securityaffairs.com Open in urlscan Pro
2606:4700:3031::6815:90b  Public Scan

Submitted URL: http://securityaffairs.com/
Effective URL: https://securityaffairs.com/
Submission: On December 13 via manual from ES — Scanned from ES

Form analysis 2 forms found in the DOM

GET https://securityaffairs.com

<form method="get" action="https://securityaffairs.com">
  <input type="search" name="s" placeholder="Search.." class="site-search-field" value="">
  <input type="submit" class="sm-icon">
</form>

POST /#wpcf7-f149934-o1

<form action="/#wpcf7-f149934-o1" method="post" class="wpcf7-form init" aria-label="Contact form" novalidate="novalidate" data-status="init">
  <div style="display: none;">
    <input type="hidden" name="_wpcf7" value="149934">
    <input type="hidden" name="_wpcf7_version" value="6.0.1">
    <input type="hidden" name="_wpcf7_locale" value="en_US">
    <input type="hidden" name="_wpcf7_unit_tag" value="wpcf7-f149934-o1">
    <input type="hidden" name="_wpcf7_container_post" value="0">
    <input type="hidden" name="_wpcf7_posted_data_hash" value="">
  </div>
  <div class="form-field"><span class="wpcf7-form-control-wrap" data-name="your-email"><input size="40" maxlength="400" class="wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email" autocomplete="email"
        aria-required="true" aria-invalid="false" placeholder="Your email address" value="" type="email" name="your-email"></span><input class="wpcf7-form-control wpcf7-submit has-spinner" type="submit" value="SIGN UP"><span
      class="wpcf7-spinner"></span></div>
  <div class="wpcf7-response-output" aria-hidden="true"></div>
</form>

Text Content

 * Home
 * Cyber Crime
 * Cyber warfare
 * APT
 * Data Breach
 * Deep Web
 * Digital ID
 * Hacking
 * Hacktivism
 * Intelligence
 * Internet of Things
 * Laws and regulations
 * Malware
 * Mobile
 * Reports
 * Security
 * Social Networks
 * Terrorism
 * ICS-SCADA
 * POLICIES
 * Contact me

MUST READ

Experts discovered the first mobile malware families linked to Russia's
Gamaredon

 | 

US Bitcoin ATM operator Byte Federal suffered a data breach

 | 

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

 | 

Operation PowerOFF took down 27 DDoS platforms across 15 countries

 | 

Russia's Secret Blizzard APT targets Ukraine with Kazuar backdoor

 | 

Ivanti fixed a maximum severity vulnerability in its CSA solution

 | 

Operation Digital Eye: China-linked relies on Visual Studio Code Remote Tunnels
to spy on Europen entities

 | 

Chinese national charged for hacking thousands of Sophos firewalls

 | 

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE -
Smishing Triad in Action

 | 

U.S. CISA adds Microsoft Windows CLFS driver flaw to its Known Exploited
Vulnerabilities catalog

 | 

Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day

 | 

SAP fixed critical SSRF flaw in NetWeaver's Adobe Document Services

 | 

Romanian energy supplier Electrica Group is facing a ransomware attack

 | 

Deloitte denied its systems were hacked by Brain Cipher ransomware group

 | 

Mandiant devised a technique to bypass browser isolation using QR codes

 | 

2023 Anna Jaques Hospital data breach impacted over 310,000 people

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 23

 | 

Security Affairs newsletter Round 501 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

RedLine info-stealer campaign targets Russian businesses through pirated
corporate software

 | 

8Base ransomware group hacked Croatia's Port of Rijeka

 | 

Romania ’s election systems hit by 85,000 attacks ahead of presidential vote

 | 

New Atrium Health data breach impacts 585,000 individuals

 | 

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

 | 

Hundred of CISCO switches impacted by bootloader flaw

 | 

Operation Destabilise dismantled Russian money laundering networks

 | 

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat
actors

 | 

China-linked APT Salt Typhoon has breached telcos in dozens of countries

 | 

Black Basta ransomware gang hit BT Group

 | 

Authorities shut down Crimenetwork, the Germany's largest crime marketplace

 | 

Veeam addressed critical Service Provider Console (VSPC) bug

 | 

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage
targeting telecom networks

 | 

U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its
Known Exploited Vulnerabilities catalog

 | 

The ASA flaw CVE-2014-2120 is being actively exploited in the wild

 | 

DMM Bitcoin halts operations six months after a $300 million cyber heist

 | 

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

 | 

Poland probes Pegasus spyware abuse under the PiS government

 | 

Tor Project needs 200 WebTunnel bridges more to bypass Russia' censorship

 | 

Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

 | 

How threat actors can use generative artificial intelligence?

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22

 | 

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Hackers stole millions of dollars from Uganda Central Bank

 | 

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

 | 

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

 | 

Zello urges users to reset passwords following a cyber attack

 | 

A cyberattack impacted operations at UK Wirral University Teaching Hospital

 | 

T-Mobile detected network intrusion attempts and blocked them

 | 

ProjectSend critical flaw actively exploited in the wild, experts warn

 | 

Bootkitty is the first UEFI Bootkit designed for Linux systems

 | 

VMware fixed five vulnerabilities in Aria Operations product

 | 

Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries

 | 

Russian group RomCom exploited Firefox and Tor Browser zero-days to target
attacks Europe and North America

 | 

The source code of Banshee Stealer leaked online

 | 

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited
Vulnerabilities catalog

 | 

Thai police arrested Chinese hackers involved in SMS blaster attacks

 | 

Zyxel firewalls targeted in recent ransomware attacks

 | 

Malware campaign abused flawed Avast Anti-Rootkit driver

 | 

Russia-linked APT TAG-110 uses targets Europe and Asia

 | 

Russia-linked threat actors threaten the UK and its allies, minister to say

 | 

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

DoJ seized credit card marketplace PopeyeTools and charges its administrators

 | 

A cyberattack on gambling giant IGT disrupted portions of its IT systems

 | 

China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane

 | 

Microsoft seized 240 sites used by the ONNX phishing service

 | 

U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited
Vulnerabilities catalog

 | 

More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched
zero-days

 | 

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs
Office

 | 

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

 | 

Threat actor sells data of over 750,000 patients from a French hospital

 | 

Decade-old local privilege escalation bugs impacts Ubuntu needrestart package

 | 

Ford data breach involved a third-party supplier

 | 

Hacker obtained documents tied to lawsuit over Matt Gaetz's sexual misconduct
allegations

 | 

Apple addressed two actively exploited zero-day vulnerabilities

 | 

Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming
of Sports events

 | 

Russian Phobos ransomware operator faces cybercrime charges

 | 

Great Plains Regional Medical Center ransomware attack impacted 133,000
individuals

 | 

Recently disclosed VMware vCenter Server bugs are actively exploited in attacks

 | 

Foreign adversary hacked email communications of the Library of Congress says

 | 

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

 | 

Increased GDPR Enforcement Highlights the Need for Data Security

 | 

Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 20

 | 

A botnet exploits e GeoVision zero-day to compromise EoL devices

 | 

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

 | 

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

 | 

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

 | 

U.S. CISA adds Palo Alto Networks Expedition bugs to its Known Exploited
Vulnerabilities catalog

 | 

China-linked threat actors compromised multiple telecos and spied on a limited
number of U.S. government officials

 | 

Bitdefender released a decryptor for the ShrinkLocker ransomware

 | 

China's Volt Typhoon botnet has re-emerged

 | 

Zoom addressed two high-severity issues in its platform

 | 

Microsoft Patch Tuesday security updates for November 2024 fix two actively
exploited zero-days

 | 

Ahold Delhaize experienced a cyber incident affecting several of its U.S. brands

 | 

A cyberattack on payment systems blocked cards readers across stores and gas
stations in Israel

 | 

Apple indeed added a feature called "inactivity reboot" in iOS 18.1 that reboots
locked devices

 | 

Ymir ransomware, a new stealthy ransomware grow in the wild

 | 

Amazon discloses employee data breach after May 2023 MOVEit attacks

 | 

A new fileless variant of Remcos RAT observed in the wild

 | 

A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops
in Ukraine

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 19

 | 

Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of
telco providers

 | 

Mazda Connect flaws allow to hack some Mazda vehicles

 | 

Veeam Backup & Replication exploit reused in new Frag ransomware attack

 | 

Texas oilfield supplier Newpark Resources suffered a ransomware attack

 | 

Palo Alto Networks warns of potential RCE in PAN-OS management interface

 | 

iPhones in a law enforcement forensics lab mysteriously rebooted losing their
After First Unlock (AFU) state

 | 

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo
nhttpd bugs to its Known Exploited Vulnerabilities catalog

 | 

DPRK-linked BlueNoroff used macOS malware with novel persistence

 | 

Canada ordered ByteDance to shut down TikTok operations in the country over
security concerns

 | 

Critical bug in Cisco UWRB access points allows attackers to run commands as
root

 | 

INTERPOL: Operation Synergia II disrupted +22,000 malicious IPs

 | 

Memorial Hospital and Manor suffered a ransomware attack

 | 

South Korea fined Meta $15.67M for illegally collecting and sharing Facebook
users

 | 

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS
devices

 | 

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on
Italy

 | 

U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities
catalog

 | 

Canadian authorities arrested alleged Snowflake hacker

 | 

Android flaw CVE-2024-43093 may be under limited, targeted exploitation

 | 

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

 | 

Nigerian man Sentenced to 26+ years in real estate phishing scams

 | 

Russian disinformation campaign active ahead of 2024 US election

 | 

International law enforcement operation shut down DDoS-for-hire platform
Dstat.cc

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 18

 | 

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

US Election 2024 – FBI warning about fake election videos

 | 

Chinese threat actors use Quad7 botnet in password-spray attacks

 | 

FBI arrested former Disney World employee for hacking computer menus and
mislabeling allergy info

 | 

Sophos details five years of China-linked threat actors' activity targeting
network devices worldwide

 | 

PTZOptics cameras zero-days actively exploited in the wild

 | 

New LightSpy spyware version targets iPhones with destructive capabilities

 | 

LottieFiles confirmed a supply chain attack on Lottie-Player

 | 

Threat actor says Interbank refused to pay the ransom after a two-week
negotiation

 | 

QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024

 | 

New version of Android malware FakeCall redirects bank calls to scammers

 | 

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a
spear-phishing campaign using RDP files

 | 

QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024

 | 

International law enforcement operation dismantled RedLine and Meta infostealers

 | 

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

 | 

Russia-linked espionage group UNC5812 targets Ukraine's military with malware

 | 

France’s second-largest telecoms provider Free suffered a cyber attack

 | 

A crime ring compromised Italian state databases reselling stolen info

 | 

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

 | 

Black Basta affiliates used Microsoft Teams in recent attacks

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 17

 | 

Four REvil Ransomware members sentenced for hacking and money laundering

 | 

Chinese cyber spies targeted phones used by Trump and Vance

 | 

Irish Data Protection Commission fined LinkedIn €310M for GDPR infringement

 | 

Change Healthcare data breach impacted over 100 million people

 | 

OnePoint Patient Care data breach impacted 795916 individuals

 | 

From Risk Assessment to Action: Improving Your DLP Response

 | 

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known
Exploited Vulnerabilities catalog

 | 

Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung
Galaxy S24

 | 

Cisco fixed tens of vulnerabilities, including an actively exploited one

 | 

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June
2024

 | 

U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities
catalog

 | 

Digital Echo Chambers and Erosion of Trust - Key Threats to the US Elections

 | 

Crooks are targeting Docker API servers to deploy SRBMiner

 | 

Why DSPM is Essential for Achieving Data Privacy in 2024

 | 

SEC fined 4 companies for misleading disclosures about the impact of the
SolarWinds attack

 | 

Samsung zero-day flaw actively exploited in the wild

 | 

Experts warn of a new wave of Bumblebee malware attacks

 | 

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities
catalog

 | 

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

 | 

Cisco states that data published on cybercrime forum was taken from
public-facing DevHub environment

 | 

Internet Archive was breached twice in a month

 | 

Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

 | 

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP

 | 

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited
Vulnerabilities catalog

 | 

North Korea-linked APT37 exploited IE zero-day in a recent attack

 | 

Omni Family Health data breach impacts 468,344 individuals

 | 

Iran-linked actors target critical infrastructure organizations

 | 

macOS HM Surf flaw in TCC allows bypass Safari privacy settings

 | 

Two Sudanese nationals indicted for operating the Anonymous Sudan group

 | 

Russia-linked RomCom group targeted Ukrainian government agencies since late
2023

 | 

A critical flaw in Kubernetes Image Builder could allow attackers to gain root
access

 | 

VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX

 | 

Brazil's Polícia Federal arrested the notorious hacker USDoD

 | 

Finnish Customs dismantled the dark web drugs market Sipulitie

 | 

U.S. CISA adds Microsoft Windows Kernel, Mozilla Firefox and SolarWinds Web Help
Desk bugs to its Known Exploited Vulnerabilities catalog

 | 

GitHub addressed a critical vulnerability in Enterprise Server

 | 

A new Linux variant of FASTCash malware targets financial systems

 | 

WordPress Jetpack plugin critical flaw impacts 27 million sites

 | 

Pokemon dev Game Freak discloses data breach

 | 

U.S. CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited
Vulnerabilities catalog

 | 

Nation-state actor exploited three Ivanti CSA zero-days

 | 

Dutch police dismantled dual dark web market 'Bohemia/Cannabia'

 | 

Fidelity Investments suffered a second data breach this year

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15

 | 

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on
a large scale

 | 

A cyber attack hit Iranian government sites and nuclear facilities

 | 

Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in
recent attacks

 | 

GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline execution

 | 

Iran and China-linked actors used ChatGPT for preparing attacks

 | 

Internet Archive data breach impacted 31M users

 | 

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

 | 

U.S. CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited
Vulnerabilities catalog

 | 

Mozilla issued an urgent Firefox update to fix an actively exploited flaw

 | 

Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full
compromise of the devices

 | 

Cybercriminals Are Targeting AI Conversational Platforms

 | 

Awaken Likho APT group targets Russian government with a new implant

 | 

U.S. CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities
catalog

 | 

Ukrainian national pleads guilty in U.S. court for operating the Raccoon
Infostealer

 | 

MoneyGram discloses data breach following September cyberattack

 | 

American Water shut down some of its systems following a cyberattack

 | 

Universal Music data breach impacted 680 individuals

 | 

FBCS data breach impacted 238,000 Comcast customers

 | 

Critical Apache Avro SDK RCE flaw impacts Java applications

 | 

Man pleads guilty to stealing over $37 Million worth of cryptocurrency

 | 

U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited
Vulnerabilities catalog

 | 

China-linked group Salt Typhoon hacked US broadband providers and breached
wiretap systems

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

 | 

Security Affairs newsletter Round 492 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Google Pixel 9 supports new security features to mitigate baseband attacks

 | 

WordPress LiteSpeed Cache plugin flaw could allow site takeover

 | 

Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs

 | 

Google removed Kaspersky's security apps from the Play Store

 | 

New Perfctl Malware targets Linux servers in cryptomining campaign

 | 

Microsoft and DOJ seized the attack infrastructure used by Russia-linked
Callisto Group

 | 

Dutch police breached by a state actor

 | 

Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug

 | 

Telegram revealed it shared U.S. user data with law enforcement

 | 

U.S. CISA adds Ivanti Endpoint Manager (EPM) flaw to its Known Exploited
Vulnerabilities catalog

 | 

14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries

 | 

Rhadamanthys information stealer introduces AI-driven capabilities

 | 

Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild.
Patch it now!

 | 

Police arrested four new individuals linked to the LockBit ransomware operation

 | 

UMC Health System diverted patients following a ransomware attack

 | 

U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion
Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities
catalog

 | 

News agency AFP hit by cyberattack, client services impacted

 | 

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

 | 

Patelco Credit Union data breach impacted over 1 million people

 | 

Community Clinic of Maui discloses a data breach following May Lockbit
ransomware attack

 | 

A British national has been charged for his execution of a hack-to-trade scheme

 | 

Critical NVIDIA Container Toolkit flaw could allow access to the underlying host

 | 

Israel army hacked the communication network of the Beirut Airport control tower

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13

 | 

Security Affairs newsletter Round 491 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Irish Data Protection Commission fined Meta €91 million for storing passwords in
readable format

 | 

A cyberattack on Kuwait Health Ministry impacted hospitals in the country

 | 

Cyber vandalism on Wi-Fi networks at UK train stations spread an anti-Islam
message

 | 

CUPS flaws allow remote code execution on Linux systems under certain conditions

 | 

U.S. sanctioned virtual currency exchanges Cryptex and PM2BTC for facilitating
illegal activities

 | 

Hacking Kia cars made after 2013 using just their license plate

 | 

Critical RCE vulnerability found in OpenPLC

 | 

China-linked APT group Salt Typhoon compromised some U.S. internet service
providers (ISPs)

 | 

Privacy non-profit noyb claims that Firefox tracks users with privacy preserving
feature

 | 

Data of 3,191 congressional staffers leaked in the dark web

 | 

New variant of Necro Trojan infected more than 11 million devices

 | 

U.S. CISA adds Ivanti Virtual Traffic Manager flaw to its Known Exploited
Vulnerabilities catalog

 | 

Arkansas City water treatment facility switched to manual operations following a
cyberattack

 | 

New Android banking trojan Octo2 targets European banks

 | 

A generative artificial intelligence malware used in phishing attacks

 | 

A cyberattack on MoneyGram caused its service outage

 | 

Did Israel infiltrate Lebanese telecoms networks?

 | 

Telegram will provide user data to law enforcement in response to legal requests

 | 

ESET fixed two privilege escalation flaws in its products

 | 

North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via
malicious Python packages

 | 

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

 | 

Hacktivist group Twelve is back and targets Russian entities

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 12

 | 

Security Affairs newsletter Round 490 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Noise Storms: Mysterious massive waves of spoofed traffic observed since 2020

 | 

Hackers stole over $44 million from Asian crypto platform BingX

 | 

OP KAERB: Europol dismantled phishing scheme targeting mobile users

 | 

Ukraine bans Telegram for government agencies, military, and critical
infrastructure

 | 

Tor Project responded to claims that law enforcement can de-anonymize Tor users

 | 

UNC1860 provides Iran-linked APTs with access to Middle Eastern networks

 | 

US DoJ charged two men with stealing and laundering $230 Million worth of
cryptocurrency

 | 

The Vanilla Tempest cybercrime gang used INC ransomware for the first time in
attacks on the healthcare sector

 | 

U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known
Exploited Vulnerabilities catalog

 | 

Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw

 | 

International law enforcement operation dismantled criminal communication
platform Ghost

 | 

U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper,
Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited
Vulnerabilities catalog

 | 

SIEM for Small and Medium-Sized Enterprises: What you need to know

 | 

Experts warn of China-linked APT's Raptor Train IoT Botnet

 | 

Credential Flusher, understanding the threat and how to protect your login data

 | 

U.S. Treasury issued fresh sanctions against entities linked to the Intellexa
Consortium

 | 

Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812

 | 

Remote attack on pagers used by Hezbollah caused 9 deaths and thousands of
injuries

 | 

Chinese man charged for spear-phishing against NASA and US Government

 | 

U.S. CISA adds Microsoft Windows MSHTML Platform and Progress WhatsUp Gold bugs
to its Known Exploited Vulnerabilities catalog

 | 

Taking Control Online: Ensuring Awareness of Data Usage and Consent

 | 

Qilin ransomware attack on Synnovis impacted over 900,000 patients

 | 

D-Link addressed three critical RCE in wireless router models

 | 

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a
zero-day before July 2024

 | 

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager

 | 

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of
threat intelligence exposure

 | 

Hacker tricked ChatGPT into providing detailed instructions to make a homemade
bomb

 | 

Port of Seattle confirmed that Rhysida ransomware gang was behind the August
attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

 | 

U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known
Exploited Vulnerabilities catalog

 | 

Ivanti Cloud Service Appliance flaw is being actively exploited in the wild

 | 

GitLab fixed a critical flaw in GitLab CE and GitLab EE

 | 

New Linux malware called Hadooken targets Oracle WebLogic servers

 | 

Lehigh Valley Health Network hospital network has agreed to a $65 million
settlement after data breach

 | 

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

 | 

Cybersecurity giant Fortinet discloses a data breach

 | 

Singapore Police arrest six men allegedly involved in a cybercrime syndicate

 | 

Adobe Patch Tuesday security updates fixed multiple critical issues in the
company's products

 | 

Highline Public Schools school district suspended its activities following a
cyberattack

 | 

RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR

 | 

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

 | 

Microsoft Patch Tuesday security updates for September 2024 addressed four
actively exploited zero-days

 | 

Quad7 botnet evolves to more stealthy tactics to evade detection

 | 

Poland thwarted cyberattacks that were carried out by Russia and Belarus

 | 

U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known
Exploited Vulnerabilities catalog

 | 

Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M
individuals

 | 

Predator spyware operation is back with a new infrastructure

 | 

TIDRONE APT targets drone manufacturers in Taiwan

 | 

Multiple malware families delivered exploiting GeoServer GeoTools flaw
CVE-2024-36401

 | 

Progress Software fixed a maximum severity flaw in LoadMaster

 | 

Feds indicted two alleged administrators of WWH Club dark web marketplace

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 10

 | 

Security Affairs newsletter Round 488 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known
Exploited Vulnerabilities catalog

 | 

A flaw in WordPress LiteSpeed Cache Plugin allows account takeover

 | 

Car rental company Avis discloses a data breach

 | 

SonicWall warns that SonicOS bug exploited in attacks

 | 

Apache fixed a new remote code execution flaw in Apache OFBiz

 | 

Russia-linked GRU Unit 29155 targeted critical infrastructure globally

 | 

Veeam fixed a critical flaw in Veeam Backup & Replication software

 | 

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

 | 

Is Russian group APT28 behind the cyber attack on the German air traffic control
agency (DFS)?

 | 

Quishing, an insidious threat to electric car owners

 | 

Discontinued D-Link DIR-846 routers are affected by code execution flaws.
Replace them!

 | 

Head Mare hacktivist group targets Russia and Belarus

 | 

Zyxel fixed critical OS command injection flaw in multiple routers

 | 

VMware fixed a code execution flaw in Fusion hypervisor

 | 

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

 | 

Three men plead guilty to running MFA bypass service OTP.Agency

 | 

Transport for London (TfL) is dealing with an ongoing cyberattack

 | 

Lockbit gang claims the attack on the Toronto District School Board (TDSB)

 | 

A new variant of Cicada ransomware targets VMware ESXi systems

 | 

An air transport security system flaw allowed to bypass airport security
screenings

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 9

 | 

Security Affairs newsletter Round 487 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Fortra fixed two severe issues in FileCatalyst Workflow, including a critical
flaw

 | 

South Korea-linked group APT-C-60 exploited a WPS Office zero-day

 | 

Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

 | 

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO
Group and Intellexa

 | 

Cisco addressed a high-severity flaw in NX-OS software

 | 

Corona Mirai botnet spreads via AVTECH CCTV zero-day 

 | 

Telegram CEO Pavel Durov charged in France for facilitating criminal activities

 | 

Iran-linked group APT33 adds new Tickler malware to its arsenal

 | 

U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities
catalog

 | 

Young Consulting data breach impacts 954,177 individuals

 | 

BlackByte Ransomware group targets recently patched VMware ESXi flaw
CVE-2024-37085

 | 

US offers $2.5M reward for Belarusian man involved in mass malware distribution

 | 

U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog

 | 

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

 | 

Researchers unmasked the notorious threat actor USDoD

 | 

The Dutch Data Protection Authority (DPA) has fined Uber a record €290M

 | 

Google addressed the tenth actively exploited Chrome zero-day this year

 | 

SonicWall addressed an improper access control issue in its firewalls

 | 

A cyberattack impacted operations at the Port of Seattle and Sea-Tac Airport

 | 

Linux malware sedexp uses udev rules for persistence and evasion

 | 

France police arrested Telegram CEO Pavel Durov

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 8

 | 

Security Affairs newsletter Round 486 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog

 | 

Hackers can take over Ecovacs home robots to spy on their owners

 | 

Russian national arrested in Argentina for laundering money of crooks and
Lazarus APT

 | 

Qilin ransomware steals credentials stored in Google Chrome

 | 

Phishing attacks target mobile users via progressive web applications (PWA)

 | 

Member of cybercrime group Karakurt charged in the US

 | 

New malware Cthulhu Stealer targets Apple macOS users

 | 

China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches

 | 

A cyberattack hit US oil giant Halliburton

 | 

SolarWinds fixed a hardcoded credential issue in Web Help Desk

 | 

A cyberattack disrupted operations of US chipmaker Microchip Technology

 | 

Google addressed the ninth actively exploited Chrome zero-day this year

 | 

GitHub fixed a new critical flaw in the GitHub Enterprise Server 

 | 

Experts disclosed a critical information-disclosure flaw in Microsoft Copilot
Studio

 | 

North Korea-linked APT used a new RAT called MoonPeak

 | 

Pro-Russia group Vermin targets Ukraine with a new malware family

 | 

A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows
cloning

 | 

Ransomware payments rose from $449.1 million to $459.8 million

 | 

Previously unseen Msupedge backdoor targeted a university in Taiwan

 | 

Oracle NetSuite misconfiguration could lead to data exposure

 | 

Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a
cybercrime forum

 | 

CISA adds Jenkins Command Line Interface (CLI) bug to its Known Exploited
Vulnerabilities catalog

 | 

Researchers uncovered new infrastructure linked to the cybercrime group FIN7

 | 

Experts warn of exploit attempt for Ivanti vTM bug

 | 

Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus
APT

 | 

The Mad Liberator ransomware group uses social-engineering techniques

 | 

From 2018: DeepMasterPrints: deceive fingerprint recognition systems with
MasterPrints generated with GANs

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7

 | 

Security Affairs newsletter Round 485 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Large-scale extortion campaign targets publicly accessible environment variable
files (.env)

 | 

OpenAI dismantled an Iranian influence operation targeting the U.S. presidential
election

 | 

National Public Data confirms a data breach

 | 

CISA adds SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities
catalog

 | 

Russian national sentenced to 40 months for selling stolen data on the dark web

 | 

Banshee Stealer, a new macOS malware with a monthly subscription price of $3,000

 | 

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

 | 

Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack

 | 

A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter

 | 

Google disrupted hacking campaigns carried out by Iran-linked APT42

 | 

Black Basta ransomware gang linked to a SystemBC malware campaign

 | 

A massive cyber attack hit Central Bank of Iran and other Iranian banks

 | 

China-linked APT Earth Baku targets Europe, the Middle East, and Africa

 | 

SolarWinds addressed a critical RCE in all Web Help Desk versions

 | 

Kootenai Health data breach impacted 464,000 patients

 | 

Microsoft Patch Tuesday security updates for August 2024 addressed six actively
exploited bugs

 | 

A PoC exploit code is available for critical Ivanti vTM bug

 | 

Elon Musk claims that a DDoS attack caused problems with the livestream
interview with Donald Trump

 | 

CERT-UA warns of a phishing campaign targeting government entities

 | 

US DoJ dismantled remote IT worker fraud schemes run by North Korea

 | 

A FreeBSD flaw could allow remote code execution, patch it now!

 | 

EastWind campaign targets Russian organizations with sophisticated backdoors

 | 

Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE

 | 

Foreign nation-state actors hacked Donald Trump’s campaign

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

 | 

Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

ADT disclosed a data breach that impacted more than 30,000 customers

 | 

Is the INC ransomware gang behind the attack on McLaren hospitals?

 | 

Crooks took control of a cow milking robot causing the death of a cow

 | 

Sonos smart speakers flaw allowed to eavesdrop on users

 | 

Five zero-days impacts EoL Cisco Small Business IP Phones. Replace them with
newer models asap!

 | 

CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited
Vulnerabilities catalog

 | 

Russian cyber spies stole data and emails from UK government systems

 | 

0.0.0.0 Day flaw allows malicious websites to bypass security in major browsers

 | 

FBI and CISA update a joint advisory on the BlackSuit Ransomware group

 | 

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

 | 

Critical XSS bug in Roundcube Webmail allows attackers to steal emails and
sensitive data

 | 

New Android spyware LianSpy relies on Yandex Cloud to avoid detection

 | 

Hackers breached MDM firm Mobile Guardian and wiped thousands of devices

 | 

A ransomware attack hit French museum network

 | 

CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities
catalog

 | 

Google warns of an actively exploited Android kernel flaw

 | 

Should Organizations Pay Ransom Demands?

 | 

North Korea-linked hackers target construction and machinery sectors with
watering hole and supply chain attacks

 | 

Researchers warn of a new critical Apache OFBiz flaw

 | 

Keytronic incurred approximately $17 million of expenses following ransomware
attack

 | 

A flaw in Rockwell Automation ControlLogix 1756 could expose critical control
systems to unauthorized access

 | 

China-linked APT41 breached Taiwanese research institute

 | 

Chinese StormBamboo APT compromised ISP to deliver malware

 | 

Hackers attempt to sell the personal data of 3 billion people resulting from an
April data breach

 | 

Security Affairs Malware Newsletter - Round 5

 | 

Security Affairs newsletter Round 483 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

US sued TikTok and ByteDance for violating children’s privacy laws

 | 

Russia-linked APT used a car for sale as a phishing lure to target diplomats
with HeadLace malware

 | 

Investors sued CrowdStrike over false claims about its Falcon platform

 | 

Avtech camera vulnerability actively exploited in the wild, CISA warns

 | 

U.S. released Russian cybercriminals in diplomatic prisoner exchange

 | 

Sitting Ducks attack technique exposes over a million domains to hijacking

 | 

Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

 | 

BingoMod Android RAT steals money from victims' bank accounts and wipes data

 | 

A ransomware attack disrupted operations at OneBlood blood bank

 | 

Apple fixed dozens of vulnerabilities in iOS and macOS

 | 

Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple
malware families

 | 

A Fortune 50 company paid a record-breaking $75 million ransom

 | 

CISA adds VMware ESXi bug to its Known Exploited Vulnerabilities catalog

 | 

Mandrake Android spyware found in five apps in Google Play with over 32,000
downloads since 2022

 | 

SideWinder phishing campaign targets maritime facilities in multiple countries

 | 

A crafty phishing campaign targets Microsoft OneDrive users

 | 

Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085

 | 

Acronis Cyber Infrastructure bug actively exploited in the wild

 | 

Fake Falcon crash reporter installer used to target German Crowdstrike users

 | 

Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware

 | 

French authorities launch disinfection operation to eradicate PlugX malware from
infected hosts

 | 

Security Affairs Malware Newsletter - Round 4

 | 

Security Affairs newsletter Round 482 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Ukraine's cyber operation shut down the ATM services of major Russian banks

 | 

A bug in Chrome Password Manager caused user credentials to disappear

 | 

BIND updates fix four high-severity DoS bugs in the DNS software suite

 | 

Terrorist Activity is Accelerating in Cyberspace - Risk Precursor to Summer
Olympics and Elections

 | 

Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server

 | 

Critical bug in Docker Engine allowed attackers to bypass authorization plugins

 | 

Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver
ACR, Lumma, and Meduza Stealers

 | 

Michigan Medicine data breach impacted 56953 patients

 | 

U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known
Exploited Vulnerabilities catalog

 | 

China-linked APT group uses new Macma macOS backdoor version

 | 

FrostyGoop ICS malware targets Ukraine

 | 

Hackers abused swap files in e-skimming attacks on Magento sites

 | 

US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists
group

 | 

EvilVideo, a Telegram Android zero-day allowed sending malicious APKs disguised
as videos

 | 

SocGholish malware used to spread AsyncRAT malware

 | 

UK police arrested a 17-year-old linked to the Scattered Spider gang

 | 

Security Affairs Malware Newsletter - Round 3

 | 

Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter
Server bugs to its Known Exploited Vulnerabilities catalog

 | 

Threat actors attempted to capitalize CrowdStrike incident

 | 

Russian nationals plead guilty to participating in the LockBit ransomware group

 | 

MediSecure data breach impacted 12.9 million individuals

 | 

CrowdStrike update epic fail crashed Windows systems worldwide

 | 

Cisco fixed a critical flaw in Security Email Gateway that could allow attackers
to add root users

 | 

SAPwned flaws in SAP AI core could expose customers' data

 | 

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

 | 

How to Protect Privacy and Build Secure AI Products

 | 

A critical flaw in Cisco SSM On-Prem allows attackers to change any user's
password

 | 

MarineMax data breach impacted over 123,000 individuals

 | 

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

 | 

The Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal

 | 

CISA adds OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities
catalog

 | 

Kaspersky leaves U.S. market following the ban on the sale of its software in
the country

 | 

FBI unlocked the phone of the suspect in the assassination attempt on Donald
Trump

 | 

Ransomware groups target Veeam Backup & Replication bug

 | 

AT&T paid a $370,000 ransom to prevent stolen data from being leaked

 | 

HardBit ransomware version 4.0 supports new obfuscation techniques

 | 

Dark Gate malware campaign uses Samba file shares

 | 

Security Affairs Malware Newsletter - Round 2

 | 

Security Affairs newsletter Round 480 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and
IcedID operations

 | 

Rite Aid disclosed data breach following RansomHub ransomware attack

 | 

New AT&T data breach exposed call logs of almost all customers

 | 

Critical flaw in Exim MTA could allow to deliver malware to users' inboxes

 | 

Palo Alto Networks fixed a critical bug in the Expedition tool

 | 

Smishing Triad Is Targeting India To Steal Personal and Payment Data at Scale

 | 

October ransomware attack on Dallas County impacted over 200,000 people

 | 

CrystalRay operations have scaled 10x to over 1,500 victims

 | 

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

 | 

AI-Powered Russia's bot farm operates on X, US and its allies warn

 | 

VMware fixed critical SQL-Injection in Aria Automation product

 | 

Citrix fixed critical and high-severity bugs in NetScaler product

 | 

A new flaw in OpenSSH can lead to remote code execution

 | 

Microsoft Patch Tuesday for July 2024 fixed 2 actively exploited zero-days

 | 

U.S. CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known
Exploited Vulnerabilities catalog

 | 

Evolve Bank data breach impacted over 7.6 million individuals

 | 

More than 31 million customer email addresses exposed following Neiman Marcus
data breach

 | 

Avast released a decryptor for DoNex Ransomware and its predecessors

 | 

RockYou2024 compilation containing 10 billion passwords was leaked online

 | 

Critical Ghostscript flaw exploited in the wild. Patch it now!

 | 

Apple removed 25 VPN apps from the App Store in Russia following Moscow's
requests

 | 

CISA adds Cisco NX-OS Command Injection bug to its Known Exploited
Vulnerabilities catalog

 | 

Apache fixed a source code disclosure flaw in Apache HTTP Server

 | 

Security Affairs Malware Newsletter - Round 1

 | 

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Alabama State Department of Education suffered a data breach following a blocked
attack

 | 

GootLoader is still active and efficient

 | 

Hackers stole OpenAI secrets in a 2023 security breach

 | 

Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes

 | 

Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS
script linking to the malicious domain

 | 

New Golang-based Zergeca Botnet appeared in the threat landscape

 | 

Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus

 | 

Hackers compromised Ethereum mailing list and launched a crypto draining attack

 | 

OVHcloud mitigated a record-breaking DDoS attack in April 2024

 | 

Healthcare fintech firm HealthEquity disclosed a data breach

 | 

Brazil data protection authority bans Meta from training AI models with data
originating in the country

 | 

Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform

 | 

Operation Morpheus took down 593 Cobalt Strike servers used by threat actors

 | 

LockBit group claims the hack of the Fairfield Memorial Hospital in the US

 | 

American Patelco Credit Union suffered a ransomware attack

 | 

Polish government investigates Russia-linked cyberattack on state news agency

 | 

Evolve Bank data breach impacted fintech firms Wise and Affirm

 | 

Prudential Financial data breach impacted over 2.5 million individuals

 | 

Australian man charged for Evil Twin Wi-Fi attacks on domestic flights

 | 

China-linked APT exploited Cisco NX-OS zero-day to deploy custom malware

 | 

Critical unauthenticated remote code execution flaw in OpenSSH server

 | 

Monti gang claims the hack of the Wayne Memorial Hospital in Pennsylvania

 | 

Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769

 | 

Russia-linked Midnight Blizzard stole email of more Microsoft customers

 | 

Russia-linked group APT29 likely breached TeamViewer's corporate network

 | 

Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Infosys McCamish Systems data breach impacted over 6 million people

 | 

A cyberattack shut down the University Hospital Centre Zagreb in Croatia

 | 

US announces a $10M reward for Russia's GRU hacker behind attacks on Ukraine

 | 

LockBit group falsely claimed the hack of the Federal Reserve

 | 

CISA adds GeoSolutionsGroup JAI-EXT, Linux Kernel, and Roundcube Webmail bugs to
its Known Exploited Vulnerabilities catalog

 | 

New P2Pinfect version delivers miners and ransomware on Redis servers

 | 

New MOVEit Transfer critical bug is actively exploited

 | 

New Caesar Cipher Skimmer targets popular CMS used by e-stores

 | 

Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw

 | 

Wikileaks founder Julian Assange is free

 | 

CISA confirmed that its CSAT environment was breached in January.

 | 

Threat actors compromised 1,590 CoinStats crypto wallets

 | 

Experts observed approximately 120 malicious campaigns using the Rafel RAT

 | 

LockBit claims the hack of the US Federal Reserve

 | 

Ransomware threat landscape Jan-Apr 2024: insights and challenges

 | 

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

 | 

Threat actor attempts to sell 30 million customer records allegedly stolen from
TEG

 | 

Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Threat actors are actively exploiting SolarWinds Serv-U bug CVE-2024-28995

 | 

US government sanctions twelve Kaspersky Lab executives

 | 

Experts found a bug in the Linux version of RansomHub ransomware

 | 

UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially
impacts hundreds of PC and server models

 | 

Russia-linked APT Nobelium targets French diplomatic entities

 | 

US bans sale of Kaspersky products due to risks to national security

 | 

Atlassian fixed six high-severity bugs in Confluence Data Center and Server

 | 

China-linked spies target Asian Telcos since at least 2021

 | 

New Rust infostealer Fickle Stealer spreads through various attack methods

 | 

An unpatched bug allows anyone to impersonate Microsoft corporate email accounts

 | 

Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale

 | 

Alleged researchers stole $3 million from Kraken exchange

 | 

Google Chrome 126 update addresses multiple high-severity flaws

 | 

Chip maker giant AMD investigates a data breach

 | 

Cryptojacking campaign targets exposed Docker APIs

 | 

VMware fixed RCE and privilege escalation bugs in vCenter Server

 | 

Meta delays training its AI using public content shared by EU users 

 | 

Keytronic confirms data breach after ransomware attack

 | 

The Financial Dynamics Behind Ransomware Attacks

 | 

Empire Market owners charged with operating $430M dark web marketplace

 | 

China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign

 | 

LA County’s Department of Public Health (DPH) data breach impacted over 200,000
individuals

 | 

Spanish police arrested an alleged member of the Scattered Spider group

 | 

Online job offers, the reshipping and money mule scams

 | 

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

ASUS fixed critical remote authentication bypass bug in several routers

 | 

London hospitals canceled over 800 operations in the week after Synnovis
ransomware attack

 | 

DORA Compliance Strategy for Business Leaders

 | 

CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs
to its Known Exploited Vulnerabilities catalog

 | 

City of Cleveland still working to fully restore systems impacted by a cyber
attack

 | 

Google fixed an actively exploited zero-day in the Pixel Firmware

 | 

Multiple flaws in Fortinet FortiOS fixed

 | 

CISA adds Arm Mali GPU Kernel Driver, PHP bugs to its Known Exploited
Vulnerabilities catalog

 | 

Ukraine Police arrested a hacker who developed a crypter used by Conti and
LockBit ransomware operation

 | 

JetBrains fixed IntelliJ IDE flaw exposing GitHub access tokens

 | 

Microsoft Patch Tuesday security updates for June 2024 fixed only one critical
issue

 | 

Cylance confirms the legitimacy of data offered for sale in the dark web

 | 

Arm zero-day in Mali GPU Drivers actively exploited in the wild

 | 

Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw
CVE-2024-29849. Patch it now!

 | 

Japanese video-sharing platform Niconico was victim of a cyber attack

 | 

UK NHS call for O-type blood donations following ransomware attack on London
hospitals

 | 

Christie’s data breach impacted 45,798 individuals

 | 

Sticky Werewolf targets the aviation industry in Russia and Belarus

 | 

Frontier Communications data breach impacted over 750,000 individuals

 | 

PHP addressed critical RCE flaw potentially impacting millions of servers

 | 

Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform

 | 

Pandabuy was extorted twice by the same threat actor

 | 

UAC-0020 threat actor used the SPECTR Malware to target Ukraine's defense forces

 | 

A new Linux version of TargetCompany ransomware targets VMware ESXi environments

 | 

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to
get support

 | 

RansomHub operation is a rebranded version of the Knight RaaS

 | 

Malware can steal data collected by the Windows Recall tool, experts warn

 | 

Cisco addressed Webex flaws used to compromise German government meetings

 | 

CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs

 | 

Zyxel addressed three RCEs in end-of-life NAS devices

 | 

A ransomware attack on Synnovis impacted several London hospitals

 | 

RansomHub gang claims the hack of the telecommunications giant Frontier
Communications

 | 

Cybercriminals attack banking customers in EU with V3B phishing kit - PhotoTAN
and SmartID supported.

 | 

Experts released PoC exploit code for a critical bug in Progress Telerik Report
Servers

 | 

Multiple flaws in Cox modems could have impacted millions of devices

 | 

CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities
catalog

 | 

Spanish police shut down illegal TV streaming network

 | 

APT28 targets key networks in Europe with HeadLace malware

 | 

Experts found information of European politicians on the dark web

 | 

FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware

 | 

Security Affairs newsletter Round 474 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Ticketmaster confirms data breach impacting 560 million customers

 | 

Critical Apache Log4j2 flaw still threatens global finance

 | 

Crooks stole more than $300M worth of Bitcoin from the exchange DMM Bitcoin

 | 

ShinyHunters is selling data of 30 million Santander customers

 | 

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours 

 | 

LilacSquid APT targeted organizations in the U.S., Europe, and Asia since at
least 2021

 | 

BBC disclosed a data breach impacting its Pension Scheme members

 | 

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its
Known Exploited Vulnerabilities catalog

 | 

Experts found a macOS version of the sophisticated LightSpy spyware

 | 

Operation Endgame, the largest law enforcement operation ever against botnets

 | 

Law enforcement operation dismantled 911 S5 botnet

 | 

Okta warns of credential stuffing attacks targeting its Cross-Origin
Authentication feature

 | 

Check Point released hotfix for actively exploited VPN zero-day

 | 

ABN Amro discloses data breach following an attack on a third-party provider

 | 

Christie disclosed a data breach after a RansomHub attack

 | 

Experts released PoC exploit code for RCE in Fortinet SIEM

 | 

WordPress Plugin abused to install e-skimmers in e-commerce sites

 | 

TP-Link Archer C5400X gaming router is affected by a critical flaw

 | 

Sav-Rx data breach impacted over 2.8 million individuals

 | 

The Impact of Remote Work and Cloud Migrations on Security Perimeters

 | 

New ATM Malware family emerged in the threat landscape

 | 

A high-severity vulnerability affects Cisco Firepower Management Center

 | 

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

 | 

Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack

 | 

Fake AV websites used to distribute info-stealer malware

 | 

MITRE December 2023 attack: Threat actors created rogue VMs to evade detection

 | 

An XSS flaw in GitLab allows attackers to take over accounts

 | 

Google fixes eighth actively exploited Chrome zero-day this year, the third in a
month

 | 

CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog

 | 

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple
Vendors

 | 

Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns

 | 

APT41: The threat of KeyPlug against Italian industries

 | 

Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM)

 | 

Chinese actor 'Unfading Sea Haze' remained undetected for five years

 | 

A consumer-grade spyware app found in check-in systems of 3 US hotels

 | 

Critical Veeam Backup Enterprise Manager authentication bypass bug

 | 

Cybercriminals are targeting elections in India with influence campaigns

 | 

Critical GitHub Enterprise Server Authentication Bypass bug. Fix it now!

 | 

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

 | 

CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited
Vulnerabilities catalog

 | 

Blackbasta group claims to have hacked Atlas, one of the largest US oil
distributors

 | 

Experts warn of a flaw in Fluent Bit utility that is used by major cloud
platforms and firms

 | 

Experts released PoC exploit code for RCE in QNAP QTS

 | 

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

 | 

Two students uncovered a flaw that allows to use laundry machines for free

 | 

Grandoreiro Banking Trojan is back and targets banks worldwide

 | 

Healthcare firm WebTPA data breach impacted 2.5 million individuals

 | 

Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

 | 

North Korea-linked IT workers infiltrated hundreds of US firms

 | 

Turla APT used two new backdoors to infiltrate a European ministry of foreign
affairs

 | 

City of Wichita disclosed a data breach after the recent ransomware attack

 | 

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

 | 

CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog

 | 

North Korea-linked Kimsuky APT attack targets victims via Messenger

 | 

Electronic prescription provider MediSecure impacted by a ransomware attack

 | 

Google fixes seventh actively exploited Chrome zero-day this year, the third in
a week

 | 

Santander: a data breach at a third-party provider impacted customers and
employees

 | 

FBI seized the notorious BreachForums hacking forum

 | 

A Tornado Cash developer has been sentenced to 64 months in prison

 | 

Adobe fixed multiple critical flaws in Acrobat and Reader

 | 

Ransomware attack on Singing River Health System impacted 895,000 people

 | 

Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited
zero-days

 | 

VMware fixed zero-day flaws demonstrated at Pwn2Own Vancouver 2024

 | 

MITRE released EMB3D Threat Model for embedded devices

 | 

Google fixes sixth actively exploited Chrome zero-day this year

 | 

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black
ransomware

 | 

Threat actors may have exploited a zero-day in older iPhones, Apple warns

 | 

City of Helsinki suffered a data breach

 | 

Russian hackers defaced local British news sites

 | 

Australian Firstmac Limited disclosed a data breach after cyber attack

 | 

Pro-Russia hackers targeted Kosovo’s government websites

 | 

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations
worldwide

 | 

Ohio Lottery data breach impacted over 538,000 individuals

 | 

Notorius threat actor IntelBroker claims the hack of the Europol

 | 

A cyberattack hit the US healthcare giant Ascension

 | 

Google fixes fifth actively exploited Chrome zero-day this year

 | 

Russia-linked APT28 targets government Polish institutions

 | 

Citrix warns customers to update PuTTY version installed on their XenCenter
system manually

 | 

Dell discloses data breach impacting millions of customers

 | 

Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

 | 

Zscaler is investigating data breach claims

 | 

Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover

 | 

LockBit gang claimed responsibility for the attack on City of Wichita

 | 

New TunnelVision technique can bypass the VPN encapsulation

 | 

LiteSpeed Cache WordPress plugin actively exploited in the wild

 | 

Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

 | 

UK Ministry of Defense disclosed a third-party data breach exposing military
personnel data 

 | 

Law enforcement agencies identified LockBit ransomware admin and sanctioned him

 | 

MITRE attributes the recent attack to China-linked UNC5221

 | 

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money
laundering

 | 

City of Wichita hit by a ransomware attack

 | 

El Salvador suffered a massive leak of biometric data

 | 

Finland authorities warn of Android malware campaign targeting bank users

 | 

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

 | 

Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Blackbasta gang claimed responsibility for Synlab Italia attack

 | 

LockBit published data stolen from Simone Veil hospital in Cannes

 | 

Russia-linked APT28 and crooks are still using the Moobot botnet

 | 

Dirty stream attack poses billions of Android installs at risk

 | 

ZLoader Malware adds Zeus's anti-analysis feature

 | 

Ukrainian REvil gang member sentenced to 13 years in prison

 | 

HPE Aruba Networking addressed four critical ArubaOS RCE flaws

 | 

Threat actors hacked the Dropbox Sign production environment

 | 

CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog

 | 

Panda Restaurant Group disclosed a data breach

 | 

Ex-NSA employee sentenced to 262 months in prison for attempting to transfer
classified documents to Russia

 | 

Cuttlefish malware targets enterprise-grade SOHO routers

 | 

A flaw in the R programming language could allow code execution

 | 

Muddling Meerkat, a mysterious DNS Operation involving China's Great Firewall

 | 

Notorious Finnish Hacker sentenced to more than six years in prison

 | 

CISA guidelines to protect critical infrastructure against AI-based threats

 | 

NCSC: New UK law bans default passwords on smart devices

 | 

The FCC imposes $200 million in fines on four US carriers for unlawfully sharing
user location data

 | 

Google prevented 2.28 million policy-violating apps from being published on
Google Play in 2023

 | 

Financial Business and Consumer Solutions (FBCS) data breach impacted 2M
individuals

 | 

Cyber-Partisans hacktivists claim to have breached Belarus KGB

 | 

The Los Angeles County Department of Health Services disclosed a data breach

 | 

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

 | 

ICICI Bank exposed credit card data of 17000 customers

 | 

Okta warns of unprecedented scale in credential stuffing attacks on online
services

 | 

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Targeted operation against Ukraine exploited 7-year-old MS Office bug

 | 

Hackers may have accessed thousands of accounts on the California state welfare
platform

 | 

Brokewell Android malware supports an extensive set of Device Takeover
capabilities

 | 

Experts warn of an ongoing malware campaign targeting WP-Automatic plugin

 | 

Cryptocurrencies and cybercrime: A critical intermingling

 | 

Kaiser Permanente data breach may have impacted 13.4 million patients

 | 

Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug

 | 

Sweden’s liquor supply severely impacted by ransomware attack on logistics
company

 | 

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited
Vulnerabilities catalog

 | 

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited
Vulnerabilities catalog

 | 

DOJ arrested the founders of crypto mixer Samourai for facilitating $2 Billion
in illegal transactions

 | 

Google fixed critical Chrome vulnerability CVE-2024-4058

 | 

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach
government networks

 | 

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

 | 

US offers a $10 million reward for information on four Iranian nationals

 | 

The street lights in Leicester City cannot be turned off due to a cyber attack

 | 

North Korea-linked APT groups target South Korean defense contractors

 | 

U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial
spyware activity

 | 

A cyber attack paralyzed operations at Synlab Italia

 | 

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028
Windows flaw

 | 

Hackers threaten to leak a copy of the World-Check database used to assess
potential risks associated with entities

 | 

A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites

 | 

Akira ransomware received $42M in ransom payments from over 250 victims

 | 

DuneQuixote campaign targets the Middle East with a complex backdoor

 | 

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Critical CrushFTP zero-day exploited in attacks in the wild

 | 

A French hospital was forced to reschedule procedures after cyberattack

 | 

MITRE revealed that nation-state actors breached its systems via Ivanti
zero-days

 | 

FBI chief says China is preparing to attack US critical infrastructure

 | 

United Nations Development Programme (UNDP) investigates data breach

 | 

FIN7 targeted a large U.S. carmaker with phishing attacks

 | 

Law enforcement operation dismantled phishing-as-a-service platform LabHost

 | 

Previously unknown Kapeka backdoor linked to Russian Sandworm APT

 | 

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly
available

 | 

Linux variant of Cerber ransomware targets Atlassian servers

 | 

Ivanti fixed two critical flaws in its Avalanche MDM

 | 

Researchers released exploit code for actively exploited Palo Alto PAN-OS bug

 | 

Cisco warns of large-scale brute-force attacks against VPN and SSH services

 | 

PuTTY SSH Client flaw allows of private keys recovery

 | 

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

 | 

Misinformation and hacktivist campaigns targeting the Philippines skyrocket

 | 

Russia is trying to sabotage European railways, Czech minister said

 | 

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker
Nexperia 

 | 

Cisco Duo warns telephony supplier data breach exposed MFA SMS logs

 | 

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

 | 

CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known
Exploited Vulnerabilities catalog

 | 

Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor

 | 

U.S. and Australian police arrested Firebird RAT author and operator

 | 

Canadian retail chain Giant Tiger data breach may have impacted millions of
customers

 | 

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Crooks manipulate GitHub's search results to distribute malware

 | 

BatBadBut flaw allowed an attacker to perform command injection on Windows

 | 

Roku disclosed a new security breach impacting 576,000 accounts

 | 

LastPass employee targeted via an audio deepfake call

 | 

TA547 targets German organizations with Rhadamanthys malware

 | 

CISA adds D-Link multiple NAS devices bugs to its Known Exploited
Vulnerabilities catalog

 | 

US CISA published an alert on the Sisense data breach

 | 

Palo Alto Networks fixed multiple DoS bugs in its firewalls

 | 

Apple warns of mercenary spyware attacks on iPhone users in 92 countries

 | 

Microsoft fixed two zero-day bugs exploited in malware attacks

 | 

Group Health Cooperative data breach impacted 530,000 individuals

 | 

AT&T states that the data breach impacted 51 million former and current
customers

 | 

Fortinet fixed a critical remote code execution bug in FortiClientLinux

 | 

Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of
issues

 | 

Cybersecurity in the Evolving Threat Landscape

 | 

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

 | 

ScrubCrypt used to drop VenomRAT along with many malicious plugins

 | 

Google announces V8 Sandbox to protect Chrome users

 | 

China is using generative AI to carry out influence operations

 | 

Greylock McKinnon Associates data breach exposed DOJ data of 341650 people

 | 

Crowdfense is offering a larger 30M USD exploit acquisition program

 | 

U.S. Department of Health warns of attacks against IT help desks

 | 

Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

 | 

More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

 | 

Cisco warns of XSS flaw in end-of-life small business routers

 | 

Magento flaw exploited to deploy persistent backdoor hidden in XML

 | 

Cyberattack disrupted services at Omni Hotels & Resorts

 | 

HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

 | 

US cancer center City of Hope: data breach impacted 827149 individuals

 | 

Ivanti fixed for 4 new issues in Connect Secure and Policy Secure

 | 

Jackson County, Missouri, discloses a ransomware attack

 | 

Google addressed another Chrome zero-day exploited at Pwn2Own in March

 | 

The New Version of JsOutProx is Attacking Financial Institutions in APAC and
MENA via Gitlab Abuse

 | 

Google fixed two actively exploited Pixel vulnerabilities

 | 

Highly sensitive files mysteriously disappeared from EUROPOL headquarters

 | 

XSS flaw in WordPress WP-Members Plugin can lead to script injection

 | 

Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

 | 

Google agreed to erase billions of browser records to settle a class action
lawsuit

 | 

PandaBuy data breach allegedly impacted over 1.3 million customers

 | 

OWASP discloses a data breach

 | 

New Vultur malware version includes enhanced remote control and evasion
capabilities

 | 

Pentagon established the Office of the Assistant Secretary of Defense for Cyber
Policy

 | 

Info stealer attacks target macOS users

 | 

Security Affairs newsletter Round 465 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

DinodasRAT Linux variant targets users worldwide

 | 

AT&T confirmed that a data breach impacted 73 million customers

 | 

Expert found a backdoor in XZ tools used many Linux distributions

 | 

German BSI warns of 17,000 unpatched Microsoft Exchange servers

 | 

Cisco warns of password-spraying attacks targeting Secure Firewall devices

 | 

American fast-fashion firm Hot Topic hit by credential stuffing attacks

 | 

Cisco addressed high-severity flaws in IOS and IOS XE software

 | 

Google: China dominates government exploitation of zero-day vulnerabilities in
2023

 | 

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

 | 

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited
Vulnerabilities catalog

 | 

The DDR Advantage: Real-Time Data Defense

 | 

Finnish police linked APT31 to the 2021 parliament attack

 | 

TheMoon bot infected 40,000 devices in January and February

 | 

UK, New Zealand against China-linked cyber operations

 | 

US Treasury Dep announced sanctions against members of China-linked APT31

 | 

CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to
its Known Exploited Vulnerabilities catalog

 | 

Iran-Linked APT TA450 embeds malicious links in PDF attachments

 | 

StrelaStealer targeted over 100 organizations across the EU and US

 | 

GoFetch side-channel attack against Apple systems allows secret keys extraction

 | 

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr

 | 

Russia-linked APT29 targeted German political parties with WINELOADER backdoor

 | 

Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

 | 

Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites

 | 

German police seized the darknet marketplace Nemesis Market

 | 

Unsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic
locks

 | 

Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days

 | 

Critical Fortinet's FortiClient EMS flaw actively exploited in the wild

 | 

Pwn2Own Vancouver 2024 Day 1 - team Synacktiv hacked a Tesla

 | 

New Loop DoS attack may target 300,000 vulnerable hosts

 | 

Critical flaw in Atlassian Bamboo Data Center and Server must be fixed
immediately

 | 

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

 | 

BunnyLoader 3.0 surfaces in the threat landscape

 | 

Pokemon Company resets some users' passwords

 | 

Ukraine cyber police arrested crooks selling 100 million compromised accounts

 | 

New AcidPour wiper targets Linux x86 devices. Is it a Russia's weapon?

 | 

Players hacked during the matches of Apex Legends Global Series. Tournament
suspended

 | 

Earth Krahang APT breached tens of government organizations worldwide

 | 

PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

 | 

Fujitsu suffered a malware attack and probably a data breach

 | 

Remove WordPress miniOrange plugins, a critical flaw can allow site takeover

 | 

The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats

 | 

Email accounts of the International Monetary Fund compromised

 | 

Threat actors leaked 70,000,000+ records allegedly stolen from AT&T

 | 

“gitgub” malware campaign targets Github users with RisePro info-stealer

 | 

Security Affairs newsletter Round 463 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

France Travail data breach impacted 43 Million people

 | 

Scranton School District in Pennsylvania suffered a ransomware attack

 | 

Lazarus APT group returned to Tornado Cash to launder stolen funds

 | 

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace
case

 | 

UK Defence Secretary jet hit by an electronic warfare attack in Poland

 | 

Cisco fixed high-severity elevation of privilege and DoS bugs

 | 

Recent DarkGate campaign exploited Microsoft Windows zero-day

 | 

Nissan Oceania data breach impacted roughly 100,000 people

 | 

Researchers found multiple flaws in ChatGPT plugins

 | 

Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS

 | 

Acer Philippines disclosed a data breach after a third-party vendor hack

 | 

Stanford University announced that 27,000 individuals were impacted in the 2023
ransomware attack

 | 

Microsoft Patch Tuesday security updates for March 2024 fixed 59 flaws

 | 

Russia's Foreign Intelligence Service (SVR) alleges US is plotting to interfere
in presidential election

 | 

First-ever South Korean national detained for espionage in Russia

 | 

Insurance scams via QR codes: how to recognise and defend yourself

 | 

Massive cyberattacks hit French government agencies

 | 

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

 | 

Experts released PoC exploit for critical Progress Software OpenEdge bug

 | 

Magnet Goblin group used a new Linux variant of NerbianRAT malware

 | 

Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites

 | 

Lithuania security services warn of China's espionage against the country

 | 

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Threat actors breached two crucial systems of the US CISA

 | 

CISA adds JetBrains TeamCity bug to its Known Exploited Vulnerabilities catalog

 | 

Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000
internet-facing devices

 | 

QNAP fixed three flaws in its NAS devices, including an authentication bypass

 | 

Russia-linked Midnight Blizzard breached Microsoft systems again

 | 

Cisco addressed severe flaws in its Secure Client

 | 

Play ransomware attack on Xplain exposed 65,000 files containing data relevant
to the Swiss Federal Administration.

 | 

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion
in 2023

 | 

National intelligence agency of Moldova warns of Russia attacks ahead of the
presidential election

 | 

CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited
Vulnerabilities Catalog

 | 

Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence,
Docker, and Redis servers

 | 

CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

 | 

Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks

 | 

LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based
(P2P) Data Leakage

 | 

Apple emergency security updates fix two new iOS zero-days

 | 

VMware urgent updates addressed Critical ESXi Sandbox Escape bugs

 | 

US Gov sanctioned Intellexa Consortium individuals and entities behind Predator
spyware attacks

 | 

CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

 | 

Experts disclosed two severe flaws in JetBrains TeamCity On-Premises software

 | 

Ukraine's GUR hacked the Russian Ministry of Defense

 | 

Some American Express customers' data exposed in a third-party data breach

 | 

META hit with privacy complaints by EU consumer groups

 | 

New GTPDOOR backdoor is designed to target telecom carrier networks

 | 

Threat actors hacked Taiwan-based Chunghwa Telecom

 | 

New Linux variant of BIFROSE RAT uses deceptive domain strategies

 | 

Eken camera doorbells allow ill-intentioned individuals to spy on you

 | 

Security Affairs newsletter Round 461 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

 | 

U.S. authorities charged an Iranian national for long-running hacking campaign

 | 

US cyber and law enforcement agencies warn of Phobos ransomware attacks

 | 

Police seized Crimemarket, the largest German-speaking cybercrime marketplace

 | 

Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws

 | 

Crooks stole €15 Million from European retail company Pepco

 | 

CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities
catalog

 | 

Researchers found a zero-click Facebook account takeover

 | 

New SPIKEDWINE APT group is targeting officials in Europe

 | 

Is the LockBit gang resuming its operation?

 | 

Lazarus APT exploited zero-day in Windows driver to gain kernel privileges

 | 

Pharmaceutical giant Cencora discloses a data breach

 | 

Unmasking 2024's Email Security Landscape

 | 

FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the
healthcare sector

 | 

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber
operations

 | 

Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect
bugs

 | 

XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk

 | 

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND
AFFILIATES

 | 

New Redis miner Migo uses novel system weakening techniques

 | 

Critical flaw found in deprecated VMware EAP. Uninstall it immediately

 | 

Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers

 | 

ConnectWise fixed critical flaws in ScreenConnect remote access tool

 | 

More details about Operation Cronos that disrupted Lockbit operation

 | 

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management
and industrial automation firm Schneider Electric

 | 

Operation Cronos: law enforcement disrupted the LockBit operation

 | 

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

 | 

Russia-linked APT TAG-70 targets European government and military mail servers
exploiting Roundcube XSS

 | 

How BRICS Got "Rug Pulled" – Cryptocurrency Counterfeiting is on the Rise

 | 

SolarWinds addressed critical RCEs in Access Rights Manager (ARM)

 | 

ESET fixed high-severity local privilege escalation bug in Windows products

 | 

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID
malware schemes

 | 

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

 | 

CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited
Vulnerabilities catalog

 | 

US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders

 | 

U.S. CISA: hackers breached a state government organization

 | 

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

 | 

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

 | 

A cyberattack halted operations at Varta production plants

 | 

North Korea-linked actors breached the emails of a Presidential Office member

 | 

CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog

 | 

Nation-state actors are using AI services and LLMs for cyberattacks

 | 

Abusing the Ubuntu 'command-not-found' utility to install malicious packages

 | 

Zoom fixed critical flaw CVE-2024-24691 in Windows software

 | 

Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and
Reader

 | 

Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days

 | 

A ransomware attack took 100 Romanian hospitals down

 | 

Bank of America customer data compromised after a third-party services provider
data breach

 | 

Ransomfeed - Third Quarter Report 2023 is out!

 | 

Global Malicious Activity Targeting Elections is Skyrocketing

 | 

Researchers released a free decryption tool for the Rhysida Ransomware

 | 

Residential Proxies vs. Datacenter Proxies: Choosing the Right Option

 | 

CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited
Vulnerabilities catalog

 | 

Canada Gov plans to ban the Flipper Zero to curb car thefts

 | 

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

 | 

US Feds arrested two men involved in the Warzone RAT operation

 | 

Raspberry Robin spotted using two new 1-day LPE exploits

 | 

Security Affairs newsletter Round 458 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog

 | 

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

 | 

Exploiting a vulnerable Minifilter Driver to create a process killer

 | 

Black Basta ransomware gang hacked Hyundai Motor Europe

 | 

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

 | 

Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and
ZTA gateway devices

 | 

26 Cyber Security Stats Every User Should Be Aware Of in 2024

 | 

US offers $10 million reward for info on Hive ransomware group leaders

 | 

Unraveling the truth behind the DDoS attack from electric toothbrushes

 | 

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

 | 

Cisco fixes critical Expressway Series CSRF vulnerabilities

 | 

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited
Vulnerabilities catalog

 | 

Fortinet addressed two critical FortiSIEM vulnerabilities

 | 

Experts warn of a critical bug in JetBrains TeamCity On-Premises

 | 

Critical shim bug impacts every Linux boot loader signed in the past decade

 | 

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

 | 

Commercial spyware vendors are behind most zero-day exploits discovered by
Google TAG

 | 

Google fixed an Android critical remote code execution flaw

 | 

A man faces up to 25 years in prison for his role in operating unlicensed crypto
exchange BTC-e

 | 

U.S. Gov imposes visa restrictions on individuals misusing Commercial Spyware

 | 

HPE is investigating claims of a new security breach

 | 

Experts warn of a surge of attacks targeting Ivanti SSRF flaw 

 | 

How to hack the Airbus NAVBLUE Flysmart+ Manager

 | 

Crooks stole $25.5 million from a multinational firm using a 'deepfake' video
call

 | 

Software firm AnyDesk disclosed a security breach

 | 

The 'Mother of all Breaches': Navigating the Aftermath and Fortifying Your Data
with DSPM

 | 

US government imposed sanctions on six Iranian intel officials

 | 

A cyberattack impacted operations at Lurie Children's Hospital

 | 

AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark
Web

 | 

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Clorox estimates the costs of the August cyberattack will exceed $49 Million

 | 

Mastodon fixed a flaw that can allow the takeover of any account

 | 

Iranian hackers breached Albania’s Institute of Statistics (INSTAT)

 | 

Operation Synergia led to the arrest of 31 individuals

 | 

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

 | 

Cloudflare breached on Thanksgiving Day, but the attack was promptly contained

 | 

PurpleFox malware infected at least 2,000 computers in Ukraine

 | 

Man sentenced to six years in prison for stealing millions in cryptocurrency via
SIM swapping

 | 

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

 | 

Multiple malware used in attacks exploiting Ivanti VPN flaws

 | 

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site
movie2k

 | 

Crooks stole around $112 million worth of XRP from Ripple’s co-founder

 | 

CISA adds Apple improper authentication bug to its Known Exploited
Vulnerabilities catalog

 | 

Ivanti warns of a new actively exploited zero-day

 | 

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

 | 

Data leak at fintech giant Direct Trading Technologies

 | 

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

 | 

Italian data protection authority said that ChatGPT violated EU privacy laws

 | 

750 million Indian mobile subscribers' data offered for sale on dark web

 | 

Juniper Networks released out-of-band updates to fix high-severity flaws

 | 

Hundreds of network operators’ credentials found circulating in Dark Web

 | 

Cactus ransomware gang claims the Schneider Electric hack

 | 

Mercedes-Benz accidentally exposed sensitive data, including source code

 | 

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

 | 

NSA buys internet browsing records from data brokers without a warrant

 | 

Ukraine’s SBU arrested a member of Pro-Russia hackers group 'Cyber Army of
Russia'

 | 

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

 | 

Medusa ransomware attack hit Kansas City Area Transportation Authority

 | 

Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center

 | 

Participants earned more than $1.3M at the Pwn2Own Automotive competition

 | 

A TrickBot malware developer sentenced to 64 months in prison

 | 

Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns

 | 

Watch out, experts warn of a critical flaw in Jenkins

 | 

Pwn2Own Automotive 2024 Day 2 - Tesla hacked again

 | 

Yearly Intel Trend Review: The 2023 RedSense report

 | 

Cisco warns of a critical bug in Unified Communications products, patch it now!

 | 

Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise
(HPE)

 | 

CISA adds Atlassian Confluence Data Center bug to its Known Exploited
Vulnerabilities catalog

 | 

5379 GitLab servers vulnerable to zero-click account takeover attacks

 | 

Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204

 | 

Splunk fixed high-severity flaw impacting Windows versions

 | 

Watch out, a new critical flaw affects Fortra GoAnywhere MFT

 | 

Australian government announced sanctions for Medibank hacker

 | 

LoanDepot data breach impacted roughly 16.6 individuals

 | 

Black Basta gang claims the hack of the UK water utility Southern Water

 | 

CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities
catalog

 | 

Mother of all breaches - a historic data leak reveals 26 billion records: check
what's exposed

 | 

Apple fixed actively exploited zero-day CVE-2024-23222

 | 

“My Slice”, an Italian adaptive phishing campaign

 | 

Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell

 | 

Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark
Web

 | 

Backdoored pirated applications targets Apple macOS users

 | 

LockBit ransomware gang claims the attack on the sandwich chain Subway

 | 

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Admin of the BreachForums hacking forum sentenced to 20 years supervised release

 | 

VF Corp December data breach impacts 35 million customers

 | 

China-linked APT UNC3886 exploits VMware zero-day since 2021

 | 

Ransomware attacks break records in 2023: the number of victims rose by 128%

 | 

U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082

 | 

The Quantum Computing Cryptopocalypse – I’ll Know It When I See It

 | 

Kansas State University suffered a serious cybersecurity incident

 | 

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities
catalog

 | 

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

 | 

PixieFail: Nine flaws in UEFI open-source reference implementation could have
severe impacts

 | 

iShutdown lightweight method allows to discover spyware infections on iPhones

 | 

Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

 | 

Github rotated credentials after the discovery of a vulnerability

 | 

FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation

 | 

Citrix warns admins to immediately patch NetScaler for actively exploited
zero-days

 | 

Google fixed the first actively exploited Chrome zero-day of 2024

 | 

Atlassian fixed critical RCE in older Confluence versions

 | 

VMware fixed a critical flaw in Aria Automation. Patch it now!

 | 

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

 | 

Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

 | 

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

 | 

Phemedrone info stealer campaign exploits Windows smartScreen bypass

 | 

Balada Injector continues to infect thousands of WordPress sites

 | 

Attackers target Apache Hadoop and Flink to deliver cryptominers

 | 

Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic

 | 

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

GitLab fixed a critical zero-click account hijacking flaw

 | 

Juniper Networks fixed a critical RCE bug in its firewalls and switches

 | 

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

 | 

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

 | 

Team Liquid’s wiki leak exposes 118K users

 | 

CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited
Vulnerabilities catalog

 | 

Two zero-day bugs in Ivanti Connect Secure actively exploited

 | 

X Account of leading cybersecurity firm Mandiant was hacked because not
adequately protected

 | 

Cisco fixed critical Unity Connection vulnerability CVE-2024-20272

 | 

ShinyHunters member sentenced to three years in prison

 | 

HMG Healthcare disclosed a data breach

 | 

Threat actors hacked the X account of the Securities and Exchange Commission
(SEC) and announced fake Bitcoin ETF approval

 | 

Decryptor for Tortilla variant of Babuk ransomware released

 | 

Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws

 | 

CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog

 | 

Syrian group Anonymous Arabic distributes stealthy malware Silver RAT

 | 

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence &
Communications

 | 

DoJ charged 19 individuals in a transnational cybercrime investigation xDedic
Marketplace

 | 

Long-existing Bandook RAT targets Windows machines

 | 

A cyber attack hit the Beirut International Airport

 | 

Iranian crypto exchange Bit24.cash leaks user passports and IDs

 | 

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

 | 

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

 | 

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

 | 

The source code of Zeppelin Ransomware sold on a hacking forum

 | 

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

 | 

Ivanti fixed a critical EPM flaw that can result in remote code execution

 | 

MyEstatePoint Property Search Android app leaks user passwords

 | 

Hacker hijacked Orange Spain RIPE account causing internet outage to company
customers

 | 

HealthEC data breach impacted more than 4.5 Million people

 | 

Experts found 3 malicious packages hiding crypto miners in PyPi repository

 | 

Crooks hacked Mandiant X account to push cryptocurrency scam

 | 

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

 | 

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

 | 

Don’t trust links with known domains: BMW affected by redirect vulnerability

 | 

Hackers stole more than $81 million worth of crypto assets from Orbit Chain

 | 

Ukraine’s SBU said that Russia's intelligence hacked surveillance cameras to
direct a missile strike on Kyiv

 | 

Experts warn of JinxLoader loader used to spread Formbook and XLoader

 | 

Terrapin attack allows to downgrade SSH protocol security

 | 

Multiple organizations in Iran were breached by a mysterious hacker

 | 

Top 2023 Security Affairs cybersecurity stories

 | 

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

 | 

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

 | 

Google agreed to settle a $5 billion privacy lawsuit

 | 

Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

INC RANSOM ransomware gang claims to have breached Xerox Corp

 | 

Spotify music converter TuneFab puts users at risk

 | 

Cyber attacks hit the Assembly of the Republic of Albania and telecom company
One Albania

 | 

Russia-linked APT28 used new malware in a recent phishing campaign

 | 

Clash of Clans gamers at risk while using third-party app

 | 

New Version of Meduza Stealer Released in Dark Web

 | 

Operation Triangulation attacks relied on an undocumented hardware feature

 | 

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive
volumes of leaked PII and compromised data

 | 

Lockbit ransomware attack interrupted medical emergencies gang at a German
hospital network

 | 

Experts warn of critical Zero-Day in Apache OfBiz

 | 

Xamalicious Android malware distributed through the Play Store

 | 

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

 | 

Elections 2024, artificial intelligence could upset world balances

 | 

Experts analyzed attacks against poorly managed Linux SSH servers

 | 

A cyberattack hit Australian healthcare provider St Vincent’s Health Australia

 | 

Rhysida ransomware group hacked Abdali Hospital in Jordan

 | 

Carbanak malware returned in ransomware attacks

 | 

Resecurity Released a 2024 Cyber Threat Landscape Forecast

 | 

APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw

 | 

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

 | 

Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Europol and ENISA spotted 443 e-stores compromised with digital skimming

 | 

Video game giant Ubisoft investigates reports of a data breach

 | 

LockBit ransomware gang claims to have breached accountancy firm Xeinadin

 | 

Mobile virtual network operator Mint Mobile discloses a data breach

 | 

Akira ransomware gang claims the theft of sensitive data from Nissan Australia

 | 

Member of Lapsus$ gang sentenced to an indefinite hospital order

 | 

Real estate agency exposes details of 690k customers

 | 

ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several
products

 | 

Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

 | 

Data leak exposes users of car-sharing service Blink Mobility

 | 

Google addressed a new actively exploited Chrome zero-day

 | 

German police seized the dark web marketplace Kingdom Market

 | 

Law enforcement Operation HAECHI IV led to the seizure of $300 Million

 | 

Sophisticated JaskaGO info stealer targets macOS and Windows

 | 

BMW dealer at risk of takeover by cybercriminals

 | 

Comcast’s Xfinity customer data exposed after CitrixBleed attack

 | 

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group
denies it

 | 

Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity
and Citizenship on the Peak of Holidays Season

 | 

The ransomware attack on Westpole is disrupting digital services for Italian
public administration

 | 

Info stealers and how to protect against them

 | 

Pro-Israel Predatory Sparrow hacker group disrupted services at around 70% of
Iran’s fuel stations

 | 

Qakbot is back and targets the Hospitality industry

 | 

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

 | 

MongoDB investigates a cyberattack, customer data exposed

 | 

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

 | 

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

New NKAbuse malware abuses NKN decentralized P2P network protocol

 | 

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

 | 

Multiple flaws in pfSense firewall can lead to arbitrary code execution

 | 

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

 | 

Data of over a million users of the crypto exchange GokuMarket exposed

 | 

Idaho National Laboratory data breach impacted 45,047 individuals

 | 

Ubiquiti users claim to have access to other people’s devices

 | 

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

 | 

Microsoft seized the US infrastructure of the Storm-1152 cybercrime group

 | 

French authorities arrested a Russian national for his role in the Hive
ransomware operation

 | 

China-linked APT Volt Typhoon linked to KV-Botnet

 | 

UK Home Office is ignoring the risk of 'catastrophic ransomware attacks,' report
warns

 | 

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

 | 

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to
ongoing attacks

 | 

December 2023 Microsoft Patch Tuesday fixed 4 critical flaws

 | 

Ukrainian military intelligence service hacked the Russian Federal Taxation
Service

 | 

Kyivstar, Ukraine's largest mobile carrier brought down by a cyber attack

 | 

Dubai’s largest taxi app exposes 220K+ users

 | 

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

 | 

Apple released iOS 17.2 to address a dozen of security flaws

 | 

Toyota Financial Services discloses a data breach

 | 

Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2

 | 

CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

 | 

CISA and ENISA signed a Working Arrangement to enhance cooperation

 | 

Researcher discovered a new lock screen bypass bug for Android 14 and 13

 | 

WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw

 | 

Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Hacktivists hacked an Irish water utility and interrupted the water supply

 | 

5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips

 | 

Norton Healthcare disclosed a data breach after a ransomware attack

 | 

Bypassing major EDRs using Pool Party process injection techniques

 | 

Founder of Bitzlato exchange has pleaded for unlicensed money transmitting

 | 

Android barcode scanner app exposes user passwords

 | 

UK and US expose Russia Callisto Group's activity and sanction members

 | 

A cyber attack hit Nissan Oceania

 | 

New Krasue Linux RAT targets telecom companies in Thailand

 | 

Atlassian addressed four new RCE flaws in its products

 | 

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

 | 

Experts demonstrate a post-exploitation tampering technique to display Fake
Lockdown mode

 | 

GST Invoice Billing Inventory exposes sensitive data to threat actors

 | 

Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw

 | 

ENISA published the ENISA Threat Landscape for DoS Attacks Report

 | 

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange
accounts

 | 

Google fixed critical zero-click RCE in Android

 | 

New P2PInfect bot targets routers and IoT devices

 | 

Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

 | 

LockBit on a Roll - ICBC Ransomware Attack Strikes at the Heart of the Global
Financial Order

 | 

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

 | 

New Agent Raccoon malware targets the Middle East, Africa and the US

 | 

Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Researchers devised an attack technique to extract ChatGPT training data

 | 

Fortune-telling website WeMystic exposes 13M+ user records

 | 

Expert warns of Turtle macOS ransomware

 | 

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom
payments since early 2022

 | 

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities
catalog

 | 

Apple addressed 2 new iOS zero-day vulnerabilities

 | 

Critical Zoom Room bug allowed to gain access to Zoom Tenants

 | 

Rhysida ransomware group hacked King Edward VII’s Hospital in London

 | 

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

 | 

Okta reveals additional attackers' activities in October 2023 Breach

 | 

Thousands of secrets lurk in app images on Docker Hub

 | 

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

 | 

International police operation dismantled a prominent Ukraine-based Ransomware
group

 | 

Daixin Team group claimed the hack of North Texas Municipal Water District

 | 

Healthcare provider Ardent Health Services disclosed a ransomware attack

 | 

Ukraine's intelligence service hacked Russia's Federal Air Transport Agency,
Rosaviatsia

 | 

Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of
Aliquippa in Pennsylvania

 | 

The hack of MSP provider CTS potentially impacted hundreds of UK law firms

 | 

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Rhysida ransomware gang claimed China Energy hack

 | 

North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply
chain attack

 | 

Hamas-linked APT uses Rust-based SysJoker backdoor against Israel

 | 

App used by hundreds of schools leaking children's data

 | 

Microsoft launched its new Microsoft Defender Bounty Program

 | 

Exposed Kubernetes configuration secrets can fuel supply chain attacks

 | 

North Korea-linked Konni APT uses Russian-language weaponized documents

 | 

ClearFake campaign spreads macOS AMOS information stealer

 | 

Welltok data breach impacted 8.5 million patients in the U.S.

 | 

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink
software

 | 

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

 | 

New InfectedSlurs Mirai-based botnet exploits two zero-days

 | 

SiegedSec hacktivist group hacked Idaho National Laboratory (INL)

 | 

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities
catalog

 | 

Citrix provides additional measures to address Citrix Bleed

 | 

Tor Project removed several relays associated with a suspicious cryptocurrency
scheme

 | 

Experts warn of a surge in NetSupport RAT attacks against education and
government sectors

 | 

The Top 5 Reasons to Use an API Management Platform

 | 

Canadian government impacted by data breaches of two of its contractors

 | 

Rhysida ransomware gang is auctioning data stolen from the British Library

 | 

Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies

 | 

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

 | 

US teenager pleads guilty to his role in credential stuffing attack on a betting
site

 | 

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

8Base ransomware operators use a new variant of the Phobos ransomware

 | 

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

 | 

The board of directors of OpenAI fired Sam Altman

 | 

Medusa ransomware gang claims the hack of Toyota Financial Services

 | 

CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities
catalog

 | 

Zimbra zero-day exploited to steal government emails by four groups

 | 

Vietnam Post exposes 1.2TB of data, including email addresses

 | 

Samsung suffered a new data breach

 | 

FBI and CISA warn of attacks by Rhysida ransomware gang

 | 

Critical flaw fixed in SAP Business One product

 | 

Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

 | 

Gamblers’ data compromised after casino giant Strendus fails to set password

 | 

VMware disclosed a critical and unpatched authentication bypass flaw in VMware
Cloud Director Appliance

 | 

Danish critical infrastructure hit by the largest cyber attack in Denmark's
history

 | 

Major Australian ports blocked after a cyber attack on DP World

 | 

Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024

 | 

CISA adds five vulnerabilities in Juniper devices to its Known Exploited
Vulnerabilities catalog

 | 

LockBit ransomware gang leaked data stolen from Boeing

 | 

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills
assessment portals

 | 

The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital

 | 

The State of Maine disclosed a data breach that impacted 1.3M people

 | 

Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

 | 

Serbian pleads guilty to running ‘Monopoly’ dark web drug market

 | 

McLaren Health Care revealed that a data breach impacted 2.2 million people

 | 

After ChatGPT, Anonymous Sudan took down the Cloudflare website

 | 

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

 | 

SysAid zero-day exploited by Clop ransomware group

 | 

Dolly.com pays ransom, attackers release data anyway

 | 

DDoS attack leads to significant disruption in ChatGPT services

 | 

Russian Sandworm disrupts power in Ukraine with a new OT attack

 | 

Veeam fixed multiple flaws in Veeam ONE, including critical issues

 | 

Pro-Palestinian hackers group 'Soldiers of Solomon' disrupted the production
cycle of the biggest flour production plant in Israel

 | 

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive
cyber attacks

 | 

Critical Confluence flaw exploited in ransomware attacks

 | 

QNAP fixed two critical vulnerabilities in QTS OS and apps

 | 

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

 | 

Socks5Systemz proxy service delivered via PrivateLoader and Amadey

 | 

US govt sanctioned a Russian woman for laundering virtual currency on behalf of
threat actors

 | 

Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

 | 

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

 | 

ZDI discloses four zero-day flaws in Microsoft Exchange

 | 

Okta customer support system breach impacted 134 customers

 | 

Multiple WhatsApp mods spotted containing the CanesSpy Spyware

 | 

Russian FSB arrested Russian hackers who supported Ukrainian cyber operations

 | 

MuddyWater has been spotted targeting two Israeli entities

 | 

Clop group obtained access to the email addresses of about 632,000 US federal
employees

 | 

Okta discloses a new data breach after a third-party vendor was hacked

 | 

Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install
HelloKitty ransomware

 | 

Boeing confirmed its services division suffered a cyberattack

 | 

Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India

 | 

Who is behind the Mozi Botnet kill switch?

 | 

CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog

 | 

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

 | 

Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper

 | 

British Library suffers major outage due to cyberattack

 | 

Critical Atlassian Confluence flaw can lead to significant data loss

 | 

WiHD leak exposes details of all torrent users

 | 

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

 | 

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

 | 

Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of
$1M in cryptocurrency

 | 

Wiki-Slack attack allows redirecting business professionals to malicious
websites

 | 

HackerOne awarded over $300 million bug hunters

 | 

StripedFly, a complex malware that infected one million devices without being
noticed

 | 

IT Army of Ukraine disrupted internet providers in territories occupied by
Russia

 | 

Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023

 | 

Lockbit ransomware gang claims to have stolen data from Boeing

 | 

How to Collect Market Intelligence with Residential Proxies?

 | 

F5 urges to address a critical flaw in BIG-IP

 | 

Hello Alfred app exposes user data

 | 

iLeakage attack exploits Safari to steal data from Apple devices

 | 

Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding
100 million rps

 | 

Seiko confirmed a data breach after BlackCat attack

 | 

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent
attacks

 | 

Pwn2Own Toronto 2023 Day 1 - organizers awarded $438,750 in prizes

 | 

VMware addressed critical vCenter flaw also for End-of-Life products

 | 

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

 | 

New England Biolabs leak sensitive data

 | 

Former NSA employee pleads guilty to attempted selling classified documents to
Russia

 | 

Experts released PoC exploit code for VMware Aria Operations for Logs flaw.
Patch it now!

 | 

How did the Okta Support breach impact 1Password?

 | 

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale
on the Dark Web

 | 

Spain police dismantled a cybercriminal group who stole the data of 4 million
individuals

 | 

CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities
catalog

 | 

Cisco warns of a second IOS XE zero-day used to infect devices worldwide

 | 

City of Philadelphia suffers a data breach

 | 

SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

 | 

Don't use AI-based apps, Philippine defense ordered its personnel

 | 

Vietnamese threat actors linked to DarkGate malware campaign

 | 

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

 | 

The attack on the International Criminal Court was targeted and sophisticated

 | 

Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

A threat actor is selling access to Facebook and Instagram's Police Portal

 | 

Threat actors breached Okta support system and stole customers' data

 | 

US DoJ seized domains used by North Korean IT workers to defraud businesses
worldwide

 | 

Alleged developer of the Ragnar Locker ransomware was arrested

 | 

CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

 | 

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

 | 

Law enforcement operation seized Ragnar Locker group's infrastructure

 | 

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

 | 

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

 | 

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

 | 

Californian IT company DNA Micro leaks private mobile phone data

 | 

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway
devices since August

 | 

A flaw in Synology DiskStation Manager allows admin account takeover

 | 

D-Link confirms data breach, but downplayed the impact

 | 

CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE
systems

 | 

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

 | 

Ransomware realities in 2023: one employee mistake can cost a company millions

 | 

Malware-laced 'RedAlert - Rocket Alerts' app targets Israeli users 

 | 

Cisco warns of active exploitation of IOS XE zero-day

 | 

Signal denies claims of an alleged zero-day flaw in its platform

 | 

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering
firm

 | 

DarkGate malware campaign abuses Skype and Teams

 | 

The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital

 | 

Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL
EDITION

 | 

Lockbit ransomware gang demanded an 80 million ransom to CDW

 | 

CISA warns of vulnerabilities and misconfigurations exploited in ransomware
attacks

 | 

Stayin' Alive campaign targets high-profile Asian government and telecom
entities. Is it linked to ToddyCat APT?

 | 

FBI and CISA published a new advisory on AvosLocker ransomware

 | 

More than 17,000 WordPress websites infected with the Balada Injector in
September

 | 

Ransomlooker, a new tool to track and analyze ransomware groups' activities

 | 

Phishing, the campaigns that are targeting Italy

 | 

A new Magecart campaign hides the malicious code in 404 error page

 | 

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities
catalog

 | 

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

 | 

Air Europa data breach exposed customers' credit cards

 | 

#OpIsrael, #FreePalestine & #OpSaudiArabia - How Cyber Actors Capitalize On War
Actions Via Psy-Ops

 | 

Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited
zero-day flaws

 | 

New 'HTTP/2 Rapid Reset' technique behind record-breaking DDoS attacks

 | 

Exposed security cameras in Israel and Palestine pose significant risks

 | 

A flaw in libcue library impacts GNOME Linux systems

 | 

Hacktivists in Palestine and Israel after SCADA and other industrial control
systems

 | 

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits
CVE-2023-3519

 | 

The source code of the 2020 variant of HelloKitty ransomware was leaked on a
cybercrime forum

 | 

Gaza-linked hackers and Pro-Russia groups are targeting Israel

 | 

Flagstar Bank suffered a data breach once again

 | 

Android devices shipped with backdoored firmware as part of the BADBOX network

 | 

Security Affairs newsletter Round 440 by Pierluigi Paganini – International
edition

 | 

North Korea-linked Lazarus APT laundered over $900 million through cross-chain
crime

 | 

QakBot threat actors are still operational after the August takedown

 | 

Ransomware attack on MGM Resorts costs $110 Million

 | 

Cybersecurity, why a hotline number could be important?

 | 

Multiple experts released exploits for Linux local privilege escalation flaw
Looney Tunables

 | 

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix
it immediately!

 | 

Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at
European hub in Liege

 | 

CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited
Vulnerabilities catalog

 | 

NATO is investigating a new cyber attack claimed by the SiegedSec group

 | 

Global CRM Provider Exposed Millions of Clients’ Files Online

 | 

Sony sent data breach notifications to about 6,800 individuals

 | 

Apple fixed the 17th zero-day flaw exploited in attacks

 | 

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

 | 

A cyberattack disrupted Lyca Mobile services

 | 

Chipmaker Qualcomm warns of three actively exploited zero-days

 | 

DRM Report Q2 2023 - Ransomware threat landscape

 | 

Phishing campaign targeted US executives exploiting a flaw in Indeed job search
platform

 | 

San Francisco’s transport agency exposes drivers’ parking permits and addresses

 | 

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

 | 

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and
more)

 | 

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

 | 

European Telecommunications Standards Institute (ETSI) suffered a data breach

 | 

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

 | 

National Logistics Portal (NLP) data leak: seaports in India were left
vulnerable to takeover by hackers

 | 

North Korea-linked Lazarus targeted a Spanish aerospace company

 | 

Ransomware attack on Johnson Controls may have exposed sensitive DHS data

 | 

BlackCat gang claims they stole data of 2.5 million patients of McLaren Health
Care

 | 

Security Affairs newsletter Round 439 by Pierluigi Paganini – International
edition

 | 

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

 | 

FBI warns of dual ransomware attacks

 | 

Progress Software fixed two critical severity flaws in WS_FTP Server

 | 

Child abuse site taken down, organized child exploitation crime suspected –
exclusive

 | 

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

 | 

Chinese threat actors stole around 60,000 emails from US State Department in
Microsoft breach

 | 

Misconfigured WBSC server leaks thousands of passports

 | 

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities
catalog

 | 

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

 | 

Dark Angels Team ransomware group hit Johnson Controls

 | 

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

 | 

Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones
and Android devices

 | 

China-linked APT BlackTech was spotted hiding in Cisco router firmware

 | 

Watch out! CVE-2023-5129 in libwebp library affects millions applications

 | 

DarkBeam leaks billions of email and password combinations

 | 

'Ransomed.vc' in the Spotlight - What is Known About the Ransomware Group
Targeting Sony and NTT Docomo

 | 

Top 5 Problems Solved by Data Lineage

 | 

Threat actors claim the hack of Sony, and the company investigates

 | 

Canadian Flair Airlines left user data leaking for months

 | 

The Rhysida ransomware group hit the Kuwait Ministry of Finance

 | 

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care
patients

 | 

Xenomorph malware is back after months of hiatus and expands the list of targets

 | 

Smishing Triad Stretches Its Tentacles into the United Arab Emirates

 | 

Crooks stole $200 million worth of assets from Mixin Network

 | 

A phishing campaign targets Ukrainian military entities with drone manual lures

 | 

Alert! Patch your TeamCity instance to avoid server hack

 | 

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

 | 

Nigerian National pleads guilty to participating in a millionaire BEC scheme

 | 

New variant of BBTok Trojan targets users of +40 banks in LATAM

 | 

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

 | 

Alphv group claims the hack of Clarion, a global manufacturer of audio and video
equipment for cars

 | 

Security Affairs newsletter Round 438 by Pierluigi Paganini – International
edition

 | 

National Student Clearinghouse data breach impacted approximately 900 US schools

 | 

Government of Bermuda blames Russian threat actors for the cyber attack

 | 

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt
with Predator spyware

 | 

CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its
Known Exploited Vulnerabilities catalog

 | 

Information of Air Canada employees exposed in recent cyberattack

 | 

Sandman APT targets telcos with LuaDream backdoor

 | 

Apple rolled out emergency updates to address 3 new actively exploited zero-day
flaws

 | 

Ukrainian hackers are behind the Free Download Manager supply chain attack

 | 

Space and defense tech maker Exail Technologies exposes database access

 | 

Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports
causing severe disruptions

 | 

Experts found critical flaws in Nagios XI network monitoring software

 | 

The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs

 | 

International Criminal Court hit with a cyber attack

 | 

GitLab addressed critical vulnerability CVE-2023-5009

 | 

Trend Micro addresses actively exploited zero-day in Apex One and other security
Products

 | 

ShroudedSnooper threat actors target telecom companies in the Middle East

 | 

Recent cyber attack is causing Clorox products shortage

 | 

Earth Lusca expands its arsenal with SprySOCKS Linux malware

 | 

Microsoft AI research division accidentally exposed 38TB of sensitive data

 | 

German intelligence warns cyberattacks could target liquefied natural gas (LNG)
terminals

 | 

Deepfake and smishing. How hackers compromised the accounts of 27 Retool
customers in the crypto industry

 | 

FBI hacker USDoD leaks highly sensitive TransUnion data

 | 

North Korea's Lazarus APT stole almost $240 million in crypto assets since June

 | 

Clop gang stolen data from major North Carolina hospitals

 | 

CardX released a data leak notification impacting their customers in Thailand

 | 

Security Affairs newsletter Round 437 by Pierluigi Paganini – International
edition

 | 

TikTok fined €345M by Irish DPC for violating children’s privacy

 | 

Dariy Pankov, the NLBrute malware author, pleads guilty

 | 

Dangerous permissions detected in top Android health apps

 | 

Caesars Entertainment paid a ransom to avoid stolen data leaks

 | 

Free Download Manager backdoored to serve Linux malware for more than 3 years

 | 

Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn
Medical Center in New York

 | 

The iPhone of a Russian journalist was infected with the Pegasus spyware

 | 

Kubernetes flaws could lead to remote code execution on Windows endpoints

 | 

Threat actor leaks sensitive data belonging to Airbus

 | 

A new ransomware family called 3AM appears in the threat landscape

 | 

Redfly group infiltrated an Asian national grid as long as six months

 | 

Mozilla fixed a critical zero-day in Firefox and Thunderbird

 | 

Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws

 | 

Save the Children confirms it was hit by cyber attack

 | 

Adobe fixed actively exploited zero-day in Acrobat and Reader

 | 

A new Repojacking attack exposed over 4,000 GitHub repositories to hack

 | 

MGM Resorts hit by a cyber attack

 | 

Anonymous Sudan launched a DDoS attack against Telegram

 | 

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the
U.A.E. using a new backdoor

 | 

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

 | 

CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities
Catalog

 | 

UK and US sanctioned 11 members of the Russia-based TrickBot gang

 | 

New HijackLoader malware is rapidly growing in popularity in the cybercrime
community

 | 

Some of TOP universities wouldn’t pass cybersecurity exam: left websites
vulnerable

 | 

Evil Telegram campaign: Trojanized Telegram apps found on Google Play

 | 

Rhysida Ransomware gang claims to have hacked three more US hospitals

 | 

Akamai prevented the largest DDoS attack on a US financial company

 | 

Security Affairs newsletter Round 436 by Pierluigi Paganini – International
edition

 | 

US CISA added critical Apache RocketMQ flaw to its Known Exploited
Vulnerabilities catalog

 | 

Ragnar Locker gang leaks data stolen from the Israel's Mayanei Hayeshua hospital

 | 

North Korea-linked threat actors target cybersecurity experts with a zero-day

 | 

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

 | 

Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

 | 

Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs

 | 

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

 | 

Two flaws in Apache SuperSet allow to remotely hack servers

 | 

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to
a mistake

 | 

Google addressed an actively exploited zero-day in Android

 | 

A zero-day in Atlas VPN Linux Client leaks users' IP address

 | 

MITRE and CISA release Caldera for OT attack emulation

 | 

ASUS routers are affected by three critical remote code execution flaws

 | 

Hackers stole $41M worth of crypto assets from crypto gambling firm Stake

 | 

Freecycle data breach impacted 7 Million users

 | 

Meta disrupted two influence campaigns from China and Russia

 | 

A massive DDoS attack took down the site of the German financial agency BaFin

 | 

"Smishing Triad" Targeted USPS and US Citizens for Data Theft

 | 

University of Sydney suffered a security breach caused by a third-party service
provider

 | 

Cybercrime will cost Germany $224 billion in 2023

 | 

PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for
Networks

 | 

Security Affairs newsletter Round 435 by Pierluigi Paganini – International
edition

 | 

LockBit ransomware gang hit the Commission des services electriques de Montréal
(CSEM)

 | 

UNRAVELING EternalBlue: inside the WannaCry’s enabler

 | 

Researchers released a free decryptor for the Key Group ransomware

 | 

Fashion retailer Forever 21 data breach impacted +500,000 individuals

 | 

Russia-linked hackers target Ukrainian military with Infamous Chisel Android
malware

 | 

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

 | 

Paramount Global disclosed a data breach

 | 

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and
2K others leaked by workplace safety organization

 | 

Abusing Windows Container Isolation Framework to avoid detection by security
products

 | 

Critical RCE flaw impacts VMware Aria Operations Networks

 | 

UNC4841 threat actors hacked US government email servers exploiting Barracuda
ESG flaw

 | 

Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy
for Cybersecurity (NISC) for months

 | 

FIN8-linked actor targets Citrix NetScaler systems

 | 

Japan's JPCERT warns of new 'MalDoc in PDF' attack technique

 | 

Attackers can discover IP address by sending a link over the Skype mobile app

 | 

Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software

 | 

Cloud and hosting provider Leaseweb took down critical systems after a cyber
attack

 | 

Crypto investor data exposed by a SIM swapping attack against a Kroll employee

 | 

China-linked Flax Typhoon APT targets Taiwan

 | 

Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035

 | 

Resecurity identified a zero-day vulnerability in Schneider Electric Accutech
Manager

 | 
 * Home
 * Cyber Crime
 * Cyber warfare
 * APT
 * Data Breach
 * Deep Web
 * Digital ID
 * Hacking
 * Hacktivism
 * Intelligence
 * Internet of Things
 * Laws and regulations
 * Malware
 * Mobile
 * Reports
 * Security
 * Social Networks
 * Terrorism
 * ICS-SCADA
 * POLICIES
 * Contact me


APT

December 12, 2024


RUSSIA'S SECRET BLIZZARD APT TARGETS UKRAINE WITH KAZUAR BACKDOOR

Security

December 11, 2024


CHINESE NATIONAL CHARGED FOR HACKING THOUSANDS OF SOPHOS FIREWALLS

APT

December 11, 2024


OPERATION DIGITAL EYE: CHINA-LINKED RELIES ON VISUAL STUDIO CODE REMOTE TUNNELS
TO SPY ON EUROPEN ENTITIES


LATEST NEWS

VIEW ALL
APT

EXPERTS DISCOVERED THE FIRST MOBILE MALWARE FAMILIES LINKED TO RUSSIA'S
GAMAREDON

Pierluigi Paganini December 13, 2024

The Russia-linked APT Gamaredon used two new Android spyware tools
called BoneSpy and PlainGnome against former Soviet states. Lookout researchers
linked the BoneSpy and PlainGnome Android surv ...

Data Breach

US BITCOIN ATM OPERATOR BYTE FEDERAL SUFFERED A DATA BREACH

Pierluigi Paganini December 12, 2024

US Bitcoin ATM operator Byte Federal suffered a data breach impacting 58,000
customers, attackers gained unauthorized access to a server via GitLab flaw. US
Bitcoin ATM operator Byte Federal discl ...

Malware

EXPERTS DISCOVERED SURVEILLANCE TOOL EAGLEMSGSPY USED BY CHINESE LAW ENFORCEMENT

Pierluigi Paganini December 12, 2024

Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather
data from Android devices, as detailed by Lookout. Researchers at the Lookout
Threat Lab discovered a surveillance ...

Cyber Crime

OPERATION POWEROFF TOOK DOWN 27 DDOS PLATFORMS ACROSS 15 COUNTRIES

Pierluigi Paganini December 12, 2024

Operation PowerOFF took down 27 DDoS stresser services globally, disrupting
illegal platforms used for launching cyberattacks. A global law enforcement
operation codenamed Operation PowerOFF disru ...

 * 
 * 1
 * 2
 * 3
   ...
 * 4142
 * 4143
 * 4144
 * 

TOP ARTICLES

EXPERTS SPOTTED A NEW MACOS BACKDOOR NAMED SPECTRALBLUR LINKED TO NORTH KOREA

January 06, 2024

UKRAINE’S SBU SAID THAT RUSSIA'S INTELLIGENCE HACKED SURVEILLANCE CAMERAS TO
DIRECT A MISSILE STRIKE ON KYIV

January 03, 2024

A CYBER ATTACK HIT THE BEIRUT INTERNATIONAL AIRPORT

January 07, 2024

SWISS AIR FORCE SENSITIVE FILES STOLEN IN THE HACK OF ULTRA INTELLIGENCE &
COMMUNICATIONS

January 08, 2024

CYBERCRIMINALS IMPLEMENTED ARTIFICIAL INTELLIGENCE (AI) FOR INVOICE FRAUD

January 03, 2024

NEWSLETTER

SUBSCRIBE TO MY EMAIL LIST AND STAY
UP-TO-DATE!





MOST POPULAR

VIEW ALL
Internet of Things


HACKERS TARGET CRITICAL FLAW CVE-2024-10914 IN EOL D-LINK NAS DEVICES

November 14, 2024

Hacking

U.S. CISA ADDS DAHUA IP CAMERA, LINUX KERNEL AND MICROSOFT EXCHANGE SERVER BUGS
TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

August 22, 2024

Cyber Crime

RANSOMWARE DRAMA: LAW ENFORCEMENT SEIZED LOCKBIT GROUP'S WEBSITE AGAIN

May 05, 2024

APT

ZIMBRA ZERO-DAY EXPLOITED TO STEAL GOVERNMENT EMAILS BY FOUR GROUPS

November 16, 2023

Malware

FBI AND CISA WARN OF ATTACKS BY RHYSIDA RANSOMWARE GANG

November 16, 2023


RECENT ARTICLES

Previous
Cyber Crime

CRYPTO INVESTOR DATA EXPOSED BY A SIM SWAPPING ATTACK AGAINST A KROLL EMPLOYEE

Security consulting giant Kroll disclosed a data breach resulting from a
SIM-swapping attack against one of its employees. Security consulting firm
Kroll revealed that a SIM-swappin ...

Pierluigi Paganini August 26, 2023
APT

CHINA-LINKED FLAX TYPHOON APT TARGETS TAIWAN

China-linked APT group Flax Typhoon targeted dozens of organizations in Taiwan
as part of a suspected espionage campaign. Microsoft linked the Chinese APT Flax
Typhoon (aka Ethereal Panda) to a cy ...

Pierluigi Paganini August 25, 2023
Breaking News

RESEARCHERS RELEASED POC EXPLOIT FOR IVANTI SENTRY FLAW CVE-2023-38035

Proof-of-concept exploit code for critical Ivanti Sentry authentication bypass
flaw CVE-2023-38035 has been released. Researchers released a proof-of-concept
(PoC) exploit code for critical Ivanti ...

Pierluigi Paganini August 24, 2023
Security

RESECURITY IDENTIFIED A ZERO-DAY VULNERABILITY IN SCHNEIDER ELECTRIC ACCUTECH
MANAGER

Resecurity researchers identified a zero-day Buffer Overflow vulnerability in
the Schneider Electric Accutech Manager product. Resecurity identified a
zero-day vulnerability in the Schneider Elec ...

Pierluigi Paganini July 11, 2023
APT

EXPERTS DISCOVERED THE FIRST MOBILE MALWARE FAMILIES LINKED TO RUSSIA'S
GAMAREDON

The Russia-linked APT Gamaredon used two new Android spyware tools
called BoneSpy and PlainGnome against former Soviet states. Lookout researchers
linked the BoneSpy and PlainGnome Android surv ...

Pierluigi Paganini December 13, 2024
Data Breach

US BITCOIN ATM OPERATOR BYTE FEDERAL SUFFERED A DATA BREACH

US Bitcoin ATM operator Byte Federal suffered a data breach impacting 58,000
customers, attackers gained unauthorized access to a server via GitLab flaw. US
Bitcoin ATM operator Byte Federal discl ...

Pierluigi Paganini December 12, 2024
Malware

EXPERTS DISCOVERED SURVEILLANCE TOOL EAGLEMSGSPY USED BY CHINESE LAW ENFORCEMENT

Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather
data from Android devices, as detailed by Lookout. Researchers at the Lookout
Threat Lab discovered a surveillance ...

Pierluigi Paganini December 12, 2024
Cyber Crime

OPERATION POWEROFF TOOK DOWN 27 DDOS PLATFORMS ACROSS 15 COUNTRIES

Operation PowerOFF took down 27 DDoS stresser services globally, disrupting
illegal platforms used for launching cyberattacks. A global law enforcement
operation codenamed Operation PowerOFF disru ...

Pierluigi Paganini December 12, 2024
APT

RUSSIA'S SECRET BLIZZARD APT TARGETS UKRAINE WITH KAZUAR BACKDOOR

Russia-linked APT group Secret Blizzard is using Amadey Malware-as-a-Service to
infect systems in Ukraine with the Kazuar backdoor. The Russia-linked APT group
Secret Blizzard (aka Turla, Snake ...

Pierluigi Paganini December 12, 2024
Breaking News

IVANTI FIXED A MAXIMUM SEVERITY VULNERABILITY IN ITS CSA SOLUTION

Ivanti addressed a critical authentication bypass vulnerability impacting its
Cloud Services Appliance (CSA) solution. Ivanti addressed a critical
authentication bypass vulnerability, tracked as C ...

Pierluigi Paganini December 11, 2024
APT

OPERATION DIGITAL EYE: CHINA-LINKED RELIES ON VISUAL STUDIO CODE REMOTE TUNNELS
TO SPY ON EUROPEN ENTITIES

An alleged China-linked APT group targeted large business-to-business IT service
providers in Southern Europe as part of Operation Digital Eye campaign. Between
late June and mid-July 2024, a Chin ...

Pierluigi Paganini December 11, 2024
Security

CHINESE NATIONAL CHARGED FOR HACKING THOUSANDS OF SOPHOS FIREWALLS

The U.S. has charged a Chinese national for hacking thousands of Sophos firewall
devices worldwide in 2020. The U.S. has charged the Chinese national Guan
Tianfeng (aka gbigmao and gxiaomao) for h ...

Pierluigi Paganini December 11, 2024
Cyber Crime

CYBERCRIMINALS IMPERSONATE DUBAI POLICE TO DEFRAUD CONSUMERS IN THE UAE -
SMISHING TRIAD IN ACTION

Resecurity uncovered a large-scale fraud campaign in the UAE where scammers
impersonate law enforcement to target consumers. Resecurity has identified a
wide-scale fraudulent campaign targeting co ...

Pierluigi Paganini December 11, 2024
Hacking

U.S. CISA ADDS MICROSOFT WINDOWS CLFS DRIVER FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft
Windows Common Log File System (CLFS) driver flaw to its Known Exploited
Vulnerabilities catalog. The U.S. Cybersecurity ...

Pierluigi Paganini December 11, 2024
Security

MICROSOFT DECEMBER 2024 PATCH TUESDAY ADDRESSED ACTIVELY EXPLOITED ZERO-DAY

Microsoft December 2024 Patch Tuesday security updates addressed 71
vulnerabilities including an actively exploited zero-day. Microsoft December
2024 Patch Tuesday security updates addressed 71 vu ...

Pierluigi Paganini December 10, 2024
Security

SAP FIXED CRITICAL SSRF FLAW IN NETWEAVER'S ADOBE DOCUMENT SERVICES

SAP has issued patches for 16 vulnerabilities, including a critical SSRF flaw in
NetWeaver's Adobe Document Services. SAP addressed 16 vulnerabilities as part of
its December 2024 Security Patch D ...

Pierluigi Paganini December 10, 2024
Hacking

ROMANIAN ENERGY SUPPLIER ELECTRICA GROUP IS FACING A RANSOMWARE ATTACK

Romanian energy supplier Electrica Group is investigating an ongoing ransomware
attack impacting its operations. Romanian energy supplier Electrica Group
suffered a cyber attack that is impacting ...

Pierluigi Paganini December 10, 2024
Cyber Crime

DELOITTE DENIED ITS SYSTEMS WERE HACKED BY BRAIN CIPHER RANSOMWARE GROUP

Deloitte has responded to claims by the Brain Cipher ransomware group, which
alleges the theft of over 1 terabyte of the company's data. Recently, the
ransomware group Brain Cipher added Deloitte ...

Pierluigi Paganini December 09, 2024
Hacking

MANDIANT DEVISED A TECHNIQUE TO BYPASS BROWSER ISOLATION USING QR CODES

Mandiant revealed a technique to bypass browser isolation using QR codes,
enabling command transmission from C2 servers. Browser isolation is a security
measure that separates web browsing from th ...

Pierluigi Paganini December 09, 2024
Data Breach

2023 ANNA JAQUES HOSPITAL DATA BREACH IMPACTED OVER 310,000 PEOPLE

Anna Jaques Hospital revealed that the ransomware attack it suffered last year
has exposed sensitive health data for over 316,000 patients. On December 25,
2023, a ransomware attack hit the Anna ...

Pierluigi Paganini December 09, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 23

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. SmokeLoader Attack
Targets Companies in Taiwan LogoFAIL Ex ...

Pierluigi Paganini December 08, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 501 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini December 08, 2024
Cyber Crime

REDLINE INFO-STEALER CAMPAIGN TARGETS RUSSIAN BUSINESSES THROUGH PIRATED
CORPORATE SOFTWARE

An ongoing RedLine information-stealing campaign is targeting Russian businesses
using pirated corporate software. Since January 2024, Russian businesses using
unlicensed software have been target ...

Pierluigi Paganini December 08, 2024
Cyber Crime

8BASE RANSOMWARE GROUP HACKED CROATIA'S PORT OF RIJEKA

The 8Base ransomware group attacked Croatia's Port of Rijeka, stealing sensitive
data, including contracts and accounting info. A cyber attack hit the Port of
Rijeka in Croatia, the 8Base ransomwa ...

Pierluigi Paganini December 07, 2024
Cyber warfare

ROMANIA ’S ELECTION SYSTEMS HIT BY 85,000 ATTACKS AHEAD OF PRESIDENTIAL VOTE

Romania 's election systems suffered over 85,000 attacks, with leaked
credentials posted on a Russian hacker forum before the presidential election.
Romania 's Intelligence Service revealed that o ...

Pierluigi Paganini December 07, 2024
Data Breach

NEW ATRIUM HEALTH DATA BREACH IMPACTS 585,000 INDIVIDUALS

Atrium Health disclosed a data breach affecting 585,000 individuals to the HHS,
potentially linked to the use of online tracking tools. Healthcare company
Atrium Health disclosed a data breach tha ...

Pierluigi Paganini December 06, 2024
Hacking

U.S. CISA ADDS CYBERPANEL FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds
CyberPanel flaw to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agency (CI ...

Pierluigi Paganini December 06, 2024
Security

HUNDRED OF CISCO SWITCHES IMPACTED BY BOOTLOADER FLAW

A bootloader vulnerability in Cisco NX-OS affects 100+ switches, allowing
attackers to bypass image signature checks. Cisco released security patches for
a vulnerability, tracked as CVE-2024-2039 ...

Pierluigi Paganini December 06, 2024
Cyber Crime

OPERATION DESTABILISE DISMANTLED RUSSIAN MONEY LAUNDERING NETWORKS

Operation Destabilise: The U.K. National Crime Agency disrupted Russian money
laundering networks tied to organized crime. The U.K. National Crime Agency
(NCA) disrupted Russian money laundering n ...

Pierluigi Paganini December 05, 2024
APT

RUSSIA-LINKED APT SECRET BLIZZARD SPOTTED USING INFRASTRUCTURE OF OTHER THREAT
ACTORS

Russia-linked APT group Secret Blizzard has used the tools and infrastructure of
at least 6 other threat actors during the past 7 years. Researchers from
Microsoft Threat Intelligence collected ev ...

Pierluigi Paganini December 05, 2024
APT

CHINA-LINKED APT SALT TYPHOON HAS BREACHED TELCOS IN DOZENS OF COUNTRIES

China-linked APT group Salt Typhoon has breached telecommunications companies in
dozens of countries, US govt warns. President Biden's deputy national security
adviser Anne Neuberger said that Chi ...

