense
Some American Express customers' data exposed in a third-party data breach
META hit with privacy complaints by EU consumer groups
New GTPDOOR backdoor is designed to target telecom carrier networks
Threat actors hacked Taiwan-based Chunghwa Telecom
New Linux variant of BIFROSE RAT uses deceptive domain strategies
Eken camera doorbells allow ill-intentioned individuals to spy on you
Security Affairs newsletter Round 461 by Pierluigi Paganini – INTERNATIONAL EDITION
U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp
U.S. authorities charged an Iranian national for long-running hacking campaign
US cyber and law enforcement agencies warn of Phobos ransomware attacks
Police seized Crimemarket, the largest German-speaking cybercrime marketplace
Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws
Crooks stole €15 Million from European retail company Pepco
CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog
Researchers found a zero-click Facebook account takeover
New SPIKEDWINE APT group is targeting officials in Europe
Is the LockBit gang resuming its operation?
Lazarus APT exploited zero-day in Windows driver to gain kernel privileges
Pharmaceutical giant Cencora discloses a data breach
Unmasking 2024's Email Security Landscape
FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector
Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations
Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs
XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk
Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION
US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES
New Redis miner Migo uses novel system weakening techniques
Critical flaw found in deprecated VMware EAP. Uninstall it immediately
Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers
ConnectWise fixed critical flaws in ScreenConnect remote access tool
More details about Operation Cronos that disrupted Lockbit operation
Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric
Operation Cronos: law enforcement disrupted the LockBit operation
A Ukrainian Raccoon Infostealer operator is awaiting trial in the US
Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS
How BRICS Got "Rug Pulled" – Cryptocurrency Counterfeiting is on the Rise
SolarWinds addressed critical RCEs in Access Rights Manager (ARM)
ESET fixed high-severity local privilege escalation bug in Windows products
Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION
Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes
CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks
CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog
US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders
U.S. CISA: hackers breached a state government organization
Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs
US Gov dismantled the Moobot botnet controlled by Russia-linked APT28
A cyberattack halted operations at Varta production plants
North Korea-linked actors breached the emails of a Presidential Office member
CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog
Nation-state actors are using AI services and LLMs for cyberattacks
Abusing the Ubuntu 'command-not-found' utility to install malicious packages
Zoom fixed critical flaw CVE-2024-24691 in Windows software
Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader
Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days
A ransomware attack took 100 Romanian hospitals down
Bank of America customer data compromised after a third-party services provider data breach
Ransomfeed - Third Quarter Report 2023 is out!
Global Malicious Activity Targeting Elections is Skyrocketing
Researchers released a free decryption tool for the Rhysida Ransomware
Residential Proxies vs. Datacenter Proxies: Choosing the Right Option
CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog
Canada Gov plans to ban the Flipper Zero to curb car thefts
9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data
US Feds arrested two men involved in the Warzone RAT operation
Raspberry Robin spotted using two new 1-day LPE exploits
Security Affairs newsletter Round 458 by Pierluigi Paganini – INTERNATIONAL EDITION
CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog
macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations
Exploiting a vulnerable Minifilter Driver to create a process killer
Black Basta ransomware gang hacked Hyundai Motor Europe
Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN
Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices
26 Cyber Security Stats Every User Should Be Aware Of in 2024
US offers $10 million reward for info on Hive ransomware group leaders
Unraveling the truth behind the DDoS attack from electric toothbrushes
China-linked APT Volt Typhoon remained undetected for years in US infrastructure
Cisco fixes critical Expressway Series CSRF vulnerabilities
CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog
Fortinet addressed two critical FortiSIEM vulnerabilities
Experts warn of a critical bug in JetBrains TeamCity On-Premises
Critical shim bug impacts every Linux boot loader signed in the past decade
China-linked APT deployed malware in a network of the Dutch Ministry of Defence
Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG
Google fixed an Android critical remote code execution flaw
A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e