Pierluigi Paganini December 05, 2024
Breaking News

BLACK BASTA RANSOMWARE GANG HIT BT GROUP

BT Group (formerly British Telecom)'s Conferencing division shut down some of
its servers following a Black Basta ransomware attack. British multinational
telecommunications holding company BT Gro ...

Pierluigi Paganini December 04, 2024
Cyber Crime

AUTHORITIES SHUT DOWN CRIMENETWORK, THE GERMANY'S LARGEST CRIME MARKETPLACE

Germany's largest crime marketplace, Crimenetwork, has been shut down, and an
administrator has been arrested. German authorities announced the takedown of
Crimenetwork, the largest German-speakin ...

Pierluigi Paganini December 04, 2024
Security

VEEAM ADDRESSED CRITICAL SERVICE PROVIDER CONSOLE (VSPC) BUG

Veeam addressed a critical vulnerability in Service Provider Console (VSPC) that
could allow remote attackers to execute arbitrary code. Veeam released security
updates for a critical vulnerabilit ...

Pierluigi Paganini December 04, 2024
Hacking

AUSTRALIA, CANADA, NEW ZEALAND, AND THE U.S. WARN OF PRC-LINKED CYBER ESPIONAGE
TARGETING TELECOM NETWORKS

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage
targeting telecom networks in a joint advisory. Australia, Canada, New Zealand,
and the U.S. issued a joint advisory ...

Pierluigi Paganini December 04, 2024
Security

U.S. CISA ADDS PROJECTSEND, NORTH GRID PROSELF, AND ZYXEL FIREWALLS BUGS TO ITS
KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ProjectSend,
North Grid Proself, and Zyxel firewalls bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cybersecurity a ...

Pierluigi Paganini December 04, 2024
Hacking

THE ASA FLAW CVE-2014-2120 IS BEING ACTIVELY EXPLOITED IN THE WILD

Cisco warns customers that a decade-old ASA vulnerability, tracked as
CVE-2014-2120, is being actively exploited in the wild. Cisco warns that the
decade-old ASA vulnerability CVE-2014-2120 is bei ...

Pierluigi Paganini December 03, 2024
Cyber Crime

DMM BITCOIN HALTS OPERATIONS SIX MONTHS AFTER A $300 MILLION CYBER HEIST

The Japanese cryptocurrency platform DMM Bitcoin is closing its operations just
six months after a $300 million cyber heist. DMM Bitcoin is a cryptocurrency
exchange based in Japan, operated by DM ...

Pierluigi Paganini December 03, 2024
Cyber Crime

ENERGY INDUSTRY CONTRACTOR ENGLOBAL CORPORATION DISCLOSES A RANSOMWARE ATTACK

ENGlobal Corporation disclosed a ransomware attack, discovered on November 25,
disrupting operations, in a filing to the SEC. A ransomware attack disrupted the
operations of a major energy industr ...

Pierluigi Paganini December 03, 2024
Intelligence

POLAND PROBES PEGASUS SPYWARE ABUSE UNDER THE PIS GOVERNMENT

Poland probes Pegasus spyware abuse under the PiS government; ex-security chief
Piotr Pogonowski arrested to testify before parliament. Poland's government has
been investigating the alleged misus ...

Pierluigi Paganini December 03, 2024
Digital ID

TOR PROJECT NEEDS 200 WEBTUNNEL BRIDGES MORE TO BYPASS RUSSIA' CENSORSHIP

The Tor Project seeks help deploying 200 WebTunnel bridges by year-end to
counter government censorship. Recent reports from Russia show increased
censorship targeting the Tor network, including b ...

Pierluigi Paganini December 02, 2024
Cyber Crime

INTERPOL: OPERATION HAECHI-V LED TO MORE THAN 5,500 SUSPECTS ARRESTED

International law enforcement operation Operation HAECHI-V led to more than
5,500 suspects arrested and seized over $400 million. A global operation
code-named Operation HAECHI V, involving 40 cou ...

Pierluigi Paganini December 02, 2024
Uncategorized

HOW THREAT ACTORS CAN USE GENERATIVE ARTIFICIAL INTELLIGENCE?

Generative Artificial Intelligence (GAI) is rapidly revolutionizing various
industries, including cybersecurity, allowing the creation of realistic and
personalized content. The capabilities that ...

Pierluigi Paganini December 02, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. A Case-Control Study to
Measure Behavioral Risks of Malware E ...

Pierluigi Paganini December 01, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 500 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini December 01, 2024
Security

HACKERS STOLE MILLIONS OF DOLLARS FROM UGANDA CENTRAL BANK

Financially-motivated threat actors hacked Uganda 's central bank system,
government officials confirmed this week. Ugandan officials confirmed on
Thursday that the national central bank suffered ...

Pierluigi Paganini December 01, 2024
Cyber Crime

NOTORIOUS RANSOMWARE PROGRAMMER MIKHAIL PAVLOVICH MATVEEV ARRESTED IN RUSSIA

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka,
for developing malware and ties to hacking groups. Russian authorities arrested
a ransomware affiliate, Mikhail Pav ...

Pierluigi Paganini November 30, 2024
Cyber Crime

PHISHING-AS-A-SERVICE ROCKSTAR 2FA CONTINUES TO BE PREVALENT

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses
adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication.
Trustwave researchers are monitoring malicious a ...

Pierluigi Paganini November 29, 2024
Security

ZELLO URGES USERS TO RESET PASSWORDS FOLLOWING A CYBER ATTACK

Zello urges customers with accounts created before November 2 to reset passwords
following a potential security breach. Zello is warning customers who have an
account created before November 2 to ...

Pierluigi Paganini November 29, 2024
Uncategorized

A CYBERATTACK IMPACTED OPERATIONS AT UK WIRRAL UNIVERSITY TEACHING HOSPITAL

UK's Wirral University Teaching Hospital suffered a cyberattack that caused
delays in appointments and procedures. Wirral University Teaching Hospital NHS
Foundation Trust (WUTH) is an NHS Foundat ...

Pierluigi Paganini November 28, 2024
Uncategorized

T-MOBILE DETECTED NETWORK INTRUSION ATTEMPTS AND BLOCKED THEM

T-Mobile reported recent infiltration attempts but pointed out that threat
actors had no access to its systems and no sensitive data was compromised.
T-Mobile detected recent infiltration attempts ...

Pierluigi Paganini November 28, 2024
Hacking

PROJECTSEND CRITICAL FLAW ACTIVELY EXPLOITED IN THE WILD, EXPERTS WARN

Researchers warn that a critical security flaw in ProjectSend open-source
file-sharing application may be under active exploitation. VulnCheck researchers
warn that ProjectSend vulnerability CVE- ...

Pierluigi Paganini November 28, 2024
Malware

BOOTKITTY IS THE FIRST UEFI BOOTKIT DESIGNED FOR LINUX SYSTEMS

ESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit
specifically designed for Linux systems, named Bootkitty. Cybersecurity
researchers from ESET discovered the first UE ...

Pierluigi Paganini November 27, 2024
Security

VMWARE FIXED FIVE VULNERABILITIES IN ARIA OPERATIONS PRODUCT

Virtualization giant VMware addressed multiple vulnerabilities in its Aria
Operations product that can led to privilege escalation and XSS attacks. VMware
released security updates to address five ...

Pierluigi Paganini November 27, 2024
Cyber Crime

OPERATION SERENGETI: INTERPOL ARRESTED 1,006 SUSPECTS IN 19 AFRICAN COUNTRIES

Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries
and dismantled 134,089 malicious networks. A joint law enforcement operation by
INTERPOL and AFRIPOL across 19 African ...

Pierluigi Paganini November 27, 2024
APT

RUSSIAN GROUP ROMCOM EXPLOITED FIREFOX AND TOR BROWSER ZERO-DAYS TO TARGET
ATTACKS EUROPE AND NORTH AMERICA

The Russian RomCom group exploited Firefox and Tor Browser zero-day
vulnerabilities in attacks on users in Europe and North America. Russian-based
cybercrime group RomCom (aka UAT-5647, Storm-0 ...

Pierluigi Paganini November 27, 2024
Uncategorized

SOFTWARE FIRM BLUE YONDER PROVIDING SERVICES TO US AND UK STORES, INCLUDING
STARBUCKS, HIT BY RANSOMWARE ATTACK

Blue Yonder, a supply chain software provider, suffered a ransomware attack,
impacting operations for clients like Starbucks and grocery stores. A ransomware
attack on Blue Yonder disrupted operat ...

Pierluigi Paganini November 26, 2024
Malware

THE SOURCE CODE OF BANSHEE STEALER LEAKED ONLINE

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code
leaked online. The code is now available on GitHub. In August 2024, Russian
hackers promoted BANSHEE Stealer, a macOS ...

Pierluigi Paganini November 26, 2024
Hacking

U.S. CISA ADDS ARRAY NETWORKS AG AND VXAG ARRAYOS FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Array Networks
AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini November 26, 2024
Cyber Crime

THAI POLICE ARRESTED CHINESE HACKERS INVOLVED IN SMS BLASTER ATTACKS

Thai authorities arrested fraud gangs in Bangkok for SMS blaster attacks, they
used fake cell towers to send thousands of malicious SMS messages to nearby
phones. Thai authorities arrested members ...

Pierluigi Paganini November 26, 2024
Cyber Crime

ZYXEL FIREWALLS TARGETED IN RECENT RANSOMWARE ATTACKS

Zyxel warns that a ransomware group has been observed exploiting a recently
patched command injection issue in its firewalls. Zyxel warns that a ransomware
gang has been observed exploiting a rece ...

Pierluigi Paganini November 25, 2024
Hacking

MALWARE CAMPAIGN ABUSED FLAWED AVAST ANTI-ROOTKIT DRIVER

Threat actors exploit an outdated Avast Anti-Rootkit driver to evade detection,
disable security tools, and compromise the target systems. Trellix researchers
uncovered a malware campaign that abu ...

Pierluigi Paganini November 25, 2024
APT

RUSSIA-LINKED APT TAG-110 USES TARGETS EUROPE AND ASIA

Russia-linked threat actors TAG-110 employed custom malware HATVIBE and
CHERRYSPY to target organizations in Asia and Europe. Insikt Group researchers
uncovered an ongoing cyber-espionage campaign ...

Pierluigi Paganini November 25, 2024
Intelligence

RUSSIA-LINKED THREAT ACTORS THREATEN THE UK AND ITS ALLIES, MINISTER TO SAY

A senior UK minister will warn that Russia is preparing cyberattacks against the
UK and its allies to undermine support for Ukraine. Russia may launch
cyberattacks against the UK and its allies in ...

Pierluigi Paganini November 25, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 499 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini November 24, 2024
Cyber Crime

DOJ SEIZED CREDIT CARD MARKETPLACE POPEYETOOLS AND CHARGES ITS ADMINISTRATORS

The U.S. seized the stolen credit card marketplace PopeyeTools and charged its
operators, this is a major success against cybercrime. The US Department of
Justice announced the seizure of PopeyeTo ...

Pierluigi Paganini November 24, 2024
Hacking

A CYBERATTACK ON GAMBLING GIANT IGT DISRUPTED PORTIONS OF ITS IT SYSTEMS

A cyberattack on gambling giant IGT disrupted its systems, forcing the company
to take certain services offline. International Game Technology (IGT) detected a
cyberattack on November 17, the comp ...

Pierluigi Paganini November 23, 2024
APT

CHINA-LINKED APT GELSEMIUM USES A NEW LINUX BACKDOOR DUBBED WOLFSBANE

China-linked APT Gelsemium has been observed using a new Linux backdoor dubbed
WolfsBane in attacks targeting East and Southeast Asia. China-linked APT
Gelsemium has deployed a previously unknown ...

Pierluigi Paganini November 23, 2024
Cyber Crime

MICROSOFT SEIZED 240 SITES USED BY THE ONNX PHISHING SERVICE

Microsoft disrupted the ONNX phishing service, seizing 240 sites and naming an
Egyptian man as the operator behind the operation. Microsoft announced the
disruption of the ONNX phishing service, a ...

Pierluigi Paganini November 23, 2024
Security

U.S. CISA ADDS APPLE, ORACLE AGILE PLM BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Oracle
Agile PLM bugs to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Ag ...

Pierluigi Paganini November 22, 2024
Hacking

MORE THAN 2,000 PALO ALTO NETWORKS FIREWALLS HACKED EXPLOITING RECENTLY PATCHED
ZERO-DAYS

Threat actors already hacked thousands of Palo Alto Networks firewalls
exploiting recently patched zero-day vulnerabilities. Thousands of Palo Alto
Networks firewalls have reportedly been compromi ...

Pierluigi Paganini November 22, 2024
Data Breach

RANSOMHUB RANSOMWARE GANG CLAIMS THE HACK OF MEXICAN GOVERNMENT LEGAL AFFAIRS
OFFICE

Mexico is investigating a ransomware attack targeting its legal affairs office,
as confirmed by the president amidst growing cybersecurity concerns. Mexico’s
president announced the government i ...

Pierluigi Paganini November 21, 2024
Cyber Crime

US DOJ CHARGES FIVE ALLEGED MEMBERS OF THE SCATTERED SPIDER CYBERCRIME GANG

The U.S. Justice Department charged five suspects linked to the Scattered Spider
cybercrime gang with wire fraud conspiracy. The U.S. Justice Department charged
five alleged members of the cybercr ...

Pierluigi Paganini November 21, 2024
Data Breach

THREAT ACTOR SELLS DATA OF OVER 750,000 PATIENTS FROM A FRENCH HOSPITAL

A threat actor had access to electronic patient record system of an unnamed
French hospital, and the health data of 750,000 patients was compromised. An
unnamed French hospital suffered a data bre ...

Pierluigi Paganini November 21, 2024
Security

DECADE-OLD LOCAL PRIVILEGE ESCALATION BUGS IMPACTS UBUNTU NEEDRESTART PACKAGE

Decade-old flaws in the needrestart package in Ubuntu Server could allow local
attackers to gain root privileges without user interaction. The Qualys Threat
Research Unit (TRU) discovered five Loc ...

Pierluigi Paganini November 21, 2024
Breaking News

FORD DATA BREACH INVOLVED A THIRD-PARTY SUPPLIER

Ford investigates a data breach linked to a third-party supplier and pointed out
that its systems and customer data were not compromised. Ford investigation
investigated a data breach after a thre ...

Pierluigi Paganini November 20, 2024
Security

HACKER OBTAINED DOCUMENTS TIED TO LAWSUIT OVER MATT GAETZ'S SEXUAL MISCONDUCT
ALLEGATIONS

A hacker allegedly accessed a file containing testimony from a woman claiming
she had sex with Matt Gaetz when she was 17, sparking controversy. The New York
Times reported that a hacker, who goes ...

Pierluigi Paganini November 20, 2024
Security

APPLE ADDRESSED TWO ACTIVELY EXPLOITED ZERO-DAY VULNERABILITIES

Apple released security updates for iOS, iPadOS, macOS, visionOS, and Safari
browser to address two actively exploited zero-day flaws. Apple released
security updates for two zero-day vulnerabilit ...

Pierluigi Paganini November 20, 2024
Cyber Crime

UNSECURED JUPYTERLAB AND JUPYTER NOTEBOOKS SERVERS ABUSED FOR ILLEGAL STREAMING
OF SPORTS EVENTS

Threat actors exploit misconfigured JupyterLab and Jupyter Notebooks servers to
rip sports streams and illegally redistribute them. Researchers from security
firm Aqua observed threat actors explo ...

Pierluigi Paganini November 20, 2024
Cyber Crime

RUSSIAN PHOBOS RANSOMWARE OPERATOR FACES CYBERCRIME CHARGES

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks,
was extradited from South Korea to the US to face cybercrime charges. Russian
Phobos ransomware operator Evgenii Pt ...

Pierluigi Paganini November 19, 2024
Data Breach

GREAT PLAINS REGIONAL MEDICAL CENTER RANSOMWARE ATTACK IMPACTED 133,000
INDIVIDUALS

A ransomware attack on Great Plains Regional Medical Center compromised personal
data of 133,000 individuals, exposing sensitive information. On September 8,
2024, Great Plains Regional Medical Ce ...

Pierluigi Paganini November 19, 2024
Security

RECENTLY DISCLOSED VMWARE VCENTER SERVER BUGS ARE ACTIVELY EXPLOITED IN ATTACKS

Threat actors are actively exploiting two VMware vCenter Server vulnerabilities
tracked as CVE-2024-38812 and CVE-2024-38813, Broadcom warns. Broadcom warns
that the two VMware vCenter Server vuln ...

Pierluigi Paganini November 18, 2024
Data Breach

FOREIGN ADVERSARY HACKED EMAIL COMMUNICATIONS OF THE LIBRARY OF CONGRESS SAYS

The Library of Congress discloses the compromise of some of its IT systems, an
alleged foreign threat actor hacked their emails. The Library of Congress
informed lawmakers about a security breach ...

Pierluigi Paganini November 18, 2024
APT

T-MOBILE IS ONE OF THE VICTIMS OF THE MASSIVE CHINESE BREACH OF TELECOM FIRMS

T-Mobile confirmed being a victim of recent hacking campaigns linked to
China-based threat actors targeting telecom companies. T-Mobile confirms it was
hacked as part of a long-running cyber espio ...

Pierluigi Paganini November 18, 2024
Security

INCREASED GDPR ENFORCEMENT HIGHLIGHTS THE NEED FOR DATA SECURITY

GDPR protects sensitive data like health and financial details, and its
enforcement underscores the growing need for stronger data security measures.
GDPR: The landscape of data privacy and protec ...

Pierluigi Paganini November 18, 2024
Hacking

CRITICAL REALLY SIMPLE SECURITY PLUGIN FLAW IMPACTS 4M+ WORDPRESS SITES

A Really Simple Security plugin flaw affects 4M+ sites, allowing attackers full
admin access. It’s one of the most critical WordPress vulnerabilities ever.
Wordfence researchers warn of a vulner ...

Pierluigi Paganini November 18, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 20

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini November 17, 2024
Malware

A BOTNET EXPLOITS E GEOVISION ZERO-DAY TO COMPROMISE EOL DEVICES

A botnet employed in DDoS or cryptomining attacks is exploiting a zero-day in
end-of-life GeoVision devices to grow up. Researchers at the Shadowserver
Foundation observed a botnet exploiting a ze ...

Pierluigi Paganini November 17, 2024
Hacking

PALO ALTO NETWORKS CONFIRMED ACTIVE EXPLOITATION OF RECENTLY DISCLOSED ZERO-DAY

Palo Alto Networks confirmed active exploitation of a zero-day in its PAN-OS
firewall and released new indicators of compromise (IoCs). Last week, Palo Alto
Networks warned customers to limit acce ...

Pierluigi Paganini November 16, 2024
Malware

GLOVE STEALER BYPASSES CHROME’S APP-BOUND ENCRYPTION TO STEAL COOKIES

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound
encryption and steal browser cookies. Glove Stealer is a .NET-based information
stealer that targets browser exten ...

Pierluigi Paganini November 16, 2024
Cyber Crime

BITFINEX HACKER ILYA LICHTENSTEIN WAS SENTENCED TO 5 YEARS IN PRISON

Bitfinex hacker, Ilya Lichtenstein, who stole 1 billion worth of Bitcoins from
Bitfinex in 2016, has been sentenced to five years in prison. "Ilya Lichtenstein
was sentenced today to five years in ...

Pierluigi Paganini November 15, 2024
Security

U.S. CISA ADDS PALO ALTO NETWORKS EXPEDITION BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto
Networks Expedition bugs to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure Secu ...

Pierluigi Paganini November 15, 2024
Internet of Things

HACKERS TARGET CRITICAL FLAW CVE-2024-10914 IN EOL D-LINK NAS DEVICES

The exploitation of the recently disclosed ‘won’t fix’ issue CVE-2024-10914 in
legacy D-Link NAS devices began days after its disclosure.   Days after D-Link
announced it wouldn't patch a ...

Pierluigi Paganini November 14, 2024
Intelligence

CHINA-LINKED THREAT ACTORS COMPROMISED MULTIPLE TELECOS AND SPIED ON A LIMITED
NUMBER OF U.S. GOVERNMENT OFFICIALS

China-linked threat actors breached U.S. broadband providers and gained access
to private communications of a limited number of U.S. government officials. The
FBI and CISA continues to investigate ...

Pierluigi Paganini November 14, 2024
Cyber Crime

BITDEFENDER RELEASED A DECRYPTOR FOR THE SHRINKLOCKER RANSOMWARE

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies
BitLocker configurations to encrypt a system's drives. ShrinkLocker ransomware
was first discovered in May 2024 by ...

Pierluigi Paganini November 14, 2024
APT

CHINA'S VOLT TYPHOON BOTNET HAS RE-EMERGED

China's Volt Typhoon botnet has re-emerged, using the same core infrastructure
and techniques, according to SecurityScorecard researchers. The China-linked
Volt Typhoon's botnet has resurfaced usi ...

Pierluigi Paganini November 13, 2024
Security

ZOOM ADDRESSED TWO HIGH-SEVERITY ISSUES IN ITS PLATFORM

Zoom addressed six flaws, including two high-severity issues that could allow
remote attackers to escalate privileges or leak sensitive information. Zoom
addressed six vulnerabilities in its video ...

Pierluigi Paganini November 13, 2024
Hacking

MICROSOFT PATCH TUESDAY SECURITY UPDATES FOR NOVEMBER 2024 FIX TWO ACTIVELY
EXPLOITED ZERO-DAYS

Microsoft Patch Tuesday security updates for November 2024 addressed 89
vulnerabilities, including two actively exploited zero-day flaws. Microsoft
Patch Tuesday security updates for November 2024 ...

Pierluigi Paganini November 13, 2024
Security

AHOLD DELHAIZE EXPERIENCED A CYBER INCIDENT AFFECTING SEVERAL OF ITS U.S. BRANDS

A cyber attack affected Ahold Delhaize USA brands, disrupting Giant Food,
Hannaford, their pharmacies, and e-commerce services. A cyber attack hit the
food giant Ahold Delhaize impacting US pharma ...

Pierluigi Paganini November 12, 2024
Hacking

A CYBERATTACK ON PAYMENT SYSTEMS BLOCKED CARDS READERS ACROSS STORES AND GAS
STATIONS IN ISRAEL

A cyberattack in Israel allegedly disrupted communication services, causing
widespread malfunction of credit card readers across the country on Sunday. The
Jerusalem Post reported that thousands o ...

Pierluigi Paganini November 12, 2024
Security

APPLE INDEED ADDED A FEATURE CALLED "INACTIVITY REBOOT" IN IOS 18.1 THAT REBOOTS
LOCKED DEVICES

Apple iOS supports a new feature that reboots locked devices after extended
inactivity, aiming to enhance data security for users. Apple 'quietly'
implemented a new security feature that automatic ...

Pierluigi Paganini November 12, 2024
Malware

YMIR RANSOMWARE, A NEW STEALTHY RANSOMWARE GROW IN THE WILD

New Ymir ransomware was deployed in attacks shortly after systems were breached
by RustyStealer malware, Kaspersky warns. Kaspersky researchers discovered a new
ransomware family, called Ymir rans ...

Pierluigi Paganini November 12, 2024
Data Breach

AMAZON DISCLOSES EMPLOYEE DATA BREACH AFTER MAY 2023 MOVEIT ATTACKS

Amazon disclosed a data breach exposing employee data, with information
allegedly stolen in the May 2023 MOVEit attacks. Amazon disclosed a data breach
that exposed employee information after data ...

Pierluigi Paganini November 11, 2024
Security

A NEW FILELESS VARIANT OF REMCOS RAT OBSERVED IN THE WILD

Fortinet researchers discovered a new phishing campaign spreading a variant of
the commercial malware Remcos RAT. Fortinet’s FortiGuard Labs recently uncovered
a phishing campaign spreading a ne ...

Pierluigi Paganini November 11, 2024
Hacking

A SURGE IN PRO-RUSSIA CYBERATTACKS AFTER DECISION TO MONITOR NORTH KOREAN TROOPS
IN UKRAINE

South Korea claims Pro-Russia actors intensified cyberattacks on national sites
after it decided to monitor North Korean troops in Ukraine. South Korea's
government blames pro-Russia threat actors ...

Pierluigi Paganini November 11, 2024
Breaking News

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 19

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini November 10, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 497 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini November 10, 2024
Hacking

U.S. AGENCY CAUTIONS EMPLOYEES TO LIMIT PHONE USE DUE TO SALT TYPHOON HACK OF
TELCO PROVIDERS

US CFPB warns employees to avoid work-related mobile calls and texts following
China-linked Salt Typhoon hack over security concerns. The US government’s
Consumer Financial Protection Bureau (CF ...

Pierluigi Paganini November 10, 2024
Security

MAZDA CONNECT FLAWS ALLOW TO HACK SOME MAZDA VEHICLES

Multiple vulnerabilities in the infotainment unit Mazda Connect could allow
attackers to execute arbitrary code with root access. Trend Micro's Zero Day
Initiative warned of multiple vulnerabiliti ...

Pierluigi Paganini November 09, 2024
Malware

VEEAM BACKUP & REPLICATION EXPLOIT REUSED IN NEW FRAG RANSOMWARE ATTACK

A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR)
was also recently exploited to deploy Frag ransomware. In mid-October, Sophos
researchers warned that ransomware ...

Pierluigi Paganini November 09, 2024
Cyber Crime

TEXAS OILFIELD SUPPLIER NEWPARK RESOURCES SUFFERED A RANSOMWARE ATTACK

Texas oilfield supplier Newpark Resources suffered a ransomware attack that
disrupted its information systems and business applications. Texas oilfield
supplier Newpark Resources revealed that a r ...

Pierluigi Paganini November 08, 2024
Security

PALO ALTO NETWORKS WARNS OF POTENTIAL RCE IN PAN-OS MANAGEMENT INTERFACE

Palo Alto Networks warns customers to restrict access to their next-generation
firewalls because of a potential RCE flaw in the PAN-OS management interface.
Palo Alto Networks warns customers to l ...

Pierluigi Paganini November 08, 2024
Mobile

IPHONES IN A LAW ENFORCEMENT FORENSICS LAB MYSTERIOUSLY REBOOTED LOSING THEIR
AFTER FIRST UNLOCK (AFU) STATE

Law enforcement warns that securely stored iPhones awaiting forensic examination
are mysteriously rebooting, making them harder to unlock, reported 404 Media.
Law enforcement warns that securely s ...

Pierluigi Paganini November 08, 2024
Security

U.S. CISA ADDS PALO ALTO EXPEDITION, ANDROID, CYBERPANEL AND NOSTROMO
NHTTPD BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto
Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cyber ...

Pierluigi Paganini November 07, 2024
Malware

DPRK-LINKED BLUENOROFF USED MACOS MALWARE WITH NOVEL PERSISTENCE

SentinelLabs observed North Korea-linked threat actor BlueNoroff targeting
businesses in the crypto industry with a new multi-stage malware. SentinelLabs
researchers identified a North Korea-link ...

Pierluigi Paganini November 07, 2024
Security

CANADA ORDERED BYTEDANCE TO SHUT DOWN TIKTOK OPERATIONS IN THE COUNTRY OVER
SECURITY CONCERNS

Canada ordered ByteDance to shut down TikTok operations over security concerns
but did not issue a full ban on the platform. The Canadian government ordered
ByteDance to wind up TikTok Technology ...

Pierluigi Paganini November 07, 2024
Security

CRITICAL BUG IN CISCO UWRB ACCESS POINTS ALLOWS ATTACKERS TO RUN COMMANDS AS
ROOT

Cisco fixed a critical flaw in URWB access points, allowing attackers to run
root commands, compromising industrial wireless automation security. Cisco has
addressed a critical vulnerability, trac ...

Pierluigi Paganini November 07, 2024
Cyber Crime

INTERPOL: OPERATION SYNERGIA II DISRUPTED +22,000 MALICIOUS IPS

A global law enforcement operation called Operation Synergia II dismantled over
22,000 malicious IPs linked to phishing, infostealers, and ransomware, INTERPOL
said. INTERPOL announced this week i ...

Pierluigi Paganini November 06, 2024
Cyber Crime

MEMORIAL HOSPITAL AND MANOR SUFFERED A RANSOMWARE ATTACK

Georgia, a ransomware attack disrupted Memorial Hospital and Manor’s access to
its Electronic Health Record system. A ransomware attack hit Memorial Hospital
and Manor in Bainbridge, Georgia, an ...

Pierluigi Paganini November 06, 2024
Digital ID

SOUTH KOREA FINED META $15.67M FOR ILLEGALLY COLLECTING AND SHARING FACEBOOK
USERS

South Korea fined Meta $15.67M for illegally collecting and sharing Facebook
users' sensitive data, including political views and sexual orientation, with
advertisers. South Korea's data privacy w ...

Pierluigi Paganini November 06, 2024
Hacking

SYNOLOGY FIXED CRITICAL FLAW IMPACTING MILLIONS OF DISKSTATION AND BEEPHOTOS NAS
DEVICES

Synology addressed a critical vulnerability in DiskStation and BeePhotos NAS
devices that could lead to remote code execution. Taiwanese vendor Synology has
addressed a critical security vulnerabi ...

Pierluigi Paganini November 06, 2024
Malware

TOXICPANDA ANDROID BANKING TROJAN TARGETS EUROPE AND LATAM, WITH A FOCUS ON
ITALY

The ToxicPanda Android malware has infected over 1,500 devices, enabling
attackers to perform fraudulent banking transactions. Cleafy researchers spotted
a new Android banking malware, dubbed Toxi ...

Pierluigi Paganini November 05, 2024
Security

U.S. CISA ADDS PTZOPTICS CAMERA BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds PTZOptics
PT30X-SDI/NDI camera bugs to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini November 05, 2024
Cyber Crime

CANADIAN AUTHORITIES ARRESTED ALLEGED SNOWFLAKE HACKER

Canadian authorities arrested a suspect linked to multiple hacks following a
breach of cloud data platform Snowflake earlier this year. Canadian law
enforcement agencies arrested a suspect, Alexan ...

Pierluigi Paganini November 05, 2024
Uncategorized

ANDROID FLAW CVE-2024-43093 MAY BE UNDER LIMITED, TARGETED EXPLOITATION

Google warned that a vulnerability, tracked as CVE-2024-43093, in the Android OS
is actively exploited in the wild. Threat actors are actively exploiting a
vulnerability, tracked as CVE-2024-43093 ...

Pierluigi Paganini November 05, 2024
Data Breach

JULY 2024 RANSOMWARE ATTACK ON THE CITY OF COLUMBUS IMPACTED 500,000 PEOPLE

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the
personal and financial data of 500,000 individuals. On July 18, 2024, the City
of Columbus, Ohio, suffered a cyber ...

Pierluigi Paganini November 04, 2024
Cyber Crime

NIGERIAN MAN SENTENCED TO 26+ YEARS IN REAL ESTATE PHISHING SCAMS

Nigerian Kolade Ojelade gets 26 years in U.S. for phishing scams that stole
millions by hacking email accounts. A Nigerian national was sentenced to 26
years in prison in the US for stealing milli ...

Pierluigi Paganini November 04, 2024
Intelligence

RUSSIAN DISINFORMATION CAMPAIGN ACTIVE AHEAD OF 2024 US ELECTION

U.S. intel says Russia made a fake video claiming Haitians voted illegally in
Georgia, aiming to spread election disinformation. U.S. intel reports Russia
created a fake viral video falsely claimi ...

Pierluigi Paganini November 04, 2024
Cyber Crime

INTERNATIONAL LAW ENFORCEMENT OPERATION SHUT DOWN DDOS-FOR-HIRE PLATFORM
DSTAT.CC

German police shut down DDoS-for-hire platform Dstat.cc and arrested two men
accused of operating the site used for launching DDoS attacks. German police
shut down the DDoS-for-hire platform Dstat ...

Pierluigi Paganini November 04, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 18

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini November 03, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 496 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini November 03, 2024
Security

US ELECTION 2024 – FBI WARNING ABOUT FAKE ELECTION VIDEOS

US Election 2024 - The FBI warned that two fake videos on X spread false claims
of ballot fraud and misinformation about Kamala Harris’s husband. In a post on X
on Saturday, the Federal Bureau o ...

Pierluigi Paganini November 03, 2024
Malware

CHINESE THREAT ACTORS USE QUAD7 BOTNET IN PASSWORD-SPRAY ATTACKS

Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out
password-spray attacks and steal credentials. Chinese threat actors use the
Quad7 botnet in password-spray attacks to ...

Pierluigi Paganini November 03, 2024
Cyber Crime

FBI ARRESTED FORMER DISNEY WORLD EMPLOYEE FOR HACKING COMPUTER MENUS AND
MISLABELING ALLERGY INFO

A former Disney World employee hacked servers after being fired, altering
prices, adding profanities, and mislabeling allergy info. A former Walt Disney
World employee hacked servers after being f ...

Pierluigi Paganini November 02, 2024
APT

SOPHOS DETAILS FIVE YEARS OF CHINA-LINKED THREAT ACTORS' ACTIVITY TARGETING
NETWORK DEVICES WORLDWIDE

Sophos used custom implants to monitor China-linked thret actors targeting
firewall zero-days in a years-long battle. Sophos revealed a years-long
"cat-and-mouse" battle with China-linked threat a ...

Pierluigi Paganini November 02, 2024
Hacking

PTZOPTICS CAMERAS ZERO-DAYS ACTIVELY EXPLOITED IN THE WILD

Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956
and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit
two zero-day vulnerabilities, tracke ...

Pierluigi Paganini November 02, 2024
Malware

NEW LIGHTSPY SPYWARE VERSION TARGETS IPHONES WITH DESTRUCTIVE CAPABILITIES

New LightSpy spyware targets iPhones supporting destructive features that can
block compromised devices from booting up. In May 2024, ThreatFabric researchers
discovered a macOS version of LightSp ...

Pierluigi Paganini November 01, 2024
Hacking

LOTTIEFILES CONFIRMED A SUPPLY CHAIN ATTACK ON LOTTIE-PLAYER

LottieFiles confirmed a supply chain attack on Lottie-Player, and threat actors
targeted cryptocurrency wallets to steal funds. LottieFiles confirmed that
threat actors have hacked the Lottie-Play ...

Pierluigi Paganini November 01, 2024
Data Breach

THREAT ACTOR SAYS INTERBANK REFUSED TO PAY THE RANSOM AFTER A TWO-WEEK
NEGOTIATION

Peruvian Interbank confirmed a data breach after threat actors accessed its
systems and leaked stolen information online. Interbank, formally the Banco
Internacional del Perú Service Holding S.A ...

Pierluigi Paganini October 31, 2024
Security

QNAP FIXED SECOND ZERO-DAY DEMONSTRATED AT PWN2OWN IRELAND 2024

QNAP addressed the second zero-day vulnerability demonstrated by security
researchers during the recent Pwn2Own Ireland 2024. Taiwanese manufacturer QNAP
patched the second zero-day vulnerability, ...

Pierluigi Paganini October 31, 2024
Malware

NEW VERSION OF ANDROID MALWARE FAKECALL REDIRECTS BANK CALLS TO SCAMMERS

The latest FakeCall malware version for Android intercepts outgoing bank calls,
redirecting them to attackers to steal sensitive info and bank funds. Zimperium
researchers spotted a new version of ...

Pierluigi Paganini October 31, 2024
APT

RUSSIA-LINKED MIDNIGHT BLIZZARD APT TARGETED 100+ ORGANIZATIONS WITH A
SPEAR-PHISHING CAMPAIGN USING RDP FILES

Microsoft warns of a new phishing campaign by Russia-linked APT Midnight
Blizzard targeting hundreds of organizations. Microsoft warns of a large-scale
spear-phishing campaign by Russia-linked APT ...

Pierluigi Paganini October 30, 2024
Uncategorized

QNAP FIXED NAS BACKUP ZERO-DAY DEMONSTRATED AT PWN2OWN IRELAND 2024

QNAP fixed critical zero-day CVE-2024-50388 which was demonstrated against a
TS-464 NAS device during the Pwn2Own Ireland 2024 competition. QNAP addressed a
critical zero-day vulnerability, tracke ...

Pierluigi Paganini October 30, 2024
Cyber Crime

INTERNATIONAL LAW ENFORCEMENT OPERATION DISMANTLED REDLINE AND META INFOSTEALERS

A global law enforcement operation disrupted RedLine and Meta infostealers,
seizing their infrastructure and making arrests. The Dutch police announced it
has dismantled infrastructure used by Red ...

Pierluigi Paganini October 29, 2024
Cyber Crime

FOG AND AKIRA RANSOMWARE ATTACKS EXPLOIT SONICWALL VPN FLAW CVE-2024-40766

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw
CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators
are exploiting the critical SonicWall VPN vuln ...

Pierluigi Paganini October 29, 2024
Cyber warfare

RUSSIA-LINKED ESPIONAGE GROUP UNC5812 TARGETS UKRAINE'S MILITARY WITH MALWARE

Suspected Russia-linked espionage group UNC5812 targets Ukraine's military with
Windows and Android malware via Telegram. Google TAG and Mandiant observed a
Russia-linked group, tracked as UNC5812 ...

Pierluigi Paganini October 29, 2024
Data Breach

FRANCE’S SECOND-LARGEST TELECOMS PROVIDER FREE SUFFERED A CYBER ATTACK

French internet service provider (ISP) Free disclosed a cyber attack, threat
actors allegedly had access to customer personal information. Free S.A.S. is a
French telecommunications ...

Pierluigi Paganini October 28, 2024
Data Breach

A CRIME RING COMPROMISED ITALIAN STATE DATABASES RESELLING STOLEN INFO

Italian police arrested four and are investigating dozens, including Leonardo
Maria Del Vecchio, for alleged unauthorized access to state databases. Italian
authorities have arrested four individu ...

Pierluigi Paganini October 28, 2024
Security

THIRD-PARTY IDENTITIES: THE WEAKEST LINK IN YOUR CYBERSECURITY SUPPLY CHAIN

A long supply chain adds third-party risks, as each partner's security affects
your own, making identity and access management more challenging.
Identity-related attack vectors are a significant c ...

Pierluigi Paganini October 28, 2024
Cyber Crime

BLACK BASTA AFFILIATES USED MICROSOFT TEAMS IN RECENT ATTACKS

ReliaQuest researchers observed Black Basta affiliates relying on Microsoft
Teams to gain initial access to target networks. ReliaQuest researchers warn
that Black Basta ransomware affiliates swit ...

Pierluigi Paganini October 28, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 17

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini October 27, 2024
Cyber Crime

FOUR REVIL RANSOMWARE MEMBERS SENTENCED FOR HACKING AND MONEY LAUNDERING

Russian authorities sentenced four members of the REvil ransomware operation to
several years in prison in Russia. Four former members of the REvil ransomware
group were sentenced in Russia for ha ...

Pierluigi Paganini October 27, 2024
Intelligence

CHINESE CYBER SPIES TARGETED PHONES USED BY TRUMP AND VANCE

China-linked threat actors targeted the phone communications of Donald Trump and
vice presidential nominee JD Vance. China-linked hackers reportedly targeted
phones used by former President D ...

Pierluigi Paganini October 26, 2024
Laws and regulations

IRISH DATA PROTECTION COMMISSION FINED LINKEDIN €310M FOR GDPR INFRINGEMENT

Irish Data Protection Commission fined LinkedIn €310M for violating user privacy
by using behavioral data analysis for targeted advertising. Irish Data
Protection Commission fined LinkedIn €31 ...

Pierluigi Paganini October 26, 2024
Data Breach

CHANGE HEALTHCARE DATA BREACH IMPACTED OVER 100 MILLION PEOPLE

The Change Healthcare data breach in the February 2024 impacted over 100
million, the largest-ever healthcare data breach in the US. UnitedHealth Group
announced that the data breach suffered by C ...

Pierluigi Paganini October 25, 2024
Data Breach

ONEPOINT PATIENT CARE DATA BREACH IMPACTED 795916 INDIVIDUALS

US hospice pharmacy OnePoint Patient Care suffered a data breach that exposed
the personal info of approximately 800,000 individuals. OnePoint Patient Care is
a U.S.-based pharmacy specializing in ...

Pierluigi Paganini October 25, 2024
Security

FROM RISK ASSESSMENT TO ACTION: IMPROVING YOUR DLP RESPONSE

DLP is key in cybersecurity; a risk assessment identifies data risks, helping
turn findings into real-world security improvements. Data loss prevention (DLP)
is a cornerstone of any effective cybe ...

Pierluigi Paganini October 25, 2024
Security

U.S. CISA ADDS CISCO ASA AND FTD, AND ROUNDCUBE WEBMAIL BUGS TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ASA and
FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastr ...

Pierluigi Paganini October 25, 2024
Hacking

PWN2OWN IRELAND 2024 DAY 2: PARTICIPANTS DEMONSTRATED AN EXPLOIT AGAINST SAMSUNG
GALAXY S24

On the second day of Pwn2Own Ireland 2024, researchers demonstrated an exploit
for the Samsung Galaxy S24.  On day two of Pwn2Own Ireland 2024, hackers
demonstrated attacks against 51 zero-day vu ...

Pierluigi Paganini October 24, 2024
Breaking News

CISCO FIXED TENS OF VULNERABILITIES, INCLUDING AN ACTIVELY EXPLOITED ONE

Cisco patched vulnerabilities in ASA, FMC, and FTD products, including one
actively exploited in a large-scale brute-force attack campaign. Cisco addressed
multiple vulnerabilities in Adaptive Sec ...

Pierluigi Paganini October 24, 2024
Hacking

FORTIJUMP FLAW CVE-2024-47575 HAS BEEN EXPLOITED IN ZERO-DAY ATTACKS SINCE JUNE
2024

The "FortiJump" flaw (CVE-2024-47575) has been exploited in zero-day attacks
since June 2024, impacting over 50 servers, says Mandiant. A new report
published by Mandiant states that the recently ...

Pierluigi Paganini October 24, 2024
Hacking

U.S. CISA ADDS FORTINET FORTIMANAGER FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet
FortiManager flaw to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agen ...

Pierluigi Paganini October 24, 2024
Security

DIGITAL ECHO CHAMBERS AND EROSION OF TRUST - KEY THREATS TO THE US ELECTIONS

Resecurity reports a rise in political content related to the 2024 US elections
on social media, with increased activity from foreign sources. Resecurity has
detected a substantial increase in the ...

Pierluigi Paganini October 23, 2024
Malware

CROOKS ARE TARGETING DOCKER API SERVERS TO DEPLOY SRBMINER

Threat actors are targeting Docker remote API servers to deploy SRBMiner crypto
miners on compromised instances, Trend Micro warns. Trend Micro researchers
observed attackers targeting Docker remo ...

Pierluigi Paganini October 23, 2024
Security

WHY DSPM IS ESSENTIAL FOR ACHIEVING DATA PRIVACY IN 2024

Data Security Posture Management (DSPM) helps organizations address evolving
data security and privacy requirements by protecting and managing sensitive
information. Data Security Posture Manageme ...

Pierluigi Paganini October 23, 2024
Laws and regulations

SEC FINED 4 COMPANIES FOR MISLEADING DISCLOSURES ABOUT THE IMPACT OF THE
SOLARWINDS ATTACK

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading
disclosures about the impact of the SolarWinds Orion hack. The US Securities and
Exchange Commission (SEC) charged four compan ...

Pierluigi Paganini October 23, 2024
Security

SAMSUNG ZERO-DAY FLAW ACTIVELY EXPLOITED IN THE WILD

Google’s Threat Analysis Group (TAG) researchers warn of a Samsung zero-day
vulnerability that is exploited in the wild. Google’s Threat Analysis Group
(TAG) warns of a Samsung zero-day vulner ...

Pierluigi Paganini October 22, 2024
Malware

EXPERTS WARN OF A NEW WAVE OF BUMBLEBEE MALWARE ATTACKS

Experts warn of a new wave of attacks involving the Bumblebee malware, months
after Europol's 'Operation Endgame' that disrupted its operations in May. The
Bumblebee malware loader has resurfaced ...

Pierluigi Paganini October 22, 2024
Security

U.S. CISA ADDS SCIENCELOGIC SL1 FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ScienceLogic
SL1 flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity
and Infrastructure Security Agency (C ...

Pierluigi Paganini October 22, 2024
Security

VMWARE FAILED TO FULLY ADDRESS VCENTER SERVER RCE FLAW CVE-2024-38812

VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking
contest, for the second time in two months. VMware failed to fully address a
remote code execution flaw, tracked as ...

Pierluigi Paganini October 22, 2024
Cyber Crime

CISCO STATES THAT DATA PUBLISHED ON CYBERCRIME FORUM WAS TAKEN FROM
PUBLIC-FACING DEVHUB ENVIRONMENT

Cisco confirms that data published by IntelBroker on a cybercrime forum was
taken from the company DevHub environment. Cisco confirms that the data posted
by the notorious threat actor IntelBroker ...

Pierluigi Paganini October 21, 2024
Data Breach

INTERNET ARCHIVE WAS BREACHED TWICE IN A MONTH

The Internet Archive was breached again, attackers hacked its Zendesk email
support platform through stolen GitLab authentication tokens. The Internet
Archive was breached via Zendesk, with users ...

Pierluigi Paganini October 21, 2024
Hacking

UNKNOWN THREAT ACTORS EXPLOIT ROUNDCUBE WEBMAIL FLAW IN PHISHING CAMPAIGN

Hackers exploited a now-patched Roundcube flaw in a phishing attack to steal
user credentials from the open-source webmail software. Researchers from
Positive Technologies warn that unknown threat ...

Pierluigi Paganini October 21, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini October 20, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 494 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini October 20, 2024
Security

F5 FIXED A HIGH-SEVERITY ELEVATION OF PRIVILEGE VULNERABILITY IN BIG-IP

Technology firm F5 patches a high-severity elevation of privilege vulnerability
in BIG-IP and a medium-severity flaw in BIG-IQ. F5 addressed two vulnerabilities
in BIG-IP and BIG-IQ enterprise pro ...

Pierluigi Paganini October 20, 2024
Security

U.S. CISA ADDS VEEAM BACKUP AND REPLICATION FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Veeam Backup
and Replication vulnerability to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastruct ...

Pierluigi Paganini October 19, 2024
APT

NORTH KOREA-LINKED APT37 EXPLOITED IE ZERO-DAY IN A RECENT ATTACK

North Korea-linked group APT37 exploited an Internet Explorer zero-day
vulnerability in a supply chain attack. A North Korea-linked threat actor,
tracked as APT37 (also known as RedEyes, TA-RedAnt ...

Pierluigi Paganini October 19, 2024
Data Breach

OMNI FAMILY HEALTH DATA BREACH IMPACTS 468,344 INDIVIDUALS

Omni Family Health disclosed a data breach affecting nearly 470,000 current and
former patients and employees. Omni Family Health is a nonprofit organization
that provides healthcare services to c ...

Pierluigi Paganini October 19, 2024
APT

IRAN-LINKED ACTORS TARGET CRITICAL INFRASTRUCTURE ORGANIZATIONS

U.S. and allies warn of attacks from Iran-linked actors targeting critical
infrastructure through brute-force attacks in a year-long campaign. Intelligence
and cybersecurity agencies from the U.S. ...

Pierluigi Paganini October 18, 2024
Security

MACOS HM SURF FLAW IN TCC ALLOWS BYPASS SAFARI PRIVACY SETTINGS

Microsoft disclosed a flaw in the macOS Apple's Transparency, Consent, and
Control (TCC) framework that could allow it to bypass privacy settings and
access user data. Microsoft discovered a vulne ...

Pierluigi Paganini October 18, 2024
Hacktivism

TWO SUDANESE NATIONALS INDICTED FOR OPERATING THE ANONYMOUS SUDAN GROUP

The DoJ charged Anonymous Sudan members and disrupted their DDoS infrastructure,
halting its cyber operations. The US Justice Department charged two Sudanese
brothers (Ahmed Salah Yousif Omer, 22, ...

Pierluigi Paganini October 18, 2024
APT

RUSSIA-LINKED ROMCOM GROUP TARGETED UKRAINIAN GOVERNMENT AGENCIES SINCE LATE
2023

Russia-linked threat actor RomCom targeted Ukrainian government agencies and
Polish entities in cyber attacks since late 2023. Cisco Talos researchers
observed Russia-linked threat actor RomCom (a ...

Pierluigi Paganini October 17, 2024
Security

A CRITICAL FLAW IN KUBERNETES IMAGE BUILDER COULD ALLOW ATTACKERS TO GAIN ROOT
ACCESS

A critical flaw in Kubernetes Image Builder could allow attackers to gain root
access if exploited under specific conditions. A critical, Kubernetes Image
Builder vulnerability, tracked as CVE-20 ...

Pierluigi Paganini October 17, 2024
Security

VMWARE FIXES HIGH-SEVERITY SQL INJECTION FLAW CVE-2024-38814 IN HCX

VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users
to remotely execute code on the HCX manager. VMWare warns to address a remote
code execution vulnerability, tracked ...

Pierluigi Paganini October 17, 2024
Cyber Crime

BRAZIL'S POLÍCIA FEDERAL ARRESTED THE NOTORIOUS HACKER USDOD

Brazil's Polícia Federal has arrested hacker USDoD, the hacker behind the
National Public Data and InfraGard breaches. Brazil's Polícia Federal (PF)
announced the arrest in Belo Horizonte/MG of ...

Pierluigi Paganini October 16, 2024
Cyber Crime

FINNISH CUSTOMS DISMANTLED THE DARK WEB DRUGS MARKET SIPULITIE

Finnish Customs shut down the Tor darknet marketplace Sipulitie and seized the
servers hosting the platform. Finnish Customs, with the help of Europol, Swedish
and Polish law enforcement authoriti ...

Pierluigi Paganini October 16, 2024
Hacking

U.S. CISA ADDS MICROSOFT WINDOWS KERNEL, MOZILLA FIREFOX AND SOLARWINDS WEB HELP
DESK BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows
Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cy ...

Pierluigi Paganini October 16, 2024
Security

GITHUB ADDRESSED A CRITICAL VULNERABILITY IN ENTERPRISE SERVER

GitHub addressed a critical vulnerability in Enterprise Server that could allow
unauthorized access to affected instances. Code hosting platform GitHub
addressed a critical vulnerability, tracked ...

Pierluigi Paganini October 16, 2024
Malware

A NEW LINUX VARIANT OF FASTCASH MALWARE TARGETS FINANCIAL SYSTEMS

North Korea-linked actors deploy a new Linux variant of FASTCash malware to
target financial systems, researcher HaxRob revealed. The cybersecurity
researcher HaxRob analyzed a new variant of the ...

Pierluigi Paganini October 15, 2024
Uncategorized

WORDPRESS JETPACK PLUGIN CRITICAL FLAW IMPACTS 27 MILLION SITES

WordPress Jetpack plugin issued an update to fix a critical flaw allowing
logged-in users to view form submissions by others on the same site. The
maintainers of the WordPress Jetpack plugin have ...

Pierluigi Paganini October 15, 2024
Data Breach

POKEMON DEV GAME FREAK DISCLOSES DATA BREACH

Pokemon dev Game Freak confirmed that an August cyberattack led to source code
leaks and designs for unpublished games online. Game Freak Inc. is a popular
Japanese video game developer, founded ...

Pierluigi Paganini October 15, 2024
Security

U.S. CISA ADDS FORTINET PRODUCTS AND IVANTI CSA BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet
products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure Se ...

Pierluigi Paganini October 14, 2024
APT

NATION-STATE ACTOR EXPLOITED THREE IVANTI CSA ZERO-DAYS

An alleged nation-state actor exploited three zero-day vulnerabilities in Ivanti
Cloud Service Appliance (CSA) in recent attacks. Fortinet FortiGuard Labs
researchers warn that a suspected nation- ...

Pierluigi Paganini October 14, 2024
Cyber Crime

DUTCH POLICE DISMANTLED DUAL DARK WEB MARKET 'BOHEMIA/CANNABIA'

Dutch police dismantled Bohemia/Cannabia, two major dark web markets for illegal
goods, drugs, and cybercrime services. The Dutch police have announced the
success of a new joint law enforcement o ...

Pierluigi Paganini October 14, 2024
Data Breach

FIDELITY INVESTMENTS SUFFERED A SECOND DATA BREACH THIS YEAR

US-based financial services company Fidelity Investments warns 77,000
individuals of a data breach that exposed their personal information. U.S.-based
financial services company Fidelity Investmen ...

Pierluigi Paganini October 14, 2024
Uncategorized

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini October 13, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 493 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini October 13, 2024
APT

RUSSIA-LINKED GROUP APT29 IS TARGETING ZIMBRA AND JETBRAINS TEAMCITY SERVERS ON
A LARGE SCALE

U.S. and U.K. cyber agencies warn that Russia-linked group APT29 is targeting
vulnerable Zimbra and JetBrains TeamCity servers on a large scale. Russia-linked
cyber espionage group APT29 (aka SVR ...

Pierluigi Paganini October 13, 2024
Cyber warfare

A CYBER ATTACK HIT IRANIAN GOVERNMENT SITES AND NUCLEAR FACILITIES

As Middle East tensions rise, cyberattacks hit Iran’s government branches and
nuclear facilities, following Israel's response to Iran's October 1 missile
barrage. Amid escalating Middle East ten ...

Pierluigi Paganini October 12, 2024
Cyber Crime

RANSOMWARE OPERATORS EXPLOITED VEEAM BACKUP & REPLICATION FLAW CVE-2024-40711 IN
RECENT ATTACKS

Sophos reports ransomware operators are exploiting a critical code execution
flaw in Veeam Backup & Replication. Sophos researchers warn that ransomware
operators are exploiting the critical v ...

Pierluigi Paganini October 12, 2024
Security

GITLAB FIXED A CRITICAL FLAW THAT COULD ALLOW ARBITRARY CI/CD PIPELINE EXECUTION

GitLab issued updates for CE and EE to address multiple flaws, including a
critical bug allowing CI/CD pipeline runs on unauthorized branches. GitLab
released security updates for Community Editio ...

Pierluigi Paganini October 11, 2024
APT

IRAN AND CHINA-LINKED ACTORS USED CHATGPT FOR PREPARING ATTACKS

OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and
China-linked actors used ChatGPT for planning ICS attacks. OpenAI announced the
disruption of over 20 cyber and influ ...

Pierluigi Paganini October 11, 2024
Data Breach

INTERNET ARCHIVE DATA BREACH IMPACTED 31M USERS

The Internet Archive disclosed a data breach, the security incident impacted
more than 31 million users of its "The Wayback Machine." The Internet Archive is
an American nonprofit digital librar ...

Pierluigi Paganini October 11, 2024
Malware

E-SKIMMING CAMPAIGN USES UNICODE OBFUSCATION TO HIDE THE MONGOLIAN SKIMMER

Jscrambler researchers found a skimming campaign using unique JavaScript
obfuscation with accented characters to hide a skimmer named Mongolian Skimmer.
Jscrambler researchers uncovered a skimming ...

Pierluigi Paganini October 10, 2024
Security

U.S. CISA ADDS IVANTI CSA AND FORTINET BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti CSA and
Fortinet bugs to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Ag ...

Pierluigi Paganini October 10, 2024
Security

MOZILLA ISSUED AN URGENT FIREFOX UPDATE TO FIX AN ACTIVELY EXPLOITED FLAW

Mozilla released an urgent Firefox update to fix a critical use-after-free
vulnerability actively exploited in ongoing attacks. Mozilla released an
emergency security update for its Firefox browse ...

Pierluigi Paganini October 10, 2024
Security

PALO ALTO FIXED CRITICAL FLAWS IN PAN-OS FIREWALLS THAT ALLOW FOR FULL
COMPROMISE OF THE DEVICES

Palo Alto fixed critical flaws in PAN-OS firewalls, warning that attackers could
chain these vulnerabilities to hijack the devices. Palo Alto Networks addressed
multiple vulnerabilities that an at ...

Pierluigi Paganini October 10, 2024
Security

CYBERCRIMINALS ARE TARGETING AI CONVERSATIONAL PLATFORMS

Resecurity reports a rise in attacks on AI Conversational platforms, targeting
chatbots that use NLP and ML to enable automated, human-like interactions with
consumers. Resecurity has observed a s ...

Pierluigi Paganini October 09, 2024
APT

AWAKEN LIKHO APT GROUP TARGETS RUSSIAN GOVERNMENT WITH A NEW IMPLANT

A threat actor tracked as Awaken Likho is targeting Russian government agencies
and industrial entities, reported cybersecurity firm Kaspersky. A recent
investigation by Kaspersky researchers into ...

Pierluigi Paganini October 09, 2024
Security

U.S. CISA ADDS WINDOWS AND QUALCOMM BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows and
Qualcomm bugs to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agenc ...

Pierluigi Paganini October 09, 2024
Cyber Crime

UKRAINIAN NATIONAL PLEADS GUILTY IN U.S. COURT FOR OPERATING THE RACCOON
INFOSTEALER

Ukrainian national pleads guilty in U.S. court for operating the Raccoon
Infostealer, used to steal sensitive data globally. Ukrainian national Mark
Sokolovsky has pleaded guilty in a US court to ...

Pierluigi Paganini October 08, 2024
Data Breach

MONEYGRAM DISCLOSES DATA BREACH FOLLOWING SEPTEMBER CYBERATTACK

MoneyGram disclosed a data breach following a cyberattack in September, during
which threat actors stole customer data. In September, American interstate and
international peer-to-peer payments ...

Pierluigi Paganini October 08, 2024
Hacking

AMERICAN WATER SHUT DOWN SOME OF ITS SYSTEMS FOLLOWING A CYBERATTACK

American Water, the largest publicly traded water and wastewater utility company
in the US, shut down some of its systems following a cyberattack. American
Water, the largest U.S. water and wastew ...

Pierluigi Paganini October 08, 2024
Data Breach

UNIVERSAL MUSIC DATA BREACH IMPACTED 680 INDIVIDUALS

Universal Music Group notified hundreds of individuals about a data breach
compromising their personal information. Universal Music Group is notifying 680
individuals about a data breach that comp ...

Pierluigi Paganini October 07, 2024
Cyber warfare

KYIV'S HACKERS LAUNCHED AN UNPRECEDENTED CYBER ATTACK ON RUSSIAN STATE MEDIA
VGTRK ON PUTIN'S BIRTHDAY

Russian state media VGTRK faced a major cyberattack, which a Ukrainian source
claimed was conducted by Kyiv's hackers. A Ukrainian government source told
Reuters that Kyiv's hackers are behind the ...

Pierluigi Paganini October 07, 2024
Data Breach

FBCS DATA BREACH IMPACTED 238,000 COMCAST CUSTOMERS

238,000 Comcast customers were impacted by the FBCS data breach following the
February ransomware attack, Comcast reports. Telecommunications giant Comcast is
notifying approximately 238,000 custo ...

Pierluigi Paganini October 07, 2024
Security

CRITICAL APACHE AVRO SDK RCE FLAW IMPACTS JAVA APPLICATIONS

A critical vulnerability in the Apache Avro Java Software Development Kit (SDK)
could be exploited to execute arbitrary code on vulnerable instances. A critical
vulnerability, tracked as CVE-2024- ...

Pierluigi Paganini October 07, 2024
Cyber Crime

MAN PLEADS GUILTY TO STEALING OVER $37 MILLION WORTH OF CRYPTOCURRENCY

A man from Indiana pleaded guilty to stealing over $37M in cryptocurrency from
571 victims during a 2022 cyberattack. Evan Frederick Light, 21, of Lebanon,
Indiana, pleaded guilty to conspiracy to ...

Pierluigi Paganini October 07, 2024
Security

U.S. CISA ADDS SYNACOR ZIMBRA COLLABORATION FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Zimbra
Collaboration vulnerability to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini October 07, 2024
APT

CHINA-LINKED GROUP SALT TYPHOON HACKED US BROADBAND PROVIDERS AND BREACHED
WIRETAP SYSTEMS

China-linked APT group Salt Typhoon breached U.S. broadband providers,
potentially accessing systems for lawful wiretapping and other data.
China-linked APT group Salt Typhoon (also known as Famo ...

Pierluigi Paganini October 06, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini October 06, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 492 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini October 06, 2024
Security

GOOGLE PIXEL 9 SUPPORTS NEW SECURITY FEATURES TO MITIGATE BASEBAND ATTACKS

Google announced that its Pixel 9 has implemented new security features, and it
supports measures to mitigate baseband attacks. Pixel phones are known for their
strong security features, particula ...

Pierluigi Paganini October 06, 2024
Security

WORDPRESS LITESPEED CACHE PLUGIN FLAW COULD ALLOW SITE TAKEOVER

A high-severity flaw in the WordPress LiteSpeed Cache plugin could allow
attackers to execute arbitrary JavaScript code under certain conditions. A
high-severity security flaw, tracked as CVE-2024 ...

Pierluigi Paganini October 05, 2024
Mobile

APPLE IOS 18.0.1 AND IPADOS 18.0.1 FIX MEDIA SESSION AND PASSWORDS BUGS

Apple released iOS 18.0.1 update that addressed two vulnerabilities that exposed
passwords and audio snippets to attackers. Apple released iOS 18.0.1 and iPadOS
18.0.1 updates to fix two vulnerabi ...

Pierluigi Paganini October 05, 2024
Security

GOOGLE REMOVED KASPERSKY'S SECURITY APPS FROM THE PLAY STORE

Google removed Kaspersky 's Android security apps from the Play Store and
suspended its developer accounts over the weekend. Over the weekend, all the
Android products designed by the Russian cybe ...

Pierluigi Paganini October 04, 2024
Malware

NEW PERFCTL MALWARE TARGETS LINUX SERVERS IN CRYPTOMINING CAMPAIGN

perfctl malware targets misconfigured Linux servers to deploy cryptocurrency
miners and proxyjacking software in an ongoing campaign. Aqua Nautilus
researchers shed light on a Linux malware, dubbe ...

Pierluigi Paganini October 04, 2024
APT

MICROSOFT AND DOJ SEIZED THE ATTACK INFRASTRUCTURE USED BY RUSSIA-LINKED
CALLISTO GROUP

Microsoft and the U.S. DoJ seized over 100 domains used by the Russia-linked
Callisto Group for launching attacks on U.S. government and nonprofits. The
Justice Department revealed the unsealing o ...

Pierluigi Paganini October 04, 2024
Hacking

DUTCH POLICE BREACHED BY A STATE ACTOR

The Dutch government blames a "state actor" for hacking a police system,
exposing the contact details of all police officers, according to the justice
minister. The Dutch police blame a state acto ...

Pierluigi Paganini October 03, 2024
Cyber Crime

THOUSANDS OF ADOBE COMMERCE E-STORES HACKED BY EXPLOITING THE COSMICSTING BUG

Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by
exploiting critical vulnerability CVE-2024-34102. Sansec researchers reported
that multiple threat actors have explo ...

Pierluigi Paganini October 03, 2024
Digital ID

TELEGRAM REVEALED IT SHARED U.S. USER DATA WITH LAW ENFORCEMENT

Telegram fulfilled over a dozen U.S. law enforcement data requests this year,
potentially revealing the IP addresses or phone numbers of 100+ users.
Independent website 404 Media first revealed th ...

Pierluigi Paganini October 03, 2024
Security

U.S. CISA ADDS IVANTI ENDPOINT MANAGER (EPM) FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti
Endpoint Manager (EPM) vulnerability to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Infrastruct ...

Pierluigi Paganini October 02, 2024
Security

14 NEW DRAYTEK ROUTERS' FLAWS IMPACTS OVER 700,000 DEVICES IN 168 COUNTRIES

Multiple flaws in DrayTek residential and enterprise routers can be exploited to
fully compromise vulnerable devices. Forescout researchers discovered 14 new
vulnerabilities in DrayTek routers, tw ...

Pierluigi Paganini October 02, 2024
Malware

RHADAMANTHYS INFORMATION STEALER INTRODUCES AI-DRIVEN CAPABILITIES

The Rhadamanthys information stealer has been upgraded with advanced features,
including the use of artificial intelligence (AI) for optical character
recognition (OCR). Researchers at the Recorde ...

Pierluigi Paganini October 02, 2024
Hacking

CRITICAL ZIMBRA POSTJOURNAL FLAW CVE-2024-45519 ACTIVELY EXPLOITED IN THE WILD.
PATCH IT NOW!

Threat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519
in Synacor's Zimbra Collaboration. Proofpoint cybersecurity researchers reported
that threat actors are attempting ...

Pierluigi Paganini October 02, 2024
Cyber Crime

POLICE ARRESTED FOUR NEW INDIVIDUALS LINKED TO THE LOCKBIT RANSOMWARE OPERATION

An international police operation led to the arrest of four individuals linked
to the LockBit ransomware group, including a developer. Europol, the UK, and the
US law enforcement authorities annou ...

Pierluigi Paganini October 02, 2024
Cyber Crime

UMC HEALTH SYSTEM DIVERTED PATIENTS FOLLOWING A RANSOMWARE ATTACK

US healthcare provider UMC Health System had to divert patients due to a network
outage caused by a ransomware attack. On September 27, 2024, US healthcare
provider UMC Health System announced an ...

Pierluigi Paganini October 01, 2024
Hacking

U.S. CISA ADDS D-LINK DIR-820 ROUTER, DRAYTEK MULTIPLE VIGOR ROUTER, MOTION
SPELL GPAC, SAP COMMERCE CLOUD BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link DIR-820
Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud
bugs to its Known Exploited Vulnerabiliti ...

Pierluigi Paganini October 01, 2024
Hacking

NEWS AGENCY AFP HIT BY CYBERATTACK, CLIENT SERVICES IMPACTED

AFP suffered a cyberattack affecting its IT systems and content delivery for
partners, the incident impacted some client services. Agence France-Presse (AFP)
reported a cyberattack on Friday that ...

Pierluigi Paganini October 01, 2024
APT

NORTH KOREA-LINKED APT KIMSUKY TARGETED GERMAN DEFENSE FIRM DIEHL DEFENCE

North Korea-linked APT Kimsuky has been linked to a cyberattack on Diehl
Defence, a German manufacturer of advanced military systems. North Korea-linked
APT group Kimsuky has been linked to a cybe ...

Pierluigi Paganini October 01, 2024
Cyber Crime

PATELCO CREDIT UNION DATA BREACH IMPACTED OVER 1 MILLION PEOPLE

The ransomware attack on Patelco Credit Union this summer led to a data breach
affecting over 1 million individuals, revealed the company. Patelco Credit
Union is a member-owned, not-for-profit c ...

Pierluigi Paganini September 30, 2024
Data Breach

COMMUNITY CLINIC OF MAUI DISCLOSES A DATA BREACH FOLLOWING MAY LOCKBIT
RANSOMWARE ATTACK

Community Clinic of Maui experienced a data breach impacting over 120,000 people
following a LockBit ransomware attack. In May, the Community Clinic of Maui
experienced a major IT outage that impa ...

Pierluigi Paganini September 30, 2024
Cyber Crime

A BRITISH NATIONAL HAS BEEN CHARGED FOR HIS EXECUTION OF A HACK-TO-TRADE SCHEME

The Department of Justice charged a British national for hacking into the
systems of five U.S. organizations. The Department of Justice charged the
British national Robert Westbrook (39) for hacki ...

Pierluigi Paganini September 30, 2024
Uncategorized

CRITICAL NVIDIA CONTAINER TOOLKIT FLAW COULD ALLOW ACCESS TO THE UNDERLYING HOST

A critical vulnerability in the NVIDIA Container Toolkit could allow a container
to escape and gain full access to the underlying host. Critical vulnerability
CVE-2024-0132 (CVSS score 9.0) in the ...

Pierluigi Paganini September 30, 2024
Cyber warfare

ISRAEL ARMY HACKED THE COMMUNICATION NETWORK OF THE BEIRUT AIRPORT CONTROL TOWER

Israel allegedly hacked Beirut airport 's control tower, warning an Iranian
plane not to land, forcing it to return to Tehran. The Israeli cyber army on
Saturday hacked into the control tower of ...

Pierluigi Paganini September 29, 2024
Breaking News

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini September 29, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 491 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini September 29, 2024
Social Networks

IRISH DATA PROTECTION COMMISSION FINED META €91 MILLION FOR STORING PASSWORDS IN
READABLE FORMAT

The Irish Data Protection Commission (DPC) fined Meta €91 million for storing
the passwords of hundreds of millions of users in plaintext. The Irish Data
Protection Commission (DPC) has fined Me ...

Pierluigi Paganini September 28, 2024
Security

A CYBERATTACK ON KUWAIT HEALTH MINISTRY IMPACTED HOSPITALS IN THE COUNTRY

The Kuwait Health Ministry is recovering from a cyberattack that disrupted
systems at multiple hospitals and disabled the Sahel healthcare app. Kuwait’s
Health Ministry was the victim of a cyber ...

Pierluigi Paganini September 28, 2024
Digital ID

THE TOR PROJECT AND TAILS HAVE MERGED OPERATIONS

The Tor Project and Tails OS have joined forces and merged operations to counter
a growing number of digital threats. The Tor Project and Tails have merged
operations to enhance collaboration and ...

Pierluigi Paganini September 27, 2024
Hacking

CYBER VANDALISM ON WI-FI NETWORKS AT UK TRAIN STATIONS SPREAD AN ANTI-ISLAM
MESSAGE

UK police are investigating a cyberattack that disrupted Wi-Fi networks at
several train stations across the country. U.K. transport officials and police
are investigating a cyber attack on publi ...

Pierluigi Paganini September 27, 2024
Hacking

CUPS FLAWS ALLOW REMOTE CODE EXECUTION ON LINUX SYSTEMS UNDER CERTAIN CONDITIONS

A researcher has disclosed details of an unpatched Linux vulnerability,
initially labeled as critical, that allows remote code execution. The popular
cybersecurity researcher Simone Margaritelli ( ...

Pierluigi Paganini September 27, 2024
Cyber Crime

U.S. SANCTIONED VIRTUAL CURRENCY EXCHANGES CRYPTEX AND PM2BTC FOR FACILITATING
ILLEGAL ACTIVITIES

The U.S. government sanctioned the virtual currency exchanges Cryptex and PM2BTC
for facilitating cybercrime and money maundering. The U.S. government sanctioned
two cryptocurrency exchanges, Cryp ...

Pierluigi Paganini September 27, 2024
Hacking

HACKING KIA CARS MADE AFTER 2013 USING JUST THEIR LICENSE PLATE

Researchers discovered critical flaws in Kia's dealer portal that could allow to
hack Kia cars made after 2013 using just their license plate. In June 2024, a
team of experts (Neiko Rivera, Sam Cu ...

Pierluigi Paganini September 26, 2024
ICS-SCADA

CRITICAL RCE VULNERABILITY FOUND IN OPENPLC

Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could
lead to DoS condition and remote code execution. Cisco’s Talos threat
intelligence unit has disclosed details of f ...

Pierluigi Paganini September 26, 2024
APT

CHINA-LINKED APT GROUP SALT TYPHOON COMPROMISED SOME U.S. INTERNET SERVICE
PROVIDERS (ISPS)

China-linked threat actors compromised some U.S. internet service providers
(ISPs) as part of a cyber espionage campaign code-named Salt Typhoon.
China-linked threat actors have breached several ...

Pierluigi Paganini September 26, 2024
Digital ID

PRIVACY NON-PROFIT NOYB CLAIMS THAT FIREFOX TRACKS USERS WITH PRIVACY PRESERVING
FEATURE

Privacy non-profit noyb filed a complaint with the Austrian DPA against Firefox
for enabling tracking in Firefox without user consent. Privacy non-profit None
Of Your Business (noyb) has filed a c ...

Pierluigi Paganini September 26, 2024
Deep Web

DATA OF 3,191 CONGRESSIONAL STAFFERS LEAKED IN THE DARK WEB

The personal information of over 3,000 congressional staffers was leaked on the
dark web following a major cyberattack on the U.S. Capitol. The personal
information of approximately 3,191 congress ...

Pierluigi Paganini September 26, 2024
Malware

NEW VARIANT OF NECRO TROJAN INFECTED MORE THAN 11 MILLION DEVICES

Experts warn of Necro Trojan found in Google Play, threat actors are spreading
it through fake versions of legitimate Android apps. Researchers from Kaspersky
discovered a new version of the Necro ...

Pierluigi Paganini September 25, 2024
Hacking

U.S. CISA ADDS IVANTI VIRTUAL TRAFFIC MANAGER FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Virtual
Traffic Manager vulnerability to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastruc ...

Pierluigi Paganini September 25, 2024
Hacking

ARKANSAS CITY WATER TREATMENT FACILITY SWITCHED TO MANUAL OPERATIONS FOLLOWING A
CYBERATTACK

Arkansas City, a small city in Cowley County, Kansas, was forced to switch its
water treatment facility to manual operations due to a cyberattack. Arkansas
City, Kansas, had to switch its water tr ...

Pierluigi Paganini September 25, 2024
Malware

NEW ANDROID BANKING TROJAN OCTO2 TARGETS EUROPEAN BANKS

A new version of the Android banking trojan Octo, called Octo2, supports
improved features that allow to takeover infected devices. ThreatFabric
researchers discovered a new version of the Android ...

Pierluigi Paganini September 25, 2024
Malware

A GENERATIVE ARTIFICIAL INTELLIGENCE MALWARE USED IN PHISHING ATTACKS

HP researchers detected a dropper that was generated by generative artificial
intelligence services and used to deliver AsyncRAT malware. While investigating
a malicious email, HP researchers dis ...

Pierluigi Paganini September 24, 2024
Security

A CYBERATTACK ON MONEYGRAM CAUSED ITS SERVICE OUTAGE

American peer-to-peer payments and money transfer company MoneyGram confirmed
that a cyberattack caused its service outage. American interstate and
international peer-to-peer payments and mo ...

Pierluigi Paganini September 24, 2024
Intelligence

DID ISRAEL INFILTRATE LEBANESE TELECOMS NETWORKS?

Israel has been sending text messages, recordings, and hacking radio networks to
warn Lebanese citizens to evacuate certain areas. Israel has been sending text
messages, recordings, and hacking ra ...

Pierluigi Paganini September 24, 2024
Mobile

TELEGRAM WILL PROVIDE USER DATA TO LAW ENFORCEMENT IN RESPONSE TO LEGAL REQUESTS

Telegram will provide user data to law enforcement agencies in response to valid
legal requests, according to a recent policy update Telegram has updated its
privacy policy informing users that it ...

Pierluigi Paganini September 24, 2024
Security

ESET FIXED TWO PRIVILEGE ESCALATION FLAWS IN ITS PRODUCTS

ESET addressed two local privilege escalation vulnerabilities in security
products for Windows and macOS operating systems. Cybersecurity firm ESET
released security patches for two local privileg ...

Pierluigi Paganini September 23, 2024
APT

NORTH KOREA-LINKED APT GLEAMING PISCES DELIVER NEW PONDRAT BACKDOOR VIA
MALICIOUS PYTHON PACKAGES

North Korea-linked APT group Gleaming Pisces is distributing a new malware
called PondRAT through tainted Python packages. Unit 42 researchers uncovered an
ongoing campaign distributing Linux and ...

Pierluigi Paganini September 23, 2024
APT

CHINESE APT EARTH BAXIA TARGET APAC BY EXPLOITING GEOSERVER FLAW

Suspected China-linked APT Earth Baxia targeted a government organization in
Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Trend
Micro researchers reported that China-link ...

Pierluigi Paganini September 23, 2024
Hacking

HACKTIVIST GROUP TWELVE IS BACK AND TARGETS RUSSIAN ENTITIES

Hacktivist group Twelve is back and targets Russian entities to destroy critical
assets and disrupt their operations. The hacktivist group Twelve has been active
since at least April 2023, it was ...

Pierluigi Paganini September 23, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 12

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Protect Your Crypto:
Understanding the Ongoing Global Malware ...

Pierluigi Paganini September 22, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 490 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini September 22, 2024
Breaking News

NOISE STORMS: MYSTERIOUS MASSIVE WAVES OF SPOOFED TRAFFIC OBSERVED SINCE 2020

GreyNoise Intelligence firm warns of a mysterious phenomenon observed since
January 2020, massive waves of spoofed traffic called Noise Storms.  GreyNoise
Intelligence has been tracking a mysteri ...

Pierluigi Paganini September 22, 2024
Cyber Crime

HACKERS STOLE OVER $44 MILLION FROM ASIAN CRYPTO PLATFORM BINGX

Cybercriminals stole more than $44 million worth of cryptocurrency from the
Singaporean crypto platform BingX. Singaporean crypto platform BingX reported a
cyberattack on Friday. Threat actors sto ...

Pierluigi Paganini September 21, 2024
Cyber Crime

OP KAERB: EUROPOL DISMANTLED PHISHING SCHEME TARGETING MOBILE USERS

A joint international law enforcement operation led by Europol dismantled a
major phishing scheme targeting mobile users. Europol supported European and
Latin American law enforcement agencies in ...

Pierluigi Paganini September 21, 2024
Cyber warfare

UKRAINE BANS TELEGRAM FOR GOVERNMENT AGENCIES, MILITARY, AND CRITICAL
INFRASTRUCTURE

Ukraine's NCCC banned the Telegram app for government agencies, military, and
critical infrastructure, due to national security concerns. Ukraine's National
Coordination Centre for Cybersecurity ( ...

Pierluigi Paganini September 21, 2024
Security

TOR PROJECT RESPONDED TO CLAIMS THAT LAW ENFORCEMENT CAN DE-ANONYMIZE TOR USERS

The maintainers of the Tor Project have responded to claims that German police
have devised a technique to deanonymize users. The maintainers of the Tor
Project have responded to claims that Germa ...

Pierluigi Paganini September 20, 2024
APT

UNC1860 PROVIDES IRAN-LINKED APTS WITH ACCESS TO MIDDLE EASTERN NETWORKS

Iran-linked APT group UNC1860 is operating as an initial access facilitator that
provides remote access to Middle Eastern Networks. Mandiant researchers warn
that an Iran-linked APT group, tracked ...

Pierluigi Paganini September 20, 2024
Cyber Crime

US DOJ CHARGED TWO MEN WITH STEALING AND LAUNDERING $230 MILLION WORTH OF
CRYPTOCURRENCY

The US DoJ arrested two people and charged them with stealing and laundering
more than $230 million worth of cryptocurrency. The U.S. DoJ arrested two
people, Malone Lam (20) (aka "Greavys," "Anne ...

Pierluigi Paganini September 20, 2024
Uncategorized

THE VANILLA TEMPEST CYBERCRIME GANG USED INC RANSOMWARE FOR THE FIRST TIME IN
ATTACKS ON THE HEALTHCARE SECTOR

Microsoft warns that financially motivated threat actor Vanilla Tempest is using
INC ransomware in attacks aimed at the healthcare sector in the U.S. Microsoft
Threat Intelligence team revealed th ...

Pierluigi Paganini September 20, 2024
Hacking

U.S. CISA ADDS NEW IVANTI CLOUD SERVICES APPLIANCE VULNERABILITY TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud
Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastru ...

Pierluigi Paganini September 20, 2024
Security

IVANTI WARNS OF A NEW ACTIVELY EXPLOITED CLOUD SERVICES APPLIANCE (CSA) FLAW

Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability that is
being exploited in attacks in the wild against a limited number of customers.
Ivanti warned of a new Cloud Services Appl ...

Pierluigi Paganini September 19, 2024
Cyber Crime

INTERNATIONAL LAW ENFORCEMENT OPERATION DISMANTLED CRIMINAL COMMUNICATION
PLATFORM GHOST

An international law enforcement operation infiltrated the encrypted messaging
app Ghost, which was widely used by criminals, resulting in the arrest of dozens
of individuals. An international law ...

Pierluigi Paganini September 19, 2024
Security

U.S. CISA ADDS MICROSOFT WINDOWS, APACHE HUGEGRAPH-SERVER, ORACLE JDEVELOPER,
ORACLE WEBLOGIC SERVER, AND MICROSOFT SQL SERVER BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft
Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and
Microsoft SQL Server bugs to its Known Exp ...

Pierluigi Paganini September 19, 2024
Security

SIEM FOR SMALL AND MEDIUM-SIZED ENTERPRISES: WHAT YOU NEED TO KNOW

Small and medium-sized enterprises (SMEs) are a frequent target for
cybercriminals. How can SIEM help them improve their cybersecurity? Contrary to
what they might believe, small and medium-sized ...

Pierluigi Paganini September 19, 2024
Hacking

ANTIVIRUS FIRM DR.WEB DISCONNECTED ALL SERVERS FOLLOWING A CYBERATTACK

Russian anti-virus firm Doctor Web (Dr.Web) disconnected all servers following a
cyberattack over the weekend. This week, the Russian anti-malware firm Doctor
Web (Dr.Web) announced that it had di ...

Pierluigi Paganini September 19, 2024
Malware

EXPERTS WARN OF CHINA-LINKED APT'S RAPTOR TRAIN IOT BOTNET

Researchers warn of a new IoT botnet called Raptor Train that already
compromised over 200,000 devices worldwide. Cybersecurity researchers from
Lumen's Black Lotus Labs discovered a new botnet, n ...

Pierluigi Paganini September 18, 2024
Cyber Crime

CREDENTIAL FLUSHER, UNDERSTANDING THE THREAT AND HOW TO PROTECT YOUR LOGIN DATA

Credential Flusher is a method that allows hackers to steal login credentials
directly from the victim’s web browser. The cyber attacks have become
increasingly sophisticated, putting our person ...

Pierluigi Paganini September 18, 2024
Security

U.S. TREASURY ISSUED FRESH SANCTIONS AGAINST ENTITIES LINKED TO THE INTELLEXA
CONSORTIUM

The U.S. Department of Treasury issued new sanctions against five executives and
one entity linked to the Intellexa Consortium. The Department of the Treasury’s
Office of Foreign Assets Control ...

Pierluigi Paganini September 18, 2024
Security

BROADCOM FIXED CRITICAL VMWARE VCENTER SERVER FLAW CVE-2024-38812

Broadcom addressed a critical vulnerability in the VMware vCenter Server that
could allow remote attackers to achieve code execution. Broadcom released
security updates to address a critical vulne ...

Pierluigi Paganini September 18, 2024
Intelligence

REMOTE ATTACK ON PAGERS USED BY HEZBOLLAH CAUSED 9 DEATHS AND THOUSANDS OF
INJURIES

Remote attack on pagers used by Hezbollah in Lebanon and Syria caused their
explosion; at least 8 nine people dead and more than 2,800 injured. At least
nine eight individuals, including a child, ...

Pierluigi Paganini September 17, 2024
Cyber Crime

CHINESE MAN CHARGED FOR SPEAR-PHISHING AGAINST NASA AND US GOVERNMENT

US DoJ charged a Chinese national who used spear-phishing emails to obtain
sensitive info from NASA, the U.S. Air Force, Navy, Army, and the FAA. The U.S.
DoJ charged a Chinese national, Song Wu ( ...

Pierluigi Paganini September 17, 2024
Security

U.S. CISA ADDS MICROSOFT WINDOWS MSHTML PLATFORM AND PROGRESS WHATSUP GOLD BUGS
TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft
Windows MSHTML Platform and Progress WhatsUp Gold bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cyberse ...

Pierluigi Paganini September 17, 2024
Digital ID

TAKING CONTROL ONLINE: ENSURING AWARENESS OF DATA USAGE AND CONSENT

Why do consumers refuse to consent to their data being shared? Ensuring
transparency on their usage and consent. In the digital world, trust is
essential for the relationships between brands and c ...

Pierluigi Paganini September 17, 2024
Data Breach

QILIN RANSOMWARE ATTACK ON SYNNOVIS IMPACTED OVER 900,000 PATIENTS

The personal information of a million individuals was published online following
a ransomware attack that in June disrupted NHS hospitals in London. In June, a
ransomware attack on pathology and d ...

Pierluigi Paganini September 17, 2024
Security

D-LINK ADDRESSED THREE CRITICAL RCE IN WIRELESS ROUTER MODELS

D-Link fixed multiple critical flaws in its WiFi 6 routers that allow remote
attackers to execute arbitrary code or gain hardcoded credentials. D-Link has
addressed three critical vulnerabilities, ...

Pierluigi Paganini September 16, 2024
Hacking

RECENTLY PATCHED WINDOWS FLAW CVE-2024-43461 WAS ACTIVELY EXPLOITED AS A
ZERO-DAY BEFORE JULY 2024

Microsoft warns that a recently patched Windows flaw, tracked as CVE-2024-43461,
was actively exploited as a zero-day before July 2024. Microsoft warns that
attackers actively exploited the Window ...

Pierluigi Paganini September 16, 2024
Security

SOLARWINDS FIXED CRITICAL RCE CVE-2024-28991 IN ACCESS RIGHTS MANAGER

SolarWinds addressed a critical remote code execution vulnerability, tracked as
CVE-2024-28991, in Access Rights Manager. SolarWinds released security updates
to address a critical-severity remote ...

Pierluigi Paganini September 16, 2024
Laws and regulations

APPLE DISMISSES LAWSUIT AGAINST SURVEILLANCE FIRM NSO GROUP DUE TO RISK OF
THREAT INTELLIGENCE EXPOSURE

Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the
risk of "threat intelligence" information exposure. Apple is seeking to drop its
lawsuit against Israeli spyware com ...

Pierluigi Paganini September 16, 2024
Hacking

HACKER TRICKED CHATGPT INTO PROVIDING DETAILED INSTRUCTIONS TO MAKE A HOMEMADE
BOMB

A hacker tricked ChatGPT into providing instructions to make homemade bombs
demonstrating how to bypass the chatbot safety guidelines. A hacker and artist,
who goes online as Amadon, tricked ChatG ...

Pierluigi Paganini September 16, 2024
Cyber Crime

PORT OF SEATTLE CONFIRMED THAT RHYSIDA RANSOMWARE GANG WAS BEHIND THE AUGUST
ATTACK

Port of Seattle confirmed on Friday that the Rhysida ransomware group was behind
the cyberattack that hit the agency in August. In August, a cyber attack hit the
Port of Seattle, which also opera ...

Pierluigi Paganini September 15, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Mythical Beasts and
Where to Find Them: Mapping the Global Sp ...

Pierluigi Paganini September 15, 2024
Hacking

U.S. CISA ADDS IVANTI CLOUD SERVICES APPLIANCE VULNERABILITY TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud
Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastru ...

Pierluigi Paganini September 14, 2024
Hacking

IVANTI CLOUD SERVICE APPLIANCE FLAW IS BEING ACTIVELY EXPLOITED IN THE WILD

Ivanti warned that recently patched flaw CVE-2024-8190 in Cloud Service
Appliance (CSA) is being actively exploited in the wild. Ivanti warned that a
newly patched vulnerability, tracked as CVE-20 ...

Pierluigi Paganini September 14, 2024
Security

GITLAB FIXED A CRITICAL FLAW IN GITLAB CE AND GITLAB EE

GitLab addressed multiple vulnerabilities impacting GitLab CE/EE, including a
critical pipeline execution issue. GitLab released security patches for 17
vulnerabilities in GitLab CE (Community Ed ...

Pierluigi Paganini September 14, 2024
Malware

NEW LINUX MALWARE CALLED HADOOKEN TARGETS ORACLE WEBLOGIC SERVERS

A new Linux malware called Hadooken targets Oracle WebLogic servers, it has been
linked to several ransomware families. Aqua Security Nautilus researchers
discovered a new Linux malware, called H ...

Pierluigi Paganini September 13, 2024
Data Breach

LEHIGH VALLEY HEALTH NETWORK HOSPITAL NETWORK HAS AGREED TO A $65 MILLION
SETTLEMENT AFTER DATA BREACH

Lehigh Valley Health Network ’s (LVHN) hospital network has agreed to a $65
million settlement in a class action lawsuit related to a data breach. Lehigh
Valley Health Network (LVHN) is a large ...

Pierluigi Paganini September 13, 2024
Malware

VO1D MALWARE INFECTED 1.3 MILLION ANDROID-BASED TV BOXES IN 197 COUNTRIES

Researchers uncovered an Android malware, dubbed Vo1d, that has already infected
nearly 1.3 million Android devices in 197 countries. Doctor Web researchers
uncovered a malware, tracked as Vo1d, ...

Pierluigi Paganini September 13, 2024
Data Breach

CYBERSECURITY GIANT FORTINET DISCLOSES A DATA BREACH

Fortinet disclosed a data breach after a threat actor claimed the theft of 440GB
of files from the company's Microsoft Sharepoint server. Today, Fortinet told
Cyber Daily that a threat actor gaine ...

Pierluigi Paganini September 12, 2024
Cyber Crime

SINGAPORE POLICE ARREST SIX MEN ALLEGEDLY INVOLVED IN A CYBERCRIME SYNDICATE

The Singapore Police Force (SPF) has arrested six individuals for their role in
the operations of a cybercrime ring in the country. The Singapore Police Force
(SPF) arrested five Chinese nationals ...

Pierluigi Paganini September 12, 2024
Security

ADOBE PATCH TUESDAY SECURITY UPDATES FIXED MULTIPLE CRITICAL ISSUES IN THE
COMPANY'S PRODUCTS

Adobe addressed tens of vulnerabilities, including critical issues that could
allow attackers to execute arbitrary code on Windows and macOS. Adobe Patch
Tuesday security updates addressed multip ...

Pierluigi Paganini September 12, 2024
Cyber Crime

HIGHLINE PUBLIC SCHOOLS SCHOOL DISTRICT SUSPENDED ITS ACTIVITIES FOLLOWING A
CYBERATTACK

Highline Public Schools, a school district in Washington state, remains closed
following a cyberattack that occurred two days ago. Two days ago Highline Public
Schools (HPS), a school district in ...

Pierluigi Paganini September 11, 2024
Malware

RANSOMHUB RANSOMWARE GANG RELIES ON KASPERSKY TDSKILLER TOOL TO DISABLE EDR

Researchers observed the RansomHub ransomware group using the TDSSKiller tool to
disable endpoint detection and response (EDR) systems. The RansomHub ransomware
gang is using the TDSSKiller tool t ...

Pierluigi Paganini September 11, 2024
Security

IVANTI FIXED A MAXIMUM SEVERITY FLAW IN ITS ENDPOINT MANAGEMENT SOFTWARE (EPM)

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)
that can let attackers achieve remote code execution on the core server Ivanti
Endpoint Management (EPM) software is ...

Pierluigi Paganini September 11, 2024
Security

MICROSOFT PATCH TUESDAY SECURITY UPDATES FOR SEPTEMBER 2024 ADDRESSED FOUR
ACTIVELY EXPLOITED ZERO-DAYS

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws,
including four actively exploited zero-day flaws. Microsoft Patch Tuesday
security updates for September 2024 addres ...

Pierluigi Paganini September 11, 2024
Malware

QUAD7 BOTNET EVOLVES TO MORE STEALTHY TACTICS TO EVADE DETECTION

The Quad7 botnet evolves and targets new  SOHO devices, including Axentra media
servers, Ruckus wireless routers and Zyxel VPN appliances. The Sekoia TDR team
identified additional implants assoc ...

Pierluigi Paganini September 10, 2024
Cyber warfare

POLAND THWARTED CYBERATTACKS THAT WERE CARRIED OUT BY RUSSIA AND BELARUS

Poland 's security officials announced that they successfully thwarted
cyberattacks that were carried out by Russia and Belarus. Poland security
services announced they have thwarted a cyber opera ...

Pierluigi Paganini September 10, 2024
Security

U.S. CISA ADDS SONICWALL SONICOS, IMAGEMAGICK AND LINUX KERNEL BUGS TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall
SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cybersecurity and I ...

Pierluigi Paganini September 10, 2024
Data Breach

ELECTRONIC PAYMENT GATEWAY SLIM CD DISCLOSED A DATA BREACH IMPACTING 1.7M
INDIVIDUALS

Payment gateway provider Slim CD disclosed a data breach, credit card and
personal data of almost 1.7 million individuals were compromised. The electronic
payment gateway Slim CD disclosed a data ...

Pierluigi Paganini September 10, 2024
Intelligence

PREDATOR SPYWARE OPERATION IS BACK WITH A NEW INFRASTRUCTURE

Researchers warn of a fresh cluster of activity associated with the Predator
spyware using a new infrastructure, following the U.S. sanctions against the
Intellexa Consortium. Recorded Future rese ...

Pierluigi Paganini September 09, 2024
APT

TIDRONE APT TARGETS DRONE MANUFACTURERS IN TAIWAN

A previously undocumented threat actor tracked TIDRONE targets organizations in
military and satellite industries in Taiwan. Trend Micro spotted an allegedly
China-linked threat actor, tracked TID ...

Pierluigi Paganini September 09, 2024
Malware

MULTIPLE MALWARE FAMILIES DELIVERED EXPLOITING GEOSERVER GEOTOOLS FLAW
CVE-2024-36401

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer
GeoTools flaw CVE-2024-36401 in malware-based campaigns. Researchers at Fortinet
FortiGuard Labs reported that thr ...

Pierluigi Paganini September 09, 2024
Security

PROGRESS SOFTWARE FIXED A MAXIMUM SEVERITY FLAW IN LOADMASTER

Progress Software released an emergency to address a maximum severity
vulnerability in its LoadMaster products. Progress Software released an
emergency fix for a critical vulnerability, tracked as ...

Pierluigi Paganini September 09, 2024
Cyber Crime

FEDS INDICTED TWO ALLEGED ADMINISTRATORS OF WWH CLUB DARK WEB MARKETPLACE

Russian And Kazakhstani men indicted for operating the Dark Web cybercriminals
marketplace WWH Club and other crime forums and markets. Alex Khodyrev (35) from
Kazakhstan) and Pavel Kublitskii (37 ...

Pierluigi Paganini September 08, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 10

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. BlackSuit Ransomware
Dissecting the Cicada   &nb ...

Pierluigi Paganini September 08, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 488 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini September 08, 2024
Security

U.S. CISA ADDS DRAYTEK VIGORCONNECT AND KINGSOFT WPS OFFICE BUGS TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Draytek
VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Infra ...

Pierluigi Paganini September 07, 2024
Security

A FLAW IN WORDPRESS LITESPEED CACHE PLUGIN ALLOWS ACCOUNT TAKEOVER

A critical flaw in the LiteSpeed Cache plugin for WordPress could allow
unauthenticated users to take control of arbitrary accounts. The LiteSpeed Cache
plugin is a popular caching plugin for Word ...

Pierluigi Paganini September 07, 2024
Data Breach

CAR RENTAL COMPANY AVIS DISCLOSES A DATA BREACH

Car rental giant Avis disclosed a data breach that impacted one of its business
applications in August compromising customers' personal information. Car rental
company Avis notified customers impa ...

Pierluigi Paganini September 06, 2024
Hacking

SONICWALL WARNS THAT SONICOS BUG EXPLOITED IN ATTACKS

Recently fixed access control SonicOS vulnerability, tracked as
CVE-2024-40766, is potentially exploited in attacks in the wild, SonicWall
warns. SonicWall warns that a recently fixed access cont ...

Pierluigi Paganini September 06, 2024
Security

APACHE FIXED A NEW REMOTE CODE EXECUTION FLAW IN APACHE OFBIZ

Apache addressed a remote code execution vulnerability affecting the Apache
OFBiz open-source enterprise resource planning (ERP) system. Apache fixed a
high-severity vulnerability, tracked as CVE ...

Pierluigi Paganini September 06, 2024
Cyber warfare

RUSSIA-LINKED GRU UNIT 29155 TARGETED CRITICAL INFRASTRUCTURE GLOBALLY

The United States and its allies state that Russia-linked threat actors
operating under the GRU are behind global critical infrastructure attacks. The
FBI, CISA, and NSA linked threat actors from ...

Pierluigi Paganini September 06, 2024
Security

VEEAM FIXED A CRITICAL FLAW IN VEEAM BACKUP & REPLICATION SOFTWARE

Veeam addressed 18 high and critical severity flaws in Veeam Backup &
Replication, Service Provider Console, and One. Veeam released security updates
to address multiple vulnerabilit ...

Pierluigi Paganini September 05, 2024
Malware

EARTH LUSCA ADDS MULTIPLATFORM MALWARE KTLVDOOR TO ITS ARSENAL

The Chinese-speaking threat actor Earth Lusca used the new backdoor KTLVdoor in
an attack against a trading company in China. Trend Micro Researchers spotted
the Chinese-speaking threat actor Eart ...

Pierluigi Paganini September 05, 2024
APT

IS RUSSIAN GROUP APT28 BEHIND THE CYBER ATTACK ON THE GERMAN AIR TRAFFIC CONTROL
AGENCY (DFS)?

A cyber attack hit the German air traffic control agency (DFS) disrupting its
operations, experts attribute it to Russia-linked group APT28. A cyber attack
targeted the German Air Traffic Control ...

Pierluigi Paganini September 05, 2024
Hacking

QUISHING, AN INSIDIOUS THREAT TO ELECTRIC CAR OWNERS

Quishing is a type of phishing attack where crooks use QR codes to trick users
into providing sensitive information or downloading malware. In recent years,
the spread of electric cars has led to ...

Pierluigi Paganini September 05, 2024
Security

DISCONTINUED D-LINK DIR-846 ROUTERS ARE AFFECTED BY CODE EXECUTION FLAWS.
REPLACE THEM!

D-Link warns of multiple remote code execution vulnerabilities impacting its
discontinued DIR-846 router series. Networking hardware vendor D-Link wars of
multiple remote code execution (RCE) vul ...

Pierluigi Paganini September 04, 2024
Hacktivism

HEAD MARE HACKTIVIST GROUP TARGETS RUSSIA AND BELARUS

A group of hacktivist known as Head Mare took advantage of the
recent CVE-2023-38831 WinRAR flaw in attacks against organizations in Russia and
Belarus. Kaspersky researchers reported that a h ...

Pierluigi Paganini September 04, 2024
Security

ZYXEL FIXED CRITICAL OS COMMAND INJECTION FLAW IN MULTIPLE ROUTERS

Taiwanese manufacturer Zyxel addressed a critical OS command injection flaw
affecting multiple models of its business routers. Zyxel has released security
updates to address a critical vulnerabili ...

Pierluigi Paganini September 04, 2024
Security

VMWARE FIXED A CODE EXECUTION FLAW IN FUSION HYPERVISOR

VMware released a patch to address a high-severity code execution flaw in its
Fusion hypervisor, users are urged to apply it. VMware addressed a high-severity
code execution vulnerability, tracke ...

Pierluigi Paganini September 03, 2024
Hacking

VULNERABILITIES IN MICROSOFT APPS FOR MACOS ALLOW STEALING PERMISSIONS

Vulnerabilities in Microsoft apps for macOS could allow attackers to steal
permissions and access sensitive data. Cisco Talos researchers discovered eight
vulnerabilities in Microsoft apps for mac ...

Pierluigi Paganini September 03, 2024
Cyber Crime

THREE MEN PLEAD GUILTY TO RUNNING MFA BYPASS SERVICE OTP.AGENCY

Three men have pleaded guilty to operating OTP.Agency, an online service that
allowed crooks to bypass Multi-Factor authentication (MFA). Three men, Callum
Picari (22), Vijayasidhurshan Vijayanath ...

Pierluigi Paganini September 03, 2024
Hacking

TRANSPORT FOR LONDON (TFL) IS DEALING WITH AN ONGOING CYBERATTACK

Transport for London (TfL) is investigating an ongoing cyberattack, however,
customer information was compromised. Transport for London (TfL) is
investigating an ongoing cyberattack. However, the ...

Pierluigi Paganini September 02, 2024
Cyber Crime

LOCKBIT GANG CLAIMS THE ATTACK ON THE TORONTO DISTRICT SCHOOL BOARD (TDSB)

The Toronto District School Board (TDSB) confirmed that student information was
compromised in the June Lockbit ransomware attack. The Toronto District School
Board (TDSB) confirmed that students' ...

Pierluigi Paganini September 02, 2024
Cyber Crime

A NEW VARIANT OF CICADA RANSOMWARE TARGETS VMWARE ESXI SYSTEMS

A new ransomware-as-a-service (RaaS) operation called Cicada3301 has emerged in
the threat landscape and already targeted tens of companies. Cicada3301 is a new
ransomware-as-a-service (RaaS) oper ...

Pierluigi Paganini September 02, 2024
Hacking

AN AIR TRANSPORT SECURITY SYSTEM FLAW ALLOWED TO BYPASS AIRPORT SECURITY
SCREENINGS

A vulnerability in an air transport security system allowed unauthorized
individuals to bypass airport security screenings. The Known Crewmember (KCM)
and Cockpit Access Security System (CASS) pro ...

Pierluigi Paganini September 01, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 9

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Unveiling "sedexp": A
Stealthy Linux Malware Exploiting udev ...

Pierluigi Paganini September 01, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 487 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini September 01, 2024
Security

FORTRA FIXED TWO SEVERE ISSUES IN FILECATALYST WORKFLOW, INCLUDING A CRITICAL
FLAW

Cybersecurity and automation company Fortra addressed two vulnerabilities in
FileCatalyst Workflow software, including a critical-severity flaw.
Cybersecurity and automation company Fortra release ...

Pierluigi Paganini August 30, 2024
Hacking

SOUTH KOREA-LINKED GROUP APT-C-60 EXPLOITED A WPS OFFICE ZERO-DAY

South Korea-linked group APT-C-60 exploited a zero-day in the Windows version of
WPS Office to target East Asian countries. South Korea-linked group APT-C-60
exploited a zero-day, tracked as CVE� ...

Pierluigi Paganini August 30, 2024
Cyber Crime

THREAT ACTORS EXPLOIT ATLASSIAN CONFLUENCE BUG IN CRYPTOMINING CAMPAIGNS

Threat actors are actively exploiting a critical flaw in the Atlassian
Confluence Data Center and Confluence Server in cryptocurrency mining campaigns.
The critical vulnerability CVE-2023-22527   ...

Pierluigi Paganini August 30, 2024
APT

RUSSIA-LINKED APT29 REUSED IOS AND CHROME EXPLOITS PREVIOUSLY DEVELOPED BY NSO
GROUP AND INTELLEXA

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously
developed by surveillance firms NSO Group and Intellexa. Google TAG (Threat
Analysis Group) researchers observed th ...

Pierluigi Paganini August 30, 2024
Security

CISCO ADDRESSED A HIGH-SEVERITY FLAW IN NX-OS SOFTWARE

Cisco addressed multiple vulnerabilities impacting NX-OS software, including a
high-severity flaw in the DHCPv6 relay agent. Cisco released security updates
for NX-OS software that address multipl ...

Pierluigi Paganini August 29, 2024
Malware

CORONA MIRAI BOTNET SPREADS VIA AVTECH CCTV ZERO-DAY 

An instance of the Corona Mirai botnet spreads via AVTECH CCTV zero-day and
multiple previously known vulnerabilities. Akamai's Security Intelligence and
Response Team (SIRT) has detected a botne ...

Pierluigi Paganini August 29, 2024
Security

TELEGRAM CEO PAVEL DUROV CHARGED IN FRANCE FOR FACILITATING CRIMINAL ACTIVITIES

French prosecutors charged CEO Telegram Pavel Durov with facilitating various
criminal activities on the messaging platform. French prosecutors have formally
charged Telegram CEO Pavel Durov with ...

Pierluigi Paganini August 29, 2024
APT

IRAN-LINKED GROUP APT33 ADDS NEW TICKLER MALWARE TO ITS ARSENAL

Iran-linked group APT33 used new Tickler malware in attacks against
organizations in the government, defense, satellite, oil and gas sectors.
Microsoft researchers reported that the Iran-linked cy ...

Pierluigi Paganini August 29, 2024
Security

U.S. CISA ADDS GOOGLE CHROMIUM V8 BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google
Chromium V8 bug to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agency ( ...

Pierluigi Paganini August 28, 2024
Data Breach

YOUNG CONSULTING DATA BREACH IMPACTS 954,177 INDIVIDUALS

A ransomware attack by the BlackSuit group on Young Consulting compromised the
personal information of over 950,000 individuals. Software solutions provider
Young Consulting disclosed a data breac ...

Pierluigi Paganini August 28, 2024
Malware

BLACKBYTE RANSOMWARE GROUP TARGETS RECENTLY PATCHED VMWARE ESXI FLAW
CVE-2024-37085

BlackByte ransomware operators are exploiting a recently patched VMware ESXi
hypervisors vulnerability in recent attacks. Cisco Talos observed the BlackByte
ransomware group exploiting the recentl ...

Pierluigi Paganini August 28, 2024
Cyber Crime

US OFFERS $2.5M REWARD FOR BELARUSIAN MAN INVOLVED IN MASS MALWARE DISTRIBUTION

The US Department of State offers a $2.5 million reward for information leading
to the arrest of a Belarusian cybercriminal involved in the mass malware
distribution. The US Department of State an ...

Pierluigi Paganini August 28, 2024
Uncategorized

U.S. CISA ADDS APACHE OFBIZ BUG TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz
bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and
Infrastructure Security Agency (CISA)� ...

Pierluigi Paganini August 28, 2024
APT

CHINA-LINKED APT VOLT TYPHOON EXPLOITED A ZERO-DAY IN VERSA DIRECTOR

China-linked APT group Volt Typhoon exploited a zero-day flaw in Versa Director
to upload a custom webshell in target networks. China-linked APT Volt Typhoon
exploited a zero-day vulnerability, tr ...

Pierluigi Paganini August 27, 2024
Cyber Crime

RESEARCHERS UNMASKED THE NOTORIOUS THREAT ACTOR USDOD

CrowdStrike researchers have identified the notorious hacker USDoD who is behind
several high-profile data leaks. The notorious hacker USDoD (aka EquationCorp),
who is known for high-profile data ...

Pierluigi Paganini August 27, 2024
Digital ID

THE DUTCH DATA PROTECTION AUTHORITY (DPA) HAS FINED UBER A RECORD €290M

The Dutch Data Protection Authority (DPA) has fined Uber a record €290M for
violating the EU data protection regulation while sending sensitive driver data
to the U.S. The Dutch Data Protection ...

Pierluigi Paganini August 27, 2024
Hacking

GOOGLE ADDRESSED THE TENTH ACTIVELY EXPLOITED CHROME ZERO-DAY THIS YEAR

Google released emergency security updates to fix the tenth actively exploited
Chrome zero-day vulnerability this year. Google released a security update to
address a new Chrome zero-day vulnerabi ...

Pierluigi Paganini August 26, 2024
Security

SONICWALL ADDRESSED AN IMPROPER ACCESS CONTROL ISSUE IN ITS FIREWALLS

SonicWall addressed a critical flaw in its firewalls that could allow attackers
to achieve unauthorized access to the devices. SonicWall has released security
updates to address a critical vulnera ...

Pierluigi Paganini August 26, 2024
Hacking

A CYBERATTACK IMPACTED OPERATIONS AT THE PORT OF SEATTLE AND SEA-TAC AIRPORT

A cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma
International Airport, websites and phone systems were impacted. Media reported
that the Port of Seattle, which also ...

Pierluigi Paganini August 26, 2024
Malware

LINUX MALWARE SEDEXP USES UDEV RULES FOR PERSISTENCE AND EVASION

Researchers spotted a new stealthy Linux malware named sedexp that uses Linux
udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions
spotted a new malware family, called se ...

Pierluigi Paganini August 26, 2024
Cyber Crime

FRANCE POLICE ARRESTED TELEGRAM CEO PAVEL DUROV

French police arrested Pavel Durov, founder and chief executive of Telegram,
due to the lack of content moderation that advantaged criminal activity. Pavel
Durov, the founder and CEO of Teleg ...

Pierluigi Paganini August 25, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 8

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Meet UULoader: An
Emerging and Evasive Malicious Installer ...

Pierluigi Paganini August 25, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 486 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini August 25, 2024
Hacking

U.S. CISA ADDS VERSA DIRECTOR BUG TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Versa Director
bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and
Infrastructure Security Agency (CISA ...

Pierluigi Paganini August 25, 2024
Hacking

HACKERS CAN TAKE OVER ECOVACS HOME ROBOTS TO SPY ON THEIR OWNERS

Recently, researchers warned vacuum and lawn mower robots made by Ecovacs could
be hacked to spy on their owners, the company will fix it. During the recent Def
Con hacking conference, security r ...

Pierluigi Paganini August 24, 2024
Cyber Crime

RUSSIAN NATIONAL ARRESTED IN ARGENTINA FOR LAUNDERING MONEY OF CROOKS AND
LAZARUS APT

A Russian national was arrested in Argentina for laundering proceeds from
illicit actors, including North Korea-linked Lazarus Group. This week, the
Argentine Federal Police (PFA) arrested a Russi ...

Pierluigi Paganini August 24, 2024
Cyber Crime

QILIN RANSOMWARE STEALS CREDENTIALS STORED IN GOOGLE CHROME

Sophos researchers investigated a Qilin ransomware breach attack that led to the
theft of credentials stored in Google Chrome browsers. Sophos researchers
investigated a Qilin ransomware attack wh ...

Pierluigi Paganini August 23, 2024
Cyber Crime

PHISHING ATTACKS TARGET MOBILE USERS VIA PROGRESSIVE WEB APPLICATIONS (PWA)

Cybercriminals use progressive web applications (PWA) to impersonate banking
apps and steal credentials from mobile users. ESET researchers detailed a
phishing campaign against mobile users that ...

Pierluigi Paganini August 23, 2024
Uncategorized

MEMBER OF CYBERCRIME GROUP KARAKURT CHARGED IN THE US

The Russian national Deniss Zolotarjovs has been charged in a U.S. court for his
role in the Karakurt cybercrime gang. Deniss Zolotarjovs (33), a Russian
cybercriminal, has been charged in a U.S. ...

Pierluigi Paganini August 23, 2024
Malware

NEW MALWARE CTHULHU STEALER TARGETS APPLE MACOS USERS

Cato Security found a new info stealer, called Cthulhu Stealer, that targets
Apple macOS and steals a wide range of information. Cado Security researchers
have discovered a malware-as-a-service (M ...

Pierluigi Paganini August 23, 2024
APT

CHINA-LINKED APT VELVET ANT EXPLOITED ZERO-DAY TO COMPROMISE CISCO SWITCHES

China-linked APT group Velvet Ant exploited a recently disclosed zero-day in
Cisco switches to take over the network appliance. Researchers at cybersecurity
firm Sygnia reported that the China-lin ...

Pierluigi Paganini August 23, 2024
Hacking

A CYBERATTACK HIT US OIL GIANT HALLIBURTON

US oil giant Halliburton announced that it was hit by a cyberattack that is
affecting operations at its Houston, Texas offices. Halliburton, a major U.S.
oil company, announced that a cyberattack ...

Pierluigi Paganini August 22, 2024
Hacking

U.S. CISA ADDS DAHUA IP CAMERA, LINUX KERNEL AND MICROSOFT EXCHANGE SERVER BUGS
TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dahua IP
Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cybersec ...

Pierluigi Paganini August 22, 2024
Hacking

SOLARWINDS FIXED A HARDCODED CREDENTIAL ISSUE IN WEB HELP DESK

SolarWinds fixed a hardcoded credential flaw in its Web Help Desk (WHD) software
that could allow attackers to gain unauthorized access to vulnerable instances.
SolarWinds has addressed a new secu ...

Pierluigi Paganini August 22, 2024
Hacking

A CYBERATTACK DISRUPTED OPERATIONS OF US CHIPMAKER MICROCHIP TECHNOLOGY

Semiconductor manufacturer Microchip Technology announced that its operations
were disrupted by a cyberattack. U.S. chipmaker Microchip Technology suffered a
cyberattack that disrupted operations ...

Pierluigi Paganini August 22, 2024
Hacking

GOOGLE ADDRESSED THE NINTH ACTIVELY EXPLOITED CHROME ZERO-DAY THIS YEAR

Google released emergency security updates to fix the ninth actively exploited
Chrome zero-day vulnerability this year. Google released an emergency security
update to address a Chrome zero- ...