U.S. Gov imposes visa restrictions on individuals misusing Commercial Spyware
HPE is investigating claims of a new security breach
Experts warn of a surge of attacks targeting Ivanti SSRF flaw
How to hack the Airbus NAVBLUE Flysmart+ Manager
Crooks stole $25.5 million from a multinational firm using a 'deepfake' video call
Software firm AnyDesk disclosed a security breach
The 'Mother of all Breaches': Navigating the Aftermath and Fortifying Your Data with DSPM
US government imposed sanctions on six Iranian intel officials
A cyberattack impacted operations at Lurie Children's Hospital
AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web
Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION
Clorox estimates the costs of the August cyberattack will exceed $49 Million
Mastodon fixed a flaw that can allow the takeover of any account
Iranian hackers breached Albania’s Institute of Statistics (INSTAT)
Operation Synergia led to the arrest of 31 individuals
Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison
Cloudflare breached on Thanksgiving Day, but the attack was promptly contained
PurpleFox malware infected at least 2,000 computers in Ukraine
Man sentenced to six years in prison for stealing millions in cryptocurrency via SIM swapping
CISA orders federal agencies to disconnect Ivanti VPN instances by February 2
Multiple malware used in attacks exploiting Ivanti VPN flaws
Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k
Crooks stole around $112 million worth of XRP from Ripple’s co-founder
CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog
Ivanti warns of a new actively exploited zero-day
Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware
Data leak at fintech giant Direct Trading Technologies
Root access vulnerability in GNU Library C (glibc) impacts many Linux distros
Italian data protection authority said that ChatGPT violated EU privacy laws
750 million Indian mobile subscribers' data offered for sale on dark web
Juniper Networks released out-of-band updates to fix high-severity flaws
Hundreds of network operators’ credentials found circulating in Dark Web
Cactus ransomware gang claims the Schneider Electric hack
Mercedes-Benz accidentally exposed sensitive data, including source code
Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords
NSA buys internet browsing records from data brokers without a warrant
Ukraine’s SBU arrested a member of Pro-Russia hackers group 'Cyber Army of Russia'
Multiple PoC exploits released for Jenkins flaw CVE-2024-23897
Medusa ransomware attack hit Kansas City Area Transportation Authority
Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION
Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center
Participants earned more than $1.3M at the Pwn2Own Automotive competition
A TrickBot malware developer sentenced to 64 months in prison
Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns
Watch out, experts warn of a critical flaw in Jenkins
Pwn2Own Automotive 2024 Day 2 - Tesla hacked again
Yearly Intel Trend Review: The 2023 RedSense report
Cisco warns of a critical bug in Unified Communications products, patch it now!
Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)
CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog
5379 GitLab servers vulnerable to zero-click account takeover attacks
Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204
Splunk fixed high-severity flaw impacting Windows versions
Watch out, a new critical flaw affects Fortra GoAnywhere MFT
Australian government announced sanctions for Medibank hacker
LoanDepot data breach impacted roughly 16.6 individuals
Black Basta gang claims the hack of the UK water utility Southern Water
CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog
Mother of all breaches - a historic data leak reveals 26 billion records: check what's exposed
Apple fixed actively exploited zero-day CVE-2024-23222
“My Slice”, an Italian adaptive phishing campaign
Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell
Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web
Backdoored pirated applications targets Apple macOS users
LockBit ransomware gang claims the attack on the sandwich chain Subway
Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION
Admin of the BreachForums hacking forum sentenced to 20 years supervised release
VF Corp December data breach impacts 35 million customers
China-linked APT UNC3886 exploits VMware zero-day since 2021
Ransomware attacks break records in 2023: the number of victims rose by 128%
U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082
The Quantum Computing Cryptopocalypse – I’ll Know It When I See It
Kansas State University suffered a serious cybersecurity incident
CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog
Google TAG warns that Russian COLDRIVER APT is using a custom backdoor
PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts
iShutdown lightweight method allows to discover spyware infections on iPhones
Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos
Github rotated credentials after the discovery of a vulnerability
FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation
Citrix warns admins to immediately patch NetScaler for actively exploited zero-days
Google fixed the first actively exploited Chrome zero-day of 2024
Atlassian fixed critical RCE in older Confluence versions
VMware fixed a critical flaw in Aria Automation. Patch it now!
Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws
Experts warn of a vulnerability affecting Bosch BCC100 Thermostat
Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack
Phemedrone info stealer campaign exploits Windows smartScreen bypass
Balada Injector continues to infect thousands of WordPress sites
Attackers target Apache Hadoop and Flink to deliver cryptominers
Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic
Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION
GitLab fixed a critical zero-click account hijacking flaw
Juniper Networks fixed a critical RCE bug in its firewalls and switches
Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election
Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467
Team Liquid’s wiki leak exposes 118K users
CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog
Two zero-day bugs in Ivanti Connect Secure actively exploited
X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected
Cisco fixed critical Unity Connection vulnerability CVE-2024-20272
ShinyHunters member sentenced to three years in prison
HMG Healthcare disclosed a data breach
Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval
Decryptor for Tortilla variant of Babuk ransomware released
Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws
CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog
Syrian group Anonymous Arabic distributes stealthy malware Silver RAT
Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications
DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace
Long-existing Bandook RAT targets Windows machines
A cyber attack hit the Beirut International Airport
Iranian crypto exchange Bit24.cash leaks user passports and IDs
Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION
Turkish Sea Turtle APT targets Dutch IT and Telecom firms
Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea
Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages
The source code of Zeppelin Ransomware sold on a hacking forum
Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months
Ivanti fixed a critical EPM flaw that can result in remote code execution
MyEstatePoint Property Search Android app leaks user passwords
Hacker hijacked Orange Spain RIPE account causing internet outage to company customers
HealthEC data breach impacted more than 4.5 Million people
Experts found 3 malicious packages hiding crypto miners in PyPi repository
Crooks hacked Mandiant X account to push cryptocurrency scam
Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud
CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
Don’t trust links with known domains: BMW affected by redirect vulnerability
Hackers stole more than $81 million worth of crypto assets from Orbit Chain
Ukraine’s SBU said that Russia's intelligence hacked surveillance cameras to direct a missile strike on Kyiv
Experts warn of JinxLoader loader used to spread Formbook and XLoader
Terrapin attack allows to downgrade SSH protocol security
Multiple organizations in Iran were breached by a mysterious hacker
Top 2023 Security Affairs cybersecurity stories
Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies
Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop
Google agreed to settle a $5 billion privacy lawsuit
Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION
INC RANSOM ransomware gang claims to have breached Xerox Corp
Spotify music converter TuneFab puts users at risk
Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania
Russia-linked APT28 used new malware in a recent phishing campaign
Clash of Clans gamers at risk while using third-party app
New Version of Meduza Stealer Released in Dark Web
Operation Triangulation attacks relied on an undocumented hardware feature
Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data
Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network
Experts warn of critical Zero-Day in Apache OfBiz
Xamalicious Android malware distributed through the Play Store
Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841
Elections 2024, artificial intelligence could upset world balances
Experts analyzed attacks against poorly managed Linux SSH servers
A cyberattack hit Australian healthcare provider St Vincent’s Health Australia
Rhysida ransomware group hacked Abdali Hospital in Jordan
Carbanak malware returned in ransomware attacks
Resecurity Released a 2024 Cyber Threat Landscape Forecast
APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw
Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor
Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION
Europol and ENISA spotted 443 e-stores compromised with digital skimming
Video game giant Ubisoft investigates reports of a data breach
LockBit ransomware gang claims to have breached accountancy firm Xeinadin
Mobile virtual network operator Mint Mobile discloses a data breach
Akira ransomware gang claims the theft of sensitive data from Nissan Australia
Member of Lapsus$ gang sentenced to an indefinite hospital order
Real estate agency exposes details of 690k customers
ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products
Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware
Data leak exposes users of car-sharing service Blink Mobility
Google addressed a new actively exploited Chrome zero-day
German police seized the dark web marketplace Kingdom Market
Law enforcement Operation HAECHI IV led to the seizure of $300 Million
Sophisticated JaskaGO info stealer targets macOS and Windows
BMW dealer at risk of takeover by cybercriminals
Comcast’s Xfinity customer data exposed after CitrixBleed attack
FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it
Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season
The ransomware attack on Westpole is disrupting digital services for Italian public administration
Info stealers and how to protect against them
Pro-Israel Predatory Sparrow hacker group disrupted services at around 70% of Iran’s fuel stations
Qakbot is back and targets the Hospitality industry
A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K
MongoDB investigates a cyberattack, customer data exposed
InfectedSlurs botnet targets QNAP VioStor NVR vulnerability
Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION
New NKAbuse malware abuses NKN decentralized P2P network protocol
Snatch ransomware gang claims the hack of the food giant Kraft Heinz
Multiple flaws in pfSense firewall can lead to arbitrary code execution
BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign
Data of over a million users of the crypto exchange GokuMarket exposed
Idaho National Laboratory data breach impacted 45,047 individuals
Ubiquiti users claim to have access to other people’s devices
Russia-linked APT29 spotted targeting JetBrains TeamCity servers
Microsoft seized the US infrastructure of the Storm-1152 cybercrime group
French authorities arrested a Russian national for his role in the Hive ransomware operation
China-linked APT Volt Typhoon linked to KV-Botnet
UK Home Office is ignoring the risk of 'catastrophic ransomware attacks,' report warns
OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks
Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks
December 2023 Microsoft Patch Tuesday fixed 4 critical flaws
Ukrainian military intelligence service hacked the Russian Federal Taxation Service
Kyivstar, Ukraine's largest mobile carrier brought down by a cyber attack
Dubai’s largest taxi app exposes 220K+ users
Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware
Apple released iOS 17.2 to address a dozen of security flaws
Toyota Financial Services discloses a data breach
Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2
CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog
CISA and ENISA signed a Working Arrangement to enhance cooperation
Researcher discovered a new lock screen bypass bug for Android 14 and 13
WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw
Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION
Hacktivists hacked an Irish water utility and interrupted the water supply
5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips
Norton Healthcare disclosed a data breach after a ransomware attack
Bypassing major EDRs using Pool Party process injection techniques
Founder of Bitzlato exchange has pleaded for unlicensed money transmitting
Android barcode scanner app exposes user passwords
UK and US expose Russia Callisto Group's activity and sanction members
A cyber attack hit Nissan Oceania
New Krasue Linux RAT targets telecom companies in Thailand
Atlassian addressed four new RCE flaws in its products
CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog
Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode
GST Invoice Billing Inventory exposes sensitive data to threat actors
Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw
ENISA published the ENISA Threat Landscape for DoS Attacks Report
Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts
Google fixed critical zero-click RCE in Android
New P2PInfect bot targets routers and IoT devices
Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware
LockBit on a Roll - ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order
Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices
New Agent Raccoon malware targets the Middle East, Africa and the US
Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION
Researchers devised an attack technique to extract ChatGPT training data
Fortune-telling website WeMystic exposes 13M+ user records
Expert warns of Turtle macOS ransomware
Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022
CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog
Apple addressed 2 new iOS zero-day vulnerabilities
Critical Zoom Room bug allowed to gain access to Zoom Tenants
Rhysida ransomware group hacked King Edward VII’s Hospital in London
Google addressed the sixth Chrome Zero-Day vulnerability in 2023
Okta reveals additional attackers' activities in October 2023 Breach
Thousands of secrets lurk in app images on Docker Hub
Threat actors started exploiting critical ownCloud flaw CVE-2023-49103
International police operation dismantled a prominent Ukraine-based Ransomware group
Daixin Team group claimed the hack of North Texas Municipal Water District
Healthcare provider Ardent Health Services disclosed a ransomware attack
Ukraine's intelligence service hacked Russia's Federal Air Transport Agency, Rosaviatsia
Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania
The hack of MSP provider CTS potentially impacted hundreds of UK law firms
Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION
Rhysida ransomware gang claimed China Energy hack
North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack
Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
App used by hundreds of schools leaking children's data
Microsoft launched its new Microsoft Defender Bounty Program
Exposed Kubernetes configuration secrets can fuel supply chain attacks
North Korea-linked Konni APT uses Russian-language weaponized documents
ClearFake campaign spreads macOS AMOS information stealer
Welltok data breach impacted 8.5 million patients in the U.S.