Pierluigi Paganini August 22, 2024
Security

GITHUB FIXED A NEW CRITICAL FLAW IN THE GITHUB ENTERPRISE SERVER 

GitHub addressed three vulnerabilities in its GitHub Enterprise Server product,
including a critical authentication flaw. GitHub addressed three security
vulnerabilities impacting the GitHub Enter ...

Pierluigi Paganini August 22, 2024
Security

EXPERTS DISCLOSED A CRITICAL INFORMATION-DISCLOSURE FLAW IN MICROSOFT COPILOT
STUDIO

Researchers have disclosed a critical security vulnerability in Microsoft's
Copilot Studio that could lead to the exposure of sensitive information.
Researchers disclosed a critical security vulne ...

Pierluigi Paganini August 21, 2024
Malware

NORTH KOREA-LINKED APT USED A NEW RAT CALLED MOONPEAK

North Korea-linked APT Kimsuky is likely behind a new remote access trojan
called MoonPeak used in a recent campaign spotted by Cisco Talos. Cisco Talos
researchers uncovered the infrastructure us ...

Pierluigi Paganini August 21, 2024
APT

PRO-RUSSIA GROUP VERMIN TARGETS UKRAINE WITH A NEW MALWARE FAMILY

The Computer Emergency Response Team of Ukraine (CERT-UA) warned of new phishing
attacks, carried out by the Vermin group, distributing a malware. The Computer
Emergency Response Team of Ukraine ...

Pierluigi Paganini August 21, 2024
Hacking

A BACKDOOR IN MILLIONS OF SHANGHAI FUDAN MICROELECTRONICS RFID CARDS ALLOWS
CLONING

A flaw in millions of RFID cards manufactured by Shanghai Fudan Microelectronics
allows these contactless cards to be cloned instantly. Researchers from security
firm Quarkslab discovered a backdo ...

Pierluigi Paganini August 21, 2024
Malware

RANSOMWARE PAYMENTS ROSE FROM $449.1 MILLION TO $459.8 MILLION

Blockchain analysis firm Chainalysis revealed that ransomware payments rose by
approximately 2%, from $449.1 million to $459.8 million. Blockchain analysis
firm Chainalysis revealed that while ove ...

Pierluigi Paganini August 20, 2024
Malware

PREVIOUSLY UNSEEN MSUPEDGE BACKDOOR TARGETED A UNIVERSITY IN TAIWAN

Experts spotted a previously undetected backdoor, dubbed Msupedge, that was
employed in an attack against a university in Taiwan.  Broadcom Symantec
researchers discovered a previously undetected ...

Pierluigi Paganini August 20, 2024
Hacking

ORACLE NETSUITE MISCONFIGURATION COULD LEAD TO DATA EXPOSURE

Researchers discovered thousands of Oracle NetSuite e-stores that are vulnerable
to data leak, sensitive customer information is at risk. Cybersecurity
researchers from AppOmni warn of a potential ...

Pierluigi Paganini August 20, 2024
Data Breach

TOYOTA DISCLOSED A DATA BREACH AFTER ZEROSEVENGROUP LEAKED STOLEN DATA ON A
CYBERCRIME FORUM

Toyota has confirmed a data breach after a threat actor leaked 240GB of data
stolen from its infrastructure on a cybercrime forum. Toyota disclosed a data
breach after a threat actor leaked an arc ...

Pierluigi Paganini August 20, 2024
Hacking

CISA ADDS JENKINS COMMAND LINE INTERFACE (CLI) BUG TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Jenkins
Command Line Interface (CLI) bug to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructu ...

Pierluigi Paganini August 19, 2024
Cyber Crime

RESEARCHERS UNCOVERED NEW INFRASTRUCTURE LINKED TO THE CYBERCRIME GROUP FIN7

Team Cymru, Silent Push and Stark Industries Solutions researchers uncovered a
new infrastructure linked to the cybercrime group FIN7. Researchers from Team
Cymru identified two clusters potential ...

Pierluigi Paganini August 19, 2024
Hacking

EXPERTS WARN OF EXPLOIT ATTEMPT FOR IVANTI VTM BUG

Researchers at the Shadowserver Foundation observed an exploit attempt based on
the public PoC for Ivanti vTM bug CVE-2024-7593. Researchers at the Shadowserver
Foundation observed an exploit att ...

Pierluigi Paganini August 19, 2024
APT

MICROSOFT ZERO-DAY CVE-2024-38193 WAS EXPLOITED BY NORTH KOREA-LINKED LAZARUS
APT

Microsoft addressed a zero-day vulnerability actively exploited by the
North-Korea-linked Lazarus APT group. Microsoft has addressed a zero-day
vulnerability, tracked as CVE-2024-38193 (CVSS sco ...

Pierluigi Paganini August 19, 2024
Malware

THE MAD LIBERATOR RANSOMWARE GROUP USES SOCIAL-ENGINEERING TECHNIQUES

New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake
Microsoft Windows update screen to conceal data exfiltrating. The Sophos X-Ops
Incident Response team warned that a n ...

Pierluigi Paganini August 19, 2024
Hacking

FROM 2018: DEEPMASTERPRINTS: DECEIVE FINGERPRINT RECOGNITION SYSTEMS WITH
MASTERPRINTS GENERATED WITH GANS

Boffins demonstrated the vulnerability of fingerprint recognition systems to
dictionary attacks using 'MasterPrints, 'which are fingerprints that can match
multiple other prints. A team of researc ...

Pierluigi Paganini August 18, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Deciphering the Brain
Cipher Ransomware   Ideal ...

Pierluigi Paganini August 18, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 485 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini August 18, 2024
Cyber Crime

LARGE-SCALE EXTORTION CAMPAIGN TARGETS PUBLICLY ACCESSIBLE ENVIRONMENT VARIABLE
FILES (.ENV)

A large-scale extortion campaign compromised multiple organizations by
exploiting publicly accessible environment variable files (.env). Palo Alto Unit
42 researchers uncovered a large-scale extor ...

Pierluigi Paganini August 18, 2024
Intelligence

OPENAI DISMANTLED AN IRANIAN INFLUENCE OPERATION TARGETING THE U.S. PRESIDENTIAL
ELECTION

OpenAI announced it had dismantled an Iranian influence operation that was
producing content related to the U.S. Presidential election. OpenAI has
dismantled an Iran-linked influence operation, tr ...

Pierluigi Paganini August 17, 2024
Data Breach

NATIONAL PUBLIC DATA CONFIRMS A DATA BREACH

Background check service National Public Data confirms a data breach that
exploded millions of social security numbers and other sensitive information. 
Background check service National Public D ...

Pierluigi Paganini August 17, 2024
Security

CISA ADDS SOLARWINDS WEB HELP DESK BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a SolarWinds
Web Help Desk bug to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security ...

Pierluigi Paganini August 16, 2024
Deep Web

RUSSIAN NATIONAL SENTENCED TO 40 MONTHS FOR SELLING STOLEN DATA ON THE DARK WEB

A Russian national was sentenced to over three years in prison for selling
stolen information and credentials on a dark web marketplace. The 27-year-old
Russian national Georgy Kavzharadze (also k ...

Pierluigi Paganini August 16, 2024
Malware

BANSHEE STEALER, A NEW MACOS MALWARE WITH A MONTHLY SUBSCRIPTION PRICE OF $3,000

Russian cybercriminals are advertising a new macOS malware called Banshee
Stealer with a monthly subscription price of $3,000. In August 2024, Russian
crooks advertised a macOS malware called BANS ...

Pierluigi Paganini August 16, 2024
Security

MILLIONS OF PIXEL DEVICES CAN BE HACKED DUE TO A PRE-INSTALLED VULNERABLE APP

Many Google Pixel devices shipped since September 2017 have included a
vulnerable app that could be exploited for malicious purposes. Many Google Pixel
devices shipped since September 2017 have i ...

Pierluigi Paganini August 16, 2024
Hacking

MICROSOFT URGES CUSTOMERS TO FIX ZERO-CLICK WINDOWS RCE IN THE TCP/IP STACK

Microsoft addressed a critical zero-click Windows remote code execution (RCE) in
the TCP/IP stack that impacts all systems with IPv6 enabled. Microsoft urges
customers to fix a critical TCP/IP rem ...

Pierluigi Paganini August 16, 2024
Cyber Crime

A GROUP LINKED TO RANSOMHUB OPERATION EMPLOYS EDR-KILLING TOOL EDRKILLSHIFTER

A cybercrime group linked to the RansomHub ransomware was spotted using a new
tool designed to kill EDR software. Sophos reports that a cybercrime group,
likely linked to the RansomHub ransomware ...

Pierluigi Paganini August 15, 2024
Security

GOOGLE DISRUPTED HACKING CAMPAIGNS CARRIED OUT BY IRAN-LINKED APT42

Google disrupted a hacking campaign carried out by the Iran-linked APT group
APT42 targeting the US presidential election. Google announced that it disrupted
a hacking campaign carried out by Iran ...

Pierluigi Paganini August 15, 2024
Cyber Crime

BLACK BASTA RANSOMWARE GANG LINKED TO A SYSTEMBC MALWARE CAMPAIGN

Experts linked an ongoing social engineering campaign, aimed at deploying the
malware SystemBC, to the Black Basta ransomware group. Rapid7 researchers
uncovered a new social engineering campaign ...

Pierluigi Paganini August 15, 2024
Hacking

A MASSIVE CYBER ATTACK HIT CENTRAL BANK OF IRAN AND OTHER IRANIAN BANKS

Iranian news outlet reported that a major cyber attack targeted the Central Bank
of Iran (CBI) and several other banks causing disruptions. Iran International
reported that a massive cyber attack ...

Pierluigi Paganini August 15, 2024
APT

CHINA-LINKED APT EARTH BAKU TARGETS EUROPE, THE MIDDLE EAST, AND AFRICA

China-linked threat actor Earth Baku expanded its operations in Europe, the
Middle East, and Africa starting in late 2022. China-linked APT group Earth Baku
(a threat actor associated with APT41) ...

Pierluigi Paganini August 14, 2024
Security

SOLARWINDS ADDRESSED A CRITICAL RCE IN ALL WEB HELP DESK VERSIONS

SolarWinds addressed a critical remote code execution vulnerability in its Web
Help Desk solution for customer support. SolarWinds fixed a critical
vulnerability, tracked as CVE-2024-289 ...

Pierluigi Paganini August 14, 2024
Data Breach

KOOTENAI HEALTH DATA BREACH IMPACTED 464,000 PATIENTS

Kootenai Health suffered a data breach impacting over 464,000 patients following
a 3AM ransomware attack. Kootenai Health disclosed a data breach impacting over
464,088 patients following the leak ...

Pierluigi Paganini August 14, 2024
Security

MICROSOFT PATCH TUESDAY SECURITY UPDATES FOR AUGUST 2024 ADDRESSED SIX ACTIVELY
EXPLOITED BUGS

Microsoft's August 2024 Patch Tuesday addressed 90 vulnerabilities, including
six that are actively exploited. Patch Tuesday security updates for August 2024
addressed 90 vulnerabilities in Micros ...

Pierluigi Paganini August 14, 2024
Hacking

A POC EXPLOIT CODE IS AVAILABLE FOR CRITICAL IVANTI VTM BUG

Ivanti warned of a critical authentication bypass flaw in its Virtual Traffic
Manager (vTM) appliances that can allow attackers to create rogue administrator
accounts. Ivanti addressed a critical ...

Pierluigi Paganini August 13, 2024
Hacking

ELON MUSK CLAIMS THAT A DDOS ATTACK CAUSED PROBLEMS WITH THE LIVESTREAM
INTERVIEW WITH DONALD TRUMP

Elon Musk claims that the livestream interview with Donald Trump on the X social
media platform was impacted by a cyberattack. Elon Musk claims that a massive
DDoS attack caused problems with the ...

Pierluigi Paganini August 13, 2024
APT

CERT-UA WARNS OF A PHISHING CAMPAIGN TARGETING GOVERNMENT ENTITIES

CERT-UA warned that Russia-linked actor is impersonating the Security Service of
Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer
Emergency Response Team of Ukrain ...

Pierluigi Paganini August 13, 2024
Intelligence

US DOJ DISMANTLED REMOTE IT WORKER FRAUD SCHEMES RUN BY NORTH KOREA

The U.S. DoJ arrested a Tennessee man for running a "laptop farm" that enabled
North Korea-linked IT workers to obtain remote jobs with American companies. The
U.S. Justice Department arrested Mat ...

Pierluigi Paganini August 13, 2024
Security

A FREEBSD FLAW COULD ALLOW REMOTE CODE EXECUTION, PATCH IT NOW!

FreeBSD Project maintainers addressed a high-severity flaw in OpenSSH that could
allow remote code execution with elevated privileges. The maintainers of the
FreeBSD Project have released urgent s ...

Pierluigi Paganini August 12, 2024
APT

EASTWIND CAMPAIGN TARGETS RUSSIAN ORGANIZATIONS WITH SOPHISTICATED BACKDOORS

A campaign tracked as EastWind is targeting Russian government and IT
organizations with PlugY and GrewApacha Backdoors. In late July 2024, Kaspersky
researchers detected a series of targeted cybe ...

Pierluigi Paganini August 12, 2024
Hacking

MICROSOFT FOUND OPENVPN BUGS THAT CAN BE CHAINED TO ACHIEVE RCE AND LPE

Microsoft found four bugs in OpenVPN that could be chained to achieve remote
code execution and local privilege escalation. During the Black Hat USA 2024
conference, Microsoft researchers disclose ...

Pierluigi Paganini August 12, 2024
Cyber warfare

FOREIGN NATION-STATE ACTORS HACKED DONALD TRUMP’S CAMPAIGN

Donald Trump's campaign reported that its emails were hacked by "foreign sources
hostile to the United States." Donald Trump's presidential campaign announced it
was hacked, a spokesman attributes ...

Pierluigi Paganini August 11, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Surge in Magniber
ransomware attacks impact home users worldw ...

Pierluigi Paganini August 11, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 484 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini August 11, 2024
Cyber Crime

ADT DISCLOSED A DATA BREACH THAT IMPACTED MORE THAN 30,000 CUSTOMERS

Physical security firm ADT disclosed a data breach, threat actors stole
information from 30,000 customers and leaked it. ADT is a provider of alarm and
physical security systems, it employs more t ...

Pierluigi Paganini August 11, 2024
Cyber Crime

IS THE INC RANSOMWARE GANG BEHIND THE ATTACK ON MCLAREN HOSPITALS?

A INC Ransom ransomware attack this week disrupted IT and phone systems at
McLaren Health Care hospitals. On Tuesday, an INC Ransom ransomware attack hit
the McLaren Health Care hospitals and disr ...

Pierluigi Paganini August 10, 2024
Cyber Crime

CROOKS TOOK CONTROL OF A COW MILKING ROBOT CAUSING THE DEATH OF A COW

Crooks took control of a cow milking robot and demanded a ransom from a farmer
who refused to pay it, resulting in the death of a cow. An extortion attempt had
a tragic outcome, cybercriminals too ...

Pierluigi Paganini August 10, 2024
Hacking

SONOS SMART SPEAKERS FLAW ALLOWED TO EAVESDROP ON USERS

NCC Group discovered vulnerabilities in Sonos smart speakers, including a flaw
that could have allowed to eavesdrop on users. Researchers from NCC Group have
discovered multiple vulnerabilities in ...

Pierluigi Paganini August 10, 2024
Uncategorized

FIVE ZERO-DAYS IMPACTS EOL CISCO SMALL BUSINESS IP PHONES. REPLACE THEM WITH
NEWER MODELS ASAP!

Cisco warns of critical remote code execution zero-day vulnerabilities impacting
end-of-life Small Business SPA 300 and SPA 500 series IP phones. Cisco warns of
multiple critical remote code execu ...

Pierluigi Paganini August 09, 2024
Hacking

CISA ADDS APACHE OFBIZ AND ANDROID KERNEL BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz
and Android kernel bugs to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Sec ...

Pierluigi Paganini August 09, 2024
Intelligence

RUSSIAN CYBER SPIES STOLE DATA AND EMAILS FROM UK GOVERNMENT SYSTEMS

Earlier this year, Russian cyber spies breached UK government systems and stole
sensitive data and emails, reported The Record media. Earlier this year,
Russia’s foreign intelligence service sto ...

Pierluigi Paganini August 09, 2024
Hacking

0.0.0.0 DAY FLAW ALLOWS MALICIOUS WEBSITES TO BYPASS SECURITY IN MAJOR BROWSERS

An 18-year-old bug, dubbed "0.0.0.0 Day," allows malicious websites to bypass
security in Chrome, Firefox, and Safari to breach local networks. Oligo
Security's research team warns of an 18-year ...

Pierluigi Paganini August 08, 2024
Hacking

FBI AND CISA UPDATE A JOINT ADVISORY ON THE BLACKSUIT RANSOMWARE GROUP

FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the
document provides TTPs and IOCs as recently as July 2024. CISA, in collaboration
with the FBI, has published a joint ...

Pierluigi Paganini August 08, 2024
Cyber Crime

RHYSIDA RANSOMWARE GROUP CLAIMS TO HAVE BREACHED BAYHEALTH HOSPITAL IN DELAWARE

The Rhysida Ransomware group claims to have breached Bayhealth Hospital in
Delaware and offers alleged stolen data for 25 BTC. Bayhealth Hospital is a
technologically advanced not-for-profit healt ...

Pierluigi Paganini August 08, 2024
Hacking

CRITICAL XSS BUG IN ROUNDCUBE WEBMAIL ALLOWS ATTACKERS TO STEAL EMAILS AND
SENSITIVE DATA

Researchers warn of flaws in the Roundcube webmail software that could be
exploited to steal sensitive information from target accounts. Sonar’s
Vulnerability Research Team discovered a critical ...

Pierluigi Paganini August 07, 2024
Malware

NEW ANDROID SPYWARE LIANSPY RELIES ON YANDEX CLOUD TO AVOID DETECTION

A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian
users since at least 2021. In March 2024, cybersecurity researchers from
Kaspersky discovered previously unknown An ...

Pierluigi Paganini August 07, 2024
Hacking

HACKERS BREACHED MDM FIRM MOBILE GUARDIAN AND WIPED THOUSANDS OF DEVICES

Threat actors breached the UK-based mobile device management (MDM) firm Mobile
Guardian and remotely wiped thousands of devices. Hackers breached the mobile
device management (MDM) firm Mobile Gu ...

Pierluigi Paganini August 07, 2024
Cyber Crime

A RANSOMWARE ATTACK HIT FRENCH MUSEUM NETWORK

The Réunion des Musées Nationaux network, including Paris' Grand Palais and
other museums, was hit by a ransomware attack. A ransomware attack hit the
Réunion des Musées Nationaux network, inc ...

Pierluigi Paganini August 06, 2024
Security

CISA ADDS MICROSOFT COM FOR WINDOWS BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft
COM for Windows bug to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security ...

Pierluigi Paganini August 06, 2024
Breaking News

GOOGLE WARNS OF AN ACTIVELY EXPLOITED ANDROID KERNEL FLAW

Google addressed an actively exploited high-severity vulnerability, tracked as
CVE-2024-36971, impacting the Android kernel. Google fixed a high-severity flaw,
tracked as CVE-2024-36971, impacting ...

Pierluigi Paganini August 06, 2024
Uncategorized

SHOULD ORGANIZATIONS PAY RANSOM DEMANDS?

Ransomware attacks are the most significant risk for modern organizations, why
organizations should avoid paying ransoms. Ransomware attacks are the most
significant risk for modern organizations, ...

Pierluigi Paganini August 06, 2024
APT

NORTH KOREA-LINKED HACKERS TARGET CONSTRUCTION AND MACHINERY SECTORS WITH
WATERING HOLE AND SUPPLY CHAIN ATTACKS

South Korea's National Cyber Security Center (NCSC) reported that North
Korea-linked hackers hijacked VPN software updates to deploy malware. South
Korea's national security and intelligence agenc ...

Pierluigi Paganini August 06, 2024
Hacking

RESEARCHERS WARN OF A NEW CRITICAL APACHE OFBIZ FLAW

Researchers urge organizations using Apache OFBiz to address a critical bug,
following reports of active exploitation of another flaw. Experts urge
organizations to address a new critical vulnerab ...

Pierluigi Paganini August 05, 2024
Data Breach

KEYTRONIC INCURRED APPROXIMATELY $17 MILLION OF EXPENSES FOLLOWING RANSOMWARE
ATTACK

Printed circuit board assembly (PCBA) manufacturer Keytronic reported that a
recent ransomware attack led to expenses and lost revenue exceeding $17 million.
In June, Keytronic disclosed a data br ...

Pierluigi Paganini August 05, 2024
ICS-SCADA

A FLAW IN ROCKWELL AUTOMATION CONTROLLOGIX 1756 COULD EXPOSE CRITICAL CONTROL
SYSTEMS TO UNAUTHORIZED ACCESS

A security bypass bug in Rockwell Automation ControlLogix 1756 devices could
allow unauthorized access to vulnerable devices. A high-severity security bypass
vulnerability, tracked as CVE-2024-624 ...

Pierluigi Paganini August 05, 2024
Breaking News

CHINA-LINKED APT41 BREACHED TAIWANESE RESEARCH INSTITUTE

China-linked group APT41 breached a Taiwanese government-affiliated research
institute using ShadowPad and Cobalt Strike. Cisco Talos researchers reported
that the China-linked group compromised a ...

Pierluigi Paganini August 05, 2024
APT

CHINESE STORMBAMBOO APT COMPROMISED ISP TO DELIVER MALWARE

A China-linked APT, tracked as StormBamboo, compromised an internet service
provider (ISP) to poison software update mechanisms with malware. Volexity
researchers reported that a China-linked AP ...

Pierluigi Paganini August 04, 2024
Data Breach

HACKERS ATTEMPT TO SELL THE PERSONAL DATA OF 3 BILLION PEOPLE RESULTING FROM AN
APRIL DATA BREACH

Jerico Pictures Inc., operating as National Public Data, exposed the personal
information of nearly 3 billion individuals in an April data breach. A proposed
class action claims that Jerico Pictur ...

Pierluigi Paganini August 04, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER - ROUND 5

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Unplugging PlugX:
Sinkholing the PlugX USB worm botnet & ...

Pierluigi Paganini August 04, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 483 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini August 04, 2024
Laws and regulations

US SUED TIKTOK AND BYTEDANCE FOR VIOLATING CHILDREN’S PRIVACY LAWS

The U.S. Department of Justice has sued TikTok and its parent company,
ByteDance, for extensive violations of children's privacy laws. The Justice
Department and the Federal Trade Commission (FTC) ...

Pierluigi Paganini August 03, 2024
APT

RUSSIA-LINKED APT USED A CAR FOR SALE AS A PHISHING LURE TO TARGET DIPLOMATS
WITH HEADLACE MALWARE

A Russia-linked APT used a car for sale as a phishing lure to deliver a modular
Windows backdoor called HeadLace. Palo Alto researchers reported that a
Russia-linked threat actor known as Fightin ...

Pierluigi Paganini August 03, 2024
Security

INVESTORS SUED CROWDSTRIKE OVER FALSE CLAIMS ABOUT ITS FALCON PLATFORM

Investors have sued CrowdStrike because the cybersecurity firm made false claims
about its Falcon platform. Investors have sued CrowdStrike because the company
made false and misleading claims on ...

Pierluigi Paganini August 02, 2024
Hacking

AVTECH CAMERA VULNERABILITY ACTIVELY EXPLOITED IN THE WILD, CISA WARNS

CISA warned that an Avtech camera vulnerability, which is still unpatched, is
being actively exploited in the wild. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) published an ad ...

Pierluigi Paganini August 02, 2024
Uncategorized

U.S. RELEASED RUSSIAN CYBERCRIMINALS IN DIPLOMATIC PRISONER EXCHANGE

Today, 24 prisoners were released in an international swap between Russia and
Western countries, including convicted  Russian cybercriminals. In the recent
international prisoner swap two not ...

Pierluigi Paganini August 02, 2024
Hacking

SITTING DUCKS ATTACK TECHNIQUE EXPOSES OVER A MILLION DOMAINS TO HIJACKING

Researchers warn of an attack vector in the DNS, called the Sitting Ducks, that
exposes over a million domains to hackers' takeover. Researchers from Eclypsium
and Infoblox have identified an att ...

Pierluigi Paganini August 02, 2024
Hacking

OVER 20,000 INTERNET-EXPOSED VMWARE ESXI INSTANCES VULNERABLE TO CVE-2024-37085

Shadowserver researchers reported that over 20,000 internet-exposed VMware ESXi
instances are affected by the actively exploited flaw CVE-2024-37085.
Researchers at the Shadowserver Foundation rep ...

Pierluigi Paganini August 01, 2024
Malware

BINGOMOD ANDROID RAT STEALS MONEY FROM VICTIMS' BANK ACCOUNTS AND WIPES DATA

BingoMod is a new Android malware that can wipe devices after stealing money
from the victims' bank accounts. Researchers at Cleafy discovered a new Android
malware, called 'BingoMod,' that can w ...

Pierluigi Paganini August 01, 2024
Cyber Crime

A RANSOMWARE ATTACK DISRUPTED OPERATIONS AT ONEBLOOD BLOOD BANK

OneBlood, a non-profit blood bank serving over 300 U.S. hospitals, suffered a
ransomware attack that disrupted its medical operations. OneBlood is a
non-profit organization that provides blood and ...

Pierluigi Paganini July 31, 2024
Mobile

APPLE FIXED DOZENS OF VULNERABILITIES IN IOS AND MACOS

Apple has issued security updates to address multiple vulnerabilities across
iOS, macOS, tvOS, visionOS, watchOS, and Safari. Apple released security updates
to address multiple vulnerabilities in ...

Pierluigi Paganini July 31, 2024
Cyber Crime

PHISHING CAMPAIGNS TARGET SMBS IN POLAND, ROMANIA, AND ITALY WITH MULTIPLE
MALWARE FAMILIES

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to
deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET
researchers observed multiple phishi ...

Pierluigi Paganini July 31, 2024
Uncategorized

A FORTUNE 50 COMPANY PAID A RECORD-BREAKING $75 MILLION RANSOM

Zscaler researchers revealed that a company paid a record-breaking $75 million
ransom to the Dark Angels ransomware group. Zscaler discovered a record-breaking
ransom payment of US$75 million made ...

Pierluigi Paganini July 31, 2024
Security

CISA ADDS VMWARE ESXI BUG TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a VMware ESXi
bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and
Infrastructure Security Agency (CISA) ...

Pierluigi Paganini July 30, 2024
Mobile

MANDRAKE ANDROID SPYWARE FOUND IN FIVE APPS IN GOOGLE PLAY WITH OVER 32,000
DOWNLOADS SINCE 2022

A new version of the Mandrake Android spyware has been found in five apps on
Google Play, which have been downloaded over 32,000 times since 2022.
Researchers from Kaspersky discovered a new vers ...

Pierluigi Paganini July 30, 2024
Breaking News

SIDEWINDER PHISHING CAMPAIGN TARGETS MARITIME FACILITIES IN MULTIPLE COUNTRIES

The APT group SideWinder launched a new espionage campaign targeting ports and
maritime facilities in the Indian Ocean and Mediterranean Sea. SideWinder (also
known as Razor Tiger, Rattlesnake, an ...

Pierluigi Paganini July 30, 2024
Hacking

A CRAFTY PHISHING CAMPAIGN TARGETS MICROSOFT ONEDRIVE USERS

Researchers detected a sophisticated phishing campaign targeting Microsoft
OneDrive users to trick them into executing a PowerShell script. Over the past
few weeks, the Trellix Advanced Research ...

Pierluigi Paganini July 30, 2024
Cyber Crime

RANSOMWARE GANGS EXPLOIT RECENTLY PATCHED VMWARE ESXI BUG CVE-2024-37085

Microsoft warns that ransomware gangs are exploiting the recently patched
CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that
multiple ransomware gangs are exploiting the re ...

Pierluigi Paganini July 29, 2024
Hacking

ACRONIS CYBER INFRASTRUCTURE BUG ACTIVELY EXPLOITED IN THE WILD

Acronis warns of a critical vulnerability in its Acronis Cyber Infrastructure
(ACI) solution that is being actively exploited in the wild. Acronis is warning
of a critical vulnerability, tracked ...

Pierluigi Paganini July 29, 2024
Hacking

FAKE FALCON CRASH REPORTER INSTALLER USED TO TARGET GERMAN CROWDSTRIKE USERS

CrowdStrike warns about a new threat actor targeting German customers by
exploiting a recent issue with Falcon Sensor updates. On July 24, 2024,
CrowdStrike experts identified a spear-phishing ca ...

Pierluigi Paganini July 29, 2024
Intelligence

BELARUS-LINKED APT GHOSTWRITER TARGETED UKRAINE WITH PICASSOLOADER MALWARE

Belarus-linked APT group GhostWriter targeted Ukrainian organizations with a
malware family known as PicassoLoader, used to deliver various malicious
payloads. The Ukrainian Government's Computer ...

Pierluigi Paganini July 29, 2024
Cyber Crime

FRENCH AUTHORITIES LAUNCH DISINFECTION OPERATION TO ERADICATE PLUGX MALWARE FROM
INFECTED HOSTS

French authorities and Europol are conducting a "disinfection operation"
targeting hosts compromised by the PlugX malware. The French authorities, with
the help of Europol, have launched on July ...

Pierluigi Paganini July 28, 2024
Breaking News

SECURITY AFFAIRS MALWARE NEWSLETTER - ROUND 4

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Play Ransomware Group’s
New Linux Variant Targets ESXi, Sho ...

Pierluigi Paganini July 28, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 482 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini July 28, 2024
Cyber warfare

UKRAINE'S CYBER OPERATION SHUT DOWN THE ATM SERVICES OF MAJOR RUSSIAN BANKS

Ukraine launched a massive cyber operation that shut down the ATM services of
the biggest Russian banks on July 27, reported the Kyiv Post. Ukraine has
launched a massive cyberattack against ATMs ...

Pierluigi Paganini July 27, 2024
Security

A BUG IN CHROME PASSWORD MANAGER CAUSED USER CREDENTIALS TO DISAPPEAR

Google addressed a Chrome's Password Manager bug that caused user credentials to
disappear temporarily for more than 18 hours. Google has addressed a bug in
Chrome's Password Manager that caused u ...

Pierluigi Paganini July 26, 2024
Security

BIND UPDATES FIX FOUR HIGH-SEVERITY DOS BUGS IN THE DNS SOFTWARE SUITE

The Internet Systems Consortium (ISC) released BIND security updates that fixed
several remotely exploitable DoS bugs in the DNS software suite. The Internet
Systems Consortium (ISC) released secu ...

Pierluigi Paganini July 26, 2024
Breaking News

TERRORIST ACTIVITY IS ACCELERATING IN CYBERSPACE - RISK PRECURSOR TO SUMMER
OLYMPICS AND ELECTIONS

Terrorist groups are increasingly using cyberspace and digital communication
channels to plan and execute attacks. Yesterday Federal Bureau of Investigation
(FBI) Director Christopher Wray express ...

Pierluigi Paganini July 26, 2024
Security

PROGRESS SOFTWARE FIXED CRITICAL RCE CVE-2024-6327 IN THE TELERIK REPORT SERVER

Progress Software addressed a critical remote code execution vulnerability,
tracked as CVE-2024-6327, in the Telerik Report Server. Telerik Report Server is
a web-based application designed for c ...

Pierluigi Paganini July 25, 2024
Hacking

CRITICAL BUG IN DOCKER ENGINE ALLOWED ATTACKERS TO BYPASS AUTHORIZATION PLUGINS

A critical flaw in some versions of Docker Engine can be exploited to bypass
authorization plugins (AuthZ) under specific circumstances. A vulnerability,
tracked as CVE-2024-41110 (CVSS score ...

Pierluigi Paganini July 25, 2024
Security

HACKERS EXPLOIT MICROSOFT DEFENDER SMARTSCREEN BUG CVE-2024-21412 TO DELIVER
ACR, LUMMA, AND MEDUZA STEALERS

The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited
to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet
FortiGuard Labs researchers obse ...

Pierluigi Paganini July 25, 2024
Cyber Crime

MICHIGAN MEDICINE DATA BREACH IMPACTED 56953 PATIENTS

A cyber attack against Michigan Medicine resulted in the compromise of the
personal and health information of approximately 57,000 patients. The academic
medical center of the University of Michig ...

Pierluigi Paganini July 25, 2024
Breaking News

U.S. CISA ADDS MICROSOFT INTERNET EXPLORER AND TWILIO AUTHY BUGS TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft
Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Infra ...

Pierluigi Paganini July 24, 2024
APT

CHINA-LINKED APT GROUP USES NEW MACMA MACOS BACKDOOR VERSION

China-linked APT group Daggerfly (aka Evasive Panda, Bronze Highland) Evasive
Panda has been spotted using an updated version of the macOS backdoor Macma. The
China-linked APT group Daggerfly (a ...

Pierluigi Paganini July 24, 2024
Malware

FROSTYGOOP ICS MALWARE TARGETS UKRAINE

In April 2024, Dragos researchers spotted the malware FrostyGoop that interacts
with Industrial Control Systems (ICS) using the Modbus protocol. In April 2024,
Dragos researchers discovered a new ...

Pierluigi Paganini July 23, 2024
Malware

HACKERS ABUSED SWAP FILES IN E-SKIMMING ATTACKS ON MAGENTO SITES

Threat actors abused swap files in compromised Magento websites to hide credit
card skimmer and harvest payment information. Security researchers from Sucuri
observed threat actors using swap fil ...

Pierluigi Paganini July 23, 2024
Hacktivism

US GOV SANCTIONED KEY MEMBERS OF THE CYBER ARMY OF RUSSIA REBORN HACKTIVISTS
GROUP

The US government sanctioned two Russian hacktivists for their cyberattacks
targeting critical infrastructure, including breaches of water facilities. The
United States sanctioned Russian hacktivi ...

Pierluigi Paganini July 23, 2024
Hacking

EVILVIDEO, A TELEGRAM ANDROID ZERO-DAY ALLOWED SENDING MALICIOUS APKS DISGUISED
AS VIDEOS

EvilVideo is a zero-day in the Telegram App for Android that allowed attackers
to send malicious APK payloads disguised as videos. ESET researchers discovered
a zero-day exploit named EvilVideo th ...

Pierluigi Paganini July 22, 2024
Malware

SOCGHOLISH MALWARE USED TO SPREAD ASYNCRAT MALWARE

The JavaScript downloader SocGholish (aka FakeUpdates) is being used to deliver
the AsyncRAT and the legitimate open-source project BOINC. Huntress researchers
observed the JavaScript downloader m ...

Pierluigi Paganini July 22, 2024
Cyber Crime

UK POLICE ARRESTED A 17-YEAR-OLD LINKED TO THE SCATTERED SPIDER GANG

Law enforcement arrested a 17-year-old boy from Walsall, U.K., for suspected
involvement in the Scattered Spider cybercrime syndicate. Law enforcement in the
U.K. arrested a 17-year-old teenager f ...

Pierluigi Paganini July 22, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER - ROUND 3

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Hardening of HardBit   
10,000 Victims a Da ...

Pierluigi Paganini July 21, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 481 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini July 21, 2024
Hacking

U.S. CISA ADDS ADOBE COMMERCE AND MAGENTO, SOLARWINDS SERV-U, AND VMWARE VCENTER
SERVER BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Commerce
and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known
Exploited Vulnerabilities catalog. The ...

Pierluigi Paganini July 21, 2024
Malware

THREAT ACTORS ATTEMPTED TO CAPITALIZE CROWDSTRIKE INCIDENT

CrowdStrike warns that threat actors are exploiting the recent IT outage caused
by their faulty update to distribute Remcos RAT malware. CrowdStrike spotted
threat actors attempting to benefit fr ...

Pierluigi Paganini July 20, 2024
Cyber Crime

RUSSIAN NATIONALS PLEAD GUILTY TO PARTICIPATING IN THE LOCKBIT RANSOMWARE GROUP

Two Russian nationals pleaded guilty to participating in the LockBit ransomware
group and carrying out attacks against victims worldwide. Two foreign nationals,
Ruslan Magomedovich Astamirov and M ...

Pierluigi Paganini July 20, 2024
Security

MEDISECURE DATA BREACH IMPACTED 12.9 MILLION INDIVIDUALS

Personal and health information of 12.9 million individuals was exposed in a
ransomware attack on Australian digital prescription services provider
MediSecure. MediSecure is a company that provide ...

Pierluigi Paganini July 19, 2024
Security

CROWDSTRIKE UPDATE EPIC FAIL CRASHED WINDOWS SYSTEMS WORLDWIDE

Windows machines worldwide displayed BSoD screen following a faulty update
pushed out by cybersecurity firm CrowdStrike. A faulty update released by
CrowdStrike Falcon is causing Windows systems t ...

Pierluigi Paganini July 19, 2024
Security

CISCO FIXED A CRITICAL FLAW IN SECURITY EMAIL GATEWAY THAT COULD ALLOW ATTACKERS
TO ADD ROOT USERS

Cisco has addressed a critical vulnerability that could allow attackers to add
new root users to Security Email Gateway (SEG) appliances. Cisco fixed a
critical vulnerability, tracked as CVE-2024- ...

Pierluigi Paganini July 19, 2024
Hacking

SAPWNED FLAWS IN SAP AI CORE COULD EXPOSE CUSTOMERS' DATA

Researchers discovered security flaws in SAP AI Core cloud-based platform that
could expose customers' data. Cybersecurity researchers at Wiz uncovered five
security flaws, collectively tracked ...

Pierluigi Paganini July 18, 2024
Cyber Crime

CYBERCRIME GROUP FIN7 ADVERTISES NEW EDR BYPASS TOOL ON HACKING FORUMS

The cybercrime group FIN7 is advertising a security evasion tool in multiple
underground forums, cybersecurity company SentinelOne warns. SentinelOne
researchers warn that the financially motivat ...

Pierluigi Paganini July 18, 2024
Security

HOW TO PROTECT PRIVACY AND BUILD SECURE AI PRODUCTS

AI systems are transforming technology and driving innovation across industries.
How to protect privacy and build secure AI products? How to Protect Privacy and
Build Secure AI Products AI syst ...

Pierluigi Paganini July 18, 2024
Security

A CRITICAL FLAW IN CISCO SSM ON-PREM ALLOWS ATTACKERS TO CHANGE ANY USER'S
PASSWORD

A vulnerability in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem)
license servers allows threat actors to change any user's password. Cisco has
addressed a critical vulnerability, tracke ...

Pierluigi Paganini July 17, 2024
Data Breach

MARINEMAX DATA BREACH IMPACTED OVER 123,000 INDIVIDUALS

The world's largest recreational boat and yacht retailer MarineMax, disclosed a
data breach following a cyber attack. The world's largest recreational boat and
yacht retailer MarineMax disclosed a ...

Pierluigi Paganini July 17, 2024
APT

VOID BANSHEE EXPLOITS CVE-2024-38112 ZERO-DAY TO SPREAD MALWARE

Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute
code via the disabled Internet Explorer. An APT group tracked as Void Banshee
was spotted exploiting the Windows zer ...

Pierluigi Paganini July 17, 2024
Cyber Crime

THE OCTO TEMPEST GROUP ADDS RANSOMHUB AND QILIN RANSOMWARE TO ITS ARSENAL

Microsoft said that in Q2 2024, the Octo Tempest cybercrime gang added RansomHub
and Qilin ransomware to its arsenal. In the second quarter of 2024, financially
motivated threat actor Octo Tempest ...

Pierluigi Paganini July 17, 2024
Security

CISA ADDS OSGEO GEOSERVER GEOTOOLS BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo
GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security ...

Pierluigi Paganini July 16, 2024
Breaking News

KASPERSKY LEAVES U.S. MARKET FOLLOWING THE BAN ON THE SALE OF ITS SOFTWARE IN
THE COUNTRY

Kaspersky is leaving the U.S. market following the recent ban on the sales of
its software imposed by the Commerce Department. Russian cybersecurity firm
Kaspersky announced its exit from the U.S. ...

Pierluigi Paganini July 16, 2024
Mobile

FBI UNLOCKED THE PHONE OF THE SUSPECT IN THE ASSASSINATION ATTEMPT ON DONALD
TRUMP

The FBI gained access to the password-protected phone of the suspect in the
assassination attempt on Donald Trump. The independent website 404 Media first
reported that the FBI had successfully ac ...

Pierluigi Paganini July 16, 2024
Malware

RANSOMWARE GROUPS TARGET VEEAM BACKUP & REPLICATION BUG

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as
CVE-2023-27532, in Veeam Backup & Replication. The vulnerability CVE-2023-275327
(CVSS score of 7.5) impacts the ...

Pierluigi Paganini July 15, 2024
Cyber Crime

AT&T PAID A $370,000 RANSOM TO PREVENT STOLEN DATA FROM BEING LEAKED

Wired attributes the recently disclosed AT&T data breach to a hacker living in
Turkey and reported the company paid a $370,000 ransom. An American hacker who
lives in Turkey claimed responsibi ...

Pierluigi Paganini July 15, 2024
Malware

HARDBIT RANSOMWARE VERSION 4.0 SUPPORTS NEW OBFUSCATION TECHNIQUES

Cybersecurity researchers detailed a new version of the HardBit ransomware that
supports new obfuscation techniques to avoid detection. The new version (version
4.0) of the HardBit ransomware come ...

Pierluigi Paganini July 15, 2024
Malware

DARK GATE MALWARE CAMPAIGN USES SAMBA FILE SHARES

A Dark Gate malware campaign from March-April 2024 demonstrates how attackers
exploit legitimate tools and services to distribute malware. Palo Alto Networks
Unit 42 researchers shared details abo ...

Pierluigi Paganini July 15, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER - ROUND 2

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. New Android Spyware
Steals Data from Gamers and TikTok Users& ...

Pierluigi Paganini July 14, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 480 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini July 14, 2024
Cyber Crime

VYACHESLAV IGOREVICH PENCHUKOV WAS SENTENCED TO PRISON FOR HIS ROLE IN ZEUS AND
ICEDID OPERATIONS

Ukrainian national Vyacheslav Igorevich Penchukov was sentenced to prison for
his role in Zeus and IcedID malware operations. The U.S. DoJ sentenced the
Ukrainian national Vyacheslav Igorevich Pen ...

Pierluigi Paganini July 13, 2024
Data Breach

RITE AID DISCLOSED DATA BREACH FOLLOWING RANSOMHUB RANSOMWARE ATTACK

The American drugstore chain Rite Aid Corporation disclosed a data breach
following the cyber attack that hit the company in June. The American drugstore
chain giant Rite Aid suffered a data breac ...

Pierluigi Paganini July 13, 2024
Data Breach

NEW AT&T DATA BREACH EXPOSED CALL LOGS OF ALMOST ALL CUSTOMERS

AT&T disclosed a new data breach that exposed phone call and text message
records for approximately 110 million people. AT&T suffered a massive data
breach, attackers stole the call logs f ...

Pierluigi Paganini July 12, 2024
Hacking

CRITICAL FLAW IN EXIM MTA COULD ALLOW TO DELIVER MALWARE TO USERS' INBOXES

A critical vulnerability in Exim mail server allows attackers to deliver
malicious executable attachments to mailboxes. Attackers can exploit a critical
security flaw, tracked as CVE-2024-39929 (C ...

Pierluigi Paganini July 12, 2024
Security

PALO ALTO NETWORKS FIXED A CRITICAL BUG IN THE EXPEDITION TOOL

Palo Alto Networks addressed five vulnerabilities impacting its products,
including a critical authentication bypass issue. Palo Alto Networks released
security updates to address five security ...

Pierluigi Paganini July 12, 2024
Cyber Crime

SMISHING TRIAD IS TARGETING INDIA TO STEAL PERSONAL AND PAYMENT DATA AT SCALE

Resecurity has identified a new campaign by the Smishing Triad that is targeting
India to steal personal and payment data at scale Resecurity (USA) identified a
new campaign targeting India Post ( ...

Pierluigi Paganini July 12, 2024
Cyber Crime

OCTOBER RANSOMWARE ATTACK ON DALLAS COUNTY IMPACTED OVER 200,000 PEOPLE

The ransomware attack that hit Dallas County in October 2023 has impacted more
than 200,000 individuals exposing their personal information. In October 2023
the Play ransomware group hit Dallas Co ...

Pierluigi Paganini July 12, 2024
Cyber Crime

CRYSTALRAY OPERATIONS HAVE SCALED 10X TO OVER 1,500 VICTIMS

A threat actor known as CrystalRay targeted 1,500 victims since February using
tools like SSH-Snake and various open-source utilities. The Sysdig Threat
Research Team (TRT) first spotted the thr ...

Pierluigi Paganini July 11, 2024
Hacking

MULTIPLE THREAT ACTORS EXPLOIT PHP FLAW CVE-2024-4577 TO DELIVER MALWARE

Multiple threat actors exploit a recently disclosed security PHP flaw
CVE-2024-4577 to deliver multiple malware families. The Akamai Security
Intelligence Response Team (SIRT) warns that multiple ...

Pierluigi Paganini July 11, 2024
Security

AI-POWERED RUSSIA'S BOT FARM OPERATES ON X, US AND ITS ALLIES WARN

The US and its allies disrupted an AI-powered Russia-linked bot farm on the
social media platform X relying on the Meliorator AI software. The U.S. FBI and
Cyber National Mission Force, along with ...

Pierluigi Paganini July 11, 2024
Security

VMWARE FIXED CRITICAL SQL-INJECTION IN ARIA AUTOMATION PRODUCT

VMware addressed a critical SQL-Injection vulnerability, tracked as
CVE-2024-22280, impacting Aria Automation. Virtualization giant VMware addressed
a high-severity SQL-injection vulnerability, tr ...

Pierluigi Paganini July 11, 2024
Security

CITRIX FIXED CRITICAL AND HIGH-SEVERITY BUGS IN NETSCALER PRODUCT

IT giant Citrix addressed multiple vulnerabilities, including critical and
high-severity issues in its NetScaler product. Citrix released security updates
to address critical and high-severity iss ...

Pierluigi Paganini July 10, 2024
Hacking

A NEW FLAW IN OPENSSH CAN LEAD TO REMOTE CODE EXECUTION

A vulnerability affects some versions of the OpenSSH secure networking suite, it
can potentially lead to remote code execution. The vulnerability CVE-2024-6409
(CVSS score: 7.0) impacts select ver ...

Pierluigi Paganini July 10, 2024
Security

MICROSOFT PATCH TUESDAY FOR JULY 2024 FIXED 2 ACTIVELY EXPLOITED ZERO-DAYS

Microsoft Patch Tuesday security updates for July 2024 addressed 139 flaws,
including two actively exploited zero-days. Microsoft Patch Tuesday security
updates for July 2024 addressed 139 vulnera ...

Pierluigi Paganini July 10, 2024
Security

U.S. CISA ADDS MICROSOFT WINDOWS AND REJETTO HTTP FILE SERVER BUGS TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft
Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Inf ...

Pierluigi Paganini July 10, 2024
Cyber Crime

EVOLVE BANK DATA BREACH IMPACTED OVER 7.6 MILLION INDIVIDUALS

The Lockbit ransomware attack on Evolve Bank has compromised the personal
information of over 7.6 million individuals. At the end of June, the LockBit
gang announced that it had breached ...

Pierluigi Paganini July 09, 2024
Data Breach

MORE THAN 31 MILLION CUSTOMER EMAIL ADDRESSES EXPOSED FOLLOWING NEIMAN MARCUS
DATA BREACH

The recent data breach suffered by the American luxury department store chain
Neiman Marcus has exposed more than 31 million customer email addresses. In May
2024, the American luxury retailer and ...

Pierluigi Paganini July 09, 2024
Malware

AVAST RELEASED A DECRYPTOR FOR DONEX RANSOMWARE AND ITS PREDECESSORS

Avast developed and released a decryptor for the DoNex ransomware family that
allows victims to recover their files for free. Avast researchers identified a
cryptographic flaw in the DoNex ransomw ...

Pierluigi Paganini July 09, 2024
Data Breach

ROCKYOU2024 COMPILATION CONTAINING 10 BILLION PASSWORDS WAS LEAKED ONLINE

Threat actors leaked the largest password compilation ever, known as
RockYou2024, on a popular hacking forum. The Cybernews researchers reported that
threat actors leaked the largest password comp ...

Pierluigi Paganini July 08, 2024
Hacking

CRITICAL GHOSTSCRIPT FLAW EXPLOITED IN THE WILD. PATCH IT NOW!

Threat actors are exploiting Ghostscript vulnerability CVE-2024-29510 to bypass
the sandbox and achieve remote code execution. Threat actors are actively
exploiting a Ghostscript vulnerability, tr ...

Pierluigi Paganini July 08, 2024
Hacking

APPLE REMOVED 25 VPN APPS FROM THE APP STORE IN RUSSIA FOLLOWING MOSCOW'S
REQUESTS

Apple removed several virtual private network (VPN) apps from its App Store in
Russia following a request from the Russian Government. Russia is tightening its
citizens' control over Internet acce ...

Pierluigi Paganini July 08, 2024
Security

CISA ADDS CISCO NX-OS COMMAND INJECTION BUG TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco NX-OS
Command Injection bug to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Securi ...

Pierluigi Paganini July 08, 2024
Security

APACHE FIXED A SOURCE CODE DISCLOSURE FLAW IN APACHE HTTP SERVER

The Apache Foundation addressed a critical source code disclosure vulnerability,
tracked as CVE-2024-39884, in the HTTP Server. The Apache Software Foundation
has addressed multiple vulnerabiliti ...

Pierluigi Paganini July 07, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER - ROUND 1

Today marks the launch of the Security Affairs newsletter, specializing in
Malware. This newsletter complements the weekly one you already receive. Each
week, it will feature a collection of the best ...

Pierluigi Paganini July 07, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 479 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini July 07, 2024
Uncategorized

ALABAMA STATE DEPARTMENT OF EDUCATION SUFFERED A DATA BREACH FOLLOWING A BLOCKED
ATTACK

Alabama’s education superintendent disclosed a data breach following a hacking
attempt on the Alabama State Department of Education. The Alabama State
Department of Education announced it had th ...

Pierluigi Paganini July 07, 2024
Malware

GOOTLOADER IS STILL ACTIVE AND EFFICIENT

Researchers warn that the malware GootLoader is still active and threat actors
are still using it in their campaigns. Threat actors continue to use GootLoader
malware in their campaigns, Cybereaso ...

Pierluigi Paganini July 06, 2024
Data Breach

HACKERS STOLE OPENAI SECRETS IN A 2023 SECURITY BREACH

The New York Times revealed that OpenAI suffered a security breach in 2023, but
the company says source code and customer data were not compromised. OpenAI
suffered a security breach in 2023, the ...

Pierluigi Paganini July 06, 2024
Data Breach

HACKERS LEAK 170K TAYLOR SWIFT’S ERAS TOUR BARCODES

The threat actor Sp1d3rHunters leaked valid Taylor Swift ’s ERAS Tour barcodes
threatening to leak more data and blackmailing Ticketmaster. A threat actor that
goes online with the moniker Sp1d3 ...

Pierluigi Paganini July 05, 2024
Hacking

POLYFILL.IO SUPPLY CHAIN ATTACK: 384,773 HOSTS STILL EMBEDDING A POLYFILL JS
SCRIPT LINKING TO THE MALICIOUS DOMAIN

Cybersecurity company Censys has identified over 380,000 hosts that are still
referencing the malicious polyfill.io domain. Censys reported that over 380,000
internet-exposed hosts are still refer ...

Pierluigi Paganini July 05, 2024
Cyber Crime

NEW GOLANG-BASED ZERGECA BOTNET APPEARED IN THE THREAT LANDSCAPE

Researchers uncovered a new Golang-based botnet called Zergeca that can carry
out distributed denial-of-service (DDoS) attacks. Researchers at the QiAnXin
XLab team uncovered a new Golang-based bo ...

Pierluigi Paganini July 05, 2024
ICS-SCADA

MICROSOFT DISCLOSES 2 FLAWS IN ROCKWELL AUTOMATION PANELVIEW PLUS

Microsoft discovered two flaws in Rockwell Automation PanelView Plus that
remote, unauthenticated attackers could exploit. Microsoft responsibly disclosed
two vulnerabilities in Rockwell Automatio ...

Pierluigi Paganini July 05, 2024
Hacking

HACKERS COMPROMISED ETHEREUM MAILING LIST AND LAUNCHED A CRYPTO DRAINING ATTACK

Hackers compromised Ethereum 's mailing list provider and sent phishing messages
to the members attempting to drain their crypto funds. Hackers compromised
Ethereum's mailing list provider and on ...

Pierluigi Paganini July 05, 2024
Cyber Crime

OVHCLOUD MITIGATED A RECORD-BREAKING DDOS ATTACK IN APRIL 2024

OVHcloud successfully mitigated a record-breaking DDoS attack in April, which
reached 840 million packets per second (Mpps). The cloud services provider
OVHcloud announced it has mitigated a recor ...

Pierluigi Paganini July 04, 2024
Data Breach

HEALTHCARE FINTECH FIRM HEALTHEQUITY DISCLOSED A DATA BREACH

Healthcare firm HealthEquity disclosed a data breach caused by a partner's
compromised account that exposed protected health information. Healthcare
fintech firm HealthEquity disclosed a data brea ...

Pierluigi Paganini July 04, 2024
Social Networks

BRAZIL DATA PROTECTION AUTHORITY BANS META FROM TRAINING AI MODELS WITH DATA
ORIGINATING IN THE COUNTRY

Brazil’s data protection authority temporarily banned Meta from using data
originating in the country to train its artificial intelligence. Brazil's data
protection authority, Autoridade Naciona ...

Pierluigi Paganini July 04, 2024
Security

SPLUNK FIXED TENS OF FLAWS IN SPLUNK ENTERPRISE AND CLOUD PLATFORM

Technology company Splunk released security updates to address 16
vulnerabilities in Splunk Enterprise and Cloud Platform. Technology company
Splunk addressed 16 vulnerabilities in Splunk Enterpri ...

Pierluigi Paganini July 04, 2024
Cyber Crime

OPERATION MORPHEUS TOOK DOWN 593 COBALT STRIKE SERVERS USED BY THREAT ACTORS

An international law enforcement operation code-named Operation Morpheus led to
the takedown of 593 Cobalt Strike servers used by crooks. An international law
enforcement operation, code-named Ope ...

Pierluigi Paganini July 03, 2024
Cyber Crime

LOCKBIT GROUP CLAIMS THE HACK OF THE FAIRFIELD MEMORIAL HOSPITAL IN THE US

The LockBit ransomware group breached another hospital in the United States, the
victim is the Fairfield Memorial Hospital in Illinois. It has happened again,
another US healthcare organization su ...

Pierluigi Paganini July 03, 2024
Hacking

AMERICAN PATELCO CREDIT UNION SUFFERED A RANSOMWARE ATTACK

The American credit union Patelco Credit Union shut down several of its banking
systems to contain a ransomware attack. Patelco Credit Union is a member-owned,
not-for-profit credit union that se ...

Pierluigi Paganini July 03, 2024
Intelligence

POLISH GOVERNMENT INVESTIGATES RUSSIA-LINKED CYBERATTACK ON STATE NEWS AGENCY

The Polish government is investigating a potential connection between Russia and
a cyberattack on the country’s state news agency. The Polish government is
investigating a suspected link between ...

Pierluigi Paganini July 03, 2024
Cyber Crime

EVOLVE BANK DATA BREACH IMPACTED FINTECH FIRMS WISE AND AFFIRM

Fintech firms Wise and Affirm confirmed they were both impacted by the recent
data breach suffered by Evolve Bank. Fintech companies Wise and Affirm have
confirmed that they were both affected by ...

Pierluigi Paganini July 02, 2024
Data Breach

PRUDENTIAL FINANCIAL DATA BREACH IMPACTED OVER 2.5 MILLION INDIVIDUALS

Prudential Financial confirmed that more than 2.5 million individuals were
affected by the data breach it suffered in February 2024. The insurance company
Prudential Financial confirmed that the d ...

Pierluigi Paganini July 02, 2024
Cyber Crime

AUSTRALIAN MAN CHARGED FOR EVIL TWIN WI-FI ATTACKS ON DOMESTIC FLIGHTS

An Australian man has been charged with carrying out 'Evil Twin' Wi-Fi attack
during a domestic flight to steal user credentials and data. An Evil Twin Wi-Fi
attack is a type of cyberattack where ...

Pierluigi Paganini July 02, 2024
APT

CHINA-LINKED APT EXPLOITED CISCO NX-OS ZERO-DAY TO DEPLOY CUSTOM MALWARE

Cisco fixed an actively exploited NX-OS zero-day, the flaw was exploited to
install previously unknown malware as root on vulnerable switches. Cisco
addressed an NX-OS zero-day, tracked as CVE-202 ...

Pierluigi Paganini July 02, 2024
Security

CRITICAL UNAUTHENTICATED REMOTE CODE EXECUTION FLAW IN OPENSSH SERVER

A critical flaw in the OpenSSH server can be exploited to achieve
unauthenticated remote code execution with root privileges in glibc-based Linux
systems. OpenSSH maintainers addressed a critical ...

Pierluigi Paganini July 01, 2024
Cyber Crime

MONTI GANG CLAIMS THE HACK OF THE WAYNE MEMORIAL HOSPITAL IN PENNSYLVANIA

Wayne Memorial Hospital in Pennsylvania was the victim of a cyber attack, Monti
gang claimed to have hacked the healthcare infrastructure. Another critical
infrastructure healthcare suffered a sec ...

Pierluigi Paganini July 01, 2024
Hacking

THREAT ACTORS ACTIVELY EXPLOIT D-LINK DIR-859 ROUTER FLAW CVE-2024-0769

Experts spotted threat actors exploiting the critical vulnerability
CVE-2024-0769 affects all D-Link DIR-859 WiFi routers. Researchers from
cybersecurity firm GreyNoise have spotted exploitation a ...

Pierluigi Paganini July 01, 2024
Hacking

RUSSIA-LINKED MIDNIGHT BLIZZARD STOLE EMAIL OF MORE MICROSOFT CUSTOMERS

Microsoft warned more customers about email theft linked to the previously
reported Midnight Blizzard hacking campaign. The Russia-linked cyberespionage
group Midnight Blizzard continues to target ...

Pierluigi Paganini June 30, 2024
Hacking

RUSSIA-LINKED GROUP APT29 LIKELY BREACHED TEAMVIEWER'S CORPORATE NETWORK

Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of
TeamViewer 's corporate network. TeamViewer discovered that a threat actor has
breached its corporate network and som ...

Pierluigi Paganini June 30, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 478 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini June 30, 2024
Data Breach

INFOSYS MCCAMISH SYSTEMS DATA BREACH IMPACTED OVER 6 MILLION PEOPLE

Infosys McCamish Systems (IMS) revealed that the 2023 data breach following the
LockBit ransomware attack impacted 6 million individuals. IMS specializes in
providing business process outsourcing ...

Pierluigi Paganini June 29, 2024
Hacking

A CYBERATTACK SHUT DOWN THE UNIVERSITY HOSPITAL CENTRE ZAGREB IN CROATIA

A cyber attack started targeting the University Hospital Centre Zagreb (KBC
Zagreb) on Wednesday night, reported the Croatian Radiotelevision. A cyber
attack began targeting the University Hospita ...

Pierluigi Paganini June 28, 2024
Hacking

US ANNOUNCES A $10M REWARD FOR RUSSIA'S GRU HACKER BEHIND ATTACKS ON UKRAINE

The US DoJ announced charges against a member of Russia's military intelligence
service GRU for conducting wiper attacks on Ukraine in 2022. The US Department
of Justice (DoJ) announced charges ag ...

Pierluigi Paganini June 28, 2024
Cyber Crime

LOCKBIT GROUP FALSELY CLAIMED THE HACK OF THE FEDERAL RESERVE

The LockBit ransomware group seems to have lied when they announced the hack of
the US Federal Reserve. The real victim is the Evolve Bank. The LockBit
ransomware group hasn't hacked the Federal R ...

Pierluigi Paganini June 27, 2024
Security

CISA ADDS GEOSOLUTIONSGROUP JAI-EXT, LINUX KERNEL, AND ROUNDCUBE WEBMAIL BUGS TO
ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds
GeoSolutionsGroup JAI-EXT, Linux Kernel, and Roundcube Webmail bugs to its Known
Exploited Vulnerabilities catalog. The U.S. Cyber ...

Pierluigi Paganini June 27, 2024
Malware

NEW P2PINFECT VERSION DELIVERS MINERS AND RANSOMWARE ON REDIS SERVERS

Researchers warn that the P2Pinfect worm is targeting Redis servers with
ransomware and cryptocurrency mining payloads. Cado Security researchers warned
that the P2Pinfect worm is employed in atta ...

Pierluigi Paganini June 27, 2024
Hacking

NEW MOVEIT TRANSFER CRITICAL BUG IS ACTIVELY EXPLOITED

Experts warn of active exploitation of a critical authentication bypass
vulnerability in MOVEit Transfer file transfer software. Progress Software
addressed two critical authentication bypass vuln ...

Pierluigi Paganini June 26, 2024
Malware

NEW CAESAR CIPHER SKIMMER TARGETS POPULAR CMS USED BY E-STORES

A new e-skimmer called Caesar Cipher Skimmer is used to compromise multiple CMS,
including WordPress, Magento, and OpenCart. Sucuri researchers discovered a new
e-skimmer, called Caesar Cipher Ski ...

Pierluigi Paganini June 26, 2024
Cyber Crime

MIRAI-LIKE BOTNET IS EXPLOITING RECENTLY DISCLOSED ZYXEL NAS FLAW

Researchers warn that a Mirai-based botnet is exploiting a recently disclosed
critical vulnerability in EoL Zyxel NAS devices. Researchers at the Shadowserver
Foundation warn that a Mirai-based bo ...

Pierluigi Paganini June 25, 2024
Security

WIKILEAKS FOUNDER JULIAN ASSANGE IS FREE

WikiLeaks founder Julian Assange has been released in the U.K. and has left the
country after five years in Belmarsh prison. Julian Assange is free after five
years in Belmarsh prison, the WikiLe ...

Pierluigi Paganini June 25, 2024
Data Breach

CISA CONFIRMED THAT ITS CSAT ENVIRONMENT WAS BREACHED IN JANUARY.

CISA warned chemical facilities that its Chemical Security Assessment Tool
(CSAT) environment was compromised in January. CISA warns chemical facilities
that its Chemical Security Assessment Tool ...

Pierluigi Paganini June 25, 2024
Cyber Crime

THREAT ACTORS COMPROMISED 1,590 COINSTATS CRYPTO WALLETS

Threat actors breached 1,590 cryptocurrency wallets of the cryptocurrency
portfolio management and tracking platform CoinStats. The cryptocurrency
portfolio management and tracking platform CoinSt ...

Pierluigi Paganini June 24, 2024
Breaking News

EXPERTS OBSERVED APPROXIMATELY 120 MALICIOUS CAMPAIGNS USING THE RAFEL RAT

Multiple threat actors are using an open-source Android remote administration
tool called Rafel RAT to target Android Devices. Check Point Research identified
multiple threat actors using Rafel, ...

Pierluigi Paganini June 24, 2024
Cyber Crime

LOCKBIT CLAIMS THE HACK OF THE US FEDERAL RESERVE

The Lockbit ransomware group announced that it had breached the US Federal
Reserve and exfiltrated 33 TB of sensitive data. The Lockbit ransomware group
announced that it had breached the systems ...

Pierluigi Paganini June 24, 2024
Cyber Crime

RANSOMWARE THREAT LANDSCAPE JAN-APR 2024: INSIGHTS AND CHALLENGES

Between Jan and Apr 2024, the global ransomware landscape witnessed significant
activity, with 1420 ransomware claims reported worldwide. In the first four
months of 2024, the global ransomware la ...

Pierluigi Paganini June 24, 2024
Breaking News

EXCOBALT CYBERCRIME GROUP TARGETS RUSSIAN ORGANIZATIONS IN MULTIPLE SECTORS

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors
with a previously unknown backdoor known as GoRed. Positive Technologies
researchers reported that a cybercrime gan ...

Pierluigi Paganini June 24, 2024
Cyber Crime

THREAT ACTOR ATTEMPTS TO SELL 30 MILLION CUSTOMER RECORDS ALLEGEDLY STOLEN FROM
TEG

A threat actor is offering for sale customer data allegedly stolen from the
Australia-based live events and ticketing company TEG. TEG (Ticketek
Entertainment Group) is an Australian company that ...

Pierluigi Paganini June 23, 2024
Security

SECURITY AFFAIRS NEWSLETTER ROUND 477 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini June 23, 2024
Hacking

THREAT ACTORS ARE ACTIVELY EXPLOITING SOLARWINDS SERV-U BUG CVE-2024-28995

Threat actors are actively exploiting a recently discovered vulnerability in
SolarWinds Serv-U software using publicly available proof-of-concept (PoC) code.
Threat actors are actively exploiting ...

Pierluigi Paganini June 23, 2024
Security

US GOVERNMENT SANCTIONS TWELVE KASPERSKY LAB EXECUTIVES

The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned
twelve Kaspersky Lab executives for their role in the Russian company. The
Treasury Department's Office of Foreign Ass ...

Pierluigi Paganini June 22, 2024
Cyber Crime

EXPERTS FOUND A BUG IN THE LINUX VERSION OF RANSOMHUB RANSOMWARE

The RansomHub ransomware operators added a Linux encryptor to their arsenal, the
version targets VMware ESXi environments. RansomHub ransomware operation relies
on a new Linux version of the encry ...

Pierluigi Paganini June 22, 2024
Hacking

UEFICANHAZBUFFEROVERFLOW FLAW IN PHOENIX SECURECORE UEFI FIRMWARE POTENTIALLY
IMPACTS HUNDREDS OF PC AND SERVER MODELS

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware
potentially impacts hundreds of PC and server models. Firmware security firm
Eclypsium discovered a vulnerability, ...

Pierluigi Paganini June 21, 2024
APT

RUSSIA-LINKED APT NOBELIUM TARGETS FRENCH DIPLOMATIC ENTITIES

French information security agency ANSSI reported that Russia-linked threat
actor Nobelium is behind a series of cyber attacks that targeted French
diplomatic entities. The French information sec ...

Pierluigi Paganini June 21, 2024
Laws and regulations

US BANS SALE OF KASPERSKY PRODUCTS DUE TO RISKS TO NATIONAL SECURITY

The US government announced the ban on selling Kaspersky software due to
security risks from Russia and urged citizens to replace it. The Biden
administration announced it will ban the sale of Kas ...

Pierluigi Paganini June 20, 2024
Security

ATLASSIAN FIXED SIX HIGH-SEVERITY BUGS IN CONFLUENCE DATA CENTER AND SERVER

Australian software company Atlassian addressed multiple high-severity
vulnerabilities in its Confluence, Crucible, and Jira solutions. Atlassian June
2024 Security Bulletin addressed nine high-se ...

Pierluigi Paganini June 20, 2024
APT

CHINA-LINKED SPIES TARGET ASIAN TELCOS SINCE AT LEAST 2021

A China-linked cyber espionage group has compromised telecom operators in an
Asian country since at least 2021. The Symantec Threat Hunter Team reported that
an alleged China-linked APT group has ...

Pierluigi Paganini June 20, 2024
Malware

NEW RUST INFOSTEALER FICKLE STEALER SPREADS THROUGH VARIOUS ATTACK METHODS

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data
Exfiltration A new Rust malware called Fickle Stealer spreads through various
attack methods and steals sensitive information. ...

Pierluigi Paganini June 20, 2024
Hacking

AN UNPATCHED BUG ALLOWS ANYONE TO IMPERSONATE MICROSOFT CORPORATE EMAIL ACCOUNTS

A researcher discovered a flaw that allows attackers to impersonate Microsoft
corporate email accounts and launch phishing attacks. The security researcher
Vsevolod Kokorin (@Slonser) discovered ...

Pierluigi Paganini June 20, 2024
Cyber Crime

SMISHING TRIAD IS TARGETING PAKISTAN TO DEFRAUD BANKING CUSTOMERS AT SCALE

Resecurity researchers warn of a new activity of Smishing Triad, which has
expanded its operations to Pakistan. Resecurity has identified a new activity of
Smishing Triad, which has expanded its o ...

Pierluigi Paganini June 20, 2024
Hacking

ALLEGED RESEARCHERS STOLE $3 MILLION FROM KRAKEN EXCHANGE

Alleged researchers have exploited a zero-day in Kraken crypto exchange to steal
$3 million worth of cryptocurrency. Kraken Chief Security Officer Nick Percoco
revealed that alleged security resea ...

Pierluigi Paganini June 19, 2024
Security

GOOGLE CHROME 126 UPDATE ADDRESSES MULTIPLE HIGH-SEVERITY FLAWS

Google released Chrome 126 update that addresses a high-severity vulnerability
demonstrated at the TyphoonPWN 2024 hacking competition. Google has issued a
Chrome 126 security update, addressing s ...

Pierluigi Paganini June 19, 2024
Data Breach

CHIP MAKER GIANT AMD INVESTIGATES A DATA BREACH

AMD announced an investigation after a threat actor attempted to sell data
allegedly stolen from its systems. AMD has launched an investigation after the
threat actor IntelBroker announced they we ...

Pierluigi Paganini June 19, 2024
Cyber Crime

CRYPTOJACKING CAMPAIGN TARGETS EXPOSED DOCKER APIS

A malware campaign targets publicly exposed Docker API endpoints to deliver
cryptocurrency miners and other payloads. Researchers at Datadog uncovered a new
cryptojacking campaign linked to the at ...

Pierluigi Paganini June 19, 2024
Hacking

VMWARE FIXED RCE AND PRIVILEGE ESCALATION BUGS IN VCENTER SERVER

VMware addressed vCenter Server vulnerabilities that can allow remote code
execution or privilege escalation. VMware addressed multiple vCenter Server
vulnerabilities that remote attackers can exp ...

Pierluigi Paganini June 18, 2024
Laws and regulations

META DELAYS TRAINING ITS AI USING PUBLIC CONTENT SHARED BY EU USERS 

Meta announced it is postponing the training of its large language models using
public content from adult Facebook and Instagram users in the EU. Meta announced
it is delaying the training of its ...

Pierluigi Paganini June 18, 2024
Data Breach

KEYTRONIC CONFIRMS DATA BREACH AFTER RANSOMWARE ATTACK

Printed circuit board assembly (PCBA) manufacturer Keytronic disclosed a data
breach after a ransomware attack. Keytronic has confirmed a data breach after a
ransomware group leaked allegedly sto ...

Pierluigi Paganini June 18, 2024
Cyber Crime

THE FINANCIAL DYNAMICS BEHIND RANSOMWARE ATTACKS

Over the last few years, ransomware attacks have become one of the most
prevalent and expensive forms of cybercrime. Initially, these attacks involved
malicious software that encrypts a victim's ...

Pierluigi Paganini June 18, 2024
Deep Web

EMPIRE MARKET OWNERS CHARGED WITH OPERATING $430M DARK WEB MARKETPLACE

Federal authorities charged two individuals with operating the dark web
marketplace Empire Market that facilitated over $430 million in illegal
transactions. Two men, Thomas Pavey (aka "Dopenugget ...

Pierluigi Paganini June 17, 2024
APT

CHINA-LINKED VELVET ANT USES F5 BIG-IP MALWARE IN CYBER ESPIONAGE CAMPAIGN

Chinese cyberespionage group Velvet Ant was spotted using custom malware to
target F5 BIG-IP appliances to breach target networks. In late 2023, Sygnia
researchers responded to an incident suffere ...

Pierluigi Paganini June 17, 2024
Data Breach

LA COUNTY’S DEPARTMENT OF PUBLIC HEALTH (DPH) DATA BREACH IMPACTED OVER 200,000
INDIVIDUALS

The County of Los Angeles’ Department of Public Health (DPH) disclosed a data
breach that impacted more than 200,000 individuals. The LA County’s Department
of Public Health announced that the ...

Pierluigi Paganini June 17, 2024
Cyber Crime

SPANISH POLICE ARRESTED AN ALLEGED MEMBER OF THE SCATTERED SPIDER GROUP

A joint law enforcement operation led to the arrest of a key member of the
cybercrime group known as Scattered Spider. Spanish police arrested a
22-year-old British national who is suspected of be ...

Pierluigi Paganini June 17, 2024
Security

ONLINE JOB OFFERS, THE RESHIPPING AND MONEY MULE SCAMS

Offers that promise easy earnings can also bring with them a host of scams that
deceive those who are genuinely seeking income opportunities. Often, behind
these enticing offers are pyramid scheme ...

Pierluigi Paganini June 17, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 476 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini June 16, 2024
Security

ASUS FIXED CRITICAL REMOTE AUTHENTICATION BYPASS BUG IN SEVERAL ROUTERS

Taiwanese manufacturer giant ASUS addressed a critical remote authentication
bypass vulnerability impacting several router models. ASUS addresses a critical
remote authentication bypass vulnerabil ...

Pierluigi Paganini June 16, 2024
Cyber Crime

LONDON HOSPITALS CANCELED OVER 800 OPERATIONS IN THE WEEK AFTER SYNNOVIS
RANSOMWARE ATTACK

NHS England confirmed that multiple London hospitals impacted by the ransomware
attack at Synnovis were forced to cancel planned operations. NHS England
confirmed that the recent ransomware attack ...

Pierluigi Paganini June 15, 2024
Laws and regulations

DORA COMPLIANCE STRATEGY FOR BUSINESS LEADERS

In January 2025, European financial and insurance institutions, their business
partners and providers, must comply with DORA. In January 2025, financial and
insurance institutions in Europe and an ...

Pierluigi Paganini June 14, 2024
Security

CISA ADDS ANDROID PIXEL, MICROSOFT WINDOWS, PROGRESS TELERIK REPORT SERVER BUGS
TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel,
Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cyb ...

Pierluigi Paganini June 14, 2024
Hacking

CITY OF CLEVELAND STILL WORKING TO FULLY RESTORE SYSTEMS IMPACTED BY A CYBER
ATTACK

Early this week, the City of Cleveland suffered a cyber attack that impacted
multiple services. The City is working to restore impacted systems. On Monday,
the City of Cleveland announced it was t ...

Pierluigi Paganini June 14, 2024
Security

GOOGLE FIXED AN ACTIVELY EXPLOITED ZERO-DAY IN THE PIXEL FIRMWARE

Google is warning of a security vulnerability impacting its Pixel Firmware that
has been actively exploited in the wild as a zero-day. Google warned of an
elevation of privilege vulnerability, tr ...

Pierluigi Paganini June 13, 2024
Security

MULTIPLE FLAWS IN FORTINET FORTIOS FIXED

Fortinet released security updates to address multiple vulnerabilities in
FortiOS, including a high-severity code execution security issue. Fortinet
addressed multiple vulnerabilities in FortiOS a ...

Pierluigi Paganini June 13, 2024
Hacking

CISA ADDS ARM MALI GPU KERNEL DRIVER, PHP BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mali GPU
Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Securit ...

Pierluigi Paganini June 12, 2024
Breaking News

UKRAINE POLICE ARRESTED A HACKER WHO DEVELOPED A CRYPTER USED BY CONTI AND
LOCKBIT RANSOMWARE OPERATION

The Ukraine cyber police arrested a Russian man for having developed the crypter
component employed in Conti and LockBit ransomware operations. The Ukraine cyber
police arrested a Russian man (2 ...

Pierluigi Paganini June 12, 2024
Security

JETBRAINS FIXED INTELLIJ IDE FLAW EXPOSING GITHUB ACCESS TOKENS

JetBrains warned to fix a critical vulnerability in IntelliJ integrated
development environment (IDE) apps that exposes GitHub access tokens. JetBrains
warned customers to address a critical vulne ...

Pierluigi Paganini June 12, 2024
Security

MICROSOFT PATCH TUESDAY SECURITY UPDATES FOR JUNE 2024 FIXED ONLY ONE CRITICAL
ISSUE

Microsoft Patch Tuesday security updates for June 2024 addressed 49
vulnerabilities, only one of them is a publicly disclosed zero-day flaw.
Microsoft Patch Tuesday security updates for June 2024 ...

Pierluigi Paganini June 12, 2024
Data Breach

CYLANCE CONFIRMS THE LEGITIMACY OF DATA OFFERED FOR SALE IN THE DARK WEB

A threat actor is selling the data belonging to BlackBerry’s Cylance
cybersecurity unit, he demanded $750,000. A threat actor, that goes online with
the moniker Sp1d3r, is selling the stolen dat ...

Pierluigi Paganini June 11, 2024
Hacking

ARM ZERO-DAY IN MALI GPU DRIVERS ACTIVELY EXPLOITED IN THE WILD

Semiconductor and software design company Arm warns of an actively exploited
zero-day vulnerability in Mali GPU Kernel Driver. Arm is warning of an actively
exploited zero-day vulnerability, track ...

Pierluigi Paganini June 11, 2024
Hacking

EXPERT RELEASED POC EXPLOIT CODE FOR VEEAM BACKUP ENTERPRISE MANAGER FLAW
CVE-2024-29849. PATCH IT NOW!

A proof-of-concept (PoC) exploit code for a Veeam Backup Enterprise Manager
authentication bypass flaw CVE-2024-29849 is publicly available. Researcher Sina
Kheirkha analyzed the Veeam Backup Ent ...

Pierluigi Paganini June 11, 2024
Security

JAPANESE VIDEO-SHARING PLATFORM NICONICO WAS VICTIM OF A CYBER ATTACK

The Japanese video-sharing platform, Niconico, was forced to suspend its
services following a cybersecurity incident. The Japanese video-sharing
platform, Niconico, temporarily suspended its servi ...

Pierluigi Paganini June 10, 2024
Cyber Crime

UK NHS CALL FOR O-TYPE BLOOD DONATIONS FOLLOWING RANSOMWARE ATTACK ON LONDON
HOSPITALS

The UK NHS issued an urgent call for O-type blood donations following the recent
ransomware attack that hit several London hospitals. The UK National Health
Service (NHS) issued an urgent call for ...

Pierluigi Paganini June 10, 2024
Data Breach

CHRISTIE’S DATA BREACH IMPACTED 45,798 INDIVIDUALS

Auction house Christie’s revealed that the data breach caused by the recent
ransomware attack impacted 45,000 individuals. At the end of May, the auction
house Christie’s disclosed a data bre ...

Pierluigi Paganini June 10, 2024
Hacking

STICKY WEREWOLF TARGETS THE AVIATION INDUSTRY IN RUSSIA AND BELARUS

Morphisec researchers observed a threat actor, tracked as Sticky Werewolf,
targeting entities in Russia and Belarus. Sticky Werewolf is a threat actor that
was first spotted in April 2023, initial ...

Pierluigi Paganini June 10, 2024
Data Breach

FRONTIER COMMUNICATIONS DATA BREACH IMPACTED OVER 750,000 INDIVIDUALS

Frontier Communications is notifying over 750,000 individuals that their
personal information was stolen in a recent cyber attack. Last week, the
RansomHub ransomware group claimed to have stolen ...

Pierluigi Paganini June 10, 2024
Breaking News

PHP ADDRESSED CRITICAL RCE FLAW POTENTIALLY IMPACTING MILLIONS OF SERVERS

A new PHP for Windows remote code execution (RCE) flaw affects version 5.x and
earlier versions, potentially impacting millions of servers worldwide.
Researchers at cybersecurity firm DEVCORE disc ...

Pierluigi Paganini June 09, 2024
Security

SECURITY AFFAIRS NEWSLETTER ROUND 475 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini June 09, 2024
Security

SOLARWINDS FIXED MULTIPLE FLAWS IN SERV-U AND SOLARWINDS PLATFORM

SolarWinds addressed multiple vulnerabilities in Serv-U and the SolarWinds
Platform, including a bug reported by a pentester working with NATO. SolarWinds
announced security patches to address mul ...

Pierluigi Paganini June 07, 2024
Cyber Crime

PANDABUY WAS EXTORTED TWICE BY THE SAME THREAT ACTOR

Chinese shopping platform Pandabuy previously paid a ransom demand to an
extortion group that extorted the company again this week. The story of the
attack against the Chinese shopping platform Pa ...

Pierluigi Paganini June 07, 2024
Intelligence

UAC-0020 THREAT ACTOR USED THE SPECTR MALWARE TO TARGET UKRAINE'S DEFENSE FORCES

Ukraine CERT-UA warned of cyber attacks targeting defense forces with SPECTR
malware as part of a cyber espionage campaign dubbed SickSync. The Computer
Emergency Response Team of Ukraine (CERT-UA ...

Pierluigi Paganini June 07, 2024
Cyber Crime

A NEW LINUX VERSION OF TARGETCOMPANY RANSOMWARE TARGETS VMWARE ESXI ENVIRONMENTS

A new Linux variant of the TargetCompany ransomware family targets VMware ESXi
environments using a custom shell script. A new variant of the TargetCompany
ransomware group uses a custom shell sc ...

Pierluigi Paganini June 06, 2024
Security

FBI OBTAINED 7,000 LOCKBIT DECRYPTION KEYS, VICTIMS SHOULD CONTACT THE FEDS TO
GET SUPPORT

The FBI is informing victims of LockBit ransomware it has obtained over 7,000
LockBit decryption keys that could allow some of them to decrypt their data. The
FBI is inviting victims of LockBit ra ...

Pierluigi Paganini June 06, 2024
Malware

RANSOMHUB OPERATION IS A REBRANDED VERSION OF THE KNIGHT RAAS

Researchers believe the RansomHub ransomware-as-a-service is a rebranded version
of the Knight ransomware operation. Cybersecurity experts who analyzed the
recently emerged ransomware operation Ra ...

Pierluigi Paganini June 06, 2024
Digital ID

MALWARE CAN STEAL DATA COLLECTED BY THE WINDOWS RECALL TOOL, EXPERTS WARN

Cybersecurity researchers demonstrated how malware could potentially steal data
collected by the new Windows Recall tool. The Recall feature of Microsoft
Copilot+ is an AI-powered tool designed to ...

Pierluigi Paganini June 05, 2024
Breaking News

CISCO ADDRESSED WEBEX FLAWS USED TO COMPROMISE GERMAN GOVERNMENT MEETINGS

Cisco addressed vulnerabilities that were exploited to compromise the Webex
meetings of the German government. In early May, German media outlet Zeit Online
revealed that threat actors exploited v ...

Pierluigi Paganini June 05, 2024
Hacking

CNN, PARIS HILTON, AND SONY TIKTOK ACCOUNTS HACKED VIA DMS

A vulnerability in the popular video-sharing platform TikTok allowed threat
actors to take over the accounts of celebrities. Threat actors exploited a
zero-day vulnerability in the video-sharing p ...

Pierluigi Paganini June 05, 2024
Security

ZYXEL ADDRESSED THREE RCES IN END-OF-LIFE NAS DEVICES

Zyxel Networks released an emergency security update to address critical
vulnerabilities in end-of-life NAS devices. Zyxel Networks released an emergency
security update to address three critical ...

Pierluigi Paganini June 05, 2024
Cyber Crime

A RANSOMWARE ATTACK ON SYNNOVIS IMPACTED SEVERAL LONDON HOSPITALS

A ransomware attack that hit the provider of pathology and diagnostic services
Synnovis severely impacted the operations of several London hospitals. A
ransomware attack on pathology and diagnosti ...

Pierluigi Paganini June 04, 2024
Data Breach

RANSOMHUB GANG CLAIMS THE HACK OF THE TELECOMMUNICATIONS GIANT FRONTIER
COMMUNICATIONS

The RansomHub ransomware group added the American telecommunications company
Frontier Comunications to the list of victims on its Tor leak site. The
RansomHub ransomware group claimed to have stol ...

Pierluigi Paganini June 04, 2024
Cyber Crime

CYBERCRIMINALS ATTACK BANKING CUSTOMERS IN EU WITH V3B PHISHING KIT - PHOTOTAN
AND SMARTID SUPPORTED.

Resecurity uncovered a cybercriminal group that is providing a sophisticated
phishing kit, named V3B, to target banking customers in the EU. Resecurity has
uncovered a new cybercriminal group pro ...

Pierluigi Paganini June 04, 2024
Hacking

EXPERTS RELEASED POC EXPLOIT CODE FOR A CRITICAL BUG IN PROGRESS TELERIK REPORT
SERVERS

Researchers published a PoC exploit code for an authentication bypass
vulnerability on Progress Telerik Report Servers. Researchers published a
proof-of-concept (PoC) exploit code for an authentic ...

Pierluigi Paganini June 04, 2024
Security

MULTIPLE FLAWS IN COX MODEMS COULD HAVE IMPACTED MILLIONS OF DEVICES

Researcher discovered several authorization bypass vulnerabilities in Cox modems
that potentially impacted millions of devices. The security researcher Sam Curry
discovered multiple issues in Cox ...

Pierluigi Paganini June 04, 2024
Hacking

CISA ADDS ORACLE WEBLOGIC SERVER FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

CISA adds Oracle WebLogic Server OS command injection vulnerability to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added an Oracl ...

Pierluigi Paganini June 03, 2024
Cyber Crime

SPANISH POLICE SHUT DOWN ILLEGAL TV STREAMING NETWORK

Spanish police dismantled a pirated TV streaming network that allowed its
operators to earn over 5,300,000 euros since 2015. The Spanish National Police
dismantled a network that illicitly distri ...

Pierluigi Paganini June 03, 2024
APT

APT28 TARGETS KEY NETWORKS IN EUROPE WITH HEADLACE MALWARE

Russia-linked APT28 used the HeadLace malware and credential-harvesting web
pages in attacks against networks across Europe. Researchers at Insikt Group
observed Russian GRU's unit APT28 targeti ...

Pierluigi Paganini June 03, 2024
Deep Web

EXPERTS FOUND INFORMATION OF EUROPEAN POLITICIANS ON THE DARK WEB

Personal information of hundreds of British and EU politicians is available on
dark web marketplaces. According to research conducted by Proton and Constella
Intelligence, the email addresses and ...

Pierluigi Paganini June 03, 2024
Hacking

FLYINGYETI TARGETS UKRAINE USING WINRAR EXPLOIT TO DELIVER COOKBOX MALWARE

Russia-linked threat actor FlyingYeti is targeting Ukraine with a phishing
campaign to deliver the PowerShell malware COOKBOX. Cloudflare researchers
discovered phishing campaign conducted by a R ...

Pierluigi Paganini June 02, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 474 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini June 02, 2024
Data Breach

TICKETMASTER CONFIRMS DATA BREACH IMPACTING 560 MILLION CUSTOMERS

Ticketmaster owner Live Nation confirmed the Ticketmaster data breach that
compromised the data of 560 million customers. ShinyHunters, the current
administrator of BreachForums, recently cla ...

Pierluigi Paganini June 01, 2024
Hacking

CRITICAL APACHE LOG4J2 FLAW STILL THREATENS GLOBAL FINANCE

The vulnerability CVE-2021-44832 is Apache Log4j2 library is still a serious
problem for multiple industries, expert warns it threatens global Finance. The
independent cyber threat intelligence an ...

Pierluigi Paganini June 01, 2024
Security

CROOKS STOLE MORE THAN $300M WORTH OF BITCOIN FROM THE EXCHANGE DMM BITCOIN

Crooks stole approximately 48.2 billion yen ($304 million) worth of Bitcoin from
the Japanese cryptocurrency exchange DMM Bitcoin. The Japanese cryptocurrency
exchange DMM Bitcoin announced that c ...

Pierluigi Paganini June 01, 2024
Data Breach

SHINYHUNTERS IS SELLING DATA OF 30 MILLION SANTANDER CUSTOMERS

The threat actor ShinyHunters claims breach of Santander and is offering for
sale bank data, including information for 30 million customers. A notorious
threat actor ShinyHunters is offering a hug ...

Pierluigi Paganini May 31, 2024
Malware

OVER 600,000 SOHO ROUTERS WERE DESTROYED BY CHALUBO MALWARE IN 72 HOURS 

The Chalubo trojan destroyed over 600,000 SOHO routers from a single ISP,
researchers from Lumen Technologies reported. Between October 25 and October 27,
2023, the Chalubo malware destroyed more ...

Pierluigi Paganini May 31, 2024
APT

LILACSQUID APT TARGETED ORGANIZATIONS IN THE U.S., EUROPE, AND ASIA SINCE AT
LEAST 2021

A previously undocumented APT group tracked as LilacSquid targeted organizations
in the U.S., Europe, and Asia since at least 2021. Cisco Talos researchers
reported that a previously undocumented ...

Pierluigi Paganini May 31, 2024
Data Breach

BBC DISCLOSED A DATA BREACH IMPACTING ITS PENSION SCHEME MEMBERS

The BBC disclosed a data breach that exposed the personal information of BBC
Pension Scheme members. The BBC disclosed a data breach that occurred on May 21.
Threat actors gained access to files o ...

Pierluigi Paganini May 31, 2024
Security

CISA ADDS CHECK POINT QUANTUM SECURITY GATEWAYS AND LINUX KERNEL FLAWS TO ITS
KNOWN EXPLOITED VULNERABILITIES CATALOG

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its
Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and
Infrastructure Security Agency (CISA) added the f ...

Pierluigi Paganini May 30, 2024
Malware

EXPERTS FOUND A MACOS VERSION OF THE SOPHISTICATED LIGHTSPY SPYWARE

Researchers spotted a macOS version of the LightSpy surveillance framework that
has been active in the wild since at least January 2024. Researchers from
ThreatFabric discovered a macOS version of ...

Pierluigi Paganini May 30, 2024
Cyber Crime

OPERATION ENDGAME, THE LARGEST LAW ENFORCEMENT OPERATION EVER AGAINST BOTNETS

An international law enforcement operation, called Operation Endgame targeted
multiple botnets and their operators. Between 27 and 29 May 2024, an
international law enforcement operation coordinat ...

Pierluigi Paganini May 30, 2024
Cyber Crime

LAW ENFORCEMENT OPERATION DISMANTLED 911 S5 BOTNET

An international law enforcement operation led by the U.S. DoJ disrupted the 911
S5 botnet and led to the arrest of its administrator. The U.S. Justice
Department led an international law enforcem ...

Pierluigi Paganini May 30, 2024
Cyber Crime

OKTA WARNS OF CREDENTIAL STUFFING ATTACKS TARGETING ITS CROSS-ORIGIN
AUTHENTICATION FEATURE

Identity and access management firm Okta warns of credential stuffing attacks
targeting the Customer Identity Cloud (CIC) feature. Okta warns of credential
stuffing attacks targeting its Custome ...

Pierluigi Paganini May 30, 2024
Digital ID

CHECK POINT RELEASED HOTFIX FOR ACTIVELY EXPLOITED VPN ZERO-DAY

Check Point released hotfixes for a VPN zero-day vulnerability, tracked
as CVE-2024-24919, which is actively exploited in attacks in the wild. Check
Point released hotfixes to address a VPN zero- ...

Pierluigi Paganini May 29, 2024
Data Breach

ABN AMRO DISCLOSES DATA BREACH FOLLOWING AN ATTACK ON A THIRD-PARTY PROVIDER

Dutch bank ABN Amro discloses data breach following a ransomware attack hit the
third-party services provider AddComm. Dutch bank ABN Amro disclosed a data
breach after third-party services provid ...

Pierluigi Paganini May 29, 2024
Cyber Crime

CHRISTIE DISCLOSED A DATA BREACH AFTER A RANSOMHUB ATTACK

Auction house Christie disclosed a data breach following a RansomHub cyber
attack that occurred this month. Auction house Christie’s disclosed a data
breach after the ransomware group RansomHub ...

Pierluigi Paganini May 28, 2024
Hacking

EXPERTS RELEASED POC EXPLOIT CODE FOR RCE IN FORTINET SIEM

Researchers released a proof-of-concept (PoC) exploit for remote code execution
flaw CVE-2024-23108 in Fortinet SIEM solution. Security researchers at
Horizon3's Attack Team released a proof-of-co ...

Pierluigi Paganini May 28, 2024
Malware

WORDPRESS PLUGIN ABUSED TO INSTALL E-SKIMMERS IN E-COMMERCE SITES

Threat actors are exploiting a WordPress plugin to insert malicious PHP code in
e-commerce sites and steal credit card data. Sucuri researchers observed threat
actors using a PHP snippet WordPress ...

Pierluigi Paganini May 28, 2024
Hacking

TP-LINK ARCHER C5400X GAMING ROUTER IS AFFECTED BY A CRITICAL FLAW

Researchers warn of a critical remote code execution vulnerability in TP-Link
Archer C5400X gaming router. Researchers at OneKey discovered a a critical
remote code execution (RCE) vulnerabil ...

Pierluigi Paganini May 28, 2024
Data Breach

SAV-RX DATA BREACH IMPACTED OVER 2.8 MILLION INDIVIDUALS

Prescription service firm Sav-Rx disclosed a data breach that potentially
impacted over 2.8 million people in the United States. Prescription service
company Sav-Rx disclosed a data breach after 2 ...

Pierluigi Paganini May 27, 2024
Security

THE IMPACT OF REMOTE WORK AND CLOUD MIGRATIONS ON SECURITY PERIMETERS

Organizations had to re-examine the traditional business perimeter and migrate
to cloud-based tools to support distributed workforces. What is the impact? The
almost overnight shift to remote work ...

Pierluigi Paganini May 27, 2024
Malware

NEW ATM MALWARE FAMILY EMERGED IN THE THREAT LANDSCAPE

Experts warn of a new ATM malware family that is advertised in the cybercrime
underground, it was developed to target Europe. A threat actor is advertising a
new ATM malware family that claims to ...

Pierluigi Paganini May 27, 2024
Security

A HIGH-SEVERITY VULNERABILITY AFFECTS CISCO FIREPOWER MANAGEMENT CENTER

Cisco addressed a SQL injection vulnerability in the web-based management
interface of the Firepower Management Center (FMC) Software.  Cisco addressed a
vulnerability, tracked as CVE-2024-20360 ...

Pierluigi Paganini May 27, 2024
Cyber warfare

CERT-UA WARNS OF MALWARE CAMPAIGN CONDUCTED BY THREAT ACTOR UAC-0006

The Ukraine CERT-UA warns of a concerning increase in cyberattacks attributed to
the financially-motivated threat actor UAC-0006. The Computer Emergency Response
Team of Ukraine (CERT-UA) warned o ...

Pierluigi Paganini May 26, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 473 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini May 26, 2024
Hacking

MALWARE-LACED JAVS VIEWER DEPLOYS RUSTDOOR IMPLANT IN SUPPLY CHAIN ATTACK

Malicious actors compromised the JAVS Viewer installer to deliver the RustDoor
malware in a supply chain attack. Rapid7 researchers warned that threat actors
added a backdoor to the installer for ...

Pierluigi Paganini May 26, 2024
Cyber Crime

FAKE AV WEBSITES USED TO DISTRIBUTE INFO-STEALER MALWARE

Threat actors used fake AV websites masquerading as legitimate antivirus
products from Avast, Bitdefender, and Malwarebytes to distribute malware. In
mid-April 2024, researchers at Trellix Advance ...

Pierluigi Paganini May 25, 2024
APT

MITRE DECEMBER 2023 ATTACK: THREAT ACTORS CREATED ROGUE VMS TO EVADE DETECTION

The MITRE Corporation revealed that threat actors behind the December 2023
attacks created rogue virtual machines (VMs) within its environment. The MITRE
Corporation has provided a new update abou ...

Pierluigi Paganini May 25, 2024
Hacking

AN XSS FLAW IN GITLAB ALLOWS ATTACKERS TO TAKE OVER ACCOUNTS

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that
allows unauthenticated attackers to take over user accounts. GitLab fixed a
high-severity XSS vulnerability, tracked ...

Pierluigi Paganini May 24, 2024
Hacking

GOOGLE FIXES EIGHTH ACTIVELY EXPLOITED CHROME ZERO-DAY THIS YEAR, THE THIRD IN A
MONTH

Google rolled out a new emergency security update to fix another actively
exploited zero-day vulnerability in the Chrome browser. Google has released a
new emergency security update to address a n ...

Pierluigi Paganini May 24, 2024
Security

CISA ADDS APACHE FLINK FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

CISA adds Apache Flink improper access control vulnerability to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added a NextGen Healt ...

Pierluigi Paganini May 24, 2024
Hacking

USAGE OF TLS IN DDNS SERVICES LEADS TO INFORMATION DISCLOSURE IN MULTIPLE
VENDORS

The use of Dynamic DNS (DDNS) services embedded in appliances can potentially
expose data and devices to attacks. The use of Dynamic DNS (DDNS) services
embedded in appliances, such as those provi ...

Pierluigi Paganini May 24, 2024
Security

RECALL FEATURE IN MICROSOFT COPILOT+ PCS RAISES PRIVACY AND SECURITY CONCERNS

UK data watchdog is investigating Microsoft regarding the new Recall feature in
Copilot+ PCs that captures screenshots of the user's laptop every few seconds.
The UK data watchdog, the Information ...

Pierluigi Paganini May 24, 2024
APT

APT41: THE THREAT OF KEYPLUG AGAINST ITALIAN INDUSTRIES

Tinexta Cyber’s Zlab Malware Team uncovered a backdoor known as KeyPlug employed
in attacks against several Italian industries During an extensive investigation,
Tinexta Cyber’s Zlab Malware T ...

Pierluigi Paganini May 23, 2024
Security

CRITICAL SQL INJECTION FLAWS IMPACT IVANTI ENDPOINT MANAGER (EPM)

Ivanti addressed multiple flaws in the Endpoint Manager (EPM), including remote
code execution vulnerabilities. Ivanti this week rolled out security patches to
address multiple critical vulnerabil ...

Pierluigi Paganini May 23, 2024
APT

CHINESE ACTOR 'UNFADING SEA HAZE' REMAINED UNDETECTED FOR FIVE YEARS

A previously unknown China-linked threat actor dubbed 'Unfading Sea Haze' has
been targeting military and government entities since 2018. Bitdefender
researchers discovered a previously unknown Ch ...

Pierluigi Paganini May 23, 2024
Uncategorized

A CONSUMER-GRADE SPYWARE APP FOUND IN CHECK-IN SYSTEMS OF 3 US HOTELS

A researcher discovered a consumer-grade spyware app on the check-in systems of
at least three Wyndham hotels across the US. The security researcher Eric Daigle
discovered a commercial spyware app ...

Pierluigi Paganini May 23, 2024
Security

CRITICAL VEEAM BACKUP ENTERPRISE MANAGER AUTHENTICATION BYPASS BUG

A critical security vulnerability in Veeam Backup Enterprise Manager could allow
threat actors to bypass authentication. A critical vulnerability, tracked
as CVE-2024-29849 (CVSS score: 9.8), in ...

Pierluigi Paganini May 22, 2024
Cyber Crime

CYBERCRIMINALS ARE TARGETING ELECTIONS IN INDIA WITH INFLUENCE CAMPAIGNS

Resecurity warns of a surge in malicious cyber activity targeting the election
in India, orchestrated by several independent hacktivist groups Resecurity has
identified a spike of malicious cyber ...

Pierluigi Paganini May 22, 2024
Hacking

CRITICAL GITHUB ENTERPRISE SERVER AUTHENTICATION BYPASS BUG. FIX IT NOW!

GitHub addressed a vulnerability in the GitHub Enterprise Server (GHES) that
could allow an attacker to bypass authentication. GitHub has rolled out security
fixes to address a critical authentica ...

Pierluigi Paganini May 22, 2024
Data Breach

OMNIVISION DISCLOSED A DATA BREACH AFTER THE 2023 CACTUS RANSOMWARE ATTACK

The digital imaging products manufacturer OmniVision disclosed a data breach
after the 2023 ransomware attack. OmniVision Technologies is a company that
specializes in developing advanced digital ...

Pierluigi Paganini May 22, 2024
Security

CISA ADDS NEXTGEN HEALTHCARE MIRTH CONNECT FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

CISA adds NextGen Healthcare Mirth Connect deserialization of untrusted data
vulnerability to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini May 21, 2024
Cyber Crime

BLACKBASTA GROUP CLAIMS TO HAVE HACKED ATLAS, ONE OF THE LARGEST US OIL
DISTRIBUTORS

The Blackbasta extortion group claims to have hacked Atlas, one of the largest
national distributors of fuel in the United States. Atlas is one of the largest
national fuel distributors to 49 cont ...

Pierluigi Paganini May 21, 2024
Hacking

EXPERTS WARN OF A FLAW IN FLUENT BIT UTILITY THAT IS USED BY MAJOR CLOUD
PLATFORMS AND FIRMS

A vulnerability in the Fluent Bit Utility, which is used by major cloud
providers, can lead to DoS, information disclosure, and potentially RCE. Tenable
researchers have discovered a severe vulner ...

Pierluigi Paganini May 21, 2024
Hacking

EXPERTS RELEASED POC EXPLOIT CODE FOR RCE IN QNAP QTS

Experts warn of fifteen vulnerabilities in the QNAP QTS, the operating system
for the Taiwanese vendor's NAS products. An audit of QNAP QTS conducted by
WatchTowr Labs revealed fifteen vulnerabili ...

Pierluigi Paganini May 21, 2024
Cyber Crime

GITCAUGHT CAMPAIGN RELIES ON GITHUB AND FILEZILLA TO DELIVER MULTIPLE MALWARE

Researchers discovered a sophisticated cybercriminal campaign by
Russian-speaking threat actors that used GitHub to distribute malware. Recorded
Future's Insikt Group discovered a sophisticated cy ...

Pierluigi Paganini May 20, 2024
Hacking

TWO STUDENTS UNCOVERED A FLAW THAT ALLOWS TO USE LAUNDRY MACHINES FOR FREE

Two students discovered a security flaw in over a million internet-connected
laundry machines that could allow laundry for free. CSC ServiceWorks is a
company that provides laundry services and ai ...

Pierluigi Paganini May 20, 2024
Malware

GRANDOREIRO BANKING TROJAN IS BACK AND TARGETS BANKS WORLDWIDE

A new Grandoreiro banking trojan campaign has been ongoing since March 2024,
following the disruption by law enforcement in January. IBM X-Force warns of a
new Grandoreiro banking trojan ...

Pierluigi Paganini May 20, 2024
Data Breach

HEALTHCARE FIRM WEBTPA DATA BREACH IMPACTED 2.5 MILLION INDIVIDUALS

WebTPA, a third-party administrator that provides healthcare management and
administrative services, disclosed a data breach. WebTPA is a third-party
administrator that provides healthcare managem ...

Pierluigi Paganini May 19, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 472 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini May 19, 2024
APT

NORTH KOREA-LINKED KIMSUKY USED A NEW LINUX BACKDOOR IN RECENT ATTACKS

Symantec warns of a new Linux backdoor used by the North Korea-linked Kimsuky
APT in a recent campaign against organizations in South Korea.  Symantec
researchers observed the North Korea-linked ...

Pierluigi Paganini May 19, 2024
Intelligence

NORTH KOREA-LINKED IT WORKERS INFILTRATED HUNDREDS OF US FIRMS

The U.S. Justice Department charged five individuals, including a U.S. woman,
for aiding North Korea-linked IT workers to infiltrate 300 firms. The Justice
Department unsealed charges against an A ...

Pierluigi Paganini May 18, 2024
APT

TURLA APT USED TWO NEW BACKDOORS TO INFILTRATE A EUROPEAN MINISTRY OF FOREIGN
AFFAIRS

Russia-linked Turla APT allegedly used two new backdoors, named Lunar malware
and LunarMail, to target European government agencies. ESET researchers
discovered two previously unknown backdoors na ...

Pierluigi Paganini May 17, 2024
Cyber Crime

CITY OF WICHITA DISCLOSED A DATA BREACH AFTER THE RECENT RANSOMWARE ATTACK

The City of Wichita disclosed a data breach after the ransomware attack that hit
the Kansas's city earlier this month. On May 5th, 2024, the City of Wichita,
Kansas, was the victim of a ransomware ...

Pierluigi Paganini May 17, 2024
Security

CISA ADDS D-LINK DIR ROUTER FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

CISA adds two D-Link DIR-600 and DIR-605 router vulnerabilities to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added the followi ...

Pierluigi Paganini May 17, 2024
Cyber Crime

CISA ADDS GOOGLE CHROME ZERO-DAYS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

CISA adds two Chrome zero-day vulnerabilities to its Known Exploited
Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security
Agency (CISA) added [1,2] the following vulnerabil ...

Pierluigi Paganini May 17, 2024
APT

NORTH KOREA-LINKED KIMSUKY APT ATTACK TARGETS VICTIMS VIA MESSENGER

North Korea-linked Kimsuky APT group employs rogue Facebook accounts to target
victims via Messenger and deliver malware. Researchers at Genians Security
Center (GSC) identified a new at ...

Pierluigi Paganini May 17, 2024
Cyber Crime

ELECTRONIC PRESCRIPTION PROVIDER MEDISECURE IMPACTED BY A RANSOMWARE ATTACK

Electronic prescription provider MediSecure in Australia suffered a ransomware
attack likely originate from a third-party vendor. MediSecure is a company that
provides digital health solutions, pa ...

Pierluigi Paganini May 16, 2024
Hacking

GOOGLE FIXES SEVENTH ACTIVELY EXPLOITED CHROME ZERO-DAY THIS YEAR, THE THIRD IN
A WEEK

Google released security updates to address a new actively exploited Chrome
zero-day vulnerability, the third in a week. Google has released a new emergency
security update to address a new vulner ...

Pierluigi Paganini May 16, 2024
Data Breach

SANTANDER: A DATA BREACH AT A THIRD-PARTY PROVIDER IMPACTED CUSTOMERS AND
EMPLOYEES

The Spanish bank Santander disclosed a data breach at a third-party provider
that impacted customers in Chile, Spain, and Uruguay. The Spanish financial
institution Santander revealed a data breac ...

Pierluigi Paganini May 16, 2024
Cyber Crime

FBI SEIZED THE NOTORIOUS BREACHFORUMS HACKING FORUM

An international law enforcement operation coordinated by the FBI led to the
seizure of the notorious BreachForums hacking forum. BreachForums is a
cybercrime forum used by threat actors to purcha ...

Pierluigi Paganini May 15, 2024
Cyber Crime

A TORNADO CASH DEVELOPER HAS BEEN SENTENCED TO 64 MONTHS IN PRISON

One of the developers of the Tornado Cash cryptocurrency mixer has been
sentenced to 64 months in prison. Alexey Pertsev (29), one of the main
developers of the Tornado Cash cryptocurrency mixer h ...

Pierluigi Paganini May 15, 2024
Security

ADOBE FIXED MULTIPLE CRITICAL FLAWS IN ACROBAT AND READER

Adobe addressed multiple code execution vulnerabilities in several products,
including Adobe Acrobat and Reader. Adobe addressed multiple code execution
vulnerabilities in its products, including ...

Pierluigi Paganini May 15, 2024
Data Breach

RANSOMWARE ATTACK ON SINGING RIVER HEALTH SYSTEM IMPACTED 895,000 PEOPLE

The Singing River Health System revealed that the ransomware attack that hit the
organization in August 2023 impacted 895,204 people. At the end of August 2023,
the systems at three hospitals and ...

Pierluigi Paganini May 15, 2024
Security

MICROSOFT PATCH TUESDAY SECURITY UPDATES FOR MAY 2024 FIXES 2 ACTIVELY EXPLOITED
ZERO-DAYS

Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across
various products including an actively exploited zero-day. Microsoft Patch
Tuesday security updates for May 2024 address ...

Pierluigi Paganini May 14, 2024
Hacking

VMWARE FIXED ZERO-DAY FLAWS DEMONSTRATED AT PWN2OWN VANCOUVER 2024

VMware fixed four flaws in its Workstation and Fusion desktop hypervisors,
including three zero-days exploited at the Pwn2Own Vancouver 2024 VMware
addressed four vulnerabilities in its Workstatio ...

Pierluigi Paganini May 14, 2024
Security

MITRE RELEASED EMB3D THREAT MODEL FOR EMBEDDED DEVICES

The non-profit technology organization MITRE released the EMB3D threat model for
embedded devices used in critical infrastructure. MITRE announced the public
release of its EMB3D threat model for ...

Pierluigi Paganini May 14, 2024
Hacking

GOOGLE FIXES SIXTH ACTIVELY EXPLOITED CHROME ZERO-DAY THIS YEAR

Google released emergency security updates to address an actively exploited
Chrome zero-day vulnerability. Google has released emergency security updates to
address a high-severity zero-day vulner ...

Pierluigi Paganini May 14, 2024
Malware

PHORPIEX BOTNET SENT MILLIONS OF PHISHING EMAILS TO DELIVER LOCKBIT BLACK
RANSOMWARE

Experts reported that since April, the Phorpiex botnet sent millions of phishing
emails to spread LockBit Black ransomware. New Jersey's Cybersecurity and
Communications Integration Cell (NJCCIC)� ...

Pierluigi Paganini May 14, 2024
Hacking

THREAT ACTORS MAY HAVE EXPLOITED A ZERO-DAY IN OLDER IPHONES, APPLE WARNS

Apple rolled out urgent security updates to address code execution
vulnerabilities in iPhones, iPads, and macOS. Apple released urgent security
updates to address multiple vulnerabilities in iPhon ...

Pierluigi Paganini May 13, 2024
Data Breach

CITY OF HELSINKI SUFFERED A DATA BREACH

The City of Helsinki suffered a data breach that impacted tens of thousands of
students, guardians, and personnel. The Police of Finland is investigating a
data breach suffered by the City of Hels ...

Pierluigi Paganini May 13, 2024
Cyber Crime

RUSSIAN HACKERS DEFACED LOCAL BRITISH NEWS SITES

A group of hackers that defines itself as “first-class Russian hackers” claims
the defacement of hundreds of local and regional British newspaper websites. A
group claiming to be "first-class ...

Pierluigi Paganini May 13, 2024
Data Breach

AUSTRALIAN FIRSTMAC LIMITED DISCLOSED A DATA BREACH AFTER CYBER ATTACK

Firstmac Limited disclosed a data breach after the new Embargo extortion group
leaked over 500GB of data allegedly stolen from the company. Firstmac Limited,
one of the largest non-bank lenders i ...

Pierluigi Paganini May 13, 2024
Hacking

PRO-RUSSIA HACKERS TARGETED KOSOVO’S GOVERNMENT WEBSITES

Pro-Russia hackers targeted government websites in Kosovo in retaliation for the
government's support to Ukraine with military equipment. Pro-Russia hackers
targeted Kosovo government websites, in ...

Pierluigi Paganini May 12, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 471 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini May 12, 2024
Cyber Crime

AS OF MAY 2024, BLACK BASTA RANSOMWARE AFFILIATES HACKED OVER 500 ORGANIZATIONS
WORLDWIDE

Black Basta ransomware affiliates have breached over 500 organizations between
April 2022 and May 2024, FBI and CISA reported. The FBI, CISA, HHS, and MS-ISAC
have issued a joint Cybersecurity Adv ...

Pierluigi Paganini May 12, 2024
Data Breach

OHIO LOTTERY DATA BREACH IMPACTED OVER 538,000 INDIVIDUALS

The cyber attack on the Ohio Lottery on Christmas Eve exposed the personal data
of over 538,000 individuals. On Christmas Eve, a cyberattack targeting the Ohio
Lottery resulted in the exposure of ...

Pierluigi Paganini May 11, 2024
Cyber Crime

NOTORIUS THREAT ACTOR INTELBROKER CLAIMS THE HACK OF THE EUROPOL

Notorius threat actor IntelBroker claims that Europol has suffered a data breach
that exposed FOUO and other classified data. The threat actor IntelBroker
announced on the cybercrime forum Breach ...

Pierluigi Paganini May 11, 2024
Hacking

A CYBERATTACK HIT THE US HEALTHCARE GIANT ASCENSION

A cyberattack hit the US Healthcare giant Ascension and is causing disruption of
the systems at hospitals in the country. Ascension is one of the largest
private healthcare systems in the Unit ...

Pierluigi Paganini May 11, 2024
Hacking

GOOGLE FIXES FIFTH ACTIVELY EXPLOITED CHROME ZERO-DAY THIS YEAR

Since the start of the year, Google released an update to fix the fifth actively
exploited zero-day vulnerability in the Chrome browser. Google this week
released security updates to address a zer ...

Pierluigi Paganini May 10, 2024
APT

RUSSIA-LINKED APT28 TARGETS GOVERNMENT POLISH INSTITUTIONS

CERT Polska warns of a large-scale malware campaign against Polish government
institutions conducted by Russia-linked APT28. CERT Polska and CSIRT MON teams
issued a warning about a large-scale ma ...

Pierluigi Paganini May 10, 2024
Security

CITRIX WARNS CUSTOMERS TO UPDATE PUTTY VERSION INSTALLED ON THEIR XENCENTER
SYSTEM MANUALLY

Citrix urges customers to manually address a PuTTY SSH client flaw that could
allow attackers to steal a XenCenter admin's private SSH key. Versions of
XenCenter for Citrix Hypervisor 8.2 CU1 LTSR ...

Pierluigi Paganini May 10, 2024
Breaking News

DELL DISCLOSES DATA BREACH IMPACTING MILLIONS OF CUSTOMERS

Dell disclosed a security breach that exposed millions of customers' names and
physical mailing addresses. IT giant Dell suffered a data breach exposing
customers’ names and physical addresses, ...

Pierluigi Paganini May 09, 2024
Cyber Crime

MIRAI BOTNET ALSO SPREADS THROUGH THE EXPLOITATION OF IVANTI CONNECT SECURE BUGS

Threat actors exploit recently disclosed Ivanti Connect Secure (ICS)
vulnerabilities to deploy the Mirai botnet. Researchers from Juniper Threat Labs
reported that threat actors are exploiting rec ...

Pierluigi Paganini May 09, 2024
Cyber Crime

ZSCALER IS INVESTIGATING DATA BREACH CLAIMS

Cybersecurity firm Zscaler is investigating claims of a data breach after
hackers offered access to its network. Cybersecurity firm Zscaler is
investigating allegations of a data breach following ...

Pierluigi Paganini May 09, 2024
Security

EXPERTS WARN OF TWO BIG-IP NEXT CENTRAL MANAGER FLAWS THAT ALLOW DEVICE TAKEOVER

Two high-severity vulnerabilities in BIG-IP Next Central Manager can be
exploited to gain admin control and create hidden accounts on any managed
assets. F5 has addressed two high-severity vulnera ...

Pierluigi Paganini May 09, 2024
Cyber Crime

LOCKBIT GANG CLAIMED RESPONSIBILITY FOR THE ATTACK ON CITY OF WICHITA

The LockBit ransomware group has added the City of Wichita to its Tor leak site
and threatened to publish stolen data. Last week, the City of Wichita, Kansas,
was the victim of a ransomware attack ...

Pierluigi Paganini May 08, 2024
Hacking

NEW TUNNELVISION TECHNIQUE CAN BYPASS THE VPN ENCAPSULATION

TunnelVision is a new VPN bypass technique that enables threat actors to spy on
users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers
recently identified a novel attack ...

Pierluigi Paganini May 08, 2024
Hacking

LITESPEED CACHE WORDPRESS PLUGIN ACTIVELY EXPLOITED IN THE WILD

Threat actors are exploiting a high-severity vulnerability in the LiteSpeed
Cache plugin for WordPress to take over web sites. WPScan researchers reported
that threat actors are exploiting a high- ...

Pierluigi Paganini May 08, 2024
Hacking

MOST TINYPROXY INSTANCES ARE POTENTIALLY VULNERABLE TO FLAW CVE-2023-49606

A critical Remote Code Execution vulnerability in the Tinyproxy service
potentially impacted 50,000 Internet-Exposing hosts. Researchers from Cisco
Talos reported a use-after-free vulnerability in ...

Pierluigi Paganini May 08, 2024
Data Breach

UK MINISTRY OF DEFENSE DISCLOSED A THIRD-PARTY DATA BREACH EXPOSING MILITARY
PERSONNEL DATA 

The UK Ministry of Defense disclosed a data breach at a third-party payroll
system that exposed data of armed forces personnel and veterans. The UK Ministry
of Defense disclosed a data breach impa ...

Pierluigi Paganini May 08, 2024
Cyber Crime

LAW ENFORCEMENT AGENCIES IDENTIFIED LOCKBIT RANSOMWARE ADMIN AND SANCTIONED HIM

The FBI, UK National Crime Agency, and Europol revealed the identity of the
admin of the LockBit operation and sanctioned him. The FBI, UK National Crime
Agency, and Europol have unmasked the ...

Pierluigi Paganini May 07, 2024
Hacking

MITRE ATTRIBUTES THE RECENT ATTACK TO CHINA-LINKED UNC5221

MITRE published more details on the recent security breach, including a timeline
of the attack and attribution evidence. MITRE has shared more details on the
recent hack, including the new malware ...

Pierluigi Paganini May 07, 2024
Cyber Crime

ALEXANDER VINNIK, THE OPERATOR OF BTC-E EXCHANGE, PLEADED GUILTY TO MONEY
LAUNDERING

Alexander Vinnik, a Russian operator of virtual currency exchange BTC-e pleaded
guilty to participating in a money laundering scheme. Alexander Vinnik, a
Russian national, pleaded guilty to conspi ...

Pierluigi Paganini May 07, 2024
Security

CITY OF WICHITA HIT BY A RANSOMWARE ATTACK

The City of Wichita in Kansas was forced to shut down its computer systems after
a ransomware attack. The City of Wichita, Kansas, was the victim of a ransomware
attack and shut down its network t ...

Pierluigi Paganini May 06, 2024
Data Breach

EL SALVADOR SUFFERED A MASSIVE LEAK OF BIOMETRIC DATA

Resecurity found a massive leak involving the exposure of personally
identifiable information (PII) of over five million citizens of El Salvador on
the Dark Web. Resecurity identified a massive le ...

Pierluigi Paganini May 06, 2024
Malware

FINLAND AUTHORITIES WARN OF ANDROID MALWARE CAMPAIGN TARGETING BANK USERS

Finland's Transport and Communications Agency (Traficom) warned about an ongoing
Android malware campaign targeting bank accounts. Traficom, Finland's Transport
and Communications Agency, issued a ...

Pierluigi Paganini May 06, 2024
Cyber Crime

RANSOMWARE DRAMA: LAW ENFORCEMENT SEIZED LOCKBIT GROUP'S WEBSITE AGAIN

Law enforcement seized the Lockbit group's Tor website again and announced they
will reveal more identities of its operators Law enforcement seized the Lockbit
group's Tor website again. The autho ...

Pierluigi Paganini May 05, 2024
APT

NATO AND THE EU FORMALLY CONDEMNED RUSSIA-LINKED APT28 CYBER ESPIONAGE

NATO and the European Union formally condemned cyber espionage operations
carried out by the Russia-linked APT28 against European countries. NATO and the
European Union condemned cyber espionage o ...

Pierluigi Paganini May 05, 2024
Security

SECURITY AFFAIRS NEWSLETTER ROUND 470 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini May 05, 2024
Security

BLACKBASTA GANG CLAIMED RESPONSIBILITY FOR SYNLAB ITALIA ATTACK

The Blackbasta extortion group claimed responsibility for the attack that in
April severely impacted the operations of Synlab Italia. Since April 18, Synlab
Italia, a major provider of medical dia ...

Pierluigi Paganini May 04, 2024
Cyber Crime

LOCKBIT PUBLISHED DATA STOLEN FROM SIMONE VEIL HOSPITAL IN CANNES

LockBit ransomware operators have published sensitive data allegedly stolen from
the Simone Veil hospital in Cannes. In April, a cyber attack hit the Hospital
Simone Veil in Cannes (CHC-SV), impac ...

Pierluigi Paganini May 03, 2024
APT

RUSSIA-LINKED APT28 AND CROOKS ARE STILL USING THE MOOBOT BOTNET

The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and
cybercriminals organizations. Trend Micro researchers reported that the
EdgeRouter botnet, called Moobot, used by the ...

Pierluigi Paganini May 03, 2024
Hacking

DIRTY STREAM ATTACK POSES BILLIONS OF ANDROID INSTALLS AT RISK

Microsoft devised an attack technique, dubbed 'Dirty Stream,' impacting widely
used Android applications, billions of installations are at risk. Microsoft is
warning Android users about a new atta ...

Pierluigi Paganini May 03, 2024
Cyber Crime

ZLOADER MALWARE ADDS ZEUS'S ANTI-ANALYSIS FEATURE

Zloader continues to evolve, its authors added an anti-analysis feature that was
originally present in the Zeus banking trojan. Zloader (aka Terdot, DELoader, or
Silent Night) is a modular trojan ...

Pierluigi Paganini May 03, 2024
Breaking News

UKRAINIAN REVIL GANG MEMBER SENTENCED TO 13 YEARS IN PRISON

A Ukrainian national, a member of the REvil group, has been sentenced to more
than 13 years in prison for his role in extortion activities. The Ukrainian
national, Yaroslav Vasinskyi (24), aka Rab ...

Pierluigi Paganini May 02, 2024
Security

HPE ARUBA NETWORKING ADDRESSED FOUR CRITICAL ARUBAOS RCE FLAWS

HPE Aruba Networking addressed four critical remote code execution
vulnerabilities impacting its ArubaOS network operating system. HPE Aruba
Networking released April 2024 security updates that ad ...

Pierluigi Paganini May 02, 2024
Hacking

THREAT ACTORS HACKED THE DROPBOX SIGN PRODUCTION ENVIRONMENT

Threat actors breached the Dropbox Sign production environment and accessed
customer email addresses and hashed passwords Cloud storage provider DropBox
revealed that threat actors have breached t ...

Pierluigi Paganini May 02, 2024
Security

CISA ADDS GITLAB FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

CISA adds GitLab Community and Enterprise Editions improper access control
vulnerability to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini May 02, 2024
Data Breach

PANDA RESTAURANT GROUP DISCLOSED A DATA BREACH

Panda Restaurant Group disclosed a data breach that occurred in March, resulting
in the theft of associates' personal information. Panda Restaurant Group
disclosed a data breach that occurred in M ...

Pierluigi Paganini May 02, 2024
Intelligence

EX-NSA EMPLOYEE SENTENCED TO 262 MONTHS IN PRISON FOR ATTEMPTING TO TRANSFER
CLASSIFIED DOCUMENTS TO RUSSIA

A former U.S. NSA employee has been sentenced to nearly 22 years in prison for
attempting to sell classified documents to Russia. Jareh Sebastian Dalke (32),
of Colorado Springs, is a former emplo ...

Pierluigi Paganini May 01, 2024
Malware

CUTTLEFISH MALWARE TARGETS ENTERPRISE-GRADE SOHO ROUTERS

A new malware named Cuttlefish targets enterprise-grade and small office/home
office (SOHO) routers to harvest public cloud authentication data. Researchers
at Lumen’s Black Lotus Labs discovere ...

Pierluigi Paganini May 01, 2024
Security

A FLAW IN THE R PROGRAMMING LANGUAGE COULD ALLOW CODE EXECUTION

A flaw in the R programming language enables the execution of arbitrary code
when parsing specially crafted RDS and RDX files. A vulnerability, tracked
as CVE-2024-27322 (CVSS v3: 8.8), ...

Pierluigi Paganini May 01, 2024
APT

MUDDLING MEERKAT, A MYSTERIOUS DNS OPERATION INVOLVING CHINA'S GREAT FIREWALL

The China-linked threat actors Muddling Meerkat are manipulating DNS to probe
networks globally since 2019. Infoblox researchers observed China-linked threat
actors Muddling Meerkat using sophis ...

Pierluigi Paganini May 01, 2024
Cyber Crime

NOTORIOUS FINNISH HACKER SENTENCED TO MORE THAN SIX YEARS IN PRISON

Finnish hacker was sentenced to more than six years in prison for hacking into
an online psychotherapy clinic and attempted extortion. A popular 26-year-old
Finnish hacker Aleksanteri Kivimäki wa ...

Pierluigi Paganini April 30, 2024
Security

CISA GUIDELINES TO PROTECT CRITICAL INFRASTRUCTURE AGAINST AI-BASED THREATS

The US government’s cybersecurity agency CISA published a series of guidelines
to protect critical infrastructure against AI-based attacks. CISA collaborated
with Sector Risk Management Agencies ...

Pierluigi Paganini April 30, 2024
Laws and regulations

NCSC: NEW UK LAW BANS DEFAULT PASSWORDS ON SMART DEVICES

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers
to ban default passwords starting from April 29, 2024. The U.K. National Cyber
Security Centre (NCSC) is urging manuf ...

Pierluigi Paganini April 30, 2024
Laws and regulations

THE FCC IMPOSES $200 MILLION IN FINES ON FOUR US CARRIERS FOR UNLAWFULLY SHARING
USER LOCATION DATA

The Federal Communications Commission (FCC) fined the largest U.S. wireless
carriers $200 million for sharing customers' real-time location data without
consent. The FCC has fined four major U. ...

Pierluigi Paganini April 30, 2024
Mobile

GOOGLE PREVENTED 2.28 MILLION POLICY-VIOLATING APPS FROM BEING PUBLISHED ON
GOOGLE PLAY IN 2023

Google announced they have prevented 2.28 million policy-violating apps from
being published in the official Google Play. Google announced that in 2023, they
have prevented 2.28 million policy-vio ...

Pierluigi Paganini April 29, 2024
Cyber Crime

FINANCIAL BUSINESS AND CONSUMER SOLUTIONS (FBCS) DATA BREACH IMPACTED 2M
INDIVIDUALS

Financial Business and Consumer Solutions (FBCS) suffered a data breach that
exposed information 2 million individuals. Debt collection agency Financial
Business and Consumer Solutions (FBCS) disc ...

Pierluigi Paganini April 29, 2024
Hacktivism

CYBER-PARTISANS HACKTIVISTS CLAIM TO HAVE BREACHED BELARUS KGB

A Belarusian group of activist group claims to have infiltrated the network of
the country’s main KGB agency. The Belarusian hacktivist group Cyber-Partisans
claims to have infiltrated the netwo ...

Pierluigi Paganini April 29, 2024
Data Breach

THE LOS ANGELES COUNTY DEPARTMENT OF HEALTH SERVICES DISCLOSED A DATA BREACH

The Los Angeles County Department of Health Services reported a data breach that
exposed thousands of patients' personal and health information. The Los Angeles
County Department of Health Service ...

Pierluigi Paganini April 29, 2024
Uncategorized

MULTIPLE BROCADE SANNAV SAN MANAGEMENT SW FLAWS ALLOW DEVICE COMPROMISE

Multiple flaws in Brocade SANnav storage area network (SAN) management
application can allow to compromise impacted appliances. Multiple
vulnerabilities found in the Brocade SANnav storage area ne ...

Pierluigi Paganini April 29, 2024
Security

ICICI BANK EXPOSED CREDIT CARD DATA OF 17000 CUSTOMERS

ICICI Bank, a major private bank in India, mistakenly exposed the sensitive data
of thousands of new credit cards to unintended recipients. ICICI Bank, one of
the leading private banks in India, a ...

Pierluigi Paganini April 28, 2024
Hacking

OKTA WARNS OF UNPRECEDENTED SCALE IN CREDENTIAL STUFFING ATTACKS ON ONLINE
SERVICES

Identity and access management services provider Okta warned of a spike in
credential stuffing attacks aimed at online services. In recent weeks, Okta
observed a surge in credential stuffing attac ...

Pierluigi Paganini April 28, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 469 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini April 28, 2024
Hacking

TARGETED OPERATION AGAINST UKRAINE EXPLOITED 7-YEAR-OLD MS OFFICE BUG

A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in
Microsoft Office to deliver Cobalt Strike. Security experts at Deep Instinct
Threat Lab have uncovered a targeted c ...

Pierluigi Paganini April 28, 2024
Data Breach

HACKERS MAY HAVE ACCESSED THOUSANDS OF ACCOUNTS ON THE CALIFORNIA STATE WELFARE
PLATFORM

Threat actors accessed more than 19,000 online accounts on a California state
platform for welfare programs. Threat actors breached over 19,000 online
accounts on a California state platform dedic ...

Pierluigi Paganini April 27, 2024
Malware

BROKEWELL ANDROID MALWARE SUPPORTS AN EXTENSIVE SET OF DEVICE TAKEOVER
CAPABILITIES

ThreatFabric researchers identified a new Android malware called Brokewell,
which implements a wide range of device takeover capabilities. ThreatFabric
researchers uncovered a new mobile malware n ...

Pierluigi Paganini April 27, 2024
Hacking

EXPERTS WARN OF AN ONGOING MALWARE CAMPAIGN TARGETING WP-AUTOMATIC PLUGIN

A critical vulnerability in the WordPress Automatic plugin is being exploited to
inject backdoors and web shells into websites WordPress security scanner WPScan
warns that threat actors are exploi ...

Pierluigi Paganini April 26, 2024
Cyber Crime

CRYPTOCURRENCIES AND CYBERCRIME: A CRITICAL INTERMINGLING

As cryptocurrencies have grown in popularity, there has also been growing
concern about cybercrime involvement in this sector Cryptocurrencies have
revolutionized the financial world, offering new ...

Pierluigi Paganini April 26, 2024
Data Breach

KAISER PERMANENTE DATA BREACH MAY HAVE IMPACTED 13.4 MILLION PATIENTS

Healthcare service provider Kaiser Permanente disclosed a security breach that
may impact 13.4 million individuals in the United States. Kaiser Permanente is
an American integrated managed care  ...

Pierluigi Paganini April 26, 2024
Hacking

OVER 1,400 CRUSHFTP INTERNET-FACING SERVERS VULNERABLE TO CVE-2024-4040 BUG

Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting
recently disclosed CVE-2024-4040 vulnerability. Over 1,400 CrushFTP
internet-facing servers are vulnerable to attac ...

Pierluigi Paganini April 26, 2024
Cyber Crime

SWEDEN’S LIQUOR SUPPLY SEVERELY IMPACTED BY RANSOMWARE ATTACK ON LOGISTICS
COMPANY

A ransomware attack on a Swedish logistics company Skanlog severely impacted the
country's liquor supply.  Skanlog, a critical distributor for Systembolaget, the
Swedish government-owned retail c ...

Pierluigi Paganini April 26, 2024
Security

CISA ADDS CISCO ASA AND FTD AND CRUSHFTP VFS FLAWS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added the following v ...

Pierluigi Paganini April 25, 2024
Hacking

CISA ADDS MICROSOFT WINDOWS PRINT SPOOLER FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added the CVE-2022-3 ...

Pierluigi Paganini April 25, 2024
Cyber Crime

DOJ ARRESTED THE FOUNDERS OF CRYPTO MIXER SAMOURAI FOR FACILITATING $2 BILLION
IN ILLEGAL TRANSACTIONS

The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of
a cryptocurrency mixer Samourai. The U.S. Department of Justice (DoJ) has
arrested two co-founders of the cryptocur ...

Pierluigi Paganini April 25, 2024
Security

GOOGLE FIXED CRITICAL CHROME VULNERABILITY CVE-2024-4058

Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that
resides in the ANGLE graphics layer engine. Google addressed four
vulnerabilities in the Chrome web browser, includ ...

Pierluigi Paganini April 25, 2024
APT

NATION-STATE ACTORS EXPLOITED TWO ZERO-DAYS IN ASA AND FTD FIREWALLS TO BREACH
GOVERNMENT NETWORKS

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD
firewalls since November 2023 to breach government networks. Cisco Talos warned
that the nation-state actor UAT4356 (aka ...

Pierluigi Paganini April 24, 2024
Breaking News

HACKERS HIJACKED THE ESCAN ANTIVIRUS UPDATE MECHANISM IN MALWARE CAMPAIGN

A malware campaign has been exploiting the updating mechanism of the eScan
antivirus to distribute backdoors and cryptocurrency miners. Avast researchers
discovered and analyzed a malware campaign ...

Pierluigi Paganini April 24, 2024
Cyber warfare

US OFFERS A $10 MILLION REWARD FOR INFORMATION ON FOUR IRANIAN NATIONALS

The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned
four Iranian nationals for their role in cyberattacks against the U.S.. The U.S.
Treasury Department's Office of Foreig ...

Pierluigi Paganini April 24, 2024
Hacking

THE STREET LIGHTS IN LEICESTER CITY CANNOT BE TURNED OFF DUE TO A CYBER ATTACK

A cyber attack on Leicester City Council resulted in certain street lights
remaining illuminated all day and severely impacted the council's operations
The Leicester City Council suffered a cybe ...

Pierluigi Paganini April 24, 2024
APT

NORTH KOREA-LINKED APT GROUPS TARGET SOUTH KOREAN DEFENSE CONTRACTORS

The National Police Agency in South Korea warns that North Korea-linked threat
actors are targeting defense industry entities. The National Police Agency in
South Korea warns that North Korea-link ...

Pierluigi Paganini April 23, 2024
Laws and regulations

U.S. GOV IMPOSED VISA RESTRICTIONS ON 13 INDIVIDUALS LINKED TO COMMERCIAL
SPYWARE ACTIVITY

The U.S. Department of State imposed visa restrictions on 13 individuals
allegedly linked to the commercial spyware business. The US Department of State
is imposing visa restrictions on 13 individ ...

Pierluigi Paganini April 23, 2024
Hacking

A CYBER ATTACK PARALYZED OPERATIONS AT SYNLAB ITALIA

A cyber attack has been disrupting operations at Synlab Italia, a leading
provider of medical diagnosis services, since April 18. Since April 18, Synlab
Italia, a major provider of medical diagno ...

Pierluigi Paganini April 23, 2024
APT

RUSSIA-LINKED APT28 USED POST-COMPROMISE TOOL GOOSEEGG TO EXPLOIT CVE-2022-38028
WINDOWS FLAW

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to
exploit Windows Print Spooler service flaw. Microsoft reported that the
Russia-linked APT28 group (aka “Forest Blizz ...

Pierluigi Paganini April 22, 2024
Cyber Crime

HACKERS THREATEN TO LEAK A COPY OF THE WORLD-CHECK DATABASE USED TO ASSESS
POTENTIAL RISKS ASSOCIATED WITH ENTITIES

A financially motivated group named GhostR claims the theft of a sensitive
database from World-Check and threatens to publish it. World-Check is a global
database utilized by various organizations ...

Pierluigi Paganini April 22, 2024
Security

A FLAW IN THE FORMINATOR PLUGIN IMPACTS HUNDREDS OF THOUSANDS OF WORDPRESS SITES

Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that
allows unrestricted file uploads to the server. Japan's CERT warned that the
WordPress plugin Forminator, developed b ...

Pierluigi Paganini April 22, 2024
Cyber Crime

AKIRA RANSOMWARE RECEIVED $42M IN RANSOM PAYMENTS FROM OVER 250 VICTIMS

Government agencies revealed that Akira ransomware has breached over 250
entities worldwide and received over $42 million in ransom payments. A joint
advisory published by CISA, the FBI, Europol, ...

Pierluigi Paganini April 21, 2024
Hacking

DUNEQUIXOTE CAMPAIGN TARGETS THE MIDDLE EAST WITH A COMPLEX BACKDOOR

Threat actors target government entities in the Middle East with a new backdoor
dubbed CR4T as part of an operation tracked as DuneQuixote. Researchers from
Kaspersky discovered the DuneQuixote ca ...

Pierluigi Paganini April 21, 2024
Security

SECURITY AFFAIRS NEWSLETTER ROUND 468 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini April 21, 2024
Hacking

CRITICAL CRUSHFTP ZERO-DAY EXPLOITED IN ATTACKS IN THE WILD

Threat actors exploited a critical zero-day vulnerability in the CrushFTP
enterprise in targeted attacks, Crowdstrike experts warn. CrushFTP is a file
transfer server software that enables secure ...

Pierluigi Paganini April 20, 2024
Hacking

A FRENCH HOSPITAL WAS FORCED TO RESCHEDULE PROCEDURES AFTER CYBERATTACK

A French hospital was forced to return to pen and paper and postpone medical
treatments after a cyber attack. A cyber attack hit Hospital Simone Veil in
Cannes (CHC-SV) on Tuesday, impacting med ...

Pierluigi Paganini April 20, 2024
Security

MITRE REVEALED THAT NATION-STATE ACTORS BREACHED ITS SYSTEMS VIA IVANTI
ZERO-DAYS

The MITRE Corporation revealed that a nation-state actor compromised its systems
in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE
disclosed a security breach in one of its ...

Pierluigi Paganini April 19, 2024
Security

FBI CHIEF SAYS CHINA IS PREPARING TO ATTACK US CRITICAL INFRASTRUCTURE

China-linked threat actors are preparing cyber attacks against U.S. critical
infrastructure warned FBI Director Christopher Wray. FBI Director Christopher
Wray warned this week that China-linked t ...

Pierluigi Paganini April 19, 2024
Cyber Crime

UNITED NATIONS DEVELOPMENT PROGRAMME (UNDP) INVESTIGATES DATA BREACH

The United Nations Development Programme (UNDP) has initiated an investigation
into an alleged ransomware attack and the subsequent theft of data. The United
Nations Development Programme (UNDP) i ...

Pierluigi Paganini April 19, 2024
Cyber Crime

FIN7 TARGETED A LARGE U.S. CARMAKER WITH PHISHING ATTACKS

BlackBerry reported that the financially motivated group FIN7 targeted the IT
department of a large U.S. carmaker with spear-phishing attacks. In late 2023,
BlackBerry researchers spotted the thre ...

Pierluigi Paganini April 18, 2024
Hacking

LAW ENFORCEMENT OPERATION DISMANTLED PHISHING-AS-A-SERVICE PLATFORM LABHOST

An international law enforcement operation led to the disruption of the
prominent phishing-as-a-service platform LabHost. An international law
enforcement operation, codenamed Nebulae and coordin ...

Pierluigi Paganini April 18, 2024
Hacking

PREVIOUSLY UNKNOWN KAPEKA BACKDOOR LINKED TO RUSSIAN SANDWORM APT

Russia-linked APT Sandworm employed a previously undocumented backdoor
called Kapeka in attacks against Eastern Europe since 2022. WithSecure
researchers identified a new backdoor named Kapek ...

Pierluigi Paganini April 18, 2024
Hacking

CISCO WARNS OF A COMMAND INJECTION ESCALATION FLAW IN ITS IMC. POC PUBLICLY
AVAILABLE

Cisco has addressed a high-severity vulnerability in its Integrated Management
Controller (IMC) for which publicly available exploit code exists. Cisco has
addressed a high-severity Integrated Man ...

Pierluigi Paganini April 18, 2024
Cyber Crime

LINUX VARIANT OF CERBER RANSOMWARE TARGETS ATLASSIAN SERVERS

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to
deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October
2023, Atlassian warned of a critical ...

Pierluigi Paganini April 17, 2024
Security

IVANTI FIXED TWO CRITICAL FLAWS IN ITS AVALANCHE MDM

Ivanti addressed two critical vulnerabilities in its Avalanche mobile device
management (MDM) solution, that can lead to remote command execution. Ivanti
addressed multiple flaws in its Avalanche ...

Pierluigi Paganini April 17, 2024
Hacking

RESEARCHERS RELEASED EXPLOIT CODE FOR ACTIVELY EXPLOITED PALO ALTO PAN-OS BUG

Researchers released an exploit code for the actively exploited vulnerability
CVE-2024-3400 in Palo Alto Networks' PAN-OS. Researchers at watchTowr Labs have
released a technical analysis of the ...

Pierluigi Paganini April 17, 2024
Hacking

CISCO WARNS OF LARGE-SCALE BRUTE-FORCE ATTACKS AGAINST VPN AND SSH SERVICES

Cisco Talos warns of large-scale brute-force attacks against a variety of
targets, including VPN services, web application authentication interfaces and
SSH services.   Cisco Talos researchers wa ...

Pierluigi Paganini April 17, 2024
Security

PUTTY SSH CLIENT FLAW ALLOWS OF PRIVATE KEYS RECOVERY

The PuTTY Secure Shell (SSH) and Telnet client are impacted by a critical
vulnerability that could be exploited to recover private keys. PuTTY tools from
0.68 to 0.80 inclusive are affected by a ...

Pierluigi Paganini April 16, 2024
Intelligence

A RENEWED ESPIONAGE CAMPAIGN TARGETS SOUTH ASIA WITH IOS SPYWARE LIGHTSPY

Researchers warn of a renewed cyber espionage campaign targeting users in South
Asia with the Apple iOS spyware LightSpy Blackberry researchers discovered a
renewed cyber espionage campaign target ...

Pierluigi Paganini April 16, 2024
Intelligence

MISINFORMATION AND HACKTIVIST CAMPAIGNS TARGETING THE PHILIPPINES SKYROCKET

Amidst rising tensions with China in the SCS, Resecurity observed a spike in
malicious cyber activity targeting the Philippines in Q1 2024. Amidst rising
tensions with China in the South China Se ...

Pierluigi Paganini April 16, 2024
Cyber warfare

RUSSIA IS TRYING TO SABOTAGE EUROPEAN RAILWAYS, CZECH MINISTER SAID

Czech transport minister warned that Russia conducted ‘thousands’ of attempts to
sabotage railways, attempting to interfere with train networks and signals.
Early this month, the Czech transpo ...

Pierluigi Paganini April 16, 2024
Cyber Crime

RANSOMWARE GROUP DARK ANGELS CLAIMS THE THEFT OF 1TB OF DATA FROM CHIPMAKER
NEXPERIA 

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker
Nexperia and the theft of 1 TB of data from the company. The Dark Angels
(Dunghill) ransomware group claims responsibil ...

Pierluigi Paganini April 16, 2024
Cyber Crime

CISCO DUO WARNS TELEPHONY SUPPLIER DATA BREACH EXPOSED MFA SMS LOGS

Cisco Duo warns that a data breach involving one of its telephony suppliers
exposed multifactor authentication (MFA) messages sent by the company via SMS
and VOIP to its customers.  Cisco Duo war ...

Pierluigi Paganini April 15, 2024
Hacking

UKRAINIAN BLACKJACK GROUP USED ICS MALWARE FUXNET AGAINST RUSSIAN TARGETS

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed
Fuxnet in attacks against Russian infrastructure. Industrial and enterprise IoT
cybersecurity firm Claroty reported that ...

Pierluigi Paganini April 15, 2024
Hacking

CISA ADDS PALO ALTO NETWORKS PAN-OS COMMAND INJECTION FLAW TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto
Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Infras ...

Pierluigi Paganini April 15, 2024
APT

THREAT ACTORS EXPLOITED PALO ALTO PAN-OS ISSUE TO DEPLOY A PYTHON BACKDOOR

Threat actors have been exploiting the recently disclosed zero-day in Palo Alto
Networks PAN-OS since March 26, 2024. Palo Alto Networks and Unit 42 are
investigating the activity related to CVE-2 ...

Pierluigi Paganini April 15, 2024
Cyber Crime

U.S. AND AUSTRALIAN POLICE ARRESTED FIREBIRD RAT AUTHOR AND OPERATOR

A joint investigation conducted by U.S. and Australian authorities led to the
arrest of two key figures behind the Firebird RAT operation. A joint law
enforcement operation conducted by the Austra ...

Pierluigi Paganini April 15, 2024
Cyber Crime

CANADIAN RETAIL CHAIN GIANT TIGER DATA BREACH MAY HAVE IMPACTED MILLIONS OF
CUSTOMERS

A threat actor claimed the hack of the Canadian retail chain Giant Tiger and
leaked 2.8 million records on a hacker forum. A threat actor, who goes online
with the moniker ShopifyGUY, claimed re ...

Pierluigi Paganini April 14, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 467 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini April 14, 2024
Cyber Crime

CROOKS MANIPULATE GITHUB'S SEARCH RESULTS TO DISTRIBUTE MALWARE

Researchers warn threat actors are manipulating GitHub search results to target
developers with persistent malware. Checkmarx researchers reported that threat
actors are manipulating GitHub search ...

Pierluigi Paganini April 13, 2024
Security

BATBADBUT FLAW ALLOWED AN ATTACKER TO PERFORM COMMAND INJECTION ON WINDOWS

A critical vulnerability, named ‘BatBadBut’, impacts multiple programming
languages, its exploitation can lead to command injection in Windows
applications. The cybersecurity researcher RyotaK ...

Pierluigi Paganini April 13, 2024
Data Breach

ROKU DISCLOSED A NEW SECURITY BREACH IMPACTING 576,000 ACCOUNTS

Roku announced that 576,000 accounts were compromised in a new wave of
credential stuffing attacks. Roku announced that 576,000 accounts were hacked in
new credential stuffing attacks, threat act ...

Pierluigi Paganini April 12, 2024
Cyber Crime

LASTPASS EMPLOYEE TARGETED VIA AN AUDIO DEEPFAKE CALL

Crooks targeted a LastPass employee using deepfake technology to impersonate the
company's CEO in a fraudulent scheme. In a fraudulent scheme, criminals used
deepfake technology to impersonate Las ...

Pierluigi Paganini April 12, 2024
Cyber Crime

TA547 TARGETS GERMAN ORGANIZATIONS WITH RHADAMANTHYS MALWARE

TA547 group is targeting dozens of German organizations with an information
stealer called Rhadamanthys, Proofpoint warns. Proofpoint researchers observed a
threat actor, tracked as TA547, targe ...

Pierluigi Paganini April 12, 2024
Security

CISA ADDS D-LINK MULTIPLE NAS DEVICES BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link
multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure Securit ...

Pierluigi Paganini April 11, 2024
Data Breach

US CISA PUBLISHED AN ALERT ON THE SISENSE DATA BREACH

Business intelligence software company Sisense suffered a cyberattack that may
have exposed sensitive information of major enterprises worldwide. Sisense, a
business intelligence software company, ...

Pierluigi Paganini April 11, 2024
Security

PALO ALTO NETWORKS FIXED MULTIPLE DOS BUGS IN ITS FIREWALLS

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system,
including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto
Networks released security updates ...

Pierluigi Paganini April 11, 2024
Security

APPLE WARNS OF MERCENARY SPYWARE ATTACKS ON IPHONE USERS IN 92 COUNTRIES

Apple is warning iPhone users in over 90 countries of targeted mercenary spyware
attacks, Reuters agency reported. Apple is alerting iPhone users in 92 countries
about mercenary spyware attacks, r ...

Pierluigi Paganini April 11, 2024
Security

MICROSOFT FIXED TWO ZERO-DAY BUGS EXPLOITED IN MALWARE ATTACKS

Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and
CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft
addressed two zero-day vulnerabilities, tracke ...

Pierluigi Paganini April 11, 2024
Data Breach

GROUP HEALTH COOPERATIVE DATA BREACH IMPACTED 530,000 INDIVIDUALS

Group Health Cooperative of South Central Wisconsin disclosed a data breach that
impacted over 500,000 individuals. The Group Health Cooperative of South Central
Wisconsin (GHC-SCW) is a non-prof ...

Pierluigi Paganini April 10, 2024
Data Breach

AT&T STATES THAT THE DATA BREACH IMPACTED 51 MILLION FORMER AND CURRENT
CUSTOMERS

AT&T confirmed that the data breach impacted 51 million former and current
customers and is notifying them. AT&T revealed that the recently disclosed data
breach impacts more than 51 milli ...

Pierluigi Paganini April 10, 2024
Security

FORTINET FIXED A CRITICAL REMOTE CODE EXECUTION BUG IN FORTICLIENTLINUX

Fortinet addressed multiple issues in FortiOS and other products, including a
critical remote code execution flaw in FortiClientLinux. Fortinet fixed a dozen
vulnerabilities in multiple products, ...

Pierluigi Paganini April 10, 2024
Breaking News

MICROSOFT PATCHES TUESDAY SECURITY UPDATES FOR APRIL 2024 FIXED HUNDREDS OF
ISSUES

Microsoft Patches Tuesday security updates for April 2024 addressed three
Critical vulnerabilities, none actively exploited in the wild. Microsoft Patches
Tuesday security updates for April 2024 a ...

Pierluigi Paganini April 10, 2024
Uncategorized

CYBERSECURITY IN THE EVOLVING THREAT LANDSCAPE

As technology evolves and our dependence on digital systems increases, the
cybersecurity threat landscape also rapidly changes, posing fresh challenges for
organizations striving to protect their ass ...

Pierluigi Paganini April 10, 2024
Hacking

OVER 91,000 LG SMART TVS RUNNING WEBOS ARE VULNERABLE TO HACKING

Researchers found multiple vulnerabilities in LG webOS running on smart TVs that
could allow attackers to gain root access to the devices. Bitdefender
researchers discovered multiple vulnerabiliti ...

Pierluigi Paganini April 09, 2024
Cyber Crime

SCRUBCRYPT USED TO DROP VENOMRAT ALONG WITH MANY MALICIOUS PLUGINS

Researchers discovered a sophisticated multi-stage attack that leverages
ScrubCrypt to drop VenomRAT along with many malicious plugins. Fortinet
researchers observed a threat actor sending out a p ...

Pierluigi Paganini April 09, 2024
Security

GOOGLE ANNOUNCES V8 SANDBOX TO PROTECT CHROME USERS

Google announced support for a V8 Sandbox in the Chrome web browser to protect
users from exploits triggering memory corruption issues. Google has announced
support for what's called a V8 Sandb ...

Pierluigi Paganini April 09, 2024
Security

CHINA IS USING GENERATIVE AI TO CARRY OUT INFLUENCE OPERATIONS

China-linked threat actors are using AI to carry out influence operations aimed
at fueling social disorders in the U.S. and Taiwan. China is using generative
artificial intelligence to carry out ...

Pierluigi Paganini April 09, 2024
Data Breach

GREYLOCK MCKINNON ASSOCIATES DATA BREACH EXPOSED DOJ DATA OF 341650 PEOPLE

Greylock McKinnon Associates, a service provider for the Department of Justice,
suffered a data breach that exposed data of 341650 people. Greylock McKinnon
Associates (GMA) provides expert econom ...

Pierluigi Paganini April 08, 2024
Hacking

CROWDFENSE IS OFFERING A LARGER 30M USD EXPLOIT ACQUISITION PROGRAM

Zero-day broker firm Crowdfense announced a 30 million USD offer as part of its
Exploit Acquisition Program. Crowdfense is a world-leading research hub and
acquisition platform focused on high-qua ...

Pierluigi Paganini April 08, 2024
Hacking

U.S. DEPARTMENT OF HEALTH WARNS OF ATTACKS AGAINST IT HELP DESKS

The U.S. Department of Health and Human Services (HHS) warns of attacks against
IT help desks across the Healthcare and Public Health (HPH) sector. The U.S.
Department of Health and Human Services ...

Pierluigi Paganini April 08, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 466 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini April 07, 2024
Hacking

OVER 92,000 INTERNET-FACING D-LINK NAS DEVICES CAN BE EASILY HACKED

A researcher disclosed an arbitrary command injection and hardcoded backdoor
issue in multiple end-of-life D-Link NAS models. A researcher who goes online
with the moniker 'Netsecfish' disclosed a ...

Pierluigi Paganini April 07, 2024
Security

MORE THAN 16,000 IVANTI VPN GATEWAYS STILL VULNERABLE TO RCE CVE-2024-21894

Experts warn of roughly 16,500 Ivanti Connect Secure and Poly Secure gateways
still vulnerable to a remote code execution (RCE) flaw. Shadowserver researchers
reported that roughly 16,500 Ivanti C ...

Pierluigi Paganini April 06, 2024
Security

CISCO WARNS OF XSS FLAW IN END-OF-LIFE SMALL BUSINESS ROUTERS

Cisco warns customers of Small Business RV016, RV042, RV042G, RV082, RV320, and
RV325 Routers Cross-Site scripting flaw. Cisco warns of a Small Business RV016,
RV042, RV042G, RV082, RV320, and RV3 ...

Pierluigi Paganini April 06, 2024
Hacking

MAGENTO FLAW EXPLOITED TO DEPLOY PERSISTENT BACKDOOR HIDDEN IN XML

Threat actors are exploiting critical Magento vulnerability CVE-2024-20720 to
install a persistent backdoor on e-stores. Sansec researchers observed threat
actors are exploiting the recently discl ...

Pierluigi Paganini April 05, 2024
Cyber Crime

CYBERATTACK DISRUPTED SERVICES AT OMNI HOTELS & RESORTS

US hotel chain Omni Hotels & Resorts suffered a cyber attack that forced the
company to shut down its systems. A cyberattack hit Omni Hotels & Resorts
disrupting its services and forcing t ...

Pierluigi Paganini April 05, 2024
Security

HTTP/2 CONTINUATION FLOOD TECHNIQUE CAN BE EXPLOITED IN DOS ATTACKS

HTTP/2 CONTINUATION Flood: Researchers warn of a new HTTP/2 vulnerability that
can be exploited to conduct powerful denial-of-service (DoS) attacks. HTTP
messages can contain named fields in both ...

Pierluigi Paganini April 05, 2024
Data Breach

US CANCER CENTER CITY OF HOPE: DATA BREACH IMPACTED 827149 INDIVIDUALS

US cancer center City of Hope suffered a data breach that impacted 800,000
individuals, personal and health information was compromised. City of Hope is a
renowned cancer research and treatment ce ...

Pierluigi Paganini April 04, 2024
Security

IVANTI FIXED FOR 4 NEW ISSUES IN CONNECT SECURE AND POLICY SECURE

Ivanti addressed four flaws impacting Connect Secure and Policy Secure Gateways
that could lead to code execution and denial-of-service (DoS) condition. Ivanti
has released security updates to add ...

Pierluigi Paganini April 04, 2024
Cyber Crime

JACKSON COUNTY, MISSOURI, DISCLOSES A RANSOMWARE ATTACK

Jackson County, Missouri, confirmed that a ransomware attack has disrupted
several county services. A ransomware attack disrupted several services of the
Jackson County, Missouri. The County Execu ...

Pierluigi Paganini April 04, 2024
Hacking

GOOGLE ADDRESSED ANOTHER CHROME ZERO-DAY EXPLOITED AT PWN2OWN IN MARCH

Google fixed another Chrome zero-day vulnerability exploited during the Pwn2Own
hacking competition in March. Google has addressed another zero-day
vulnerability in the Chrome browser, tracked as ...

Pierluigi Paganini April 03, 2024
Malware

THE NEW VERSION OF JSOUTPROX IS ATTACKING FINANCIAL INSTITUTIONS IN APAC AND
MENA VIA GITLAB ABUSE

Resecurity researchers warn that a new Version of JsOutProx is targeting
financial institutions in APAC and MENA via Gitlab abuse. Resecurity has
detected a new version of JSOutProx, which is targ ...

Pierluigi Paganini April 03, 2024
Security

GOOGLE FIXED TWO ACTIVELY EXPLOITED PIXEL VULNERABILITIES

Google addressed several vulnerabilities in Android and Pixel devices, including
two actively exploited flaws. Google addressed 28 vulnerabilities in Android and
25 flaws in Pixel devices. Two iss ...

Pierluigi Paganini April 03, 2024
Data Breach

HIGHLY SENSITIVE FILES MYSTERIOUSLY DISAPPEARED FROM EUROPOL HEADQUARTERS

Serious security breach hits EU police agency A batch of highly sensitive files
containing the personal information of top Europol executives mysteriously
disappeared last summer The website Po ...

Pierluigi Paganini April 03, 2024
Hacking

XSS FLAW IN WORDPRESS WP-MEMBERS PLUGIN CAN LEAD TO SCRIPT INJECTION

A cross-site scripting vulnerability (XXS) in the WordPress WP-Members
Membership plugin can lead to malicious script injection. Researchers from
Defiant’s Wordfence research team disclosed a cr ...

Pierluigi Paganini April 02, 2024
Security

BINARLY RELEASED THE FREE ONLINE SCANNER TO DETECT THE CVE-2024-3094 BACKDOOR

Researchers from the firmware security firm Binarly released a free online
scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer
Andres Freund discovered a backdoor issue in ...

Pierluigi Paganini April 02, 2024
Laws and regulations

GOOGLE AGREED TO ERASE BILLIONS OF BROWSER RECORDS TO SETTLE A CLASS ACTION
LAWSUIT

Google is going to delete data records related to the 'Incognito Mode' browsing
activity to settle a class action lawsuit. Google has agreed to delete billions
of data records related to users' br ...

Pierluigi Paganini April 02, 2024
Data Breach

PANDABUY DATA BREACH ALLEGEDLY IMPACTED OVER 1.3 MILLION CUSTOMERS

Threat actors claimed the hack of the PandaBuy online shopping platform and
leaked data belonging to more than 1.3 million customers. At least two threat
actors claimed the hack of the PandaBuy on ...

Pierluigi Paganini April 02, 2024
Data Breach

OWASP DISCLOSES A DATA BREACH

The OWASP Foundation disclosed a data breach that impacted some members due to a
misconfiguration of an old Wiki web server. The OWASP Foundation has disclosed a
data breach that impacted some of ...

Pierluigi Paganini April 01, 2024
Malware

NEW VULTUR MALWARE VERSION INCLUDES ENHANCED REMOTE CONTROL AND EVASION
CAPABILITIES

Researchers detected a new version of the Vultur banking trojan for Android with
enhanced remote control and evasion capabilities. Researchers from NCC Group
discovered a new version of the Vultur ...

Pierluigi Paganini April 01, 2024
Cyber warfare

PENTAGON ESTABLISHED THE OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE FOR CYBER
POLICY

The US government announced establishing the Office of the Assistant Secretary
of Defense for Cyber Policy. The US Defense Department announced establishing
the Office of the Assistant Secretary o ...

Pierluigi Paganini April 01, 2024
Malware

INFO STEALER ATTACKS TARGET MACOS USERS

Experts warn of info stealer malware, including Atomic Stealer, targeting Apple
macOS users via malicious ads and rogue websites. Jamf Threat Labs researchers
analyzed info stealer malware attack ...

Pierluigi Paganini April 01, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 465 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini March 31, 2024
Malware

DINODASRAT LINUX VARIANT TARGETS USERS WORLDWIDE

A Linux variant of the DinodasRAT backdoor used in attacks against users in
China, Taiwan, Turkey, and Uzbekistan, researchers from Kaspersky warn.
Researchers from Kaspersky uncovered a Linux ...

Pierluigi Paganini March 31, 2024
Data Breach

AT&T CONFIRMED THAT A DATA BREACH IMPACTED 73 MILLION CUSTOMERS

AT&T confirmed that a data breach impacted 73 million current and former
customers after its data were leaked on a cybercrime forum. In March 2024, more
than 70,000,000 records from an unspeci ...

Pierluigi Paganini March 31, 2024
Malware

EXPERT FOUND A BACKDOOR IN XZ TOOLS USED MANY LINUX DISTRIBUTIONS

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in
Fedora development and experimental versions. Red Hat urges users to immediately
stop using systems running Fedora ...

Pierluigi Paganini March 30, 2024
Security

GERMAN BSI WARNS OF 17,000 UNPATCHED MICROSOFT EXCHANGE SERVERS

The German Federal Office for Information Security (BSI) warned of thousands of
Microsoft Exchange servers in the country vulnerable to critical flaws. The
German Federal Office for Information Se ...

Pierluigi Paganini March 30, 2024
Hacking

CISCO WARNS OF PASSWORD-SPRAYING ATTACKS TARGETING SECURE FIREWALL DEVICES

Cisco warns customers of password-spraying attacks that have been targeting
Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is
warning customers of password-spraying att ...

Pierluigi Paganini March 29, 2024
Data Breach

AMERICAN FAST-FASHION FIRM HOT TOPIC HIT BY CREDENTIAL STUFFING ATTACKS

Hot Topic suffered credential stuffing attacks that exposed customers' personal
information and partial payment data. Hot Topic, Inc. is an
American fast-fashion company specializing in counte ...

Pierluigi Paganini March 29, 2024
Security

CISCO ADDRESSED HIGH-SEVERITY FLAWS IN IOS AND IOS XE SOFTWARE

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be
exploited to trigger a denial-of-service (DoS) condition. Cisco this week
released patches to address multiple IOS a ...

Pierluigi Paganini March 28, 2024
Hacking

GOOGLE: CHINA DOMINATES GOVERNMENT EXPLOITATION OF ZERO-DAY VULNERABILITIES IN
2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number
of actively exploited zero-day vulnerabilities in 2023. Google's Threat Analysis
Group (TAG) and its subsidiary Man ...

Pierluigi Paganini March 28, 2024
Security

GOOGLE ADDRESSED 2 CHROME ZERO-DAYS DEMONSTRATED AT PWN2OWN 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that
have been demonstrated during the Pwn2Own Vancouver 2024. Google addressed
several vulnerabilities in the Chrome web br ...

Pierluigi Paganini March 28, 2024
Security

CISA ADDS MICROSOFT SHAREPOINT BUG DISCLOSED AT PWN2OWN TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft
SharePoint vulnerability disclosed at the 2023 Pwn2Own to its Known Exploited
Vulnerabilities catalog. The U.S. Cybers ...

Pierluigi Paganini March 27, 2024
Security

THE DDR ADVANTAGE: REAL-TIME DATA DEFENSE

This is the advantage of Data Detection and Response (DDR) for organizations
aiming to build a real-time data defense. In cybersecurity, and in life, by the
time you find out that something went w ...

Pierluigi Paganini March 27, 2024
APT

FINNISH POLICE LINKED APT31 TO THE 2021 PARLIAMENT ATTACK

The Finnish Police attributed the attack against the parliament that occurred in
March 2021 to the China-linked group APT31. The Finnish Police attributed the
March 2021 attack on the parliament t ...

Pierluigi Paganini March 27, 2024
Malware

THEMOON BOT INFECTED 40,000 DEVICES IN JANUARY AND FEBRUARY

A new variant of TheMoon malware infected thousands of outdated small office and
home office (SOHO) routers and IoT devices worldwide. The Black Lotus Labs team
at Lumen Technologies uncovered an ...

Pierluigi Paganini March 26, 2024
APT

UK, NEW ZEALAND AGAINST CHINA-LINKED CYBER OPERATIONS

UK, Australia and New Zealand are accusing China-linked threat actors of cyber
operations against UK institutions and parliamentarians. GCHQ’s National Cyber
Security Centre believes that China- ...

Pierluigi Paganini March 26, 2024
APT

US TREASURY DEP ANNOUNCED SANCTIONS AGAINST MEMBERS OF CHINA-LINKED APT31

The US Treasury Department announced sanctions on two APT31 Chinese hackers
linked to attacks against organizations in the US critical infrastructure
sector. The US government announced sanctions ...

Pierluigi Paganini March 26, 2024
Security

CISA ADDS FORTICLIENT EMS, IVANTI EPM CSA, NICE LINEAR EMERGE E3-SERIES BUGS TO
ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FortiClient
EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cybers ...

Pierluigi Paganini March 25, 2024
APT

IRAN-LINKED APT TA450 EMBEDS MALICIOUS LINKS IN PDF ATTACHMENTS

In recent campaigns, Iran-linked APT group MuddyWater used a legitimate Remote
Monitoring and Management (RMM) solution called Atera. Proofpoint researchers
observed the Iran-linked APT group Mudd ...

Pierluigi Paganini March 25, 2024
Cyber Crime

STRELASTEALER TARGETED OVER 100 ORGANIZATIONS ACROSS THE EU AND US

Researchers reported that over 100 organizations in Europe and US were targeted
by a wave of large-scale StrelaStealer campaigns Palo Alto Networks' Unit42
spotted a wave of large-scale StrelaStea ...

Pierluigi Paganini March 25, 2024
Hacking

GOFETCH SIDE-CHANNEL ATTACK AGAINST APPLE SYSTEMS ALLOWS SECRET KEYS EXTRACTION

Researchers demonstrated a new side-channel attack, named GoFetch, against Apple
CPUs that could allow an attacker to obtain secret keys. A team of researchers
from several US universities demonst ...

Pierluigi Paganini March 25, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 464 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini March 24, 2024
Cyber Crime

CYBERCRIMINALS ACCELERATE ONLINE SCAMS DURING RAMADAN AND EID FITR

During the month of Ramadan, Resecurity observed a significant increase in
fraudulent activities and scams. During the month of Ramadan, Resecurity
observed a significant increase in fraudulent ac ...

Pierluigi Paganini March 24, 2024
APT

RUSSIA-LINKED APT29 TARGETED GERMAN POLITICAL PARTIES WITH WINELOADER BACKDOOR

Russia-linked threat actors employ the WINELOADER backdoor in recent attacks
targeting German political parties. In late February, Mandiant researchers
spotted the Russia-linked group APT29 using ...

Pierluigi Paganini March 23, 2024
Hacking

MOZILLA FIXED FIREFOX ZERO-DAYS EXPLOITED AT PWN2OWN VANCOUVER 2024

Mozilla addressed two Firefox zero-day vulnerabilities exploited during the
Pwn2Own Vancouver 2024 hacking competition. Mozilla has done an amazing job
addressing two zero-day vulnerabilities in t ...

Pierluigi Paganini March 23, 2024
Hacking

LARGE-SCALE SIGN1 MALWARE CAMPAIGN ALREADY INFECTED 39,000+ WORDPRESS SITES

A large-scale malware campaign, tracked as Sign1, has already compromised 39,000
WordPress sites in the last six months. Sucurity researchers at Sucuri spotted a
malware campaign, tracked as Sign1 ...

Pierluigi Paganini March 23, 2024
Cyber Crime

GERMAN POLICE SEIZED THE DARKNET MARKETPLACE NEMESIS MARKET

The German police seized the infrastructure of the darknet marketplace Nemesis
Market disrupting its operation. An operation conducted by the Federal Criminal
Police Office in Germany (BKA) and th ...

Pierluigi Paganini March 23, 2024
Hacking

UNSAFLOK FLAWS ALLOW TO OPEN MILLIONS OF DOORS USING DORMAKABA SAFLOK ELECTRONIC
LOCKS

A flaw in Dormakaba Saflok electronic locks, dubbed Unsaflok, can allow threat
actors to open millions of doors worldwide. Researchers Lennert Wouters, Ian
Carroll, rqu, BusesCanFly ...

Pierluigi Paganini March 22, 2024
Hacking

PWN2OWN VANCOUVER 2024: PARTICIPANTS EARNED $1,132,500 FOR 29 UNIQUE 0-DAYS

Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned
$1,132,500 for demonstrating 29 unique zero-days. Trend Micro’s Zero Day
Initiative (ZDI) announced that participant ...

Pierluigi Paganini March 22, 2024
Hacking

CRITICAL FORTINET'S FORTICLIENT EMS FLAW ACTIVELY EXPLOITED IN THE WILD

Researchers released a PoC exploit for a critical flaw in Fortinet's FortiClient
Enterprise Management Server (EMS) software, which is actively exploited.
Security researchers at Horizon3 have rel ...

Pierluigi Paganini March 21, 2024
Hacking

PWN2OWN VANCOUVER 2024 DAY 1 - TEAM SYNACKTIV HACKED A TESLA

Participants earned $732,500 on the first day of the Pwn2Own Vancouver 2024
hacking competition, a team demonstrated a Tesla hack. Participants earned
$732,000 on the first day of the Pwn2Own Vanc ...

Pierluigi Paganini March 21, 2024
Hacking

NEW LOOP DOS ATTACK MAY TARGET 300,000 VULNERABLE HOSTS

Boffins devised a new application-layer loop DoS attack based on the UDP
protocol that impacts major vendors, including Broadcom, Microsoft and MikroTik.
Researchers from the CISPA Helmholtz Cente ...

Pierluigi Paganini March 21, 2024
Security

CRITICAL FLAW IN ATLASSIAN BAMBOO DATA CENTER AND SERVER MUST BE FIXED
IMMEDIATELY

Atlassian fixed tens of vulnerabilities in Bamboo, Bitbucket, Confluence, and
Jira products, including a critical flaw that can be very dangerous. Atlassian
addressed multiple vulnerabilities in i ...

Pierluigi Paganini March 20, 2024
Breaking News

THREAT ACTORS ACTIVELY EXPLOIT JETBRAINS TEAMCITY FLAWS TO DELIVER MALWARE

Multiple threat actors are exploiting the recently disclosed JetBrains TeamCity
flaw CVE-2024-27198 in attacks in the wild. Trend Micro researchers are
exploiting the recently disclosed vulnerabil ...

Pierluigi Paganini March 20, 2024
Hacking

BUNNYLOADER 3.0 SURFACES IN THE THREAT LANDSCAPE

Researchers found a new variant of the BunnyLoader malware with a modular
structure and new evasion capabilities. In October 2023, Zscaler ThreatLabz
researchers discovered a new malware ...

Pierluigi Paganini March 20, 2024
Hacking

POKEMON COMPANY RESETS SOME USERS' PASSWORDS

The Pokemon Company resets some users' passwords in response to hacking attempts
against some of its users. The Pokemon Company announced it had reset the
passwords for some accounts after it had ...

Pierluigi Paganini March 20, 2024
Cyber Crime

UKRAINE CYBER POLICE ARRESTED CROOKS SELLING 100 MILLION COMPROMISED ACCOUNTS

Ukraine cyber police, along with the national police, arrested three hackers
attempting to sell 100 million compromised emails and Instagram accounts. The
Ukraine cyber police and the national pol ...

Pierluigi Paganini March 19, 2024
Cyber warfare

NEW ACIDPOUR WIPER TARGETS LINUX X86 DEVICES. IS IT A RUSSIA'S WEAPON?

A new variant of the Russia-linked wiper AcidRain, tracked as AcidPour, was
spotted targeting Linux x86 devices. A new variant of a data wiper AcidRain,
tracked as AcidPour, is specifically design ...

Pierluigi Paganini March 19, 2024
Hacking

PLAYERS HACKED DURING THE MATCHES OF APEX LEGENDS GLOBAL SERIES. TOURNAMENT
SUSPENDED

On Sunday, two competitive esports players were hacked while participating at
the Apex Legends Global Series tournament. Electronic Arts postponed the North
American (NA) finals of the Apex ...

Pierluigi Paganini March 19, 2024
APT

EARTH KRAHANG APT BREACHED TENS OF GOVERNMENT ORGANIZATIONS WORLDWIDE

Trend Micro uncovered a sophisticated campaign conducted by Earth Krahang APT
group that breached 70 organizations worldwide. Trend Micro researchers
uncovered a sophisticated campaign conducted b ...

Pierluigi Paganini March 19, 2024
Hacking

POC EXPLOIT FOR CRITICAL RCE FLAW IN FORTRA FILECATALYST TRANSFER TOOL RELEASED

Fortra addressed a critical remote code execution vulnerability impacting
its FileCatalyst file transfer product. Fortra has released updates to address a
critical vulnerability, tracked as CVE- ...

Pierluigi Paganini March 18, 2024
Hacking

FUJITSU SUFFERED A MALWARE ATTACK AND PROBABLY A DATA BREACH

Technology giant Fujitsu announced it had suffered a cyberattack that may have
resulted in the theft of customer information. Japanese technology giant Fujitsu
on Friday announced it had suffered ...

Pierluigi Paganini March 18, 2024
Hacking

REMOVE WORDPRESS MINIORANGE PLUGINS, A CRITICAL FLAW CAN ALLOW SITE TAKEOVER

A critical vulnerability in WordPress miniOrange's Malware Scanner and Web
Application Firewall plugins can allow site takeover. On March 1st, 2024,
WordPress security firm Wordfence received a su ...

Pierluigi Paganini March 18, 2024
Uncategorized

THE AVIATION AND AEROSPACE SECTORS FACE SKYROCKETING CYBER THREATS

Resecurity reported about the increasing wave of cyber incidents targeting the
aerospace and aviation sectors. The experts emphasized the importance of
rigorous cybersecurity risk assessments for ...

Pierluigi Paganini March 18, 2024
Hacking

EMAIL ACCOUNTS OF THE INTERNATIONAL MONETARY FUND COMPROMISED

Threat actors compromised at least 11 International Monetary Fund (IMF) email
accounts earlier this year, the organization revealed. The International
Monetary Fund (IMF) disclosed a security brea ...

Pierluigi Paganini March 18, 2024
Data Breach

THREAT ACTORS LEAKED 70,000,000+ RECORDS ALLEGEDLY STOLEN FROM AT&T

Researchers at vx-underground first noticed that more than 70,000,000 records
from AT&T were leaked on the Breached hacking forum. More than 70,000,000
records from an unspecified division of ...

Pierluigi Paganini March 17, 2024
Hacking

“GITGUB” MALWARE CAMPAIGN TARGETS GITHUB USERS WITH RISEPRO INFO-STEALER

Cybersecurity researchers discovered multiple GitHub repositories hosting
cracked software that are used to drop the RisePro info-stealer. G-Data
researchers found at least 13 such Github reposito ...

Pierluigi Paganini March 17, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 463 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini March 17, 2024
Data Breach

FRANCE TRAVAIL DATA BREACH IMPACTED 43 MILLION PEOPLE

Unemployment agency France Travail (Pôle Emploi) recently suffered a data breach
that could impact 43 million people. On August 2023, the French government
employment agency Pôle emploi suffered ...

Pierluigi Paganini March 16, 2024
Cyber Crime

SCRANTON SCHOOL DISTRICT IN PENNSYLVANIA SUFFERED A RANSOMWARE ATTACK

School districts continue to be under attack, schools in Scranton, Pennsylvania,
are suffering a ransomware attack. This week, schools in Scranton, Pennsylvania,
experienced a ransomware attack, r ...

Pierluigi Paganini March 16, 2024
Breaking News

LAZARUS APT GROUP RETURNED TO TORNADO CASH TO LAUNDER STOLEN FUNDS

North Korea-linked Lazarus APT group allegedly using again the mixer platform
Tornado Cash to launder $23 million.  North Korea-linked Lazarus APT group
allegedly has reportedly resumed using the ...

Pierluigi Paganini March 16, 2024
Cyber Crime

MOLDOVAN CITIZEN SENTENCED IN CONNECTION WITH THE E-ROOT CYBERCRIME MARKETPLACE
CASE

US DoJ sentenced a Moldovan national (31) to 42 months in federal prison for
operating the E-Root cybercrime marketplace. U.S. District Court sentenced the
Moldovan national (31) Sandu Boris Diaco ...

Pierluigi Paganini March 15, 2024
Cyber warfare

UK DEFENCE SECRETARY JET HIT BY AN ELECTRONIC WARFARE ATTACK IN POLAND

Russian hackers have knocked down the GPS and communications of Defence
Secretary Grant Shapps RAF Dassault Falcon 900 jet with electronic warfare
attack. Defence Secretary Grant Shapps RAF Dassau ...

Pierluigi Paganini March 15, 2024
Security

CISCO FIXED HIGH-SEVERITY ELEVATION OF PRIVILEGE AND DOS BUGS

Cisco this week addressed high-severity elevation of privilege and
denial-of-service (DoS) vulnerabilities in IOS RX software. Cisco addressed
multiple vulnerabilities in IOS RX software, includin ...

Pierluigi Paganini March 14, 2024
Malware

RECENT DARKGATE CAMPAIGN EXPLOITED MICROSOFT WINDOWS ZERO-DAY

Researchers recently uncovered a DarkGate campaign in mid-January 2024, which
exploited Microsoft zero-day vulnerability. Researchers at the Zero Day
Initiative (ZDI) recently uncovered a DarkGat ...

Pierluigi Paganini March 14, 2024
Data Breach

NISSAN OCEANIA DATA BREACH IMPACTED ROUGHLY 100,000 PEOPLE

The ransomware attack that hit the systems of Nissan Oceania in December 2023
impacted roughly 100,000 individuals. Nissan Oceania, the regional division of
the multinational carmaker, announced i ...

Pierluigi Paganini March 14, 2024
Hacking

RESEARCHERS FOUND MULTIPLE FLAWS IN CHATGPT PLUGINS

Researchers analyzed ChatGPT plugins and discovered several types of
vulnerabilities that could lead to data exposure and account takeover.
Researchers from Salt Security discovered three types of ...

Pierluigi Paganini March 14, 2024
Security

FORTINET FIXES CRITICAL BUGS IN FORTIOS, FORTIPROXY, AND FORTICLIENTEMS

Fortinet released security updates to address critical code execution
vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS. Fortinet this week
has released security updates to fix critical c ...

Pierluigi Paganini March 13, 2024
Data Breach

ACER PHILIPPINES DISCLOSED A DATA BREACH AFTER A THIRD-PARTY VENDOR HACK

Acer Philippines disclosed a data breach after employee data was leaked by a
threat actor on a hacking forum. Acer Philippines confirmed that employee data
was compromised in an attack targeting a ...

Pierluigi Paganini March 13, 2024
Cyber Crime

STANFORD UNIVERSITY ANNOUNCED THAT 27,000 INDIVIDUALS WERE IMPACTED IN THE 2023
RANSOMWARE ATTACK

Threat actors behind the ransomware attacks that hit Stanford University in 2023
gained access to 27,000 people. Stanford University confirmed that threat actors
behind the September 2023 ransomwa ...

Pierluigi Paganini March 13, 2024
Security

MICROSOFT PATCH TUESDAY SECURITY UPDATES FOR MARCH 2024 FIXED 59 FLAWS

Microsoft Patch Tuesday security updates for March 2024 addressed 59 security
vulnerabilities in its products, including RCE flaws. Microsoft released Patch
Tuesday security updates for March 2023 ...

Pierluigi Paganini March 12, 2024
Intelligence

RUSSIA'S FOREIGN INTELLIGENCE SERVICE (SVR) ALLEGES US IS PLOTTING TO INTERFERE
IN PRESIDENTIAL ELECTION

Russia’s Foreign Intelligence Service (SVR) claims that the US intelligence
plans to interfere with its presidential election. Russia's Foreign Intelligence
Service (SVR) alleges that the US is ...

Pierluigi Paganini March 12, 2024
Breaking News

FIRST-EVER SOUTH KOREAN NATIONAL DETAINED FOR ESPIONAGE IN RUSSIA

Russian authorities have detained a South Korean national on cyber espionage
charges, it is the first time for a Korean citizen. Russian authorities have
arrested a South Korean citizen on charges ...

Pierluigi Paganini March 12, 2024
Cyber Crime

INSURANCE SCAMS VIA QR CODES: HOW TO RECOGNISE AND DEFEND YOURSELF

Threat actors can abuse QR codes to carry out sophisticated scams, as reported
by the Italian Postal Police in its recent alert. As is well known, QR codes are
two-dimensional barcodes that can be ...

Pierluigi Paganini March 12, 2024
Hacking

MASSIVE CYBERATTACKS HIT FRENCH GOVERNMENT AGENCIES

A series of “intense” cyberattacks hit multiple French government agencies,
revealed the prime minister’s office. "Several "intense" cyberattacks targeted
multiple French government agencies ...

Pierluigi Paganini March 11, 2024
Hacking

BIANLIAN GROUP EXPLOITS JETBRAINS TEAMCITY BUGS IN RANSOMWARE ATTACKS

BianLian ransomware group was spotted exploiting vulnerabilities in JetBrains
TeamCity software in recent attacks. Researchers from GuidePoint Security
noticed, while investigating a recent attack ...

Pierluigi Paganini March 11, 2024
Hacking

EXPERTS RELEASED POC EXPLOIT FOR CRITICAL PROGRESS SOFTWARE OPENEDGE BUG

Researchers released technical specifics and a PoC exploit for a recently
disclosed flaw in Progress Software OpenEdge Authentication Gateway and
AdminServer. Researchers from Horizon3.ai have pub ...

Pierluigi Paganini March 11, 2024
Cyber Crime

MAGNET GOBLIN GROUP USED A NEW LINUX VARIANT OF NERBIANRAT MALWARE

The financially motivated hacking group Magnet Goblin uses various 1-day flaws
to deploy custom malware on Windows and Linux systems. A financially motivated
threat actor named Magnet Goblin made ...

Pierluigi Paganini March 11, 2024
Hacking

HACKERS EXPLOITED WORDPRESS POPUP BUILDER PLUGIN FLAW TO COMPROMISE 3,300 SITES

Threat actors are hacking WordPress sites by exploiting a vulnerability, tracked
as CVE-2023-6000, in old versions of the Popup Builder plugin. In January,
Sucuri researchers reported that Balada ...

Pierluigi Paganini March 11, 2024
Intelligence

LITHUANIA SECURITY SERVICES WARN OF CHINA'S ESPIONAGE AGAINST THE COUNTRY

A report published by Lithuanian security services warned that China has
escalated its espionage operations against Lithuania. A report released by
Lithuanian security services has cautioned that ...

Pierluigi Paganini March 10, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 462 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini March 10, 2024
Hacking

THREAT ACTORS BREACHED TWO CRUCIAL SYSTEMS OF THE US CISA

Threat actors hacked the systems of the Cybersecurity and Infrastructure
Security Agency (CISA) by exploiting Ivanti flaws. The US Cybersecurity and
Infrastructure Security Agency (CISA) agency wa ...

Pierluigi Paganini March 09, 2024
Security

CISA ADDS JETBRAINS TEAMCITY BUG TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a JetBrains
TeamCity vulnerability to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Secur ...

Pierluigi Paganini March 09, 2024
Hacking

CRITICAL FORTINET FORTIOS BUG CVE-2024-21762 POTENTIALLY IMPACTS 150,000
INTERNET-FACING DEVICES

Researchers warn that the critical vulnerability CVE-2024-21762 in Fortinet
FortiOS could potentially impact 150,000 exposed devices. In February,
Fortinet warned that the critical remot ...

Pierluigi Paganini March 09, 2024
Internet of Things

QNAP FIXED THREE FLAWS IN ITS NAS DEVICES, INCLUDING AN AUTHENTICATION BYPASS

QNAP addressed three vulnerabilities in its NAS products that can be exploited
to access devices. QNAP addressed three vulnerabilities in Network Attached
Storage (NAS) devices that can be exploit ...

Pierluigi Paganini March 08, 2024
Hacking

RUSSIA-LINKED MIDNIGHT BLIZZARD BREACHED MICROSOFT SYSTEMS AGAIN

Microsoft revealed that Russia-linked APT group Midnight Blizzard recently
breached its internal systems and source code repositories. Microsoft published
an update on the attack that hit the comp ...

Pierluigi Paganini March 08, 2024
Security

CISCO ADDRESSED SEVERE FLAWS IN ITS SECURE CLIENT

Cisco addressed two high-severity vulnerabilities in Secure Client that could
lead to code execution and unauthorized remote access VPN sessions. Cisco
released security patches to address two hig ...

Pierluigi Paganini March 08, 2024
Data Breach

PLAY RANSOMWARE ATTACK ON XPLAIN EXPOSED 65,000 FILES CONTAINING DATA RELEVANT
TO THE SWISS FEDERAL ADMINISTRATION.

The ransomware attack on Xplain impacted tens of thousands Federal government
files, said the National Cyber Security Centre (NCSC) of Switzerland. The
National Cyber Security Centre (NCSC) publis ...

Pierluigi Paganini March 08, 2024
Cyber Crime

2023 FBI INTERNET CRIME REPORT REPORTED CYBERCRIME LOSSES REACHED $12.5 BILLION
IN 2023

The FBI Internet Crime Complaint Center (IC3) 2023 report states that reported
cybercrime losses reached $12.5 billion in 2023. The 2023 Internet Crime Report
published the FBI's Internet Crime Co ...

Pierluigi Paganini March 07, 2024
Cyber warfare

NATIONAL INTELLIGENCE AGENCY OF MOLDOVA WARNS OF RUSSIA ATTACKS AHEAD OF THE
PRESIDENTIAL ELECTION

The national intelligence agency of Moldova warns of hybrid attacks from Russia
ahead of the upcoming elections. The Moldovan national intelligence agency warns
of hybrid attacks from Russia ahead ...

Pierluigi Paganini March 07, 2024
Security

CISA ADDS APPLE IOS AND IPADOS MEMORY CORRUPTION BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS and
iPadOS memory corruption vulnerabilities to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and ...

Pierluigi Paganini March 07, 2024
Hacking

LINUX MALWARE TARGETS MISCONFIGURED MISCONFIGURED APACHE HADOOP, CONFLUENCE,
DOCKER, AND REDIS SERVERS

A new Linux malware campaign campaign is targeting misconfigured Apache Hadoop,
Confluence, Docker, and Redis instances. Researchers from Cado Security observed
a new Linux malware campaign target ...

Pierluigi Paganini March 07, 2024
Breaking News

CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel
and Sunhillo SureLine vulnerabilities to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Inf ...

Pierluigi Paganini March 06, 2024
Cyber Crime

WATCH OUT, GHOSTSEC AND STOURMOUS GROUPS JOINTLY CONDUCTING RANSOMWARE ATTACKS

Researchers warn that the cybercrime groups GhostSec and Stormous have joined
forces in a new ransomware campaign. The GhostSec and Stormous ransomware gang
are jointly conducting a ransomware cam ...

Pierluigi Paganini March 06, 2024
Cyber Crime

LOCKBIT 3.0’S BUNGLED COMEBACK HIGHLIGHTS THE UNDYING RISK OF TORRENT-BASED
(P2P) DATA LEAKAGE

The wide torrent-based accessibility of these leaked victim files ensures the
longevity of LockBit 3.0’s harmful impact. While embattled ransomware gang
LockBit 3.0 fights for its survival follo ...

Pierluigi Paganini March 06, 2024
Hacking

APPLE EMERGENCY SECURITY UPDATES FIX TWO NEW IOS ZERO-DAYS

Apple released emergency security updates to address two new iOS zero-day
vulnerabilities actively exploited in the wild against iPhone users. Apple
released emergency security updates to address ...

Pierluigi Paganini March 05, 2024
Security

VMWARE URGENT UPDATES ADDRESSED CRITICAL ESXI SANDBOX ESCAPE BUGS

VMware released urgent patches to address critical ESXi sandbox escape
vulnerabilities in the ESXi, Workstation, Fusion and Cloud Foundation products
Virtualization giant VMware released urgent up ...

Pierluigi Paganini March 05, 2024
Laws and regulations

US GOV SANCTIONED INTELLEXA CONSORTIUM INDIVIDUALS AND ENTITIES BEHIND PREDATOR
SPYWARE ATTACKS

The U.S. government sanctioned two individuals and five entities linked to the
development and distribution of the Predator spyware used to target Americans.
Today, the Department of the Treasury� ...

Pierluigi Paganini March 05, 2024
Hacking

CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft
Windows Kernel vulnerability to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini March 05, 2024
Security

EXPERTS DISCLOSED TWO SEVERE FLAWS IN JETBRAINS TEAMCITY ON-PREMISES SOFTWARE

Two new security flaws in JetBrains TeamCity On-Premises software can allow
attackers to take over affected systems. Rapid7 researchers disclosed two new
critical security vulnerabilities, tracked ...

Pierluigi Paganini March 05, 2024
Cyber warfare

UKRAINE'S GUR HACKED THE RUSSIAN MINISTRY OF DEFENSE

The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims
that it hacked the Russian Ministry of Defense. The Main Intelligence
Directorate (GUR) of Ukraine's Ministry of Def ...

Pierluigi Paganini March 05, 2024
Data Breach

SOME AMERICAN EXPRESS CUSTOMERS' DATA EXPOSED IN A THIRD-PARTY DATA BREACH

American Express warns customers that their credit cards were exposed due to a
data breach experienced by a third-party merchant processor. American Express
(Amex) notifies customers that thei ...

Pierluigi Paganini March 04, 2024
Social Networks

META HIT WITH PRIVACY COMPLAINTS BY EU CONSUMER GROUPS

This is my interview with TRT International on the Meta dispute with EU consumer
groups, which are calling on the bloc to sanction the company EU consumer groups
are calling on the bloc to sanctio ...

Pierluigi Paganini March 04, 2024
Hacking

NEW GTPDOOR BACKDOOR IS DESIGNED TO TARGET TELECOM CARRIER NETWORKS

Researcher HaxRob discovered a previously undetected Linux backdoor named
GTPDOOR, designed to target telecom carrier networks. Security researcher HaxRob
discovered a previously undetected Linux ...

Pierluigi Paganini March 04, 2024
Data Breach

THREAT ACTORS HACKED TAIWAN-BASED CHUNGHWA TELECOM

Threat actors stole sensitive and confidential data from the telecom giant
Chunghwa Telecom Company, revealed the Ministry of National Defense. Chunghwa
Telecom Company, Ltd. (literally Chinese Te ...

Pierluigi Paganini March 04, 2024
Malware

NEW LINUX VARIANT OF BIFROSE RAT USES DECEPTIVE DOMAIN STRATEGIES

A new Linux variant of the remote access trojan (RAT) BIFROSE (aka Bifrost) uses
a deceptive domain mimicking VMware. Palo Alto Networks Unit 42 researchers
discovered a new Linux variant of Bifro ...

Pierluigi Paganini March 04, 2024
Hacking

EKEN CAMERA DOORBELLS ALLOW ILL-INTENTIONED INDIVIDUALS TO SPY ON YOU

Camera doorbells manufactured by the Chinese company Eken Group Ltd under the
brands EKEN and Tuck are affected by major vulnerabilities. Researchers from
Consumer Reports (CR) discovered severe ...

Pierluigi Paganini March 03, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 461 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini March 03, 2024
Security

U.S. JUDGE ORDERED NSO GROUP TO HAND OVER THE PEGASUS SPYWARE CODE TO WHATSAPP

A U.S. Court ordered surveillance firm NSO Group to hand over the source code
for its Pegasus spyware and other products to Meta. Meta won the litigation
against the Israeli spyware vendor NSO G ...

Pierluigi Paganini March 03, 2024
Hacking

U.S. AUTHORITIES CHARGED AN IRANIAN NATIONAL FOR LONG-RUNNING HACKING CAMPAIGN

The U.S. DoJ charged Iranian national Alireza Shafie Nasab for his role in
attacks targeting U.S. government and defense entities. The U.S. Department of
Justice (DoJ) charged Iranian national Ali ...

Pierluigi Paganini March 02, 2024
Cyber Crime

US CYBER AND LAW ENFORCEMENT AGENCIES WARN OF PHOBOS RANSOMWARE ATTACKS

US CISA, the FBI, and MS-ISAC issued a joint CSA to warn of attacks involving
Phobos ransomware variants observed as recently as February 2024 US CISA, the
FBI, and MS-ISAC issued a joint cyber se ...

Pierluigi Paganini March 02, 2024
Cyber Crime

POLICE SEIZED CRIMEMARKET, THE LARGEST GERMAN-SPEAKING CYBERCRIME MARKETPLACE

German police seized the largest German-speaking cybercrime marketplace
Crimemarket and arrested one of its operators. The Düsseldorf Police announced
that a large-scale international law enforc ...

Pierluigi Paganini March 01, 2024
Hacking

FIVE EYES ALLIANCE WARNS OF ATTACKS EXPLOITING KNOWN IVANTI GATEWAY FLAWS

The Five Eyes alliance warns of threat actors exploiting known security flaws in
Ivanti Connect Secure and Ivanti Policy Secure gateways. The Five Eyes
intelligence alliance issued a joint cyberse ...

Pierluigi Paganini March 01, 2024
Cyber Crime

CROOKS STOLE €15 MILLION FROM EUROPEAN RETAIL COMPANY PEPCO

Crooks stole €15.5 million from the European variety retail and discount company
Pepco through a phishing attack. The Hungarian business of the European discount
retailer Pepco Group has been t ...

Pierluigi Paganini March 01, 2024
Security

CISA ADDS MICROSOFT STREAMING SERVICE BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft
Streaming Service vulnerability to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastruct ...

Pierluigi Paganini March 01, 2024
Hacking

RESEARCHERS FOUND A ZERO-CLICK FACEBOOK ACCOUNT TAKEOVER

A critical vulnerability in Facebook could have allowed threat actors to hijack
any Facebook account, researcher warns. Meta addressed a critical Facebook
vulnerability that could have allowed att ...

Pierluigi Paganini February 29, 2024
APT

NEW SPIKEDWINE APT GROUP IS TARGETING OFFICIALS IN EUROPE

A new threat actor, tracked as dubbed SPIKEDWINE, has been observed targeting
officials in Europe with a previously undetected backdoor WINELOADER. Zscaler
researchers warn that a previously un ...

Pierluigi Paganini February 29, 2024
Cyber Crime

IS THE LOCKBIT GANG RESUMING ITS OPERATION?

Experts warn that the LockBit ransomware group has started using updated
encryptors in new attacks, after the recent law enforcement operation. The
LockBit ransomware group appears to have fully r ...

Pierluigi Paganini February 29, 2024
APT

LAZARUS APT EXPLOITED ZERO-DAY IN WINDOWS DRIVER TO GAIN KERNEL PRIVILEGES

North Korea-linked Lazarus APT exploited a zero-day flaw in the Windows
AppLocker driver (appid.sys) to gain kernel-level access to target systems.
Avast researchers observed North Korea-linked La ...

Pierluigi Paganini February 29, 2024
Data Breach

PHARMACEUTICAL GIANT CENCORA DISCLOSES A DATA BREACH

Pharmaceutical giant Cencora suffered a cyber attack and threat actors stole
data from its infrastructure. Pharmaceutical giant Cencora disclosed a data
breach after it was the victim of a cyberat ...

Pierluigi Paganini February 28, 2024
Hacking

UNMASKING 2024'S EMAIL SECURITY LANDSCAPE

Analyzing the Email Security Landscape and exploring Emerging Threats and
Trends. In the ever-shifting digital arena, staying ahead of evolving threat
trends is paramount for organizations aiming ...

Pierluigi Paganini February 28, 2024
Cyber Crime

FBI, CISA, HHS WARN OF TARGETED ALPHV/BLACKCAT RANSOMWARE ATTACKS AGAINST THE
HEALTHCARE SECTOR

The FBI, CISA, and the Department of HHS warned U.S. healthcare organizations of
targeted ALPHV/Blackcat ransomware attacks. A cybersecurity alert published by
the FBI, CISA, and the Department of ...

Pierluigi Paganini February 28, 2024
Breaking News

RUSSIA-LINKED APT28 COMPROMISED UBIQUITI EDGEROUTERS TO FACILITATE CYBER
OPERATIONS

Russian cyberspies are compromising Ubiquiti EdgeRouters to evade detection,
warns a joint advisory published by authorities. The Federal Bureau of
Investigation (FBI), National Security Agency (N ...

Pierluigi Paganini February 28, 2024
Cyber Crime

BLACK BASTA AND BL00DY RANSOMWARE GANGS EXPLOIT RECENT CONNECTWISE SCREENCONNECT
BUGS

New threat actors have started exploiting ConnectWise ScreenConnect
vulnerabilities, including the Black Basta and Bl00dy ransomware gangs. Multiple
threat actors have started exploiting the recen ...

Pierluigi Paganini February 27, 2024
Hacking

XSS FLAW IN LITESPEED CACHE PLUGIN EXPOSES MILLIONS OF WORDPRESS SITES AT RISK

Researchers warn of an XSS vulnerability, tracked as CVE-2023-40000, in the
LiteSpeed Cache plugin for WordPress Patchstack researchers warn of an
unauthenticated site-wide stored XSS vulnerabilit ...

Pierluigi Paganini February 27, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 460 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini February 25, 2024
Cyber Crime

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND
AFFILIATES

U.S. government offers rewards of up to $15 million for information that could
lead to the identification or location of LockBit ransomware gang members and
affiliates. The U.S. Department of Stat ...

Pierluigi Paganini February 21, 2024
Malware

NEW REDIS MINER MIGO USES NOVEL SYSTEM WEAKENING TECHNIQUES

A new malware campaign targets Redis servers to deploy the mining crypto miner
Migo on compromised Linux hosts. Caro Security researchers have observed a new
malware campaign targeting Redis serve ...

Pierluigi Paganini February 21, 2024
Security

CRITICAL FLAW FOUND IN DEPRECATED VMWARE EAP. UNINSTALL IT IMMEDIATELY

VMware urges customers to uninstall the deprecated Enhanced Authentication
Plugin (EAP) after the disclosure of a critical flaw CVE-2024-22245. VMware is
urging users to uninstall the deprecated E ...

Pierluigi Paganini February 21, 2024
Hacking

MICROSOFT EXCHANGE FLAW CVE-2024-21410 COULD IMPACT UP TO 97,000 SERVERS

Researchers from Shadowserver Foundation identified roughly 28,000
internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The
vulnerability CVE-2024-21410 is a bypass vulnerabili ...

Pierluigi Paganini February 21, 2024
Security

CONNECTWISE FIXED CRITICAL FLAWS IN SCREENCONNECT REMOTE ACCESS TOOL

ConnectWise addressed two critical vulnerabilities in its ScreenConnect remote
desktop access product and urges customers to install the patches asap.
ConnectWise warns of the following two critic ...

Pierluigi Paganini February 20, 2024
Cyber Crime

MORE DETAILS ABOUT OPERATION CRONOS THAT DISRUPTED LOCKBIT OPERATION

Law enforcement provided additional details about the international Operation
Cronos that led to the disruption of the Lockbit ransomware operation.
Yesterday, a joint law enforcement action, code ...

Pierluigi Paganini February 20, 2024
Hacking

CACTUS RANSOMWARE GANG CLAIMS THE THEFT OF 1.5TB OF DATA FROM ENERGY MANAGEMENT
AND INDUSTRIAL AUTOMATION FIRM SCHNEIDER ELECTRIC

The Cactus ransomware gang claims the theft of 1.5TB of data from the Energy
management and industrial automation firm Schneider Electric. The Cactus
ransomware group claims responsibility for pil ...

Pierluigi Paganini February 20, 2024
Cyber Crime

OPERATION CRONOS: LAW ENFORCEMENT DISRUPTED THE LOCKBIT OPERATION

An international law enforcement operation codenamed 'Operation Cronos' led to
the disruption of the LockBit ransomware operation. A joint law enforcement
action, code-named Operation Cronos, con ...

Pierluigi Paganini February 19, 2024
Cyber Crime

A UKRAINIAN RACCOON INFOSTEALER OPERATOR IS AWAITING TRIAL IN THE US

The Raccoon Infostealer operator, Mark Sokolovsky, was extradited to the US from
the Netherlands to appear in a US court. In October 2020, the US Justice
Department charged a Ukrainian national, M ...

Pierluigi Paganini February 19, 2024
APT

RUSSIA-LINKED APT TAG-70 TARGETS EUROPEAN GOVERNMENT AND MILITARY MAIL SERVERS
EXPLOITING ROUNDCUBE XSS

An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS
flaws in Roundcube webmail servers to target over 80 organizations. Researchers
from Recorded Future’s Insikt Group id ...

Pierluigi Paganini February 19, 2024
Cyber Crime

HOW BRICS GOT "RUG PULLED" – CRYPTOCURRENCY COUNTERFEITING IS ON THE RISE

Resecurity has identified an increasing trend of cryptocurrency counterfeiting,
the experts found several tokens impersonating major brands, government
organizations and national fiat currencies. ...

Pierluigi Paganini February 19, 2024
Security

SOLARWINDS ADDRESSED CRITICAL RCES IN ACCESS RIGHTS MANAGER (ARM)

SolarWinds addressed three critical vulnerabilities in its Access Rights Manager
(ARM) solution, including two RCE bugs. SolarWinds has fixed several Remote Code
Execution (RCE) vulnerabilities in ...

Pierluigi Paganini February 19, 2024
Breaking News

ESET FIXED HIGH-SEVERITY LOCAL PRIVILEGE ESCALATION BUG IN WINDOWS PRODUCTS

Cybersecurity firm ESET has addressed a high-severity elevation of privilege
vulnerability in its Windows security solution. ESET addressed a high-severity
vulnerability, tracked as CVE-2024-0353 ...

Pierluigi Paganini February 18, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 459 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini February 18, 2024
Cyber Crime

UKRAINIAN NATIONAL FACES UP TO 20 YEARS IN PRISON FOR HIS ROLE IN ZEUS, ICEDID
MALWARE SCHEMES

A Ukrainian national pleaded guilty to his role in the Zeus and IcedID
operations, which caused tens of millions of dollars in losses. Ukrainian
national Vyacheslav Igorevich Penchukov has pleaded ...

Pierluigi Paganini February 17, 2024
Cyber Crime

CISA: CISCO ASA/FTD BUG CVE-2020-3259 EXPLOITED IN RANSOMWARE ATTACKS

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD
vulnerability CVE-2020-3259 (CVSS score: 7.5) in attacks in the wild. This week
the U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini February 17, 2024
Security

CISA ADDS MICROSOFT EXCHANGE AND CISCO ASA AND FTD BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft
Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Infrastru ...

Pierluigi Paganini February 16, 2024
Cyber Crime

US GOV OFFERS A REWARD OF UP TO $10M FOR INFO ON ALPHV/BLACKCAT GANG LEADERS

The U.S. government offers rewards of up to $10 million for information that
could lead to the identification or location of ALPHV/Blackcat ransomware gang
leaders. The U.S. Department of State is ...

Pierluigi Paganini February 16, 2024
Hacking

U.S. CISA: HACKERS BREACHED A STATE GOVERNMENT ORGANIZATION

U.S. CISA revealed that threat actors breached an unnamed state government
organization via an administrator account belonging to a former employee. The
U.S. Cybersecurity and Infrastructure Secur ...

Pierluigi Paganini February 16, 2024
APT

RUSSIA-LINKED TURLA APT USES NEW TINYTURLA-NG BACKDOOR TO SPY ON POLISH NGOS

Russia-linked APT group Turla has been spotted targeting Polish non-governmental
organizations (NGO) with a new backdoor dubbed TinyTurla-NG. Russia-linked
cyberespionage group Turla has been spo ...

Pierluigi Paganini February 16, 2024
Cyber Crime

US GOV DISMANTLED THE MOOBOT BOTNET CONTROLLED BY RUSSIA-LINKED APT28

The US authorities dismantled the Moobot botnet, which was controlled by the
Russia-linked cyberespionage group APT28. A court order allowed US authorities
to neutralize the Moobot botnet, a netwo ...

Pierluigi Paganini February 15, 2024
Hacking

A CYBERATTACK HALTED OPERATIONS AT VARTA PRODUCTION PLANTS

On February 12, 2023, a cyber attack halted operations at five production plants
of German battery manufacturer Varta. On February 13, German battery
manufacturer Varta announced that a cyber atta ...

Pierluigi Paganini February 15, 2024
APT

NORTH KOREA-LINKED ACTORS BREACHED THE EMAILS OF A PRESIDENTIAL OFFICE MEMBER

The office of South Korean President Yoon Suk Yeol said that North Korea-linked
actors breached the personal emails of one of his staff members. The office of
South Korean President Yoon Suk Yeol ...

Pierluigi Paganini February 15, 2024
Hacking

CISA ADDS MICROSOFT WINDOWS BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds 2 Microsoft
Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agenc ...

Pierluigi Paganini February 15, 2024
APT

NATION-STATE ACTORS ARE USING AI SERVICES AND LLMS FOR CYBERATTACKS

Microsoft and OpenAI warn that nation-state actors are using ChatGPT to automate
some phases of their attack chains, including target reconnaissance and social
engineering attacks. Multiple nation ...

Pierluigi Paganini February 15, 2024
Security

ABUSING THE UBUNTU 'COMMAND-NOT-FOUND' UTILITY TO INSTALL MALICIOUS PACKAGES

Researchers reported that attackers can exploit the 'command-not-found' utility
to trick users into installing rogue packages on Ubuntu systems. Cybersecurity
researchers from cloud security firm ...

Pierluigi Paganini February 14, 2024
Security

ZOOM FIXED CRITICAL FLAW CVE-2024-24691 IN WINDOWS SOFTWARE

Zoom addressed seven vulnerabilities in its desktop and mobile applications,
including a critical flaw (CVE-2024-24691) affecting the Windows software. The
popular Video messaging giant Zoom relea ...

Pierluigi Paganini February 14, 2024
Security

ADOBE PATCH TUESDAY FIXED CRITICAL VULNERABILITIES IN MAGENTO, ACROBAT AND
READER

Adobe Patch Tuesday security updates for February 2024 addressed more than 30
vulnerabilities in multiple products, including critical issues. Adobe Patch
Tuesday security updates released by Adob ...

Pierluigi Paganini February 14, 2024
Security

MICROSOFT PATCH TUESDAY FOR FEBRUARY 2024 FIXED 2 ACTIVELY EXPLOITED 0-DAYS

Microsoft Patch Tuesday security updates for February 2024 addressed 72 flaws,
two of which are actively exploited in the wild. Microsoft Patch Tuesday
security updates for February 2024 resolved ...

Pierluigi Paganini February 14, 2024
Cyber Crime

A RANSOMWARE ATTACK TOOK 100 ROMANIAN HOSPITALS DOWN

Authorities in Romania reported that at least 100 hospitals went offline after a
ransomware attack hit the Hipocrate platform. Authorities in Romania confirmed
that a ransomware attack that target ...

Pierluigi Paganini February 13, 2024
Data Breach

BANK OF AMERICA CUSTOMER DATA COMPROMISED AFTER A THIRD-PARTY SERVICES PROVIDER
DATA BREACH

Bank of America revealed that the personal information of some customers was
stolen in a data breach affecting a third-party services provider. Bank of
America began notifying some customers follo ...

Pierluigi Paganini February 13, 2024
Reports

RANSOMFEED - THIRD QUARTER REPORT 2023 IS OUT!

Maintainers behind the Ransomfeed platform have released Q3 Report 2023
including activities of 185 criminal groups operating worldwide. A comprehensive
report delving into the intricate landscape ...

Pierluigi Paganini February 13, 2024
Hacking

GLOBAL MALICIOUS ACTIVITY TARGETING ELECTIONS IS SKYROCKETING

Resecurity has identified a growing trend of malicious cyber-activity targeting
sovereign elections globally With more voters than ever in history heading to
the polls in 2024, Resecurity has iden ...

Pierluigi Paganini February 13, 2024
Cyber Crime

RESEARCHERS RELEASED A FREE DECRYPTION TOOL FOR THE RHYSIDA RANSOMWARE

Researchers discovered a vulnerability in the code of the Rhysida ransomware
that allowed them to develop a decryption tool. Cybersecurity researchers from
Kookmin University and the Korea Interne ...

Pierluigi Paganini February 12, 2024
Security

RESIDENTIAL PROXIES VS. DATACENTER PROXIES: CHOOSING THE RIGHT OPTION

Residential Proxies vs. Datacenter Proxies: this blog post examines the contours
of each type and provides info on how to choose the perfect proxy option In the
robust landscape of the digital era ...

Pierluigi Paganini February 12, 2024
Hacking

CISA ADDS ROUNDCUBE WEBMAIL PERSISTENT XSS BUG TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Roundcube
Webmail Persistent Cross-Site Scripting (XSS) Vulnerability to its Known
Exploited Vulnerabilities catalog. The U.S. Cyb ...

Pierluigi Paganini February 12, 2024
Security

CANADA GOV PLANS TO BAN THE FLIPPER ZERO TO CURB CAR THEFTS

The Canadian government is going to ban the tool Flipper Zero because it is
abused by crooks to steal vehicles in the country. The Canadian government
announced that it plans to ban the tool Flipp ...

Pierluigi Paganini February 12, 2024
Security

9 POSSIBLE WAYS HACKERS CAN USE PUBLIC WI-FI TO STEAL YOUR SENSITIVE DATA

Exploring the Risks: Unveiling 9 Potential Techniques Hackers Employ to Exploit
Public Wi-Fi and Compromise Your Sensitive Data We've all used public Wi-Fi:
it's convenient, saves our data, and sp ...

Pierluigi Paganini February 12, 2024
Cyber Crime

US FEDS ARRESTED TWO MEN INVOLVED IN THE WARZONE RAT OPERATION

The U.S. Justice Department (DoJ) seized the infrastructure that was used to
sell the remote access trojan (RAT) Warzone RAT. The Justice Department
announced the seizure of internet domains used ...

Pierluigi Paganini February 12, 2024
Malware

RASPBERRY ROBIN SPOTTED USING TWO NEW 1-DAY LPE EXPLOITS

Raspberry Robin continues to evolve, it was spotted using two new one-day
exploits for vulnerabilities either Discord to host samples.  Raspberry Robin is
a Windows worm discovered by cybers ...

Pierluigi Paganini February 11, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 458 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini February 11, 2024
Hacking

CISA ADDS FORTINET FORTIOS BUG TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet
FortiOS bug to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agency (CI ...

Pierluigi Paganini February 10, 2024
Malware

MACOS BACKDOOR RUSTDOOR LIKELY LINKED TO ALPHV/BLACKCAT RANSOMWARE OPERATIONS

Bitdefender Researchers linked a new macOS backdoor, named RustDoor, to the
Black Basta and Alphv/BlackCat ransomware operations. Researchers from
Bitdefender discovered a new macOS backdoor, dubb ...

Pierluigi Paganini February 10, 2024
Hacking

EXPLOITING A VULNERABLE MINIFILTER DRIVER TO CREATE A PROCESS KILLER

Researcher demonstrated how to exploit a signed Minifilter Driver in a BYOVD
attack to terminate a specific process from the kernel. Exploiting a signed
Minifilter Driver that can be used to used ...

Pierluigi Paganini February 09, 2024
Data Breach

BLACK BASTA RANSOMWARE GANG HACKED HYUNDAI MOTOR EUROPE

Black Basta ransomware gang claims the hack of the car maker Hyundai Motor
Europe and the theft of three terabytes of their data. BleepingComputer reported
that the Car maker Hyundai Motor Europe ...

Pierluigi Paganini February 09, 2024
Hacking

FORTINET WARNS OF A NEW ACTIVELY EXPLOITED RCE FLAW IN FORTIOS SSL VPN

Fortinet warns that the recently discovered critical remote code execution flaw
in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited.
Fortinet is warning that the recently disc ...

Pierluigi Paganini February 09, 2024
Security

IVANTI WARNS OF A NEW AUTH BYPASS FLAW IN ITS CONNECT SECURE, POLICY SECURE, AND
ZTA GATEWAY DEVICES

Ivanti warns customers of a new authentication bypass vulnerability in its
Connect Secure, Policy Secure, and ZTA gateway devices. Ivanti has warned
customers of a new high-severity security vulne ...

Pierluigi Paganini February 09, 2024
Security

26 CYBER SECURITY STATS EVERY USER SHOULD BE AWARE OF IN 2024

26 key cyber security stats for 2024 that every user should know, from rising
cyber crime rates to the impact of AI technology. Cyber Crime Surge: During
COVID-19, cyber crimes shot up by 600%, s ...

Pierluigi Paganini February 09, 2024
Cyber Crime

US OFFERS $10 MILLION REWARD FOR INFO ON HIVE RANSOMWARE GROUP LEADERS

U.S. Government offers rewards of up to $10 million for information that could
help locate, identify, or arrest members of the Hive ransomware group. The US
Department of State announced rewards u ...

Pierluigi Paganini February 08, 2024
Internet of Things

UNRAVELING THE TRUTH BEHIND THE DDOS ATTACK FROM ELECTRIC TOOTHBRUSHES

Several media reported that three million electric toothbrushes were compromised
and recruited into a DDoS botnet. Is it true? The Swiss newspaper Aargauer
Zeitung first published the news of a DD ...

Pierluigi Paganini February 08, 2024
APT

CHINA-LINKED APT VOLT TYPHOON REMAINED UNDETECTED FOR YEARS IN US INFRASTRUCTURE

China-linked APT Volt Typhoon infiltrated a critical infrastructure network in
the US and remained undetected for at least five years. US CISA, the NSA, the
FBI, along with partner Five Eyes agenc ...

Pierluigi Paganini February 08, 2024
Security

CISCO FIXES CRITICAL EXPRESSWAY SERIES CSRF VULNERABILITIES

CISCO fixed two critical flaws in Expressway Series collaboration gateways
exposing vulnerable devices to cross-site request forgery (CSRF) attacks. Cisco
addressed several vulnerabilities in its ...

Pierluigi Paganini February 08, 2024
Security

CISA ADDS GOOGLE CHROMIUM V8 TYPE CONFUSION BUG TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google
Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Se ...

Pierluigi Paganini February 07, 2024
Security

FORTINET ADDRESSED TWO CRITICAL FORTISIEM VULNERABILITIES

Fortinet warns of two critical OS command injection vulnerabilities in FortiSIEM
that could allow remote attackers to execute arbitrary code Cybersecurity vendor
Fortinet warned of two critical vu ...

Pierluigi Paganini February 07, 2024
Hacking

EXPERTS WARN OF A CRITICAL BUG IN JETBRAINS TEAMCITY ON-PREMISES

A new vulnerability in JetBrains TeamCity On-Premises can be exploited by threat
actors to take over vulnerable instances. JetBrains addressed a critical
security vulnerability, tracked as CVE-202 ...

Pierluigi Paganini February 07, 2024
Hacking

CRITICAL SHIM BUG IMPACTS EVERY LINUX BOOT LOADER SIGNED IN THE PAST DECADE

The maintainers of Shim addressed six vulnerabilities, including a critical flaw
that could potentially lead to remote code execution. The maintainers of 'shim'
addressed six vulnerabilities with ...

Pierluigi Paganini February 07, 2024
APT

CHINA-LINKED APT DEPLOYED MALWARE IN A NETWORK OF THE DUTCH MINISTRY OF DEFENCE

China-linked APT group breached the Dutch Ministry of Defence last year and
installed malware on compromised systems. Dutch Military Intelligence and
Security Service (MIVD) and the General Int ...

Pierluigi Paganini February 07, 2024
Hacking

COMMERCIAL SPYWARE VENDORS ARE BEHIND MOST ZERO-DAY EXPLOITS DISCOVERED BY
GOOGLE TAG

Google's TAG revealed that Commercial spyware vendors (CSV) were behind most of
the zero-day vulnerabilities discovered in 2023. The latest report published by
Google Threat Analysis Group (TAG), ...

Pierluigi Paganini February 06, 2024
Mobile

GOOGLE FIXED AN ANDROID CRITICAL REMOTE CODE EXECUTION FLAW

Google released Android ’s February 2024 security patches to address 46
vulnerabilities, including a critical remote code execution issue. Google
released Android February 2024 security patches ...

Pierluigi Paganini February 06, 2024
Cyber Crime

A MAN FACES UP TO 25 YEARS IN PRISON FOR HIS ROLE IN OPERATING UNLICENSED CRYPTO
EXCHANGE BTC-E

A Belarusian and Cypriot national linked with the cryptocurrency exchange BTC-e
is facing charges that can lead maximum penalty of 25 years in prison.
Aliaksandr Klimenka, a Belarusian and Cypriot ...

Pierluigi Paganini February 06, 2024
Laws and regulations

U.S. GOV IMPOSES VISA RESTRICTIONS ON INDIVIDUALS MISUSING COMMERCIAL SPYWARE

The U.S. government imposes visa restrictions on individuals who are involved in
the illegal use of commercial spyware. The U.S. State Department announced it is
implementing a new policy to impo ...

Pierluigi Paganini February 06, 2024
Cyber Crime

HPE IS INVESTIGATING CLAIMS OF A NEW SECURITY BREACH

Hewlett Packard Enterprise (HPE) is investigating a new data breach after a
threat actor claimed to have stolen data on a hacking forum. Hewlett Packard
Enterprise (HPE) is investigating a new dat ...

Pierluigi Paganini February 06, 2024
Hacking

EXPERTS WARN OF A SURGE OF ATTACKS TARGETING IVANTI SSRF FLAW 

The Ivanti SSRF vulnerability tracked as CVE-2024-21893 is actively exploited in
attacks in the wild by multiple threat actors. The Ivanti Server-Side Request
Forgery (SSRF) vulnerability, identi ...

Pierluigi Paganini February 05, 2024
Hacking

HOW TO HACK THE AIRBUS NAVBLUE FLYSMART+ MANAGER

Airbus Navblue Flysmart+ Manager allowed attackers to tamper with the engine
performance calculations and intercept data. Flysmart+ is a suite of apps for
pilot EFBs, helping deliver efficient and ...

Pierluigi Paganini February 05, 2024
Cyber Crime

CROOKS STOLE $25.5 MILLION FROM A MULTINATIONAL FIRM USING A 'DEEPFAKE' VIDEO
CALL

Scammers stole HK$200 million (roughly $25,5 million) from a multi-national
company using a deepfake conf call to trick an employee into transferring the
funds. Scammers successfully stole HK$200 ...

Pierluigi Paganini February 05, 2024
Hacking

SOFTWARE FIRM ANYDESK DISCLOSED A SECURITY BREACH

Remote desktop software company AnyDesk announced that threat actors compromised
its production environment. Remote desktop software company AnyDesk announced on
Friday that threat actors had acce ...

Pierluigi Paganini February 05, 2024
Data Breach

THE 'MOTHER OF ALL BREACHES': NAVIGATING THE AFTERMATH AND FORTIFYING YOUR DATA
WITH DSPM

What is Data Security Posture Management (DSPM) and how you can mitigate the
risks of data leaks such as the 'Mother of All Breaches' Cybersecurity
researchers recently uncovered what is now being ...

Pierluigi Paganini February 04, 2024
Cyber warfare

US GOVERNMENT IMPOSED SANCTIONS ON SIX IRANIAN INTEL OFFICIALS

The US government issued sanctions against six Iranian government officials
linked to cyberattacks against critical infrastructure organizations.  The U.S.
Treasury Department's Office of Foreign ...

Pierluigi Paganini February 04, 2024
Cyber Crime

A CYBERATTACK IMPACTED OPERATIONS AT LURIE CHILDREN'S HOSPITAL

A cyber attack forced Lurie Children's Hospital in Chicago to take IT systems
offline with a severe impact on its operations. The Lurie Children's Hospital in
Chicago took IT systems offline after ...

Pierluigi Paganini February 04, 2024
Cyber Crime

ANYDESK INCIDENT: CUSTOMER CREDENTIALS LEAKED AND PUBLISHED FOR SALE ON THE DARK
WEB

Resecurity identified bad actors offering a significant number of AnyDesk
customer credentials for sale on the Dark Web. Such information being available
for cybercriminals could act as a catalys ...

Pierluigi Paganini February 04, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 457 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini February 04, 2024
Security

CLOROX ESTIMATES THE COSTS OF THE AUGUST CYBERATTACK WILL EXCEED $49 MILLION

Cleaning products giant Clorox estimates the economic impact of the cyber attack
that hit the company in August 2023 at $49 million. The Clorox Company is a
multinational consumer goods company th ...

Pierluigi Paganini February 03, 2024
Hacking

MASTODON FIXED A FLAW THAT CAN ALLOW THE TAKEOVER OF ANY ACCOUNT

A vulnerability impacting the decentralized social network Mastodon can be
exploited by threat actors to impersonate and take over any account. A security
flaw, tracked as CVE-2024-23832 (CVSS sco ...

Pierluigi Paganini February 03, 2024
Hacking

IRANIAN HACKERS BREACHED ALBANIA’S INSTITUTE OF STATISTICS (INSTAT)

Albania’s Institute of Statistics (INSTAT) announced that it was targeted by a
sophisticated cyberattack that affected some of its systems. A sophisticated
cyberattack on Wednesday hit Albania� ...

Pierluigi Paganini February 02, 2024
Cyber Crime

OPERATION SYNERGIA LED TO THE ARREST OF 31 INDIVIDUALS

An international law enforcement operation, named Synergia, led to the arrest of
31 individuals involved in ransomware, banking malware, and phishing attacks.
Operation Synergia was led by Interpo ...

Pierluigi Paganini February 02, 2024
Intelligence

EX CIA EMPLOYEE JOSHUA ADAM SCHULTE SENTENCED TO 40 YEARS IN PRISON

A former software engineer with the U.S. CIA has been sentenced to 40 years in
prison for leaking classified documents. Former CIA employee Joshua Adam Schulte
has been sentenced to 40 years in p ...

Pierluigi Paganini February 02, 2024
Hacking

CLOUDFLARE BREACHED ON THANKSGIVING DAY, BUT THE ATTACK WAS PROMPTLY CONTAINED

Cloudflare revealed that a nation-state actor breached its internal Atlassian
server, gaining access to the internal wiki and its bug database (Atlassian
Jira). The incident took place on Thanksg ...

Pierluigi Paganini February 02, 2024
Malware

PURPLEFOX MALWARE INFECTED AT LEAST 2,000 COMPUTERS IN UKRAINE

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a
PurpleFox malware campaign had already infected at least 2,000 computers in the
country. The Computer Emergency Response T ...

Pierluigi Paganini February 02, 2024
Cyber Crime

MAN SENTENCED TO SIX YEARS IN PRISON FOR STEALING MILLIONS IN CRYPTOCURRENCY VIA
SIM SWAPPING

A US man has been sentenced to federal prison for his role in a fraudulent
scheme that resulted in the theft of millions of dollars through SIM swapping.
Daniel James Junk (22) of Portland was sen ...

Pierluigi Paganini February 01, 2024
Security

CISA ORDERS FEDERAL AGENCIES TO DISCONNECT IVANTI VPN INSTANCES BY FEBRUARY 2

CISA is ordering federal agencies to disconnect Ivanti Connect Secure and Ivanti
Policy Secure products within 48 hours. For the first time since its
establishment, CISA is ordering federal agenci ...

Pierluigi Paganini February 01, 2024
APT

MULTIPLE MALWARE USED IN ATTACKS EXPLOITING IVANTI VPN FLAWS

Mandiant spotted new malware used by a China-linked threat actor UNC5221
targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant
researchers discovered new malware employed by a Ch ...

Pierluigi Paganini February 01, 2024
Cyber Crime

POLICE SEIZED 50,000 BITCOIN FROM OPERATOR OF THE NOW-DEFUNCT PIRACY SITE
MOVIE2K

German police seized 50,000 Bitcoin from the former operator of the now-defunct
piracy website movie2k.to. The police in Saxony, Germany, have seized 50,000
Bitcoin (more than $2.1 billion at the ...

Pierluigi Paganini February 01, 2024
Cyber Crime

CROOKS STOLE AROUND $112 MILLION WORTH OF XRP FROM RIPPLE’S CO-FOUNDER

Crooks stole around $112 million worth of Ripple XRP from the crypto wallet of
Ripple’s co-founder Chris Larsen. This week, crooks stole around $112 million
worth of the Ripple-focused cryptocur ...

Pierluigi Paganini January 31, 2024
Security

CISA ADDS APPLE IMPROPER AUTHENTICATION BUG TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper
authentication bug to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Securi ...

Pierluigi Paganini January 31, 2024
Hacking

IVANTI WARNS OF A NEW ACTIVELY EXPLOITED ZERO-DAY

Ivanti warns of two new vulnerabilities in its Connect Secure and Policy Secure
products, one of which is actively exploited in the wild. Ivanti is warning of
two new high-severity vulnerabilities ...

Pierluigi Paganini January 31, 2024
Malware

THREAT ACTORS EXPLOIT IVANTI VPN BUGS TO DEPLOY KRUSTYLOADER MALWARE

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect
Secure (ICS) VPN devices to deliver KrustyLoader. In early January 2024,
software firm Ivanti reported that threat ...

Pierluigi Paganini January 31, 2024
Security

DATA LEAK AT FINTECH GIANT DIRECT TRADING TECHNOLOGIES

Sensitive data and trading activity of over 300K traders leaked online by
international fintech firm Direct Trading Technologies. Direct Trading
Technologies, an international fintech company, jeo ...

Pierluigi Paganini January 31, 2024
Breaking News

ROOT ACCESS VULNERABILITY IN GNU LIBRARY C (GLIBC) IMPACTS MANY LINUX DISTROS

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in
GNU Library C (glibc) affecting multiple Linux distributions. The Qualys Threat
Research Unit discovered four securit ...

Pierluigi Paganini January 30, 2024
Laws and regulations

ITALIAN DATA PROTECTION AUTHORITY SAID THAT CHATGPT VIOLATED EU PRIVACY LAWS

Italian data protection authority regulator authority Garante said that ChatGPT
violated European Union data privacy regulations. The Italian data protection
authority regulator authority, known a ...

Pierluigi Paganini January 30, 2024
Data Breach

750 MILLION INDIAN MOBILE SUBSCRIBERS' DATA OFFERED FOR SALE ON DARK WEB

Data of 750 million Indian mobile subscribers was offered for sale on dark web
hacker forums earlier in January. CloudSEK researchers warned that a database
containing data of 750 million Indian m ...