North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software
Automotive parts giant AutoZone disclosed data breach after MOVEit hack
New InfectedSlurs Mirai-based botnet exploits two zero-days
SiegedSec hacktivist group hacked Idaho National Laboratory (INL)
CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog
Citrix provides additional measures to address Citrix Bleed
Tor Project removed several relays associated with a suspicious cryptocurrency scheme
Experts warn of a surge in NetSupport RAT attacks against education and government sectors
The Top 5 Reasons to Use an API Management Platform
Canadian government impacted by data breaches of two of its contractors
Rhysida ransomware gang is auctioning data stolen from the British Library
Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies
DarkCasino joins the list of APT groups exploiting WinRAR zero-day
US teenager pleads guilty to his role in credential stuffing attack on a betting site
Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION
8Base ransomware operators use a new variant of the Phobos ransomware
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
The board of directors of OpenAI fired Sam Altman
Medusa ransomware gang claims the hack of Toyota Financial Services
CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog
Zimbra zero-day exploited to steal government emails by four groups
Vietnam Post exposes 1.2TB of data, including email addresses
Samsung suffered a new data breach
FBI and CISA warn of attacks by Rhysida ransomware gang
Critical flaw fixed in SAP Business One product
Law enforcement agencies dismantled the illegal botnet proxy service IPStorm
Gamblers’ data compromised after casino giant Strendus fails to set password
VMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director Appliance
Danish critical infrastructure hit by the largest cyber attack in Denmark's history
Major Australian ports blocked after a cyber attack on DP World
Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024
CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog
LockBit ransomware gang leaked data stolen from Boeing
North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals
The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital
The State of Maine disclosed a data breach that impacted 1.3M people
Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION
Police seized BulletProftLink phishing-as-a-service (PhaaS) platform
Serbian pleads guilty to running ‘Monopoly’ dark web drug market
McLaren Health Care revealed that a data breach impacted 2.2 million people
After ChatGPT, Anonymous Sudan took down the Cloudflare website
Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack
SysAid zero-day exploited by Clop ransomware group
Dolly.com pays ransom, attackers release data anyway
DDoS attack leads to significant disruption in ChatGPT services
Russian Sandworm disrupts power in Ukraine with a new OT attack
Veeam fixed multiple flaws in Veeam ONE, including critical issues
Pro-Palestinian hackers group 'Soldiers of Solomon' disrupted the production cycle of the biggest flour production plant in Israel
Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks
Critical Confluence flaw exploited in ransomware attacks
QNAP fixed two critical vulnerabilities in QTS OS and apps
Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure
Socks5Systemz proxy service delivered via PrivateLoader and Amadey
US govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actors
Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION
Lazarus targets blockchain engineers with new KandyKorn macOS Malware
Kinsing threat actors probed the Looney Tunables flaws in recent attacks
ZDI discloses four zero-day flaws in Microsoft Exchange
Okta customer support system breach impacted 134 customers
Multiple WhatsApp mods spotted containing the CanesSpy Spyware
Russian FSB arrested Russian hackers who supported Ukrainian cyber operations
MuddyWater has been spotted targeting two Israeli entities
Clop group obtained access to the email addresses of about 632,000 US federal employees
Okta discloses a new data breach after a third-party vendor was hacked
Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware
Boeing confirmed its services division suffered a cyberattack
Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India
Who is behind the Mozi Botnet kill switch?
CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog
Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748
Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper
British Library suffers major outage due to cyberattack
Critical Atlassian Confluence flaw can lead to significant data loss
WiHD leak exposes details of all torrent users
Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198
Canada bans WeChat and Kaspersky apps on government-issued mobile devices
Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency
Wiki-Slack attack allows redirecting business professionals to malicious websites
HackerOne awarded over $300 million bug hunters
StripedFly, a complex malware that infected one million devices without being noticed
IT Army of Ukraine disrupted internet providers in territories occupied by Russia
Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION
Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023
Lockbit ransomware gang claims to have stolen data from Boeing
How to Collect Market Intelligence with Residential Proxies?