Pierluigi Paganini January 30, 2024
Security

JUNIPER NETWORKS RELEASED OUT-OF-BAND UPDATES TO FIX HIGH-SEVERITY FLAWS

Juniper Networks released out-of-band updates to fix high-severity flaws in SRX
Series and EX Series that can allow attackers to take over unpatched systems.
Juniper Networks has released out-of ...

Pierluigi Paganini January 30, 2024
Cyber Crime

HUNDREDS OF NETWORK OPERATORS’ CREDENTIALS FOUND CIRCULATING IN DARK WEB

Hundreds of compromised credentials of customers of RIPE, APNIC, AFRINIC, and
LACNIC are available on the dark web, Resecurity warns. Resecurity conducted a
thorough scan of the Dark Web and ident ...

Pierluigi Paganini January 30, 2024
Data Breach

CACTUS RANSOMWARE GANG CLAIMS THE SCHNEIDER ELECTRIC HACK

Energy management and industrial automation firm Schneider Electric suffered a
data breach after a Cactus ransomware attack. Schneider Electric is a
multinational company that specializes in energ ...

Pierluigi Paganini January 30, 2024
Data Breach

MERCEDES-BENZ ACCIDENTALLY EXPOSED SENSITIVE DATA, INCLUDING SOURCE CODE

Researchers discovered that Mercedes-Benz accidentally left a private key online
exposing internal data, including the company’s source code. RedHunt Labs
researchers discovered that Mercedes-Be ...

Pierluigi Paganini January 29, 2024
Hacking

EXPERTS DETAILED MICROSOFT OUTLOOK FLAW THAT CAN LEAK NTLM V2 HASHED PASSWORDS

A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords
by tricking users into opening a specially crafted file. The vulnerability
CVE-2023-35636 impacting Microsoft Outloo ...

Pierluigi Paganini January 29, 2024
Intelligence

NSA BUYS INTERNET BROWSING RECORDS FROM DATA BROKERS WITHOUT A WARRANT

The U.S. National Security Agency (NSA) admitted to buying internet browsing
records from data brokers to monitor Americans' activity online without a court
order. U.S. Senator Ron Wyden, D-Ore., ...

Pierluigi Paganini January 29, 2024
Intelligence

UKRAINE’S SBU ARRESTED A MEMBER OF PRO-RUSSIA HACKERS GROUP 'CYBER ARMY OF
RUSSIA'

Ukraine's security service (SBU) detained an alleged member of the pro-Russia
hacker group "the Cyber Army of Russia." Ukraine's security service, the
SBU, announced that it has identified and de ...

Pierluigi Paganini January 29, 2024
Hacking

MULTIPLE POC EXPLOITS RELEASED FOR JENKINS FLAW CVE-2024-23897

Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins
vulnerability CVE-2024-23897 have been released. Researchers warn that several
proof-of-concept (PoC) exploits targ ...

Pierluigi Paganini January 28, 2024
Cyber Crime

MEDUSA RANSOMWARE ATTACK HIT KANSAS CITY AREA TRANSPORTATION AUTHORITY

Medusa ransomware gang claimed responsibility for the attack against the Kansas
City Area Transportation Authority (KCATA). On January 23, 2023, the Kansas City
Area Transportation Authority (KCAT ...

Pierluigi Paganini January 28, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 456 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini January 28, 2024
Hacktivism

PRO-UKRAINE HACKERS WIPED 2 PETABYTES OF DATA FROM RUSSIAN RESEARCH CENTER

The Main Intelligence Directorate of Ukraine's Ministry of Defense states that
pro-Ukraine hackers wiped 2 petabytes of data from a Russian research center.
The Main Directorate of Intelligence of ...

Pierluigi Paganini January 27, 2024
Hacking

PARTICIPANTS EARNED MORE THAN $1.3M AT THE PWN2OWN AUTOMOTIVE COMPETITION

Bug bounty hunters earned more than $1.3 million for hacking Teslas,
infotainment systems, and electric vehicle chargers at the Pwn2Own Automotive
competition. The Zero Day Initiative’s Pwn2Own ...

Pierluigi Paganini January 27, 2024
Cyber Crime

A TRICKBOT MALWARE DEVELOPER SENTENCED TO 64 MONTHS IN PRISON

The Russian national malware developer Vladimir Dunaev was sentenced to more
than 5 years in prison for his role in the TrickBot operation. The Russian
national Vladimir Dunaev (40) has been sente ...

Pierluigi Paganini January 26, 2024
APT

RUSSIAN MIDNIGHT BLIZZARD APT IS TARGETING ORGS WORLDWIDE, MICROSOFT WARNS

Microsoft revealed that Russia-linked APT Midnight Blizzard has been targeting
organizations worldwide in a cyberespionage campaign. Microsoft announced that
the Russia-linked APT Midnight Blizzar ...

Pierluigi Paganini January 26, 2024
Security

WATCH OUT, EXPERTS WARN OF A CRITICAL FLAW IN JENKINS

Jenkins maintainers addressed several security vulnerabilities, including a
critical remote code execution (RCE) flaw. Jenkins is the most popular open
source automation server, it is maintai ...

Pierluigi Paganini January 26, 2024
Hacking

PWN2OWN AUTOMOTIVE 2024 DAY 2 - TESLA HACKED AGAIN

Researchers hacked the Tesla infotainment system and found 24 zero-days on day 2
of Pwn2Own Automotive 2024 hacking competition. White hat hackers from the
Synacktiv Team (@Synacktiv) compromised ...

Pierluigi Paganini January 26, 2024
Reports

YEARLY INTEL TREND REVIEW: THE 2023 REDSENSE REPORT

The 2023 RedSense report covers long-term observations we have made regarding
intel trends and interconnectivity. These observations were made by analyzing
numerous 2023 threat findings and disco ...

Pierluigi Paganini January 25, 2024
Security

CISCO WARNS OF A CRITICAL BUG IN UNIFIED COMMUNICATIONS PRODUCTS, PATCH IT NOW!

Cisco addressed a critical flaw in its Unified Communications and Contact Center
Solutions products that could lead to remote code execution. Cisco released
security patches to address a critical ...

Pierluigi Paganini January 25, 2024
Security

RUSSIA-LINKED APT GROUP MIDNIGHT BLIZZARD HACKED HEWLETT PACKARD ENTERPRISE
(HPE)

Hewlett Packard Enterprise (HPE) revealed that Russia-linked APT group Midnight
Blizzard gained access to its Microsoft Office 365 email system. Hewlett Packard
Enterprise (HPE) revealed that alle ...

Pierluigi Paganini January 25, 2024
Hacking

CISA ADDS ATLASSIAN CONFLUENCE DATA CENTER BUG TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Atlassian
Confluence Data Center and Server Template Injection bug to its Known Exploited
Vulnerabilities catalog. The U.S. Cyber ...

Pierluigi Paganini January 25, 2024
Hacking

5379 GITLAB SERVERS VULNERABLE TO ZERO-CLICK ACCOUNT TAKEOVER ATTACKS

Thousands of GitLab servers are vulnerable to zero-click account takeover
attacks exploiting the flaw CVE-2023-7028. GitLab has recently released security
updates to address two critical vulnerabi ...

Pierluigi Paganini January 24, 2024
Hacking

EXPERTS RELEASED POC EXPLOIT FOR FORTRA GOANYWHERE MFT FLAW CVE-2024-0204

Researchers released PoC exploit code for a recently disclosed critical
authentication bypass flaw in Fortra's GoAnywhere MFT (Managed File Transfer).
Researchers with cybersecurity firm Horizon3' ...

Pierluigi Paganini January 24, 2024
Security

SPLUNK FIXED HIGH-SEVERITY FLAW IMPACTING WINDOWS VERSIONS

Splunk addressed multiple vulnerabilities in Splunk Enterprise, including a
high-severity flaw impacting Windows installs. Splunk addressed multiple
vulnerabilities in Splunk Enterprise, including ...

Pierluigi Paganini January 24, 2024
Hacking

WATCH OUT, A NEW CRITICAL FLAW AFFECTS FORTRA GOANYWHERE MFT

Fortra addressed a new authentication bypass vulnerability impacting GoAnywhere
MFT (Managed File Transfer) product. Fortra warns customers of a new
authentication bypass vulnerability tracked as� ...

Pierluigi Paganini January 23, 2024
Hacking

AUSTRALIAN GOVERNMENT ANNOUNCED SANCTIONS FOR MEDIBANK HACKER

The Australian government announced sanctions for a member of the REvil
ransomware group for the Medibank hack that occurred in 2022. The Australian
government announced sanctions for Aleksandr Ge ...

Pierluigi Paganini January 23, 2024
Hacking

LOANDEPOT DATA BREACH IMPACTED ROUGHLY 16.6 INDIVIDUALS

Financial services company LoanDepot disclosed a data breach that impacted
roughly 16.6 million individuals. LoanDepot is a financial services company that
primarily operates as a mortgage lender. ...

Pierluigi Paganini January 23, 2024
Cyber Crime

BLACK BASTA GANG CLAIMS THE HACK OF THE UK WATER UTILITY SOUTHERN WATER

The Black Basta ransomware gang claimed to have hacked the UK water utility
Southern Water, a major player in the UK water industry. Southern Water is a
private utility company responsible for col ...

Pierluigi Paganini January 23, 2024
Security

CISA ADDS VMWARE VCENTER SERVER BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds VMware vCenter
Server Out-of-Bounds Write bug to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastr ...

Pierluigi Paganini January 23, 2024
Breaking News

MOTHER OF ALL BREACHES - A HISTORIC DATA LEAK REVEALS 26 BILLION RECORDS: CHECK
WHAT'S EXPOSED

Cybersecurity researcher Bob Dyachenko and CyberNews researchers discovered the
largest data leak ever discovered. The supermassive leak contains data from
numerous previous breaches, comprising a ...

Pierluigi Paganini January 22, 2024
Security

APPLE FIXED ACTIVELY EXPLOITED ZERO-DAY CVE-2024-23222

Apple addressed the first zero-day vulnerability that impacts iPhones, Macs, and
Apple TVs. The issue is actively exploited in the wild. Apple released security
updates to address a zero-day vulne ...

Pierluigi Paganini January 22, 2024
Cyber Crime

“MY SLICE”, AN ITALIAN ADAPTIVE PHISHING CAMPAIGN

Adaptive phishing campaigns are emerging as an increasingly sophisticated threat
in the cybersecurity landscape. The phenomenon This phenomenon represents an
evolution of traditional phishing t ...

Pierluigi Paganini January 22, 2024
Malware

THREAT ACTORS EXPLOIT APACHE ACTIVEMQ FLAW TO DELIVER THE GODZILLA WEB SHELL

Researchers warn of a spike in attacks exploiting a now-patched flaw in Apache
ActiveMQ to deliver the Godzilla web shell. Trustwave researchers observed a
surge in attacks exploiting a now-patche ...

Pierluigi Paganini January 22, 2024
Data Breach

CYBERCRIMINALS LEAKED MASSIVE VOLUMES OF STOLEN PII DATA FROM THAILAND IN DARK
WEB

Resecurity researchers warn of massive leak of stolen Thai personally
identifiable information (PII) on the dark web by cybercriminals. Resecurity has
detected a noticeable increase in data leaks ...

Pierluigi Paganini January 22, 2024
Malware

BACKDOORED PIRATED APPLICATIONS TARGETS APPLE MACOS USERS

Researchers warned that pirated applications have been employed to deliver a
backdoor to Apple macOS users. Jamf Threat Labs researchers warned that pirated
applications have been utilized to dist ...

Pierluigi Paganini January 22, 2024
Cyber Crime

LOCKBIT RANSOMWARE GANG CLAIMS THE ATTACK ON THE SANDWICH CHAIN SUBWAY

The LockBit ransomware gang claimed to have hacked Subway, the American
multinational fast food restaurant franchise.  Subway IP LLC is an American
multinational fast-food restauran ...

Pierluigi Paganini January 21, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 455 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini January 21, 2024
Cyber Crime

ADMIN OF THE BREACHFORUMS HACKING FORUM SENTENCED TO 20 YEARS SUPERVISED RELEASE

Conor Brian Fitzpatrick, the admin of the BreachForums hacking forum, has been
sentenced to 20 years supervised release. Conor Brian Fitzpatrick, the admin of
the BreachForums hacking forum, was s ...

Pierluigi Paganini January 20, 2024
Data Breach

VF CORP DECEMBER DATA BREACH IMPACTS 35 MILLION CUSTOMERS

American global apparel and footwear company VF Corp revealed that the December
data breach impacted 35.5 million customers. VF Corporation is an American
global apparel and footwear company ...

Pierluigi Paganini January 19, 2024
APT

CHINA-LINKED APT UNC3886 EXPLOITS VMWARE ZERO-DAY SINCE 2021

China-linked group UNC3886 has been exploiting vCenter Server zero-day
vulnerability CVE-2023-34048 since at least late 2021. Mandiant researchers
reported that China-linked APT group UNC3886 has ...

Pierluigi Paganini January 19, 2024
Reports

RANSOMWARE ATTACKS BREAK RECORDS IN 2023: THE NUMBER OF VICTIMS ROSE BY 128%

Ransomware groups claimed that they successfully targeted 4191 victims in 2023,
Cybernews researchers report. According to the Ransomlooker tool, the number of
ransomware attack victims increased ...

Pierluigi Paganini January 19, 2024
Hacking

U.S. CISA WARNS OF ACTIVELY EXPLOITED IVANTI EPMM FLAW CVE-2023-35082

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM
flaw CVE-2023-35082 to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Securit ...

Pierluigi Paganini January 19, 2024
Security

THE QUANTUM COMPUTING CRYPTOPOCALYPSE – I’LL KNOW IT WHEN I SEE IT

Can quantum computing break cryptography? Can it do it within a person’s
lifetime? Will it be a cryptopocalypse, as some experts suggest? Can quantum
computing break cryptography? Sure, it can. ...

Pierluigi Paganini January 19, 2024
Security

KANSAS STATE UNIVERSITY SUFFERED A SERIOUS CYBERSECURITY INCIDENT

Kansas State University (K-State) suffered a cybersecurity incident that has
disrupted part of its network and services. Kansas State University (K-State)
suffered a cybersecurity incident that im ...

Pierluigi Paganini January 19, 2024
Hacking

CISA ADDS CHROME AND CITRIX NETSCALER TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chrome and
Citrix flaws to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini January 18, 2024
APT

GOOGLE TAG WARNS THAT RUSSIAN COLDRIVER APT IS USING A CUSTOM BACKDOOR

Google warns that the Russia-linked threat actor COLDRIVER expands its targeting
and is developing a custom malware. The ColdRiver APT (aka “Seaborgium“,
"Callisto", “Star Blizzard”, “TA ...

Pierluigi Paganini January 18, 2024
Hacking

PIXIEFAIL: NINE FLAWS IN UEFI OPEN-SOURCE REFERENCE IMPLEMENTATION COULD HAVE
SEVERE IMPACTS

Experts found multiple flaws, collectively named PixieFail, in the network
protocol stack of an open-source reference implementation of the UEFI. Quarkslab
researchers discovered nine vulnerabili ...

Pierluigi Paganini January 18, 2024
Malware

ISHUTDOWN LIGHTWEIGHT METHOD ALLOWS TO DISCOVER SPYWARE INFECTIONS ON IPHONES

Researchers devised a "lightweight method," called iShutdown, to determine
whether Apple iOS devices have been infected with spyware. Cybersecurity
researchers from Kaspersky have identified a " ...

Pierluigi Paganini January 18, 2024
Hacking

PRO-RUSSIA GROUP HIT SWISS GOVT SITES AFTER ZELENSKY VISIT IN DAVOS

Switzerland believes that the attack claimed by pro-Russian group NoName that
hit the government websites is retaliation for Zelensky’s presence at Davos.
Switzerland believes that the cyberatta ...

Pierluigi Paganini January 17, 2024
Security

GITHUB ROTATED CREDENTIALS AFTER THE DISCOVERY OF A VULNERABILITY

GitHub rotated some credentials after the discovery of a flaw that allowed
access to the environment variables of a production container. After GitHub
became aware of a vulnerability through its b ...

Pierluigi Paganini January 17, 2024
Cyber Crime

FBI, CISA WARN OF ANDROXGH0ST BOTNET FOR VICTIM IDENTIFICATION AND EXPLOITATION

U.S. CISA and the FBI warned of AndroxGh0st malware used to create a botnet for
victim identification and exploitation in target networks. US CISA and the
Federal Bureau of Investigation (FBI) r ...

Pierluigi Paganini January 17, 2024
Hacking

CITRIX WARNS ADMINS TO IMMEDIATELY PATCH NETSCALER FOR ACTIVELY EXPLOITED
ZERO-DAYS

Citrix fixed two actively exploited zero-day vulnerabilities impacting Netscaler
ADC and Gateway appliances. Citrix warns customers to install security updates
to address two actively exploited ze ...

Pierluigi Paganini January 17, 2024
Security

GOOGLE FIXED THE FIRST ACTIVELY EXPLOITED CHROME ZERO-DAY OF 2024

Google has addressed the first Chrome zero-day vulnerability of the year that is
actively being exploited in the wild. Google has released security updates to
address the first Chrome zero-day vul ...

Pierluigi Paganini January 16, 2024
Breaking News

ATLASSIAN FIXED CRITICAL RCE IN OLDER CONFLUENCE VERSIONS

Atlassian warns of a critical remote code execution issue in Confluence Data
Center and Confluence Server that impacts older versions. Atlassian warns of a
critical remote code execution vulnerabi ...

Pierluigi Paganini January 16, 2024
Security

VMWARE FIXED A CRITICAL FLAW IN ARIA AUTOMATION. PATCH IT NOW!

VMware warns customers of a critical vulnerability impacting its Aria Automation
multi-cloud infrastructure automation platform. VMware Aria Automation (formerly
vRealize Automation) is a modern c ...

Pierluigi Paganini January 16, 2024
Hacking

EXPERTS WARN OF MASS EXPLOITATION OF IVANTI CONNECT SECURE VPN FLAWS

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure
vulnerabilities are massively exploited in the wild. Last week, software firm
Ivanti reported that threat actors ar ...

Pierluigi Paganini January 16, 2024
Security

EXPERTS WARN OF A VULNERABILITY AFFECTING BOSCH BCC100 THERMOSTAT

Researchers warn of high-severity vulnerability affecting Bosch BCC100
thermostats. Researchers from Bitdefender discovered a high-severity
vulnerability affecting Bosch BCC100 thermostats. The ...

Pierluigi Paganini January 16, 2024
Hacking

OVER 178,000 SONICWALL NEXT-GENERATION FIREWALLS (NGFW) ONLINE EXPOSED TO HACK

Researchers from Bishop Fox found over 178,000 SonicWall next-generation
firewalls (NGFW) publicly exploitable. SonicWall next-generation firewall (NGFW)
series 6 and 7 devices are affected by two ...

Pierluigi Paganini January 15, 2024
Hacking

PHEMEDRONE INFO STEALER CAMPAIGN EXPLOITS WINDOWS SMARTSCREEN BYPASS

Threat actors exploit a recent Windows SmartScreen bypass flaw CVE-2023-36025 to
deliver the Phemedrone info stealer. Trend Micro researchers uncovered a malware
campaign exploiting the vulnerabil ...

Pierluigi Paganini January 15, 2024
Malware

BALADA INJECTOR CONTINUES TO INFECT THOUSANDS OF WORDPRESS SITES

Balada Injector malware infected more than 7100 WordPress sites using a
vulnerable version of the Popup Builder plugin. In September, Sucuri researchers
reported that more than 17,000 WordPress we ...

Pierluigi Paganini January 15, 2024
Hacking

ATTACKERS TARGET APACHE HADOOP AND FLINK TO DELIVER CRYPTOMINERS

Researchers devised a new attack that exploits misconfigurations in Apache
Hadoop and Flink to deploy cryptocurrency miners. Cybersecurity researchers from
cyber security firm Aqua have uncovered ...

Pierluigi Paganini January 15, 2024
Hacking

APPLE FIXED A BUG IN MAGIC KEYBOARD THAT ALLOWS TO MONITOR BLUETOOTH TRAFFIC

Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability
with the release of Magic Keyboard firmware. Apple released Magic Keyboard
Firmware Update 2.0.6 to address a recen ...

Pierluigi Paganini January 15, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 454 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini January 13, 2024
Security

GITLAB FIXED A CRITICAL ZERO-CLICK ACCOUNT HIJACKING FLAW

GitLab addressed two critical flaws impacting both the Community and Enterprise
Edition, including a critical zero-click account hijacking vulnerability GitLab
has released security updates to add ...

Pierluigi Paganini January 13, 2024
Security

JUNIPER NETWORKS FIXED A CRITICAL RCE BUG IN ITS FIREWALLS AND SWITCHES

Juniper Networks fixed a critical pre-auth remote code execution (RCE) flaw,
tracked as CVE-2024-21591, in its SRX Series firewalls and EX Series switches.
Juniper Networks released security updat ...

Pierluigi Paganini January 12, 2024
Deep Web

VAST VOTER DATA LEAKS CAST SHADOW OVER INDONESIA ’S 2024 PRESIDENTIAL ELECTION

Investigators from Resecurity’s HUNTER (HUMINT) warn that Indonesia is
increasingly being targeted by cyber-threat actors. Investigators from
Resecurity’s HUNTER (HUMINT) have found that Indon ...

Pierluigi Paganini January 12, 2024
Hacking

RESEARCHERS CREATED A POC FOR APACHE OFBIZ FLAW CVE-2023-51467

Researchers published a proof-of-concept (PoC) code for the recently disclosed
critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity
firm VulnCheck have created a pro ...

Pierluigi Paganini January 12, 2024
Security

TEAM LIQUID’S WIKI LEAK EXPOSES 118K USERS

Liquipedia, an online e-sports platform run by Team Liquid, exposed a database
revealing its users’ email addresses and other details. Users of the e-sports
knowledge base were exposed via a pub ...

Pierluigi Paganini January 12, 2024
Security

CISA ADDS IVANTI AND MICROSOFT SHAREPOINT BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect
Secure and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and In ...

Pierluigi Paganini January 11, 2024
Hacking

TWO ZERO-DAY BUGS IN IVANTI CONNECT SECURE ACTIVELY EXPLOITED

Ivanti revealed that two threat actors are exploiting two zero-day
vulnerabilities in its Connect Secure (ICS) and Policy Secure. Software firm
Ivanti reported that threat actors are exploiting tw ...

Pierluigi Paganini January 11, 2024
Cyber Crime

X ACCOUNT OF LEADING CYBERSECURITY FIRM MANDIANT WAS HACKED BECAUSE NOT
ADEQUATELY PROTECTED

The X account of cybersecurity firm Mandiant was likely hacked through a
brute-force password attack, the company revealed. Last week, threat actors
hacked the X account of cybersecurity firm Mand ...

Pierluigi Paganini January 11, 2024
Security

CISCO FIXED CRITICAL UNITY CONNECTION VULNERABILITY CVE-2024-20272

Cisco addressed a critical Unity Connection security flaw that can be exploited
by an unauthenticated attacker to get root privileges. Cisco has addressed a
critical flaw, tracked as CVE-2024-2027 ...

Pierluigi Paganini January 11, 2024
Cyber Crime

SHINYHUNTERS MEMBER SENTENCED TO THREE YEARS IN PRISON

A U.S. District Court sentenced ShinyHunters hacker Sebastien Raoult to three
years in prison and ordered him to pay more than $5 million in restitution. The
member of the ShinyHunters hacker grou ...

Pierluigi Paganini January 10, 2024
Data Breach

HMG HEALTHCARE DISCLOSED A DATA BREACH

The Healthcare services provider HMG Healthcare has disclosed a data breach that
impacted 40 affiliated nursing facilities. In November 2023, the Healthcare
services provider HMG Healthcare discov ...

Pierluigi Paganini January 10, 2024
Hacking

THREAT ACTORS HACKED THE X ACCOUNT OF THE SECURITIES AND EXCHANGE COMMISSION
(SEC) AND ANNOUNCED FAKE BITCOIN ETF APPROVAL

Threat actors hacked the X account of the US Securities and Exchange Commission
(SEC) and used it to publish the fake news on the Bitcoin ETF approval. Hackers
hijacked the X account of the US Sec ...

Pierluigi Paganini January 10, 2024
Cyber Crime

DECRYPTOR FOR TORTILLA VARIANT OF BABUK RANSOMWARE RELEASED

Researchers and the Dutch Police released a decryptor for the Tortilla variant
of the Babuk ransomware after the arrest of its operator. Cisco Talos
researchers obtained a decryptor for the Babuk ...

Pierluigi Paganini January 10, 2024
Security

MICROSOFT PATCH TUESDAY FOR JANUARY 2024 FIXED 2 CRITICAL FLAWS

Microsoft Patch Tuesday security updates for January 2024 addressed a total of
49 flaws, including two critical vulnerabilities. Microsoft Patch Tuesday
security updates for January 2024 fixed 49 ...

Pierluigi Paganini January 09, 2024
Security

CISA ADDS APACHE SUPERSET BUG TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache
Superset vulnerability to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Secur ...

Pierluigi Paganini January 09, 2024
Cyber Crime

SYRIAN GROUP ANONYMOUS ARABIC DISTRIBUTES STEALTHY MALWARE SILVER RAT

A hacker group that calls itself Anonymous Arabic is distributing a stealthy
remote access trojan called Silver RAT. Cyfirma researchers observed threat
actors called ‘Anonymous Arabic’ distr ...

Pierluigi Paganini January 09, 2024
Cyber Crime

SWISS AIR FORCE SENSITIVE FILES STOLEN IN THE HACK OF ULTRA INTELLIGENCE &
COMMUNICATIONS

Documents belonging to the Swiss Air Force were leaked on the dark web as a
result of cyberattack on a US security provider. Documents belonging to the
Swiss Air Force were leaked on the dark web ...

Pierluigi Paganini January 08, 2024
Cyber Crime

DOJ CHARGED 19 INDIVIDUALS IN A TRANSNATIONAL CYBERCRIME INVESTIGATION XDEDIC
MARKETPLACE

19 individuals worldwide were charged in a transnational cybercrime
investigation of the now defunct xDedic marketplace. The U.S. DoJ charged 19
individuals worldwide for their role in the operati ...

Pierluigi Paganini January 08, 2024
Malware

LONG-EXISTING BANDOOK RAT TARGETS WINDOWS MACHINES

A new variant of the Bandook remote access trojan (RAT) was spotted in attacks
aimed at Windows machines. Reseachers from Fortinet observed a new variant of a
remote access trojan dubbed Bandook� ...

Pierluigi Paganini January 08, 2024
Hacking

A CYBER ATTACK HIT THE BEIRUT INTERNATIONAL AIRPORT

A cyber attack hit the Beirut International Airport, Rafic Hariri (Lebanon),
threat actors breached the Flight Information Display System (FIDS). Threat
actors hit the Beirut International Airport ...

Pierluigi Paganini January 07, 2024
Breaking News

IRANIAN CRYPTO EXCHANGE BIT24.CASH LEAKS USER PASSPORTS AND IDS

Bit24.cash has inadvertently exposed sensitive data belonging to nearly 230,000
users, as revealed by Cybernews research. Due to its limited access to foreign
financial markets, Iran has embraced ...

Pierluigi Paganini January 07, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 453 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini January 07, 2024
APT

TURKISH SEA TURTLE APT TARGETS DUTCH IT AND TELECOM FIRMS

Sea Turtle cyber espionage group targeted telco, media, ISPs, IT service
providers, and Kurdish websites in the Netherlands. Researchers from Dutch
security firm Hunt & Hackett observed Sea Tu ...

Pierluigi Paganini January 07, 2024
APT

EXPERTS SPOTTED A NEW MACOS BACKDOOR NAMED SPECTRALBLUR LINKED TO NORTH KOREA

Researchers discovered a macOS backdoor, called SpectralBlur, which shows
similarities with a North Korean APT's malware family. Security researcher Greg
Lesnewich discovered a backdoor, call ...

Pierluigi Paganini January 06, 2024
Laws and regulations

MERCK SETTLES WITH INSURERS REGARDING A $1.4 BILLION CLAIM OVER NOTPETYA DAMAGES

Merck has resolved a dispute with insurers regarding a $1.4 billion claim
arising from the NotPetya malware incident. Merck and its insurers have agreed
with a $1.4 billion claim arising from the ...

Pierluigi Paganini January 06, 2024
Cyber Crime

THE SOURCE CODE OF ZEPPELIN RANSOMWARE SOLD ON A HACKING FORUM

A threat actor announced the sale of the source code and a cracked version of
the Zeppelin ransomware builder for $500. Researchers from cybersecurity
firm KELA reported that a threat actor ann ...

Pierluigi Paganini January 05, 2024
Cyber warfare

RUSSIA-LINKED APT SANDWORM WAS INSIDE UKRAINE TELECOMS GIANT KYIVSTAR FOR MONTHS

Ukrainian authorities revealed that Russia-linked APT Sandworm had been inside
telecom giant Kyivstar at least since May 2023. Russia-linked APT group Sandworm
was inside Ukrainian telecoms giant ...

Pierluigi Paganini January 05, 2024
Security

IVANTI FIXED A CRITICAL EPM FLAW THAT CAN RESULT IN REMOTE CODE EXECUTION

Ivanti fixed a critical vulnerability in its Endpoint Manager (EPM) solution
that could lead to remote code execution (RCE) on vulnerable servers Ivanti has
released security updates to address a ...

Pierluigi Paganini January 05, 2024
Security

MYESTATEPOINT PROPERTY SEARCH ANDROID APP LEAKS USER PASSWORDS

The MyEstatePoint Property Search app leaked data on nearly half a million of
its users, exposing their names and plain-text passwords, the Cybernews research
team has found. The all-in-one real e ...

Pierluigi Paganini January 05, 2024
Hacking

HACKER HIJACKED ORANGE SPAIN RIPE ACCOUNT CAUSING INTERNET OUTAGE TO COMPANY
CUSTOMERS

An internet outage impacted Orange Spain after a hacker gained access to the
company's RIPE account to misconfigure BGP routing. The hacker, who uses the
moniker ‘Snow’, gained access to the R ...

Pierluigi Paganini January 04, 2024
Data Breach

HEALTHEC DATA BREACH IMPACTED MORE THAN 4.5 MILLION PEOPLE

Healthcare technology company HealthEC disclosed a data breach that exposed the
personal information of 4.5 million Individuals. Healthcare technology company
HealthEC (HEC) disclosed a data brea ...

Pierluigi Paganini January 04, 2024
Malware

EXPERTS FOUND 3 MALICIOUS PACKAGES HIDING CRYPTO MINERS IN PYPI REPOSITORY

Researchers discovered three malicious packages in the PyPI repository targeting
Linux systems with a cryptocurrency miner. Fortinet researchers discovered three
malicious packages in the open-sou ...

Pierluigi Paganini January 04, 2024
Hacking

CROOKS HACKED MANDIANT X ACCOUNT TO PUSH CRYPTOCURRENCY SCAM

The X account of cybersecurity giant Mandiant was hacked, attackers used it to
impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks
hacked the X account of cybersecurity fi ...

Pierluigi Paganini January 04, 2024
Cyber Crime

CYBERCRIMINALS IMPLEMENTED ARTIFICIAL INTELLIGENCE (AI) FOR INVOICE FRAUD

Crooks created a new tool that uses Artificial Intelligence (AI) for creating
fraudulent invoices used for wire fraud and BEC. Resecurity has uncovered a
cybercriminal faction known as "GXC Team", ...

Pierluigi Paganini January 03, 2024
Security

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome
and Perl library flaws to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Se ...

Pierluigi Paganini January 03, 2024
Reports

DON’T TRUST LINKS WITH KNOWN DOMAINS: BMW AFFECTED BY REDIRECT VULNERABILITY

Sometimes, you can’t even trust links with your own domain. As the Cybernews
research team has discovered, some BMW subdomains were vulnerable to redirect
vulnerability, enabling attackers to forge ...

Pierluigi Paganini January 03, 2024
Cyber Crime

HACKERS STOLE MORE THAN $81 MILLION WORTH OF CRYPTO ASSETS FROM ORBIT CHAIN

Crypto platform Orbit Chain suffered a cyberattack, threat actors have stolen
more than $81 million worth of cryptocurrency. Orbit Chain has suffered a
security breach that has resulted in the the ...

Pierluigi Paganini January 03, 2024
Intelligence

UKRAINE’S SBU SAID THAT RUSSIA'S INTELLIGENCE HACKED SURVEILLANCE CAMERAS TO
DIRECT A MISSILE STRIKE ON KYIV

Ukraine’s SBU revealed that Russia-linked threat actors hacked surveillance
cameras to spy on air defense forces and critical infrastructure in Kyiv.
Ukraine’s SBU announced they shut down two ...

Pierluigi Paganini January 03, 2024
Malware

EXPERTS WARN OF JINXLOADER LOADER USED TO SPREAD FORMBOOK AND XLOADER

JinxLoader is a new Go-based loader that was spotted delivering next-stage
malware such as Formbook and XLoader. Researchers from Palo Alto Networks and
Symantec warned of a new Go-based malware ...

Pierluigi Paganini January 02, 2024
Hacking

TERRAPIN ATTACK ALLOWS TO DOWNGRADE SSH PROTOCOL SECURITY

Researchers discovered an SSH vulnerability, called Terrapin, that could allow
an attacker to downgrade the connection's security. Security researchers from
Ruhr University Bochum (Fabian Bäumer, ...

Pierluigi Paganini January 02, 2024
Hacking

MULTIPLE ORGANIZATIONS IN IRAN WERE BREACHED BY A MYSTERIOUS HACKER

Hudson Researchers reported that a mysterious hacker launched a series of
attacks against industry-leading companies in Iran. Hudson Researchers reported
that on December 20th, a hacker using the ...

Pierluigi Paganini January 02, 2024
Breaking News

TOP 2023 SECURITY AFFAIRS CYBERSECURITY STORIES

These are the Top 2023 Security Affairs cybersecurity stories … enjoy it.
CYBERCRIMINALS LAUNCHED “LEAKSMAS” EVENT IN THE DARK WEB EXPOSING MASSIVE
VOLUMES OF LEAKED PII AND COMPROMISED DATA ...

Pierluigi Paganini January 01, 2024
Hacking

MALWARE EXPLOITS UNDOCUMENTED GOOGLE OAUTH ENDPOINT TO REGENERATE GOOGLE COOKIES

CloudSEK researchers analyzed a zero-day exploit that can allow the generation
of persistent Google cookies through token manipulation. In October 2023, a
developer known as PRISMA first uncovered ...

Pierluigi Paganini January 01, 2024
Cyber Crime

CACTUS RANSOMWARE GANG HIT THE SWEDISH RETAIL AND GROCERY PROVIDER COOP

The Cactus ransomware group claims to have hacked Coop, one of the largest
retail and grocery providers in Sweden. Coop is one of the largest retail and
grocery providers in Sweden, with approxima ...

Pierluigi Paganini January 01, 2024
Laws and regulations

GOOGLE AGREED TO SETTLE A $5 BILLION PRIVACY LAWSUIT

Google has agreed to settle a $5 billion privacy lawsuit, which alleged that the
company monitored individuals using the Chrome "incognito" mode. Google agreed
to settle a $5 billion privacy lawsu ...

Pierluigi Paganini December 31, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 452 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini December 31, 2023
Cyber Crime

INC RANSOM RANSOMWARE GANG CLAIMS TO HAVE BREACHED XEROX CORP

The INC RANSOM ransomware group claims to have hacked the American multinational
corporation Xerox Corp. Xerox Corp provides document management solutions
worldwide. The company's Document Technol ...

Pierluigi Paganini December 30, 2023
Security

SPOTIFY MUSIC CONVERTER TUNEFAB PUTS USERS AT RISK

TuneFab converter, used to convert copyrighted music from streaming platforms
such as Spotify, Amazon’s Audible, or Apple Music, has exposed its users'
private data. Cybernews research showed th ...

Pierluigi Paganini December 30, 2023
Security

CYBER ATTACKS HIT THE ASSEMBLY OF THE REPUBLIC OF ALBANIA AND TELECOM COMPANY
ONE ALBANIA

Cyber attacks hit the Assembly of the Republic of Albania and telecom company
One Albania, a government agency reported. Albania's National Authority for
Electronic Certification and Cyber Securit ...

Pierluigi Paganini December 29, 2023
APT

RUSSIA-LINKED APT28 USED NEW MALWARE IN A RECENT PHISHING CAMPAIGN

Ukraine's CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to
deploy previously undocumented malware strains. The Computer Emergency Response
Team of Ukraine (CERT-UA) warned of ...

Pierluigi Paganini December 29, 2023
Security

CLASH OF CLANS GAMERS AT RISK WHILE USING THIRD-PARTY APP

An exposed database and secrets on a third-party app puts Clash of Clans players
at risk of attacks from threat actors. The Cybernews research team has
discovered that the Clash Base Designer Easy ...

Pierluigi Paganini December 29, 2023
Malware

NEW VERSION OF MEDUZA STEALER RELEASED IN DARK WEB

The Resecurity's HUNTER unit spotted a new version of the Meduza stealer
(version (2.2)) that was released in the dark web. On Christmas Eve,
Resecurity's HUNTER unit spotted the author of perspec ...

Pierluigi Paganini December 29, 2023
Intelligence

OPERATION TRIANGULATION ATTACKS RELIED ON AN UNDOCUMENTED HARDWARE FEATURE

Experts discovered that Operation Triangulation targeting Apple iOS devices
leveraged an undocumented hardware feature. Researchers from the Russian
cybersecurity firm Kaspersky discovered that t ...

Pierluigi Paganini December 28, 2023
Deep Web

CYBERCRIMINALS LAUNCHED “LEAKSMAS” EVENT IN THE DARK WEB EXPOSING MASSIVE
VOLUMES OF LEAKED PII AND COMPROMISED DATA

Leaksmas: On Christmas Eve, multiple threat actors released substantial data
leaks, Resecurity experts reported. On Christmas Eve, Resecurity protecting
Fortune 100 and government agencies globall ...

Pierluigi Paganini December 28, 2023
Cyber Crime

LOCKBIT RANSOMWARE ATTACK INTERRUPTED MEDICAL EMERGENCIES GANG AT A GERMAN
HOSPITAL NETWORK

A Lockbit ransomware attack against the German hospital network Katholische
Hospitalvereinigung Ostwestfalen (KHO) caused service disruptions at three
hospitals. German hospital network Katholisch ...

Pierluigi Paganini December 28, 2023
Security

EXPERTS WARN OF CRITICAL ZERO-DAY IN APACHE OFBIZ

Experts warn of a zero-day flaw that affects Apache OfBiz, an open-source
Enterprise Resource Planning (ERP) system. Experts warn of an authentication
bypass zero-day flaw that affects Apache OfBi ...

Pierluigi Paganini December 28, 2023
Malware

XAMALICIOUS ANDROID MALWARE DISTRIBUTED THROUGH THE PLAY STORE

Researchers discovered a new Android malware dubbed Xamalicious that can take
full control of the device and perform fraudulent actions. McAfee Mobile
Research Team discovered a new Android backdo ...

Pierluigi Paganini December 27, 2023
Breaking News

BARRACUDA FIXED A NEW ESG ZERO-DAY EXPLOITED BY CHINESE GROUP UNC4841

Security firm Barracuda addressed a new zero-day, affecting its Email Security
Gateway (ESG) appliances, that is actively exploited by the China-linked UNC4841
group. On December 21, network and e ...

Pierluigi Paganini December 27, 2023
Security

ELECTIONS 2024, ARTIFICIAL INTELLIGENCE COULD UPSET WORLD BALANCES

Governments should recognize electoral processes as critical infrastructure and
enact laws to regulate the use of generative Artificial Intelligence. Elections
are scheduled in several countries w ...

Pierluigi Paganini December 27, 2023
Hacking

EXPERTS ANALYZED ATTACKS AGAINST POORLY MANAGED LINUX SSH SERVERS

Researchers warn of attacks against poorly managed Linux SSH servers that mainly
aim at installing DDoS bot and CoinMiner. Researchers at AhnLab Security
Emergency Response Center (ASEC) are warni ...

Pierluigi Paganini December 27, 2023
Data Breach

A CYBERATTACK HIT AUSTRALIAN HEALTHCARE PROVIDER ST VINCENT’S HEALTH AUSTRALIA

St Vincent’s Health Australia, the largest Australian healthcare provider,
suffered a data breach after a cyber attack. St Vincent’s Health Australia is
the largest non-profit healthcare prov ...

Pierluigi Paganini December 27, 2023
Cyber Crime

RHYSIDA RANSOMWARE GROUP HACKED ABDALI HOSPITAL IN JORDAN

The Rhysida ransomware group claimed to have hacked Abdali Hospital, a
multi-specialty hospital located in Jordan. Abdali Hospital is a
multi-specialty hospital located in the modern developm ...

Pierluigi Paganini December 26, 2023
Malware

CARBANAK MALWARE RETURNED IN RANSOMWARE ATTACKS

Researchers at NCC Group reported that in November they observed the return of
the infamous banking malware Carbanak in ransomware attacks. The cybersecurity
firm NCC Group reported that in Novemb ...

Pierluigi Paganini December 26, 2023
Reports

RESECURITY RELEASED A 2024 CYBER THREAT LANDSCAPE FORECAST

Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape
Forecast. Resecurity, a Los Angeles-based cybersecurity company protecting
Fortune 100 and government agencies worldw ...

Pierluigi Paganini December 26, 2023
Hacking

APT GROUP UAC-0099 TARGETS UKRAINE EXPLOITING A WINRAR FLAW

The threat actor UAC-0099 is exploiting a flaw in the WinRAR to deliver LONEPAGE
malware in attacks against Ukraine. A threat actor, tracked as UAC-0099,
continues to target Ukraine. In some att ...

Pierluigi Paganini December 25, 2023
APT

IRAN-LINKED APT33 TARGETS DEFENSE INDUSTRIAL BASE SECTOR WITH FALSEFONT BACKDOOR

Microsoft reports that the Iran-linked APT33 group is targeting defense
contractors worldwide with FalseFont backdoor. Microsoft says the APT33 (aka
Peach Sandstorm, Holmium, Elfin, and Magic ...

Pierluigi Paganini December 25, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 451 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email
box.Enjoy a new round of the weekly SecurityAf ...

Pierluigi Paganini December 25, 2023
Security

EUROPOL AND ENISA SPOTTED 443 E-STORES COMPROMISED WITH DIGITAL SKIMMING

A joint law enforcement operation led by Europol and the ENISA, along with
private security firms, identified 443 online shops compromised with digital
skimming. Europol and ENISA collaborated in ...

Pierluigi Paganini December 24, 2023
Data Breach

VIDEO GAME GIANT UBISOFT INVESTIGATES REPORTS OF A DATA BREACH

Video game publisher Ubisoft is investigating reports of an alleged data breach
after popular researchers shared evidence of the hack. Ubisoft, the popular
video game publisher, is examining repor ...

Pierluigi Paganini December 24, 2023
Cyber Crime

LOCKBIT RANSOMWARE GANG CLAIMS TO HAVE BREACHED ACCOUNTANCY FIRM XEINADIN

The LockBit ransomware claims to have hacked accountancy firm Xeinadin threatens
to leak the alleged stolen data. The LockBit ransomware claims responsibility
for hacking the Xeinadin accountancy ...

Pierluigi Paganini December 23, 2023
Data Breach

MOBILE VIRTUAL NETWORK OPERATOR MINT MOBILE DISCLOSES A DATA BREACH

Mobile virtual network operator Mint Mobile suffered a new data breach, threat
actors had access to customers' personal information. Mint Mobile experienced a
recent data breach, exposing customer ...

Pierluigi Paganini December 23, 2023
Cyber Crime

AKIRA RANSOMWARE GANG CLAIMS THE THEFT OF SENSITIVE DATA FROM NISSAN AUSTRALIA

The Akira ransomware group announced it had breached the network of Nissan
Australia, the Australian branch of the car maker giant. The Akira ransomware
gang claimed to have breached Nissan Austra ...

Pierluigi Paganini December 22, 2023
Cyber Crime

MEMBER OF LAPSUS$ GANG SENTENCED TO AN INDEFINITE HOSPITAL ORDER

A member of the Lapsus$ cyber extortion group, Arion Kurtaj, has been sentenced
to an indefinite hospital order. The UK Southwark Crown Court has sentenced
Arion Kurtaj, a prominent member of the ...

Pierluigi Paganini December 22, 2023
Security

REAL ESTATE AGENCY EXPOSES DETAILS OF 690K CUSTOMERS

An exposed instance contained information for a customer relationship management
(CRM) system that likely belongs to Goyzer, a real estate property management
software maker, the Cybernews research t ...

Pierluigi Paganini December 22, 2023
Security

ESET FIXED A HIGH-SEVERITY BUG IN THE SECURE TRAFFIC SCANNING FEATURE OF SEVERAL
PRODUCTS

ESET fixes a high-severity flaw in Secure Traffic Scanning Feature that could
have been exploited to cause web browsers to trust sites that should not be
trusted. ESET has addressed a vulnerabilit ...

Pierluigi Paganini December 21, 2023
Cyber Crime

PHISHING ATTACKS USE AN OLD MICROSOFT OFFICE FLAW TO SPREAD AGENT TESLA MALWARE

Threat actors are exploiting an old Microsoft Office vulnerability, tracked as
CVE-2017-11882, to spread the Agent Tesla malware. Threat actors are exploiting
an old Microsoft Office vulnerability ...

Pierluigi Paganini December 21, 2023
Breaking News

DATA LEAK EXPOSES USERS OF CAR-SHARING SERVICE BLINK MOBILITY

More than 22,000 users of Blink Mobility should take the necessary steps to
protect themselves against the risk of identity theft. The Cybernews research
team has discovered that their personal data ...

Pierluigi Paganini December 21, 2023
Security

GOOGLE ADDRESSED A NEW ACTIVELY EXPLOITED CHROME ZERO-DAY

Google has released emergency updates to address a new actively exploited
zero-day vulnerability in the Chrome browser. Google has released emergency
updates to address a new zero-day vulnerabili ...

Pierluigi Paganini December 20, 2023
Cyber Crime

GERMAN POLICE SEIZED THE DARK WEB MARKETPLACE KINGDOM MARKET

The German police seized the dark web marketplace Kingdom Market as a result of
an international law enforcement operation. The Federal Criminal Police Office
in Germany (BKA) and the internet-cri ...

Pierluigi Paganini December 20, 2023
Cyber Crime

LAW ENFORCEMENT OPERATION HAECHI IV LED TO THE SEIZURE OF $300 MILLION

An international law enforcement operation, named HAECHI IV, led to the arrest
of approximately 3,500 suspects and the seizure of roughly $300 million worth of
assets. Interpol this week announced ...

Pierluigi Paganini December 20, 2023
Malware

SOPHISTICATED JASKAGO INFO STEALER TARGETS MACOS AND WINDOWS

JaskaGO is a new Go-based information stealer malware that targets both Windows
and Apple macOS systems, experts warn. Researchers from AT&T Alien Labs
uncovered a previously undetected Go-ba ...

Pierluigi Paganini December 20, 2023
Data Breach

BMW DEALER AT RISK OF TAKEOVER BY CYBERCRIMINALS

By neglecting to set a password, a BMW dealer in India has jeopardized the
entire network of car dealerships in the country and put its clients at risk.
The Cybernews research team has discovered ...

Pierluigi Paganini December 20, 2023
Data Breach

COMCAST’S XFINITY CUSTOMER DATA EXPOSED AFTER CITRIXBLEED ATTACK

Comcast’s Xfinity discloses a data breach after a cyber attack hit the company
by exploiting the CitrixBleed vulnerability. Comcast's Xfinity is notifying its
customers about the compromise of t ...

Pierluigi Paganini December 19, 2023
Breaking News

FBI CLAIMS TO HAVE DISMANTLED ALPHV/BLACKCAT RANSOMWARE OPERATION, BUT THE GROUP
DENIES IT

The Federal Bureau of Investigation (FBI) announced the seizure of the Tor leak
site of the AlphV/Blackcat ransomware group. The FBI seized the Tor leak site of
the AlphV/Blackcat ransomware ...

Pierluigi Paganini December 19, 2023
Cyber Crime

SMISHING TRIAD: CYBERCRIMINALS IMPERSONATE UAE FEDERAL AUTHORITY FOR IDENTITY
AND CITIZENSHIP ON THE PEAK OF HOLIDAYS SEASON

Smishing Triad: Researchers warn crooks impersonating UAE Federal Authority for
Identity and citizenship ahead of the Holiday Season Resecurity, Inc. (USA) has
identified a new fraudulent campaign ...

Pierluigi Paganini December 19, 2023
Cyber Crime

THE RANSOMWARE ATTACK ON WESTPOLE IS DISRUPTING DIGITAL SERVICES FOR ITALIAN
PUBLIC ADMINISTRATION

An alleged Lockbit 3.0 ransomware attack on the Italian cloud service provider
Westpole disrupted multiple services of local and government organizations and
municipalities. A cyber attack hit on ...

Pierluigi Paganini December 19, 2023
Malware

INFO STEALERS AND HOW TO PROTECT AGAINST THEM

Info stealers, the type of malware with its purpose in the name, can cripple
businesses and everyday users alike. So, how do you protect against them? Info
stealers, also known as information stea ...

Pierluigi Paganini December 18, 2023
Hacktivism

PRO-ISRAEL PREDATORY SPARROW HACKER GROUP DISRUPTED SERVICES AT AROUND 70% OF
IRAN’S FUEL STATIONS

A group of Pro-Israel hacktivists, called Predatory Sparrow, is suspected of
having carried out a cyber attack against petrol stations across Iran. A
Pro-Israel hacktivist group, called Predatory ...

Pierluigi Paganini December 18, 2023
Cyber Crime

QAKBOT IS BACK AND TARGETS THE HOSPITALITY INDUSTRY

Experts warn of a new phishing campaign distributing the QakBot malware, months
after law enforcement dismantled its infrastructure. In August, the
FBI announced that the Qakbot bot ...

Pierluigi Paganini December 18, 2023
Hacking

A SUPPLY CHAIN ATTACK ON CRYPTO HARDWARE WALLET LEDGER LED TO THE THEFT OF $600K

A supply chain attack against Crypto hardware wallet maker Ledger resulted in
the theft of $600,000 in virtual assets. Threat actors pushed a malicious
version of the "@ledgerhq/connect-kit" npm ...

Pierluigi Paganini December 18, 2023
Hacking

MONGODB INVESTIGATES A CYBERATTACK, CUSTOMER DATA EXPOSED

MongoDB on Saturday announced it is investigating a cyberattack that exposed
customer account metadata and contact information. MongoDB on Saturday disclosed
it is investigating a cyber attack aga ...

Pierluigi Paganini December 17, 2023
Hacking

INFECTEDSLURS BOTNET TARGETS QNAP VIOSTOR NVR VULNERABILITY

The Mirai-based botnet InfectedSlurs was spotted targeting QNAP VioStor NVR
(Network Video Recorder) devices. In November, Akamai warned of a new
Mirai-based DDoS botnet, named InfectedSlurs, acti ...

Pierluigi Paganini December 17, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 450 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini December 17, 2023
Data Breach

HUNTERS INTERNATIONAL RANSOMWARE GANG CLAIMS TO HAVE HACKED THE FRED HUTCH
CANCER CENTER

The Hunters International ransomware gang claims to have hacked the Fred
Hutchinson Cancer Center (Fred Hutch). Another healthcare organization suffered
a ransomware attack, the Hunters Internatio ...

Pierluigi Paganini December 16, 2023
Malware

NEW NKABUSE MALWARE ABUSES NKN DECENTRALIZED P2P NETWORK PROTOCOL

Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse,
which is the first malware abusing NKN technology. Researchers from Kaspersky’s
Global Emergency Response Team (GERT) ...

Pierluigi Paganini December 16, 2023
Cyber Crime

SNATCH RANSOMWARE GANG CLAIMS THE HACK OF THE FOOD GIANT KRAFT HEINZ

The Snatch ransomware group announced it had hacked the food giant Kraft Heinz,
the company is investigating the claims. Kraft Heinz is an American food
company, it is one of the largest food and ...

Pierluigi Paganini December 15, 2023
Security

MULTIPLE FLAWS IN PFSENSE FIREWALL CAN LEAD TO ARBITRARY CODE EXECUTION

Security flaws in Netgate pfSense firewall solution can potentially lead to
arbitrary code execution on vulnerable devices. pfSense is a popular open-source
firewall solution maintained by Netgat ...

Pierluigi Paganini December 15, 2023
Cyber Crime

BIANLIAN, WHITE RABBIT, AND MARIO RANSOMWARE GANGS SPOTTED IN A JOINT CAMPAIGN

Resecurity has uncovered a meaningful link between three major ransomware
groups, BianLian, White Rabbit, and Mario Ransomware. Based on a recent Digital
Forensics & Incident Response (DFIR) e ...

Pierluigi Paganini December 15, 2023
Security

DATA OF OVER A MILLION USERS OF THE CRYPTO EXCHANGE GOKUMARKET EXPOSED

GokuMarket, a centralized crypto exchange owned by ByteX, left an open instance,
revealing the details of virtually all of its users, the Cybernews research team
has discovered. The leak comes aft ...

Pierluigi Paganini December 15, 2023
Data Breach

IDAHO NATIONAL LABORATORY DATA BREACH IMPACTED 45,047 INDIVIDUALS

The Idaho National Laboratory (INL) announced that it has suffered a data breach
impacting more than 45,000 individuals. In November, the hacktivist group
SiegedSec claimed responsibility for the ...

Pierluigi Paganini December 15, 2023
Security

UBIQUITI USERS CLAIM TO HAVE ACCESS TO OTHER PEOPLE’S DEVICES

Users of Ubiquiti WiFi products started reporting that they are accessing other
people’s devices when logging into their accounts. Some users of Ubiquiti wifi
products started reporting unexpec ...

Pierluigi Paganini December 14, 2023
APT

RUSSIA-LINKED APT29 SPOTTED TARGETING JETBRAINS TEAMCITY SERVERS

Russia-linked cyber espionage group APT29 has been targeting JetBrains TeamCity
servers since September 2023. Experts warn that the Russia-linked APT29 group
has been observed targeting JetBrains ...

Pierluigi Paganini December 14, 2023
Security

MICROSOFT SEIZED THE US INFRASTRUCTURE OF THE STORM-1152 CYBERCRIME GROUP

Microsoft's Digital Crimes Unit seized multiple domains used by cybercrime group
Storm-1152 to sell fraudulent Outlook accounts. Microsoft's Digital Crimes Unit
seized multiple domains used by a c ...

Pierluigi Paganini December 14, 2023
Cyber Crime

FRENCH AUTHORITIES ARRESTED A RUSSIAN NATIONAL FOR HIS ROLE IN THE HIVE
RANSOMWARE OPERATION

French police arrested a Russian national who is suspected of laundering money
resulting from the criminal activity of the Hive ransomware gang. The French
authorities arrested in Paris a Russian ...

Pierluigi Paganini December 14, 2023
APT

CHINA-LINKED APT VOLT TYPHOON LINKED TO KV-BOTNET

Researchers linked a sophisticated botnet, tracked as KV-Botnet, to the
operation of the China-linked threat actor Volt Typhoon. The Black Lotus Labs
team at Lumen Technologies linked a small offi ...

Pierluigi Paganini December 14, 2023
Security

UK HOME OFFICE IS IGNORING THE RISK OF 'CATASTROPHIC RANSOMWARE ATTACKS,' REPORT
WARNS

A Joint Committee on the National Security Strategy (JCNSS) warns of the high
risk of a catastrophic ransomware attack on the UK government. The British
government is accused of failing to mitigat ...

Pierluigi Paganini December 13, 2023
Hacking

OAUTH APPS USED IN CRYPTOCURRENCY MINING, PHISHING CAMPAIGNS, AND BEC ATTACKS

Microsoft warns that threat actors are using OAuth applications cryptocurrency
mining campaigns and phishing attacks. Threat actors are using OAuth
applications such as an automation tool in crypt ...

Pierluigi Paganini December 13, 2023
Security

SOPHOS BACKPORTS FIX FOR CVE-2022-3236 FOR EOL FIREWALL FIRMWARE VERSIONS DUE TO
ONGOING ATTACKS

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall
firmware versions due to ongoing attacks exploiting the issue. Sophos backports
the fix for the critical code injection ...

Pierluigi Paganini December 13, 2023
Security

DECEMBER 2023 MICROSOFT PATCH TUESDAY FIXED 4 CRITICAL FLAWS

Microsoft Patch Tuesday security updates for December 2023 addressed 33
vulnerabilities in multiple products, including a zero-day. Microsoft Patch
Tuesday security updates for December 2023 addre ...

Pierluigi Paganini December 13, 2023
Cyber warfare

UKRAINIAN MILITARY INTELLIGENCE SERVICE HACKED THE RUSSIAN FEDERAL TAXATION
SERVICE

The Ukrainian government's military intelligence service announced the hack of
the Russian Federal Taxation Service (FNS). Hackers of the Main Intelligence
Directorate of the Ministry of Defense o ...

Pierluigi Paganini December 12, 2023
Hacking

KYIVSTAR, UKRAINE'S LARGEST MOBILE CARRIER BROUGHT DOWN BY A CYBER ATTACK

Kyivstar, the largest Ukraine service provider, was hit by a cyber attack that
paralyzed its services. The attack is linked to the ongoing conflict. Kyivstar,
the largest Ukraine service provider ...

Pierluigi Paganini December 12, 2023
Security

DUBAI’S LARGEST TAXI APP EXPOSES 220K+ USERS

The Dubai Taxi Company (DTC) app, which provides taxi, limousine, and other
transport services, left a database open to the public, exposing sensitive
customer and driver data. Dubai Taxi Company, ...

Pierluigi Paganini December 12, 2023
APT

OPERATION BLACKSMITH: LAZARUS EXPLOITS LOG4J FLAWS TO DEPLOY DLANG MALWARE

North Korea-linked APT group Lazarus was spotted exploiting Log4j
vulnerabilities to deploy previously undocumented remote access trojans. The
North Korea-linked APT group Lazarus is behind a ne ...

Pierluigi Paganini December 12, 2023
Security

APPLE RELEASED IOS 17.2 TO ADDRESS A DOZEN OF SECURITY FLAWS

Apple rolled out emergency security updates to backport patches for two actively
exploited zero-day flaws to older devices. The company released iOS 17.2 and
iPadOS 17.2 which address a dozen of ...

Pierluigi Paganini December 12, 2023
Data Breach

TOYOTA FINANCIAL SERVICES DISCLOSES A DATA BREACH

Toyota Financial Services (TFS) disclosed a data breach, threat actors had
access to sensitive personal and financial data. Toyota Financial Services (TFS)
is warning customers it has suffered a d ...

Pierluigi Paganini December 11, 2023
Hacking

APACHE FIXED CRITICAL RCE FLAW CVE-2023-50164 IN STRUTS 2

The Apache Software Foundation addressed a critical remote code execution
vulnerability in the Apache Struts 2 open-source framework. The Apache Software
Foundation released security updates to ad ...

Pierluigi Paganini December 11, 2023
Security

CISA ADDS QLIK SENSE FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Qlik Sense
vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security ...

Pierluigi Paganini December 11, 2023
Security

CISA AND ENISA SIGNED A WORKING ARRANGEMENT TO ENHANCE COOPERATION

ENISA has signed a Working Arrangement with the US CISA to enhance
capacity-building, best practices exchange and awareness. The European Union
Agency for Cybersecurity (ENISA) has signed a Workin ...

Pierluigi Paganini December 11, 2023
Hacking

RESEARCHER DISCOVERED A NEW LOCK SCREEN BYPASS BUG FOR ANDROID 14 AND 13

Researchers discovered a lock screen bypass bug in Android 14 and 13 that could
expose sensitive data in users' Google accounts. The security researcher Jose
Rodriguez (@VBarraquito) discovered a ...

Pierluigi Paganini December 10, 2023
Security

WORDPRESS 6.4.2 FIXED A REMOTE CODE EXECUTION (RCE) FLAW

WordPress 6.4.2 addressed a security vulnerability that could be chained with
another flaw to achieve remote code execution. WordPress released a security
update to address a flaw that can be chai ...

Pierluigi Paganini December 10, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 449 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini December 10, 2023
Hacktivism

HACKTIVISTS HACKED AN IRISH WATER UTILITY AND INTERRUPTED THE WATER SUPPLY

Threat actors launched a cyberattack on an Irish water utility causing the
interruption of the power supply for two days. Threat actors hacked a small
water utility in Ireland and interrupted the ...

Pierluigi Paganini December 09, 2023
Hacking

5GHOUL FLAWS IMPACT HUNDREDS OF 5G DEVICES WITH QUALCOMM, MEDIATEK CHIPS

A set of flaws, collectively called 5Ghoul, in the firmware implementation of 5G
mobile network modems from major vendors impacts Android and iOS devices. A team
of researchers from the Singapore ...

Pierluigi Paganini December 09, 2023
Data Breach

NORTON HEALTHCARE DISCLOSED A DATA BREACH AFTER A RANSOMWARE ATTACK

Kentucky health system Norton Healthcare disclosed a data breach after it was a
victim of a ransomware attack in May. Norton Healthcare disclosed a data breach
after a ransomware attack that hit t ...

Pierluigi Paganini December 09, 2023
Hacking

BYPASSING MAJOR EDRS USING POOL PARTY PROCESS INJECTION TECHNIQUES

Researchers devised a novel attack vector for process injection, dubbed Pool
Party, that evades EDR solutions. Researchers from cybersecurity firm SafeBreach
devised a set of process injection tec ...

Pierluigi Paganini December 08, 2023
Cyber Crime

FOUNDER OF BITZLATO EXCHANGE HAS PLEADED FOR UNLICENSED MONEY TRANSMITTING

Anatoly Legkodymov, the founder of the Bitzlato cryptocurrency exchange has
pleaded in a money-laundering scheme. Anatoly Legkodymov (41) (aka Anatolii
Legkodymov, Gandalf, and Tolik), the Russian ...

Pierluigi Paganini December 08, 2023
Mobile

ANDROID BARCODE SCANNER APP EXPOSES USER PASSWORDS

An Android app with over 100k Google Play downloads and a 4.5-star average
rating has let an open instance go unchecked, leaving sensitive user data up for
grabs. The Cybernews team discovered the ...

Pierluigi Paganini December 08, 2023
APT

UK AND US EXPOSE RUSSIA CALLISTO GROUP'S ACTIVITY AND SANCTION MEMBERS

The UK NCSC and Microsoft warned that Russia-linked threat actor Callisto Group
is targeting organizations worldwide. The UK National Cyber Security Centre
(NCSC) and Microsoft reported that the R ...

Pierluigi Paganini December 07, 2023
Security

A CYBER ATTACK HIT NISSAN OCEANIA

Japanese carmaker Nissan announced it has suffered a cyberattack impacting the
internal systems at Nissan Oceania. Nissan Oceania, the regional division of the
multinational carmaker, announced it ...

Pierluigi Paganini December 07, 2023
Malware

NEW KRASUE LINUX RAT TARGETS TELECOM COMPANIES IN THAILAND

A previously undetected Linux RAT dubbed Krasue has been observed targeting
telecom companies in Thailand. Group-IB researchers discovered a previously
undetected Linux remote access trojan called ...

Pierluigi Paganini December 07, 2023
Security

ATLASSIAN ADDRESSED FOUR NEW RCE FLAWS IN ITS PRODUCTS

Australian Software giant Atlassian addressed four critical Remote Code
Execution (RCE) vulnerabilities in its products. Atlassian released security
patches to address four critical remote c ...

Pierluigi Paganini December 06, 2023
Security

CISA ADDS QUALCOMM FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds four Qualcomm
vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security ...

Pierluigi Paganini December 06, 2023
Security

EXPERTS DEMONSTRATE A POST-EXPLOITATION TAMPERING TECHNIQUE TO DISPLAY FAKE
LOCKDOWN MODE

Researchers devised a new post-exploitation tampering technique to trick users
into believing that their iPhone is in Lockdown Mode. Researchers from Jamf
Threat Labs devised a new post-exploit ta ...

Pierluigi Paganini December 06, 2023
Hacking

GST INVOICE BILLING INVENTORY EXPOSES SENSITIVE DATA TO THREAT ACTORS

GST Invoice Billing Inventory, a business accounting app for small and medium
businesses with over 1M downloads has left a database open, exposing sensitive
personal and corporate data up for grabs. ...

Pierluigi Paganini December 06, 2023
Security

THREAT ACTORS BREACHED US GOVT SYSTEMS BY EXPLOITING ADOBE COLDFUSION FLAW

The U.S. CISA warns that threat actors are actively exploiting a critical
vulnerability in Adobe ColdFusion to breach government agencies. The U.S.
Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini December 06, 2023
Security

ENISA PUBLISHED THE ENISA THREAT LANDSCAPE FOR DOS ATTACKS REPORT

ENISA published the ENISA Threat Landscape for DoS Attacks report to bring new
insights to the DoS threat landscape. Denial-of-Service (DoS) attacks pose a
persistent and significant security risk ...

Pierluigi Paganini December 05, 2023
APT

RUSSIA-LINKED APT28 GROUP SPOTTED EXPLOITING OUTLOOK FLAW TO HIJACK MS EXCHANGE
ACCOUNTS

Microsoft warns that the Russia-linked APT28 group is actively exploiting the
CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. Microsoft's
Threat Intelligence is warning of Russi ...

Pierluigi Paganini December 05, 2023
Mobile

GOOGLE FIXED CRITICAL ZERO-CLICK RCE IN ANDROID

Google fixed a critical zero-click RCE vulnerability (CVE-2023-40088) with the
release of the December 2023 Android security updates. Google December 2023
Android security updates addressed 85 vul ...

Pierluigi Paganini December 05, 2023
Malware

NEW P2PINFECT BOT TARGETS ROUTERS AND IOT DEVICES

Cybersecurity researchers discovered a new variant of the P2PInfect botnet that
targets routers and IoT devices. Researchers at Cado Security Labs discovered a
new variant of the P2Pinfect botne ...

Pierluigi Paganini December 04, 2023
Cyber Crime

MALVERTISING ATTACKS RELY ON DANABOT TROJAN TO SPREAD CACTUS RANSOMWARE

Microsoft warns of ongoing malvertising attacks using the DanaBot malware to
deploy the CACTUS ransomware. Microsoft uncovered ongoing malvertising attacks
using the DanaBot Trojan (Storm-1044) to ...

Pierluigi Paganini December 04, 2023
Cyber Crime

LOCKBIT ON A ROLL - ICBC RANSOMWARE ATTACK STRIKES AT THE HEART OF THE GLOBAL
FINANCIAL ORDER

The LockBit ransomware attack on the Industrial & Commercial Bank of China
demonstrates the weakness of global financial system to cyberattacks. The
ransomware breach that crippled U.S. Treasu ...

Pierluigi Paganini December 04, 2023
Security

ZYXEL FIXED TENS OF FLAWS IN FIREWALLS, ACCESS POINTS, AND NAS DEVICES

Zyxel addressed tens of vulnerabilities that expose users to cyber attacks,
including command injection and authentication bypass. Taiwanese vendor Zyxel
addressed tens of vulnerabilities in its f ...

Pierluigi Paganini December 04, 2023
Malware

NEW AGENT RACCOON MALWARE TARGETS THE MIDDLE EAST, AFRICA AND THE US

Threat actors are using the Agent Raccoon malware in attacks against
organizations in the Middle East, Africa and the U.S. Unit42 researchers
uncovered a new backdoor named Agent Raccoon, which is ...

Pierluigi Paganini December 03, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 448 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini December 03, 2023
Hacking

RESEARCHERS DEVISED AN ATTACK TECHNIQUE TO EXTRACT CHATGPT TRAINING DATA

Researchers devised an attack technique that could have been used to trick
ChatGPT into disclosing training data. A team of researchers from several
universities and Google have demonstrated an at ...

Pierluigi Paganini December 02, 2023
Security

FORTUNE-TELLING WEBSITE WEMYSTIC EXPOSES 13M+ USER RECORDS

WeMystic, a website on astrology, numerology, tarot, and spiritual orientation,
left an open database exposing 34GB of sensitive data about the platforms'
users. Telling the future is a tricky bus ...

Pierluigi Paganini December 02, 2023
Security

EXPERT WARNS OF TURTLE MACOS RANSOMWARE

The popular cybersecurity researcher Patrick Wardle dissected the new macOS
ransomware Turtle used to target Apple devices. The popular cyber security
researcher Patrick Wardle published a detaile ...

Pierluigi Paganini December 01, 2023
Cyber Crime

BLACK BASTA RANSOMWARE GANG ACCUMULATED AT LEAST $107 MILLION IN BITCOIN RANSOM
PAYMENTS SINCE EARLY 2022

The Black Basta ransomware gang infected over 300 victims accumulating ransom
payments exceeding $100 million since early 2022. The Black Basta ransomware
group has been active since April 2022, l ...

Pierluigi Paganini December 01, 2023
Security

CISA ADDS OWNCLOUD AND GOOGLE CHROME BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

US CISA added ownCloud and Google Chrome vulnerabilities to its Known Exploited
Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security
Agency (CISA) added ownCloud and Googl ...

Pierluigi Paganini December 01, 2023
Security

APPLE ADDRESSED 2 NEW IOS ZERO-DAY VULNERABILITIES

Apple released emergency security updates to fix two actively exploited zero-day
flaws impacting iPhone, iPad, and Mac devices. Apple released emergency security
updates to address two zero-day vu ...

Pierluigi Paganini November 30, 2023
Hacking

CRITICAL ZOOM ROOM BUG ALLOWED TO GAIN ACCESS TO ZOOM TENANTS

A critical vulnerability in Zoom Room allowed threat actors to take over
meetings and steal sensitive data. Researchers at AppOms discovered a
vulnerability in Zoom Room as part of the HackerOne ...

Pierluigi Paganini November 30, 2023
Cyber Crime

RHYSIDA RANSOMWARE GROUP HACKED KING EDWARD VII’S HOSPITAL IN LONDON

The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital
in London. King Edward VII's Hospital is a private hospital located on Beaumont
Street in the Marylebone district o ...

Pierluigi Paganini November 30, 2023
Security

GOOGLE ADDRESSED THE SIXTH CHROME ZERO-DAY VULNERABILITY IN 2023

Google released security updates to address a new actively exploited zero-day
vulnerability, tracked as CVE-2023-6345, in the Chrome browser. Google on
Wednesday released security updates to addre ...

Pierluigi Paganini November 29, 2023
Hacking

OKTA REVEALS ADDITIONAL ATTACKERS' ACTIVITIES IN OCTOBER 2023 BREACH

Cloud identity and access management solutions provider Okta revealed additional
threat actor activity linked to the October 2023 breach. Okta provided
additional details about the October 20 ...

Pierluigi Paganini November 29, 2023
Security

THOUSANDS OF SECRETS LURK IN APP IMAGES ON DOCKER HUB

Thousands of secrets have been left exposed on Docker Hub, a platform where web
developers collaborate on their code for web applications. While some are
harmless API keys, others could lead to unaut ...

Pierluigi Paganini November 29, 2023
Hacking

THREAT ACTORS STARTED EXPLOITING CRITICAL OWNCLOUD FLAW CVE-2023-49103

Threat actors started exploiting a critical ownCloud vulnerability
(CVE-2023-49103) that can lead to sensitive information disclosure. ownCloud is
an open-source software platform designed for fil ...

Pierluigi Paganini November 28, 2023
Cyber Crime

INTERNATIONAL POLICE OPERATION DISMANTLED A PROMINENT UKRAINE-BASED RANSOMWARE
GROUP

An international law enforcement operation dismantled the core of a ransomware
group operating from Ukraine. A joint law enforcement operation led by Europol
and Eurojust, with the support of the ...

Pierluigi Paganini November 28, 2023
Cyber Crime

DAIXIN TEAM GROUP CLAIMED THE HACK OF NORTH TEXAS MUNICIPAL WATER DISTRICT

The Daixin Team group claims to have hacked the North Texas Municipal Water
District (US) and threatened to leak the stolen data. The North Texas Municipal
Water District (NTMWD) is a regional wa ...

Pierluigi Paganini November 28, 2023
Cyber Crime

HEALTHCARE PROVIDER ARDENT HEALTH SERVICES DISCLOSED A RANSOMWARE ATTACK

The US Healthcare provider Ardent Health Services disclosed that it was the
victim of a ransomware attack last week. Ardent Health Services is a healthcare
company that operates hospitals and othe ...

Pierluigi Paganini November 28, 2023
Cyber warfare

UKRAINE'S INTELLIGENCE SERVICE HACKED RUSSIA'S FEDERAL AIR TRANSPORT AGENCY,
ROSAVIATSIA

Ukraine's intelligence service announced the hack of the Russian Federal Air
Transport Agency, 'Rosaviatsia.' Ukraine's intelligence service announced they
have hacked Russia's Federal Air Transpo ...

Pierluigi Paganini November 27, 2023
Hacktivism

IRANIAN HACKER GROUP CYBER AV3NGERS HACKED THE MUNICIPAL WATER AUTHORITY OF
ALIQUIPPA IN PENNSYLVANIA

Threat actors breached the Municipal Water Authority of Aliquippa in
Pennsylvania and took control of a booster station. During the weekend, Iranian
threat actors hacked the Municipal Water Author ...

Pierluigi Paganini November 27, 2023
Hacking

THE HACK OF MSP PROVIDER CTS POTENTIALLY IMPACTED HUNDREDS OF UK LAW FIRMS

The cyber attack that hit the managed service provider (MSP) CTS potentially
impacted hundreds in the United Kingdom. CTS is a trusted provider of IT
services to the legal sector in the UK. The co ...

Pierluigi Paganini November 27, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 447 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini November 26, 2023
Cyber Crime

RHYSIDA RANSOMWARE GANG CLAIMED CHINA ENERGY HACK

The Rhysida ransomware group claimed to have hacked the Chinese state-owned
energy conglomerate China Energy Engineering Corporation. The Rhysida ransomware
gang added the China Energy Engineering ...

Pierluigi Paganini November 25, 2023
APT

NORTH KOREA-LINKED APT LAZARUS IS USING A MAGICLINE4NX ZERO-DAY FLAW IN SUPPLY
CHAIN ATTACK

UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a
MagicLine4NX zero-day flaw in supply-chain attack The National Cyber Security
Centre (NCSC) and Korea's National Int ...

Pierluigi Paganini November 25, 2023
Malware

HAMAS-LINKED APT USES RUST-BASED SYSJOKER BACKDOOR AGAINST ISRAEL

Researchers reported that a Hamas-linked APT group is using a Rust-based
SysJoker backdoor against Israeli entities. Check Point researchers observed a
Hamas-linked APT group is using the SysJoker ...

Pierluigi Paganini November 25, 2023
Security

APP USED BY HUNDREDS OF SCHOOLS LEAKING CHILDREN'S DATA

Almost a million files with minors' data, including home addresses and photos
were left open to anyone on the internet, posing a threat to children. During a
recent investigation, the Cybernews re ...

Pierluigi Paganini November 24, 2023
Security

MICROSOFT LAUNCHED ITS NEW MICROSOFT DEFENDER BOUNTY PROGRAM

Microsoft announced this week it will pay up to $20,000 for security
vulnerabilities in its Defender products. Microsoft launched its new Microsoft
Defender Bounty Program with a focus on Defender ...

Pierluigi Paganini November 24, 2023
Hacking

EXPOSED KUBERNETES CONFIGURATION SECRETS CAN FUEL SUPPLY CHAIN ATTACKS

Researchers warn of publicly exposed Kubernetes configuration secrets that could
pose a threat of supply chain attack for organizations. Aqua Nautilus
researchers warn of publicly exposed Kubernet ...

Pierluigi Paganini November 24, 2023
APT

NORTH KOREA-LINKED KONNI APT USES RUSSIAN-LANGUAGE WEAPONIZED DOCUMENTS

North Korea-linked Konni APT group used Russian-language Microsoft Word
documents to deliver malware. FortiGuard Labs researchers observed the North
Korea-linked Konni APT group using a weaponized ...

Pierluigi Paganini November 24, 2023
Malware

CLEARFAKE CAMPAIGN SPREADS MACOS AMOS INFORMATION STEALER

Threat actors spread Atomic Stealer (AMOS) macOS information stealer via a bogus
web browser update as part of the ClearFake campaign. Atomic Stealer (AMOS)
macOS information stealer is now being ...

Pierluigi Paganini November 23, 2023
Data Breach

WELLTOK DATA BREACH IMPACTED 8.5 MILLION PATIENTS IN THE U.S.

Healthcare services provider Welltok disclosed a data breach that impacted
nearly 8.5 million patients in the U.S. Welltok is a company that specializes in
health optimization solutions. It provi ...

Pierluigi Paganini November 23, 2023
APT

NORTH KOREA-LINKED APT DIAMOND SLEET SUPPLY CHAIN ATTACK RELIES ON CYBERLINK
SOFTWARE

North Korea-linked APT group Diamond Sleet is distributing a trojanized version
of the CyberLink software in a supply chain attack. Microsoft Threat
Intelligence researchers uncovered a supply cha ...

Pierluigi Paganini November 23, 2023
Data Breach

AUTOMOTIVE PARTS GIANT AUTOZONE DISCLOSED DATA BREACH AFTER MOVEIT HACK

American retailer and distributor of automotive parts and accessories AutoZone
discloses a data breach after a MOVEit attack. AutoZone is an American retailer
and distributor of automotive parts a ...

Pierluigi Paganini November 23, 2023
Malware

NEW INFECTEDSLURS MIRAI-BASED BOTNET EXPLOITS TWO ZERO-DAYS

Mirai-based botnet InfectedSlurs has been spotted exploiting two zero-day RCE
flaws to compromise routers and video recorder (NVR) devices. Akamai warned of a
new Mirai-based DDoS botnet, named In ...

Pierluigi Paganini November 22, 2023
Hacktivism

SIEGEDSEC HACKTIVIST GROUP HACKED IDAHO NATIONAL LABORATORY (INL)

The Idaho National Laboratory (INL) disclosed a data breach after the SiegedSec
hacktivist group leaked stolen human resources data. SiegedSec hacktivists group
claimed responsibility for the hack ...

Pierluigi Paganini November 22, 2023
Security

CISA ADDS LOONEY TUNABLES LINUX BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

US CISA adds Looney Tunables Linux flaw to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Infrastructure Security Agency
(CISA) added Looney Tunables Linux ...

Pierluigi Paganini November 22, 2023
Hacking

CITRIX PROVIDES ADDITIONAL MEASURES TO ADDRESS CITRIX BLEED

Citrix urges admins to kill NetScaler user sessions after patching their
appliances against the CVE-2023-4966 Citrix Bleed vulnerability. Citrix is
providing additional measures to admins who are ...

Pierluigi Paganini November 22, 2023
Digital ID

TOR PROJECT REMOVED SEVERAL RELAYS ASSOCIATED WITH A SUSPICIOUS CRYPTOCURRENCY
SCHEME

The Tor Project removed several relays that were used as part of a
cryptocurrency scheme and represented a threat to the users.  The Tor Project
announced the removal of multiple network relays t ...

Pierluigi Paganini November 21, 2023
Malware

EXPERTS WARN OF A SURGE IN NETSUPPORT RAT ATTACKS AGAINST EDUCATION AND
GOVERNMENT SECTORS

Experts warn of a surge in NetSupport RAT attacks against education, government,
and business services sectors. The Carbon Black Managed Detection & Response
team is warning of a surge in the ...

Pierluigi Paganini November 21, 2023
Security

THE TOP 5 REASONS TO USE AN API MANAGEMENT PLATFORM

Organizations need to govern and control the API ecosystem, this governance is
the role of API management. Uber uses APIs (Application Programming Interfaces)
to connect with third-party services ...

Pierluigi Paganini November 21, 2023
Data Breach

CANADIAN GOVERNMENT IMPACTED BY DATA BREACHES OF TWO OF ITS CONTRACTORS

The Canadian government discloses a data breach after threat actors hacked two
of its contractors.  The Canadian government declared that two of its
contractors,Brookfield Global Relocation S ...

Pierluigi Paganini November 20, 2023
Data Breach

RHYSIDA RANSOMWARE GANG IS AUCTIONING DATA STOLEN FROM THE BRITISH LIBRARY

The Rhysida ransomware group claimed responsibility for the recent cyberattack
on the British Library that has caused a major IT outage. The Rhysida ransomware
gang added the British Library to th ...

Pierluigi Paganini November 20, 2023
APT

RUSSIA-LINKED APT29 GROUP EXPLOITED WINRAR 0DAY IN ATTACKS AGAINST EMBASSIES

Russia-linked cyberespionage group APT29 has been observed leveraging the
CVE-2023-38831 vulnerability in WinRAR in recent attacks. The Ukrainian National
Security and Defense Council (NDSC) repor ...

Pierluigi Paganini November 20, 2023
APT

DARKCASINO JOINS THE LIST OF APT GROUPS EXPLOITING WINRAR ZERO-DAY

The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day
vulnerability tracked as CVE-2023-38831. Researchers at cybersecurity firm
NSFOCUS analyzed DarkCasino attack pattern exploi ...

Pierluigi Paganini November 20, 2023
Cyber Crime

US TEENAGER PLEADS GUILTY TO HIS ROLE IN CREDENTIAL STUFFING ATTACK ON A BETTING
SITE

US teenager Joseph Garrison pleads guilty to carrying out a credential stuffing
attack on a betting website. US teenager Joseph Garrison (19) has pleaded guilty
to his involvement in a credential ...

Pierluigi Paganini November 20, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 446 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini November 19, 2023
Malware

8BASE RANSOMWARE OPERATORS USE A NEW VARIANT OF THE PHOBOS RANSOMWARE

8Base ransomware operators were observed using a variant of the Phobos
ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base
ransomware operators using a variant of the ...

Pierluigi Paganini November 19, 2023
APT

RUSSIAN APT GAMAREDON USES USB WORM LITTERDRIFTER AGAINST UKRAINE

Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm
called LitterDrifter via USB. Check Point researchers observed Russia-linked
Gamaredon spreading the worm called  ...

Pierluigi Paganini November 18, 2023
Breaking News

THE BOARD OF DIRECTORS OF OPENAI FIRED SAM ALTMAN

OpenAI fired its CEO Sam Altman, and the Chief technology officer Mira Murati
appointed interim CEO to lead the company. Sam Altman has been removed as CEO of
OpenAI. The company announced that Mi ...

Pierluigi Paganini November 17, 2023
Data Breach

MEDUSA RANSOMWARE GANG CLAIMS THE HACK OF TOYOTA FINANCIAL SERVICES

Toyota Financial Services discloses unauthorized activity on systems after the
Medusa ransomware gang claimed to have hacked the company. Toyota Financial
Services confirmed the discovery of unaut ...

Pierluigi Paganini November 17, 2023
Security

CISA ADDS SOPHOS WEB APPLIANCE BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

US CISA added three new vulnerabilities (tracked as CVE-2023-36584,
CVE-2023-1671, and CVE-2023-2551) to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini November 17, 2023
APT

ZIMBRA ZERO-DAY EXPLOITED TO STEAL GOVERNMENT EMAILS BY FOUR GROUPS

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite
zero-day (CVE-2023-37580) to steal emails from governments. Google Threat
Analysis Group (TAG) researchers revealed t ...

Pierluigi Paganini November 16, 2023
Data Breach

VIETNAM POST EXPOSES 1.2TB OF DATA, INCLUDING EMAIL ADDRESSES

Vietnam Post Corporation, a Vietnamese government-owned postal service, exposed
security logs and employee email addresses to external cyber threats Vietnam
Post Corporation, a Vietnamese governme ...

Pierluigi Paganini November 16, 2023
Data Breach

SAMSUNG SUFFERED A NEW DATA BREACH

Samsung Electronics disclosed a data breach that exposed customer personal
information to an unauthorized individual. Samsung Electronics suffered a data
breach that exposed the personal informati ...

Pierluigi Paganini November 16, 2023
Malware

FBI AND CISA WARN OF ATTACKS BY RHYSIDA RANSOMWARE GANG

The FBI and CISA warn of attacks carried out by the Rhysida ransomware group
against organizations across multiple industry sectors. FBI and CISA published a
joint Cybersecurity Advisory (CSA) to ...

Pierluigi Paganini November 16, 2023
Security

CRITICAL FLAW FIXED IN SAP BUSINESS ONE PRODUCT

Enterprise software giant SAP addressed a critical improper access control
vulnerability in its Business One product. SAP November 2023 Security Patch Day
includes three new and three updated secu ...

Pierluigi Paganini November 15, 2023
Cyber Crime

LAW ENFORCEMENT AGENCIES DISMANTLED THE ILLEGAL BOTNET PROXY SERVICE IPSTORM

The Federal Bureau of Investigation (FBI) dismantled the infrastructure behind
the illegal botnet proxy service IPStorm. The IPStorm botnet was first uncovered
in May 2019 while targeting Windows ...

Pierluigi Paganini November 15, 2023
Security

GAMBLERS’ DATA COMPROMISED AFTER CASINO GIANT STRENDUS FAILS TO SET PASSWORD

Mexican online casino Strendus has exposed sensitive user data, including home
addresses and the amounts of money they spent on gambling. Strendus, one of the
biggest online casinos in Mexico has ...

Pierluigi Paganini November 15, 2023
Security

VMWARE DISCLOSED A CRITICAL AND UNPATCHED AUTHENTICATION BYPASS FLAW IN VMWARE
CLOUD DIRECTOR APPLIANCE

VMware disclosed a critical bypass vulnerability in VMware Cloud Director
Appliance that can be exploited to bypass login restrictions when authenticating
on certain ports. VMware disclosed an aut ...

Pierluigi Paganini November 15, 2023
APT

DANISH CRITICAL INFRASTRUCTURE HIT BY THE LARGEST CYBER ATTACK IN DENMARK'S
HISTORY

Danish critical infrastructure was hit by the largest cyber attack on record
that hit the country, according to Denmark's SektorCERT. In May, Danish critical
infrastructure faced the biggest cyber ...

Pierluigi Paganini November 14, 2023
Cyber Crime

MAJOR AUSTRALIAN PORTS BLOCKED AFTER A CYBER ATTACK ON DP WORLD

A cyber attack on the logistics giant DP World caused significant disruptions in
the operations of several major Australian ports. A cyberattack hit the
international logistics firm DP World Aust ...

Pierluigi Paganini November 14, 2023
Malware

NUCLEAR AND OIL & GAS ARE MAJOR TARGETS OF RANSOMWARE GROUPS IN 2024

Experts warn of an alarming rise in ransomware operations targeting the energy
sector, including nuclear facilities and related research entities. Resecurity,
Inc. (USA) protecting major Fortune 1 ...

Pierluigi Paganini November 14, 2023
Security

CISA ADDS FIVE VULNERABILITIES IN JUNIPER DEVICES TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

US CISA added four vulnerabilities (tracked as CVE-2023-36844, CVE-2023-36845,
CVE-2023-36846, and CVE-2023-36847) in Juniper devices to its Known Exploited
Vulnerabilities catalog. The U.S. Cybe ...

Pierluigi Paganini November 13, 2023
Cyber Crime

LOCKBIT RANSOMWARE GANG LEAKED DATA STOLEN FROM BOEING

The LockBit ransomware group published data allegedly stolen from the aerospace
giant Boeing in a recent attack. The Boeing Company, commonly known as Boeing,
is one of the world’s largest aeros ...

Pierluigi Paganini November 13, 2023
APT

NORTH KOREA-LINKED APT SAPPHIRE SLEET TARGETS IT JOB SEEKERS WITH BOGUS SKILLS
ASSESSMENT PORTALS

North Korea-linked APT group Sapphire Sleet set up bogus skills assessment
portals in attacks aimed at IT job seekers. The North Korea-linked APT group
Sapphire Sleet (aka APT38, BlueNoroff, Cagey ...

Pierluigi Paganini November 13, 2023
Data Breach

THE LORENZ RANSOMWARE GROUP HIT TEXAS-BASED COGDELL MEMORIAL HOSPITAL

The Lorenz extortion group leaked the data stolen from the Texas-based Cogdell
Memorial Hospital. In early November, the Cogdell Memorial Hospital (Scurry
County Hospital District) announced it w ...

Pierluigi Paganini November 12, 2023
Data Breach

THE STATE OF MAINE DISCLOSED A DATA BREACH THAT IMPACTED 1.3M PEOPLE

The State of Maine disclosed a data breach that impacted about 1.3 million
people after an attack hit its MOVEit file transfer install. The State of Maine
was the victim of the large-scale hack ...

Pierluigi Paganini November 12, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 445 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini November 12, 2023
Cyber Crime

POLICE SEIZED BULLETPROFTLINK PHISHING-AS-A-SERVICE (PHAAS) PLATFORM

The Royal Malaysian Police announced the seizure of the
notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal
Malaysian Police announced to have dismantled the notorious Bu ...

Pierluigi Paganini November 11, 2023
Cyber Crime

SERBIAN PLEADS GUILTY TO RUNNING ‘MONOPOLY’ DARK WEB DRUG MARKET

The Serbian citizen Milomir Desnica (33) has pleaded guilty to running the dark
web Monopoly drug marketplace. Milomir Desnica, a 33-year-old Serbian citizen,
admited to being responsible for oper ...

Pierluigi Paganini November 11, 2023
Data Breach

MCLAREN HEALTH CARE REVEALED THAT A DATA BREACH IMPACTED 2.2 MILLION PEOPLE

McLaren Health Care (McLaren) experienced a data breach that compromised the
sensitive personal information of approximately 2.2 million individuals. McLaren
Health Care (McLaren) disclosed a data ...

Pierluigi Paganini November 10, 2023
Hacktivism

AFTER CHATGPT, ANONYMOUS SUDAN TOOK DOWN THE CLOUDFLARE WEBSITE

After ChatGPT, Anonymous Sudan took down the Cloudflare website with a
distributed denial-of-service (DDoS) attack. The hacktivist group Anonymous
Sudan claimed responsibility for the massive di ...

Pierluigi Paganini November 10, 2023
Hacking

INDUSTRIAL AND COMMERCIAL BANK OF CHINA (ICBC) SUFFERED A RANSOMWARE ATTACK

The Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack
that disrupted trades in the US Treasury market. The Industrial and Commercial
Bank of China (ICBC) announced it has ...

Pierluigi Paganini November 10, 2023
Hacking

SYSAID ZERO-DAY EXPLOITED BY CLOP RANSOMWARE GROUP

Microsoft spotted the exploitation of a SysAid zero-day vulnerability in limited
attacks carried out by the Lace Tempest group. Microsoft reported the
exploitation of a zero-day vulnerability, tra ...

Pierluigi Paganini November 10, 2023
Cyber Crime

DOLLY.COM PAYS RANSOM, ATTACKERS RELEASE DATA ANYWAY

On-demand moving and delivery platform Dolly.com allegedly paid a ransom but
crooks found an excuse not to hold their end of the bargain. Cybercriminals are
hardly a trustworthy bunch. Case in poi ...

Pierluigi Paganini November 10, 2023
Hacktivism

DDOS ATTACK LEADS TO SIGNIFICANT DISRUPTION IN CHATGPT SERVICES

OpenAI confirmed that the outage suffered by ChatGPT and its API on Wednesday
was caused by a distributed denial-of-service (DDoS) attack. OpenAI confirmed
earlier today that the outage suffered ...

Pierluigi Paganini November 09, 2023
APT

RUSSIAN SANDWORM DISRUPTS POWER IN UKRAINE WITH A NEW OT ATTACK

Mandiant reported that Russia-linked Sandworm APT used a novel OT attack to
cause power outages during mass missile strikes on Ukraine. Mandiant researchers
reported that Russia-linked APT group S ...

Pierluigi Paganini November 09, 2023
Security

VEEAM FIXED MULTIPLE FLAWS IN VEEAM ONE, INCLUDING CRITICAL ISSUES

Veeam addressed multiple vulnerabilities in its Veeam ONE IT infrastructure
monitoring and analytics platform, including two critical issues. Veeam
addressed four vulnerabilities (CVE-2023-38547, ...

Pierluigi Paganini November 07, 2023
Security

PRO-PALESTINIAN HACKERS GROUP 'SOLDIERS OF SOLOMON' DISRUPTED THE PRODUCTION
CYCLE OF THE BIGGEST FLOUR PRODUCTION PLANT IN ISRAEL

Pro-Palestinian hackers group 'Soldiers of Solomon' claims to have hacked one of
the largest Israeli flour plants causing severe damage to the operations. The
Pro-Palestinian hackers group 'Soldie ...

Pierluigi Paganini November 07, 2023
APT

IRANIAN AGONIZING SERPENS APT IS TARGETING ISRAELI ENTITIES WITH DESTRUCTIVE
CYBER ATTACKS

Iran-linked Agonizing Serpens group has been targeting Israeli organizations
with destructive cyber attacks since January. Iran-linked Agonizing Serpens
group (aka Agrius, BlackShadow,&n ...

Pierluigi Paganini November 07, 2023
Security

CRITICAL CONFLUENCE FLAW EXPLOITED IN RANSOMWARE ATTACKS

Experts warn threat actors that started exploiting a recent critical flaw
CVE-2023-22518 in Confluence Data Center and Confluence Server. Over the weekend
threat actors started exploiting a recent ...

Pierluigi Paganini November 06, 2023
Security

QNAP FIXED TWO CRITICAL VULNERABILITIES IN QTS OS AND APPS

Taiwanese vendor QNAP warns of two critical command injection flaws in the QTS
operating system and applications on its NAS devices. Taiwanese vendor QNAP
Systems addressed two critical command in ...

Pierluigi Paganini November 06, 2023
Hacking

ATTACKERS USE GOOGLE CALENDAR RAT TO ABUSE CALENDAR SERVICE AS C2 INFRASTRUCTURE

Google warns of multiple threat actors that are leveraging its Calendar service
as a command-and-control (C2) infrastructure. Google warns of multiple threat
actors sharing a public proof-of-con ...

Pierluigi Paganini November 06, 2023
Cyber Crime

SOCKS5SYSTEMZ PROXY SERVICE DELIVERED VIA PRIVATELOADER AND AMADEY

Threat actors infected more than 10,000 devices worldwide with the
'PrivateLoader' and 'Amadey' loaders to recruit them into the proxy botnet
'Socks5Systemz.' Bitsight researchers uncovered a pro ...

Pierluigi Paganini November 06, 2023
Breaking News

US GOVT SANCTIONED A RUSSIAN WOMAN FOR LAUNDERING VIRTUAL CURRENCY ON BEHALF OF
THREAT ACTORS

The Treasury Department sanctioned a Russian woman accused of laundering virtual
currency on behalf of cybercriminals. The Department of the Treasury’s Office of
Foreign Assets Control (OFAC) on ...

Pierluigi Paganini November 05, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 444 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini November 05, 2023
APT

LAZARUS TARGETS BLOCKCHAIN ENGINEERS WITH NEW KANDYKORN MACOS MALWARE

North Korea-linked Lazarus group is using new KandyKorn macOS Malware in attacks
against blockchain engineers. North Korea-linked Lazarus APT group were spotted
using new KandyKorn macOS malware i ...

Pierluigi Paganini November 05, 2023
Hacking

KINSING THREAT ACTORS PROBED THE LOONEY TUNABLES FLAWS IN RECENT ATTACKS

Kinsing threat actors are exploiting the recently disclosed Linux privilege
escalation flaw Looney Tunables to target cloud environments. Researchers are
cloud security firm Aqua have observed th ...

Pierluigi Paganini November 04, 2023
Hacking

ZDI DISCLOSES FOUR ZERO-DAY FLAWS IN MICROSOFT EXCHANGE

Researchers disclosed four zero-day flaws in Microsoft Exchange that can be
remotely exploited to execute arbitrary code or disclose sensitive information
on vulnerable installs. Trend Micro's Zer ...

Pierluigi Paganini November 03, 2023
Data Breach

OKTA CUSTOMER SUPPORT SYSTEM BREACH IMPACTED 134 CUSTOMERS

Threat actors who breached the Okta customer support system also gained access
to files belonging to 134 customers. Threat actors who breached the Okta
customer support system in October gained ac ...

Pierluigi Paganini November 03, 2023
Mobile

MULTIPLE WHATSAPP MODS SPOTTED CONTAINING THE CANESSPY SPYWARE

Kaspersky researchers are warning of multiple WhatsApp mods that embed a spyware
module dubbed CanesSpy. Kaspersky researchers discovered multiple WhatsApp mods
that embed a spyware module du ...

Pierluigi Paganini November 03, 2023
Cyber warfare

RUSSIAN FSB ARRESTED RUSSIAN HACKERS WHO SUPPORTED UKRAINIAN CYBER OPERATIONS

The FSB arrested two Russian hackers who are accused of having helped Ukrainian
entities carry out cyberattacks on critical infrastructure targets. The Russian
intelligence agency Federal Security ...

Pierluigi Paganini November 03, 2023
APT

MUDDYWATER HAS BEEN SPOTTED TARGETING TWO ISRAELI ENTITIES

Iran-linked cyberespionage group MuddyWater is targeting Israeli entities in a
new spear-phishing campaign. Iran-linked APT group
MuddyWater (aka SeedWorm, TEMP.Zagros, and&nbs ...

Pierluigi Paganini November 03, 2023
Data Breach

CLOP GROUP OBTAINED ACCESS TO THE EMAIL ADDRESSES OF ABOUT 632,000 US FEDERAL
EMPLOYEES

Clop ransomware gang gained access to the email addresses of more than 632K US
federal employees at the departments of Defense and Justice. Russian-speaking
Clop ransomware group gained access to ...

Pierluigi Paganini November 02, 2023
Data Breach

OKTA DISCLOSES A NEW DATA BREACH AFTER A THIRD-PARTY VENDOR WAS HACKED

Okta warns approximately 5,000 employees that their personal information was
compromised due to a third-party vendor data breach. Cloud identity and access
management solutions provider Okta warns ...

Pierluigi Paganini November 02, 2023
Hacking

SUSPECTED EXPLOITATION OF APACHE ACTIVEMQ FLAW CVE-2023-46604 TO INSTALL
HELLOKITTY RANSOMWARE

Rapid7 researchers warn of the suspected exploitation of a recently disclosed
critical security flaw (CVE-2023-46604) in the Apache ActiveMQ. Cybersecurity
researchers at Rapid7 are warning of the ...

Pierluigi Paganini November 02, 2023
Cyber Crime

BOEING CONFIRMED ITS SERVICES DIVISION SUFFERED A CYBERATTACK

Boeing confirmed it is facing a cyber incident that hit its global services
division, the company pointed out that flight safety isn’t affected. The Boeing
Company, commonly known as Boeing, is ...

Pierluigi Paganini November 02, 2023
Data Breach

RESECURITY: INSECURITY OF 3RD-PARTIES LEADS TO AADHAAR DATA LEAKS IN INDIA

Data leaks containing Aadhaar IDs in India were caused by the insecurity of 3rd
parties while aggregating such information for KYC. According to Resecurity, a
global cybersecurity provider protect ...

Pierluigi Paganini November 02, 2023
Cyber Crime

WHO IS BEHIND THE MOZI BOTNET KILL SWITCH?

Researchers speculate that the recent shutdown of the Mozi botnet was the
response of its authors to the pressure from Chinese law enforcement. ESET
researchers speculate that the recent shutdown ...

Pierluigi Paganini November 02, 2023
Hacking

CISA ADDS TWO F5 BIG-IP FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

US CISA added two vulnerabilities, tracked as CVE-2023-46747 and
CVE-2023-46748, in BIG-IP to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure Security Agenc ...

Pierluigi Paganini November 01, 2023
Security

THREAT ACTORS ACTIVELY EXPLOIT F5 BIG-IP FLAWS CVE-2023-46747 AND CVE-2023-46748

Experts warn that threat actors started exploiting the critical flaw
CVE-2023-46747 in F5 BIG-IP installs less than five days after PoC exploit
disclosure. F5 this week warned customers about a cr ...

Pierluigi Paganini November 01, 2023
Malware

PRO-HAMAS HACKTIVIST GROUP TARGETS ISRAEL WITH BIBI-LINUX WIPER

A pro-Hamas hacker group is targeting Israeli entities using a new Linux-based
wiper malware dubbed BiBi-Linux Wiper. During a forensics investigation,
Security Joes Incident Response team di ...

Pierluigi Paganini November 01, 2023
Hacking

BRITISH LIBRARY SUFFERS MAJOR OUTAGE DUE TO CYBERATTACK

Last weekend, the British Library suffered a cyberattack that caused a major IT
outage, impacting many of its services. The British Library is facing a major
outage that impacts the website and ma ...

Pierluigi Paganini November 01, 2023
Security

CRITICAL ATLASSIAN CONFLUENCE FLAW CAN LEAD TO SIGNIFICANT DATA LOSS

Atlassian warned of a critical security vulnerability, tracked as
CVE-2023-22518, in the Confluence Data Center and Server. Atlassian is warning
of a critical security flaw, tracked as CVE-2023-2 ...

Pierluigi Paganini October 31, 2023
Deep Web

WIHD LEAK EXPOSES DETAILS OF ALL TORRENT USERS

World-in-HD (WiHD), a French private video torrent community, left an open
instance exposing the emails and passwords of all of its users and
administrators. WiHD, a popular torrent tracker specia ...

Pierluigi Paganini October 31, 2023
Hacking

EXPERTS RELEASED POC EXPLOIT CODE FOR CISCO IOS XE FLAW CVE-2023-20198

Researchers publicly released the exploit code for the critical Cisco IOS XE
vulnerability tracked as CVE-2023-20198. Researchers from Researchers at
Horizon3.ai publicly released the exploit code ...

Pierluigi Paganini October 31, 2023
Intelligence

CANADA BANS WECHAT AND KASPERSKY APPS ON GOVERNMENT-ISSUED MOBILE DEVICES

Canada banned the Chinese messaging app WeChat and Kaspersky antivirus on
government mobile devices due to privacy and security risks. The Government of
Canada announced a ban on the use of the We ...

Pierluigi Paganini October 31, 2023
Cyber Crime

FLORIDA MAN SENTENCED TO PRISON FOR SIM SWAPPING CONSPIRACY THAT LED TO THEFT OF
$1M IN CRYPTOCURRENCY

A man from Orlando was sentenced to prison for SIM Swapping conspiracy that led
to the theft of approximately $1M in cryptocurrency. Jordan Dave Persad (20),
from Orlando, Florida, was sentenced t ...

Pierluigi Paganini October 30, 2023
Hacking

WIKI-SLACK ATTACK ALLOWS REDIRECTING BUSINESS PROFESSIONALS TO MALICIOUS
WEBSITES

eSentire researchers devised a new attack technique, named Wiki-Slack attack,
that can be used to redirect business professionals to malicious websites.
eSentire Threat Response Unit (TRU) secur ...

Pierluigi Paganini October 30, 2023
Security

HACKERONE AWARDED OVER $300 MILLION BUG HUNTERS

HackerOne announced that it has awarded over $300 million bug hunters as part of
its bug bounty programs since the launch of its platform. HackerOne announced
that it has surpassed $300 million in ...

Pierluigi Paganini October 30, 2023
Malware

STRIPEDFLY, A COMPLEX MALWARE THAT INFECTED ONE MILLION DEVICES WITHOUT BEING
NOTICED

A sophisticated malware tracked as StripedFly remained undetected for five years
and infected approximately one million devices. Researchers from Kaspersky
discovered a sophisticated malware, dubb ...

Pierluigi Paganini October 30, 2023
Hacktivism

IT ARMY OF UKRAINE DISRUPTED INTERNET PROVIDERS IN TERRITORIES OCCUPIED BY
RUSSIA

IT Army of Ukraine hacktivists have temporarily disrupted internet services in
some of the territories that have been occupied by Russia. Ukrainian hacktivists
belonging to the IT Army of Ukraine� ...

Pierluigi Paganini October 29, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 443 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini October 29, 2023
Hacking

BUG HUNTERS EARNED $1,038,250 FOR 58 UNIQUE 0-DAYS AT PWN2OWN TORONTO 2023

The Pwn2Own Toronto 2023 hacking competition is over, bug hunters earned
$1,038,500 for 58 zero-day exploits. The Pwn2Own Toronto 2023 hacking
competition is over, the organizers awarded $1,038,25 ...

Pierluigi Paganini October 28, 2023
Cyber Crime

LOCKBIT RANSOMWARE GANG CLAIMS TO HAVE STOLEN DATA FROM BOEING

The Lockbit ransomware gang claims to have hacked the aerospace manufacturer and
defense contractor Boeing and threatened to leak the stolen data. The Boeing
Company, commonly known as Boeing, is ...

Pierluigi Paganini October 27, 2023
APT

FRANCE AGENCY ANSSI WARNS OF RUSSIA-LINKED APT28 ATTACKS ON FRENCH ENTITIES

France National Agency for the Security of Information Systems warns that the
Russia-linked APT28 group has breached several critical networks. The French
National Agency for the Security of Infor ...

Pierluigi Paganini October 27, 2023
Security

HOW TO COLLECT MARKET INTELLIGENCE WITH RESIDENTIAL PROXIES?

How residential proxies using real IPs from diverse locations enable businesses
to gather comprehensive and accurate data from the web Since the adoption of the
first digital tools and connection ...

Pierluigi Paganini October 27, 2023
Hacking

F5 URGES TO ADDRESS A CRITICAL FLAW IN BIG-IP

F5 warns customers of a critical vulnerability impacting BIG-IP that could lead
to unauthenticated remote code execution. F5 is warning customers about a
critical security vulnerability, tracked a ...

Pierluigi Paganini October 27, 2023
Data Breach

HELLO ALFRED APP EXPOSES USER DATA

Hello Alfred, an in-home hospitality app, left a database accessible without
password protection, exposing almost 170,000 records containing private user
data. Hello Alfred is a one-stop applicat ...

Pierluigi Paganini October 27, 2023
Hacking

ILEAKAGE ATTACK EXPLOITS SAFARI TO STEAL DATA FROM APPLE DEVICES

Boffins devised a new iLeakage side-channel speculative execution attack
exploits Safari to steal sensitive data from Macs, iPhones, and iPads. A team of
researchers from the University of Michiga ...

Pierluigi Paganini October 26, 2023
Hacking

CLOUDFLARE MITIGATED 89 HYPER-VOLUMETRIC HTTP DISTRIBUTED DDOS ATTACKS EXCEEDING
100 MILLION RPS

Cloudflare mitigated thousands of hyper-volumetric HTTP distributed
denial-of-service (DDoS) attacks exploiting the flaw HTTP/2 Rapid Reset.
Cloudflare DDoS threat report of 2023 states that the c ...

Pierluigi Paganini October 26, 2023
Data Breach

SEIKO CONFIRMED A DATA BREACH AFTER BLACKCAT ATTACK

Japanese watchmaker Seiko revealed that the attack that suffered earlier this
year was carried out by the Black Cat ransomware gang. On August 10, 2023, the
Japanese maker of watches Seiko disclos ...

Pierluigi Paganini October 26, 2023
APT

WINTER VIVERN APT EXPLOITED ZERO-DAY IN ROUNDCUBE WEBMAIL SOFTWARE IN RECENT
ATTACKS

Russia-linked threat actor Winter Vivern has been observed exploiting a zero-day
flaw in Roundcube webmail software. Russian APT group Winter Vivern (aka TA473)
has been observed exploiting a ze ...

Pierluigi Paganini October 26, 2023
Hacking

PWN2OWN TORONTO 2023 DAY 1 - ORGANIZERS AWARDED $438,750 IN PRIZES

The Pwn2Own Toronto 2023 hacking contest has begun and during the first day,
participants received $438,750 in prizes! During the Day 1 of the Pwn2Own
Toronto 2023 hacking contest, the organizatio ...

Pierluigi Paganini October 25, 2023
Security

VMWARE ADDRESSED CRITICAL VCENTER FLAW ALSO FOR END-OF-LIFE PRODUCTS

VMware addressed a critical out-of-bounds write vulnerability, tracked
as CVE-2023-34048, that impacts vCenter Server. vCenter Server is a critical
component in VMware virtualization and cloud c ...

Pierluigi Paganini October 25, 2023
Security

CITRIX WARNS ADMINS TO PATCH NETSCALER CVE-2023-4966 BUG IMMEDIATELY

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in
NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure
all NetScaler ADC and Gateway applia ...

Pierluigi Paganini October 25, 2023
Data Breach

NEW ENGLAND BIOLABS LEAK SENSITIVE DATA

On September 18th, the Cybernews research team discovered two publicly hosted
environment files (.env) attributed to New England Biolabs. Leaving environment
files open to the public is one of the ...

Pierluigi Paganini October 25, 2023
Intelligence

FORMER NSA EMPLOYEE PLEADS GUILTY TO ATTEMPTED SELLING CLASSIFIED DOCUMENTS TO
RUSSIA

A former NSA employee has pleaded guilty to charges of attempting to transmit
classified defense information to Russia. Jareh Sebastian Dalke (31), a former
NSA employee has admitted to attempting ...

Pierluigi Paganini October 24, 2023
Hacking

EXPERTS RELEASED POC EXPLOIT CODE FOR VMWARE ARIA OPERATIONS FOR LOGS FLAW.
PATCH IT NOW!

VMware is aware of the availability of a proof-of-concept (PoC) exploit code for
an authentication bypass flaw in VMware Aria Operations for Logs. VMware warned
customers of the availability of a ...

Pierluigi Paganini October 24, 2023
Hacking

HOW DID THE OKTA SUPPORT BREACH IMPACT 1PASSWORD?

1Password detected suspicious activity on its Okta instance after the recent
compromise of the Okta support system. The password management and security
application 1Password announced it had dete ...

Pierluigi Paganini October 24, 2023
Security

PII BELONGING TO INDIAN CITIZENS, INCLUDING THEIR AADHAAR IDS, OFFERED FOR SALE
ON THE DARK WEB

Hundreds of millions of PII records belonging to Indian residents, including
Aadhaar cards, are being offered for sale on the Dark Web. PII Belonging to
Indian Citizens, Including their Aadhaar ID ...

Pierluigi Paganini October 24, 2023
Cyber Crime

SPAIN POLICE DISMANTLED A CYBERCRIMINAL GROUP WHO STOLE THE DATA OF 4 MILLION
INDIVIDUALS

The Spanish police have arrested 34 members of the cybercriminal group that is
accused of having stolen data of over four million individuals. The Spanish
police have arrested 34 members of a cybe ...

Pierluigi Paganini October 24, 2023
Security

CISA ADDS SECOND CISCO IOS XE FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

US CISA added the vulnerability CVE-2023-20273 in Cisco IOS XE to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added the vulner ...

Pierluigi Paganini October 23, 2023
Hacking

CISCO WARNS OF A SECOND IOS XE ZERO-DAY USED TO INFECT DEVICES WORLDWIDE

Cisco found a second IOS XE zero-day vulnerability, tracked as CVE-2023-20273,
which is actively exploited in attacks in the wild. Cisco last
week warned customers of a zero-day vulnerability, ...

Pierluigi Paganini October 23, 2023
Hacking

CITY OF PHILADELPHIA SUFFERS A DATA BREACH

The City of Philadelphia discloses a data breach that resulted from a cyber
attack that took place on May 24 and that compromised City email accounts. The
City of Philadelphia announced it is inve ...

Pierluigi Paganini October 23, 2023
Security

SOLARWINDS FIXED THREE CRITICAL RCE FLAWS IN ITS ACCESS RIGHTS MANAGER PRODUCT

Researchers discovered three critical remote code execution vulnerabilities in
the SolarWinds Access Rights Manager (ARM) product. Security researchers
discovered three critical remote code execu ...

Pierluigi Paganini October 23, 2023
Intelligence

DON'T USE AI-BASED APPS, PHILIPPINE DEFENSE ORDERED ITS PERSONNEL

The Philippine defense ordered its personnel to stop using AI-based applications
to generate personal portraits. The Philippine defense warned of the risks of
using AI-based applications to genera ...

Pierluigi Paganini October 23, 2023
Malware

VIETNAMESE THREAT ACTORS LINKED TO DARKGATE MALWARE CAMPAIGN

Researchers linked Vietnamese threat actors to the string of DarkGate malware
attacks on entities in the U.K., the U.S., and India. WithSecure researchers
linked the recent attacks using the DarkG ...

Pierluigi Paganini October 23, 2023
Intelligence

MI5 CHIEF WARNS OF CHINESE CYBER ESPIONAGE REACHED AN UNPRECEDENTED SCALE

MI5 chief warns Chinese cyber espionage reached an epic scale, more than 20,000
people in the UK have now been targeted. The head of MI5, Ken McCallum, warns
that Chinese spies targeted more than ...

Pierluigi Paganini October 22, 2023
Intelligence

THE ATTACK ON THE INTERNATIONAL CRIMINAL COURT WAS TARGETED AND SOPHISTICATED

The International Criminal Court revealed the recent attack was carried out by a
threat actor for espionage purposes. The International Criminal Court shared
additional information about the cyber ...

Pierluigi Paganini October 22, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 442 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini October 22, 2023
Cyber Crime

A THREAT ACTOR IS SELLING ACCESS TO FACEBOOK AND INSTAGRAM'S POLICE PORTAL

A threat actor is selling access to Facebook and Instagram's Police Portal used
by law enforcement agencies to request data relating to users under
investigation. Cyber security researcher Alon Ga ...

Pierluigi Paganini October 21, 2023
Data Breach

THREAT ACTORS BREACHED OKTA SUPPORT SYSTEM AND STOLE CUSTOMERS' DATA

Okta revealed that threat actors breached its support case management system and
stole sensitive data that can be used in future attacks. Okta says that threat
actors broke into its support case m ...

Pierluigi Paganini October 21, 2023
Security

US DOJ SEIZED DOMAINS USED BY NORTH KOREAN IT WORKERS TO DEFRAUD BUSINESSES
WORLDWIDE

The U.S. government seized 17 website domains used by North Korean IT workers in
a fraudulent scheme to defraud businesses worldwide. The U.S.
government announced the seizure of 17 website doma ...

Pierluigi Paganini October 21, 2023
Cyber Crime

ALLEGED DEVELOPER OF THE RAGNAR LOCKER RANSOMWARE WAS ARRESTED

A joint international law enforcement investigation led to the arrest of a
malware developer who was involved in the Ragnar Locker ransomware operation.
Yesterday we became aware of a joint law en ...

Pierluigi Paganini October 20, 2023
Hacking

CISA ADDS CISCO IOS XE FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

US CISA added the vulnerability CVE-2021-1435 in Cisco IOS XE to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added the vulnera ...

Pierluigi Paganini October 20, 2023
Hacking

TENS OF THOUSANDS CISCO IOS XE DEVICES WERE HACKED BY EXPLOITING CVE-2023-20198

More than 40,000 Cisco IOS XE devices have been compromised in attacks
exploiting recently disclosed critical vulnerability CVE-2023-20198. Researchers
from LeakIX used the indicators of compromis ...

Pierluigi Paganini October 20, 2023
Cyber Crime

LAW ENFORCEMENT OPERATION SEIZED RAGNAR LOCKER GROUP'S INFRASTRUCTURE

An international law enforcement operation shuts down the infrastructure of the
Ragnar Locker ransomware operation. Law enforcement from the US, Europe,
Germany, France, Italy, Japan, Spain, Nethe ...

Pierluigi Paganini October 19, 2023
Security

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

I’m proud to announce the release of the 11th edition of the ENISA Threat
Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen
Agency for cybersecurity ENISA releases ...

Pierluigi Paganini October 19, 2023
APT

NORTH KOREA-LINKED APT GROUPS ACTIVELY EXPLOIT JETBRAINS TEAMCITY FLAW

North Korea-linked threat actors are actively exploiting a critical
vulnerability CVE-2023-42793 in JetBrains TeamCity. Microsoft warns that North
Korea-linked threat actors are actively exploitin ...

Pierluigi Paganini October 19, 2023
APT

MULTIPLE APT GROUPS EXPLOITED WINRAR FLAW CVE-2023-38831

Google TAG reported that both Russia and China-linked threat actors are
weaponizing the a high-severity vulnerability in WinRAR. Google's Threat
Analysis Group (TAG) reported that in recent weeks ...

Pierluigi Paganini October 19, 2023
Data Breach

CALIFORNIAN IT COMPANY DNA MICRO LEAKS PRIVATE MOBILE PHONE DATA

Hundreds of thousands of clients who opted-in for a screen warranty were exposed
when DNA Micro leaked data from its systems. The Cybernews research team found
that DNA Micro, a California-based I ...

Pierluigi Paganini October 18, 2023
Hacking

THREAT ACTORS HAVE BEEN EXPLOITING CVE-2023-4966 IN CITRIX NETSCALER ADC/GATEWAY
DEVICES SINCE AUGUST

Experts reported that the vulnerability CVE-2023-4966 in Citrix NetScaler
ADC/Gateway devices has been exploited in attacks since late August. On October
10, Citrix published a security bulletin ...

Pierluigi Paganini October 18, 2023
Hacking

A FLAW IN SYNOLOGY DISKSTATION MANAGER ALLOWS ADMIN ACCOUNT TAKEOVER

A vulnerability in Synology DiskStation Manager (DSM) could be exploited to
decipher an administrator's password. Researchers from Claroty's Team82
discovered a vulnerability, tracked as CVE-2023- ...

Pierluigi Paganini October 18, 2023
Hacking

D-LINK CONFIRMS DATA BREACH, BUT DOWNPLAYED THE IMPACT

Taiwanese manufacturer D-Link confirmed a data breach after a threat actor
offered for sale on BreachForums stolen data. The global networking equipment
and technology company D-Link confirmed a ...

Pierluigi Paganini October 18, 2023
Breaking News

CVE-2023-20198 ZERO-DAY WIDELY EXPLOITED TO INSTALL IMPLANTS ON CISCO IOS XE
SYSTEMS

Threat actors exploited the recently disclosed zero-day flaw (CVE-2023-20198) in
a large-scale hacking campaign on Cisco IOS XE devices. Threat actors have
exploited the recently disclosed critica ...

Pierluigi Paganini October 17, 2023
APT

RUSSIA-LINKED SANDWORM APT COMPROMISED 11 UKRAINIAN TELECOMMUNICATIONS PROVIDERS

Russia-linked APT group Sandworm has hacked eleven telecommunication service
providers in Ukraine between May and September 2023. The Russia-linked APT group
Sandworm (UAC-0165) has compromised el ...

Pierluigi Paganini October 17, 2023
Cyber Crime

RANSOMWARE REALITIES IN 2023: ONE EMPLOYEE MISTAKE CAN COST A COMPANY MILLIONS

What is the impact of ransomware on organizations? One employee's mistake can
cost a company millions of dollars. Studies show that human error is the root
cause of more than 80% of all cyber brea ...

Pierluigi Paganini October 17, 2023
Malware

MALWARE-LACED 'REDALERT - ROCKET ALERTS' APP TARGETS ISRAELI USERS 

Threat actors are targeting Israeli Android users with a malicious version of
the 'RedAlert – Rocket Alerts' that hide spyware. A threat actor is targeting
Israeli Android users with a spyware-l ...

Pierluigi Paganini October 17, 2023
Hacking

CISCO WARNS OF ACTIVE EXPLOITATION OF IOS XE ZERO-DAY

Cisco warned customers of a critical zero-day vulnerability in its IOS XE
Software that is actively exploited in attacks. Cisco warned customers of a
zero-day vulnerability, tracked as CVE-2023-2 ...

Pierluigi Paganini October 16, 2023
Hacking

SIGNAL DENIES CLAIMS OF AN ALLEGED ZERO-DAY FLAW IN ITS PLATFORM

Encrypted messaging app Signal denied claims of an alleged zero-day flaw in its
platform after a responsible investigation. The popular encrypted messaging app
Signal denied claims of an alleged z ...

Pierluigi Paganini October 16, 2023
Malware

MICROSOFT DEFENDER THWARTED AKIRA RANSOMWARE ATTACK ON AN INDUSTRIAL ENGINEERING
FIRM

Microsoft thwarted a large-scale hacking campaign carried out by Akira
ransomware operators targeting an unknown industrial organization. Microsoft
announced that its Microsoft Defender for Endpo ...

Pierluigi Paganini October 16, 2023
Cyber Crime

DARKGATE MALWARE CAMPAIGN ABUSES SKYPE AND TEAMS

Researchers uncovered an ongoing campaign abusing popular messaging platforms
Skype and Teams to distribute the DarkGate malware. From July to September,
researchers from Trend Micro observed a ma ...

Pierluigi Paganini October 16, 2023
Cyber Crime

THE ALPHV RANSOMWARE GANG STOLE 5TB OF DATA FROM THE MORRISON COMMUNITY HOSPITAL

The Alphv ransomware group added the Morrison Community Hospital to its dark web
leak site. Threat actors continue to target hospitals. The ALPHV/BlackCat
ransomware group claims to have hacked th ...

Pierluigi Paganini October 15, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 441 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini October 15, 2023
Cyber Crime

LOCKBIT RANSOMWARE GANG DEMANDED AN 80 MILLION RANSOM TO CDW

The Lockbit ransomware gang claims to have hacked the technology services giant
CDW and threatens to leak the stolen data. The technology services giant CDW
announced it has launched an investiga ...

Pierluigi Paganini October 14, 2023
Breaking News

CISA WARNS OF VULNERABILITIES AND MISCONFIGURATIONS EXPLOITED IN RANSOMWARE
ATTACKS

CISA warns organizations of vulnerabilities and misconfigurations that are known
to be exploited in ransomware operations. The US cybersecurity agency CISA is
sharing knowledge about vulnerabiliti ...

Pierluigi Paganini October 14, 2023
APT

STAYIN' ALIVE CAMPAIGN TARGETS HIGH-PROFILE ASIAN GOVERNMENT AND TELECOM
ENTITIES. IS IT LINKED TO TODDYCAT APT?

A cyberespionage campaign, tracked as Stayin' Alive, targeted high-profile
government and telecom entities in Asia. Cybersecurity company Check Point
uncovered a malicious activity, tracked as  ...

Pierluigi Paganini October 13, 2023
Uncategorized

FBI AND CISA PUBLISHED A NEW ADVISORY ON AVOSLOCKER RANSOMWARE

FBI and CISA published a joint Cybersecurity Advisory (CSA) to disseminate IOCs,
TTPs, and detection methods associated with AvosLocker ransomware. The joint
Cybersecurity Advisory (CSA) published ...

Pierluigi Paganini October 13, 2023
Hacking

MORE THAN 17,000 WORDPRESS WEBSITES INFECTED WITH THE BALADA INJECTOR IN
SEPTEMBER

In September more than 17,000 WordPress websites have been compromised by
the Balada Injector malware. Sucuri researchers reported that more than 17,000
WordPress websites have been compromised i ...

Pierluigi Paganini October 13, 2023
Malware

RANSOMLOOKER, A NEW TOOL TO TRACK AND ANALYZE RANSOMWARE GROUPS' ACTIVITIES

Ransomlooker monitors ransomware groups' extortion sites and delivers
consolidated feeds of their claims worldwide. Cybernews presented Ransomlooker,
a tool to monitor ransomware groups' extortio ...

Pierluigi Paganini October 12, 2023
Cyber Crime

PHISHING, THE CAMPAIGNS THAT ARE TARGETING ITALY

This post analyzed the numerous phishing campaigns targeting users and
organizations in Italy. Phishing is a ploy to trick users into revealing
personal or financial information through an e-mail ...

Pierluigi Paganini October 12, 2023
Cyber Crime

A NEW MAGECART CAMPAIGN HIDES THE MALICIOUS CODE IN 404 ERROR PAGE

Researchers observed a new Magecart web skimming campaign changing the websites'
default 404 error page to steal credit cards. Researchers from the Akamai
Security Intelligence Group unc ...

Pierluigi Paganini October 12, 2023
Hacking

CISA ADDS ADOBE ACROBAT READER FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

US CISA added the flaw CVE-2023-21608 in Adobe Acrobat Reader to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added five new fl ...

Pierluigi Paganini October 11, 2023
Malware

MIRAI-BASED DDOS BOTNET IZ1H9 ADDED 13 PAYLOADS TO TARGET ROUTERS

A Mirai-based DDoS botnet tracked as IZ1H9 has added thirteen new exploits to
target routers from different vendors, including D-Link, Zyxel, and TP-Link.
Fortinet researchers observed a new Mir ...

Pierluigi Paganini October 11, 2023
Data Breach

AIR EUROPA DATA BREACH EXPOSED CUSTOMERS' CREDIT CARDS

Airline Air Europa disclosed a data breach and warned customers to cancel their
credit cards after threat actors accessed their card information. Air Europa is
a Spanish airline and a subsidiary o ...

Pierluigi Paganini October 11, 2023
Cyber warfare

#OPISRAEL, #FREEPALESTINE & #OPSAUDIARABIA - HOW CYBER ACTORS CAPITALIZE ON WAR
ACTIONS VIA PSY-OPS

Gaza: Resecurity identified threat actors exploiting the conflict to weaponize
psychological operations (PSYOPs) campaigns. Amidst the outbreak of war on the
Gaza Strip last weekend, Resecurity (L ...

Pierluigi Paganini October 11, 2023
Security

MICROSOFT PATCH TUESDAY UPDATES FOR OCTOBER 2023 FIXED THREE ACTIVELY EXPLOITED
ZERO-DAY FLAWS

Microsoft Patch Tuesday security updates for October 2023 fixed three actively
exploited zero-day vulnerabilities. Microsoft Patch Tuesday security updates for
October 2023 addressed a total of 10 ...

Pierluigi Paganini October 11, 2023
Hacking

NEW 'HTTP/2 RAPID RESET' TECHNIQUE BEHIND RECORD-BREAKING DDOS ATTACKS

A new DDoS technique named 'HTTP/2 Rapid Reset' is actively employed in attacks
since August enabling record-breaking attacks. Researchers disclosed a new
zero-day DDoS attack technique, named 'HT ...

Pierluigi Paganini October 10, 2023
Hacking

EXPOSED SECURITY CAMERAS IN ISRAEL AND PALESTINE POSE SIGNIFICANT RISKS

Many poorly configured security cameras are exposed to hacktivists in Israel and
Palestine, placing the owners using them and the people around them at
substantial risk. After the Hamas attacks on ...

Pierluigi Paganini October 10, 2023
Hacking

A FLAW IN LIBCUE LIBRARY IMPACTS GNOME LINUX SYSTEMS

A vulnerability in the libcue library impacting GNOME Linux systems can be
exploited to achieve remote code execution (RCE) on affected hosts. A threat
actor can trigger a vulnerability, tracked a ...

Pierluigi Paganini October 10, 2023
Hacktivism

HACKTIVISTS IN PALESTINE AND ISRAEL AFTER SCADA AND OTHER INDUSTRIAL CONTROL
SYSTEMS

Both pro-Israeli and pro-Palestinian hacktivists have joined the fight and are
targeting SCADA and ICS systems. Both pro-Israeli and pro-Palestinian
hacktivists have joined the fight in the cyber ...

Pierluigi Paganini October 10, 2023
Hacking

LARGE-SCALE CITRIX NETSCALER GATEWAY CREDENTIAL HARVESTING CAMPAIGN EXPLOITS
CVE-2023-3519

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler
gateways affected by the CVE-2023-3519 vulnerability. IBM's X-Force researchers
reported that threat actors are con ...

Pierluigi Paganini October 09, 2023
Malware

THE SOURCE CODE OF THE 2020 VARIANT OF HELLOKITTY RANSOMWARE WAS LEAKED ON A
CYBERCRIME FORUM

A threat actor has leaked the source code for the first version of the
HelloKitty ransomware on a Russian-speaking cybercrime forum. Cybersecurity
researchers 3xp0rt reported that a threat actor ...

Pierluigi Paganini October 09, 2023
Hacking

GAZA-LINKED HACKERS AND PRO-RUSSIA GROUPS ARE TARGETING ISRAEL

Microsoft linked a Gaza-based threat actor tracked as Storm-1133 to a series of
attacks aimed at private organizations in Israel. The fourth annual Digital
Defense Report published by Microsoft l ...

Pierluigi Paganini October 09, 2023
Data Breach

FLAGSTAR BANK SUFFERED A DATA BREACH ONCE AGAIN

Flagstar Bank announced a data breach suffered by a third-party service provider
exposed the personal information of over 800,000 US customers. Flagstar Bank is
warning 837,390 US customers that t ...

Pierluigi Paganini October 09, 2023
Malware

ANDROID DEVICES SHIPPED WITH BACKDOORED FIRMWARE AS PART OF THE BADBOX NETWORK

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and
tablets were shipped with backdoored firmware as part of BADBOX network.
Cybersecurity researchers at Human Security disc ...

Pierluigi Paganini October 09, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 440 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini October 08, 2023
APT

NORTH KOREA-LINKED LAZARUS APT LAUNDERED OVER $900 MILLION THROUGH CROSS-CHAIN
CRIME

North Korea-linked APT group Lazarus has laundered $900 million worth of
cryptocurrency, Elliptic researchers reported. Researchers from blockchain
analytics firm Elliptic reported that threat act ...

Pierluigi Paganini October 08, 2023
Cyber Crime

QAKBOT THREAT ACTORS ARE STILL OPERATIONAL AFTER THE AUGUST TAKEDOWN

Threat actors behind the QakBot malware are still active, since August they are
carrying out a phishing campaign delivering Ransom Knight ransomware and Remcos
RAT. In August, the FBI announced th ...

Pierluigi Paganini October 07, 2023
Cyber Crime

RANSOMWARE ATTACK ON MGM RESORTS COSTS $110 MILLION

Hospitality and entertainment company MGM Resorts announced that the costs of
the recent ransomware attack costs exceeded $110 million. In September the
hospitality and entertainment company MGM R ...

Pierluigi Paganini October 06, 2023
Breaking News

CYBERSECURITY, WHY A HOTLINE NUMBER COULD BE IMPORTANT?

The creation of a dedicated emergency number for cybersecurity could provide an
effective solution to this rapidly growing challenge The growing threat of
cybercrime is calling for new and innovat ...

Pierluigi Paganini October 06, 2023
Hacking

MULTIPLE EXPERTS RELEASED EXPLOITS FOR LINUX LOCAL PRIVILEGE ESCALATION FLAW
LOONEY TUNABLES

Researchers published PoC exploits for CVE-2023-4911 vulnerability (aka Looney
Tunables) impacting most popular Linux distributions. The vulnerability
CVE-2023-4911 (CVSS score 7.8) is a buffer ov ...

Pierluigi Paganini October 06, 2023
Security

CISCO EMERGENCY RESPONDER IS AFFECTED BY A CRITICAL STATIC CREDENTIALS BUG. FIX
IT IMMEDIATELY!

Cisco addressed a critical Static Credentials Vulnerability, tracked as
CVE-2023-20101, impacting Emergency Responder. Cisco released security updates
to address a critical vulnerability, tracked ...

Pierluigi Paganini October 06, 2023
Intelligence

BELGIAN INTELLIGENCE SERVICE VSSE ACCUSED ALIBABA OF ‘POSSIBLE ESPIONAGE’ AT
EUROPEAN HUB IN LIEGE

Belgian intelligence agency State Security Service (VSSE) fears that Chinese
giant Alibaba is spying on logistics to gather financial intelligence. The
Belgian intelligence service VSSE revealed t ...

Pierluigi Paganini October 06, 2023
Hacking

CISA ADDS JETBRAINS TEAMCITY AND WINDOWS FLAWS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

The U.S. CISA added JetBrains TeamCity and Windows vulnerabilities to its Known
Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added the JetBra ...

Pierluigi Paganini October 05, 2023
Hacking

NATO IS INVESTIGATING A NEW CYBER ATTACK CLAIMED BY THE SIEGEDSEC GROUP

NATO is investigating claims that a group called SiegedSec has breached its
systems and leaked a cache of unclassified documents online. NATO announced it
is investigating claims that a politicall ...

Pierluigi Paganini October 05, 2023
Data Breach

GLOBAL CRM PROVIDER EXPOSED MILLIONS OF CLIENTS’ FILES ONLINE

Researcher discovered that global B2B CRM provider Really Simple Systems exposed
online a non-password-protected database with million records. Cybersecurity
Researcher, Jeremiah Fowler, discovere ...

Pierluigi Paganini October 05, 2023
Data Breach

SONY SENT DATA BREACH NOTIFICATIONS TO ABOUT 6,800 INDIVIDUALS

Sony Interactive Entertainment has notified current and former employees and
their family members about a data breach. Sony Interactive Entertainment (SIE)
has notified current and former employee ...

Pierluigi Paganini October 05, 2023
Hacking

APPLE FIXED THE 17TH ZERO-DAY FLAW EXPLOITED IN ATTACKS

Apple released emergency security updates to address a new actively exploited
zero-day vulnerability impacting iPhone and iPad devices. Apple released
emergency security updates to address a new ...

Pierluigi Paganini October 04, 2023
Hacking

ATLASSIAN CONFLUENCE ZERO-DAY CVE-2023-22515 ACTIVELY EXPLOITED IN ATTACKS

Atlassian fixed a critical zero-day flaw in its Confluence Data Center and
Server software, which has been exploited in the wild. Software giant Atlassian
released emergency security updates to ad ...

Pierluigi Paganini October 04, 2023
Hacking

A CYBERATTACK DISRUPTED LYCA MOBILE SERVICES

International mobile virtual network operator Lyca Mobile announced it has been
the victim of a cyber attack that disrupted its network. Lyca Mobile is a mobile
virtual network operator (MVNO) tha ...

Pierluigi Paganini October 04, 2023
Security

CHIPMAKER QUALCOMM WARNS OF THREE ACTIVELY EXPLOITED ZERO-DAYS

Chipmaker Qualcomm addressed 17 vulnerabilities in various components and warns
of three other actively exploited zero-day flaws. Chipmaker Qualcomm released
security updates to address 17 vulnera ...

Pierluigi Paganini October 04, 2023
Reports

DRM REPORT Q2 2023 - RANSOMWARE THREAT LANDSCAPE

The DRM Report Q2 2023 report provides a detailed insight into the ransomware
threat landscape during the period between May and August 2023. In an era where
digitalization has woven its web into ...

Pierluigi Paganini October 04, 2023
Cyber Crime

PHISHING CAMPAIGN TARGETED US EXECUTIVES EXPLOITING A FLAW IN INDEED JOB SEARCH
PLATFORM

Threat actors exploited an open redirection vulnerability in the job search
platform Indeed to carry out phishing attacks. Researchers from the
cybersecurity firm Menlo Security reported that thre ...

Pierluigi Paganini October 04, 2023
Data Breach

SAN FRANCISCO’S TRANSPORT AGENCY EXPOSES DRIVERS’ PARKING PERMITS AND ADDRESSES

A misconfiguration in the Metropolitan Transportation Commission (MTC) systems
caused a leak of over 26K files, exposing clients’ parking permits and home
addresses. The MTC is a governmental ag ...

Pierluigi Paganini October 03, 2023
Malware

BUNNYLOADER, A NEW MALWARE-AS-A-SERVICE ADVERTISED IN CYBERCRIME FORUMS

Cybersecurity researchers spotted a new malware-as-a-service (MaaS)
called BunnyLoader that's appeared in the threat landscape. Zscaler ThreatLabz
researchers discovered a new malware-as-a-servi ...

Pierluigi Paganini October 03, 2023
Breaking News

EXCLUSIVE: LIGHTING THE EXFILTRATION INFRASTRUCTURE OF A LOCKBIT AFFILIATE (AND
MORE)

Researchers have identified the exfiltration infrastructure of a LockBit
affiliate while investigating a LockBit extortion incident that occurred in Q3
2023. Executive Summary We investigated ...

Pierluigi Paganini October 03, 2023
Malware

TWO HACKER GROUPS ARE BACK IN THE NEWS, LOCKBIT 3.0 BLACK AND BLACKCAT/ALPHV

Researchers from cybersecurity firm TG Soft are warning Italian entities and
companies of LockBit 3.0 Black and BlackCat/AlphV attacks. In the last few
weeks, two cybercriminal groups th ...

Pierluigi Paganini October 03, 2023
Data Breach

EUROPEAN TELECOMMUNICATIONS STANDARDS INSTITUTE (ETSI) SUFFERED A DATA BREACH

The European Telecommunications Standards Institute (ETSI) disclosed a data
breach, threat actors had access to a database of its users. Threat actors stole
a database containing the list of users ...

Pierluigi Paganini October 03, 2023
Hacking

WS_FTP FLAW CVE-2023-40044 ACTIVELY EXPLOITED IN THE WILD

Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in
recently disclosed flaw in Progress Software’s WS_FTP products. Progress
Software recently warned customers to address a ...

Pierluigi Paganini October 02, 2023
Data Breach

NATIONAL LOGISTICS PORTAL (NLP) DATA LEAK: SEAPORTS IN INDIA WERE LEFT
VULNERABLE TO TAKEOVER BY HACKERS

The National Logistics Portal (NLP), a newly launched platform to manage all
port operations in India, left public access to sensitive data, posing the risk
of a potential takeover by threat actors. ...

Pierluigi Paganini October 02, 2023
APT

NORTH KOREA-LINKED LAZARUS TARGETED A SPANISH AEROSPACE COMPANY

North Korea-linked APT group Lazarus impersonated Meta's recruiters in an attack
against a Spanish company in the Aerospace industry. ESET researchers linked the
North Korea-linked Lazarus AP ...

Pierluigi Paganini October 02, 2023
Data Breach

RANSOMWARE ATTACK ON JOHNSON CONTROLS MAY HAVE EXPOSED SENSITIVE DHS DATA

Experts warn that the recent attack on building automation giant Johnson
Controls may have exposed data of the Department of Homeland Security (DHS).
Johnson Controls International plc is a multin ...

Pierluigi Paganini October 02, 2023
Cyber Crime

BLACKCAT GANG CLAIMS THEY STOLE DATA OF 2.5 MILLION PATIENTS OF MCLAREN HEALTH
CARE

The ALPHV/BlackCat ransomware gang added McLaren Health Care to the list of
victims on its Tor leak site. McLaren Health Care is a not-for-profit healthcare
system based in Michigan, United States ...

Pierluigi Paganini October 01, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 439 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini October 01, 2023
Cyber Crime

ALPHV/BLACKCAT RANSOMWARE GANG HACKED THE HOTEL CHAIN MOTEL ONE

The ALPHV/BlackCat ransomware gang added the hotel chain Motel One to the list
of victims on its Tor leak site. Motel One is a German hotel chain that offers
budget-friendly accommodations primari ...

Pierluigi Paganini September 30, 2023
Cyber Crime

FBI WARNS OF DUAL RANSOMWARE ATTACKS

The U.S. Federal Bureau of Investigation (FBI) warns of dual ransomware attacks
aimed at the same victims. The U.S. Federal Bureau of Investigation (FBI) is
warning of dual ransomware attacks, a n ...

Pierluigi Paganini September 30, 2023
Breaking News

PROGRESS SOFTWARE FIXED TWO CRITICAL SEVERITY FLAWS IN WS_FTP SERVER

Progress Software has addressed a critical severity vulnerability in its WS_FTP
Server software used by thousands of IT teams worldwide. Progress Software
warned customers to address a critical se ...

Pierluigi Paganini September 30, 2023
Security

CHILD ABUSE SITE TAKEN DOWN, ORGANIZED CHILD EXPLOITATION CRIME SUSPECTED –
EXCLUSIVE

A child abuse site has been taken down following a request to German law
enforcement by Cybernews research team. A hacker collective, who wanted to
remain anonymous, has been relentlessly hunting ...

Pierluigi Paganini September 30, 2023
Hacking

A STILL UNPATCHED ZERO-DAY RCE IMPACTS MORE THAN 3.5M EXIM SERVERS

Experts warn of a critical zero-day vulnerability, tracked as CVE-2023-42115, in
all versions of Exim mail transfer agent (MTA) software. A critical zero-day
vulnerability, tracked as CVE-2023-421 ...

Pierluigi Paganini September 29, 2023
Hacking

CHINESE THREAT ACTORS STOLE AROUND 60,000 EMAILS FROM US STATE DEPARTMENT IN
MICROSOFT BREACH

China-linked threat actors stole around 60,000 emails from U.S. State Department
after breaching Microsoft's Exchange email platform in May. China-linked hackers
who breached Microsoft's email pl ...

Pierluigi Paganini September 29, 2023
Data Breach

MISCONFIGURED WBSC SERVER LEAKS THOUSANDS OF PASSPORTS

The World Baseball Softball Confederation (WBSC) left open a data repository
exposing nearly 50,000 files, some of which were highly sensitive, the Cybernews
research team has discovered. On June ...

Pierluigi Paganini September 29, 2023
Security

CISA ADDS JBOSS RICHFACES FRAMEWORK FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to
its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure
Security Agency (CISA) added the ...

Pierluigi Paganini September 29, 2023
Hacking

CISCO URGES TO PATCH ACTIVELY EXPLOITED IOS ZERO-DAY CVE-2023-20109

Cisco released security updates for an actively exploited zero-day flaw
(CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software.
Cisco warned customers to install security ...

Pierluigi Paganini September 28, 2023
Cyber Crime

DARK ANGELS TEAM RANSOMWARE GROUP HIT JOHNSON CONTROLS

Johnson Controls International suffered a ransomware attack that impacted the
operations of the company and its subsidiaries. Johnson Controls International
plc is a multinational conglomerate wit ...

Pierluigi Paganini September 28, 2023
Hacking

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Google released security updates to address a new actively exploited zero-day
vulnerability, tracked as CVE-2023-5217, in the Chrome browser. Google on
Wednesday released security updates to addre ...

Pierluigi Paganini September 28, 2023
Hacking

RUSSIAN ZERO-DAY BROKER IS WILLING TO PAY $20M FOR ZERO-DAY EXPLOITS FOR IPHONES
AND ANDROID DEVICES

A Russian zero-day broker is willing to pay $20 million for zero-day exploits
for iPhones and Android mobile devices. The Russian zero-day broker firm
Operation Zero is increasing payouts for top- ...

Pierluigi Paganini September 27, 2023
APT

CHINA-LINKED APT BLACKTECH WAS SPOTTED HIDING IN CISCO ROUTER FIRMWARE

US and Japanese authorities warn that a China-linked APT BlackTech planted
backdoor in Cisco router firmware to hack the businesses in both countries. US
and Japanese intelligence, law enforcement ...

Pierluigi Paganini September 27, 2023
Hacking

WATCH OUT! CVE-2023-5129 IN LIBWEBP LIBRARY AFFECTS MILLIONS APPLICATIONS

Google assigned a maximum score to a critical security flaw, tracked as
CVE-2023-5129, in the libwebp image library for rendering images in the WebP
format. Google assigned a new CVE identifier f ...

Pierluigi Paganini September 27, 2023
Security

DARKBEAM LEAKS BILLIONS OF EMAIL AND PASSWORD COMBINATIONS

DarkBeam left an Elasticsearch and Kibana interface unprotected, exposing
records from previously reported and non-reported data breaches. The leaked
logins present cybercriminals with almost limi ...

Pierluigi Paganini September 27, 2023
Data Breach

'RANSOMED.VC' IN THE SPOTLIGHT - WHAT IS KNOWN ABOUT THE RANSOMWARE GROUP
TARGETING SONY AND NTT DOCOMO

Following the recently announced data leak from Sony, Ransomed.vc group claimed
the hack of the Japanese giant NTT Docomo. Following the recently announced data
leak from Sony, the notorious ranso ...

Pierluigi Paganini September 27, 2023
Security

TOP 5 PROBLEMS SOLVED BY DATA LINEAGE

Data lineage is the visualization and tracking of data as it moves through
various stages of its lifecycle. In an age where data drives decisions and fuels
innovation, understanding the journey of ...

Pierluigi Paganini September 27, 2023
Data Breach

THREAT ACTORS CLAIM THE HACK OF SONY, AND THE COMPANY INVESTIGATES

Sony launched an investigation into an alleged data breach after the RansomedVC
group claimed the hack of the company. Sony announced it is investigating
allegations of a data breach after the Ran ...

Pierluigi Paganini September 26, 2023
Data Breach

CANADIAN FLAIR AIRLINES LEFT USER DATA LEAKING FOR MONTHS

Researchers discovered that Canadian Flair Airlines left credentials to
sensitive databases and email addresses open for at least seven months Canadian
Flair Airlines left credentials to sensitive ...

Pierluigi Paganini September 26, 2023
Cyber Crime

THE RHYSIDA RANSOMWARE GROUP HIT THE KUWAIT MINISTRY OF FINANCE

This week the Rhysida ransomware group claimed the hack of the Kuwait Ministry
of Finance and added it to its Tor leak site. Last week a ransomware attack hit
the Government of Kuwait, the attack ...

Pierluigi Paganini September 26, 2023
Data Breach

BORN ONTARIO DATA BREACH IMPACTED 3.4 MILLION NEWBORNS AND PREGNANCY CARE
PATIENTS

The Better Outcomes Registry & Network (BORN), the Ontario birth registry
disclosed a data breach affecting some 3.4 million people. The Better Outcomes
Registry & Network (BORN) is a prog ...

Pierluigi Paganini September 26, 2023
Malware

XENOMORPH MALWARE IS BACK AFTER MONTHS OF HIATUS AND EXPANDS THE LIST OF TARGETS

A new campaign is spreading Xenomorph malware to Android users in the United
States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from
ThreatFabric uncovered a new campaign spreading ...

Pierluigi Paganini September 26, 2023
Cyber Crime

SMISHING TRIAD STRETCHES ITS TENTACLES INTO THE UNITED ARAB EMIRATES

Resecurity research found that the 'Smishing Triad' cybercrime group has
expanded its phishing campaign into the United Arab Emirates (UAE). Resecurity
research recently found that 'Smishing Triad ...

Pierluigi Paganini September 26, 2023
Hacking

CROOKS STOLE $200 MILLION WORTH OF ASSETS FROM MIXIN NETWORK

Crooks stole $200 million from Mixin Network, a free, lightning fast and
decentralized network for transferring digital assets. Mixin Network, the Hong
Kong-based crypto firm behind a free, lightn ...

Pierluigi Paganini September 25, 2023
Cyber warfare

A PHISHING CAMPAIGN TARGETS UKRAINIAN MILITARY ENTITIES WITH DRONE MANUAL LURES

A phishing campaign targets Ukrainian military entities using drone manuals as
lures to deliver the post-exploitation toolkit Merlin. Securonix researchers
recently uncovered a phishing campaign u ...

Pierluigi Paganini September 25, 2023
Hacking

ALERT! PATCH YOUR TEAMCITY INSTANCE TO AVOID SERVER HACK

Experts warn of a critical vulnerability in the TeamCity CI/CD server that can
be exploited to take over a vulnerable server. JetBrains TeamCity is a popular
and highly extensible Continuous Integ ...

Pierluigi Paganini September 25, 2023
APT

IS GELSEMIUM APT BEHIND A TARGETED ATTACK IN SOUTHEAST ASIAN GOVERNMENT?

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast
Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT
group tracked as Gelsemium targeting a Sout ...

Pierluigi Paganini September 25, 2023
Cyber Crime

NIGERIAN NATIONAL PLEADS GUILTY TO PARTICIPATING IN A MILLIONAIRE BEC SCHEME

A Nigerian national pleaded guilty to wire fraud and money laundering through
business email compromise (BEC). The Nigerian national Kosi Goodness Simon-Ebo
(29), who is residing in South Africa, ...

Pierluigi Paganini September 25, 2023
Malware

NEW VARIANT OF BBTOK TROJAN TARGETS USERS OF +40 BANKS IN LATAM

A new variant of a banking trojan, called BBTok, targets users of over 40 banks
in Latin America, particularly Brazil and Mexico. Check Point researchers warn
of a new variant of a banking trojan ...

Pierluigi Paganini September 25, 2023
Malware

DEADGLYPH, A VERY SOPHISTICATED AND UNKNOWN BACKDOOR TARGETS THE MIDDLE EAST

Researchers discovered a previously undocumented sophisticated backdoor, named
Deadglyph, used by the Stealth Falcon group for espionage in the Middle East
ESET researchers discovered a very sophi ...

Pierluigi Paganini September 24, 2023
Data Breach

ALPHV GROUP CLAIMS THE HACK OF CLARION, A GLOBAL MANUFACTURER OF AUDIO AND VIDEO
EQUIPMENT FOR CARS

The Alphv ransomware group claims to have hacked Clarion, the global
manufacturer of audio and video equipment for cars and other vehicles. The
Alphv ransomware group added Clarion, the global ...

Pierluigi Paganini September 24, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 438 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini September 24, 2023
Data Breach

NATIONAL STUDENT CLEARINGHOUSE DATA BREACH IMPACTED APPROXIMATELY 900 US SCHOOLS

U.S. educational nonprofit organization National Student Clearinghouse disclosed
a data breach that impacted approximately 900 US schools. The National Student
Clearinghouse (NSC) is a nonprofit o ...

Pierluigi Paganini September 24, 2023
Hacking

GOVERNMENT OF BERMUDA BLAMES RUSSIAN THREAT ACTORS FOR THE CYBER ATTACK

The Government of Bermuda believes that the recent cyberattack against its IT
infrastructure was launched by Russian threat actors. This week a cyber attack
hit the Government of Bermuda causing t ...

Pierluigi Paganini September 23, 2023
Mobile

RECENTLY PATCHED APPLE AND CHROME ZERO-DAYS EXPLOITED TO INFECT DEVICES IN EGYPT
WITH PREDATOR SPYWARE

Citizen Lab and Google's TAG revealed that the three recently patched Apple
zero-days were used to install Cytrox Predator spyware. Researchers from the
Citizen Lab and Google's Threat Analysis Gr ...

Pierluigi Paganini September 22, 2023
Hacking

CISA ADDS TREND MICRO APEX ONE AND WORRY-FREE BUSINESS SECURITY FLAW TO ITS
KNOWN EXPLOITED VULNERABILITIES CATALOG

US CISA added the flaw CVE-2023-41179 in Trend Micro Apex and other security
products to its Known Exploited Vulnerabilities catalog. US Cybersecurity and
Infrastructure Security Agency (CISA) a ...

Pierluigi Paganini September 22, 2023
Data Breach

INFORMATION OF AIR CANADA EMPLOYEES EXPOSED IN RECENT CYBERATTACK

Air Canada, the flag carrier and largest airline of Canada, announced that the
personal information of some employees was exposed as a result of a recent
cyberattack. Air Canada, the flag carrier ...

Pierluigi Paganini September 22, 2023
APT

SANDMAN APT TARGETS TELCOS WITH LUADREAM BACKDOOR

A previously undocumented APT dubbed Sandman targets telecommunication service
providers in the Middle East, Western Europe, and South Asia. A joint research
conducted by SentinelLabs and QGroup G ...

Pierluigi Paganini September 22, 2023
Hacking

APPLE ROLLED OUT EMERGENCY UPDATES TO ADDRESS 3 NEW ACTIVELY EXPLOITED ZERO-DAY
FLAWS

Apple released emergency security updates to address three new actively
exploited zero-day vulnerabilities. Apple released emergency security updates to
address three new zero-day vulnerabilities ...

Pierluigi Paganini September 21, 2023
Hacking

UKRAINIAN HACKERS ARE BEHIND THE FREE DOWNLOAD MANAGER SUPPLY CHAIN ATTACK

The recently discovered Free Download Manager (FDM) supply chain attack, which
distributed Linux malware, started back in 2020. The maintainers of Free
Download Manager (FDM) confirmed that the re ...

Pierluigi Paganini September 21, 2023
Data Breach

SPACE AND DEFENSE TECH MAKER EXAIL TECHNOLOGIES EXPOSES DATABASE ACCESS

Exail Technologies, a high-tech manufacturer whose clients include the US Coast
Guard, exposed sensitive company data that could’ve enabled attackers to access
its databases. Exail, a French hig ...

Pierluigi Paganini September 21, 2023
Hacking

PRO-RUSSIA HACKER GROUP NONAME LAUNCHED A DDOS ATTACK ON CANADIAN AIRPORTS
CAUSING SEVERE DISRUPTIONS

Pro-Russia hacker group NoName is suspected to have launched a cyberattack that
caused border checkpoint outages at several Canadian airports. A massive DDoS
cyber attack, likely carried out by Pr ...

Pierluigi Paganini September 21, 2023
Security

EXPERTS FOUND CRITICAL FLAWS IN NAGIOS XI NETWORK MONITORING SOFTWARE

Researchers discovered multiple vulnerabilities in the Nagios XI network and IT
infrastructure monitoring and management solution. Researchers discovered four
vulnerabilities (CVE-2023-40931, CVE- ...

Pierluigi Paganini September 20, 2023
Deep Web

THE DARK WEB DRUG MARKETPLACE PIILOPUOTI WAS DISMANTLED BY FINNISH CUSTOMS

Finnish police announced the takedown of the dark web marketplace PIILOPUOTI
which focuses on the sale of illegal narcotics. Finnish Customs announced the
seizure of the dark web marketplace Piilo ...

Pierluigi Paganini September 20, 2023
Hacking

INTERNATIONAL CRIMINAL COURT HIT WITH A CYBER ATTACK

A cyberattack hit the International Criminal Court (ICC) disclosed a cyberattack
this week, its systems were compromised last week. The International Criminal
Court (ICC) announced that threat act ...

Pierluigi Paganini September 20, 2023
Security

GITLAB ADDRESSED CRITICAL VULNERABILITY CVE-2023-5009

GitLab rolled out security patches to address a critical vulnerability, tracked
as CVE-2023-5009, that can be exploited to run pipelines as another user. GitLab
has released security patches to ad ...

Pierluigi Paganini September 20, 2023
Hacking

TREND MICRO ADDRESSES ACTIVELY EXPLOITED ZERO-DAY IN APEX ONE AND OTHER SECURITY
PRODUCTS

Trend Micro addressed a zero-day code execution vulnerability (CVE-2023-41179)
in Apex One that has been actively exploited in the wild. Trend Micro has
released security updates to patch an activ ...

Pierluigi Paganini September 20, 2023
APT

SHROUDEDSNOOPER THREAT ACTORS TARGET TELECOM COMPANIES IN THE MIDDLE EAST

ShroudedSnooper threat actors are targeting telecommunication service providers
in the Middle East with a backdoor called HTTPSnoop. Cisco Talos researchers
recently discovered a new stealthy impl ...

Pierluigi Paganini September 19, 2023
Security

RECENT CYBER ATTACK IS CAUSING CLOROX PRODUCTS SHORTAGE

The cyber attack that hit the cleaning products manufacturer Clorox in August is
still affecting the supply of the products to customers. The Clorox Company is a
multinational consumer goods compa ...

Pierluigi Paganini September 19, 2023
APT

EARTH LUSCA EXPANDS ITS ARSENAL WITH SPRYSOCKS LINUX MALWARE

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS
in a recent cyber espionage campaign. Researchers from Trend Micro, while
monitoring the activity of the China-linke ...

Pierluigi Paganini September 19, 2023
Data Breach

MICROSOFT AI RESEARCH DIVISION ACCIDENTALLY EXPOSED 38TB OF SENSITIVE DATA

Microsoft AI researchers accidentally exposed 38TB of sensitive data via a
public GitHub repository since July 2020. Cybersecurity firm Wiz discovered that
the Microsoft AI research division accid ...

Pierluigi Paganini September 18, 2023
Hacking

GERMAN INTELLIGENCE WARNS CYBERATTACKS COULD TARGET LIQUEFIED NATURAL GAS (LNG)
TERMINALS

The head of Germany’s foreign intelligence service warns of state-sponsored
attacks aimed at liquefied natural gas (LNG) terminals in the country. Bruno
Kahl, the President of the Bundesnachrich ...

Pierluigi Paganini September 18, 2023
Hacking

DEEPFAKE AND SMISHING. HOW HACKERS COMPROMISED THE ACCOUNTS OF 27 RETOOL
CUSTOMERS IN THE CRYPTO INDUSTRY

Software development company Retool was the victim of a smishing attack that
resulted in the compromise of 27 accounts of its cloud customers. Software
development company Retool revealed that 27 ...

Pierluigi Paganini September 18, 2023
Data Breach

FBI HACKER USDOD LEAKS HIGHLY SENSITIVE TRANSUNION DATA

Researchers from vx-underground reported that FBI hacker 'USDoD' leaked
sensitive data from consumer credit reporting agency TransUnion. TransUnion is
an American consumer credit reporti ...

Pierluigi Paganini September 18, 2023
APT

NORTH KOREA'S LAZARUS APT STOLE ALMOST $240 MILLION IN CRYPTO ASSETS SINCE JUNE

The North Korea-linked APT group Lazarus has stolen more than $240 million worth
of cryptocurrency since June 2023, researchers warn. According to a report
published by blockchain cyber security f ...

Pierluigi Paganini September 18, 2023
Cyber Crime

CLOP GANG STOLEN DATA FROM MAJOR NORTH CAROLINA HOSPITALS

Researchers at healthcare technology firm Nuance blame the Clop gang for a
series of cyber thefts at major North Carolina hospitals. The
Microsoft-owned healthcare technology firm N ...

Pierluigi Paganini September 17, 2023
Data Breach

CARDX RELEASED A DATA LEAK NOTIFICATION IMPACTING THEIR CUSTOMERS IN THAILAND

One of Thailand's major digital financial platforms, CardX, recently disclosed a
data leak that affected their customers. According to the statement published on
the CardX official website on Sep ...

Pierluigi Paganini September 17, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 437 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini September 17, 2023
Breaking News

TIKTOK FINED €345M BY IRISH DPC FOR VIOLATING CHILDREN’S PRIVACY

The Irish Data Protection Commission (DPC) fined TikTok €345 million ($368
million) for violating the privacy of children. The Irish Data Protection
Commission (DPC) fined TikTok €345 million ...

Pierluigi Paganini September 16, 2023
Cyber Crime

DARIY PANKOV, THE NLBRUTE MALWARE AUTHOR, PLEADS GUILTY

The Russian national Dariy Pankov, aka dpxaker, has pleaded guilty to conspiracy
to commit wire and computer fraud. The Russian national Dariy Pankov (28), aka
dpxaker, is the author of the NLBrut ...

Pierluigi Paganini September 15, 2023
Security

DANGEROUS PERMISSIONS DETECTED IN TOP ANDROID HEALTH APPS

Leading Android health apps expose users to avoidable threats like surveillance
and identity theft, due to their risky permissions. Cybernews has the story. The
Android challenge In the digital ...

Pierluigi Paganini September 15, 2023
Cyber Crime

CAESARS ENTERTAINMENT PAID A RANSOM TO AVOID STOLEN DATA LEAKS

Caesars Entertainment announced it has paid a ransom to avoid the leak of
customer data stolen in a recent intrusion. Caesars Entertainment is the world's
most geographically diversified casino-en ...

Pierluigi Paganini September 15, 2023
Malware

FREE DOWNLOAD MANAGER BACKDOORED TO SERVE LINUX MALWARE FOR MORE THAN 3 YEARS

Researchers discovered a free download manager site that has been compromised to
serve Linux malware to users for more than three years. Researchers from
Kaspersky discovered a free download manag ...

Pierluigi Paganini September 15, 2023
Cyber Crime

LOCKBIT RANSOMWARE GANG HIT THE CARTHAGE AREA HOSPITAL AND THE CLAYTON-HEPBURN
MEDICAL CENTER IN NEW YORK

LockBit ransomware group breached two hospitals, the Carthage Area Hospital and
the Clayton-Hepburn Medical Center in New York. The Lockbit ransomware group
claims to have hacked two major hospita ...

Pierluigi Paganini September 14, 2023
Data Breach

UK GREATER MANCHESTER POLICE DISCLOSED A DATA BREACH

UK Greater Manchester Police (GMP) disclosed a data breach, threat actors had
access to some of its employees' personal information. UK Greater Manchester
Police (GMP) announced that threat actors ...

Pierluigi Paganini September 14, 2023
Intelligence

THE IPHONE OF A RUSSIAN JOURNALIST WAS INFECTED WITH THE PEGASUS SPYWARE

The iPhone of a prominent Russian journalist, who is at odds with Moscow, was
infected with NSO Group's Pegasus spyware. The iPhone of the Russian journalist
Galina Timchenko was compromised with ...

Pierluigi Paganini September 14, 2023
Hacking

KUBERNETES FLAWS COULD LEAD TO REMOTE CODE EXECUTION ON WINDOWS ENDPOINTS

Researchers discovered three security flaws in Kubernetes that can lead to
remote code execution on Windows endpoints. Akamai researchers recently
discovered a high-severity vulnerability in Kub ...

Pierluigi Paganini September 14, 2023
Data Breach

THREAT ACTOR LEAKS SENSITIVE DATA BELONGING TO AIRBUS

The multinational aerospace corporation Airbus has launched an investigation
into the recent leak of information allegedly stolen from the company. The
multinational aerospace corporation Airb ...

Pierluigi Paganini September 14, 2023
Malware

A NEW RANSOMWARE FAMILY CALLED 3AM APPEARS IN THE THREAT LANDSCAPE

3AM is a new strain of ransomware that was spotted in a single incident in which
the threat actors failed to deploy the LockBit ransomware in the target
infrastructure. Symantec’s Threat Hunte ...

Pierluigi Paganini September 13, 2023
Hacking

REDFLY GROUP INFILTRATED AN ASIAN NATIONAL GRID AS LONG AS SIX MONTHS

A threat actor tracked as Redfly had infected the systems at a national grid
located in an unnamed Asian country for six months starting in January.
Symantec’s Threat Hunter Team discovered th ...

Pierluigi Paganini September 13, 2023
Hacking

MOZILLA FIXED A CRITICAL ZERO-DAY IN FIREFOX AND THUNDERBIRD

Mozilla addressed a critical zero-day vulnerability in Firefox and Thunderbird
that has been actively exploited in attacks in the wild. Mozilla rolled out
security updates to address a critical ze ...

Pierluigi Paganini September 13, 2023
Security

MICROSOFT SEPTEMBER 2023 PATCH TUESDAY FIXED 2 ACTIVELY EXPLOITED ZERO-DAY FLAWS

Microsoft September 2023 Patch Tuesday addressed 59 new flaws, including two
vulnerabilities under active attack. Microsoft September 2023 Patch Tuesday
security updates addressed 59 vulnerabiliti ...

Pierluigi Paganini September 13, 2023
Cyber Crime

SAVE THE CHILDREN CONFIRMS IT WAS HIT BY CYBER ATTACK

The international non-governmental organization (NGO) Save the Children
International was recently hit with a cyberattack. The charity organization Save
the Children International revealed that it ...

Pierluigi Paganini September 12, 2023
Security

ADOBE FIXED ACTIVELY EXPLOITED ZERO-DAY IN ACROBAT AND READER

Software giant Adobe is warning of a critical security vulnerability in the PDF
Acrobat and Reader that is actively exploited in the wild. Adobe Patch Tuesday
security updates (APSB23-34) addresse ...

Pierluigi Paganini September 12, 2023
Hacking

A NEW REPOJACKING ATTACK EXPOSED OVER 4,000 GITHUB REPOSITORIES TO HACK

A critical vulnerability in GitHub could have exposed more than 4,000 code
packages to Repojacking attack. Checkmarx researchers discovered a new
vulnerability in GitHub could have exposed over 4, ...

Pierluigi Paganini September 12, 2023
Hacking

MGM RESORTS HIT BY A CYBER ATTACK

Hospitality and entertainment company MGM Resorts was hit by a cyber attack that
shut down its systems at MGM Hotels and Casinos. Hospitality and entertainment
company MGM Resorts was the victim o ...

Pierluigi Paganini September 12, 2023
Hacking

ANONYMOUS SUDAN LAUNCHED A DDOS ATTACK AGAINST TELEGRAM

Anonymous Sudan launched a DDoS attack against Telegram after the company
suspended the account of the group. The hacker collective Anonymous Sudan (aka
Storm-1359) has launched a distributed deni ...

Pierluigi Paganini September 12, 2023
APT

IRANIAN CHARMING KITTEN APT TARGETS VARIOUS ENTITIES IN BRAZIL, ISRAEL, AND THE
U.A.E. USING A NEW BACKDOOR

Iran-linked APT group Charming Kitten used a previously undocumented backdoor
named Sponsor in attacks against entities in Brazil, Israel, and the U.A.E. ESET
researchers observed a series of a ...

Pierluigi Paganini September 12, 2023
Hacking

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

Google rolled out emergency security updates to address a new Chrome zero-day
(CVE-2023-4863) actively exploited in the wild. Google rolled out emergency
security updates to address a zero-day vul ...

Pierluigi Paganini September 11, 2023
Security

CISA ADDS RECENTLY DISCOVERED APPLE ZERO-DAYS TO KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. CISA adds vulnerabilities in Apple devices exploited to install NSO Group's
Pegasus spyware on iPhones to Known Exploited Vulnerabilities Catalog US
Cybersecurity and Infrastructure Security ...

Pierluigi Paganini September 11, 2023
Cyber Crime

UK AND US SANCTIONED 11 MEMBERS OF THE RUSSIA-BASED TRICKBOT GANG

The U.K. and U.S. governments sanctioned 11 more individuals who were alleged
members of the Russia-based TrickBot cybercrime gang. The United States, in
coordination with the United Kingdom, sanc ...

Pierluigi Paganini September 11, 2023
Cyber Crime

NEW HIJACKLOADER MALWARE IS RAPIDLY GROWING IN POPULARITY IN THE CYBERCRIME
COMMUNITY

Zscaler ThreatLabz detailed a new malware loader, named HijackLoader, which has
grown in popularity over the past few months HijackLoader is a loader that is
gaining popularity among the cybercrim ...

Pierluigi Paganini September 11, 2023
Security

SOME OF TOP UNIVERSITIES WOULDN’T PASS CYBERSECURITY EXAM: LEFT WEBSITES
VULNERABLE

CyberNews researchers discovered that many universities worldwide are leaking
sensitive information and are even open to full takeover. Many universities
worldwide, including some of the most pres ...

Pierluigi Paganini September 11, 2023
Malware

EVIL TELEGRAM CAMPAIGN: TROJANIZED TELEGRAM APPS FOUND ON GOOGLE PLAY

Evil Telegram: a Trojanized version of the Telegram app was spotted on the
Google Play Store, Kaspersky researchers reported. Researchers from Kaspersky
discovered several Telegram mods on the Goo ...

Pierluigi Paganini September 11, 2023
Cyber Crime

RHYSIDA RANSOMWARE GANG CLAIMS TO HAVE HACKED THREE MORE US HOSPITALS

Rhysida Ransomware group added three more US hospitals to the list of victims on
its Tor leak site after the PROSPECT MEDICAL attack. Recently the Rhysida
ransomware group made the headlines becau ...

Pierluigi Paganini September 10, 2023
Cyber Crime

AKAMAI PREVENTED THE LARGEST DDOS ATTACK ON A US FINANCIAL COMPANY

Akamai announced it has mitigated the largest distributed denial-of-service
(DDoS) attack on a U.S. financial company. Cybersecurity firm
Akamai successfully identified and prevented a massive d ...

Pierluigi Paganini September 10, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 436 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini September 10, 2023
Hacking

US CISA ADDED CRITICAL APACHE ROCKETMQ FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

US CISA added critical vulnerability CVE-2023-33246 in Apache RocketMQ to its
Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure
Security Agency (CISA) added a critical ...

Pierluigi Paganini September 09, 2023
Hacking

RAGNAR LOCKER GANG LEAKS DATA STOLEN FROM THE ISRAEL'S MAYANEI HAYESHUA HOSPITAL

The Ragnar Locker ransomware gang added Israel's Mayanei Hayeshua hospital to
the list of victims on its Tor leak site The Ragnar Locker ransomware gang
claimed responsibility for an attack on Isr ...

Pierluigi Paganini September 09, 2023
Intelligence

NORTH KOREA-LINKED THREAT ACTORS TARGET CYBERSECURITY EXPERTS WITH A ZERO-DAY

North Korea-linked threat actors associated with North Korea exploited a
zero-day flaw in attacks against cybersecurity experts. North Korea-linked
threat actors were observed exploiting a zero-da ...

Pierluigi Paganini September 08, 2023
Hacking

ZERO-DAY IN CISCO ASA AND FTD IS ACTIVELY EXPLOITED IN RANSOMWARE ATTACKS

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively
exploited in ransomware attacks, the company warns. Cisco warns that a zero-day
vulnerability (CVE-2023-20269) in Adapti ...

Pierluigi Paganini September 08, 2023
Security

ZERO-DAYS FIXED BY APPLE WERE USED TO DELIVER NSO GROUP’S PEGASUS SPYWARE

Citizen Lab reported that the actively exploited zero-days fixed by Apple are
being used in Pegasus spyware attacks Researchers at Citizen Lab reported that
the actively exploited zero-day flaws ( ...

Pierluigi Paganini September 08, 2023
Hacking

APPLE DISCLOSES 2 NEW ACTIVELY EXPLOITED ZERO-DAY FLAWS IN IPHONES, MACS

Apple rolled out emergency security updates to address two new actively
exploited zero-day vulnerabilities impacting iPhones and Macs. The two Apple
zero-day vulnerabilities, tracked as CVE-2023-4 ...

Pierluigi Paganini September 07, 2023
Malware

A MALVERTISING CAMPAIGN IS DELIVERING A NEW VERSION OF THE MACOS ATOMIC STEALER

Researchers spotted a new malvertising campaign targeting Mac users with a new
version of the macOS stealer Atomic Stealer. Malwarebytes researchers have
observed a new malvertising campaign distr ...

Pierluigi Paganini September 07, 2023
Hacking

TWO FLAWS IN APACHE SUPERSET ALLOW TO REMOTELY HACK SERVERS

A couple of security vulnerabilities in Apache SuperSet could be exploited by an
attacker to gain remote code execution on vulnerable systems. Apache Superset is
an open-source Data Visualizatio ...

Pierluigi Paganini September 07, 2023
Hacking

CHINESE CYBERSPIES OBTAINED MICROSOFT SIGNING KEY FROM WINDOWS CRASH DUMP DUE TO
A MISTAKE

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to
breach government email accounts from a Windows crash dump. In July, Microsoft
announced it had mitigated an attack ...

Pierluigi Paganini September 07, 2023
Hacking

GOOGLE ADDRESSED AN ACTIVELY EXPLOITED ZERO-DAY IN ANDROID

Google released September 2023 Android security updates to address multiple
flaws, including an actively exploited zero-day. Google released September 2023
Android security updates that address te ...

Pierluigi Paganini September 06, 2023
Hacking

A ZERO-DAY IN ATLAS VPN LINUX CLIENT LEAKS USERS' IP ADDRESS

Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can
reveal the user's IP address by visiting a website. A Reddit user with the
handle 'Educational-Map-8145' published a ...

Pierluigi Paganini September 06, 2023
Hacking

MITRE AND CISA RELEASE CALDERA FOR OT ATTACK EMULATION

MITRE and CISA released a Caldera extension for OT that allows the emulation of
attacks on operational technology systems. MITRE Caldera is an open-source
adversary emulation platform that helps c ...

Pierluigi Paganini September 06, 2023
Internet of Things

ASUS ROUTERS ARE AFFECTED BY THREE CRITICAL REMOTE CODE EXECUTION FLAWS

Three critical remote code execution vulnerabilities in ASUS routers potentially
allow attackers to hijack the network devices. ASUS routers RT-AX55,
RT-AX56U_V2, and RT-AC86U are affected by thre ...

Pierluigi Paganini September 06, 2023
Hacking

HACKERS STOLE $41M WORTH OF CRYPTO ASSETS FROM CRYPTO GAMBLING FIRM STAKE

Crypto gambling site Stake suffered a security breach, and threat actors
withdrew $41M of funds stolen including Tether and Ether. Researchers reported
abnormally large withdrawals made from the c ...

Pierluigi Paganini September 05, 2023
Security

FREECYCLE DATA BREACH IMPACTED 7 MILLION USERS

The nonprofit organization Freecycle Network (Freecycle.org) confirmed that it
has suffered a data breach that impacted more than 7 million users. The
Freecycle Network (TFN,) is a private, nonpro ...

Pierluigi Paganini September 05, 2023
Social Networks

META DISRUPTED TWO INFLUENCE CAMPAIGNS FROM CHINA AND RUSSIA

Meta disrupted two influence campaigns orchestrated by China and Russia, the
company blocked thousands of accounts and pages. Meta announced it has taken
down two of the largest known covert influ ...

Pierluigi Paganini September 05, 2023
Hacking

A MASSIVE DDOS ATTACK TOOK DOWN THE SITE OF THE GERMAN FINANCIAL AGENCY BAFIN

A distributed denial-of-service (DDoS) attack took the site of the German
Federal Financial Supervisory Authority (BaFin) down. A distributed
denial-of-service (DDoS) attack took the site of the G ...

Pierluigi Paganini September 05, 2023
Cyber Crime

"SMISHING TRIAD" TARGETED USPS AND US CITIZENS FOR DATA THEFT

Resecurity has identified a large-scale smishing campaign, tracked as Smishing
Triad, targeting the US Citizens. Earlier episodes have revealed victims from
the U.K., Poland, Sweden, Italy, Indon ...

Pierluigi Paganini September 04, 2023
Hacking

UNIVERSITY OF SYDNEY SUFFERED A SECURITY BREACH CAUSED BY A THIRD-PARTY SERVICE
PROVIDER

The University of Sydney (USYD) suffered a security breach caused by a
third-party service provider that exposed personal information of recent
applicants. The University of Sydney (USYD) announce ...

Pierluigi Paganini September 04, 2023
Cyber Crime

CYBERCRIME WILL COST GERMANY $224 BILLION IN 2023

Cybercrime will cost Germany 206 billion euros ($224 billion) in 2023, German
digital association Bitkom told Reuters. According to the German digital
association Bitkom, cybercrime will have a wo ...

Pierluigi Paganini September 04, 2023
Hacking

POC EXPLOIT CODE RELEASED FOR CVE-2023-34039 BUG IN VMWARE ARIA OPERATIONS FOR
NETWORKS

Researcher released PoC exploit code for a recent critical flaw (CVE-2023-34039)
in VMware Aria Operations for Networks. At the end of August, VMware released
security updates to address two vulne ...

Pierluigi Paganini September 03, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 435 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini September 03, 2023
Cyber Crime

LOCKBIT RANSOMWARE GANG HIT THE COMMISSION DES SERVICES ELECTRIQUES DE MONTRÉAL
(CSEM)

The LockBit ransomware gang claims to have breached the Commission des services
electriques de Montréal (CSEM). The LockBit ransomware group continues to be one
of the most active extortion gangs ...

Pierluigi Paganini September 03, 2023
Hacking

UNRAVELING ETERNALBLUE: INSIDE THE WANNACRY’S ENABLER

WannaCry and NotPetya, probably two most damaging cyberattacks in recent
history, were both only made possible because of EternalBlue. Here is how the
NSA-developed cyber monster works, and how you s ...

Pierluigi Paganini September 01, 2023
Malware

RESEARCHERS RELEASED A FREE DECRYPTOR FOR THE KEY GROUP RANSOMWARE

Researchers released a free decryptor for the Key Group ransomware that allows
victims to recover their data without paying a ransom. Threat intelligence firm
EclecticIQ released a free decryption ...

Pierluigi Paganini September 01, 2023
Data Breach

FASHION RETAILER FOREVER 21 DATA BREACH IMPACTED +500,000 INDIVIDUALS

Fashion retailer Forever 21 disclosed a data breach that exposed the personal
information of more than 500,000 individuals. On March 20, 2023, the fashion
retailer Forever 21 has discovered a cybe ...

Pierluigi Paganini August 31, 2023
Cyber warfare

RUSSIA-LINKED HACKERS TARGET UKRAINIAN MILITARY WITH INFAMOUS CHISEL ANDROID
MALWARE

Russia-linked threat actors have been targeting Android devices of the Ukrainian
military with a new malware dubbed Infamous Chisel. GCHQ’s National Cyber
Security Centre and international partn ...

Pierluigi Paganini August 31, 2023
Cyber Crime

AKIRA RANSOMWARE GANG TARGETS CISCO ASA WITHOUT MULTI-FACTOR AUTHENTICATION

Experts warn of ongoing credential stuffing and brute-force attacks targeting
Cisco ASA (Adaptive Security Appliance) SSL VPNs. Cisco is aware of attacks
conducted by Akira ransomware threat actor ...

Pierluigi Paganini August 31, 2023
Data Breach

PARAMOUNT GLOBAL DISCLOSED A DATA BREACH

Multinational mass media conglomerate Paramount Global suffered a data breach
after an unauthorized party accessed files from certain of its systems.
Multinational mass media conglomerate Paramoun ...

Pierluigi Paganini August 31, 2023
Security

NATIONAL SAFETY COUNCIL DATA LEAK: CREDENTIALS OF NASA, TESLA, DOJ, VERIZON, AND
2K OTHERS LEAKED BY WORKPLACE SAFETY ORGANIZATION

The National Safety Council leaked thousands of emails and passwords of their
members, including companies such as NASA and Tesla. The National Safety Council
has leaked nearly 10,000 emails and p ...

Pierluigi Paganini August 31, 2023
Hacking

ABUSING WINDOWS CONTAINER ISOLATION FRAMEWORK TO AVOID DETECTION BY SECURITY
PRODUCTS

Researchers demonstrated how attackers can abuse the Windows Container Isolation
Framework to bypass endpoint security solutions. Researcher Daniel Avinoam at
the recent DEF CON hacking conferen ...

Pierluigi Paganini August 31, 2023
Security

CRITICAL RCE FLAW IMPACTS VMWARE ARIA OPERATIONS NETWORKS

VMware fixed two security flaws in Aria Operations for Networks that could be
exploited to bypass authentication and gain remote code execution. VMware has
released security updates to address two ...

Pierluigi Paganini August 30, 2023
APT

UNC4841 THREAT ACTORS HACKED US GOVERNMENT EMAIL SERVERS EXPLOITING BARRACUDA
ESG FLAW

China-linked threat actors breached government organizations worldwide with
attacks exploiting Barracuda ESG zero-day. In June, Mandiant researchers linked
the threat actor UNC4841 to the attacks ...

Pierluigi Paganini August 29, 2023
Intelligence

HACKERS INFILTRATED JAPAN’S NATIONAL CENTER OF INCIDENT READINESS AND STRATEGY
FOR CYBERSECURITY (NISC) FOR MONTHS

Japan’s National Center of Incident Readiness and Strategy for Cybersecurity
(NISC) has been infiltrated for months. Threat actors have infiltrated Japan’s
National Center of Incident Readines ...

Pierluigi Paganini August 29, 2023
Hacking

FIN8-LINKED ACTOR TARGETS CITRIX NETSCALER SYSTEMS

A financially motivated actor linked to the FIN8 group exploits the
CVE-2023-3519 RCE in attacks on Citrix NetScaler systems in massive attacks.
Sophos X-Ops is tracking an ongoing campaign, which ...

Pierluigi Paganini August 29, 2023
Hacking

JAPAN'S JPCERT WARNS OF NEW 'MALDOC IN PDF' ATTACK TECHNIQUE

Japan's JPCERT warns of a new recently detected 'MalDoc in PDF' attack that
embeds malicious Word files into PDFs. Japan's computer emergency response team
(JPCERT) has recently observed a new att ...

Pierluigi Paganini August 29, 2023
Hacking

ATTACKERS CAN DISCOVER IP ADDRESS BY SENDING A LINK OVER THE SKYPE MOBILE APP

A security researcher demonstrated how to discover a target’s IP address by
sending a link over the Skype mobile app. The security researcher Yossi
discovered that is possible to discover a targ ...

Pierluigi Paganini August 28, 2023
Security

CISCO FIXES 3 HIGH-SEVERITY DOS FLAWS IN NX-OS AND FXOS SOFTWARE

Cisco addressed three high-severity flaws in NX-OS and FXOS software that could
cause denial-of-service (DoS) conditions. Cisco this week addressed multiple
flaws in its products, including three ...

Pierluigi Paganini August 27, 2023
Hacking

CLOUD AND HOSTING PROVIDER LEASEWEB TOOK DOWN CRITICAL SYSTEMS AFTER A CYBER
ATTACK

The cloud and hosting provider Leaseweb suffered a security breach that impacted
some "critical" systems of the company. Global hosting and cloud services
provider Leaseweb has disabled some "crit ...

Pierluigi Paganini August 26, 2023
Cyber Crime

CRYPTO INVESTOR DATA EXPOSED BY A SIM SWAPPING ATTACK AGAINST A KROLL EMPLOYEE

Security consulting giant Kroll disclosed a data breach resulting from a
SIM-swapping attack against one of its employees. Security consulting firm
Kroll revealed that a SIM-swappin ...

Pierluigi Paganini August 26, 2023
APT

CHINA-LINKED FLAX TYPHOON APT TARGETS TAIWAN

China-linked APT group Flax Typhoon targeted dozens of organizations in Taiwan
as part of a suspected espionage campaign. Microsoft linked the Chinese APT Flax
Typhoon (aka Ethereal Panda) to a cy ...

Pierluigi Paganini August 25, 2023
Breaking News

RESEARCHERS RELEASED POC EXPLOIT FOR IVANTI SENTRY FLAW CVE-2023-38035

Proof-of-concept exploit code for critical Ivanti Sentry authentication bypass
flaw CVE-2023-38035 has been released. Researchers released a proof-of-concept
(PoC) exploit code for critical Ivanti ...

Pierluigi Paganini August 24, 2023
Security

RESECURITY IDENTIFIED A ZERO-DAY VULNERABILITY IN SCHNEIDER ELECTRIC ACCUTECH
MANAGER

Resecurity researchers identified a zero-day Buffer Overflow vulnerability in
the Schneider Electric Accutech Manager product. Resecurity identified a
zero-day vulnerability in the Schneider Elec ...

Pierluigi Paganini July 11, 2023
APT

EXPERTS DISCOVERED THE FIRST MOBILE MALWARE FAMILIES LINKED TO RUSSIA'S
GAMAREDON

The Russia-linked APT Gamaredon used two new Android spyware tools
called BoneSpy and PlainGnome against former Soviet states. Lookout researchers
linked the BoneSpy and PlainGnome Android surv ...

Pierluigi Paganini December 13, 2024
Data Breach

US BITCOIN ATM OPERATOR BYTE FEDERAL SUFFERED A DATA BREACH

US Bitcoin ATM operator Byte Federal suffered a data breach impacting 58,000
customers, attackers gained unauthorized access to a server via GitLab flaw. US
Bitcoin ATM operator Byte Federal discl ...

Pierluigi Paganini December 12, 2024
Malware

EXPERTS DISCOVERED SURVEILLANCE TOOL EAGLEMSGSPY USED BY CHINESE LAW ENFORCEMENT

Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather
data from Android devices, as detailed by Lookout. Researchers at the Lookout
Threat Lab discovered a surveillance ...

Pierluigi Paganini December 12, 2024
Cyber Crime

OPERATION POWEROFF TOOK DOWN 27 DDOS PLATFORMS ACROSS 15 COUNTRIES

Operation PowerOFF took down 27 DDoS stresser services globally, disrupting
illegal platforms used for launching cyberattacks. A global law enforcement
operation codenamed Operation PowerOFF disru ...

Pierluigi Paganini December 12, 2024
APT

RUSSIA'S SECRET BLIZZARD APT TARGETS UKRAINE WITH KAZUAR BACKDOOR

Russia-linked APT group Secret Blizzard is using Amadey Malware-as-a-Service to
infect systems in Ukraine with the Kazuar backdoor. The Russia-linked APT group
Secret Blizzard (aka Turla, Snake ...

Pierluigi Paganini December 12, 2024
Breaking News

IVANTI FIXED A MAXIMUM SEVERITY VULNERABILITY IN ITS CSA SOLUTION

Ivanti addressed a critical authentication bypass vulnerability impacting its
Cloud Services Appliance (CSA) solution. Ivanti addressed a critical
authentication bypass vulnerability, tracked as C ...

Pierluigi Paganini December 11, 2024
APT

OPERATION DIGITAL EYE: CHINA-LINKED RELIES ON VISUAL STUDIO CODE REMOTE TUNNELS
TO SPY ON EUROPEN ENTITIES

An alleged China-linked APT group targeted large business-to-business IT service
providers in Southern Europe as part of Operation Digital Eye campaign. Between
late June and mid-July 2024, a Chin ...

Pierluigi Paganini December 11, 2024
Security

CHINESE NATIONAL CHARGED FOR HACKING THOUSANDS OF SOPHOS FIREWALLS

The U.S. has charged a Chinese national for hacking thousands of Sophos firewall
devices worldwide in 2020. The U.S. has charged the Chinese national Guan
Tianfeng (aka gbigmao and gxiaomao) for h ...

Pierluigi Paganini December 11, 2024
Cyber Crime

CYBERCRIMINALS IMPERSONATE DUBAI POLICE TO DEFRAUD CONSUMERS IN THE UAE -
SMISHING TRIAD IN ACTION

Resecurity uncovered a large-scale fraud campaign in the UAE where scammers
impersonate law enforcement to target consumers. Resecurity has identified a
wide-scale fraudulent campaign targeting co ...

Pierluigi Paganini December 11, 2024
Hacking

U.S. CISA ADDS MICROSOFT WINDOWS CLFS DRIVER FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft
Windows Common Log File System (CLFS) driver flaw to its Known Exploited
Vulnerabilities catalog. The U.S. Cybersecurity ...

Pierluigi Paganini December 11, 2024
Security

MICROSOFT DECEMBER 2024 PATCH TUESDAY ADDRESSED ACTIVELY EXPLOITED ZERO-DAY

Microsoft December 2024 Patch Tuesday security updates addressed 71
vulnerabilities including an actively exploited zero-day. Microsoft December
2024 Patch Tuesday security updates addressed 71 vu ...

Pierluigi Paganini December 10, 2024
Security

SAP FIXED CRITICAL SSRF FLAW IN NETWEAVER'S ADOBE DOCUMENT SERVICES

SAP has issued patches for 16 vulnerabilities, including a critical SSRF flaw in
NetWeaver's Adobe Document Services. SAP addressed 16 vulnerabilities as part of
its December 2024 Security Patch D ...

Pierluigi Paganini December 10, 2024
Hacking

ROMANIAN ENERGY SUPPLIER ELECTRICA GROUP IS FACING A RANSOMWARE ATTACK

Romanian energy supplier Electrica Group is investigating an ongoing ransomware
attack impacting its operations. Romanian energy supplier Electrica Group
suffered a cyber attack that is impacting ...

Pierluigi Paganini December 10, 2024
Cyber Crime

DELOITTE DENIED ITS SYSTEMS WERE HACKED BY BRAIN CIPHER RANSOMWARE GROUP

Deloitte has responded to claims by the Brain Cipher ransomware group, which
alleges the theft of over 1 terabyte of the company's data. Recently, the
ransomware group Brain Cipher added Deloitte ...

Pierluigi Paganini December 09, 2024
Hacking

MANDIANT DEVISED A TECHNIQUE TO BYPASS BROWSER ISOLATION USING QR CODES

Mandiant revealed a technique to bypass browser isolation using QR codes,
enabling command transmission from C2 servers. Browser isolation is a security
measure that separates web browsing from th ...

Pierluigi Paganini December 09, 2024
Data Breach

2023 ANNA JAQUES HOSPITAL DATA BREACH IMPACTED OVER 310,000 PEOPLE

Anna Jaques Hospital revealed that the ransomware attack it suffered last year
has exposed sensitive health data for over 316,000 patients. On December 25,
2023, a ransomware attack hit the Anna ...

Pierluigi Paganini December 09, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 23

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. SmokeLoader Attack
Targets Companies in Taiwan LogoFAIL Ex ...

Pierluigi Paganini December 08, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 501 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini December 08, 2024
Cyber Crime

REDLINE INFO-STEALER CAMPAIGN TARGETS RUSSIAN BUSINESSES THROUGH PIRATED
CORPORATE SOFTWARE

An ongoing RedLine information-stealing campaign is targeting Russian businesses
using pirated corporate software. Since January 2024, Russian businesses using
unlicensed software have been target ...

Pierluigi Paganini December 08, 2024
Cyber Crime

8BASE RANSOMWARE GROUP HACKED CROATIA'S PORT OF RIJEKA

The 8Base ransomware group attacked Croatia's Port of Rijeka, stealing sensitive
data, including contracts and accounting info. A cyber attack hit the Port of
Rijeka in Croatia, the 8Base ransomwa ...

Pierluigi Paganini December 07, 2024
Cyber warfare

ROMANIA ’S ELECTION SYSTEMS HIT BY 85,000 ATTACKS AHEAD OF PRESIDENTIAL VOTE

Romania 's election systems suffered over 85,000 attacks, with leaked
credentials posted on a Russian hacker forum before the presidential election.
Romania 's Intelligence Service revealed that o ...

Pierluigi Paganini December 07, 2024
Data Breach

NEW ATRIUM HEALTH DATA BREACH IMPACTS 585,000 INDIVIDUALS

Atrium Health disclosed a data breach affecting 585,000 individuals to the HHS,
potentially linked to the use of online tracking tools. Healthcare company
Atrium Health disclosed a data breach tha ...

Pierluigi Paganini December 06, 2024
Hacking

U.S. CISA ADDS CYBERPANEL FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds
CyberPanel flaw to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agency (CI ...

Pierluigi Paganini December 06, 2024
Security

HUNDRED OF CISCO SWITCHES IMPACTED BY BOOTLOADER FLAW

A bootloader vulnerability in Cisco NX-OS affects 100+ switches, allowing
attackers to bypass image signature checks. Cisco released security patches for
a vulnerability, tracked as CVE-2024-2039 ...

Pierluigi Paganini December 06, 2024
Cyber Crime

OPERATION DESTABILISE DISMANTLED RUSSIAN MONEY LAUNDERING NETWORKS

Operation Destabilise: The U.K. National Crime Agency disrupted Russian money
laundering networks tied to organized crime. The U.K. National Crime Agency
(NCA) disrupted Russian money laundering n ...

Pierluigi Paganini December 05, 2024
APT

RUSSIA-LINKED APT SECRET BLIZZARD SPOTTED USING INFRASTRUCTURE OF OTHER THREAT
ACTORS

Russia-linked APT group Secret Blizzard has used the tools and infrastructure of
at least 6 other threat actors during the past 7 years. Researchers from
Microsoft Threat Intelligence collected ev ...

Pierluigi Paganini December 05, 2024
APT

CHINA-LINKED APT SALT TYPHOON HAS BREACHED TELCOS IN DOZENS OF COUNTRIES

China-linked APT group Salt Typhoon has breached telecommunications companies in
dozens of countries, US govt warns. President Biden's deputy national security
adviser Anne Neuberger said that Chi ...

Pierluigi Paganini December 05, 2024
Breaking News

BLACK BASTA RANSOMWARE GANG HIT BT GROUP

BT Group (formerly British Telecom)'s Conferencing division shut down some of
its servers following a Black Basta ransomware attack. British multinational
telecommunications holding company BT Gro ...

Pierluigi Paganini December 04, 2024
Cyber Crime

AUTHORITIES SHUT DOWN CRIMENETWORK, THE GERMANY'S LARGEST CRIME MARKETPLACE

Germany's largest crime marketplace, Crimenetwork, has been shut down, and an
administrator has been arrested. German authorities announced the takedown of
Crimenetwork, the largest German-speakin ...

Pierluigi Paganini December 04, 2024
Security

VEEAM ADDRESSED CRITICAL SERVICE PROVIDER CONSOLE (VSPC) BUG

Veeam addressed a critical vulnerability in Service Provider Console (VSPC) that
could allow remote attackers to execute arbitrary code. Veeam released security
updates for a critical vulnerabilit ...

Pierluigi Paganini December 04, 2024
Hacking

AUSTRALIA, CANADA, NEW ZEALAND, AND THE U.S. WARN OF PRC-LINKED CYBER ESPIONAGE
TARGETING TELECOM NETWORKS

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage
targeting telecom networks in a joint advisory. Australia, Canada, New Zealand,
and the U.S. issued a joint advisory ...

Pierluigi Paganini December 04, 2024
Security

U.S. CISA ADDS PROJECTSEND, NORTH GRID PROSELF, AND ZYXEL FIREWALLS BUGS TO ITS
KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ProjectSend,
North Grid Proself, and Zyxel firewalls bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cybersecurity a ...

Pierluigi Paganini December 04, 2024
Hacking

THE ASA FLAW CVE-2014-2120 IS BEING ACTIVELY EXPLOITED IN THE WILD

Cisco warns customers that a decade-old ASA vulnerability, tracked as
CVE-2014-2120, is being actively exploited in the wild. Cisco warns that the
decade-old ASA vulnerability CVE-2014-2120 is bei ...

Pierluigi Paganini December 03, 2024
Cyber Crime

DMM BITCOIN HALTS OPERATIONS SIX MONTHS AFTER A $300 MILLION CYBER HEIST

The Japanese cryptocurrency platform DMM Bitcoin is closing its operations just
six months after a $300 million cyber heist. DMM Bitcoin is a cryptocurrency
exchange based in Japan, operated by DM ...

Pierluigi Paganini December 03, 2024
Cyber Crime

ENERGY INDUSTRY CONTRACTOR ENGLOBAL CORPORATION DISCLOSES A RANSOMWARE ATTACK

ENGlobal Corporation disclosed a ransomware attack, discovered on November 25,
disrupting operations, in a filing to the SEC. A ransomware attack disrupted the
operations of a major energy industr ...

Pierluigi Paganini December 03, 2024
Intelligence

POLAND PROBES PEGASUS SPYWARE ABUSE UNDER THE PIS GOVERNMENT

Poland probes Pegasus spyware abuse under the PiS government; ex-security chief
Piotr Pogonowski arrested to testify before parliament. Poland's government has
been investigating the alleged misus ...

Pierluigi Paganini December 03, 2024
Digital ID

TOR PROJECT NEEDS 200 WEBTUNNEL BRIDGES MORE TO BYPASS RUSSIA' CENSORSHIP

The Tor Project seeks help deploying 200 WebTunnel bridges by year-end to
counter government censorship. Recent reports from Russia show increased
censorship targeting the Tor network, including b ...

Pierluigi Paganini December 02, 2024
Cyber Crime

INTERPOL: OPERATION HAECHI-V LED TO MORE THAN 5,500 SUSPECTS ARRESTED

International law enforcement operation Operation HAECHI-V led to more than
5,500 suspects arrested and seized over $400 million. A global operation
code-named Operation HAECHI V, involving 40 cou ...

Pierluigi Paganini December 02, 2024
Uncategorized

HOW THREAT ACTORS CAN USE GENERATIVE ARTIFICIAL INTELLIGENCE?

Generative Artificial Intelligence (GAI) is rapidly revolutionizing various
industries, including cybersecurity, allowing the creation of realistic and
personalized content. The capabilities that ...

Pierluigi Paganini December 02, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. A Case-Control Study to
Measure Behavioral Risks of Malware E ...

Pierluigi Paganini December 01, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 500 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini December 01, 2024
Security

HACKERS STOLE MILLIONS OF DOLLARS FROM UGANDA CENTRAL BANK

Financially-motivated threat actors hacked Uganda 's central bank system,
government officials confirmed this week. Ugandan officials confirmed on
Thursday that the national central bank suffered ...

Pierluigi Paganini December 01, 2024
Cyber Crime

NOTORIOUS RANSOMWARE PROGRAMMER MIKHAIL PAVLOVICH MATVEEV ARRESTED IN RUSSIA

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka,
for developing malware and ties to hacking groups. Russian authorities arrested
a ransomware affiliate, Mikhail Pav ...

Pierluigi Paganini November 30, 2024
Cyber Crime

PHISHING-AS-A-SERVICE ROCKSTAR 2FA CONTINUES TO BE PREVALENT

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses
adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication.
Trustwave researchers are monitoring malicious a ...

Pierluigi Paganini November 29, 2024
Security

ZELLO URGES USERS TO RESET PASSWORDS FOLLOWING A CYBER ATTACK

Zello urges customers with accounts created before November 2 to reset passwords
following a potential security breach. Zello is warning customers who have an
account created before November 2 to ...

Pierluigi Paganini November 29, 2024
Uncategorized

A CYBERATTACK IMPACTED OPERATIONS AT UK WIRRAL UNIVERSITY TEACHING HOSPITAL

UK's Wirral University Teaching Hospital suffered a cyberattack that caused
delays in appointments and procedures. Wirral University Teaching Hospital NHS
Foundation Trust (WUTH) is an NHS Foundat ...

Pierluigi Paganini November 28, 2024
Uncategorized

T-MOBILE DETECTED NETWORK INTRUSION ATTEMPTS AND BLOCKED THEM

T-Mobile reported recent infiltration attempts but pointed out that threat
actors had no access to its systems and no sensitive data was compromised.
T-Mobile detected recent infiltration attempts ...

Pierluigi Paganini November 28, 2024
Hacking

PROJECTSEND CRITICAL FLAW ACTIVELY EXPLOITED IN THE WILD, EXPERTS WARN

Researchers warn that a critical security flaw in ProjectSend open-source
file-sharing application may be under active exploitation. VulnCheck researchers
warn that ProjectSend vulnerability CVE- ...

Pierluigi Paganini November 28, 2024
Malware

BOOTKITTY IS THE FIRST UEFI BOOTKIT DESIGNED FOR LINUX SYSTEMS

ESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit
specifically designed for Linux systems, named Bootkitty. Cybersecurity
researchers from ESET discovered the first UE ...

Pierluigi Paganini November 27, 2024
Security

VMWARE FIXED FIVE VULNERABILITIES IN ARIA OPERATIONS PRODUCT

Virtualization giant VMware addressed multiple vulnerabilities in its Aria
Operations product that can led to privilege escalation and XSS attacks. VMware
released security updates to address five ...

Pierluigi Paganini November 27, 2024
Cyber Crime

OPERATION SERENGETI: INTERPOL ARRESTED 1,006 SUSPECTS IN 19 AFRICAN COUNTRIES

Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries
and dismantled 134,089 malicious networks. A joint law enforcement operation by
INTERPOL and AFRIPOL across 19 African ...

Pierluigi Paganini November 27, 2024
APT

RUSSIAN GROUP ROMCOM EXPLOITED FIREFOX AND TOR BROWSER ZERO-DAYS TO TARGET
ATTACKS EUROPE AND NORTH AMERICA

The Russian RomCom group exploited Firefox and Tor Browser zero-day
vulnerabilities in attacks on users in Europe and North America. Russian-based
cybercrime group RomCom (aka UAT-5647, Storm-0 ...

Pierluigi Paganini November 27, 2024
Uncategorized

SOFTWARE FIRM BLUE YONDER PROVIDING SERVICES TO US AND UK STORES, INCLUDING
STARBUCKS, HIT BY RANSOMWARE ATTACK

Blue Yonder, a supply chain software provider, suffered a ransomware attack,
impacting operations for clients like Starbucks and grocery stores. A ransomware
attack on Blue Yonder disrupted operat ...

Pierluigi Paganini November 26, 2024
Malware

THE SOURCE CODE OF BANSHEE STEALER LEAKED ONLINE

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code
leaked online. The code is now available on GitHub. In August 2024, Russian
hackers promoted BANSHEE Stealer, a macOS ...

Pierluigi Paganini November 26, 2024
Hacking

U.S. CISA ADDS ARRAY NETWORKS AG AND VXAG ARRAYOS FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Array Networks
AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini November 26, 2024
Cyber Crime

THAI POLICE ARRESTED CHINESE HACKERS INVOLVED IN SMS BLASTER ATTACKS

Thai authorities arrested fraud gangs in Bangkok for SMS blaster attacks, they
used fake cell towers to send thousands of malicious SMS messages to nearby
phones. Thai authorities arrested members ...

Pierluigi Paganini November 26, 2024
Cyber Crime

ZYXEL FIREWALLS TARGETED IN RECENT RANSOMWARE ATTACKS

Zyxel warns that a ransomware group has been observed exploiting a recently
patched command injection issue in its firewalls. Zyxel warns that a ransomware
gang has been observed exploiting a rece ...

Pierluigi Paganini November 25, 2024
Hacking

MALWARE CAMPAIGN ABUSED FLAWED AVAST ANTI-ROOTKIT DRIVER

Threat actors exploit an outdated Avast Anti-Rootkit driver to evade detection,
disable security tools, and compromise the target systems. Trellix researchers
uncovered a malware campaign that abu ...

Pierluigi Paganini November 25, 2024
APT

RUSSIA-LINKED APT TAG-110 USES TARGETS EUROPE AND ASIA

Russia-linked threat actors TAG-110 employed custom malware HATVIBE and
CHERRYSPY to target organizations in Asia and Europe. Insikt Group researchers
uncovered an ongoing cyber-espionage campaign ...

Pierluigi Paganini November 25, 2024
Intelligence

RUSSIA-LINKED THREAT ACTORS THREATEN THE UK AND ITS ALLIES, MINISTER TO SAY

A senior UK minister will warn that Russia is preparing cyberattacks against the
UK and its allies to undermine support for Ukraine. Russia may launch
cyberattacks against the UK and its allies in ...

Pierluigi Paganini November 25, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 499 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini November 24, 2024
Cyber Crime

DOJ SEIZED CREDIT CARD MARKETPLACE POPEYETOOLS AND CHARGES ITS ADMINISTRATORS

The U.S. seized the stolen credit card marketplace PopeyeTools and charged its
operators, this is a major success against cybercrime. The US Department of
Justice announced the seizure of PopeyeTo ...

Pierluigi Paganini November 24, 2024
Hacking

A CYBERATTACK ON GAMBLING GIANT IGT DISRUPTED PORTIONS OF ITS IT SYSTEMS

A cyberattack on gambling giant IGT disrupted its systems, forcing the company
to take certain services offline. International Game Technology (IGT) detected a
cyberattack on November 17, the comp ...

Pierluigi Paganini November 23, 2024
APT

CHINA-LINKED APT GELSEMIUM USES A NEW LINUX BACKDOOR DUBBED WOLFSBANE

China-linked APT Gelsemium has been observed using a new Linux backdoor dubbed
WolfsBane in attacks targeting East and Southeast Asia. China-linked APT
Gelsemium has deployed a previously unknown ...

Pierluigi Paganini November 23, 2024
Cyber Crime

MICROSOFT SEIZED 240 SITES USED BY THE ONNX PHISHING SERVICE

Microsoft disrupted the ONNX phishing service, seizing 240 sites and naming an
Egyptian man as the operator behind the operation. Microsoft announced the
disruption of the ONNX phishing service, a ...

Pierluigi Paganini November 23, 2024
Security

U.S. CISA ADDS APPLE, ORACLE AGILE PLM BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Oracle
Agile PLM bugs to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Ag ...

Pierluigi Paganini November 22, 2024
Hacking

MORE THAN 2,000 PALO ALTO NETWORKS FIREWALLS HACKED EXPLOITING RECENTLY PATCHED
ZERO-DAYS

Threat actors already hacked thousands of Palo Alto Networks firewalls
exploiting recently patched zero-day vulnerabilities. Thousands of Palo Alto
Networks firewalls have reportedly been compromi ...

Pierluigi Paganini November 22, 2024
Data Breach

RANSOMHUB RANSOMWARE GANG CLAIMS THE HACK OF MEXICAN GOVERNMENT LEGAL AFFAIRS
OFFICE

Mexico is investigating a ransomware attack targeting its legal affairs office,
as confirmed by the president amidst growing cybersecurity concerns. Mexico’s
president announced the government i ...

Pierluigi Paganini November 21, 2024
Cyber Crime

US DOJ CHARGES FIVE ALLEGED MEMBERS OF THE SCATTERED SPIDER CYBERCRIME GANG

The U.S. Justice Department charged five suspects linked to the Scattered Spider
cybercrime gang with wire fraud conspiracy. The U.S. Justice Department charged
five alleged members of the cybercr ...

Pierluigi Paganini November 21, 2024
Data Breach

THREAT ACTOR SELLS DATA OF OVER 750,000 PATIENTS FROM A FRENCH HOSPITAL

A threat actor had access to electronic patient record system of an unnamed
French hospital, and the health data of 750,000 patients was compromised. An
unnamed French hospital suffered a data bre ...

Pierluigi Paganini November 21, 2024
Security

DECADE-OLD LOCAL PRIVILEGE ESCALATION BUGS IMPACTS UBUNTU NEEDRESTART PACKAGE

Decade-old flaws in the needrestart package in Ubuntu Server could allow local
attackers to gain root privileges without user interaction. The Qualys Threat
Research Unit (TRU) discovered five Loc ...

Pierluigi Paganini November 21, 2024
Breaking News

FORD DATA BREACH INVOLVED A THIRD-PARTY SUPPLIER

Ford investigates a data breach linked to a third-party supplier and pointed out
that its systems and customer data were not compromised. Ford investigation
investigated a data breach after a thre ...

Pierluigi Paganini November 20, 2024
Security

HACKER OBTAINED DOCUMENTS TIED TO LAWSUIT OVER MATT GAETZ'S SEXUAL MISCONDUCT
ALLEGATIONS

A hacker allegedly accessed a file containing testimony from a woman claiming
she had sex with Matt Gaetz when she was 17, sparking controversy. The New York
Times reported that a hacker, who goes ...

Pierluigi Paganini November 20, 2024
Security

APPLE ADDRESSED TWO ACTIVELY EXPLOITED ZERO-DAY VULNERABILITIES

Apple released security updates for iOS, iPadOS, macOS, visionOS, and Safari
browser to address two actively exploited zero-day flaws. Apple released
security updates for two zero-day vulnerabilit ...

Pierluigi Paganini November 20, 2024
Cyber Crime

UNSECURED JUPYTERLAB AND JUPYTER NOTEBOOKS SERVERS ABUSED FOR ILLEGAL STREAMING
OF SPORTS EVENTS

Threat actors exploit misconfigured JupyterLab and Jupyter Notebooks servers to
rip sports streams and illegally redistribute them. Researchers from security
firm Aqua observed threat actors explo ...

Pierluigi Paganini November 20, 2024
Cyber Crime

RUSSIAN PHOBOS RANSOMWARE OPERATOR FACES CYBERCRIME CHARGES

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks,
was extradited from South Korea to the US to face cybercrime charges. Russian
Phobos ransomware operator Evgenii Pt ...

Pierluigi Paganini November 19, 2024
Data Breach

GREAT PLAINS REGIONAL MEDICAL CENTER RANSOMWARE ATTACK IMPACTED 133,000
INDIVIDUALS

A ransomware attack on Great Plains Regional Medical Center compromised personal
data of 133,000 individuals, exposing sensitive information. On September 8,
2024, Great Plains Regional Medical Ce ...

Pierluigi Paganini November 19, 2024
Security

RECENTLY DISCLOSED VMWARE VCENTER SERVER BUGS ARE ACTIVELY EXPLOITED IN ATTACKS

Threat actors are actively exploiting two VMware vCenter Server vulnerabilities
tracked as CVE-2024-38812 and CVE-2024-38813, Broadcom warns. Broadcom warns
that the two VMware vCenter Server vuln ...

Pierluigi Paganini November 18, 2024
Data Breach

FOREIGN ADVERSARY HACKED EMAIL COMMUNICATIONS OF THE LIBRARY OF CONGRESS SAYS

The Library of Congress discloses the compromise of some of its IT systems, an
alleged foreign threat actor hacked their emails. The Library of Congress
informed lawmakers about a security breach ...

Pierluigi Paganini November 18, 2024
APT

T-MOBILE IS ONE OF THE VICTIMS OF THE MASSIVE CHINESE BREACH OF TELECOM FIRMS

T-Mobile confirmed being a victim of recent hacking campaigns linked to
China-based threat actors targeting telecom companies. T-Mobile confirms it was
hacked as part of a long-running cyber espio ...

Pierluigi Paganini November 18, 2024
Security

INCREASED GDPR ENFORCEMENT HIGHLIGHTS THE NEED FOR DATA SECURITY

GDPR protects sensitive data like health and financial details, and its
enforcement underscores the growing need for stronger data security measures.
GDPR: The landscape of data privacy and protec ...

Pierluigi Paganini November 18, 2024
Hacking

CRITICAL REALLY SIMPLE SECURITY PLUGIN FLAW IMPACTS 4M+ WORDPRESS SITES

A Really Simple Security plugin flaw affects 4M+ sites, allowing attackers full
admin access. It’s one of the most critical WordPress vulnerabilities ever.
Wordfence researchers warn of a vulner ...

Pierluigi Paganini November 18, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 20

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini November 17, 2024
Malware

A BOTNET EXPLOITS E GEOVISION ZERO-DAY TO COMPROMISE EOL DEVICES

A botnet employed in DDoS or cryptomining attacks is exploiting a zero-day in
end-of-life GeoVision devices to grow up. Researchers at the Shadowserver
Foundation observed a botnet exploiting a ze ...

Pierluigi Paganini November 17, 2024
Hacking

PALO ALTO NETWORKS CONFIRMED ACTIVE EXPLOITATION OF RECENTLY DISCLOSED ZERO-DAY

Palo Alto Networks confirmed active exploitation of a zero-day in its PAN-OS
firewall and released new indicators of compromise (IoCs). Last week, Palo Alto
Networks warned customers to limit acce ...

Pierluigi Paganini November 16, 2024
Malware

GLOVE STEALER BYPASSES CHROME’S APP-BOUND ENCRYPTION TO STEAL COOKIES

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound
encryption and steal browser cookies. Glove Stealer is a .NET-based information
stealer that targets browser exten ...

Pierluigi Paganini November 16, 2024
Cyber Crime

BITFINEX HACKER ILYA LICHTENSTEIN WAS SENTENCED TO 5 YEARS IN PRISON

Bitfinex hacker, Ilya Lichtenstein, who stole 1 billion worth of Bitcoins from
Bitfinex in 2016, has been sentenced to five years in prison. "Ilya Lichtenstein
was sentenced today to five years in ...

Pierluigi Paganini November 15, 2024
Security

U.S. CISA ADDS PALO ALTO NETWORKS EXPEDITION BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto
Networks Expedition bugs to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure Secu ...

Pierluigi Paganini November 15, 2024
Internet of Things

HACKERS TARGET CRITICAL FLAW CVE-2024-10914 IN EOL D-LINK NAS DEVICES

The exploitation of the recently disclosed ‘won’t fix’ issue CVE-2024-10914 in
legacy D-Link NAS devices began days after its disclosure.   Days after D-Link
announced it wouldn't patch a ...

Pierluigi Paganini November 14, 2024
Intelligence

CHINA-LINKED THREAT ACTORS COMPROMISED MULTIPLE TELECOS AND SPIED ON A LIMITED
NUMBER OF U.S. GOVERNMENT OFFICIALS

China-linked threat actors breached U.S. broadband providers and gained access
to private communications of a limited number of U.S. government officials. The
FBI and CISA continues to investigate ...

Pierluigi Paganini November 14, 2024
Cyber Crime

BITDEFENDER RELEASED A DECRYPTOR FOR THE SHRINKLOCKER RANSOMWARE

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies
BitLocker configurations to encrypt a system's drives. ShrinkLocker ransomware
was first discovered in May 2024 by ...

Pierluigi Paganini November 14, 2024
APT

CHINA'S VOLT TYPHOON BOTNET HAS RE-EMERGED

China's Volt Typhoon botnet has re-emerged, using the same core infrastructure
and techniques, according to SecurityScorecard researchers. The China-linked
Volt Typhoon's botnet has resurfaced usi ...

Pierluigi Paganini November 13, 2024
Security

ZOOM ADDRESSED TWO HIGH-SEVERITY ISSUES IN ITS PLATFORM

Zoom addressed six flaws, including two high-severity issues that could allow
remote attackers to escalate privileges or leak sensitive information. Zoom
addressed six vulnerabilities in its video ...

Pierluigi Paganini November 13, 2024
Hacking

MICROSOFT PATCH TUESDAY SECURITY UPDATES FOR NOVEMBER 2024 FIX TWO ACTIVELY
EXPLOITED ZERO-DAYS

Microsoft Patch Tuesday security updates for November 2024 addressed 89
vulnerabilities, including two actively exploited zero-day flaws. Microsoft
Patch Tuesday security updates for November 2024 ...

Pierluigi Paganini November 13, 2024
Security

AHOLD DELHAIZE EXPERIENCED A CYBER INCIDENT AFFECTING SEVERAL OF ITS U.S. BRANDS

A cyber attack affected Ahold Delhaize USA brands, disrupting Giant Food,
Hannaford, their pharmacies, and e-commerce services. A cyber attack hit the
food giant Ahold Delhaize impacting US pharma ...

Pierluigi Paganini November 12, 2024
Hacking

A CYBERATTACK ON PAYMENT SYSTEMS BLOCKED CARDS READERS ACROSS STORES AND GAS
STATIONS IN ISRAEL

A cyberattack in Israel allegedly disrupted communication services, causing
widespread malfunction of credit card readers across the country on Sunday. The
Jerusalem Post reported that thousands o ...

Pierluigi Paganini November 12, 2024
Security

APPLE INDEED ADDED A FEATURE CALLED "INACTIVITY REBOOT" IN IOS 18.1 THAT REBOOTS
LOCKED DEVICES

Apple iOS supports a new feature that reboots locked devices after extended
inactivity, aiming to enhance data security for users. Apple 'quietly'
implemented a new security feature that automatic ...

Pierluigi Paganini November 12, 2024
Malware

YMIR RANSOMWARE, A NEW STEALTHY RANSOMWARE GROW IN THE WILD

New Ymir ransomware was deployed in attacks shortly after systems were breached
by RustyStealer malware, Kaspersky warns. Kaspersky researchers discovered a new
ransomware family, called Ymir rans ...

Pierluigi Paganini November 12, 2024
Data Breach

AMAZON DISCLOSES EMPLOYEE DATA BREACH AFTER MAY 2023 MOVEIT ATTACKS

Amazon disclosed a data breach exposing employee data, with information
allegedly stolen in the May 2023 MOVEit attacks. Amazon disclosed a data breach
that exposed employee information after data ...

Pierluigi Paganini November 11, 2024
Security

A NEW FILELESS VARIANT OF REMCOS RAT OBSERVED IN THE WILD

Fortinet researchers discovered a new phishing campaign spreading a variant of
the commercial malware Remcos RAT. Fortinet’s FortiGuard Labs recently uncovered
a phishing campaign spreading a ne ...

Pierluigi Paganini November 11, 2024
Hacking

A SURGE IN PRO-RUSSIA CYBERATTACKS AFTER DECISION TO MONITOR NORTH KOREAN TROOPS
IN UKRAINE

South Korea claims Pro-Russia actors intensified cyberattacks on national sites
after it decided to monitor North Korean troops in Ukraine. South Korea's
government blames pro-Russia threat actors ...

Pierluigi Paganini November 11, 2024
Breaking News

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 19

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini November 10, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 497 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini November 10, 2024
Hacking

U.S. AGENCY CAUTIONS EMPLOYEES TO LIMIT PHONE USE DUE TO SALT TYPHOON HACK OF
TELCO PROVIDERS

US CFPB warns employees to avoid work-related mobile calls and texts following
China-linked Salt Typhoon hack over security concerns. The US government’s
Consumer Financial Protection Bureau (CF ...

Pierluigi Paganini November 10, 2024
Security

MAZDA CONNECT FLAWS ALLOW TO HACK SOME MAZDA VEHICLES

Multiple vulnerabilities in the infotainment unit Mazda Connect could allow
attackers to execute arbitrary code with root access. Trend Micro's Zero Day
Initiative warned of multiple vulnerabiliti ...

Pierluigi Paganini November 09, 2024
Malware

VEEAM BACKUP & REPLICATION EXPLOIT REUSED IN NEW FRAG RANSOMWARE ATTACK

A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR)
was also recently exploited to deploy Frag ransomware. In mid-October, Sophos
researchers warned that ransomware ...

Pierluigi Paganini November 09, 2024
Cyber Crime

TEXAS OILFIELD SUPPLIER NEWPARK RESOURCES SUFFERED A RANSOMWARE ATTACK

Texas oilfield supplier Newpark Resources suffered a ransomware attack that
disrupted its information systems and business applications. Texas oilfield
supplier Newpark Resources revealed that a r ...

Pierluigi Paganini November 08, 2024
Security

PALO ALTO NETWORKS WARNS OF POTENTIAL RCE IN PAN-OS MANAGEMENT INTERFACE

Palo Alto Networks warns customers to restrict access to their next-generation
firewalls because of a potential RCE flaw in the PAN-OS management interface.
Palo Alto Networks warns customers to l ...

Pierluigi Paganini November 08, 2024
Mobile

IPHONES IN A LAW ENFORCEMENT FORENSICS LAB MYSTERIOUSLY REBOOTED LOSING THEIR
AFTER FIRST UNLOCK (AFU) STATE

Law enforcement warns that securely stored iPhones awaiting forensic examination
are mysteriously rebooting, making them harder to unlock, reported 404 Media.
Law enforcement warns that securely s ...

Pierluigi Paganini November 08, 2024
Security

U.S. CISA ADDS PALO ALTO EXPEDITION, ANDROID, CYBERPANEL AND NOSTROMO
NHTTPD BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto
Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cyber ...

Pierluigi Paganini November 07, 2024
Malware

DPRK-LINKED BLUENOROFF USED MACOS MALWARE WITH NOVEL PERSISTENCE

SentinelLabs observed North Korea-linked threat actor BlueNoroff targeting
businesses in the crypto industry with a new multi-stage malware. SentinelLabs
researchers identified a North Korea-link ...

Pierluigi Paganini November 07, 2024
Security

CANADA ORDERED BYTEDANCE TO SHUT DOWN TIKTOK OPERATIONS IN THE COUNTRY OVER
SECURITY CONCERNS

Canada ordered ByteDance to shut down TikTok operations over security concerns
but did not issue a full ban on the platform. The Canadian government ordered
ByteDance to wind up TikTok Technology ...

Pierluigi Paganini November 07, 2024
Security

CRITICAL BUG IN CISCO UWRB ACCESS POINTS ALLOWS ATTACKERS TO RUN COMMANDS AS
ROOT

Cisco fixed a critical flaw in URWB access points, allowing attackers to run
root commands, compromising industrial wireless automation security. Cisco has
addressed a critical vulnerability, trac ...

Pierluigi Paganini November 07, 2024
Cyber Crime

INTERPOL: OPERATION SYNERGIA II DISRUPTED +22,000 MALICIOUS IPS

A global law enforcement operation called Operation Synergia II dismantled over
22,000 malicious IPs linked to phishing, infostealers, and ransomware, INTERPOL
said. INTERPOL announced this week i ...

Pierluigi Paganini November 06, 2024
Cyber Crime

MEMORIAL HOSPITAL AND MANOR SUFFERED A RANSOMWARE ATTACK

Georgia, a ransomware attack disrupted Memorial Hospital and Manor’s access to
its Electronic Health Record system. A ransomware attack hit Memorial Hospital
and Manor in Bainbridge, Georgia, an ...

Pierluigi Paganini November 06, 2024
Digital ID

SOUTH KOREA FINED META $15.67M FOR ILLEGALLY COLLECTING AND SHARING FACEBOOK
USERS

South Korea fined Meta $15.67M for illegally collecting and sharing Facebook
users' sensitive data, including political views and sexual orientation, with
advertisers. South Korea's data privacy w ...

Pierluigi Paganini November 06, 2024
Hacking

SYNOLOGY FIXED CRITICAL FLAW IMPACTING MILLIONS OF DISKSTATION AND BEEPHOTOS NAS
DEVICES

Synology addressed a critical vulnerability in DiskStation and BeePhotos NAS
devices that could lead to remote code execution. Taiwanese vendor Synology has
addressed a critical security vulnerabi ...

Pierluigi Paganini November 06, 2024
Malware

TOXICPANDA ANDROID BANKING TROJAN TARGETS EUROPE AND LATAM, WITH A FOCUS ON
ITALY

The ToxicPanda Android malware has infected over 1,500 devices, enabling
attackers to perform fraudulent banking transactions. Cleafy researchers spotted
a new Android banking malware, dubbed Toxi ...

Pierluigi Paganini November 05, 2024
Security

U.S. CISA ADDS PTZOPTICS CAMERA BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds PTZOptics
PT30X-SDI/NDI camera bugs to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini November 05, 2024
Cyber Crime

CANADIAN AUTHORITIES ARRESTED ALLEGED SNOWFLAKE HACKER

Canadian authorities arrested a suspect linked to multiple hacks following a
breach of cloud data platform Snowflake earlier this year. Canadian law
enforcement agencies arrested a suspect, Alexan ...

Pierluigi Paganini November 05, 2024
Uncategorized

ANDROID FLAW CVE-2024-43093 MAY BE UNDER LIMITED, TARGETED EXPLOITATION

Google warned that a vulnerability, tracked as CVE-2024-43093, in the Android OS
is actively exploited in the wild. Threat actors are actively exploiting a
vulnerability, tracked as CVE-2024-43093 ...

Pierluigi Paganini November 05, 2024
Data Breach

JULY 2024 RANSOMWARE ATTACK ON THE CITY OF COLUMBUS IMPACTED 500,000 PEOPLE

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the
personal and financial data of 500,000 individuals. On July 18, 2024, the City
of Columbus, Ohio, suffered a cyber ...

Pierluigi Paganini November 04, 2024
Cyber Crime

NIGERIAN MAN SENTENCED TO 26+ YEARS IN REAL ESTATE PHISHING SCAMS

Nigerian Kolade Ojelade gets 26 years in U.S. for phishing scams that stole
millions by hacking email accounts. A Nigerian national was sentenced to 26
years in prison in the US for stealing milli ...

Pierluigi Paganini November 04, 2024
Intelligence

RUSSIAN DISINFORMATION CAMPAIGN ACTIVE AHEAD OF 2024 US ELECTION

U.S. intel says Russia made a fake video claiming Haitians voted illegally in
Georgia, aiming to spread election disinformation. U.S. intel reports Russia
created a fake viral video falsely claimi ...

Pierluigi Paganini November 04, 2024
Cyber Crime

INTERNATIONAL LAW ENFORCEMENT OPERATION SHUT DOWN DDOS-FOR-HIRE PLATFORM
DSTAT.CC

German police shut down DDoS-for-hire platform Dstat.cc and arrested two men
accused of operating the site used for launching DDoS attacks. German police
shut down the DDoS-for-hire platform Dstat ...

Pierluigi Paganini November 04, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 18

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini November 03, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 496 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini November 03, 2024
Security

US ELECTION 2024 – FBI WARNING ABOUT FAKE ELECTION VIDEOS

US Election 2024 - The FBI warned that two fake videos on X spread false claims
of ballot fraud and misinformation about Kamala Harris’s husband. In a post on X
on Saturday, the Federal Bureau o ...

Pierluigi Paganini November 03, 2024
Malware

CHINESE THREAT ACTORS USE QUAD7 BOTNET IN PASSWORD-SPRAY ATTACKS

Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out
password-spray attacks and steal credentials. Chinese threat actors use the
Quad7 botnet in password-spray attacks to ...

Pierluigi Paganini November 03, 2024
Cyber Crime

FBI ARRESTED FORMER DISNEY WORLD EMPLOYEE FOR HACKING COMPUTER MENUS AND
MISLABELING ALLERGY INFO

A former Disney World employee hacked servers after being fired, altering
prices, adding profanities, and mislabeling allergy info. A former Walt Disney
World employee hacked servers after being f ...

Pierluigi Paganini November 02, 2024
APT

SOPHOS DETAILS FIVE YEARS OF CHINA-LINKED THREAT ACTORS' ACTIVITY TARGETING
NETWORK DEVICES WORLDWIDE

Sophos used custom implants to monitor China-linked thret actors targeting
firewall zero-days in a years-long battle. Sophos revealed a years-long
"cat-and-mouse" battle with China-linked threat a ...

Pierluigi Paganini November 02, 2024
Hacking

PTZOPTICS CAMERAS ZERO-DAYS ACTIVELY EXPLOITED IN THE WILD

Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956
and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit
two zero-day vulnerabilities, tracke ...