F5 urges to address a critical flaw in BIG-IP
Hello Alfred app exposes user data
iLeakage attack exploits Safari to steal data from Apple devices
Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps
Seiko confirmed a data breach after BlackCat attack
Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks
Pwn2Own Toronto 2023 Day 1 - organizers awarded $438,750 in prizes
VMware addressed critical vCenter flaw also for End-of-Life products
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately
New England Biolabs leak sensitive data
Former NSA employee pleads guilty to attempted selling classified documents to Russia
Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!
How did the Okta Support breach impact 1Password?
PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web
Spain police dismantled a cybercriminal group who stole the data of 4 million individuals
CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
Cisco warns of a second IOS XE zero-day used to infect devices worldwide
City of Philadelphia suffers a data breach
SolarWinds fixed three critical RCE flaws in its Access Rights Manager product
Don't use AI-based apps, Philippine defense ordered its personnel
Vietnamese threat actors linked to DarkGate malware campaign
MI5 chief warns of Chinese cyber espionage reached an unprecedented scale
The attack on the International Criminal Court was targeted and sophisticated
Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION
A threat actor is selling access to Facebook and Instagram's Police Portal
Threat actors breached Okta support system and stole customers' data
US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide
Alleged developer of the Ragnar Locker ransomware was arrested
CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198
Law enforcement operation seized Ragnar Locker group's infrastructure
THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!
North Korea-linked APT groups actively exploit JetBrains TeamCity flaw
Multiple APT groups exploited WinRAR flaw CVE-2023-38831
Californian IT company DNA Micro leaks private mobile phone data
Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August
A flaw in Synology DiskStation Manager allows admin account takeover
D-Link confirms data breach, but downplayed the impact
CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems
Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers
Ransomware realities in 2023: one employee mistake can cost a company millions
Malware-laced 'RedAlert - Rocket Alerts' app targets Israeli users
Cisco warns of active exploitation of IOS XE zero-day
Signal denies claims of an alleged zero-day flaw in its platform
Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm
DarkGate malware campaign abuses Skype and Teams
The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital
Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION
Lockbit ransomware gang demanded an 80 million ransom to CDW
CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks
Stayin' Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?
FBI and CISA published a new advisory on AvosLocker ransomware
More than 17,000 WordPress websites infected with the Balada Injector in September
Ransomlooker, a new tool to track and analyze ransomware groups' activities
Phishing, the campaigns that are targeting Italy
A new Magecart campaign hides the malicious code in 404 error page
CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog
Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers
Air Europa data breach exposed customers' credit cards
#OpIsrael, #FreePalestine & #OpSaudiArabia - How Cyber Actors Capitalize On War Actions Via Psy-Ops
Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws
New 'HTTP/2 Rapid Reset' technique behind record-breaking DDoS attacks
Exposed security cameras in Israel and Palestine pose significant risks
A flaw in libcue library impacts GNOME Linux systems
Hacktivists in Palestine and Israel after SCADA and other industrial control systems
Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519
The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum
Gaza-linked hackers and Pro-Russia groups are targeting Israel
Flagstar Bank suffered a data breach once again
Android devices shipped with backdoored firmware as part of the BADBOX network
Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition
North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime
QakBot threat actors are still operational after the August takedown
Ransomware attack on MGM Resorts costs $110 Million
Cybersecurity, why a hotline number could be important?
Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables
Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!
Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege
CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog
NATO is investigating a new cyber attack claimed by the SiegedSec group
Global CRM Provider Exposed Millions of Clients’ Files Online
Sony sent data breach notifications to about 6,800 individuals
Apple fixed the 17th zero-day flaw exploited in attacks
Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks
A cyberattack disrupted Lyca Mobile services
Chipmaker Qualcomm warns of three actively exploited zero-days
DRM Report Q2 2023 - Ransomware threat landscape
Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform
San Francisco’s transport agency exposes drivers’ parking permits and addresses
BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums
Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)
Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV
European Telecommunications Standards Institute (ETSI) suffered a data breach
WS_FTP flaw CVE-2023-40044 actively exploited in the wild
National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers
North Korea-linked Lazarus targeted a Spanish aerospace company
Ransomware attack on Johnson Controls may have exposed sensitive DHS data
BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care
Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition
ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One
FBI warns of dual ransomware attacks
Progress Software fixed two critical severity flaws in WS_FTP Server
Child abuse site taken down, organized child exploitation crime suspected – exclusive
A still unpatched zero-day RCE impacts more than 3.5M Exim servers
Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach
Misconfigured WBSC server leaks thousands of passports
CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog
Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109
Dark Angels Team ransomware group hit Johnson Controls
GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023
Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices
China-linked APT BlackTech was spotted hiding in Cisco router firmware
Watch out! CVE-2023-5129 in libwebp library affects millions applications
DarkBeam leaks billions of email and password combinations
'Ransomed.vc' in the Spotlight - What is Known About the Ransomware Group Targeting Sony and NTT Docomo
Top 5 Problems Solved by Data Lineage
Threat actors claim the hack of Sony, and the company investigates
Canadian Flair Airlines left user data leaking for months
The Rhysida ransomware group hit the Kuwait Ministry of Finance
BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients
Xenomorph malware is back after months of hiatus and expands the list of targets
Smishing Triad Stretches Its Tentacles into the United Arab Emirates
Crooks stole $200 million worth of assets from Mixin Network
A phishing campaign targets Ukrainian military entities with drone manual lures
Alert! Patch your TeamCity instance to avoid server hack
Is Gelsemium APT behind a targeted attack in Southeast Asian Government?
Nigerian National pleads guilty to participating in a millionaire BEC scheme
New variant of BBTok Trojan targets users of +40 banks in LATAM
Deadglyph, a very sophisticated and unknown backdoor targets the Middle East
Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars
Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition
National Student Clearinghouse data breach impacted approximately 900 US schools
Government of Bermuda blames Russian threat actors for the cyber attack
Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware
CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog
Information of Air Canada employees exposed in recent cyberattack
Sandman APT targets telcos with LuaDream backdoor
Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws
Ukrainian hackers are behind the Free Download Manager supply chain attack
Space and defense tech maker Exail Technologies exposes database access
Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions
Experts found critical flaws in Nagios XI network monitoring software
The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs
International Criminal Court hit with a cyber attack
GitLab addressed critical vulnerability CVE-2023-5009
Trend Micro addresses actively exploited zero-day in Apex One and other security Products
ShroudedSnooper threat actors target telecom companies in the Middle East
Recent cyber attack is causing Clorox products shortage
Earth Lusca expands its arsenal with SprySOCKS Linux malware
Microsoft AI research division accidentally exposed 38TB of sensitive data
German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals
Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry
FBI hacker USDoD leaks highly sensitive TransUnion data
North Korea's Lazarus APT stole almost $240 million in crypto assets since June
Clop gang stolen data from major North Carolina hospitals
CardX released a data leak notification impacting their customers in Thailand
Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition
TikTok fined €345M by Irish DPC for violating children’s privacy
Dariy Pankov, the NLBrute malware author, pleads guilty
Dangerous permissions detected in top Android health apps
Caesars Entertainment paid a ransom to avoid stolen data leaks
Free Download Manager backdoored to serve Linux malware for more than 3 years
Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York
The iPhone of a Russian journalist was infected with the Pegasus spyware
Kubernetes flaws could lead to remote code execution on Windows endpoints
Threat actor leaks sensitive data belonging to Airbus
A new ransomware family called 3AM appears in the threat landscape
Redfly group infiltrated an Asian national grid as long as six months
Mozilla fixed a critical zero-day in Firefox and Thunderbird
Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws
Save the Children confirms it was hit by cyber attack
Adobe fixed actively exploited zero-day in Acrobat and Reader
A new Repojacking attack exposed over 4,000 GitHub repositories to hack
MGM Resorts hit by a cyber attack
Anonymous Sudan launched a DDoS attack against Telegram
Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor
GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023
CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog
UK and US sanctioned 11 members of the Russia-based TrickBot gang
New HijackLoader malware is rapidly growing in popularity in the cybercrime community
Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable
Evil Telegram campaign: Trojanized Telegram apps found on Google Play
Rhysida Ransomware gang claims to have hacked three more US hospitals
Akamai prevented the largest DDoS attack on a US financial company
Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition
US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog
Ragnar Locker gang leaks data stolen from the Israel's Mayanei Hayeshua hospital
North Korea-linked threat actors target cybersecurity experts with a zero-day
Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks
Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware
Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs
A malvertising campaign is delivering a new version of the macOS Atomic Stealer
Two flaws in Apache SuperSet allow to remotely hack servers
Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake
Google addressed an actively exploited zero-day in Android
A zero-day in Atlas VPN Linux Client leaks users' IP address
MITRE and CISA release Caldera for OT attack emulation
ASUS routers are affected by three critical remote code execution flaws
Hackers stole $41M worth of crypto assets from crypto gambling firm Stake
Freecycle data breach impacted 7 Million users
Meta disrupted two influence campaigns from China and Russia
A massive DDoS attack took down the site of the German financial agency BaFin
"Smishing Triad" Targeted USPS and US Citizens for Data Theft
University of Sydney suffered a security breach caused by a third-party service provider
Cybercrime will cost Germany $224 billion in 2023
PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks
Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition
LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)
UNRAVELING EternalBlue: inside the WannaCry’s enabler
Researchers released a free decryptor for the Key Group ransomware
Fashion retailer Forever 21 data breach impacted +500,000 individuals
Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware
Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication
Paramount Global disclosed a data breach
National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization
Abusing Windows Container Isolation Framework to avoid detection by security products
Critical RCE flaw impacts VMware Aria Operations Networks
UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw
Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months
FIN8-linked actor targets Citrix NetScaler systems
Japan's JPCERT warns of new 'MalDoc in PDF' attack technique
Attackers can discover IP address by sending a link over the Skype mobile app
Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software
Cloud and hosting provider Leaseweb took down critical systems after a cyber attack
Crypto investor data exposed by a SIM swapping attack against a Kroll employee
China-linked Flax Typhoon APT targets Taiwan
Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035
Resecurity identified a zero-day vulnerability in Schneider Electric Accutech Manager
WPScan researchers reported that threat actors are exploiting a high-severity vulnerability in LiteSpeed Cache plugin for WordPress.
LiteSpeed Cache for WordPress (LSCWP) is an all-in-one site acceleration plugin, featuring an exclusive server-level cache and a collection of optimization features. The plugin has over 5 million active installations.
The vulnerability, tracked as CVE-2023-40000 CVSS score: 8.3, is an Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) issue in LiteSpeed Technologies LiteSpeed Cache that allows Stored XSS.
Attackers exploited the issue to create a rogue admin account, named wpsupp‑user and wp‑configuser, on vulnerable websites.
Upon creating admin accounts, threat actors can gain full control over the website.
Patchstack discovered the stored cross-site scripting (XSS) vulnerability in February 2024.
An unauthenticated user can trigger the issue to elevate privileges by using specially crafted HTTP requests.
WPScan reported that threat actors may inject a malicious script into vulnerable versions of the LiteSpeed plugin. The researchers observed a surge in access to a malicious URL on April 2nd and on April 27.
“The most common IP addresses that were probably scanning for vulnerable sites were 94.102.51.144, with 1,232,810 requests, and 31.43.191.220 with 70,472 requests.” reads WPScan. “The most common IP addresses that were probably scanning for vulnerable sites were 94.102.51.144, with 1,232,810 requests, and 31.43.191.220 with 70,472 requests.”
The vulnerability was fixed in October 2023 with the release of version 5.7.0.1.
Researchers provided indicators of compromise for these attacks, including malicious URLs involved in the campaign: https[:]//dns[.]startservicefounds.com/service/f[.]php, https[:]//api[.]startservicefounds[.]com, and https[:]//cache[.]cloudswiftcdn[.]com. The researchers also recommends to Watch out for IPs associated with the malware, such as 45.150.67.235.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, UK Ministry of Defense)
Hacking / May 08, 2024
Hacking / May 08, 2024
Data Breach / May 08, 2024
Cyber Crime / May 07, 2024
Hacking / May 07, 2024
To contact me write an email to:
Pierluigi Paganini :
[email protected]
Copyright@securityaffairs 2024
source
Comments
Post a Comment