Pierluigi Paganini November 02, 2024
Malware

NEW LIGHTSPY SPYWARE VERSION TARGETS IPHONES WITH DESTRUCTIVE CAPABILITIES

New LightSpy spyware targets iPhones supporting destructive features that can
block compromised devices from booting up. In May 2024, ThreatFabric researchers
discovered a macOS version of LightSp ...

Pierluigi Paganini November 01, 2024
Hacking

LOTTIEFILES CONFIRMED A SUPPLY CHAIN ATTACK ON LOTTIE-PLAYER

LottieFiles confirmed a supply chain attack on Lottie-Player, and threat actors
targeted cryptocurrency wallets to steal funds. LottieFiles confirmed that
threat actors have hacked the Lottie-Play ...

Pierluigi Paganini November 01, 2024
Data Breach

THREAT ACTOR SAYS INTERBANK REFUSED TO PAY THE RANSOM AFTER A TWO-WEEK
NEGOTIATION

Peruvian Interbank confirmed a data breach after threat actors accessed its
systems and leaked stolen information online. Interbank, formally the Banco
Internacional del Perú Service Holding S.A ...

Pierluigi Paganini October 31, 2024
Security

QNAP FIXED SECOND ZERO-DAY DEMONSTRATED AT PWN2OWN IRELAND 2024

QNAP addressed the second zero-day vulnerability demonstrated by security
researchers during the recent Pwn2Own Ireland 2024. Taiwanese manufacturer QNAP
patched the second zero-day vulnerability, ...

Pierluigi Paganini October 31, 2024
Malware

NEW VERSION OF ANDROID MALWARE FAKECALL REDIRECTS BANK CALLS TO SCAMMERS

The latest FakeCall malware version for Android intercepts outgoing bank calls,
redirecting them to attackers to steal sensitive info and bank funds. Zimperium
researchers spotted a new version of ...

Pierluigi Paganini October 31, 2024
APT

RUSSIA-LINKED MIDNIGHT BLIZZARD APT TARGETED 100+ ORGANIZATIONS WITH A
SPEAR-PHISHING CAMPAIGN USING RDP FILES

Microsoft warns of a new phishing campaign by Russia-linked APT Midnight
Blizzard targeting hundreds of organizations. Microsoft warns of a large-scale
spear-phishing campaign by Russia-linked APT ...

Pierluigi Paganini October 30, 2024
Uncategorized

QNAP FIXED NAS BACKUP ZERO-DAY DEMONSTRATED AT PWN2OWN IRELAND 2024

QNAP fixed critical zero-day CVE-2024-50388 which was demonstrated against a
TS-464 NAS device during the Pwn2Own Ireland 2024 competition. QNAP addressed a
critical zero-day vulnerability, tracke ...

Pierluigi Paganini October 30, 2024
Cyber Crime

INTERNATIONAL LAW ENFORCEMENT OPERATION DISMANTLED REDLINE AND META INFOSTEALERS

A global law enforcement operation disrupted RedLine and Meta infostealers,
seizing their infrastructure and making arrests. The Dutch police announced it
has dismantled infrastructure used by Red ...

Pierluigi Paganini October 29, 2024
Cyber Crime

FOG AND AKIRA RANSOMWARE ATTACKS EXPLOIT SONICWALL VPN FLAW CVE-2024-40766

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw
CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators
are exploiting the critical SonicWall VPN vuln ...

Pierluigi Paganini October 29, 2024
Cyber warfare

RUSSIA-LINKED ESPIONAGE GROUP UNC5812 TARGETS UKRAINE'S MILITARY WITH MALWARE

Suspected Russia-linked espionage group UNC5812 targets Ukraine's military with
Windows and Android malware via Telegram. Google TAG and Mandiant observed a
Russia-linked group, tracked as UNC5812 ...

Pierluigi Paganini October 29, 2024
Data Breach

FRANCE’S SECOND-LARGEST TELECOMS PROVIDER FREE SUFFERED A CYBER ATTACK

French internet service provider (ISP) Free disclosed a cyber attack, threat
actors allegedly had access to customer personal information. Free S.A.S. is a
French telecommunications ...

Pierluigi Paganini October 28, 2024
Data Breach

A CRIME RING COMPROMISED ITALIAN STATE DATABASES RESELLING STOLEN INFO

Italian police arrested four and are investigating dozens, including Leonardo
Maria Del Vecchio, for alleged unauthorized access to state databases. Italian
authorities have arrested four individu ...

Pierluigi Paganini October 28, 2024
Security

THIRD-PARTY IDENTITIES: THE WEAKEST LINK IN YOUR CYBERSECURITY SUPPLY CHAIN

A long supply chain adds third-party risks, as each partner's security affects
your own, making identity and access management more challenging.
Identity-related attack vectors are a significant c ...

Pierluigi Paganini October 28, 2024
Cyber Crime

BLACK BASTA AFFILIATES USED MICROSOFT TEAMS IN RECENT ATTACKS

ReliaQuest researchers observed Black Basta affiliates relying on Microsoft
Teams to gain initial access to target networks. ReliaQuest researchers warn
that Black Basta ransomware affiliates swit ...

Pierluigi Paganini October 28, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 17

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini October 27, 2024
Cyber Crime

FOUR REVIL RANSOMWARE MEMBERS SENTENCED FOR HACKING AND MONEY LAUNDERING

Russian authorities sentenced four members of the REvil ransomware operation to
several years in prison in Russia. Four former members of the REvil ransomware
group were sentenced in Russia for ha ...

Pierluigi Paganini October 27, 2024
Intelligence

CHINESE CYBER SPIES TARGETED PHONES USED BY TRUMP AND VANCE

China-linked threat actors targeted the phone communications of Donald Trump and
vice presidential nominee JD Vance. China-linked hackers reportedly targeted
phones used by former President D ...

Pierluigi Paganini October 26, 2024
Laws and regulations

IRISH DATA PROTECTION COMMISSION FINED LINKEDIN €310M FOR GDPR INFRINGEMENT

Irish Data Protection Commission fined LinkedIn €310M for violating user privacy
by using behavioral data analysis for targeted advertising. Irish Data
Protection Commission fined LinkedIn €31 ...

Pierluigi Paganini October 26, 2024
Data Breach

CHANGE HEALTHCARE DATA BREACH IMPACTED OVER 100 MILLION PEOPLE

The Change Healthcare data breach in the February 2024 impacted over 100
million, the largest-ever healthcare data breach in the US. UnitedHealth Group
announced that the data breach suffered by C ...

Pierluigi Paganini October 25, 2024
Data Breach

ONEPOINT PATIENT CARE DATA BREACH IMPACTED 795916 INDIVIDUALS

US hospice pharmacy OnePoint Patient Care suffered a data breach that exposed
the personal info of approximately 800,000 individuals. OnePoint Patient Care is
a U.S.-based pharmacy specializing in ...

Pierluigi Paganini October 25, 2024
Security

FROM RISK ASSESSMENT TO ACTION: IMPROVING YOUR DLP RESPONSE

DLP is key in cybersecurity; a risk assessment identifies data risks, helping
turn findings into real-world security improvements. Data loss prevention (DLP)
is a cornerstone of any effective cybe ...

Pierluigi Paganini October 25, 2024
Security

U.S. CISA ADDS CISCO ASA AND FTD, AND ROUNDCUBE WEBMAIL BUGS TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ASA and
FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastr ...

Pierluigi Paganini October 25, 2024
Hacking

PWN2OWN IRELAND 2024 DAY 2: PARTICIPANTS DEMONSTRATED AN EXPLOIT AGAINST SAMSUNG
GALAXY S24

On the second day of Pwn2Own Ireland 2024, researchers demonstrated an exploit
for the Samsung Galaxy S24.  On day two of Pwn2Own Ireland 2024, hackers
demonstrated attacks against 51 zero-day vu ...

Pierluigi Paganini October 24, 2024
Breaking News

CISCO FIXED TENS OF VULNERABILITIES, INCLUDING AN ACTIVELY EXPLOITED ONE

Cisco patched vulnerabilities in ASA, FMC, and FTD products, including one
actively exploited in a large-scale brute-force attack campaign. Cisco addressed
multiple vulnerabilities in Adaptive Sec ...

Pierluigi Paganini October 24, 2024
Hacking

FORTIJUMP FLAW CVE-2024-47575 HAS BEEN EXPLOITED IN ZERO-DAY ATTACKS SINCE JUNE
2024

The "FortiJump" flaw (CVE-2024-47575) has been exploited in zero-day attacks
since June 2024, impacting over 50 servers, says Mandiant. A new report
published by Mandiant states that the recently ...

Pierluigi Paganini October 24, 2024
Hacking

U.S. CISA ADDS FORTINET FORTIMANAGER FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet
FortiManager flaw to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agen ...

Pierluigi Paganini October 24, 2024
Security

DIGITAL ECHO CHAMBERS AND EROSION OF TRUST - KEY THREATS TO THE US ELECTIONS

Resecurity reports a rise in political content related to the 2024 US elections
on social media, with increased activity from foreign sources. Resecurity has
detected a substantial increase in the ...

Pierluigi Paganini October 23, 2024
Malware

CROOKS ARE TARGETING DOCKER API SERVERS TO DEPLOY SRBMINER

Threat actors are targeting Docker remote API servers to deploy SRBMiner crypto
miners on compromised instances, Trend Micro warns. Trend Micro researchers
observed attackers targeting Docker remo ...

Pierluigi Paganini October 23, 2024
Security

WHY DSPM IS ESSENTIAL FOR ACHIEVING DATA PRIVACY IN 2024

Data Security Posture Management (DSPM) helps organizations address evolving
data security and privacy requirements by protecting and managing sensitive
information. Data Security Posture Manageme ...

Pierluigi Paganini October 23, 2024
Laws and regulations

SEC FINED 4 COMPANIES FOR MISLEADING DISCLOSURES ABOUT THE IMPACT OF THE
SOLARWINDS ATTACK

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading
disclosures about the impact of the SolarWinds Orion hack. The US Securities and
Exchange Commission (SEC) charged four compan ...

Pierluigi Paganini October 23, 2024
Security

SAMSUNG ZERO-DAY FLAW ACTIVELY EXPLOITED IN THE WILD

Google’s Threat Analysis Group (TAG) researchers warn of a Samsung zero-day
vulnerability that is exploited in the wild. Google’s Threat Analysis Group
(TAG) warns of a Samsung zero-day vulner ...

Pierluigi Paganini October 22, 2024
Malware

EXPERTS WARN OF A NEW WAVE OF BUMBLEBEE MALWARE ATTACKS

Experts warn of a new wave of attacks involving the Bumblebee malware, months
after Europol's 'Operation Endgame' that disrupted its operations in May. The
Bumblebee malware loader has resurfaced ...

Pierluigi Paganini October 22, 2024
Security

U.S. CISA ADDS SCIENCELOGIC SL1 FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ScienceLogic
SL1 flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity
and Infrastructure Security Agency (C ...

Pierluigi Paganini October 22, 2024
Security

VMWARE FAILED TO FULLY ADDRESS VCENTER SERVER RCE FLAW CVE-2024-38812

VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking
contest, for the second time in two months. VMware failed to fully address a
remote code execution flaw, tracked as ...

Pierluigi Paganini October 22, 2024
Cyber Crime

CISCO STATES THAT DATA PUBLISHED ON CYBERCRIME FORUM WAS TAKEN FROM
PUBLIC-FACING DEVHUB ENVIRONMENT

Cisco confirms that data published by IntelBroker on a cybercrime forum was
taken from the company DevHub environment. Cisco confirms that the data posted
by the notorious threat actor IntelBroker ...

Pierluigi Paganini October 21, 2024
Data Breach

INTERNET ARCHIVE WAS BREACHED TWICE IN A MONTH

The Internet Archive was breached again, attackers hacked its Zendesk email
support platform through stolen GitLab authentication tokens. The Internet
Archive was breached via Zendesk, with users ...

Pierluigi Paganini October 21, 2024
Hacking

UNKNOWN THREAT ACTORS EXPLOIT ROUNDCUBE WEBMAIL FLAW IN PHISHING CAMPAIGN

Hackers exploited a now-patched Roundcube flaw in a phishing attack to steal
user credentials from the open-source webmail software. Researchers from
Positive Technologies warn that unknown threat ...

Pierluigi Paganini October 21, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini October 20, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 494 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini October 20, 2024
Security

F5 FIXED A HIGH-SEVERITY ELEVATION OF PRIVILEGE VULNERABILITY IN BIG-IP

Technology firm F5 patches a high-severity elevation of privilege vulnerability
in BIG-IP and a medium-severity flaw in BIG-IQ. F5 addressed two vulnerabilities
in BIG-IP and BIG-IQ enterprise pro ...

Pierluigi Paganini October 20, 2024
Security

U.S. CISA ADDS VEEAM BACKUP AND REPLICATION FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Veeam Backup
and Replication vulnerability to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastruct ...

Pierluigi Paganini October 19, 2024
APT

NORTH KOREA-LINKED APT37 EXPLOITED IE ZERO-DAY IN A RECENT ATTACK

North Korea-linked group APT37 exploited an Internet Explorer zero-day
vulnerability in a supply chain attack. A North Korea-linked threat actor,
tracked as APT37 (also known as RedEyes, TA-RedAnt ...

Pierluigi Paganini October 19, 2024
Data Breach

OMNI FAMILY HEALTH DATA BREACH IMPACTS 468,344 INDIVIDUALS

Omni Family Health disclosed a data breach affecting nearly 470,000 current and
former patients and employees. Omni Family Health is a nonprofit organization
that provides healthcare services to c ...

Pierluigi Paganini October 19, 2024
APT

IRAN-LINKED ACTORS TARGET CRITICAL INFRASTRUCTURE ORGANIZATIONS

U.S. and allies warn of attacks from Iran-linked actors targeting critical
infrastructure through brute-force attacks in a year-long campaign. Intelligence
and cybersecurity agencies from the U.S. ...

Pierluigi Paganini October 18, 2024
Security

MACOS HM SURF FLAW IN TCC ALLOWS BYPASS SAFARI PRIVACY SETTINGS

Microsoft disclosed a flaw in the macOS Apple's Transparency, Consent, and
Control (TCC) framework that could allow it to bypass privacy settings and
access user data. Microsoft discovered a vulne ...

Pierluigi Paganini October 18, 2024
Hacktivism

TWO SUDANESE NATIONALS INDICTED FOR OPERATING THE ANONYMOUS SUDAN GROUP

The DoJ charged Anonymous Sudan members and disrupted their DDoS infrastructure,
halting its cyber operations. The US Justice Department charged two Sudanese
brothers (Ahmed Salah Yousif Omer, 22, ...

Pierluigi Paganini October 18, 2024
APT

RUSSIA-LINKED ROMCOM GROUP TARGETED UKRAINIAN GOVERNMENT AGENCIES SINCE LATE
2023

Russia-linked threat actor RomCom targeted Ukrainian government agencies and
Polish entities in cyber attacks since late 2023. Cisco Talos researchers
observed Russia-linked threat actor RomCom (a ...

Pierluigi Paganini October 17, 2024
Security

A CRITICAL FLAW IN KUBERNETES IMAGE BUILDER COULD ALLOW ATTACKERS TO GAIN ROOT
ACCESS

A critical flaw in Kubernetes Image Builder could allow attackers to gain root
access if exploited under specific conditions. A critical, Kubernetes Image
Builder vulnerability, tracked as CVE-20 ...

Pierluigi Paganini October 17, 2024
Security

VMWARE FIXES HIGH-SEVERITY SQL INJECTION FLAW CVE-2024-38814 IN HCX

VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users
to remotely execute code on the HCX manager. VMWare warns to address a remote
code execution vulnerability, tracked ...

Pierluigi Paganini October 17, 2024
Cyber Crime

BRAZIL'S POLÍCIA FEDERAL ARRESTED THE NOTORIOUS HACKER USDOD

Brazil's Polícia Federal has arrested hacker USDoD, the hacker behind the
National Public Data and InfraGard breaches. Brazil's Polícia Federal (PF)
announced the arrest in Belo Horizonte/MG of ...

Pierluigi Paganini October 16, 2024
Cyber Crime

FINNISH CUSTOMS DISMANTLED THE DARK WEB DRUGS MARKET SIPULITIE

Finnish Customs shut down the Tor darknet marketplace Sipulitie and seized the
servers hosting the platform. Finnish Customs, with the help of Europol, Swedish
and Polish law enforcement authoriti ...

Pierluigi Paganini October 16, 2024
Hacking

U.S. CISA ADDS MICROSOFT WINDOWS KERNEL, MOZILLA FIREFOX AND SOLARWINDS WEB HELP
DESK BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows
Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cy ...

Pierluigi Paganini October 16, 2024
Security

GITHUB ADDRESSED A CRITICAL VULNERABILITY IN ENTERPRISE SERVER

GitHub addressed a critical vulnerability in Enterprise Server that could allow
unauthorized access to affected instances. Code hosting platform GitHub
addressed a critical vulnerability, tracked ...

Pierluigi Paganini October 16, 2024
Malware

A NEW LINUX VARIANT OF FASTCASH MALWARE TARGETS FINANCIAL SYSTEMS

North Korea-linked actors deploy a new Linux variant of FASTCash malware to
target financial systems, researcher HaxRob revealed. The cybersecurity
researcher HaxRob analyzed a new variant of the ...

Pierluigi Paganini October 15, 2024
Uncategorized

WORDPRESS JETPACK PLUGIN CRITICAL FLAW IMPACTS 27 MILLION SITES

WordPress Jetpack plugin issued an update to fix a critical flaw allowing
logged-in users to view form submissions by others on the same site. The
maintainers of the WordPress Jetpack plugin have ...

Pierluigi Paganini October 15, 2024
Data Breach

POKEMON DEV GAME FREAK DISCLOSES DATA BREACH

Pokemon dev Game Freak confirmed that an August cyberattack led to source code
leaks and designs for unpublished games online. Game Freak Inc. is a popular
Japanese video game developer, founded ...

Pierluigi Paganini October 15, 2024
Security

U.S. CISA ADDS FORTINET PRODUCTS AND IVANTI CSA BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet
products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure Se ...

Pierluigi Paganini October 14, 2024
APT

NATION-STATE ACTOR EXPLOITED THREE IVANTI CSA ZERO-DAYS

An alleged nation-state actor exploited three zero-day vulnerabilities in Ivanti
Cloud Service Appliance (CSA) in recent attacks. Fortinet FortiGuard Labs
researchers warn that a suspected nation- ...

Pierluigi Paganini October 14, 2024
Cyber Crime

DUTCH POLICE DISMANTLED DUAL DARK WEB MARKET 'BOHEMIA/CANNABIA'

Dutch police dismantled Bohemia/Cannabia, two major dark web markets for illegal
goods, drugs, and cybercrime services. The Dutch police have announced the
success of a new joint law enforcement o ...

Pierluigi Paganini October 14, 2024
Data Breach

FIDELITY INVESTMENTS SUFFERED A SECOND DATA BREACH THIS YEAR

US-based financial services company Fidelity Investments warns 77,000
individuals of a data breach that exposed their personal information. U.S.-based
financial services company Fidelity Investmen ...

Pierluigi Paganini October 14, 2024
Uncategorized

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini October 13, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 493 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini October 13, 2024
APT

RUSSIA-LINKED GROUP APT29 IS TARGETING ZIMBRA AND JETBRAINS TEAMCITY SERVERS ON
A LARGE SCALE

U.S. and U.K. cyber agencies warn that Russia-linked group APT29 is targeting
vulnerable Zimbra and JetBrains TeamCity servers on a large scale. Russia-linked
cyber espionage group APT29 (aka SVR ...

Pierluigi Paganini October 13, 2024
Cyber warfare

A CYBER ATTACK HIT IRANIAN GOVERNMENT SITES AND NUCLEAR FACILITIES

As Middle East tensions rise, cyberattacks hit Iran’s government branches and
nuclear facilities, following Israel's response to Iran's October 1 missile
barrage. Amid escalating Middle East ten ...

Pierluigi Paganini October 12, 2024
Cyber Crime

RANSOMWARE OPERATORS EXPLOITED VEEAM BACKUP & REPLICATION FLAW CVE-2024-40711 IN
RECENT ATTACKS

Sophos reports ransomware operators are exploiting a critical code execution
flaw in Veeam Backup & Replication. Sophos researchers warn that ransomware
operators are exploiting the critical v ...

Pierluigi Paganini October 12, 2024
Security

GITLAB FIXED A CRITICAL FLAW THAT COULD ALLOW ARBITRARY CI/CD PIPELINE EXECUTION

GitLab issued updates for CE and EE to address multiple flaws, including a
critical bug allowing CI/CD pipeline runs on unauthorized branches. GitLab
released security updates for Community Editio ...

Pierluigi Paganini October 11, 2024
APT

IRAN AND CHINA-LINKED ACTORS USED CHATGPT FOR PREPARING ATTACKS

OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and
China-linked actors used ChatGPT for planning ICS attacks. OpenAI announced the
disruption of over 20 cyber and influ ...

Pierluigi Paganini October 11, 2024
Data Breach

INTERNET ARCHIVE DATA BREACH IMPACTED 31M USERS

The Internet Archive disclosed a data breach, the security incident impacted
more than 31 million users of its "The Wayback Machine." The Internet Archive is
an American nonprofit digital librar ...

Pierluigi Paganini October 11, 2024
Malware

E-SKIMMING CAMPAIGN USES UNICODE OBFUSCATION TO HIDE THE MONGOLIAN SKIMMER

Jscrambler researchers found a skimming campaign using unique JavaScript
obfuscation with accented characters to hide a skimmer named Mongolian Skimmer.
Jscrambler researchers uncovered a skimming ...

Pierluigi Paganini October 10, 2024
Security

U.S. CISA ADDS IVANTI CSA AND FORTINET BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti CSA and
Fortinet bugs to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Ag ...

Pierluigi Paganini October 10, 2024
Security

MOZILLA ISSUED AN URGENT FIREFOX UPDATE TO FIX AN ACTIVELY EXPLOITED FLAW

Mozilla released an urgent Firefox update to fix a critical use-after-free
vulnerability actively exploited in ongoing attacks. Mozilla released an
emergency security update for its Firefox browse ...

Pierluigi Paganini October 10, 2024
Security

PALO ALTO FIXED CRITICAL FLAWS IN PAN-OS FIREWALLS THAT ALLOW FOR FULL
COMPROMISE OF THE DEVICES

Palo Alto fixed critical flaws in PAN-OS firewalls, warning that attackers could
chain these vulnerabilities to hijack the devices. Palo Alto Networks addressed
multiple vulnerabilities that an at ...

Pierluigi Paganini October 10, 2024
Security

CYBERCRIMINALS ARE TARGETING AI CONVERSATIONAL PLATFORMS

Resecurity reports a rise in attacks on AI Conversational platforms, targeting
chatbots that use NLP and ML to enable automated, human-like interactions with
consumers. Resecurity has observed a s ...

Pierluigi Paganini October 09, 2024
APT

AWAKEN LIKHO APT GROUP TARGETS RUSSIAN GOVERNMENT WITH A NEW IMPLANT

A threat actor tracked as Awaken Likho is targeting Russian government agencies
and industrial entities, reported cybersecurity firm Kaspersky. A recent
investigation by Kaspersky researchers into ...

Pierluigi Paganini October 09, 2024
Security

U.S. CISA ADDS WINDOWS AND QUALCOMM BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows and
Qualcomm bugs to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agenc ...

Pierluigi Paganini October 09, 2024
Cyber Crime

UKRAINIAN NATIONAL PLEADS GUILTY IN U.S. COURT FOR OPERATING THE RACCOON
INFOSTEALER

Ukrainian national pleads guilty in U.S. court for operating the Raccoon
Infostealer, used to steal sensitive data globally. Ukrainian national Mark
Sokolovsky has pleaded guilty in a US court to ...

Pierluigi Paganini October 08, 2024
Data Breach

MONEYGRAM DISCLOSES DATA BREACH FOLLOWING SEPTEMBER CYBERATTACK

MoneyGram disclosed a data breach following a cyberattack in September, during
which threat actors stole customer data. In September, American interstate and
international peer-to-peer payments ...

Pierluigi Paganini October 08, 2024
Hacking

AMERICAN WATER SHUT DOWN SOME OF ITS SYSTEMS FOLLOWING A CYBERATTACK

American Water, the largest publicly traded water and wastewater utility company
in the US, shut down some of its systems following a cyberattack. American
Water, the largest U.S. water and wastew ...

Pierluigi Paganini October 08, 2024
Data Breach

UNIVERSAL MUSIC DATA BREACH IMPACTED 680 INDIVIDUALS

Universal Music Group notified hundreds of individuals about a data breach
compromising their personal information. Universal Music Group is notifying 680
individuals about a data breach that comp ...

Pierluigi Paganini October 07, 2024
Cyber warfare

KYIV'S HACKERS LAUNCHED AN UNPRECEDENTED CYBER ATTACK ON RUSSIAN STATE MEDIA
VGTRK ON PUTIN'S BIRTHDAY

Russian state media VGTRK faced a major cyberattack, which a Ukrainian source
claimed was conducted by Kyiv's hackers. A Ukrainian government source told
Reuters that Kyiv's hackers are behind the ...

Pierluigi Paganini October 07, 2024
Data Breach

FBCS DATA BREACH IMPACTED 238,000 COMCAST CUSTOMERS

238,000 Comcast customers were impacted by the FBCS data breach following the
February ransomware attack, Comcast reports. Telecommunications giant Comcast is
notifying approximately 238,000 custo ...

Pierluigi Paganini October 07, 2024
Security

CRITICAL APACHE AVRO SDK RCE FLAW IMPACTS JAVA APPLICATIONS

A critical vulnerability in the Apache Avro Java Software Development Kit (SDK)
could be exploited to execute arbitrary code on vulnerable instances. A critical
vulnerability, tracked as CVE-2024- ...

Pierluigi Paganini October 07, 2024
Cyber Crime

MAN PLEADS GUILTY TO STEALING OVER $37 MILLION WORTH OF CRYPTOCURRENCY

A man from Indiana pleaded guilty to stealing over $37M in cryptocurrency from
571 victims during a 2022 cyberattack. Evan Frederick Light, 21, of Lebanon,
Indiana, pleaded guilty to conspiracy to ...

Pierluigi Paganini October 07, 2024
Security

U.S. CISA ADDS SYNACOR ZIMBRA COLLABORATION FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Zimbra
Collaboration vulnerability to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini October 07, 2024
APT

CHINA-LINKED GROUP SALT TYPHOON HACKED US BROADBAND PROVIDERS AND BREACHED
WIRETAP SYSTEMS

China-linked APT group Salt Typhoon breached U.S. broadband providers,
potentially accessing systems for lawful wiretapping and other data.
China-linked APT group Salt Typhoon (also known as Famo ...

Pierluigi Paganini October 06, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini October 06, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 492 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini October 06, 2024
Security

GOOGLE PIXEL 9 SUPPORTS NEW SECURITY FEATURES TO MITIGATE BASEBAND ATTACKS

Google announced that its Pixel 9 has implemented new security features, and it
supports measures to mitigate baseband attacks. Pixel phones are known for their
strong security features, particula ...

Pierluigi Paganini October 06, 2024
Security

WORDPRESS LITESPEED CACHE PLUGIN FLAW COULD ALLOW SITE TAKEOVER

A high-severity flaw in the WordPress LiteSpeed Cache plugin could allow
attackers to execute arbitrary JavaScript code under certain conditions. A
high-severity security flaw, tracked as CVE-2024 ...

Pierluigi Paganini October 05, 2024
Mobile

APPLE IOS 18.0.1 AND IPADOS 18.0.1 FIX MEDIA SESSION AND PASSWORDS BUGS

Apple released iOS 18.0.1 update that addressed two vulnerabilities that exposed
passwords and audio snippets to attackers. Apple released iOS 18.0.1 and iPadOS
18.0.1 updates to fix two vulnerabi ...

Pierluigi Paganini October 05, 2024
Security

GOOGLE REMOVED KASPERSKY'S SECURITY APPS FROM THE PLAY STORE

Google removed Kaspersky 's Android security apps from the Play Store and
suspended its developer accounts over the weekend. Over the weekend, all the
Android products designed by the Russian cybe ...

Pierluigi Paganini October 04, 2024
Malware

NEW PERFCTL MALWARE TARGETS LINUX SERVERS IN CRYPTOMINING CAMPAIGN

perfctl malware targets misconfigured Linux servers to deploy cryptocurrency
miners and proxyjacking software in an ongoing campaign. Aqua Nautilus
researchers shed light on a Linux malware, dubbe ...

Pierluigi Paganini October 04, 2024
APT

MICROSOFT AND DOJ SEIZED THE ATTACK INFRASTRUCTURE USED BY RUSSIA-LINKED
CALLISTO GROUP

Microsoft and the U.S. DoJ seized over 100 domains used by the Russia-linked
Callisto Group for launching attacks on U.S. government and nonprofits. The
Justice Department revealed the unsealing o ...

Pierluigi Paganini October 04, 2024
Hacking

DUTCH POLICE BREACHED BY A STATE ACTOR

The Dutch government blames a "state actor" for hacking a police system,
exposing the contact details of all police officers, according to the justice
minister. The Dutch police blame a state acto ...

Pierluigi Paganini October 03, 2024
Cyber Crime

THOUSANDS OF ADOBE COMMERCE E-STORES HACKED BY EXPLOITING THE COSMICSTING BUG

Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by
exploiting critical vulnerability CVE-2024-34102. Sansec researchers reported
that multiple threat actors have explo ...

Pierluigi Paganini October 03, 2024
Digital ID

TELEGRAM REVEALED IT SHARED U.S. USER DATA WITH LAW ENFORCEMENT

Telegram fulfilled over a dozen U.S. law enforcement data requests this year,
potentially revealing the IP addresses or phone numbers of 100+ users.
Independent website 404 Media first revealed th ...

Pierluigi Paganini October 03, 2024
Security

U.S. CISA ADDS IVANTI ENDPOINT MANAGER (EPM) FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti
Endpoint Manager (EPM) vulnerability to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Infrastruct ...

Pierluigi Paganini October 02, 2024
Security

14 NEW DRAYTEK ROUTERS' FLAWS IMPACTS OVER 700,000 DEVICES IN 168 COUNTRIES

Multiple flaws in DrayTek residential and enterprise routers can be exploited to
fully compromise vulnerable devices. Forescout researchers discovered 14 new
vulnerabilities in DrayTek routers, tw ...

Pierluigi Paganini October 02, 2024
Malware

RHADAMANTHYS INFORMATION STEALER INTRODUCES AI-DRIVEN CAPABILITIES

The Rhadamanthys information stealer has been upgraded with advanced features,
including the use of artificial intelligence (AI) for optical character
recognition (OCR). Researchers at the Recorde ...

Pierluigi Paganini October 02, 2024
Hacking

CRITICAL ZIMBRA POSTJOURNAL FLAW CVE-2024-45519 ACTIVELY EXPLOITED IN THE WILD.
PATCH IT NOW!

Threat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519
in Synacor's Zimbra Collaboration. Proofpoint cybersecurity researchers reported
that threat actors are attempting ...

Pierluigi Paganini October 02, 2024
Cyber Crime

POLICE ARRESTED FOUR NEW INDIVIDUALS LINKED TO THE LOCKBIT RANSOMWARE OPERATION

An international police operation led to the arrest of four individuals linked
to the LockBit ransomware group, including a developer. Europol, the UK, and the
US law enforcement authorities annou ...

Pierluigi Paganini October 02, 2024
Cyber Crime

UMC HEALTH SYSTEM DIVERTED PATIENTS FOLLOWING A RANSOMWARE ATTACK

US healthcare provider UMC Health System had to divert patients due to a network
outage caused by a ransomware attack. On September 27, 2024, US healthcare
provider UMC Health System announced an ...

Pierluigi Paganini October 01, 2024
Hacking

U.S. CISA ADDS D-LINK DIR-820 ROUTER, DRAYTEK MULTIPLE VIGOR ROUTER, MOTION
SPELL GPAC, SAP COMMERCE CLOUD BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link DIR-820
Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud
bugs to its Known Exploited Vulnerabiliti ...

Pierluigi Paganini October 01, 2024
Hacking

NEWS AGENCY AFP HIT BY CYBERATTACK, CLIENT SERVICES IMPACTED

AFP suffered a cyberattack affecting its IT systems and content delivery for
partners, the incident impacted some client services. Agence France-Presse (AFP)
reported a cyberattack on Friday that ...

Pierluigi Paganini October 01, 2024
APT

NORTH KOREA-LINKED APT KIMSUKY TARGETED GERMAN DEFENSE FIRM DIEHL DEFENCE

North Korea-linked APT Kimsuky has been linked to a cyberattack on Diehl
Defence, a German manufacturer of advanced military systems. North Korea-linked
APT group Kimsuky has been linked to a cybe ...

Pierluigi Paganini October 01, 2024
Cyber Crime

PATELCO CREDIT UNION DATA BREACH IMPACTED OVER 1 MILLION PEOPLE

The ransomware attack on Patelco Credit Union this summer led to a data breach
affecting over 1 million individuals, revealed the company. Patelco Credit
Union is a member-owned, not-for-profit c ...

Pierluigi Paganini September 30, 2024
Data Breach

COMMUNITY CLINIC OF MAUI DISCLOSES A DATA BREACH FOLLOWING MAY LOCKBIT
RANSOMWARE ATTACK

Community Clinic of Maui experienced a data breach impacting over 120,000 people
following a LockBit ransomware attack. In May, the Community Clinic of Maui
experienced a major IT outage that impa ...

Pierluigi Paganini September 30, 2024
Cyber Crime

A BRITISH NATIONAL HAS BEEN CHARGED FOR HIS EXECUTION OF A HACK-TO-TRADE SCHEME

The Department of Justice charged a British national for hacking into the
systems of five U.S. organizations. The Department of Justice charged the
British national Robert Westbrook (39) for hacki ...

Pierluigi Paganini September 30, 2024
Uncategorized

CRITICAL NVIDIA CONTAINER TOOLKIT FLAW COULD ALLOW ACCESS TO THE UNDERLYING HOST

A critical vulnerability in the NVIDIA Container Toolkit could allow a container
to escape and gain full access to the underlying host. Critical vulnerability
CVE-2024-0132 (CVSS score 9.0) in the ...

Pierluigi Paganini September 30, 2024
Cyber warfare

ISRAEL ARMY HACKED THE COMMUNICATION NETWORK OF THE BEIRUT AIRPORT CONTROL TOWER

Israel allegedly hacked Beirut airport 's control tower, warning an Iranian
plane not to land, forcing it to return to Tehran. The Israeli cyber army on
Saturday hacked into the control tower of ...

Pierluigi Paganini September 29, 2024
Breaking News

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Security Affairs Malware
newsletter includes a collection of ...

Pierluigi Paganini September 29, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 491 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini September 29, 2024
Social Networks

IRISH DATA PROTECTION COMMISSION FINED META €91 MILLION FOR STORING PASSWORDS IN
READABLE FORMAT

The Irish Data Protection Commission (DPC) fined Meta €91 million for storing
the passwords of hundreds of millions of users in plaintext. The Irish Data
Protection Commission (DPC) has fined Me ...

Pierluigi Paganini September 28, 2024
Security

A CYBERATTACK ON KUWAIT HEALTH MINISTRY IMPACTED HOSPITALS IN THE COUNTRY

The Kuwait Health Ministry is recovering from a cyberattack that disrupted
systems at multiple hospitals and disabled the Sahel healthcare app. Kuwait’s
Health Ministry was the victim of a cyber ...

Pierluigi Paganini September 28, 2024
Digital ID

THE TOR PROJECT AND TAILS HAVE MERGED OPERATIONS

The Tor Project and Tails OS have joined forces and merged operations to counter
a growing number of digital threats. The Tor Project and Tails have merged
operations to enhance collaboration and ...

Pierluigi Paganini September 27, 2024
Hacking

CYBER VANDALISM ON WI-FI NETWORKS AT UK TRAIN STATIONS SPREAD AN ANTI-ISLAM
MESSAGE

UK police are investigating a cyberattack that disrupted Wi-Fi networks at
several train stations across the country. U.K. transport officials and police
are investigating a cyber attack on publi ...

Pierluigi Paganini September 27, 2024
Hacking

CUPS FLAWS ALLOW REMOTE CODE EXECUTION ON LINUX SYSTEMS UNDER CERTAIN CONDITIONS

A researcher has disclosed details of an unpatched Linux vulnerability,
initially labeled as critical, that allows remote code execution. The popular
cybersecurity researcher Simone Margaritelli ( ...

Pierluigi Paganini September 27, 2024
Cyber Crime

U.S. SANCTIONED VIRTUAL CURRENCY EXCHANGES CRYPTEX AND PM2BTC FOR FACILITATING
ILLEGAL ACTIVITIES

The U.S. government sanctioned the virtual currency exchanges Cryptex and PM2BTC
for facilitating cybercrime and money maundering. The U.S. government sanctioned
two cryptocurrency exchanges, Cryp ...

Pierluigi Paganini September 27, 2024
Hacking

HACKING KIA CARS MADE AFTER 2013 USING JUST THEIR LICENSE PLATE

Researchers discovered critical flaws in Kia's dealer portal that could allow to
hack Kia cars made after 2013 using just their license plate. In June 2024, a
team of experts (Neiko Rivera, Sam Cu ...

Pierluigi Paganini September 26, 2024
ICS-SCADA

CRITICAL RCE VULNERABILITY FOUND IN OPENPLC

Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could
lead to DoS condition and remote code execution. Cisco’s Talos threat
intelligence unit has disclosed details of f ...

Pierluigi Paganini September 26, 2024
APT

CHINA-LINKED APT GROUP SALT TYPHOON COMPROMISED SOME U.S. INTERNET SERVICE
PROVIDERS (ISPS)

China-linked threat actors compromised some U.S. internet service providers
(ISPs) as part of a cyber espionage campaign code-named Salt Typhoon.
China-linked threat actors have breached several ...

Pierluigi Paganini September 26, 2024
Digital ID

PRIVACY NON-PROFIT NOYB CLAIMS THAT FIREFOX TRACKS USERS WITH PRIVACY PRESERVING
FEATURE

Privacy non-profit noyb filed a complaint with the Austrian DPA against Firefox
for enabling tracking in Firefox without user consent. Privacy non-profit None
Of Your Business (noyb) has filed a c ...

Pierluigi Paganini September 26, 2024
Deep Web

DATA OF 3,191 CONGRESSIONAL STAFFERS LEAKED IN THE DARK WEB

The personal information of over 3,000 congressional staffers was leaked on the
dark web following a major cyberattack on the U.S. Capitol. The personal
information of approximately 3,191 congress ...

Pierluigi Paganini September 26, 2024
Malware

NEW VARIANT OF NECRO TROJAN INFECTED MORE THAN 11 MILLION DEVICES

Experts warn of Necro Trojan found in Google Play, threat actors are spreading
it through fake versions of legitimate Android apps. Researchers from Kaspersky
discovered a new version of the Necro ...

Pierluigi Paganini September 25, 2024
Hacking

U.S. CISA ADDS IVANTI VIRTUAL TRAFFIC MANAGER FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Virtual
Traffic Manager vulnerability to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastruc ...

Pierluigi Paganini September 25, 2024
Hacking

ARKANSAS CITY WATER TREATMENT FACILITY SWITCHED TO MANUAL OPERATIONS FOLLOWING A
CYBERATTACK

Arkansas City, a small city in Cowley County, Kansas, was forced to switch its
water treatment facility to manual operations due to a cyberattack. Arkansas
City, Kansas, had to switch its water tr ...

Pierluigi Paganini September 25, 2024
Malware

NEW ANDROID BANKING TROJAN OCTO2 TARGETS EUROPEAN BANKS

A new version of the Android banking trojan Octo, called Octo2, supports
improved features that allow to takeover infected devices. ThreatFabric
researchers discovered a new version of the Android ...

Pierluigi Paganini September 25, 2024
Malware

A GENERATIVE ARTIFICIAL INTELLIGENCE MALWARE USED IN PHISHING ATTACKS

HP researchers detected a dropper that was generated by generative artificial
intelligence services and used to deliver AsyncRAT malware. While investigating
a malicious email, HP researchers dis ...

Pierluigi Paganini September 24, 2024
Security

A CYBERATTACK ON MONEYGRAM CAUSED ITS SERVICE OUTAGE

American peer-to-peer payments and money transfer company MoneyGram confirmed
that a cyberattack caused its service outage. American interstate and
international peer-to-peer payments and mo ...

Pierluigi Paganini September 24, 2024
Intelligence

DID ISRAEL INFILTRATE LEBANESE TELECOMS NETWORKS?

Israel has been sending text messages, recordings, and hacking radio networks to
warn Lebanese citizens to evacuate certain areas. Israel has been sending text
messages, recordings, and hacking ra ...

Pierluigi Paganini September 24, 2024
Mobile

TELEGRAM WILL PROVIDE USER DATA TO LAW ENFORCEMENT IN RESPONSE TO LEGAL REQUESTS

Telegram will provide user data to law enforcement agencies in response to valid
legal requests, according to a recent policy update Telegram has updated its
privacy policy informing users that it ...

Pierluigi Paganini September 24, 2024
Security

ESET FIXED TWO PRIVILEGE ESCALATION FLAWS IN ITS PRODUCTS

ESET addressed two local privilege escalation vulnerabilities in security
products for Windows and macOS operating systems. Cybersecurity firm ESET
released security patches for two local privileg ...

Pierluigi Paganini September 23, 2024
APT

NORTH KOREA-LINKED APT GLEAMING PISCES DELIVER NEW PONDRAT BACKDOOR VIA
MALICIOUS PYTHON PACKAGES

North Korea-linked APT group Gleaming Pisces is distributing a new malware
called PondRAT through tainted Python packages. Unit 42 researchers uncovered an
ongoing campaign distributing Linux and ...

Pierluigi Paganini September 23, 2024
APT

CHINESE APT EARTH BAXIA TARGET APAC BY EXPLOITING GEOSERVER FLAW

Suspected China-linked APT Earth Baxia targeted a government organization in
Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Trend
Micro researchers reported that China-link ...

Pierluigi Paganini September 23, 2024
Hacking

HACKTIVIST GROUP TWELVE IS BACK AND TARGETS RUSSIAN ENTITIES

Hacktivist group Twelve is back and targets Russian entities to destroy critical
assets and disrupt their operations. The hacktivist group Twelve has been active
since at least April 2023, it was ...

Pierluigi Paganini September 23, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 12

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Protect Your Crypto:
Understanding the Ongoing Global Malware ...

Pierluigi Paganini September 22, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 490 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini September 22, 2024
Breaking News

NOISE STORMS: MYSTERIOUS MASSIVE WAVES OF SPOOFED TRAFFIC OBSERVED SINCE 2020

GreyNoise Intelligence firm warns of a mysterious phenomenon observed since
January 2020, massive waves of spoofed traffic called Noise Storms.  GreyNoise
Intelligence has been tracking a mysteri ...

Pierluigi Paganini September 22, 2024
Cyber Crime

HACKERS STOLE OVER $44 MILLION FROM ASIAN CRYPTO PLATFORM BINGX

Cybercriminals stole more than $44 million worth of cryptocurrency from the
Singaporean crypto platform BingX. Singaporean crypto platform BingX reported a
cyberattack on Friday. Threat actors sto ...

Pierluigi Paganini September 21, 2024
Cyber Crime

OP KAERB: EUROPOL DISMANTLED PHISHING SCHEME TARGETING MOBILE USERS

A joint international law enforcement operation led by Europol dismantled a
major phishing scheme targeting mobile users. Europol supported European and
Latin American law enforcement agencies in ...

Pierluigi Paganini September 21, 2024
Cyber warfare

UKRAINE BANS TELEGRAM FOR GOVERNMENT AGENCIES, MILITARY, AND CRITICAL
INFRASTRUCTURE

Ukraine's NCCC banned the Telegram app for government agencies, military, and
critical infrastructure, due to national security concerns. Ukraine's National
Coordination Centre for Cybersecurity ( ...

Pierluigi Paganini September 21, 2024
Security

TOR PROJECT RESPONDED TO CLAIMS THAT LAW ENFORCEMENT CAN DE-ANONYMIZE TOR USERS

The maintainers of the Tor Project have responded to claims that German police
have devised a technique to deanonymize users. The maintainers of the Tor
Project have responded to claims that Germa ...

Pierluigi Paganini September 20, 2024
APT

UNC1860 PROVIDES IRAN-LINKED APTS WITH ACCESS TO MIDDLE EASTERN NETWORKS

Iran-linked APT group UNC1860 is operating as an initial access facilitator that
provides remote access to Middle Eastern Networks. Mandiant researchers warn
that an Iran-linked APT group, tracked ...

Pierluigi Paganini September 20, 2024
Cyber Crime

US DOJ CHARGED TWO MEN WITH STEALING AND LAUNDERING $230 MILLION WORTH OF
CRYPTOCURRENCY

The US DoJ arrested two people and charged them with stealing and laundering
more than $230 million worth of cryptocurrency. The U.S. DoJ arrested two
people, Malone Lam (20) (aka "Greavys," "Anne ...

Pierluigi Paganini September 20, 2024
Uncategorized

THE VANILLA TEMPEST CYBERCRIME GANG USED INC RANSOMWARE FOR THE FIRST TIME IN
ATTACKS ON THE HEALTHCARE SECTOR

Microsoft warns that financially motivated threat actor Vanilla Tempest is using
INC ransomware in attacks aimed at the healthcare sector in the U.S. Microsoft
Threat Intelligence team revealed th ...

Pierluigi Paganini September 20, 2024
Hacking

U.S. CISA ADDS NEW IVANTI CLOUD SERVICES APPLIANCE VULNERABILITY TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud
Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastru ...

Pierluigi Paganini September 20, 2024
Security

IVANTI WARNS OF A NEW ACTIVELY EXPLOITED CLOUD SERVICES APPLIANCE (CSA) FLAW

Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability that is
being exploited in attacks in the wild against a limited number of customers.
Ivanti warned of a new Cloud Services Appl ...

Pierluigi Paganini September 19, 2024
Cyber Crime

INTERNATIONAL LAW ENFORCEMENT OPERATION DISMANTLED CRIMINAL COMMUNICATION
PLATFORM GHOST

An international law enforcement operation infiltrated the encrypted messaging
app Ghost, which was widely used by criminals, resulting in the arrest of dozens
of individuals. An international law ...

Pierluigi Paganini September 19, 2024
Security

U.S. CISA ADDS MICROSOFT WINDOWS, APACHE HUGEGRAPH-SERVER, ORACLE JDEVELOPER,
ORACLE WEBLOGIC SERVER, AND MICROSOFT SQL SERVER BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft
Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and
Microsoft SQL Server bugs to its Known Exp ...

Pierluigi Paganini September 19, 2024
Security

SIEM FOR SMALL AND MEDIUM-SIZED ENTERPRISES: WHAT YOU NEED TO KNOW

Small and medium-sized enterprises (SMEs) are a frequent target for
cybercriminals. How can SIEM help them improve their cybersecurity? Contrary to
what they might believe, small and medium-sized ...

Pierluigi Paganini September 19, 2024
Hacking

ANTIVIRUS FIRM DR.WEB DISCONNECTED ALL SERVERS FOLLOWING A CYBERATTACK

Russian anti-virus firm Doctor Web (Dr.Web) disconnected all servers following a
cyberattack over the weekend. This week, the Russian anti-malware firm Doctor
Web (Dr.Web) announced that it had di ...

Pierluigi Paganini September 19, 2024
Malware

EXPERTS WARN OF CHINA-LINKED APT'S RAPTOR TRAIN IOT BOTNET

Researchers warn of a new IoT botnet called Raptor Train that already
compromised over 200,000 devices worldwide. Cybersecurity researchers from
Lumen's Black Lotus Labs discovered a new botnet, n ...

Pierluigi Paganini September 18, 2024
Cyber Crime

CREDENTIAL FLUSHER, UNDERSTANDING THE THREAT AND HOW TO PROTECT YOUR LOGIN DATA

Credential Flusher is a method that allows hackers to steal login credentials
directly from the victim’s web browser. The cyber attacks have become
increasingly sophisticated, putting our person ...

Pierluigi Paganini September 18, 2024
Security

U.S. TREASURY ISSUED FRESH SANCTIONS AGAINST ENTITIES LINKED TO THE INTELLEXA
CONSORTIUM

The U.S. Department of Treasury issued new sanctions against five executives and
one entity linked to the Intellexa Consortium. The Department of the Treasury’s
Office of Foreign Assets Control ...

Pierluigi Paganini September 18, 2024
Security

BROADCOM FIXED CRITICAL VMWARE VCENTER SERVER FLAW CVE-2024-38812

Broadcom addressed a critical vulnerability in the VMware vCenter Server that
could allow remote attackers to achieve code execution. Broadcom released
security updates to address a critical vulne ...

Pierluigi Paganini September 18, 2024
Intelligence

REMOTE ATTACK ON PAGERS USED BY HEZBOLLAH CAUSED 9 DEATHS AND THOUSANDS OF
INJURIES

Remote attack on pagers used by Hezbollah in Lebanon and Syria caused their
explosion; at least 8 nine people dead and more than 2,800 injured. At least
nine eight individuals, including a child, ...

Pierluigi Paganini September 17, 2024
Cyber Crime

CHINESE MAN CHARGED FOR SPEAR-PHISHING AGAINST NASA AND US GOVERNMENT

US DoJ charged a Chinese national who used spear-phishing emails to obtain
sensitive info from NASA, the U.S. Air Force, Navy, Army, and the FAA. The U.S.
DoJ charged a Chinese national, Song Wu ( ...

Pierluigi Paganini September 17, 2024
Security

U.S. CISA ADDS MICROSOFT WINDOWS MSHTML PLATFORM AND PROGRESS WHATSUP GOLD BUGS
TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft
Windows MSHTML Platform and Progress WhatsUp Gold bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cyberse ...

Pierluigi Paganini September 17, 2024
Digital ID

TAKING CONTROL ONLINE: ENSURING AWARENESS OF DATA USAGE AND CONSENT

Why do consumers refuse to consent to their data being shared? Ensuring
transparency on their usage and consent. In the digital world, trust is
essential for the relationships between brands and c ...

Pierluigi Paganini September 17, 2024
Data Breach

QILIN RANSOMWARE ATTACK ON SYNNOVIS IMPACTED OVER 900,000 PATIENTS

The personal information of a million individuals was published online following
a ransomware attack that in June disrupted NHS hospitals in London. In June, a
ransomware attack on pathology and d ...

Pierluigi Paganini September 17, 2024
Security

D-LINK ADDRESSED THREE CRITICAL RCE IN WIRELESS ROUTER MODELS

D-Link fixed multiple critical flaws in its WiFi 6 routers that allow remote
attackers to execute arbitrary code or gain hardcoded credentials. D-Link has
addressed three critical vulnerabilities, ...

Pierluigi Paganini September 16, 2024
Hacking

RECENTLY PATCHED WINDOWS FLAW CVE-2024-43461 WAS ACTIVELY EXPLOITED AS A
ZERO-DAY BEFORE JULY 2024

Microsoft warns that a recently patched Windows flaw, tracked as CVE-2024-43461,
was actively exploited as a zero-day before July 2024. Microsoft warns that
attackers actively exploited the Window ...

Pierluigi Paganini September 16, 2024
Security

SOLARWINDS FIXED CRITICAL RCE CVE-2024-28991 IN ACCESS RIGHTS MANAGER

SolarWinds addressed a critical remote code execution vulnerability, tracked as
CVE-2024-28991, in Access Rights Manager. SolarWinds released security updates
to address a critical-severity remote ...

Pierluigi Paganini September 16, 2024
Laws and regulations

APPLE DISMISSES LAWSUIT AGAINST SURVEILLANCE FIRM NSO GROUP DUE TO RISK OF
THREAT INTELLIGENCE EXPOSURE

Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the
risk of "threat intelligence" information exposure. Apple is seeking to drop its
lawsuit against Israeli spyware com ...

Pierluigi Paganini September 16, 2024
Hacking

HACKER TRICKED CHATGPT INTO PROVIDING DETAILED INSTRUCTIONS TO MAKE A HOMEMADE
BOMB

A hacker tricked ChatGPT into providing instructions to make homemade bombs
demonstrating how to bypass the chatbot safety guidelines. A hacker and artist,
who goes online as Amadon, tricked ChatG ...

Pierluigi Paganini September 16, 2024
Cyber Crime

PORT OF SEATTLE CONFIRMED THAT RHYSIDA RANSOMWARE GANG WAS BEHIND THE AUGUST
ATTACK

Port of Seattle confirmed on Friday that the Rhysida ransomware group was behind
the cyberattack that hit the agency in August. In August, a cyber attack hit the
Port of Seattle, which also opera ...

Pierluigi Paganini September 15, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Mythical Beasts and
Where to Find Them: Mapping the Global Sp ...

Pierluigi Paganini September 15, 2024
Hacking

U.S. CISA ADDS IVANTI CLOUD SERVICES APPLIANCE VULNERABILITY TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud
Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastru ...

Pierluigi Paganini September 14, 2024
Hacking

IVANTI CLOUD SERVICE APPLIANCE FLAW IS BEING ACTIVELY EXPLOITED IN THE WILD

Ivanti warned that recently patched flaw CVE-2024-8190 in Cloud Service
Appliance (CSA) is being actively exploited in the wild. Ivanti warned that a
newly patched vulnerability, tracked as CVE-20 ...

Pierluigi Paganini September 14, 2024
Security

GITLAB FIXED A CRITICAL FLAW IN GITLAB CE AND GITLAB EE

GitLab addressed multiple vulnerabilities impacting GitLab CE/EE, including a
critical pipeline execution issue. GitLab released security patches for 17
vulnerabilities in GitLab CE (Community Ed ...

Pierluigi Paganini September 14, 2024
Malware

NEW LINUX MALWARE CALLED HADOOKEN TARGETS ORACLE WEBLOGIC SERVERS

A new Linux malware called Hadooken targets Oracle WebLogic servers, it has been
linked to several ransomware families. Aqua Security Nautilus researchers
discovered a new Linux malware, called H ...

Pierluigi Paganini September 13, 2024
Data Breach

LEHIGH VALLEY HEALTH NETWORK HOSPITAL NETWORK HAS AGREED TO A $65 MILLION
SETTLEMENT AFTER DATA BREACH

Lehigh Valley Health Network ’s (LVHN) hospital network has agreed to a $65
million settlement in a class action lawsuit related to a data breach. Lehigh
Valley Health Network (LVHN) is a large ...

Pierluigi Paganini September 13, 2024
Malware

VO1D MALWARE INFECTED 1.3 MILLION ANDROID-BASED TV BOXES IN 197 COUNTRIES

Researchers uncovered an Android malware, dubbed Vo1d, that has already infected
nearly 1.3 million Android devices in 197 countries. Doctor Web researchers
uncovered a malware, tracked as Vo1d, ...

Pierluigi Paganini September 13, 2024
Data Breach

CYBERSECURITY GIANT FORTINET DISCLOSES A DATA BREACH

Fortinet disclosed a data breach after a threat actor claimed the theft of 440GB
of files from the company's Microsoft Sharepoint server. Today, Fortinet told
Cyber Daily that a threat actor gaine ...

Pierluigi Paganini September 12, 2024
Cyber Crime

SINGAPORE POLICE ARREST SIX MEN ALLEGEDLY INVOLVED IN A CYBERCRIME SYNDICATE

The Singapore Police Force (SPF) has arrested six individuals for their role in
the operations of a cybercrime ring in the country. The Singapore Police Force
(SPF) arrested five Chinese nationals ...

Pierluigi Paganini September 12, 2024
Security

ADOBE PATCH TUESDAY SECURITY UPDATES FIXED MULTIPLE CRITICAL ISSUES IN THE
COMPANY'S PRODUCTS

Adobe addressed tens of vulnerabilities, including critical issues that could
allow attackers to execute arbitrary code on Windows and macOS. Adobe Patch
Tuesday security updates addressed multip ...

Pierluigi Paganini September 12, 2024
Cyber Crime

HIGHLINE PUBLIC SCHOOLS SCHOOL DISTRICT SUSPENDED ITS ACTIVITIES FOLLOWING A
CYBERATTACK

Highline Public Schools, a school district in Washington state, remains closed
following a cyberattack that occurred two days ago. Two days ago Highline Public
Schools (HPS), a school district in ...

Pierluigi Paganini September 11, 2024
Malware

RANSOMHUB RANSOMWARE GANG RELIES ON KASPERSKY TDSKILLER TOOL TO DISABLE EDR

Researchers observed the RansomHub ransomware group using the TDSSKiller tool to
disable endpoint detection and response (EDR) systems. The RansomHub ransomware
gang is using the TDSSKiller tool t ...

Pierluigi Paganini September 11, 2024
Security

IVANTI FIXED A MAXIMUM SEVERITY FLAW IN ITS ENDPOINT MANAGEMENT SOFTWARE (EPM)

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)
that can let attackers achieve remote code execution on the core server Ivanti
Endpoint Management (EPM) software is ...

Pierluigi Paganini September 11, 2024
Security

MICROSOFT PATCH TUESDAY SECURITY UPDATES FOR SEPTEMBER 2024 ADDRESSED FOUR
ACTIVELY EXPLOITED ZERO-DAYS

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws,
including four actively exploited zero-day flaws. Microsoft Patch Tuesday
security updates for September 2024 addres ...

Pierluigi Paganini September 11, 2024
Malware

QUAD7 BOTNET EVOLVES TO MORE STEALTHY TACTICS TO EVADE DETECTION

The Quad7 botnet evolves and targets new  SOHO devices, including Axentra media
servers, Ruckus wireless routers and Zyxel VPN appliances. The Sekoia TDR team
identified additional implants assoc ...

Pierluigi Paganini September 10, 2024
Cyber warfare

POLAND THWARTED CYBERATTACKS THAT WERE CARRIED OUT BY RUSSIA AND BELARUS

Poland 's security officials announced that they successfully thwarted
cyberattacks that were carried out by Russia and Belarus. Poland security
services announced they have thwarted a cyber opera ...

Pierluigi Paganini September 10, 2024
Security

U.S. CISA ADDS SONICWALL SONICOS, IMAGEMAGICK AND LINUX KERNEL BUGS TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall
SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cybersecurity and I ...

Pierluigi Paganini September 10, 2024
Data Breach

ELECTRONIC PAYMENT GATEWAY SLIM CD DISCLOSED A DATA BREACH IMPACTING 1.7M
INDIVIDUALS

Payment gateway provider Slim CD disclosed a data breach, credit card and
personal data of almost 1.7 million individuals were compromised. The electronic
payment gateway Slim CD disclosed a data ...

Pierluigi Paganini September 10, 2024
Intelligence

PREDATOR SPYWARE OPERATION IS BACK WITH A NEW INFRASTRUCTURE

Researchers warn of a fresh cluster of activity associated with the Predator
spyware using a new infrastructure, following the U.S. sanctions against the
Intellexa Consortium. Recorded Future rese ...

Pierluigi Paganini September 09, 2024
APT

TIDRONE APT TARGETS DRONE MANUFACTURERS IN TAIWAN

A previously undocumented threat actor tracked TIDRONE targets organizations in
military and satellite industries in Taiwan. Trend Micro spotted an allegedly
China-linked threat actor, tracked TID ...

Pierluigi Paganini September 09, 2024
Malware

MULTIPLE MALWARE FAMILIES DELIVERED EXPLOITING GEOSERVER GEOTOOLS FLAW
CVE-2024-36401

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer
GeoTools flaw CVE-2024-36401 in malware-based campaigns. Researchers at Fortinet
FortiGuard Labs reported that thr ...

Pierluigi Paganini September 09, 2024
Security

PROGRESS SOFTWARE FIXED A MAXIMUM SEVERITY FLAW IN LOADMASTER

Progress Software released an emergency to address a maximum severity
vulnerability in its LoadMaster products. Progress Software released an
emergency fix for a critical vulnerability, tracked as ...

Pierluigi Paganini September 09, 2024
Cyber Crime

FEDS INDICTED TWO ALLEGED ADMINISTRATORS OF WWH CLUB DARK WEB MARKETPLACE

Russian And Kazakhstani men indicted for operating the Dark Web cybercriminals
marketplace WWH Club and other crime forums and markets. Alex Khodyrev (35) from
Kazakhstan) and Pavel Kublitskii (37 ...

Pierluigi Paganini September 08, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 10

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. BlackSuit Ransomware
Dissecting the Cicada   &nb ...

Pierluigi Paganini September 08, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 488 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini September 08, 2024
Security

U.S. CISA ADDS DRAYTEK VIGORCONNECT AND KINGSOFT WPS OFFICE BUGS TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Draytek
VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Infra ...

Pierluigi Paganini September 07, 2024
Security

A FLAW IN WORDPRESS LITESPEED CACHE PLUGIN ALLOWS ACCOUNT TAKEOVER

A critical flaw in the LiteSpeed Cache plugin for WordPress could allow
unauthenticated users to take control of arbitrary accounts. The LiteSpeed Cache
plugin is a popular caching plugin for Word ...

Pierluigi Paganini September 07, 2024
Data Breach

CAR RENTAL COMPANY AVIS DISCLOSES A DATA BREACH

Car rental giant Avis disclosed a data breach that impacted one of its business
applications in August compromising customers' personal information. Car rental
company Avis notified customers impa ...

Pierluigi Paganini September 06, 2024
Hacking

SONICWALL WARNS THAT SONICOS BUG EXPLOITED IN ATTACKS

Recently fixed access control SonicOS vulnerability, tracked as
CVE-2024-40766, is potentially exploited in attacks in the wild, SonicWall
warns. SonicWall warns that a recently fixed access cont ...

Pierluigi Paganini September 06, 2024
Security

APACHE FIXED A NEW REMOTE CODE EXECUTION FLAW IN APACHE OFBIZ

Apache addressed a remote code execution vulnerability affecting the Apache
OFBiz open-source enterprise resource planning (ERP) system. Apache fixed a
high-severity vulnerability, tracked as CVE ...

Pierluigi Paganini September 06, 2024
Cyber warfare

RUSSIA-LINKED GRU UNIT 29155 TARGETED CRITICAL INFRASTRUCTURE GLOBALLY

The United States and its allies state that Russia-linked threat actors
operating under the GRU are behind global critical infrastructure attacks. The
FBI, CISA, and NSA linked threat actors from ...

Pierluigi Paganini September 06, 2024
Security

VEEAM FIXED A CRITICAL FLAW IN VEEAM BACKUP & REPLICATION SOFTWARE

Veeam addressed 18 high and critical severity flaws in Veeam Backup &
Replication, Service Provider Console, and One. Veeam released security updates
to address multiple vulnerabilit ...

Pierluigi Paganini September 05, 2024
Malware

EARTH LUSCA ADDS MULTIPLATFORM MALWARE KTLVDOOR TO ITS ARSENAL

The Chinese-speaking threat actor Earth Lusca used the new backdoor KTLVdoor in
an attack against a trading company in China. Trend Micro Researchers spotted
the Chinese-speaking threat actor Eart ...

Pierluigi Paganini September 05, 2024
APT

IS RUSSIAN GROUP APT28 BEHIND THE CYBER ATTACK ON THE GERMAN AIR TRAFFIC CONTROL
AGENCY (DFS)?

A cyber attack hit the German air traffic control agency (DFS) disrupting its
operations, experts attribute it to Russia-linked group APT28. A cyber attack
targeted the German Air Traffic Control ...

Pierluigi Paganini September 05, 2024
Hacking

QUISHING, AN INSIDIOUS THREAT TO ELECTRIC CAR OWNERS

Quishing is a type of phishing attack where crooks use QR codes to trick users
into providing sensitive information or downloading malware. In recent years,
the spread of electric cars has led to ...

Pierluigi Paganini September 05, 2024
Security

DISCONTINUED D-LINK DIR-846 ROUTERS ARE AFFECTED BY CODE EXECUTION FLAWS.
REPLACE THEM!

D-Link warns of multiple remote code execution vulnerabilities impacting its
discontinued DIR-846 router series. Networking hardware vendor D-Link wars of
multiple remote code execution (RCE) vul ...

Pierluigi Paganini September 04, 2024
Hacktivism

HEAD MARE HACKTIVIST GROUP TARGETS RUSSIA AND BELARUS

A group of hacktivist known as Head Mare took advantage of the
recent CVE-2023-38831 WinRAR flaw in attacks against organizations in Russia and
Belarus. Kaspersky researchers reported that a h ...

Pierluigi Paganini September 04, 2024
Security

ZYXEL FIXED CRITICAL OS COMMAND INJECTION FLAW IN MULTIPLE ROUTERS

Taiwanese manufacturer Zyxel addressed a critical OS command injection flaw
affecting multiple models of its business routers. Zyxel has released security
updates to address a critical vulnerabili ...

Pierluigi Paganini September 04, 2024
Security

VMWARE FIXED A CODE EXECUTION FLAW IN FUSION HYPERVISOR

VMware released a patch to address a high-severity code execution flaw in its
Fusion hypervisor, users are urged to apply it. VMware addressed a high-severity
code execution vulnerability, tracke ...

Pierluigi Paganini September 03, 2024
Hacking

VULNERABILITIES IN MICROSOFT APPS FOR MACOS ALLOW STEALING PERMISSIONS

Vulnerabilities in Microsoft apps for macOS could allow attackers to steal
permissions and access sensitive data. Cisco Talos researchers discovered eight
vulnerabilities in Microsoft apps for mac ...

Pierluigi Paganini September 03, 2024
Cyber Crime

THREE MEN PLEAD GUILTY TO RUNNING MFA BYPASS SERVICE OTP.AGENCY

Three men have pleaded guilty to operating OTP.Agency, an online service that
allowed crooks to bypass Multi-Factor authentication (MFA). Three men, Callum
Picari (22), Vijayasidhurshan Vijayanath ...

Pierluigi Paganini September 03, 2024
Hacking

TRANSPORT FOR LONDON (TFL) IS DEALING WITH AN ONGOING CYBERATTACK

Transport for London (TfL) is investigating an ongoing cyberattack, however,
customer information was compromised. Transport for London (TfL) is
investigating an ongoing cyberattack. However, the ...

Pierluigi Paganini September 02, 2024
Cyber Crime

LOCKBIT GANG CLAIMS THE ATTACK ON THE TORONTO DISTRICT SCHOOL BOARD (TDSB)

The Toronto District School Board (TDSB) confirmed that student information was
compromised in the June Lockbit ransomware attack. The Toronto District School
Board (TDSB) confirmed that students' ...

Pierluigi Paganini September 02, 2024
Cyber Crime

A NEW VARIANT OF CICADA RANSOMWARE TARGETS VMWARE ESXI SYSTEMS

A new ransomware-as-a-service (RaaS) operation called Cicada3301 has emerged in
the threat landscape and already targeted tens of companies. Cicada3301 is a new
ransomware-as-a-service (RaaS) oper ...

Pierluigi Paganini September 02, 2024
Hacking

AN AIR TRANSPORT SECURITY SYSTEM FLAW ALLOWED TO BYPASS AIRPORT SECURITY
SCREENINGS

A vulnerability in an air transport security system allowed unauthorized
individuals to bypass airport security screenings. The Known Crewmember (KCM)
and Cockpit Access Security System (CASS) pro ...

Pierluigi Paganini September 01, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 9

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Unveiling "sedexp": A
Stealthy Linux Malware Exploiting udev ...

Pierluigi Paganini September 01, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 487 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini September 01, 2024
Security

FORTRA FIXED TWO SEVERE ISSUES IN FILECATALYST WORKFLOW, INCLUDING A CRITICAL
FLAW

Cybersecurity and automation company Fortra addressed two vulnerabilities in
FileCatalyst Workflow software, including a critical-severity flaw.
Cybersecurity and automation company Fortra release ...

Pierluigi Paganini August 30, 2024
Hacking

SOUTH KOREA-LINKED GROUP APT-C-60 EXPLOITED A WPS OFFICE ZERO-DAY

South Korea-linked group APT-C-60 exploited a zero-day in the Windows version of
WPS Office to target East Asian countries. South Korea-linked group APT-C-60
exploited a zero-day, tracked as CVE� ...

Pierluigi Paganini August 30, 2024
Cyber Crime

THREAT ACTORS EXPLOIT ATLASSIAN CONFLUENCE BUG IN CRYPTOMINING CAMPAIGNS

Threat actors are actively exploiting a critical flaw in the Atlassian
Confluence Data Center and Confluence Server in cryptocurrency mining campaigns.
The critical vulnerability CVE-2023-22527   ...

Pierluigi Paganini August 30, 2024
APT

RUSSIA-LINKED APT29 REUSED IOS AND CHROME EXPLOITS PREVIOUSLY DEVELOPED BY NSO
GROUP AND INTELLEXA

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously
developed by surveillance firms NSO Group and Intellexa. Google TAG (Threat
Analysis Group) researchers observed th ...

Pierluigi Paganini August 30, 2024
Security

CISCO ADDRESSED A HIGH-SEVERITY FLAW IN NX-OS SOFTWARE

Cisco addressed multiple vulnerabilities impacting NX-OS software, including a
high-severity flaw in the DHCPv6 relay agent. Cisco released security updates
for NX-OS software that address multipl ...

Pierluigi Paganini August 29, 2024
Malware

CORONA MIRAI BOTNET SPREADS VIA AVTECH CCTV ZERO-DAY 

An instance of the Corona Mirai botnet spreads via AVTECH CCTV zero-day and
multiple previously known vulnerabilities. Akamai's Security Intelligence and
Response Team (SIRT) has detected a botne ...

Pierluigi Paganini August 29, 2024
Security

TELEGRAM CEO PAVEL DUROV CHARGED IN FRANCE FOR FACILITATING CRIMINAL ACTIVITIES

French prosecutors charged CEO Telegram Pavel Durov with facilitating various
criminal activities on the messaging platform. French prosecutors have formally
charged Telegram CEO Pavel Durov with ...

Pierluigi Paganini August 29, 2024
APT

IRAN-LINKED GROUP APT33 ADDS NEW TICKLER MALWARE TO ITS ARSENAL

Iran-linked group APT33 used new Tickler malware in attacks against
organizations in the government, defense, satellite, oil and gas sectors.
Microsoft researchers reported that the Iran-linked cy ...

Pierluigi Paganini August 29, 2024
Security

U.S. CISA ADDS GOOGLE CHROMIUM V8 BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google
Chromium V8 bug to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agency ( ...

Pierluigi Paganini August 28, 2024
Data Breach

YOUNG CONSULTING DATA BREACH IMPACTS 954,177 INDIVIDUALS

A ransomware attack by the BlackSuit group on Young Consulting compromised the
personal information of over 950,000 individuals. Software solutions provider
Young Consulting disclosed a data breac ...

Pierluigi Paganini August 28, 2024
Malware

BLACKBYTE RANSOMWARE GROUP TARGETS RECENTLY PATCHED VMWARE ESXI FLAW
CVE-2024-37085

BlackByte ransomware operators are exploiting a recently patched VMware ESXi
hypervisors vulnerability in recent attacks. Cisco Talos observed the BlackByte
ransomware group exploiting the recentl ...

Pierluigi Paganini August 28, 2024
Cyber Crime

US OFFERS $2.5M REWARD FOR BELARUSIAN MAN INVOLVED IN MASS MALWARE DISTRIBUTION

The US Department of State offers a $2.5 million reward for information leading
to the arrest of a Belarusian cybercriminal involved in the mass malware
distribution. The US Department of State an ...

Pierluigi Paganini August 28, 2024
Uncategorized

U.S. CISA ADDS APACHE OFBIZ BUG TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz
bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and
Infrastructure Security Agency (CISA)� ...

Pierluigi Paganini August 28, 2024
APT

CHINA-LINKED APT VOLT TYPHOON EXPLOITED A ZERO-DAY IN VERSA DIRECTOR

China-linked APT group Volt Typhoon exploited a zero-day flaw in Versa Director
to upload a custom webshell in target networks. China-linked APT Volt Typhoon
exploited a zero-day vulnerability, tr ...

Pierluigi Paganini August 27, 2024
Cyber Crime

RESEARCHERS UNMASKED THE NOTORIOUS THREAT ACTOR USDOD

CrowdStrike researchers have identified the notorious hacker USDoD who is behind
several high-profile data leaks. The notorious hacker USDoD (aka EquationCorp),
who is known for high-profile data ...

Pierluigi Paganini August 27, 2024
Digital ID

THE DUTCH DATA PROTECTION AUTHORITY (DPA) HAS FINED UBER A RECORD €290M

The Dutch Data Protection Authority (DPA) has fined Uber a record €290M for
violating the EU data protection regulation while sending sensitive driver data
to the U.S. The Dutch Data Protection ...

Pierluigi Paganini August 27, 2024
Hacking

GOOGLE ADDRESSED THE TENTH ACTIVELY EXPLOITED CHROME ZERO-DAY THIS YEAR

Google released emergency security updates to fix the tenth actively exploited
Chrome zero-day vulnerability this year. Google released a security update to
address a new Chrome zero-day vulnerabi ...

Pierluigi Paganini August 26, 2024
Security

SONICWALL ADDRESSED AN IMPROPER ACCESS CONTROL ISSUE IN ITS FIREWALLS

SonicWall addressed a critical flaw in its firewalls that could allow attackers
to achieve unauthorized access to the devices. SonicWall has released security
updates to address a critical vulnera ...

Pierluigi Paganini August 26, 2024
Hacking

A CYBERATTACK IMPACTED OPERATIONS AT THE PORT OF SEATTLE AND SEA-TAC AIRPORT

A cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma
International Airport, websites and phone systems were impacted. Media reported
that the Port of Seattle, which also ...

Pierluigi Paganini August 26, 2024
Malware

LINUX MALWARE SEDEXP USES UDEV RULES FOR PERSISTENCE AND EVASION

Researchers spotted a new stealthy Linux malware named sedexp that uses Linux
udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions
spotted a new malware family, called se ...

Pierluigi Paganini August 26, 2024
Cyber Crime

FRANCE POLICE ARRESTED TELEGRAM CEO PAVEL DUROV

French police arrested Pavel Durov, founder and chief executive of Telegram,
due to the lack of content moderation that advantaged criminal activity. Pavel
Durov, the founder and CEO of Teleg ...

Pierluigi Paganini August 25, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 8

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Meet UULoader: An
Emerging and Evasive Malicious Installer ...

Pierluigi Paganini August 25, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 486 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini August 25, 2024
Hacking

U.S. CISA ADDS VERSA DIRECTOR BUG TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Versa Director
bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and
Infrastructure Security Agency (CISA ...

Pierluigi Paganini August 25, 2024
Hacking

HACKERS CAN TAKE OVER ECOVACS HOME ROBOTS TO SPY ON THEIR OWNERS

Recently, researchers warned vacuum and lawn mower robots made by Ecovacs could
be hacked to spy on their owners, the company will fix it. During the recent Def
Con hacking conference, security r ...

Pierluigi Paganini August 24, 2024
Cyber Crime

RUSSIAN NATIONAL ARRESTED IN ARGENTINA FOR LAUNDERING MONEY OF CROOKS AND
LAZARUS APT

A Russian national was arrested in Argentina for laundering proceeds from
illicit actors, including North Korea-linked Lazarus Group. This week, the
Argentine Federal Police (PFA) arrested a Russi ...

Pierluigi Paganini August 24, 2024
Cyber Crime

QILIN RANSOMWARE STEALS CREDENTIALS STORED IN GOOGLE CHROME

Sophos researchers investigated a Qilin ransomware breach attack that led to the
theft of credentials stored in Google Chrome browsers. Sophos researchers
investigated a Qilin ransomware attack wh ...

Pierluigi Paganini August 23, 2024
Cyber Crime

PHISHING ATTACKS TARGET MOBILE USERS VIA PROGRESSIVE WEB APPLICATIONS (PWA)

Cybercriminals use progressive web applications (PWA) to impersonate banking
apps and steal credentials from mobile users. ESET researchers detailed a
phishing campaign against mobile users that ...

Pierluigi Paganini August 23, 2024
Uncategorized

MEMBER OF CYBERCRIME GROUP KARAKURT CHARGED IN THE US

The Russian national Deniss Zolotarjovs has been charged in a U.S. court for his
role in the Karakurt cybercrime gang. Deniss Zolotarjovs (33), a Russian
cybercriminal, has been charged in a U.S. ...

Pierluigi Paganini August 23, 2024
Malware

NEW MALWARE CTHULHU STEALER TARGETS APPLE MACOS USERS

Cato Security found a new info stealer, called Cthulhu Stealer, that targets
Apple macOS and steals a wide range of information. Cado Security researchers
have discovered a malware-as-a-service (M ...

Pierluigi Paganini August 23, 2024
APT

CHINA-LINKED APT VELVET ANT EXPLOITED ZERO-DAY TO COMPROMISE CISCO SWITCHES

China-linked APT group Velvet Ant exploited a recently disclosed zero-day in
Cisco switches to take over the network appliance. Researchers at cybersecurity
firm Sygnia reported that the China-lin ...

Pierluigi Paganini August 23, 2024
Hacking

A CYBERATTACK HIT US OIL GIANT HALLIBURTON

US oil giant Halliburton announced that it was hit by a cyberattack that is
affecting operations at its Houston, Texas offices. Halliburton, a major U.S.
oil company, announced that a cyberattack ...

Pierluigi Paganini August 22, 2024
Hacking

U.S. CISA ADDS DAHUA IP CAMERA, LINUX KERNEL AND MICROSOFT EXCHANGE SERVER BUGS
TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dahua IP
Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cybersec ...

Pierluigi Paganini August 22, 2024
Hacking

SOLARWINDS FIXED A HARDCODED CREDENTIAL ISSUE IN WEB HELP DESK

SolarWinds fixed a hardcoded credential flaw in its Web Help Desk (WHD) software
that could allow attackers to gain unauthorized access to vulnerable instances.
SolarWinds has addressed a new secu ...

Pierluigi Paganini August 22, 2024
Hacking

A CYBERATTACK DISRUPTED OPERATIONS OF US CHIPMAKER MICROCHIP TECHNOLOGY

Semiconductor manufacturer Microchip Technology announced that its operations
were disrupted by a cyberattack. U.S. chipmaker Microchip Technology suffered a
cyberattack that disrupted operations ...

Pierluigi Paganini August 22, 2024
Hacking

GOOGLE ADDRESSED THE NINTH ACTIVELY EXPLOITED CHROME ZERO-DAY THIS YEAR

Google released emergency security updates to fix the ninth actively exploited
Chrome zero-day vulnerability this year. Google released an emergency security
update to address a Chrome zero- ...

Pierluigi Paganini August 22, 2024
Security

GITHUB FIXED A NEW CRITICAL FLAW IN THE GITHUB ENTERPRISE SERVER 

GitHub addressed three vulnerabilities in its GitHub Enterprise Server product,
including a critical authentication flaw. GitHub addressed three security
vulnerabilities impacting the GitHub Enter ...

Pierluigi Paganini August 22, 2024
Security

EXPERTS DISCLOSED A CRITICAL INFORMATION-DISCLOSURE FLAW IN MICROSOFT COPILOT
STUDIO

Researchers have disclosed a critical security vulnerability in Microsoft's
Copilot Studio that could lead to the exposure of sensitive information.
Researchers disclosed a critical security vulne ...

Pierluigi Paganini August 21, 2024
Malware

NORTH KOREA-LINKED APT USED A NEW RAT CALLED MOONPEAK

North Korea-linked APT Kimsuky is likely behind a new remote access trojan
called MoonPeak used in a recent campaign spotted by Cisco Talos. Cisco Talos
researchers uncovered the infrastructure us ...

Pierluigi Paganini August 21, 2024
APT

PRO-RUSSIA GROUP VERMIN TARGETS UKRAINE WITH A NEW MALWARE FAMILY

The Computer Emergency Response Team of Ukraine (CERT-UA) warned of new phishing
attacks, carried out by the Vermin group, distributing a malware. The Computer
Emergency Response Team of Ukraine ...

Pierluigi Paganini August 21, 2024
Hacking

A BACKDOOR IN MILLIONS OF SHANGHAI FUDAN MICROELECTRONICS RFID CARDS ALLOWS
CLONING

A flaw in millions of RFID cards manufactured by Shanghai Fudan Microelectronics
allows these contactless cards to be cloned instantly. Researchers from security
firm Quarkslab discovered a backdo ...

Pierluigi Paganini August 21, 2024
Malware

RANSOMWARE PAYMENTS ROSE FROM $449.1 MILLION TO $459.8 MILLION

Blockchain analysis firm Chainalysis revealed that ransomware payments rose by
approximately 2%, from $449.1 million to $459.8 million. Blockchain analysis
firm Chainalysis revealed that while ove ...

Pierluigi Paganini August 20, 2024
Malware

PREVIOUSLY UNSEEN MSUPEDGE BACKDOOR TARGETED A UNIVERSITY IN TAIWAN

Experts spotted a previously undetected backdoor, dubbed Msupedge, that was
employed in an attack against a university in Taiwan.  Broadcom Symantec
researchers discovered a previously undetected ...

Pierluigi Paganini August 20, 2024
Hacking

ORACLE NETSUITE MISCONFIGURATION COULD LEAD TO DATA EXPOSURE

Researchers discovered thousands of Oracle NetSuite e-stores that are vulnerable
to data leak, sensitive customer information is at risk. Cybersecurity
researchers from AppOmni warn of a potential ...

Pierluigi Paganini August 20, 2024
Data Breach

TOYOTA DISCLOSED A DATA BREACH AFTER ZEROSEVENGROUP LEAKED STOLEN DATA ON A
CYBERCRIME FORUM

Toyota has confirmed a data breach after a threat actor leaked 240GB of data
stolen from its infrastructure on a cybercrime forum. Toyota disclosed a data
breach after a threat actor leaked an arc ...

Pierluigi Paganini August 20, 2024
Hacking

CISA ADDS JENKINS COMMAND LINE INTERFACE (CLI) BUG TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Jenkins
Command Line Interface (CLI) bug to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructu ...

Pierluigi Paganini August 19, 2024
Cyber Crime

RESEARCHERS UNCOVERED NEW INFRASTRUCTURE LINKED TO THE CYBERCRIME GROUP FIN7

Team Cymru, Silent Push and Stark Industries Solutions researchers uncovered a
new infrastructure linked to the cybercrime group FIN7. Researchers from Team
Cymru identified two clusters potential ...

Pierluigi Paganini August 19, 2024
Hacking

EXPERTS WARN OF EXPLOIT ATTEMPT FOR IVANTI VTM BUG

Researchers at the Shadowserver Foundation observed an exploit attempt based on
the public PoC for Ivanti vTM bug CVE-2024-7593. Researchers at the Shadowserver
Foundation observed an exploit att ...

Pierluigi Paganini August 19, 2024
APT

MICROSOFT ZERO-DAY CVE-2024-38193 WAS EXPLOITED BY NORTH KOREA-LINKED LAZARUS
APT

Microsoft addressed a zero-day vulnerability actively exploited by the
North-Korea-linked Lazarus APT group. Microsoft has addressed a zero-day
vulnerability, tracked as CVE-2024-38193 (CVSS sco ...

Pierluigi Paganini August 19, 2024
Malware

THE MAD LIBERATOR RANSOMWARE GROUP USES SOCIAL-ENGINEERING TECHNIQUES

New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake
Microsoft Windows update screen to conceal data exfiltrating. The Sophos X-Ops
Incident Response team warned that a n ...

Pierluigi Paganini August 19, 2024
Hacking

FROM 2018: DEEPMASTERPRINTS: DECEIVE FINGERPRINT RECOGNITION SYSTEMS WITH
MASTERPRINTS GENERATED WITH GANS

Boffins demonstrated the vulnerability of fingerprint recognition systems to
dictionary attacks using 'MasterPrints, 'which are fingerprints that can match
multiple other prints. A team of researc ...

Pierluigi Paganini August 18, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Deciphering the Brain
Cipher Ransomware   Ideal ...

Pierluigi Paganini August 18, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 485 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini August 18, 2024
Cyber Crime

LARGE-SCALE EXTORTION CAMPAIGN TARGETS PUBLICLY ACCESSIBLE ENVIRONMENT VARIABLE
FILES (.ENV)

A large-scale extortion campaign compromised multiple organizations by
exploiting publicly accessible environment variable files (.env). Palo Alto Unit
42 researchers uncovered a large-scale extor ...

Pierluigi Paganini August 18, 2024
Intelligence

OPENAI DISMANTLED AN IRANIAN INFLUENCE OPERATION TARGETING THE U.S. PRESIDENTIAL
ELECTION

OpenAI announced it had dismantled an Iranian influence operation that was
producing content related to the U.S. Presidential election. OpenAI has
dismantled an Iran-linked influence operation, tr ...

Pierluigi Paganini August 17, 2024
Data Breach

NATIONAL PUBLIC DATA CONFIRMS A DATA BREACH

Background check service National Public Data confirms a data breach that
exploded millions of social security numbers and other sensitive information. 
Background check service National Public D ...

Pierluigi Paganini August 17, 2024
Security

CISA ADDS SOLARWINDS WEB HELP DESK BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a SolarWinds
Web Help Desk bug to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security ...

Pierluigi Paganini August 16, 2024
Deep Web

RUSSIAN NATIONAL SENTENCED TO 40 MONTHS FOR SELLING STOLEN DATA ON THE DARK WEB

A Russian national was sentenced to over three years in prison for selling
stolen information and credentials on a dark web marketplace. The 27-year-old
Russian national Georgy Kavzharadze (also k ...

Pierluigi Paganini August 16, 2024
Malware

BANSHEE STEALER, A NEW MACOS MALWARE WITH A MONTHLY SUBSCRIPTION PRICE OF $3,000

Russian cybercriminals are advertising a new macOS malware called Banshee
Stealer with a monthly subscription price of $3,000. In August 2024, Russian
crooks advertised a macOS malware called BANS ...

Pierluigi Paganini August 16, 2024
Security

MILLIONS OF PIXEL DEVICES CAN BE HACKED DUE TO A PRE-INSTALLED VULNERABLE APP

Many Google Pixel devices shipped since September 2017 have included a
vulnerable app that could be exploited for malicious purposes. Many Google Pixel
devices shipped since September 2017 have i ...

Pierluigi Paganini August 16, 2024
Hacking

MICROSOFT URGES CUSTOMERS TO FIX ZERO-CLICK WINDOWS RCE IN THE TCP/IP STACK

Microsoft addressed a critical zero-click Windows remote code execution (RCE) in
the TCP/IP stack that impacts all systems with IPv6 enabled. Microsoft urges
customers to fix a critical TCP/IP rem ...

Pierluigi Paganini August 16, 2024
Cyber Crime

A GROUP LINKED TO RANSOMHUB OPERATION EMPLOYS EDR-KILLING TOOL EDRKILLSHIFTER

A cybercrime group linked to the RansomHub ransomware was spotted using a new
tool designed to kill EDR software. Sophos reports that a cybercrime group,
likely linked to the RansomHub ransomware ...

Pierluigi Paganini August 15, 2024
Security

GOOGLE DISRUPTED HACKING CAMPAIGNS CARRIED OUT BY IRAN-LINKED APT42

Google disrupted a hacking campaign carried out by the Iran-linked APT group
APT42 targeting the US presidential election. Google announced that it disrupted
a hacking campaign carried out by Iran ...

Pierluigi Paganini August 15, 2024
Cyber Crime

BLACK BASTA RANSOMWARE GANG LINKED TO A SYSTEMBC MALWARE CAMPAIGN

Experts linked an ongoing social engineering campaign, aimed at deploying the
malware SystemBC, to the Black Basta ransomware group. Rapid7 researchers
uncovered a new social engineering campaign ...

Pierluigi Paganini August 15, 2024
Hacking

A MASSIVE CYBER ATTACK HIT CENTRAL BANK OF IRAN AND OTHER IRANIAN BANKS

Iranian news outlet reported that a major cyber attack targeted the Central Bank
of Iran (CBI) and several other banks causing disruptions. Iran International
reported that a massive cyber attack ...

Pierluigi Paganini August 15, 2024
APT

CHINA-LINKED APT EARTH BAKU TARGETS EUROPE, THE MIDDLE EAST, AND AFRICA

China-linked threat actor Earth Baku expanded its operations in Europe, the
Middle East, and Africa starting in late 2022. China-linked APT group Earth Baku
(a threat actor associated with APT41) ...

Pierluigi Paganini August 14, 2024
Security

SOLARWINDS ADDRESSED A CRITICAL RCE IN ALL WEB HELP DESK VERSIONS

SolarWinds addressed a critical remote code execution vulnerability in its Web
Help Desk solution for customer support. SolarWinds fixed a critical
vulnerability, tracked as CVE-2024-289 ...

Pierluigi Paganini August 14, 2024
Data Breach

KOOTENAI HEALTH DATA BREACH IMPACTED 464,000 PATIENTS

Kootenai Health suffered a data breach impacting over 464,000 patients following
a 3AM ransomware attack. Kootenai Health disclosed a data breach impacting over
464,088 patients following the leak ...

Pierluigi Paganini August 14, 2024
Security

MICROSOFT PATCH TUESDAY SECURITY UPDATES FOR AUGUST 2024 ADDRESSED SIX ACTIVELY
EXPLOITED BUGS

Microsoft's August 2024 Patch Tuesday addressed 90 vulnerabilities, including
six that are actively exploited. Patch Tuesday security updates for August 2024
addressed 90 vulnerabilities in Micros ...

Pierluigi Paganini August 14, 2024
Hacking

A POC EXPLOIT CODE IS AVAILABLE FOR CRITICAL IVANTI VTM BUG

Ivanti warned of a critical authentication bypass flaw in its Virtual Traffic
Manager (vTM) appliances that can allow attackers to create rogue administrator
accounts. Ivanti addressed a critical ...

Pierluigi Paganini August 13, 2024
Hacking

ELON MUSK CLAIMS THAT A DDOS ATTACK CAUSED PROBLEMS WITH THE LIVESTREAM
INTERVIEW WITH DONALD TRUMP

Elon Musk claims that the livestream interview with Donald Trump on the X social
media platform was impacted by a cyberattack. Elon Musk claims that a massive
DDoS attack caused problems with the ...

Pierluigi Paganini August 13, 2024
APT

CERT-UA WARNS OF A PHISHING CAMPAIGN TARGETING GOVERNMENT ENTITIES

CERT-UA warned that Russia-linked actor is impersonating the Security Service of
Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer
Emergency Response Team of Ukrain ...

Pierluigi Paganini August 13, 2024
Intelligence

US DOJ DISMANTLED REMOTE IT WORKER FRAUD SCHEMES RUN BY NORTH KOREA

The U.S. DoJ arrested a Tennessee man for running a "laptop farm" that enabled
North Korea-linked IT workers to obtain remote jobs with American companies. The
U.S. Justice Department arrested Mat ...

Pierluigi Paganini August 13, 2024
Security

A FREEBSD FLAW COULD ALLOW REMOTE CODE EXECUTION, PATCH IT NOW!

FreeBSD Project maintainers addressed a high-severity flaw in OpenSSH that could
allow remote code execution with elevated privileges. The maintainers of the
FreeBSD Project have released urgent s ...

Pierluigi Paganini August 12, 2024
APT

EASTWIND CAMPAIGN TARGETS RUSSIAN ORGANIZATIONS WITH SOPHISTICATED BACKDOORS

A campaign tracked as EastWind is targeting Russian government and IT
organizations with PlugY and GrewApacha Backdoors. In late July 2024, Kaspersky
researchers detected a series of targeted cybe ...

Pierluigi Paganini August 12, 2024
Hacking

MICROSOFT FOUND OPENVPN BUGS THAT CAN BE CHAINED TO ACHIEVE RCE AND LPE

Microsoft found four bugs in OpenVPN that could be chained to achieve remote
code execution and local privilege escalation. During the Black Hat USA 2024
conference, Microsoft researchers disclose ...

Pierluigi Paganini August 12, 2024
Cyber warfare

FOREIGN NATION-STATE ACTORS HACKED DONALD TRUMP’S CAMPAIGN

Donald Trump's campaign reported that its emails were hacked by "foreign sources
hostile to the United States." Donald Trump's presidential campaign announced it
was hacked, a spokesman attributes ...

Pierluigi Paganini August 11, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Surge in Magniber
ransomware attacks impact home users worldw ...

Pierluigi Paganini August 11, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 484 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini August 11, 2024
Cyber Crime

ADT DISCLOSED A DATA BREACH THAT IMPACTED MORE THAN 30,000 CUSTOMERS

Physical security firm ADT disclosed a data breach, threat actors stole
information from 30,000 customers and leaked it. ADT is a provider of alarm and
physical security systems, it employs more t ...

Pierluigi Paganini August 11, 2024
Cyber Crime

IS THE INC RANSOMWARE GANG BEHIND THE ATTACK ON MCLAREN HOSPITALS?

A INC Ransom ransomware attack this week disrupted IT and phone systems at
McLaren Health Care hospitals. On Tuesday, an INC Ransom ransomware attack hit
the McLaren Health Care hospitals and disr ...

Pierluigi Paganini August 10, 2024
Cyber Crime

CROOKS TOOK CONTROL OF A COW MILKING ROBOT CAUSING THE DEATH OF A COW

Crooks took control of a cow milking robot and demanded a ransom from a farmer
who refused to pay it, resulting in the death of a cow. An extortion attempt had
a tragic outcome, cybercriminals too ...

Pierluigi Paganini August 10, 2024
Hacking

SONOS SMART SPEAKERS FLAW ALLOWED TO EAVESDROP ON USERS

NCC Group discovered vulnerabilities in Sonos smart speakers, including a flaw
that could have allowed to eavesdrop on users. Researchers from NCC Group have
discovered multiple vulnerabilities in ...

Pierluigi Paganini August 10, 2024
Uncategorized

FIVE ZERO-DAYS IMPACTS EOL CISCO SMALL BUSINESS IP PHONES. REPLACE THEM WITH
NEWER MODELS ASAP!

Cisco warns of critical remote code execution zero-day vulnerabilities impacting
end-of-life Small Business SPA 300 and SPA 500 series IP phones. Cisco warns of
multiple critical remote code execu ...

Pierluigi Paganini August 09, 2024
Hacking

CISA ADDS APACHE OFBIZ AND ANDROID KERNEL BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz
and Android kernel bugs to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Sec ...

Pierluigi Paganini August 09, 2024
Intelligence

RUSSIAN CYBER SPIES STOLE DATA AND EMAILS FROM UK GOVERNMENT SYSTEMS

Earlier this year, Russian cyber spies breached UK government systems and stole
sensitive data and emails, reported The Record media. Earlier this year,
Russia’s foreign intelligence service sto ...

Pierluigi Paganini August 09, 2024
Hacking

0.0.0.0 DAY FLAW ALLOWS MALICIOUS WEBSITES TO BYPASS SECURITY IN MAJOR BROWSERS

An 18-year-old bug, dubbed "0.0.0.0 Day," allows malicious websites to bypass
security in Chrome, Firefox, and Safari to breach local networks. Oligo
Security's research team warns of an 18-year ...

Pierluigi Paganini August 08, 2024
Hacking

FBI AND CISA UPDATE A JOINT ADVISORY ON THE BLACKSUIT RANSOMWARE GROUP

FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the
document provides TTPs and IOCs as recently as July 2024. CISA, in collaboration
with the FBI, has published a joint ...

Pierluigi Paganini August 08, 2024
Cyber Crime

RHYSIDA RANSOMWARE GROUP CLAIMS TO HAVE BREACHED BAYHEALTH HOSPITAL IN DELAWARE

The Rhysida Ransomware group claims to have breached Bayhealth Hospital in
Delaware and offers alleged stolen data for 25 BTC. Bayhealth Hospital is a
technologically advanced not-for-profit healt ...

Pierluigi Paganini August 08, 2024
Hacking

CRITICAL XSS BUG IN ROUNDCUBE WEBMAIL ALLOWS ATTACKERS TO STEAL EMAILS AND
SENSITIVE DATA

Researchers warn of flaws in the Roundcube webmail software that could be
exploited to steal sensitive information from target accounts. Sonar’s
Vulnerability Research Team discovered a critical ...

Pierluigi Paganini August 07, 2024
Malware

NEW ANDROID SPYWARE LIANSPY RELIES ON YANDEX CLOUD TO AVOID DETECTION

A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian
users since at least 2021. In March 2024, cybersecurity researchers from
Kaspersky discovered previously unknown An ...

Pierluigi Paganini August 07, 2024
Hacking

HACKERS BREACHED MDM FIRM MOBILE GUARDIAN AND WIPED THOUSANDS OF DEVICES

Threat actors breached the UK-based mobile device management (MDM) firm Mobile
Guardian and remotely wiped thousands of devices. Hackers breached the mobile
device management (MDM) firm Mobile Gu ...

Pierluigi Paganini August 07, 2024
Cyber Crime

A RANSOMWARE ATTACK HIT FRENCH MUSEUM NETWORK

The Réunion des Musées Nationaux network, including Paris' Grand Palais and
other museums, was hit by a ransomware attack. A ransomware attack hit the
Réunion des Musées Nationaux network, inc ...

Pierluigi Paganini August 06, 2024
Security

CISA ADDS MICROSOFT COM FOR WINDOWS BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft
COM for Windows bug to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security ...

Pierluigi Paganini August 06, 2024
Breaking News

GOOGLE WARNS OF AN ACTIVELY EXPLOITED ANDROID KERNEL FLAW

Google addressed an actively exploited high-severity vulnerability, tracked as
CVE-2024-36971, impacting the Android kernel. Google fixed a high-severity flaw,
tracked as CVE-2024-36971, impacting ...

Pierluigi Paganini August 06, 2024
Uncategorized

SHOULD ORGANIZATIONS PAY RANSOM DEMANDS?

Ransomware attacks are the most significant risk for modern organizations, why
organizations should avoid paying ransoms. Ransomware attacks are the most
significant risk for modern organizations, ...

Pierluigi Paganini August 06, 2024
APT

NORTH KOREA-LINKED HACKERS TARGET CONSTRUCTION AND MACHINERY SECTORS WITH
WATERING HOLE AND SUPPLY CHAIN ATTACKS

South Korea's National Cyber Security Center (NCSC) reported that North
Korea-linked hackers hijacked VPN software updates to deploy malware. South
Korea's national security and intelligence agenc ...

Pierluigi Paganini August 06, 2024
Hacking

RESEARCHERS WARN OF A NEW CRITICAL APACHE OFBIZ FLAW

Researchers urge organizations using Apache OFBiz to address a critical bug,
following reports of active exploitation of another flaw. Experts urge
organizations to address a new critical vulnerab ...

Pierluigi Paganini August 05, 2024
Data Breach

KEYTRONIC INCURRED APPROXIMATELY $17 MILLION OF EXPENSES FOLLOWING RANSOMWARE
ATTACK

Printed circuit board assembly (PCBA) manufacturer Keytronic reported that a
recent ransomware attack led to expenses and lost revenue exceeding $17 million.
In June, Keytronic disclosed a data br ...

Pierluigi Paganini August 05, 2024
ICS-SCADA

A FLAW IN ROCKWELL AUTOMATION CONTROLLOGIX 1756 COULD EXPOSE CRITICAL CONTROL
SYSTEMS TO UNAUTHORIZED ACCESS

A security bypass bug in Rockwell Automation ControlLogix 1756 devices could
allow unauthorized access to vulnerable devices. A high-severity security bypass
vulnerability, tracked as CVE-2024-624 ...

Pierluigi Paganini August 05, 2024
Breaking News

CHINA-LINKED APT41 BREACHED TAIWANESE RESEARCH INSTITUTE

China-linked group APT41 breached a Taiwanese government-affiliated research
institute using ShadowPad and Cobalt Strike. Cisco Talos researchers reported
that the China-linked group compromised a ...

Pierluigi Paganini August 05, 2024
APT

CHINESE STORMBAMBOO APT COMPROMISED ISP TO DELIVER MALWARE

A China-linked APT, tracked as StormBamboo, compromised an internet service
provider (ISP) to poison software update mechanisms with malware. Volexity
researchers reported that a China-linked AP ...

Pierluigi Paganini August 04, 2024
Data Breach

HACKERS ATTEMPT TO SELL THE PERSONAL DATA OF 3 BILLION PEOPLE RESULTING FROM AN
APRIL DATA BREACH

Jerico Pictures Inc., operating as National Public Data, exposed the personal
information of nearly 3 billion individuals in an April data breach. A proposed
class action claims that Jerico Pictur ...

Pierluigi Paganini August 04, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER - ROUND 5

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Unplugging PlugX:
Sinkholing the PlugX USB worm botnet & ...

Pierluigi Paganini August 04, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 483 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini August 04, 2024
Laws and regulations

US SUED TIKTOK AND BYTEDANCE FOR VIOLATING CHILDREN’S PRIVACY LAWS

The U.S. Department of Justice has sued TikTok and its parent company,
ByteDance, for extensive violations of children's privacy laws. The Justice
Department and the Federal Trade Commission (FTC) ...

Pierluigi Paganini August 03, 2024
APT

RUSSIA-LINKED APT USED A CAR FOR SALE AS A PHISHING LURE TO TARGET DIPLOMATS
WITH HEADLACE MALWARE

A Russia-linked APT used a car for sale as a phishing lure to deliver a modular
Windows backdoor called HeadLace. Palo Alto researchers reported that a
Russia-linked threat actor known as Fightin ...

Pierluigi Paganini August 03, 2024
Security

INVESTORS SUED CROWDSTRIKE OVER FALSE CLAIMS ABOUT ITS FALCON PLATFORM

Investors have sued CrowdStrike because the cybersecurity firm made false claims
about its Falcon platform. Investors have sued CrowdStrike because the company
made false and misleading claims on ...

Pierluigi Paganini August 02, 2024
Hacking

AVTECH CAMERA VULNERABILITY ACTIVELY EXPLOITED IN THE WILD, CISA WARNS

CISA warned that an Avtech camera vulnerability, which is still unpatched, is
being actively exploited in the wild. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) published an ad ...

Pierluigi Paganini August 02, 2024
Uncategorized

U.S. RELEASED RUSSIAN CYBERCRIMINALS IN DIPLOMATIC PRISONER EXCHANGE

Today, 24 prisoners were released in an international swap between Russia and
Western countries, including convicted  Russian cybercriminals. In the recent
international prisoner swap two not ...

Pierluigi Paganini August 02, 2024
Hacking

SITTING DUCKS ATTACK TECHNIQUE EXPOSES OVER A MILLION DOMAINS TO HIJACKING

Researchers warn of an attack vector in the DNS, called the Sitting Ducks, that
exposes over a million domains to hackers' takeover. Researchers from Eclypsium
and Infoblox have identified an att ...

Pierluigi Paganini August 02, 2024
Hacking

OVER 20,000 INTERNET-EXPOSED VMWARE ESXI INSTANCES VULNERABLE TO CVE-2024-37085

Shadowserver researchers reported that over 20,000 internet-exposed VMware ESXi
instances are affected by the actively exploited flaw CVE-2024-37085.
Researchers at the Shadowserver Foundation rep ...

Pierluigi Paganini August 01, 2024
Malware

BINGOMOD ANDROID RAT STEALS MONEY FROM VICTIMS' BANK ACCOUNTS AND WIPES DATA

BingoMod is a new Android malware that can wipe devices after stealing money
from the victims' bank accounts. Researchers at Cleafy discovered a new Android
malware, called 'BingoMod,' that can w ...

Pierluigi Paganini August 01, 2024
Cyber Crime

A RANSOMWARE ATTACK DISRUPTED OPERATIONS AT ONEBLOOD BLOOD BANK

OneBlood, a non-profit blood bank serving over 300 U.S. hospitals, suffered a
ransomware attack that disrupted its medical operations. OneBlood is a
non-profit organization that provides blood and ...

Pierluigi Paganini July 31, 2024
Mobile

APPLE FIXED DOZENS OF VULNERABILITIES IN IOS AND MACOS

Apple has issued security updates to address multiple vulnerabilities across
iOS, macOS, tvOS, visionOS, watchOS, and Safari. Apple released security updates
to address multiple vulnerabilities in ...

Pierluigi Paganini July 31, 2024
Cyber Crime

PHISHING CAMPAIGNS TARGET SMBS IN POLAND, ROMANIA, AND ITALY WITH MULTIPLE
MALWARE FAMILIES

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to
deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET
researchers observed multiple phishi ...

Pierluigi Paganini July 31, 2024
Uncategorized

A FORTUNE 50 COMPANY PAID A RECORD-BREAKING $75 MILLION RANSOM

Zscaler researchers revealed that a company paid a record-breaking $75 million
ransom to the Dark Angels ransomware group. Zscaler discovered a record-breaking
ransom payment of US$75 million made ...

Pierluigi Paganini July 31, 2024
Security

CISA ADDS VMWARE ESXI BUG TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a VMware ESXi
bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and
Infrastructure Security Agency (CISA) ...

Pierluigi Paganini July 30, 2024
Mobile

MANDRAKE ANDROID SPYWARE FOUND IN FIVE APPS IN GOOGLE PLAY WITH OVER 32,000
DOWNLOADS SINCE 2022

A new version of the Mandrake Android spyware has been found in five apps on
Google Play, which have been downloaded over 32,000 times since 2022.
Researchers from Kaspersky discovered a new vers ...

Pierluigi Paganini July 30, 2024
Breaking News

SIDEWINDER PHISHING CAMPAIGN TARGETS MARITIME FACILITIES IN MULTIPLE COUNTRIES

The APT group SideWinder launched a new espionage campaign targeting ports and
maritime facilities in the Indian Ocean and Mediterranean Sea. SideWinder (also
known as Razor Tiger, Rattlesnake, an ...

Pierluigi Paganini July 30, 2024
Hacking

A CRAFTY PHISHING CAMPAIGN TARGETS MICROSOFT ONEDRIVE USERS

Researchers detected a sophisticated phishing campaign targeting Microsoft
OneDrive users to trick them into executing a PowerShell script. Over the past
few weeks, the Trellix Advanced Research ...

Pierluigi Paganini July 30, 2024
Cyber Crime

RANSOMWARE GANGS EXPLOIT RECENTLY PATCHED VMWARE ESXI BUG CVE-2024-37085

Microsoft warns that ransomware gangs are exploiting the recently patched
CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that
multiple ransomware gangs are exploiting the re ...

Pierluigi Paganini July 29, 2024
Hacking

ACRONIS CYBER INFRASTRUCTURE BUG ACTIVELY EXPLOITED IN THE WILD

Acronis warns of a critical vulnerability in its Acronis Cyber Infrastructure
(ACI) solution that is being actively exploited in the wild. Acronis is warning
of a critical vulnerability, tracked ...

Pierluigi Paganini July 29, 2024
Hacking

FAKE FALCON CRASH REPORTER INSTALLER USED TO TARGET GERMAN CROWDSTRIKE USERS

CrowdStrike warns about a new threat actor targeting German customers by
exploiting a recent issue with Falcon Sensor updates. On July 24, 2024,
CrowdStrike experts identified a spear-phishing ca ...

Pierluigi Paganini July 29, 2024
Intelligence

BELARUS-LINKED APT GHOSTWRITER TARGETED UKRAINE WITH PICASSOLOADER MALWARE

Belarus-linked APT group GhostWriter targeted Ukrainian organizations with a
malware family known as PicassoLoader, used to deliver various malicious
payloads. The Ukrainian Government's Computer ...

Pierluigi Paganini July 29, 2024
Cyber Crime

FRENCH AUTHORITIES LAUNCH DISINFECTION OPERATION TO ERADICATE PLUGX MALWARE FROM
INFECTED HOSTS

French authorities and Europol are conducting a "disinfection operation"
targeting hosts compromised by the PlugX malware. The French authorities, with
the help of Europol, have launched on July ...

Pierluigi Paganini July 28, 2024
Breaking News

SECURITY AFFAIRS MALWARE NEWSLETTER - ROUND 4

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Play Ransomware Group’s
New Linux Variant Targets ESXi, Sho ...

Pierluigi Paganini July 28, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 482 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini July 28, 2024
Cyber warfare

UKRAINE'S CYBER OPERATION SHUT DOWN THE ATM SERVICES OF MAJOR RUSSIAN BANKS

Ukraine launched a massive cyber operation that shut down the ATM services of
the biggest Russian banks on July 27, reported the Kyiv Post. Ukraine has
launched a massive cyberattack against ATMs ...

Pierluigi Paganini July 27, 2024
Security

A BUG IN CHROME PASSWORD MANAGER CAUSED USER CREDENTIALS TO DISAPPEAR

Google addressed a Chrome's Password Manager bug that caused user credentials to
disappear temporarily for more than 18 hours. Google has addressed a bug in
Chrome's Password Manager that caused u ...

Pierluigi Paganini July 26, 2024
Security

BIND UPDATES FIX FOUR HIGH-SEVERITY DOS BUGS IN THE DNS SOFTWARE SUITE

The Internet Systems Consortium (ISC) released BIND security updates that fixed
several remotely exploitable DoS bugs in the DNS software suite. The Internet
Systems Consortium (ISC) released secu ...

Pierluigi Paganini July 26, 2024
Breaking News

TERRORIST ACTIVITY IS ACCELERATING IN CYBERSPACE - RISK PRECURSOR TO SUMMER
OLYMPICS AND ELECTIONS

Terrorist groups are increasingly using cyberspace and digital communication
channels to plan and execute attacks. Yesterday Federal Bureau of Investigation
(FBI) Director Christopher Wray express ...

Pierluigi Paganini July 26, 2024
Security

PROGRESS SOFTWARE FIXED CRITICAL RCE CVE-2024-6327 IN THE TELERIK REPORT SERVER

Progress Software addressed a critical remote code execution vulnerability,
tracked as CVE-2024-6327, in the Telerik Report Server. Telerik Report Server is
a web-based application designed for c ...

Pierluigi Paganini July 25, 2024
Hacking

CRITICAL BUG IN DOCKER ENGINE ALLOWED ATTACKERS TO BYPASS AUTHORIZATION PLUGINS

A critical flaw in some versions of Docker Engine can be exploited to bypass
authorization plugins (AuthZ) under specific circumstances. A vulnerability,
tracked as CVE-2024-41110 (CVSS score ...

Pierluigi Paganini July 25, 2024
Security

HACKERS EXPLOIT MICROSOFT DEFENDER SMARTSCREEN BUG CVE-2024-21412 TO DELIVER
ACR, LUMMA, AND MEDUZA STEALERS

The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited
to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet
FortiGuard Labs researchers obse ...

Pierluigi Paganini July 25, 2024
Cyber Crime

MICHIGAN MEDICINE DATA BREACH IMPACTED 56953 PATIENTS

A cyber attack against Michigan Medicine resulted in the compromise of the
personal and health information of approximately 57,000 patients. The academic
medical center of the University of Michig ...

Pierluigi Paganini July 25, 2024
Breaking News

U.S. CISA ADDS MICROSOFT INTERNET EXPLORER AND TWILIO AUTHY BUGS TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft
Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Infra ...

Pierluigi Paganini July 24, 2024
APT

CHINA-LINKED APT GROUP USES NEW MACMA MACOS BACKDOOR VERSION

China-linked APT group Daggerfly (aka Evasive Panda, Bronze Highland) Evasive
Panda has been spotted using an updated version of the macOS backdoor Macma. The
China-linked APT group Daggerfly (a ...

Pierluigi Paganini July 24, 2024
Malware

FROSTYGOOP ICS MALWARE TARGETS UKRAINE

In April 2024, Dragos researchers spotted the malware FrostyGoop that interacts
with Industrial Control Systems (ICS) using the Modbus protocol. In April 2024,
Dragos researchers discovered a new ...

Pierluigi Paganini July 23, 2024
Malware

HACKERS ABUSED SWAP FILES IN E-SKIMMING ATTACKS ON MAGENTO SITES

Threat actors abused swap files in compromised Magento websites to hide credit
card skimmer and harvest payment information. Security researchers from Sucuri
observed threat actors using swap fil ...

Pierluigi Paganini July 23, 2024
Hacktivism

US GOV SANCTIONED KEY MEMBERS OF THE CYBER ARMY OF RUSSIA REBORN HACKTIVISTS
GROUP

The US government sanctioned two Russian hacktivists for their cyberattacks
targeting critical infrastructure, including breaches of water facilities. The
United States sanctioned Russian hacktivi ...

Pierluigi Paganini July 23, 2024
Hacking

EVILVIDEO, A TELEGRAM ANDROID ZERO-DAY ALLOWED SENDING MALICIOUS APKS DISGUISED
AS VIDEOS

EvilVideo is a zero-day in the Telegram App for Android that allowed attackers
to send malicious APK payloads disguised as videos. ESET researchers discovered
a zero-day exploit named EvilVideo th ...

Pierluigi Paganini July 22, 2024
Malware

SOCGHOLISH MALWARE USED TO SPREAD ASYNCRAT MALWARE

The JavaScript downloader SocGholish (aka FakeUpdates) is being used to deliver
the AsyncRAT and the legitimate open-source project BOINC. Huntress researchers
observed the JavaScript downloader m ...

Pierluigi Paganini July 22, 2024
Cyber Crime

UK POLICE ARRESTED A 17-YEAR-OLD LINKED TO THE SCATTERED SPIDER GANG

Law enforcement arrested a 17-year-old boy from Walsall, U.K., for suspected
involvement in the Scattered Spider cybercrime syndicate. Law enforcement in the
U.K. arrested a 17-year-old teenager f ...

Pierluigi Paganini July 22, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER - ROUND 3

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. Hardening of HardBit   
10,000 Victims a Da ...

Pierluigi Paganini July 21, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 481 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini July 21, 2024
Hacking

U.S. CISA ADDS ADOBE COMMERCE AND MAGENTO, SOLARWINDS SERV-U, AND VMWARE VCENTER
SERVER BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Commerce
and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known
Exploited Vulnerabilities catalog. The ...

Pierluigi Paganini July 21, 2024
Malware

THREAT ACTORS ATTEMPTED TO CAPITALIZE CROWDSTRIKE INCIDENT

CrowdStrike warns that threat actors are exploiting the recent IT outage caused
by their faulty update to distribute Remcos RAT malware. CrowdStrike spotted
threat actors attempting to benefit fr ...

Pierluigi Paganini July 20, 2024
Cyber Crime

RUSSIAN NATIONALS PLEAD GUILTY TO PARTICIPATING IN THE LOCKBIT RANSOMWARE GROUP

Two Russian nationals pleaded guilty to participating in the LockBit ransomware
group and carrying out attacks against victims worldwide. Two foreign nationals,
Ruslan Magomedovich Astamirov and M ...

Pierluigi Paganini July 20, 2024
Security

MEDISECURE DATA BREACH IMPACTED 12.9 MILLION INDIVIDUALS

Personal and health information of 12.9 million individuals was exposed in a
ransomware attack on Australian digital prescription services provider
MediSecure. MediSecure is a company that provide ...

Pierluigi Paganini July 19, 2024
Security

CROWDSTRIKE UPDATE EPIC FAIL CRASHED WINDOWS SYSTEMS WORLDWIDE

Windows machines worldwide displayed BSoD screen following a faulty update
pushed out by cybersecurity firm CrowdStrike. A faulty update released by
CrowdStrike Falcon is causing Windows systems t ...

Pierluigi Paganini July 19, 2024
Security

CISCO FIXED A CRITICAL FLAW IN SECURITY EMAIL GATEWAY THAT COULD ALLOW ATTACKERS
TO ADD ROOT USERS

Cisco has addressed a critical vulnerability that could allow attackers to add
new root users to Security Email Gateway (SEG) appliances. Cisco fixed a
critical vulnerability, tracked as CVE-2024- ...

Pierluigi Paganini July 19, 2024
Hacking

SAPWNED FLAWS IN SAP AI CORE COULD EXPOSE CUSTOMERS' DATA

Researchers discovered security flaws in SAP AI Core cloud-based platform that
could expose customers' data. Cybersecurity researchers at Wiz uncovered five
security flaws, collectively tracked ...

Pierluigi Paganini July 18, 2024
Cyber Crime

CYBERCRIME GROUP FIN7 ADVERTISES NEW EDR BYPASS TOOL ON HACKING FORUMS

The cybercrime group FIN7 is advertising a security evasion tool in multiple
underground forums, cybersecurity company SentinelOne warns. SentinelOne
researchers warn that the financially motivat ...

Pierluigi Paganini July 18, 2024
Security

HOW TO PROTECT PRIVACY AND BUILD SECURE AI PRODUCTS

AI systems are transforming technology and driving innovation across industries.
How to protect privacy and build secure AI products? How to Protect Privacy and
Build Secure AI Products AI syst ...

Pierluigi Paganini July 18, 2024
Security

A CRITICAL FLAW IN CISCO SSM ON-PREM ALLOWS ATTACKERS TO CHANGE ANY USER'S
PASSWORD

A vulnerability in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem)
license servers allows threat actors to change any user's password. Cisco has
addressed a critical vulnerability, tracke ...

Pierluigi Paganini July 17, 2024
Data Breach

MARINEMAX DATA BREACH IMPACTED OVER 123,000 INDIVIDUALS

The world's largest recreational boat and yacht retailer MarineMax, disclosed a
data breach following a cyber attack. The world's largest recreational boat and
yacht retailer MarineMax disclosed a ...

Pierluigi Paganini July 17, 2024
APT

VOID BANSHEE EXPLOITS CVE-2024-38112 ZERO-DAY TO SPREAD MALWARE

Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute
code via the disabled Internet Explorer. An APT group tracked as Void Banshee
was spotted exploiting the Windows zer ...

Pierluigi Paganini July 17, 2024
Cyber Crime

THE OCTO TEMPEST GROUP ADDS RANSOMHUB AND QILIN RANSOMWARE TO ITS ARSENAL

Microsoft said that in Q2 2024, the Octo Tempest cybercrime gang added RansomHub
and Qilin ransomware to its arsenal. In the second quarter of 2024, financially
motivated threat actor Octo Tempest ...

Pierluigi Paganini July 17, 2024
Security

CISA ADDS OSGEO GEOSERVER GEOTOOLS BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo
GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security ...

Pierluigi Paganini July 16, 2024
Breaking News

KASPERSKY LEAVES U.S. MARKET FOLLOWING THE BAN ON THE SALE OF ITS SOFTWARE IN
THE COUNTRY

Kaspersky is leaving the U.S. market following the recent ban on the sales of
its software imposed by the Commerce Department. Russian cybersecurity firm
Kaspersky announced its exit from the U.S. ...

Pierluigi Paganini July 16, 2024
Mobile

FBI UNLOCKED THE PHONE OF THE SUSPECT IN THE ASSASSINATION ATTEMPT ON DONALD
TRUMP

The FBI gained access to the password-protected phone of the suspect in the
assassination attempt on Donald Trump. The independent website 404 Media first
reported that the FBI had successfully ac ...

Pierluigi Paganini July 16, 2024
Malware

RANSOMWARE GROUPS TARGET VEEAM BACKUP & REPLICATION BUG

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as
CVE-2023-27532, in Veeam Backup & Replication. The vulnerability CVE-2023-275327
(CVSS score of 7.5) impacts the ...

Pierluigi Paganini July 15, 2024
Cyber Crime

AT&T PAID A $370,000 RANSOM TO PREVENT STOLEN DATA FROM BEING LEAKED

Wired attributes the recently disclosed AT&T data breach to a hacker living in
Turkey and reported the company paid a $370,000 ransom. An American hacker who
lives in Turkey claimed responsibi ...

Pierluigi Paganini July 15, 2024
Malware

HARDBIT RANSOMWARE VERSION 4.0 SUPPORTS NEW OBFUSCATION TECHNIQUES

Cybersecurity researchers detailed a new version of the HardBit ransomware that
supports new obfuscation techniques to avoid detection. The new version (version
4.0) of the HardBit ransomware come ...

Pierluigi Paganini July 15, 2024
Malware

DARK GATE MALWARE CAMPAIGN USES SAMBA FILE SHARES

A Dark Gate malware campaign from March-April 2024 demonstrates how attackers
exploit legitimate tools and services to distribute malware. Palo Alto Networks
Unit 42 researchers shared details abo ...

Pierluigi Paganini July 15, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER - ROUND 2

Security Affairs Malware newsletter includes a collection of the best articles
and research on malware in the international landscape. New Android Spyware
Steals Data from Gamers and TikTok Users& ...

Pierluigi Paganini July 14, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 480 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini July 14, 2024
Cyber Crime

VYACHESLAV IGOREVICH PENCHUKOV WAS SENTENCED TO PRISON FOR HIS ROLE IN ZEUS AND
ICEDID OPERATIONS

Ukrainian national Vyacheslav Igorevich Penchukov was sentenced to prison for
his role in Zeus and IcedID malware operations. The U.S. DoJ sentenced the
Ukrainian national Vyacheslav Igorevich Pen ...

Pierluigi Paganini July 13, 2024
Data Breach

RITE AID DISCLOSED DATA BREACH FOLLOWING RANSOMHUB RANSOMWARE ATTACK

The American drugstore chain Rite Aid Corporation disclosed a data breach
following the cyber attack that hit the company in June. The American drugstore
chain giant Rite Aid suffered a data breac ...

Pierluigi Paganini July 13, 2024
Data Breach

NEW AT&T DATA BREACH EXPOSED CALL LOGS OF ALMOST ALL CUSTOMERS

AT&T disclosed a new data breach that exposed phone call and text message
records for approximately 110 million people. AT&T suffered a massive data
breach, attackers stole the call logs f ...

Pierluigi Paganini July 12, 2024
Hacking

CRITICAL FLAW IN EXIM MTA COULD ALLOW TO DELIVER MALWARE TO USERS' INBOXES

A critical vulnerability in Exim mail server allows attackers to deliver
malicious executable attachments to mailboxes. Attackers can exploit a critical
security flaw, tracked as CVE-2024-39929 (C ...

Pierluigi Paganini July 12, 2024
Security

PALO ALTO NETWORKS FIXED A CRITICAL BUG IN THE EXPEDITION TOOL

Palo Alto Networks addressed five vulnerabilities impacting its products,
including a critical authentication bypass issue. Palo Alto Networks released
security updates to address five security ...

Pierluigi Paganini July 12, 2024
Cyber Crime

SMISHING TRIAD IS TARGETING INDIA TO STEAL PERSONAL AND PAYMENT DATA AT SCALE

Resecurity has identified a new campaign by the Smishing Triad that is targeting
India to steal personal and payment data at scale Resecurity (USA) identified a
new campaign targeting India Post ( ...

Pierluigi Paganini July 12, 2024
Cyber Crime

OCTOBER RANSOMWARE ATTACK ON DALLAS COUNTY IMPACTED OVER 200,000 PEOPLE

The ransomware attack that hit Dallas County in October 2023 has impacted more
than 200,000 individuals exposing their personal information. In October 2023
the Play ransomware group hit Dallas Co ...

Pierluigi Paganini July 12, 2024
Cyber Crime

CRYSTALRAY OPERATIONS HAVE SCALED 10X TO OVER 1,500 VICTIMS

A threat actor known as CrystalRay targeted 1,500 victims since February using
tools like SSH-Snake and various open-source utilities. The Sysdig Threat
Research Team (TRT) first spotted the thr ...

Pierluigi Paganini July 11, 2024
Hacking

MULTIPLE THREAT ACTORS EXPLOIT PHP FLAW CVE-2024-4577 TO DELIVER MALWARE

Multiple threat actors exploit a recently disclosed security PHP flaw
CVE-2024-4577 to deliver multiple malware families. The Akamai Security
Intelligence Response Team (SIRT) warns that multiple ...

Pierluigi Paganini July 11, 2024
Security

AI-POWERED RUSSIA'S BOT FARM OPERATES ON X, US AND ITS ALLIES WARN

The US and its allies disrupted an AI-powered Russia-linked bot farm on the
social media platform X relying on the Meliorator AI software. The U.S. FBI and
Cyber National Mission Force, along with ...

Pierluigi Paganini July 11, 2024
Security

VMWARE FIXED CRITICAL SQL-INJECTION IN ARIA AUTOMATION PRODUCT

VMware addressed a critical SQL-Injection vulnerability, tracked as
CVE-2024-22280, impacting Aria Automation. Virtualization giant VMware addressed
a high-severity SQL-injection vulnerability, tr ...

Pierluigi Paganini July 11, 2024
Security

CITRIX FIXED CRITICAL AND HIGH-SEVERITY BUGS IN NETSCALER PRODUCT

IT giant Citrix addressed multiple vulnerabilities, including critical and
high-severity issues in its NetScaler product. Citrix released security updates
to address critical and high-severity iss ...

Pierluigi Paganini July 10, 2024
Hacking

A NEW FLAW IN OPENSSH CAN LEAD TO REMOTE CODE EXECUTION

A vulnerability affects some versions of the OpenSSH secure networking suite, it
can potentially lead to remote code execution. The vulnerability CVE-2024-6409
(CVSS score: 7.0) impacts select ver ...

Pierluigi Paganini July 10, 2024
Security

MICROSOFT PATCH TUESDAY FOR JULY 2024 FIXED 2 ACTIVELY EXPLOITED ZERO-DAYS

Microsoft Patch Tuesday security updates for July 2024 addressed 139 flaws,
including two actively exploited zero-days. Microsoft Patch Tuesday security
updates for July 2024 addressed 139 vulnera ...

Pierluigi Paganini July 10, 2024
Security

U.S. CISA ADDS MICROSOFT WINDOWS AND REJETTO HTTP FILE SERVER BUGS TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft
Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Inf ...

Pierluigi Paganini July 10, 2024
Cyber Crime

EVOLVE BANK DATA BREACH IMPACTED OVER 7.6 MILLION INDIVIDUALS

The Lockbit ransomware attack on Evolve Bank has compromised the personal
information of over 7.6 million individuals. At the end of June, the LockBit
gang announced that it had breached ...

Pierluigi Paganini July 09, 2024
Data Breach

MORE THAN 31 MILLION CUSTOMER EMAIL ADDRESSES EXPOSED FOLLOWING NEIMAN MARCUS
DATA BREACH

The recent data breach suffered by the American luxury department store chain
Neiman Marcus has exposed more than 31 million customer email addresses. In May
2024, the American luxury retailer and ...

Pierluigi Paganini July 09, 2024
Malware

AVAST RELEASED A DECRYPTOR FOR DONEX RANSOMWARE AND ITS PREDECESSORS

Avast developed and released a decryptor for the DoNex ransomware family that
allows victims to recover their files for free. Avast researchers identified a
cryptographic flaw in the DoNex ransomw ...

Pierluigi Paganini July 09, 2024
Data Breach

ROCKYOU2024 COMPILATION CONTAINING 10 BILLION PASSWORDS WAS LEAKED ONLINE

Threat actors leaked the largest password compilation ever, known as
RockYou2024, on a popular hacking forum. The Cybernews researchers reported that
threat actors leaked the largest password comp ...

Pierluigi Paganini July 08, 2024
Hacking

CRITICAL GHOSTSCRIPT FLAW EXPLOITED IN THE WILD. PATCH IT NOW!

Threat actors are exploiting Ghostscript vulnerability CVE-2024-29510 to bypass
the sandbox and achieve remote code execution. Threat actors are actively
exploiting a Ghostscript vulnerability, tr ...

Pierluigi Paganini July 08, 2024
Hacking

APPLE REMOVED 25 VPN APPS FROM THE APP STORE IN RUSSIA FOLLOWING MOSCOW'S
REQUESTS

Apple removed several virtual private network (VPN) apps from its App Store in
Russia following a request from the Russian Government. Russia is tightening its
citizens' control over Internet acce ...

Pierluigi Paganini July 08, 2024
Security

CISA ADDS CISCO NX-OS COMMAND INJECTION BUG TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco NX-OS
Command Injection bug to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Securi ...

Pierluigi Paganini July 08, 2024
Security

APACHE FIXED A SOURCE CODE DISCLOSURE FLAW IN APACHE HTTP SERVER

The Apache Foundation addressed a critical source code disclosure vulnerability,
tracked as CVE-2024-39884, in the HTTP Server. The Apache Software Foundation
has addressed multiple vulnerabiliti ...

Pierluigi Paganini July 07, 2024
Malware

SECURITY AFFAIRS MALWARE NEWSLETTER - ROUND 1

Today marks the launch of the Security Affairs newsletter, specializing in
Malware. This newsletter complements the weekly one you already receive. Each
week, it will feature a collection of the best ...

Pierluigi Paganini July 07, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 479 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini July 07, 2024
Uncategorized

ALABAMA STATE DEPARTMENT OF EDUCATION SUFFERED A DATA BREACH FOLLOWING A BLOCKED
ATTACK

Alabama’s education superintendent disclosed a data breach following a hacking
attempt on the Alabama State Department of Education. The Alabama State
Department of Education announced it had th ...

Pierluigi Paganini July 07, 2024
Malware

GOOTLOADER IS STILL ACTIVE AND EFFICIENT

Researchers warn that the malware GootLoader is still active and threat actors
are still using it in their campaigns. Threat actors continue to use GootLoader
malware in their campaigns, Cybereaso ...

Pierluigi Paganini July 06, 2024
Data Breach

HACKERS STOLE OPENAI SECRETS IN A 2023 SECURITY BREACH

The New York Times revealed that OpenAI suffered a security breach in 2023, but
the company says source code and customer data were not compromised. OpenAI
suffered a security breach in 2023, the ...

Pierluigi Paganini July 06, 2024
Data Breach

HACKERS LEAK 170K TAYLOR SWIFT’S ERAS TOUR BARCODES

The threat actor Sp1d3rHunters leaked valid Taylor Swift ’s ERAS Tour barcodes
threatening to leak more data and blackmailing Ticketmaster. A threat actor that
goes online with the moniker Sp1d3 ...

Pierluigi Paganini July 05, 2024
Hacking

POLYFILL.IO SUPPLY CHAIN ATTACK: 384,773 HOSTS STILL EMBEDDING A POLYFILL JS
SCRIPT LINKING TO THE MALICIOUS DOMAIN

Cybersecurity company Censys has identified over 380,000 hosts that are still
referencing the malicious polyfill.io domain. Censys reported that over 380,000
internet-exposed hosts are still refer ...

Pierluigi Paganini July 05, 2024
Cyber Crime

NEW GOLANG-BASED ZERGECA BOTNET APPEARED IN THE THREAT LANDSCAPE

Researchers uncovered a new Golang-based botnet called Zergeca that can carry
out distributed denial-of-service (DDoS) attacks. Researchers at the QiAnXin
XLab team uncovered a new Golang-based bo ...

Pierluigi Paganini July 05, 2024
ICS-SCADA

MICROSOFT DISCLOSES 2 FLAWS IN ROCKWELL AUTOMATION PANELVIEW PLUS

Microsoft discovered two flaws in Rockwell Automation PanelView Plus that
remote, unauthenticated attackers could exploit. Microsoft responsibly disclosed
two vulnerabilities in Rockwell Automatio ...

Pierluigi Paganini July 05, 2024
Hacking

HACKERS COMPROMISED ETHEREUM MAILING LIST AND LAUNCHED A CRYPTO DRAINING ATTACK

Hackers compromised Ethereum 's mailing list provider and sent phishing messages
to the members attempting to drain their crypto funds. Hackers compromised
Ethereum's mailing list provider and on ...

Pierluigi Paganini July 05, 2024
Cyber Crime

OVHCLOUD MITIGATED A RECORD-BREAKING DDOS ATTACK IN APRIL 2024

OVHcloud successfully mitigated a record-breaking DDoS attack in April, which
reached 840 million packets per second (Mpps). The cloud services provider
OVHcloud announced it has mitigated a recor ...

Pierluigi Paganini July 04, 2024
Data Breach

HEALTHCARE FINTECH FIRM HEALTHEQUITY DISCLOSED A DATA BREACH

Healthcare firm HealthEquity disclosed a data breach caused by a partner's
compromised account that exposed protected health information. Healthcare
fintech firm HealthEquity disclosed a data brea ...

Pierluigi Paganini July 04, 2024
Social Networks

BRAZIL DATA PROTECTION AUTHORITY BANS META FROM TRAINING AI MODELS WITH DATA
ORIGINATING IN THE COUNTRY

Brazil’s data protection authority temporarily banned Meta from using data
originating in the country to train its artificial intelligence. Brazil's data
protection authority, Autoridade Naciona ...

Pierluigi Paganini July 04, 2024
Security

SPLUNK FIXED TENS OF FLAWS IN SPLUNK ENTERPRISE AND CLOUD PLATFORM

Technology company Splunk released security updates to address 16
vulnerabilities in Splunk Enterprise and Cloud Platform. Technology company
Splunk addressed 16 vulnerabilities in Splunk Enterpri ...

Pierluigi Paganini July 04, 2024
Cyber Crime

OPERATION MORPHEUS TOOK DOWN 593 COBALT STRIKE SERVERS USED BY THREAT ACTORS

An international law enforcement operation code-named Operation Morpheus led to
the takedown of 593 Cobalt Strike servers used by crooks. An international law
enforcement operation, code-named Ope ...

Pierluigi Paganini July 03, 2024
Cyber Crime

LOCKBIT GROUP CLAIMS THE HACK OF THE FAIRFIELD MEMORIAL HOSPITAL IN THE US

The LockBit ransomware group breached another hospital in the United States, the
victim is the Fairfield Memorial Hospital in Illinois. It has happened again,
another US healthcare organization su ...

Pierluigi Paganini July 03, 2024
Hacking

AMERICAN PATELCO CREDIT UNION SUFFERED A RANSOMWARE ATTACK

The American credit union Patelco Credit Union shut down several of its banking
systems to contain a ransomware attack. Patelco Credit Union is a member-owned,
not-for-profit credit union that se ...

Pierluigi Paganini July 03, 2024
Intelligence

POLISH GOVERNMENT INVESTIGATES RUSSIA-LINKED CYBERATTACK ON STATE NEWS AGENCY

The Polish government is investigating a potential connection between Russia and
a cyberattack on the country’s state news agency. The Polish government is
investigating a suspected link between ...

Pierluigi Paganini July 03, 2024
Cyber Crime

EVOLVE BANK DATA BREACH IMPACTED FINTECH FIRMS WISE AND AFFIRM

Fintech firms Wise and Affirm confirmed they were both impacted by the recent
data breach suffered by Evolve Bank. Fintech companies Wise and Affirm have
confirmed that they were both affected by ...

Pierluigi Paganini July 02, 2024
Data Breach

PRUDENTIAL FINANCIAL DATA BREACH IMPACTED OVER 2.5 MILLION INDIVIDUALS

Prudential Financial confirmed that more than 2.5 million individuals were
affected by the data breach it suffered in February 2024. The insurance company
Prudential Financial confirmed that the d ...

Pierluigi Paganini July 02, 2024
Cyber Crime

AUSTRALIAN MAN CHARGED FOR EVIL TWIN WI-FI ATTACKS ON DOMESTIC FLIGHTS

An Australian man has been charged with carrying out 'Evil Twin' Wi-Fi attack
during a domestic flight to steal user credentials and data. An Evil Twin Wi-Fi
attack is a type of cyberattack where ...

Pierluigi Paganini July 02, 2024
APT

CHINA-LINKED APT EXPLOITED CISCO NX-OS ZERO-DAY TO DEPLOY CUSTOM MALWARE

Cisco fixed an actively exploited NX-OS zero-day, the flaw was exploited to
install previously unknown malware as root on vulnerable switches. Cisco
addressed an NX-OS zero-day, tracked as CVE-202 ...

Pierluigi Paganini July 02, 2024
Security

CRITICAL UNAUTHENTICATED REMOTE CODE EXECUTION FLAW IN OPENSSH SERVER

A critical flaw in the OpenSSH server can be exploited to achieve
unauthenticated remote code execution with root privileges in glibc-based Linux
systems. OpenSSH maintainers addressed a critical ...

Pierluigi Paganini July 01, 2024
Cyber Crime

MONTI GANG CLAIMS THE HACK OF THE WAYNE MEMORIAL HOSPITAL IN PENNSYLVANIA

Wayne Memorial Hospital in Pennsylvania was the victim of a cyber attack, Monti
gang claimed to have hacked the healthcare infrastructure. Another critical
infrastructure healthcare suffered a sec ...

Pierluigi Paganini July 01, 2024
Hacking

THREAT ACTORS ACTIVELY EXPLOIT D-LINK DIR-859 ROUTER FLAW CVE-2024-0769

Experts spotted threat actors exploiting the critical vulnerability
CVE-2024-0769 affects all D-Link DIR-859 WiFi routers. Researchers from
cybersecurity firm GreyNoise have spotted exploitation a ...

Pierluigi Paganini July 01, 2024
Hacking

RUSSIA-LINKED MIDNIGHT BLIZZARD STOLE EMAIL OF MORE MICROSOFT CUSTOMERS

Microsoft warned more customers about email theft linked to the previously
reported Midnight Blizzard hacking campaign. The Russia-linked cyberespionage
group Midnight Blizzard continues to target ...

Pierluigi Paganini June 30, 2024
Hacking

RUSSIA-LINKED GROUP APT29 LIKELY BREACHED TEAMVIEWER'S CORPORATE NETWORK

Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of
TeamViewer 's corporate network. TeamViewer discovered that a threat actor has
breached its corporate network and som ...

Pierluigi Paganini June 30, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 478 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini June 30, 2024
Data Breach

INFOSYS MCCAMISH SYSTEMS DATA BREACH IMPACTED OVER 6 MILLION PEOPLE

Infosys McCamish Systems (IMS) revealed that the 2023 data breach following the
LockBit ransomware attack impacted 6 million individuals. IMS specializes in
providing business process outsourcing ...

Pierluigi Paganini June 29, 2024
Hacking

A CYBERATTACK SHUT DOWN THE UNIVERSITY HOSPITAL CENTRE ZAGREB IN CROATIA

A cyber attack started targeting the University Hospital Centre Zagreb (KBC
Zagreb) on Wednesday night, reported the Croatian Radiotelevision. A cyber
attack began targeting the University Hospita ...

Pierluigi Paganini June 28, 2024
Hacking

US ANNOUNCES A $10M REWARD FOR RUSSIA'S GRU HACKER BEHIND ATTACKS ON UKRAINE

The US DoJ announced charges against a member of Russia's military intelligence
service GRU for conducting wiper attacks on Ukraine in 2022. The US Department
of Justice (DoJ) announced charges ag ...

Pierluigi Paganini June 28, 2024
Cyber Crime

LOCKBIT GROUP FALSELY CLAIMED THE HACK OF THE FEDERAL RESERVE

The LockBit ransomware group seems to have lied when they announced the hack of
the US Federal Reserve. The real victim is the Evolve Bank. The LockBit
ransomware group hasn't hacked the Federal R ...

Pierluigi Paganini June 27, 2024
Security

CISA ADDS GEOSOLUTIONSGROUP JAI-EXT, LINUX KERNEL, AND ROUNDCUBE WEBMAIL BUGS TO
ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds
GeoSolutionsGroup JAI-EXT, Linux Kernel, and Roundcube Webmail bugs to its Known
Exploited Vulnerabilities catalog. The U.S. Cyber ...

Pierluigi Paganini June 27, 2024
Malware

NEW P2PINFECT VERSION DELIVERS MINERS AND RANSOMWARE ON REDIS SERVERS

Researchers warn that the P2Pinfect worm is targeting Redis servers with
ransomware and cryptocurrency mining payloads. Cado Security researchers warned
that the P2Pinfect worm is employed in atta ...

Pierluigi Paganini June 27, 2024
Hacking

NEW MOVEIT TRANSFER CRITICAL BUG IS ACTIVELY EXPLOITED

Experts warn of active exploitation of a critical authentication bypass
vulnerability in MOVEit Transfer file transfer software. Progress Software
addressed two critical authentication bypass vuln ...

Pierluigi Paganini June 26, 2024
Malware

NEW CAESAR CIPHER SKIMMER TARGETS POPULAR CMS USED BY E-STORES

A new e-skimmer called Caesar Cipher Skimmer is used to compromise multiple CMS,
including WordPress, Magento, and OpenCart. Sucuri researchers discovered a new
e-skimmer, called Caesar Cipher Ski ...

Pierluigi Paganini June 26, 2024
Cyber Crime

MIRAI-LIKE BOTNET IS EXPLOITING RECENTLY DISCLOSED ZYXEL NAS FLAW

Researchers warn that a Mirai-based botnet is exploiting a recently disclosed
critical vulnerability in EoL Zyxel NAS devices. Researchers at the Shadowserver
Foundation warn that a Mirai-based bo ...

Pierluigi Paganini June 25, 2024
Security

WIKILEAKS FOUNDER JULIAN ASSANGE IS FREE

WikiLeaks founder Julian Assange has been released in the U.K. and has left the
country after five years in Belmarsh prison. Julian Assange is free after five
years in Belmarsh prison, the WikiLe ...

Pierluigi Paganini June 25, 2024
Data Breach

CISA CONFIRMED THAT ITS CSAT ENVIRONMENT WAS BREACHED IN JANUARY.

CISA warned chemical facilities that its Chemical Security Assessment Tool
(CSAT) environment was compromised in January. CISA warns chemical facilities
that its Chemical Security Assessment Tool ...

Pierluigi Paganini June 25, 2024
Cyber Crime

THREAT ACTORS COMPROMISED 1,590 COINSTATS CRYPTO WALLETS

Threat actors breached 1,590 cryptocurrency wallets of the cryptocurrency
portfolio management and tracking platform CoinStats. The cryptocurrency
portfolio management and tracking platform CoinSt ...

Pierluigi Paganini June 24, 2024
Breaking News

EXPERTS OBSERVED APPROXIMATELY 120 MALICIOUS CAMPAIGNS USING THE RAFEL RAT

Multiple threat actors are using an open-source Android remote administration
tool called Rafel RAT to target Android Devices. Check Point Research identified
multiple threat actors using Rafel, ...

Pierluigi Paganini June 24, 2024
Cyber Crime

LOCKBIT CLAIMS THE HACK OF THE US FEDERAL RESERVE

The Lockbit ransomware group announced that it had breached the US Federal
Reserve and exfiltrated 33 TB of sensitive data. The Lockbit ransomware group
announced that it had breached the systems ...

Pierluigi Paganini June 24, 2024
Cyber Crime

RANSOMWARE THREAT LANDSCAPE JAN-APR 2024: INSIGHTS AND CHALLENGES

Between Jan and Apr 2024, the global ransomware landscape witnessed significant
activity, with 1420 ransomware claims reported worldwide. In the first four
months of 2024, the global ransomware la ...

Pierluigi Paganini June 24, 2024
Breaking News

EXCOBALT CYBERCRIME GROUP TARGETS RUSSIAN ORGANIZATIONS IN MULTIPLE SECTORS

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors
with a previously unknown backdoor known as GoRed. Positive Technologies
researchers reported that a cybercrime gan ...

Pierluigi Paganini June 24, 2024
Cyber Crime

THREAT ACTOR ATTEMPTS TO SELL 30 MILLION CUSTOMER RECORDS ALLEGEDLY STOLEN FROM
TEG

A threat actor is offering for sale customer data allegedly stolen from the
Australia-based live events and ticketing company TEG. TEG (Ticketek
Entertainment Group) is an Australian company that ...

Pierluigi Paganini June 23, 2024
Security

SECURITY AFFAIRS NEWSLETTER ROUND 477 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free in your email box. Enjoy a
new round of the weekly SecurityAffair ...

Pierluigi Paganini June 23, 2024
Hacking

THREAT ACTORS ARE ACTIVELY EXPLOITING SOLARWINDS SERV-U BUG CVE-2024-28995

Threat actors are actively exploiting a recently discovered vulnerability in
SolarWinds Serv-U software using publicly available proof-of-concept (PoC) code.
Threat actors are actively exploiting ...

Pierluigi Paganini June 23, 2024
Security

US GOVERNMENT SANCTIONS TWELVE KASPERSKY LAB EXECUTIVES

The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned
twelve Kaspersky Lab executives for their role in the Russian company. The
Treasury Department's Office of Foreign Ass ...

Pierluigi Paganini June 22, 2024
Cyber Crime

EXPERTS FOUND A BUG IN THE LINUX VERSION OF RANSOMHUB RANSOMWARE

The RansomHub ransomware operators added a Linux encryptor to their arsenal, the
version targets VMware ESXi environments. RansomHub ransomware operation relies
on a new Linux version of the encry ...

Pierluigi Paganini June 22, 2024
Hacking

UEFICANHAZBUFFEROVERFLOW FLAW IN PHOENIX SECURECORE UEFI FIRMWARE POTENTIALLY
IMPACTS HUNDREDS OF PC AND SERVER MODELS

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware
potentially impacts hundreds of PC and server models. Firmware security firm
Eclypsium discovered a vulnerability, ...

Pierluigi Paganini June 21, 2024
APT

RUSSIA-LINKED APT NOBELIUM TARGETS FRENCH DIPLOMATIC ENTITIES

French information security agency ANSSI reported that Russia-linked threat
actor Nobelium is behind a series of cyber attacks that targeted French
diplomatic entities. The French information sec ...

Pierluigi Paganini June 21, 2024
Laws and regulations

US BANS SALE OF KASPERSKY PRODUCTS DUE TO RISKS TO NATIONAL SECURITY

The US government announced the ban on selling Kaspersky software due to
security risks from Russia and urged citizens to replace it. The Biden
administration announced it will ban the sale of Kas ...

Pierluigi Paganini June 20, 2024
Security

ATLASSIAN FIXED SIX HIGH-SEVERITY BUGS IN CONFLUENCE DATA CENTER AND SERVER

Australian software company Atlassian addressed multiple high-severity
vulnerabilities in its Confluence, Crucible, and Jira solutions. Atlassian June
2024 Security Bulletin addressed nine high-se ...

Pierluigi Paganini June 20, 2024
APT

CHINA-LINKED SPIES TARGET ASIAN TELCOS SINCE AT LEAST 2021

A China-linked cyber espionage group has compromised telecom operators in an
Asian country since at least 2021. The Symantec Threat Hunter Team reported that
an alleged China-linked APT group has ...

Pierluigi Paganini June 20, 2024
Malware

NEW RUST INFOSTEALER FICKLE STEALER SPREADS THROUGH VARIOUS ATTACK METHODS

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data
Exfiltration A new Rust malware called Fickle Stealer spreads through various
attack methods and steals sensitive information. ...

Pierluigi Paganini June 20, 2024
Hacking

AN UNPATCHED BUG ALLOWS ANYONE TO IMPERSONATE MICROSOFT CORPORATE EMAIL ACCOUNTS

A researcher discovered a flaw that allows attackers to impersonate Microsoft
corporate email accounts and launch phishing attacks. The security researcher
Vsevolod Kokorin (@Slonser) discovered ...

Pierluigi Paganini June 20, 2024
Cyber Crime

SMISHING TRIAD IS TARGETING PAKISTAN TO DEFRAUD BANKING CUSTOMERS AT SCALE

Resecurity researchers warn of a new activity of Smishing Triad, which has
expanded its operations to Pakistan. Resecurity has identified a new activity of
Smishing Triad, which has expanded its o ...

Pierluigi Paganini June 20, 2024
Hacking

ALLEGED RESEARCHERS STOLE $3 MILLION FROM KRAKEN EXCHANGE

Alleged researchers have exploited a zero-day in Kraken crypto exchange to steal
$3 million worth of cryptocurrency. Kraken Chief Security Officer Nick Percoco
revealed that alleged security resea ...

Pierluigi Paganini June 19, 2024
Security

GOOGLE CHROME 126 UPDATE ADDRESSES MULTIPLE HIGH-SEVERITY FLAWS

Google released Chrome 126 update that addresses a high-severity vulnerability
demonstrated at the TyphoonPWN 2024 hacking competition. Google has issued a
Chrome 126 security update, addressing s ...

Pierluigi Paganini June 19, 2024
Data Breach

CHIP MAKER GIANT AMD INVESTIGATES A DATA BREACH

AMD announced an investigation after a threat actor attempted to sell data
allegedly stolen from its systems. AMD has launched an investigation after the
threat actor IntelBroker announced they we ...

Pierluigi Paganini June 19, 2024
Cyber Crime

CRYPTOJACKING CAMPAIGN TARGETS EXPOSED DOCKER APIS

A malware campaign targets publicly exposed Docker API endpoints to deliver
cryptocurrency miners and other payloads. Researchers at Datadog uncovered a new
cryptojacking campaign linked to the at ...

Pierluigi Paganini June 19, 2024
Hacking

VMWARE FIXED RCE AND PRIVILEGE ESCALATION BUGS IN VCENTER SERVER

VMware addressed vCenter Server vulnerabilities that can allow remote code
execution or privilege escalation. VMware addressed multiple vCenter Server
vulnerabilities that remote attackers can exp ...

Pierluigi Paganini June 18, 2024
Laws and regulations

META DELAYS TRAINING ITS AI USING PUBLIC CONTENT SHARED BY EU USERS 

Meta announced it is postponing the training of its large language models using
public content from adult Facebook and Instagram users in the EU. Meta announced
it is delaying the training of its ...

Pierluigi Paganini June 18, 2024
Data Breach

KEYTRONIC CONFIRMS DATA BREACH AFTER RANSOMWARE ATTACK

Printed circuit board assembly (PCBA) manufacturer Keytronic disclosed a data
breach after a ransomware attack. Keytronic has confirmed a data breach after a
ransomware group leaked allegedly sto ...

Pierluigi Paganini June 18, 2024
Cyber Crime

THE FINANCIAL DYNAMICS BEHIND RANSOMWARE ATTACKS

Over the last few years, ransomware attacks have become one of the most
prevalent and expensive forms of cybercrime. Initially, these attacks involved
malicious software that encrypts a victim's ...

Pierluigi Paganini June 18, 2024
Deep Web

EMPIRE MARKET OWNERS CHARGED WITH OPERATING $430M DARK WEB MARKETPLACE

Federal authorities charged two individuals with operating the dark web
marketplace Empire Market that facilitated over $430 million in illegal
transactions. Two men, Thomas Pavey (aka "Dopenugget ...

Pierluigi Paganini June 17, 2024
APT

CHINA-LINKED VELVET ANT USES F5 BIG-IP MALWARE IN CYBER ESPIONAGE CAMPAIGN

Chinese cyberespionage group Velvet Ant was spotted using custom malware to
target F5 BIG-IP appliances to breach target networks. In late 2023, Sygnia
researchers responded to an incident suffere ...

Pierluigi Paganini June 17, 2024
Data Breach

LA COUNTY’S DEPARTMENT OF PUBLIC HEALTH (DPH) DATA BREACH IMPACTED OVER 200,000
INDIVIDUALS

The County of Los Angeles’ Department of Public Health (DPH) disclosed a data
breach that impacted more than 200,000 individuals. The LA County’s Department
of Public Health announced that the ...

Pierluigi Paganini June 17, 2024
Cyber Crime

SPANISH POLICE ARRESTED AN ALLEGED MEMBER OF THE SCATTERED SPIDER GROUP

A joint law enforcement operation led to the arrest of a key member of the
cybercrime group known as Scattered Spider. Spanish police arrested a
22-year-old British national who is suspected of be ...

Pierluigi Paganini June 17, 2024
Security

ONLINE JOB OFFERS, THE RESHIPPING AND MONEY MULE SCAMS

Offers that promise easy earnings can also bring with them a host of scams that
deceive those who are genuinely seeking income opportunities. Often, behind
these enticing offers are pyramid scheme ...

Pierluigi Paganini June 17, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 476 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini June 16, 2024
Security

ASUS FIXED CRITICAL REMOTE AUTHENTICATION BYPASS BUG IN SEVERAL ROUTERS

Taiwanese manufacturer giant ASUS addressed a critical remote authentication
bypass vulnerability impacting several router models. ASUS addresses a critical
remote authentication bypass vulnerabil ...

Pierluigi Paganini June 16, 2024
Cyber Crime

LONDON HOSPITALS CANCELED OVER 800 OPERATIONS IN THE WEEK AFTER SYNNOVIS
RANSOMWARE ATTACK

NHS England confirmed that multiple London hospitals impacted by the ransomware
attack at Synnovis were forced to cancel planned operations. NHS England
confirmed that the recent ransomware attack ...

Pierluigi Paganini June 15, 2024
Laws and regulations

DORA COMPLIANCE STRATEGY FOR BUSINESS LEADERS

In January 2025, European financial and insurance institutions, their business
partners and providers, must comply with DORA. In January 2025, financial and
insurance institutions in Europe and an ...

Pierluigi Paganini June 14, 2024
Security

CISA ADDS ANDROID PIXEL, MICROSOFT WINDOWS, PROGRESS TELERIK REPORT SERVER BUGS
TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel,
Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cyb ...

Pierluigi Paganini June 14, 2024
Hacking

CITY OF CLEVELAND STILL WORKING TO FULLY RESTORE SYSTEMS IMPACTED BY A CYBER
ATTACK

Early this week, the City of Cleveland suffered a cyber attack that impacted
multiple services. The City is working to restore impacted systems. On Monday,
the City of Cleveland announced it was t ...

Pierluigi Paganini June 14, 2024
Security

GOOGLE FIXED AN ACTIVELY EXPLOITED ZERO-DAY IN THE PIXEL FIRMWARE

Google is warning of a security vulnerability impacting its Pixel Firmware that
has been actively exploited in the wild as a zero-day. Google warned of an
elevation of privilege vulnerability, tr ...

Pierluigi Paganini June 13, 2024
Security

MULTIPLE FLAWS IN FORTINET FORTIOS FIXED

Fortinet released security updates to address multiple vulnerabilities in
FortiOS, including a high-severity code execution security issue. Fortinet
addressed multiple vulnerabilities in FortiOS a ...

Pierluigi Paganini June 13, 2024
Hacking

CISA ADDS ARM MALI GPU KERNEL DRIVER, PHP BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mali GPU
Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Securit ...

Pierluigi Paganini June 12, 2024
Breaking News

UKRAINE POLICE ARRESTED A HACKER WHO DEVELOPED A CRYPTER USED BY CONTI AND
LOCKBIT RANSOMWARE OPERATION

The Ukraine cyber police arrested a Russian man for having developed the crypter
component employed in Conti and LockBit ransomware operations. The Ukraine cyber
police arrested a Russian man (2 ...

Pierluigi Paganini June 12, 2024
Security

JETBRAINS FIXED INTELLIJ IDE FLAW EXPOSING GITHUB ACCESS TOKENS

JetBrains warned to fix a critical vulnerability in IntelliJ integrated
development environment (IDE) apps that exposes GitHub access tokens. JetBrains
warned customers to address a critical vulne ...

Pierluigi Paganini June 12, 2024
Security

MICROSOFT PATCH TUESDAY SECURITY UPDATES FOR JUNE 2024 FIXED ONLY ONE CRITICAL
ISSUE

Microsoft Patch Tuesday security updates for June 2024 addressed 49
vulnerabilities, only one of them is a publicly disclosed zero-day flaw.
Microsoft Patch Tuesday security updates for June 2024 ...

Pierluigi Paganini June 12, 2024
Data Breach

CYLANCE CONFIRMS THE LEGITIMACY OF DATA OFFERED FOR SALE IN THE DARK WEB

A threat actor is selling the data belonging to BlackBerry’s Cylance
cybersecurity unit, he demanded $750,000. A threat actor, that goes online with
the moniker Sp1d3r, is selling the stolen dat ...

Pierluigi Paganini June 11, 2024
Hacking

ARM ZERO-DAY IN MALI GPU DRIVERS ACTIVELY EXPLOITED IN THE WILD

Semiconductor and software design company Arm warns of an actively exploited
zero-day vulnerability in Mali GPU Kernel Driver. Arm is warning of an actively
exploited zero-day vulnerability, track ...

Pierluigi Paganini June 11, 2024
Hacking

EXPERT RELEASED POC EXPLOIT CODE FOR VEEAM BACKUP ENTERPRISE MANAGER FLAW
CVE-2024-29849. PATCH IT NOW!

A proof-of-concept (PoC) exploit code for a Veeam Backup Enterprise Manager
authentication bypass flaw CVE-2024-29849 is publicly available. Researcher Sina
Kheirkha analyzed the Veeam Backup Ent ...

Pierluigi Paganini June 11, 2024
Security

JAPANESE VIDEO-SHARING PLATFORM NICONICO WAS VICTIM OF A CYBER ATTACK

The Japanese video-sharing platform, Niconico, was forced to suspend its
services following a cybersecurity incident. The Japanese video-sharing
platform, Niconico, temporarily suspended its servi ...

Pierluigi Paganini June 10, 2024
Cyber Crime

UK NHS CALL FOR O-TYPE BLOOD DONATIONS FOLLOWING RANSOMWARE ATTACK ON LONDON
HOSPITALS

The UK NHS issued an urgent call for O-type blood donations following the recent
ransomware attack that hit several London hospitals. The UK National Health
Service (NHS) issued an urgent call for ...

Pierluigi Paganini June 10, 2024
Data Breach

CHRISTIE’S DATA BREACH IMPACTED 45,798 INDIVIDUALS

Auction house Christie’s revealed that the data breach caused by the recent
ransomware attack impacted 45,000 individuals. At the end of May, the auction
house Christie’s disclosed a data bre ...

Pierluigi Paganini June 10, 2024
Hacking

STICKY WEREWOLF TARGETS THE AVIATION INDUSTRY IN RUSSIA AND BELARUS

Morphisec researchers observed a threat actor, tracked as Sticky Werewolf,
targeting entities in Russia and Belarus. Sticky Werewolf is a threat actor that
was first spotted in April 2023, initial ...

Pierluigi Paganini June 10, 2024
Data Breach

FRONTIER COMMUNICATIONS DATA BREACH IMPACTED OVER 750,000 INDIVIDUALS

Frontier Communications is notifying over 750,000 individuals that their
personal information was stolen in a recent cyber attack. Last week, the
RansomHub ransomware group claimed to have stolen ...

Pierluigi Paganini June 10, 2024
Breaking News

PHP ADDRESSED CRITICAL RCE FLAW POTENTIALLY IMPACTING MILLIONS OF SERVERS

A new PHP for Windows remote code execution (RCE) flaw affects version 5.x and
earlier versions, potentially impacting millions of servers worldwide.
Researchers at cybersecurity firm DEVCORE disc ...

Pierluigi Paganini June 09, 2024
Security

SECURITY AFFAIRS NEWSLETTER ROUND 475 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini June 09, 2024
Security

SOLARWINDS FIXED MULTIPLE FLAWS IN SERV-U AND SOLARWINDS PLATFORM

SolarWinds addressed multiple vulnerabilities in Serv-U and the SolarWinds
Platform, including a bug reported by a pentester working with NATO. SolarWinds
announced security patches to address mul ...

Pierluigi Paganini June 07, 2024
Cyber Crime

PANDABUY WAS EXTORTED TWICE BY THE SAME THREAT ACTOR

Chinese shopping platform Pandabuy previously paid a ransom demand to an
extortion group that extorted the company again this week. The story of the
attack against the Chinese shopping platform Pa ...

Pierluigi Paganini June 07, 2024
Intelligence

UAC-0020 THREAT ACTOR USED THE SPECTR MALWARE TO TARGET UKRAINE'S DEFENSE FORCES

Ukraine CERT-UA warned of cyber attacks targeting defense forces with SPECTR
malware as part of a cyber espionage campaign dubbed SickSync. The Computer
Emergency Response Team of Ukraine (CERT-UA ...

Pierluigi Paganini June 07, 2024
Cyber Crime

A NEW LINUX VERSION OF TARGETCOMPANY RANSOMWARE TARGETS VMWARE ESXI ENVIRONMENTS

A new Linux variant of the TargetCompany ransomware family targets VMware ESXi
environments using a custom shell script. A new variant of the TargetCompany
ransomware group uses a custom shell sc ...

Pierluigi Paganini June 06, 2024
Security

FBI OBTAINED 7,000 LOCKBIT DECRYPTION KEYS, VICTIMS SHOULD CONTACT THE FEDS TO
GET SUPPORT

The FBI is informing victims of LockBit ransomware it has obtained over 7,000
LockBit decryption keys that could allow some of them to decrypt their data. The
FBI is inviting victims of LockBit ra ...

Pierluigi Paganini June 06, 2024
Malware

RANSOMHUB OPERATION IS A REBRANDED VERSION OF THE KNIGHT RAAS

Researchers believe the RansomHub ransomware-as-a-service is a rebranded version
of the Knight ransomware operation. Cybersecurity experts who analyzed the
recently emerged ransomware operation Ra ...

Pierluigi Paganini June 06, 2024
Digital ID

MALWARE CAN STEAL DATA COLLECTED BY THE WINDOWS RECALL TOOL, EXPERTS WARN

Cybersecurity researchers demonstrated how malware could potentially steal data
collected by the new Windows Recall tool. The Recall feature of Microsoft
Copilot+ is an AI-powered tool designed to ...

Pierluigi Paganini June 05, 2024
Breaking News

CISCO ADDRESSED WEBEX FLAWS USED TO COMPROMISE GERMAN GOVERNMENT MEETINGS

Cisco addressed vulnerabilities that were exploited to compromise the Webex
meetings of the German government. In early May, German media outlet Zeit Online
revealed that threat actors exploited v ...

Pierluigi Paganini June 05, 2024
Hacking

CNN, PARIS HILTON, AND SONY TIKTOK ACCOUNTS HACKED VIA DMS

A vulnerability in the popular video-sharing platform TikTok allowed threat
actors to take over the accounts of celebrities. Threat actors exploited a
zero-day vulnerability in the video-sharing p ...

Pierluigi Paganini June 05, 2024
Security

ZYXEL ADDRESSED THREE RCES IN END-OF-LIFE NAS DEVICES

Zyxel Networks released an emergency security update to address critical
vulnerabilities in end-of-life NAS devices. Zyxel Networks released an emergency
security update to address three critical ...

Pierluigi Paganini June 05, 2024
Cyber Crime

A RANSOMWARE ATTACK ON SYNNOVIS IMPACTED SEVERAL LONDON HOSPITALS

A ransomware attack that hit the provider of pathology and diagnostic services
Synnovis severely impacted the operations of several London hospitals. A
ransomware attack on pathology and diagnosti ...

Pierluigi Paganini June 04, 2024
Data Breach

RANSOMHUB GANG CLAIMS THE HACK OF THE TELECOMMUNICATIONS GIANT FRONTIER
COMMUNICATIONS

The RansomHub ransomware group added the American telecommunications company
Frontier Comunications to the list of victims on its Tor leak site. The
RansomHub ransomware group claimed to have stol ...

Pierluigi Paganini June 04, 2024
Cyber Crime

CYBERCRIMINALS ATTACK BANKING CUSTOMERS IN EU WITH V3B PHISHING KIT - PHOTOTAN
AND SMARTID SUPPORTED.

Resecurity uncovered a cybercriminal group that is providing a sophisticated
phishing kit, named V3B, to target banking customers in the EU. Resecurity has
uncovered a new cybercriminal group pro ...

Pierluigi Paganini June 04, 2024
Hacking

EXPERTS RELEASED POC EXPLOIT CODE FOR A CRITICAL BUG IN PROGRESS TELERIK REPORT
SERVERS

Researchers published a PoC exploit code for an authentication bypass
vulnerability on Progress Telerik Report Servers. Researchers published a
proof-of-concept (PoC) exploit code for an authentic ...

Pierluigi Paganini June 04, 2024
Security

MULTIPLE FLAWS IN COX MODEMS COULD HAVE IMPACTED MILLIONS OF DEVICES

Researcher discovered several authorization bypass vulnerabilities in Cox modems
that potentially impacted millions of devices. The security researcher Sam Curry
discovered multiple issues in Cox ...

Pierluigi Paganini June 04, 2024
Hacking

CISA ADDS ORACLE WEBLOGIC SERVER FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

CISA adds Oracle WebLogic Server OS command injection vulnerability to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added an Oracl ...

Pierluigi Paganini June 03, 2024
Cyber Crime

SPANISH POLICE SHUT DOWN ILLEGAL TV STREAMING NETWORK

Spanish police dismantled a pirated TV streaming network that allowed its
operators to earn over 5,300,000 euros since 2015. The Spanish National Police
dismantled a network that illicitly distri ...

Pierluigi Paganini June 03, 2024
APT

APT28 TARGETS KEY NETWORKS IN EUROPE WITH HEADLACE MALWARE

Russia-linked APT28 used the HeadLace malware and credential-harvesting web
pages in attacks against networks across Europe. Researchers at Insikt Group
observed Russian GRU's unit APT28 targeti ...

Pierluigi Paganini June 03, 2024
Deep Web

EXPERTS FOUND INFORMATION OF EUROPEAN POLITICIANS ON THE DARK WEB

Personal information of hundreds of British and EU politicians is available on
dark web marketplaces. According to research conducted by Proton and Constella
Intelligence, the email addresses and ...

Pierluigi Paganini June 03, 2024
Hacking

FLYINGYETI TARGETS UKRAINE USING WINRAR EXPLOIT TO DELIVER COOKBOX MALWARE

Russia-linked threat actor FlyingYeti is targeting Ukraine with a phishing
campaign to deliver the PowerShell malware COOKBOX. Cloudflare researchers
discovered phishing campaign conducted by a R ...

Pierluigi Paganini June 02, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 474 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini June 02, 2024
Data Breach

TICKETMASTER CONFIRMS DATA BREACH IMPACTING 560 MILLION CUSTOMERS

Ticketmaster owner Live Nation confirmed the Ticketmaster data breach that
compromised the data of 560 million customers. ShinyHunters, the current
administrator of BreachForums, recently cla ...

Pierluigi Paganini June 01, 2024
Hacking

CRITICAL APACHE LOG4J2 FLAW STILL THREATENS GLOBAL FINANCE

The vulnerability CVE-2021-44832 is Apache Log4j2 library is still a serious
problem for multiple industries, expert warns it threatens global Finance. The
independent cyber threat intelligence an ...

Pierluigi Paganini June 01, 2024
Security

CROOKS STOLE MORE THAN $300M WORTH OF BITCOIN FROM THE EXCHANGE DMM BITCOIN

Crooks stole approximately 48.2 billion yen ($304 million) worth of Bitcoin from
the Japanese cryptocurrency exchange DMM Bitcoin. The Japanese cryptocurrency
exchange DMM Bitcoin announced that c ...

Pierluigi Paganini June 01, 2024
Data Breach

SHINYHUNTERS IS SELLING DATA OF 30 MILLION SANTANDER CUSTOMERS

The threat actor ShinyHunters claims breach of Santander and is offering for
sale bank data, including information for 30 million customers. A notorious
threat actor ShinyHunters is offering a hug ...

Pierluigi Paganini May 31, 2024
Malware

OVER 600,000 SOHO ROUTERS WERE DESTROYED BY CHALUBO MALWARE IN 72 HOURS 

The Chalubo trojan destroyed over 600,000 SOHO routers from a single ISP,
researchers from Lumen Technologies reported. Between October 25 and October 27,
2023, the Chalubo malware destroyed more ...

Pierluigi Paganini May 31, 2024
APT

LILACSQUID APT TARGETED ORGANIZATIONS IN THE U.S., EUROPE, AND ASIA SINCE AT
LEAST 2021

A previously undocumented APT group tracked as LilacSquid targeted organizations
in the U.S., Europe, and Asia since at least 2021. Cisco Talos researchers
reported that a previously undocumented ...

Pierluigi Paganini May 31, 2024
Data Breach

BBC DISCLOSED A DATA BREACH IMPACTING ITS PENSION SCHEME MEMBERS

The BBC disclosed a data breach that exposed the personal information of BBC
Pension Scheme members. The BBC disclosed a data breach that occurred on May 21.
Threat actors gained access to files o ...

Pierluigi Paganini May 31, 2024
Security

CISA ADDS CHECK POINT QUANTUM SECURITY GATEWAYS AND LINUX KERNEL FLAWS TO ITS
KNOWN EXPLOITED VULNERABILITIES CATALOG

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its
Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and
Infrastructure Security Agency (CISA) added the f ...

Pierluigi Paganini May 30, 2024
Malware

EXPERTS FOUND A MACOS VERSION OF THE SOPHISTICATED LIGHTSPY SPYWARE

Researchers spotted a macOS version of the LightSpy surveillance framework that
has been active in the wild since at least January 2024. Researchers from
ThreatFabric discovered a macOS version of ...

Pierluigi Paganini May 30, 2024
Cyber Crime

OPERATION ENDGAME, THE LARGEST LAW ENFORCEMENT OPERATION EVER AGAINST BOTNETS

An international law enforcement operation, called Operation Endgame targeted
multiple botnets and their operators. Between 27 and 29 May 2024, an
international law enforcement operation coordinat ...

Pierluigi Paganini May 30, 2024
Cyber Crime

LAW ENFORCEMENT OPERATION DISMANTLED 911 S5 BOTNET

An international law enforcement operation led by the U.S. DoJ disrupted the 911
S5 botnet and led to the arrest of its administrator. The U.S. Justice
Department led an international law enforcem ...

Pierluigi Paganini May 30, 2024
Cyber Crime

OKTA WARNS OF CREDENTIAL STUFFING ATTACKS TARGETING ITS CROSS-ORIGIN
AUTHENTICATION FEATURE

Identity and access management firm Okta warns of credential stuffing attacks
targeting the Customer Identity Cloud (CIC) feature. Okta warns of credential
stuffing attacks targeting its Custome ...

Pierluigi Paganini May 30, 2024
Digital ID

CHECK POINT RELEASED HOTFIX FOR ACTIVELY EXPLOITED VPN ZERO-DAY

Check Point released hotfixes for a VPN zero-day vulnerability, tracked
as CVE-2024-24919, which is actively exploited in attacks in the wild. Check
Point released hotfixes to address a VPN zero- ...

Pierluigi Paganini May 29, 2024
Data Breach

ABN AMRO DISCLOSES DATA BREACH FOLLOWING AN ATTACK ON A THIRD-PARTY PROVIDER

Dutch bank ABN Amro discloses data breach following a ransomware attack hit the
third-party services provider AddComm. Dutch bank ABN Amro disclosed a data
breach after third-party services provid ...

Pierluigi Paganini May 29, 2024
Cyber Crime

CHRISTIE DISCLOSED A DATA BREACH AFTER A RANSOMHUB ATTACK

Auction house Christie disclosed a data breach following a RansomHub cyber
attack that occurred this month. Auction house Christie’s disclosed a data
breach after the ransomware group RansomHub ...

Pierluigi Paganini May 28, 2024
Hacking

EXPERTS RELEASED POC EXPLOIT CODE FOR RCE IN FORTINET SIEM

Researchers released a proof-of-concept (PoC) exploit for remote code execution
flaw CVE-2024-23108 in Fortinet SIEM solution. Security researchers at
Horizon3's Attack Team released a proof-of-co ...

Pierluigi Paganini May 28, 2024
Malware

WORDPRESS PLUGIN ABUSED TO INSTALL E-SKIMMERS IN E-COMMERCE SITES

Threat actors are exploiting a WordPress plugin to insert malicious PHP code in
e-commerce sites and steal credit card data. Sucuri researchers observed threat
actors using a PHP snippet WordPress ...

Pierluigi Paganini May 28, 2024
Hacking

TP-LINK ARCHER C5400X GAMING ROUTER IS AFFECTED BY A CRITICAL FLAW

Researchers warn of a critical remote code execution vulnerability in TP-Link
Archer C5400X gaming router. Researchers at OneKey discovered a a critical
remote code execution (RCE) vulnerabil ...

Pierluigi Paganini May 28, 2024
Data Breach

SAV-RX DATA BREACH IMPACTED OVER 2.8 MILLION INDIVIDUALS

Prescription service firm Sav-Rx disclosed a data breach that potentially
impacted over 2.8 million people in the United States. Prescription service
company Sav-Rx disclosed a data breach after 2 ...

Pierluigi Paganini May 27, 2024
Security

THE IMPACT OF REMOTE WORK AND CLOUD MIGRATIONS ON SECURITY PERIMETERS

Organizations had to re-examine the traditional business perimeter and migrate
to cloud-based tools to support distributed workforces. What is the impact? The
almost overnight shift to remote work ...

Pierluigi Paganini May 27, 2024
Malware

NEW ATM MALWARE FAMILY EMERGED IN THE THREAT LANDSCAPE

Experts warn of a new ATM malware family that is advertised in the cybercrime
underground, it was developed to target Europe. A threat actor is advertising a
new ATM malware family that claims to ...

Pierluigi Paganini May 27, 2024
Security

A HIGH-SEVERITY VULNERABILITY AFFECTS CISCO FIREPOWER MANAGEMENT CENTER

Cisco addressed a SQL injection vulnerability in the web-based management
interface of the Firepower Management Center (FMC) Software.  Cisco addressed a
vulnerability, tracked as CVE-2024-20360 ...

Pierluigi Paganini May 27, 2024
Cyber warfare

CERT-UA WARNS OF MALWARE CAMPAIGN CONDUCTED BY THREAT ACTOR UAC-0006

The Ukraine CERT-UA warns of a concerning increase in cyberattacks attributed to
the financially-motivated threat actor UAC-0006. The Computer Emergency Response
Team of Ukraine (CERT-UA) warned o ...

Pierluigi Paganini May 26, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 473 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini May 26, 2024
Hacking

MALWARE-LACED JAVS VIEWER DEPLOYS RUSTDOOR IMPLANT IN SUPPLY CHAIN ATTACK

Malicious actors compromised the JAVS Viewer installer to deliver the RustDoor
malware in a supply chain attack. Rapid7 researchers warned that threat actors
added a backdoor to the installer for ...

Pierluigi Paganini May 26, 2024
Cyber Crime

FAKE AV WEBSITES USED TO DISTRIBUTE INFO-STEALER MALWARE

Threat actors used fake AV websites masquerading as legitimate antivirus
products from Avast, Bitdefender, and Malwarebytes to distribute malware. In
mid-April 2024, researchers at Trellix Advance ...

Pierluigi Paganini May 25, 2024
APT

MITRE DECEMBER 2023 ATTACK: THREAT ACTORS CREATED ROGUE VMS TO EVADE DETECTION

The MITRE Corporation revealed that threat actors behind the December 2023
attacks created rogue virtual machines (VMs) within its environment. The MITRE
Corporation has provided a new update abou ...

Pierluigi Paganini May 25, 2024
Hacking

AN XSS FLAW IN GITLAB ALLOWS ATTACKERS TO TAKE OVER ACCOUNTS

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that
allows unauthenticated attackers to take over user accounts. GitLab fixed a
high-severity XSS vulnerability, tracked ...

Pierluigi Paganini May 24, 2024
Hacking

GOOGLE FIXES EIGHTH ACTIVELY EXPLOITED CHROME ZERO-DAY THIS YEAR, THE THIRD IN A
MONTH

Google rolled out a new emergency security update to fix another actively
exploited zero-day vulnerability in the Chrome browser. Google has released a
new emergency security update to address a n ...

Pierluigi Paganini May 24, 2024
Security

CISA ADDS APACHE FLINK FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

CISA adds Apache Flink improper access control vulnerability to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added a NextGen Healt ...

Pierluigi Paganini May 24, 2024
Hacking

USAGE OF TLS IN DDNS SERVICES LEADS TO INFORMATION DISCLOSURE IN MULTIPLE
VENDORS

The use of Dynamic DNS (DDNS) services embedded in appliances can potentially
expose data and devices to attacks. The use of Dynamic DNS (DDNS) services
embedded in appliances, such as those provi ...

Pierluigi Paganini May 24, 2024
Security

RECALL FEATURE IN MICROSOFT COPILOT+ PCS RAISES PRIVACY AND SECURITY CONCERNS

UK data watchdog is investigating Microsoft regarding the new Recall feature in
Copilot+ PCs that captures screenshots of the user's laptop every few seconds.
The UK data watchdog, the Information ...

Pierluigi Paganini May 24, 2024
APT

APT41: THE THREAT OF KEYPLUG AGAINST ITALIAN INDUSTRIES

Tinexta Cyber’s Zlab Malware Team uncovered a backdoor known as KeyPlug employed
in attacks against several Italian industries During an extensive investigation,
Tinexta Cyber’s Zlab Malware T ...

Pierluigi Paganini May 23, 2024
Security

CRITICAL SQL INJECTION FLAWS IMPACT IVANTI ENDPOINT MANAGER (EPM)

Ivanti addressed multiple flaws in the Endpoint Manager (EPM), including remote
code execution vulnerabilities. Ivanti this week rolled out security patches to
address multiple critical vulnerabil ...

Pierluigi Paganini May 23, 2024
APT

CHINESE ACTOR 'UNFADING SEA HAZE' REMAINED UNDETECTED FOR FIVE YEARS

A previously unknown China-linked threat actor dubbed 'Unfading Sea Haze' has
been targeting military and government entities since 2018. Bitdefender
researchers discovered a previously unknown Ch ...

Pierluigi Paganini May 23, 2024
Uncategorized

A CONSUMER-GRADE SPYWARE APP FOUND IN CHECK-IN SYSTEMS OF 3 US HOTELS

A researcher discovered a consumer-grade spyware app on the check-in systems of
at least three Wyndham hotels across the US. The security researcher Eric Daigle
discovered a commercial spyware app ...

Pierluigi Paganini May 23, 2024
Security

CRITICAL VEEAM BACKUP ENTERPRISE MANAGER AUTHENTICATION BYPASS BUG

A critical security vulnerability in Veeam Backup Enterprise Manager could allow
threat actors to bypass authentication. A critical vulnerability, tracked
as CVE-2024-29849 (CVSS score: 9.8), in ...

Pierluigi Paganini May 22, 2024
Cyber Crime

CYBERCRIMINALS ARE TARGETING ELECTIONS IN INDIA WITH INFLUENCE CAMPAIGNS

Resecurity warns of a surge in malicious cyber activity targeting the election
in India, orchestrated by several independent hacktivist groups Resecurity has
identified a spike of malicious cyber ...

Pierluigi Paganini May 22, 2024
Hacking

CRITICAL GITHUB ENTERPRISE SERVER AUTHENTICATION BYPASS BUG. FIX IT NOW!

GitHub addressed a vulnerability in the GitHub Enterprise Server (GHES) that
could allow an attacker to bypass authentication. GitHub has rolled out security
fixes to address a critical authentica ...

Pierluigi Paganini May 22, 2024
Data Breach

OMNIVISION DISCLOSED A DATA BREACH AFTER THE 2023 CACTUS RANSOMWARE ATTACK

The digital imaging products manufacturer OmniVision disclosed a data breach
after the 2023 ransomware attack. OmniVision Technologies is a company that
specializes in developing advanced digital ...

Pierluigi Paganini May 22, 2024
Security

CISA ADDS NEXTGEN HEALTHCARE MIRTH CONNECT FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

CISA adds NextGen Healthcare Mirth Connect deserialization of untrusted data
vulnerability to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini May 21, 2024
Cyber Crime

BLACKBASTA GROUP CLAIMS TO HAVE HACKED ATLAS, ONE OF THE LARGEST US OIL
DISTRIBUTORS

The Blackbasta extortion group claims to have hacked Atlas, one of the largest
national distributors of fuel in the United States. Atlas is one of the largest
national fuel distributors to 49 cont ...

Pierluigi Paganini May 21, 2024
Hacking

EXPERTS WARN OF A FLAW IN FLUENT BIT UTILITY THAT IS USED BY MAJOR CLOUD
PLATFORMS AND FIRMS

A vulnerability in the Fluent Bit Utility, which is used by major cloud
providers, can lead to DoS, information disclosure, and potentially RCE. Tenable
researchers have discovered a severe vulner ...

Pierluigi Paganini May 21, 2024
Hacking

EXPERTS RELEASED POC EXPLOIT CODE FOR RCE IN QNAP QTS

Experts warn of fifteen vulnerabilities in the QNAP QTS, the operating system
for the Taiwanese vendor's NAS products. An audit of QNAP QTS conducted by
WatchTowr Labs revealed fifteen vulnerabili ...

Pierluigi Paganini May 21, 2024
Cyber Crime

GITCAUGHT CAMPAIGN RELIES ON GITHUB AND FILEZILLA TO DELIVER MULTIPLE MALWARE

Researchers discovered a sophisticated cybercriminal campaign by
Russian-speaking threat actors that used GitHub to distribute malware. Recorded
Future's Insikt Group discovered a sophisticated cy ...

Pierluigi Paganini May 20, 2024
Hacking

TWO STUDENTS UNCOVERED A FLAW THAT ALLOWS TO USE LAUNDRY MACHINES FOR FREE

Two students discovered a security flaw in over a million internet-connected
laundry machines that could allow laundry for free. CSC ServiceWorks is a
company that provides laundry services and ai ...

Pierluigi Paganini May 20, 2024
Malware

GRANDOREIRO BANKING TROJAN IS BACK AND TARGETS BANKS WORLDWIDE

A new Grandoreiro banking trojan campaign has been ongoing since March 2024,
following the disruption by law enforcement in January. IBM X-Force warns of a
new Grandoreiro banking trojan ...

Pierluigi Paganini May 20, 2024
Data Breach

HEALTHCARE FIRM WEBTPA DATA BREACH IMPACTED 2.5 MILLION INDIVIDUALS

WebTPA, a third-party administrator that provides healthcare management and
administrative services, disclosed a data breach. WebTPA is a third-party
administrator that provides healthcare managem ...

Pierluigi Paganini May 19, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 472 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini May 19, 2024
APT

NORTH KOREA-LINKED KIMSUKY USED A NEW LINUX BACKDOOR IN RECENT ATTACKS

Symantec warns of a new Linux backdoor used by the North Korea-linked Kimsuky
APT in a recent campaign against organizations in South Korea.  Symantec
researchers observed the North Korea-linked ...

Pierluigi Paganini May 19, 2024
Intelligence

NORTH KOREA-LINKED IT WORKERS INFILTRATED HUNDREDS OF US FIRMS

The U.S. Justice Department charged five individuals, including a U.S. woman,
for aiding North Korea-linked IT workers to infiltrate 300 firms. The Justice
Department unsealed charges against an A ...

Pierluigi Paganini May 18, 2024
APT

TURLA APT USED TWO NEW BACKDOORS TO INFILTRATE A EUROPEAN MINISTRY OF FOREIGN
AFFAIRS

Russia-linked Turla APT allegedly used two new backdoors, named Lunar malware
and LunarMail, to target European government agencies. ESET researchers
discovered two previously unknown backdoors na ...

Pierluigi Paganini May 17, 2024
Cyber Crime

CITY OF WICHITA DISCLOSED A DATA BREACH AFTER THE RECENT RANSOMWARE ATTACK

The City of Wichita disclosed a data breach after the ransomware attack that hit
the Kansas's city earlier this month. On May 5th, 2024, the City of Wichita,
Kansas, was the victim of a ransomware ...

Pierluigi Paganini May 17, 2024
Security

CISA ADDS D-LINK DIR ROUTER FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

CISA adds two D-Link DIR-600 and DIR-605 router vulnerabilities to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added the followi ...

Pierluigi Paganini May 17, 2024
Cyber Crime

CISA ADDS GOOGLE CHROME ZERO-DAYS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

CISA adds two Chrome zero-day vulnerabilities to its Known Exploited
Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security
Agency (CISA) added [1,2] the following vulnerabil ...

Pierluigi Paganini May 17, 2024
APT

NORTH KOREA-LINKED KIMSUKY APT ATTACK TARGETS VICTIMS VIA MESSENGER

North Korea-linked Kimsuky APT group employs rogue Facebook accounts to target
victims via Messenger and deliver malware. Researchers at Genians Security
Center (GSC) identified a new at ...

Pierluigi Paganini May 17, 2024
Cyber Crime

ELECTRONIC PRESCRIPTION PROVIDER MEDISECURE IMPACTED BY A RANSOMWARE ATTACK

Electronic prescription provider MediSecure in Australia suffered a ransomware
attack likely originate from a third-party vendor. MediSecure is a company that
provides digital health solutions, pa ...

Pierluigi Paganini May 16, 2024
Hacking

GOOGLE FIXES SEVENTH ACTIVELY EXPLOITED CHROME ZERO-DAY THIS YEAR, THE THIRD IN
A WEEK

Google released security updates to address a new actively exploited Chrome
zero-day vulnerability, the third in a week. Google has released a new emergency
security update to address a new vulner ...

Pierluigi Paganini May 16, 2024
Data Breach

SANTANDER: A DATA BREACH AT A THIRD-PARTY PROVIDER IMPACTED CUSTOMERS AND
EMPLOYEES

The Spanish bank Santander disclosed a data breach at a third-party provider
that impacted customers in Chile, Spain, and Uruguay. The Spanish financial
institution Santander revealed a data breac ...

Pierluigi Paganini May 16, 2024
Cyber Crime

FBI SEIZED THE NOTORIOUS BREACHFORUMS HACKING FORUM

An international law enforcement operation coordinated by the FBI led to the
seizure of the notorious BreachForums hacking forum. BreachForums is a
cybercrime forum used by threat actors to purcha ...

Pierluigi Paganini May 15, 2024
Cyber Crime

A TORNADO CASH DEVELOPER HAS BEEN SENTENCED TO 64 MONTHS IN PRISON

One of the developers of the Tornado Cash cryptocurrency mixer has been
sentenced to 64 months in prison. Alexey Pertsev (29), one of the main
developers of the Tornado Cash cryptocurrency mixer h ...

Pierluigi Paganini May 15, 2024
Security

ADOBE FIXED MULTIPLE CRITICAL FLAWS IN ACROBAT AND READER

Adobe addressed multiple code execution vulnerabilities in several products,
including Adobe Acrobat and Reader. Adobe addressed multiple code execution
vulnerabilities in its products, including ...

Pierluigi Paganini May 15, 2024
Data Breach

RANSOMWARE ATTACK ON SINGING RIVER HEALTH SYSTEM IMPACTED 895,000 PEOPLE

The Singing River Health System revealed that the ransomware attack that hit the
organization in August 2023 impacted 895,204 people. At the end of August 2023,
the systems at three hospitals and ...

Pierluigi Paganini May 15, 2024
Security

MICROSOFT PATCH TUESDAY SECURITY UPDATES FOR MAY 2024 FIXES 2 ACTIVELY EXPLOITED
ZERO-DAYS

Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across
various products including an actively exploited zero-day. Microsoft Patch
Tuesday security updates for May 2024 address ...

Pierluigi Paganini May 14, 2024
Hacking

VMWARE FIXED ZERO-DAY FLAWS DEMONSTRATED AT PWN2OWN VANCOUVER 2024

VMware fixed four flaws in its Workstation and Fusion desktop hypervisors,
including three zero-days exploited at the Pwn2Own Vancouver 2024 VMware
addressed four vulnerabilities in its Workstatio ...

Pierluigi Paganini May 14, 2024
Security

MITRE RELEASED EMB3D THREAT MODEL FOR EMBEDDED DEVICES

The non-profit technology organization MITRE released the EMB3D threat model for
embedded devices used in critical infrastructure. MITRE announced the public
release of its EMB3D threat model for ...

Pierluigi Paganini May 14, 2024
Hacking

GOOGLE FIXES SIXTH ACTIVELY EXPLOITED CHROME ZERO-DAY THIS YEAR

Google released emergency security updates to address an actively exploited
Chrome zero-day vulnerability. Google has released emergency security updates to
address a high-severity zero-day vulner ...

Pierluigi Paganini May 14, 2024
Malware

PHORPIEX BOTNET SENT MILLIONS OF PHISHING EMAILS TO DELIVER LOCKBIT BLACK
RANSOMWARE

Experts reported that since April, the Phorpiex botnet sent millions of phishing
emails to spread LockBit Black ransomware. New Jersey's Cybersecurity and
Communications Integration Cell (NJCCIC)� ...

Pierluigi Paganini May 14, 2024
Hacking

THREAT ACTORS MAY HAVE EXPLOITED A ZERO-DAY IN OLDER IPHONES, APPLE WARNS

Apple rolled out urgent security updates to address code execution
vulnerabilities in iPhones, iPads, and macOS. Apple released urgent security
updates to address multiple vulnerabilities in iPhon ...

Pierluigi Paganini May 13, 2024
Data Breach

CITY OF HELSINKI SUFFERED A DATA BREACH

The City of Helsinki suffered a data breach that impacted tens of thousands of
students, guardians, and personnel. The Police of Finland is investigating a
data breach suffered by the City of Hels ...

Pierluigi Paganini May 13, 2024
Cyber Crime

RUSSIAN HACKERS DEFACED LOCAL BRITISH NEWS SITES

A group of hackers that defines itself as “first-class Russian hackers” claims
the defacement of hundreds of local and regional British newspaper websites. A
group claiming to be "first-class ...

Pierluigi Paganini May 13, 2024
Data Breach

AUSTRALIAN FIRSTMAC LIMITED DISCLOSED A DATA BREACH AFTER CYBER ATTACK

Firstmac Limited disclosed a data breach after the new Embargo extortion group
leaked over 500GB of data allegedly stolen from the company. Firstmac Limited,
one of the largest non-bank lenders i ...

Pierluigi Paganini May 13, 2024
Hacking

PRO-RUSSIA HACKERS TARGETED KOSOVO’S GOVERNMENT WEBSITES

Pro-Russia hackers targeted government websites in Kosovo in retaliation for the
government's support to Ukraine with military equipment. Pro-Russia hackers
targeted Kosovo government websites, in ...

Pierluigi Paganini May 12, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 471 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini May 12, 2024
Cyber Crime

AS OF MAY 2024, BLACK BASTA RANSOMWARE AFFILIATES HACKED OVER 500 ORGANIZATIONS
WORLDWIDE

Black Basta ransomware affiliates have breached over 500 organizations between
April 2022 and May 2024, FBI and CISA reported. The FBI, CISA, HHS, and MS-ISAC
have issued a joint Cybersecurity Adv ...

Pierluigi Paganini May 12, 2024
Data Breach

OHIO LOTTERY DATA BREACH IMPACTED OVER 538,000 INDIVIDUALS

The cyber attack on the Ohio Lottery on Christmas Eve exposed the personal data
of over 538,000 individuals. On Christmas Eve, a cyberattack targeting the Ohio
Lottery resulted in the exposure of ...

Pierluigi Paganini May 11, 2024
Cyber Crime

NOTORIUS THREAT ACTOR INTELBROKER CLAIMS THE HACK OF THE EUROPOL

Notorius threat actor IntelBroker claims that Europol has suffered a data breach
that exposed FOUO and other classified data. The threat actor IntelBroker
announced on the cybercrime forum Breach ...

Pierluigi Paganini May 11, 2024
Hacking

A CYBERATTACK HIT THE US HEALTHCARE GIANT ASCENSION

A cyberattack hit the US Healthcare giant Ascension and is causing disruption of
the systems at hospitals in the country. Ascension is one of the largest
private healthcare systems in the Unit ...

Pierluigi Paganini May 11, 2024
Hacking

GOOGLE FIXES FIFTH ACTIVELY EXPLOITED CHROME ZERO-DAY THIS YEAR

Since the start of the year, Google released an update to fix the fifth actively
exploited zero-day vulnerability in the Chrome browser. Google this week
released security updates to address a zer ...

Pierluigi Paganini May 10, 2024
APT

RUSSIA-LINKED APT28 TARGETS GOVERNMENT POLISH INSTITUTIONS

CERT Polska warns of a large-scale malware campaign against Polish government
institutions conducted by Russia-linked APT28. CERT Polska and CSIRT MON teams
issued a warning about a large-scale ma ...

Pierluigi Paganini May 10, 2024
Security

CITRIX WARNS CUSTOMERS TO UPDATE PUTTY VERSION INSTALLED ON THEIR XENCENTER
SYSTEM MANUALLY

Citrix urges customers to manually address a PuTTY SSH client flaw that could
allow attackers to steal a XenCenter admin's private SSH key. Versions of
XenCenter for Citrix Hypervisor 8.2 CU1 LTSR ...

Pierluigi Paganini May 10, 2024
Breaking News

DELL DISCLOSES DATA BREACH IMPACTING MILLIONS OF CUSTOMERS

Dell disclosed a security breach that exposed millions of customers' names and
physical mailing addresses. IT giant Dell suffered a data breach exposing
customers’ names and physical addresses, ...

Pierluigi Paganini May 09, 2024
Cyber Crime

MIRAI BOTNET ALSO SPREADS THROUGH THE EXPLOITATION OF IVANTI CONNECT SECURE BUGS

Threat actors exploit recently disclosed Ivanti Connect Secure (ICS)
vulnerabilities to deploy the Mirai botnet. Researchers from Juniper Threat Labs
reported that threat actors are exploiting rec ...

Pierluigi Paganini May 09, 2024
Cyber Crime

ZSCALER IS INVESTIGATING DATA BREACH CLAIMS

Cybersecurity firm Zscaler is investigating claims of a data breach after
hackers offered access to its network. Cybersecurity firm Zscaler is
investigating allegations of a data breach following ...

Pierluigi Paganini May 09, 2024
Security

EXPERTS WARN OF TWO BIG-IP NEXT CENTRAL MANAGER FLAWS THAT ALLOW DEVICE TAKEOVER

Two high-severity vulnerabilities in BIG-IP Next Central Manager can be
exploited to gain admin control and create hidden accounts on any managed
assets. F5 has addressed two high-severity vulnera ...

Pierluigi Paganini May 09, 2024
Cyber Crime

LOCKBIT GANG CLAIMED RESPONSIBILITY FOR THE ATTACK ON CITY OF WICHITA

The LockBit ransomware group has added the City of Wichita to its Tor leak site
and threatened to publish stolen data. Last week, the City of Wichita, Kansas,
was the victim of a ransomware attack ...

Pierluigi Paganini May 08, 2024
Hacking

NEW TUNNELVISION TECHNIQUE CAN BYPASS THE VPN ENCAPSULATION

TunnelVision is a new VPN bypass technique that enables threat actors to spy on
users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers
recently identified a novel attack ...

Pierluigi Paganini May 08, 2024
Hacking

LITESPEED CACHE WORDPRESS PLUGIN ACTIVELY EXPLOITED IN THE WILD

Threat actors are exploiting a high-severity vulnerability in the LiteSpeed
Cache plugin for WordPress to take over web sites. WPScan researchers reported
that threat actors are exploiting a high- ...

Pierluigi Paganini May 08, 2024
Hacking

MOST TINYPROXY INSTANCES ARE POTENTIALLY VULNERABLE TO FLAW CVE-2023-49606

A critical Remote Code Execution vulnerability in the Tinyproxy service
potentially impacted 50,000 Internet-Exposing hosts. Researchers from Cisco
Talos reported a use-after-free vulnerability in ...

Pierluigi Paganini May 08, 2024
Data Breach

UK MINISTRY OF DEFENSE DISCLOSED A THIRD-PARTY DATA BREACH EXPOSING MILITARY
PERSONNEL DATA 

The UK Ministry of Defense disclosed a data breach at a third-party payroll
system that exposed data of armed forces personnel and veterans. The UK Ministry
of Defense disclosed a data breach impa ...

Pierluigi Paganini May 08, 2024
Cyber Crime

LAW ENFORCEMENT AGENCIES IDENTIFIED LOCKBIT RANSOMWARE ADMIN AND SANCTIONED HIM

The FBI, UK National Crime Agency, and Europol revealed the identity of the
admin of the LockBit operation and sanctioned him. The FBI, UK National Crime
Agency, and Europol have unmasked the ...

Pierluigi Paganini May 07, 2024
Hacking

MITRE ATTRIBUTES THE RECENT ATTACK TO CHINA-LINKED UNC5221

MITRE published more details on the recent security breach, including a timeline
of the attack and attribution evidence. MITRE has shared more details on the
recent hack, including the new malware ...

Pierluigi Paganini May 07, 2024
Cyber Crime

ALEXANDER VINNIK, THE OPERATOR OF BTC-E EXCHANGE, PLEADED GUILTY TO MONEY
LAUNDERING

Alexander Vinnik, a Russian operator of virtual currency exchange BTC-e pleaded
guilty to participating in a money laundering scheme. Alexander Vinnik, a
Russian national, pleaded guilty to conspi ...

Pierluigi Paganini May 07, 2024
Security

CITY OF WICHITA HIT BY A RANSOMWARE ATTACK

The City of Wichita in Kansas was forced to shut down its computer systems after
a ransomware attack. The City of Wichita, Kansas, was the victim of a ransomware
attack and shut down its network t ...

Pierluigi Paganini May 06, 2024
Data Breach

EL SALVADOR SUFFERED A MASSIVE LEAK OF BIOMETRIC DATA

Resecurity found a massive leak involving the exposure of personally
identifiable information (PII) of over five million citizens of El Salvador on
the Dark Web. Resecurity identified a massive le ...

Pierluigi Paganini May 06, 2024
Malware

FINLAND AUTHORITIES WARN OF ANDROID MALWARE CAMPAIGN TARGETING BANK USERS

Finland's Transport and Communications Agency (Traficom) warned about an ongoing
Android malware campaign targeting bank accounts. Traficom, Finland's Transport
and Communications Agency, issued a ...

Pierluigi Paganini May 06, 2024
Cyber Crime

RANSOMWARE DRAMA: LAW ENFORCEMENT SEIZED LOCKBIT GROUP'S WEBSITE AGAIN

Law enforcement seized the Lockbit group's Tor website again and announced they
will reveal more identities of its operators Law enforcement seized the Lockbit
group's Tor website again. The autho ...

Pierluigi Paganini May 05, 2024
APT

NATO AND THE EU FORMALLY CONDEMNED RUSSIA-LINKED APT28 CYBER ESPIONAGE

NATO and the European Union formally condemned cyber espionage operations
carried out by the Russia-linked APT28 against European countries. NATO and the
European Union condemned cyber espionage o ...

Pierluigi Paganini May 05, 2024
Security

SECURITY AFFAIRS NEWSLETTER ROUND 470 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini May 05, 2024
Security

BLACKBASTA GANG CLAIMED RESPONSIBILITY FOR SYNLAB ITALIA ATTACK

The Blackbasta extortion group claimed responsibility for the attack that in
April severely impacted the operations of Synlab Italia. Since April 18, Synlab
Italia, a major provider of medical dia ...

Pierluigi Paganini May 04, 2024
Cyber Crime

LOCKBIT PUBLISHED DATA STOLEN FROM SIMONE VEIL HOSPITAL IN CANNES

LockBit ransomware operators have published sensitive data allegedly stolen from
the Simone Veil hospital in Cannes. In April, a cyber attack hit the Hospital
Simone Veil in Cannes (CHC-SV), impac ...

Pierluigi Paganini May 03, 2024
APT

RUSSIA-LINKED APT28 AND CROOKS ARE STILL USING THE MOOBOT BOTNET

The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and
cybercriminals organizations. Trend Micro researchers reported that the
EdgeRouter botnet, called Moobot, used by the ...

Pierluigi Paganini May 03, 2024
Hacking

DIRTY STREAM ATTACK POSES BILLIONS OF ANDROID INSTALLS AT RISK

Microsoft devised an attack technique, dubbed 'Dirty Stream,' impacting widely
used Android applications, billions of installations are at risk. Microsoft is
warning Android users about a new atta ...

Pierluigi Paganini May 03, 2024
Cyber Crime

ZLOADER MALWARE ADDS ZEUS'S ANTI-ANALYSIS FEATURE

Zloader continues to evolve, its authors added an anti-analysis feature that was
originally present in the Zeus banking trojan. Zloader (aka Terdot, DELoader, or
Silent Night) is a modular trojan ...

Pierluigi Paganini May 03, 2024
Breaking News

UKRAINIAN REVIL GANG MEMBER SENTENCED TO 13 YEARS IN PRISON

A Ukrainian national, a member of the REvil group, has been sentenced to more
than 13 years in prison for his role in extortion activities. The Ukrainian
national, Yaroslav Vasinskyi (24), aka Rab ...

Pierluigi Paganini May 02, 2024
Security

HPE ARUBA NETWORKING ADDRESSED FOUR CRITICAL ARUBAOS RCE FLAWS

HPE Aruba Networking addressed four critical remote code execution
vulnerabilities impacting its ArubaOS network operating system. HPE Aruba
Networking released April 2024 security updates that ad ...

Pierluigi Paganini May 02, 2024
Hacking

THREAT ACTORS HACKED THE DROPBOX SIGN PRODUCTION ENVIRONMENT

Threat actors breached the Dropbox Sign production environment and accessed
customer email addresses and hashed passwords Cloud storage provider DropBox
revealed that threat actors have breached t ...

Pierluigi Paganini May 02, 2024
Security

CISA ADDS GITLAB FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

CISA adds GitLab Community and Enterprise Editions improper access control
vulnerability to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini May 02, 2024
Data Breach

PANDA RESTAURANT GROUP DISCLOSED A DATA BREACH

Panda Restaurant Group disclosed a data breach that occurred in March, resulting
in the theft of associates' personal information. Panda Restaurant Group
disclosed a data breach that occurred in M ...

Pierluigi Paganini May 02, 2024
Intelligence

EX-NSA EMPLOYEE SENTENCED TO 262 MONTHS IN PRISON FOR ATTEMPTING TO TRANSFER
CLASSIFIED DOCUMENTS TO RUSSIA

A former U.S. NSA employee has been sentenced to nearly 22 years in prison for
attempting to sell classified documents to Russia. Jareh Sebastian Dalke (32),
of Colorado Springs, is a former emplo ...

Pierluigi Paganini May 01, 2024
Malware

CUTTLEFISH MALWARE TARGETS ENTERPRISE-GRADE SOHO ROUTERS

A new malware named Cuttlefish targets enterprise-grade and small office/home
office (SOHO) routers to harvest public cloud authentication data. Researchers
at Lumen’s Black Lotus Labs discovere ...

Pierluigi Paganini May 01, 2024
Security

A FLAW IN THE R PROGRAMMING LANGUAGE COULD ALLOW CODE EXECUTION

A flaw in the R programming language enables the execution of arbitrary code
when parsing specially crafted RDS and RDX files. A vulnerability, tracked
as CVE-2024-27322 (CVSS v3: 8.8), ...

Pierluigi Paganini May 01, 2024
APT

MUDDLING MEERKAT, A MYSTERIOUS DNS OPERATION INVOLVING CHINA'S GREAT FIREWALL

The China-linked threat actors Muddling Meerkat are manipulating DNS to probe
networks globally since 2019. Infoblox researchers observed China-linked threat
actors Muddling Meerkat using sophis ...

Pierluigi Paganini May 01, 2024
Cyber Crime

NOTORIOUS FINNISH HACKER SENTENCED TO MORE THAN SIX YEARS IN PRISON

Finnish hacker was sentenced to more than six years in prison for hacking into
an online psychotherapy clinic and attempted extortion. A popular 26-year-old
Finnish hacker Aleksanteri Kivimäki wa ...

Pierluigi Paganini April 30, 2024
Security

CISA GUIDELINES TO PROTECT CRITICAL INFRASTRUCTURE AGAINST AI-BASED THREATS

The US government’s cybersecurity agency CISA published a series of guidelines
to protect critical infrastructure against AI-based attacks. CISA collaborated
with Sector Risk Management Agencies ...

Pierluigi Paganini April 30, 2024
Laws and regulations

NCSC: NEW UK LAW BANS DEFAULT PASSWORDS ON SMART DEVICES

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers
to ban default passwords starting from April 29, 2024. The U.K. National Cyber
Security Centre (NCSC) is urging manuf ...

Pierluigi Paganini April 30, 2024
Laws and regulations

THE FCC IMPOSES $200 MILLION IN FINES ON FOUR US CARRIERS FOR UNLAWFULLY SHARING
USER LOCATION DATA

The Federal Communications Commission (FCC) fined the largest U.S. wireless
carriers $200 million for sharing customers' real-time location data without
consent. The FCC has fined four major U. ...

Pierluigi Paganini April 30, 2024
Mobile

GOOGLE PREVENTED 2.28 MILLION POLICY-VIOLATING APPS FROM BEING PUBLISHED ON
GOOGLE PLAY IN 2023

Google announced they have prevented 2.28 million policy-violating apps from
being published in the official Google Play. Google announced that in 2023, they
have prevented 2.28 million policy-vio ...

Pierluigi Paganini April 29, 2024
Cyber Crime

FINANCIAL BUSINESS AND CONSUMER SOLUTIONS (FBCS) DATA BREACH IMPACTED 2M
INDIVIDUALS

Financial Business and Consumer Solutions (FBCS) suffered a data breach that
exposed information 2 million individuals. Debt collection agency Financial
Business and Consumer Solutions (FBCS) disc ...

Pierluigi Paganini April 29, 2024
Hacktivism

CYBER-PARTISANS HACKTIVISTS CLAIM TO HAVE BREACHED BELARUS KGB

A Belarusian group of activist group claims to have infiltrated the network of
the country’s main KGB agency. The Belarusian hacktivist group Cyber-Partisans
claims to have infiltrated the netwo ...

Pierluigi Paganini April 29, 2024
Data Breach

THE LOS ANGELES COUNTY DEPARTMENT OF HEALTH SERVICES DISCLOSED A DATA BREACH

The Los Angeles County Department of Health Services reported a data breach that
exposed thousands of patients' personal and health information. The Los Angeles
County Department of Health Service ...

Pierluigi Paganini April 29, 2024
Uncategorized

MULTIPLE BROCADE SANNAV SAN MANAGEMENT SW FLAWS ALLOW DEVICE COMPROMISE

Multiple flaws in Brocade SANnav storage area network (SAN) management
application can allow to compromise impacted appliances. Multiple
vulnerabilities found in the Brocade SANnav storage area ne ...

Pierluigi Paganini April 29, 2024
Security

ICICI BANK EXPOSED CREDIT CARD DATA OF 17000 CUSTOMERS

ICICI Bank, a major private bank in India, mistakenly exposed the sensitive data
of thousands of new credit cards to unintended recipients. ICICI Bank, one of
the leading private banks in India, a ...

Pierluigi Paganini April 28, 2024
Hacking

OKTA WARNS OF UNPRECEDENTED SCALE IN CREDENTIAL STUFFING ATTACKS ON ONLINE
SERVICES

Identity and access management services provider Okta warned of a spike in
credential stuffing attacks aimed at online services. In recent weeks, Okta
observed a surge in credential stuffing attac ...

Pierluigi Paganini April 28, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 469 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini April 28, 2024
Hacking

TARGETED OPERATION AGAINST UKRAINE EXPLOITED 7-YEAR-OLD MS OFFICE BUG

A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in
Microsoft Office to deliver Cobalt Strike. Security experts at Deep Instinct
Threat Lab have uncovered a targeted c ...

Pierluigi Paganini April 28, 2024
Data Breach

HACKERS MAY HAVE ACCESSED THOUSANDS OF ACCOUNTS ON THE CALIFORNIA STATE WELFARE
PLATFORM

Threat actors accessed more than 19,000 online accounts on a California state
platform for welfare programs. Threat actors breached over 19,000 online
accounts on a California state platform dedic ...

Pierluigi Paganini April 27, 2024
Malware

BROKEWELL ANDROID MALWARE SUPPORTS AN EXTENSIVE SET OF DEVICE TAKEOVER
CAPABILITIES

ThreatFabric researchers identified a new Android malware called Brokewell,
which implements a wide range of device takeover capabilities. ThreatFabric
researchers uncovered a new mobile malware n ...

Pierluigi Paganini April 27, 2024
Hacking

EXPERTS WARN OF AN ONGOING MALWARE CAMPAIGN TARGETING WP-AUTOMATIC PLUGIN

A critical vulnerability in the WordPress Automatic plugin is being exploited to
inject backdoors and web shells into websites WordPress security scanner WPScan
warns that threat actors are exploi ...

Pierluigi Paganini April 26, 2024
Cyber Crime

CRYPTOCURRENCIES AND CYBERCRIME: A CRITICAL INTERMINGLING

As cryptocurrencies have grown in popularity, there has also been growing
concern about cybercrime involvement in this sector Cryptocurrencies have
revolutionized the financial world, offering new ...

Pierluigi Paganini April 26, 2024
Data Breach

KAISER PERMANENTE DATA BREACH MAY HAVE IMPACTED 13.4 MILLION PATIENTS

Healthcare service provider Kaiser Permanente disclosed a security breach that
may impact 13.4 million individuals in the United States. Kaiser Permanente is
an American integrated managed care  ...

Pierluigi Paganini April 26, 2024
Hacking

OVER 1,400 CRUSHFTP INTERNET-FACING SERVERS VULNERABLE TO CVE-2024-4040 BUG

Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting
recently disclosed CVE-2024-4040 vulnerability. Over 1,400 CrushFTP
internet-facing servers are vulnerable to attac ...

Pierluigi Paganini April 26, 2024
Cyber Crime

SWEDEN’S LIQUOR SUPPLY SEVERELY IMPACTED BY RANSOMWARE ATTACK ON LOGISTICS
COMPANY

A ransomware attack on a Swedish logistics company Skanlog severely impacted the
country's liquor supply.  Skanlog, a critical distributor for Systembolaget, the
Swedish government-owned retail c ...

Pierluigi Paganini April 26, 2024
Security

CISA ADDS CISCO ASA AND FTD AND CRUSHFTP VFS FLAWS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added the following v ...

Pierluigi Paganini April 25, 2024
Hacking

CISA ADDS MICROSOFT WINDOWS PRINT SPOOLER FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added the CVE-2022-3 ...

Pierluigi Paganini April 25, 2024
Cyber Crime

DOJ ARRESTED THE FOUNDERS OF CRYPTO MIXER SAMOURAI FOR FACILITATING $2 BILLION
IN ILLEGAL TRANSACTIONS

The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of
a cryptocurrency mixer Samourai. The U.S. Department of Justice (DoJ) has
arrested two co-founders of the cryptocur ...

Pierluigi Paganini April 25, 2024
Security

GOOGLE FIXED CRITICAL CHROME VULNERABILITY CVE-2024-4058

Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that
resides in the ANGLE graphics layer engine. Google addressed four
vulnerabilities in the Chrome web browser, includ ...

Pierluigi Paganini April 25, 2024
APT

NATION-STATE ACTORS EXPLOITED TWO ZERO-DAYS IN ASA AND FTD FIREWALLS TO BREACH
GOVERNMENT NETWORKS

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD
firewalls since November 2023 to breach government networks. Cisco Talos warned
that the nation-state actor UAT4356 (aka ...

Pierluigi Paganini April 24, 2024
Breaking News

HACKERS HIJACKED THE ESCAN ANTIVIRUS UPDATE MECHANISM IN MALWARE CAMPAIGN

A malware campaign has been exploiting the updating mechanism of the eScan
antivirus to distribute backdoors and cryptocurrency miners. Avast researchers
discovered and analyzed a malware campaign ...

Pierluigi Paganini April 24, 2024
Cyber warfare

US OFFERS A $10 MILLION REWARD FOR INFORMATION ON FOUR IRANIAN NATIONALS

The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned
four Iranian nationals for their role in cyberattacks against the U.S.. The U.S.
Treasury Department's Office of Foreig ...

Pierluigi Paganini April 24, 2024
Hacking

THE STREET LIGHTS IN LEICESTER CITY CANNOT BE TURNED OFF DUE TO A CYBER ATTACK

A cyber attack on Leicester City Council resulted in certain street lights
remaining illuminated all day and severely impacted the council's operations
The Leicester City Council suffered a cybe ...

Pierluigi Paganini April 24, 2024
APT

NORTH KOREA-LINKED APT GROUPS TARGET SOUTH KOREAN DEFENSE CONTRACTORS

The National Police Agency in South Korea warns that North Korea-linked threat
actors are targeting defense industry entities. The National Police Agency in
South Korea warns that North Korea-link ...

Pierluigi Paganini April 23, 2024
Laws and regulations

U.S. GOV IMPOSED VISA RESTRICTIONS ON 13 INDIVIDUALS LINKED TO COMMERCIAL
SPYWARE ACTIVITY

The U.S. Department of State imposed visa restrictions on 13 individuals
allegedly linked to the commercial spyware business. The US Department of State
is imposing visa restrictions on 13 individ ...

Pierluigi Paganini April 23, 2024
Hacking

A CYBER ATTACK PARALYZED OPERATIONS AT SYNLAB ITALIA

A cyber attack has been disrupting operations at Synlab Italia, a leading
provider of medical diagnosis services, since April 18. Since April 18, Synlab
Italia, a major provider of medical diagno ...

Pierluigi Paganini April 23, 2024
APT

RUSSIA-LINKED APT28 USED POST-COMPROMISE TOOL GOOSEEGG TO EXPLOIT CVE-2022-38028
WINDOWS FLAW

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to
exploit Windows Print Spooler service flaw. Microsoft reported that the
Russia-linked APT28 group (aka “Forest Blizz ...

Pierluigi Paganini April 22, 2024
Cyber Crime

HACKERS THREATEN TO LEAK A COPY OF THE WORLD-CHECK DATABASE USED TO ASSESS
POTENTIAL RISKS ASSOCIATED WITH ENTITIES

A financially motivated group named GhostR claims the theft of a sensitive
database from World-Check and threatens to publish it. World-Check is a global
database utilized by various organizations ...

Pierluigi Paganini April 22, 2024
Security

A FLAW IN THE FORMINATOR PLUGIN IMPACTS HUNDREDS OF THOUSANDS OF WORDPRESS SITES

Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that
allows unrestricted file uploads to the server. Japan's CERT warned that the
WordPress plugin Forminator, developed b ...

Pierluigi Paganini April 22, 2024
Cyber Crime

AKIRA RANSOMWARE RECEIVED $42M IN RANSOM PAYMENTS FROM OVER 250 VICTIMS

Government agencies revealed that Akira ransomware has breached over 250
entities worldwide and received over $42 million in ransom payments. A joint
advisory published by CISA, the FBI, Europol, ...

Pierluigi Paganini April 21, 2024
Hacking

DUNEQUIXOTE CAMPAIGN TARGETS THE MIDDLE EAST WITH A COMPLEX BACKDOOR

Threat actors target government entities in the Middle East with a new backdoor
dubbed CR4T as part of an operation tracked as DuneQuixote. Researchers from
Kaspersky discovered the DuneQuixote ca ...

Pierluigi Paganini April 21, 2024
Security

SECURITY AFFAIRS NEWSLETTER ROUND 468 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini April 21, 2024
Hacking

CRITICAL CRUSHFTP ZERO-DAY EXPLOITED IN ATTACKS IN THE WILD

Threat actors exploited a critical zero-day vulnerability in the CrushFTP
enterprise in targeted attacks, Crowdstrike experts warn. CrushFTP is a file
transfer server software that enables secure ...

Pierluigi Paganini April 20, 2024
Hacking

A FRENCH HOSPITAL WAS FORCED TO RESCHEDULE PROCEDURES AFTER CYBERATTACK

A French hospital was forced to return to pen and paper and postpone medical
treatments after a cyber attack. A cyber attack hit Hospital Simone Veil in
Cannes (CHC-SV) on Tuesday, impacting med ...

Pierluigi Paganini April 20, 2024
Security

MITRE REVEALED THAT NATION-STATE ACTORS BREACHED ITS SYSTEMS VIA IVANTI
ZERO-DAYS

The MITRE Corporation revealed that a nation-state actor compromised its systems
in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE
disclosed a security breach in one of its ...

Pierluigi Paganini April 19, 2024
Security

FBI CHIEF SAYS CHINA IS PREPARING TO ATTACK US CRITICAL INFRASTRUCTURE

China-linked threat actors are preparing cyber attacks against U.S. critical
infrastructure warned FBI Director Christopher Wray. FBI Director Christopher
Wray warned this week that China-linked t ...

Pierluigi Paganini April 19, 2024
Cyber Crime

UNITED NATIONS DEVELOPMENT PROGRAMME (UNDP) INVESTIGATES DATA BREACH

The United Nations Development Programme (UNDP) has initiated an investigation
into an alleged ransomware attack and the subsequent theft of data. The United
Nations Development Programme (UNDP) i ...

Pierluigi Paganini April 19, 2024
Cyber Crime

FIN7 TARGETED A LARGE U.S. CARMAKER WITH PHISHING ATTACKS

BlackBerry reported that the financially motivated group FIN7 targeted the IT
department of a large U.S. carmaker with spear-phishing attacks. In late 2023,
BlackBerry researchers spotted the thre ...

Pierluigi Paganini April 18, 2024
Hacking

LAW ENFORCEMENT OPERATION DISMANTLED PHISHING-AS-A-SERVICE PLATFORM LABHOST

An international law enforcement operation led to the disruption of the
prominent phishing-as-a-service platform LabHost. An international law
enforcement operation, codenamed Nebulae and coordin ...

Pierluigi Paganini April 18, 2024
Hacking

PREVIOUSLY UNKNOWN KAPEKA BACKDOOR LINKED TO RUSSIAN SANDWORM APT

Russia-linked APT Sandworm employed a previously undocumented backdoor
called Kapeka in attacks against Eastern Europe since 2022. WithSecure
researchers identified a new backdoor named Kapek ...

Pierluigi Paganini April 18, 2024
Hacking

CISCO WARNS OF A COMMAND INJECTION ESCALATION FLAW IN ITS IMC. POC PUBLICLY
AVAILABLE

Cisco has addressed a high-severity vulnerability in its Integrated Management
Controller (IMC) for which publicly available exploit code exists. Cisco has
addressed a high-severity Integrated Man ...

Pierluigi Paganini April 18, 2024
Cyber Crime

LINUX VARIANT OF CERBER RANSOMWARE TARGETS ATLASSIAN SERVERS

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to
deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October
2023, Atlassian warned of a critical ...

Pierluigi Paganini April 17, 2024
Security

IVANTI FIXED TWO CRITICAL FLAWS IN ITS AVALANCHE MDM

Ivanti addressed two critical vulnerabilities in its Avalanche mobile device
management (MDM) solution, that can lead to remote command execution. Ivanti
addressed multiple flaws in its Avalanche ...

Pierluigi Paganini April 17, 2024
Hacking

RESEARCHERS RELEASED EXPLOIT CODE FOR ACTIVELY EXPLOITED PALO ALTO PAN-OS BUG

Researchers released an exploit code for the actively exploited vulnerability
CVE-2024-3400 in Palo Alto Networks' PAN-OS. Researchers at watchTowr Labs have
released a technical analysis of the ...

Pierluigi Paganini April 17, 2024
Hacking

CISCO WARNS OF LARGE-SCALE BRUTE-FORCE ATTACKS AGAINST VPN AND SSH SERVICES

Cisco Talos warns of large-scale brute-force attacks against a variety of
targets, including VPN services, web application authentication interfaces and
SSH services.   Cisco Talos researchers wa ...

Pierluigi Paganini April 17, 2024
Security

PUTTY SSH CLIENT FLAW ALLOWS OF PRIVATE KEYS RECOVERY

The PuTTY Secure Shell (SSH) and Telnet client are impacted by a critical
vulnerability that could be exploited to recover private keys. PuTTY tools from
0.68 to 0.80 inclusive are affected by a ...

Pierluigi Paganini April 16, 2024
Intelligence

A RENEWED ESPIONAGE CAMPAIGN TARGETS SOUTH ASIA WITH IOS SPYWARE LIGHTSPY

Researchers warn of a renewed cyber espionage campaign targeting users in South
Asia with the Apple iOS spyware LightSpy Blackberry researchers discovered a
renewed cyber espionage campaign target ...

Pierluigi Paganini April 16, 2024
Intelligence

MISINFORMATION AND HACKTIVIST CAMPAIGNS TARGETING THE PHILIPPINES SKYROCKET

Amidst rising tensions with China in the SCS, Resecurity observed a spike in
malicious cyber activity targeting the Philippines in Q1 2024. Amidst rising
tensions with China in the South China Se ...

Pierluigi Paganini April 16, 2024
Cyber warfare

RUSSIA IS TRYING TO SABOTAGE EUROPEAN RAILWAYS, CZECH MINISTER SAID

Czech transport minister warned that Russia conducted ‘thousands’ of attempts to
sabotage railways, attempting to interfere with train networks and signals.
Early this month, the Czech transpo ...

Pierluigi Paganini April 16, 2024
Cyber Crime

RANSOMWARE GROUP DARK ANGELS CLAIMS THE THEFT OF 1TB OF DATA FROM CHIPMAKER
NEXPERIA 

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker
Nexperia and the theft of 1 TB of data from the company. The Dark Angels
(Dunghill) ransomware group claims responsibil ...

Pierluigi Paganini April 16, 2024
Cyber Crime

CISCO DUO WARNS TELEPHONY SUPPLIER DATA BREACH EXPOSED MFA SMS LOGS

Cisco Duo warns that a data breach involving one of its telephony suppliers
exposed multifactor authentication (MFA) messages sent by the company via SMS
and VOIP to its customers.  Cisco Duo war ...

Pierluigi Paganini April 15, 2024
Hacking

UKRAINIAN BLACKJACK GROUP USED ICS MALWARE FUXNET AGAINST RUSSIAN TARGETS

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed
Fuxnet in attacks against Russian infrastructure. Industrial and enterprise IoT
cybersecurity firm Claroty reported that ...

Pierluigi Paganini April 15, 2024
Hacking

CISA ADDS PALO ALTO NETWORKS PAN-OS COMMAND INJECTION FLAW TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto
Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Infras ...

Pierluigi Paganini April 15, 2024
APT

THREAT ACTORS EXPLOITED PALO ALTO PAN-OS ISSUE TO DEPLOY A PYTHON BACKDOOR

Threat actors have been exploiting the recently disclosed zero-day in Palo Alto
Networks PAN-OS since March 26, 2024. Palo Alto Networks and Unit 42 are
investigating the activity related to CVE-2 ...

Pierluigi Paganini April 15, 2024
Cyber Crime

U.S. AND AUSTRALIAN POLICE ARRESTED FIREBIRD RAT AUTHOR AND OPERATOR

A joint investigation conducted by U.S. and Australian authorities led to the
arrest of two key figures behind the Firebird RAT operation. A joint law
enforcement operation conducted by the Austra ...

Pierluigi Paganini April 15, 2024
Cyber Crime

CANADIAN RETAIL CHAIN GIANT TIGER DATA BREACH MAY HAVE IMPACTED MILLIONS OF
CUSTOMERS

A threat actor claimed the hack of the Canadian retail chain Giant Tiger and
leaked 2.8 million records on a hacker forum. A threat actor, who goes online
with the moniker ShopifyGUY, claimed re ...

Pierluigi Paganini April 14, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 467 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini April 14, 2024
Cyber Crime

CROOKS MANIPULATE GITHUB'S SEARCH RESULTS TO DISTRIBUTE MALWARE

Researchers warn threat actors are manipulating GitHub search results to target
developers with persistent malware. Checkmarx researchers reported that threat
actors are manipulating GitHub search ...

Pierluigi Paganini April 13, 2024
Security

BATBADBUT FLAW ALLOWED AN ATTACKER TO PERFORM COMMAND INJECTION ON WINDOWS

A critical vulnerability, named ‘BatBadBut’, impacts multiple programming
languages, its exploitation can lead to command injection in Windows
applications. The cybersecurity researcher RyotaK ...

Pierluigi Paganini April 13, 2024
Data Breach

ROKU DISCLOSED A NEW SECURITY BREACH IMPACTING 576,000 ACCOUNTS

Roku announced that 576,000 accounts were compromised in a new wave of
credential stuffing attacks. Roku announced that 576,000 accounts were hacked in
new credential stuffing attacks, threat act ...

Pierluigi Paganini April 12, 2024
Cyber Crime

LASTPASS EMPLOYEE TARGETED VIA AN AUDIO DEEPFAKE CALL

Crooks targeted a LastPass employee using deepfake technology to impersonate the
company's CEO in a fraudulent scheme. In a fraudulent scheme, criminals used
deepfake technology to impersonate Las ...

Pierluigi Paganini April 12, 2024
Cyber Crime

TA547 TARGETS GERMAN ORGANIZATIONS WITH RHADAMANTHYS MALWARE

TA547 group is targeting dozens of German organizations with an information
stealer called Rhadamanthys, Proofpoint warns. Proofpoint researchers observed a
threat actor, tracked as TA547, targe ...

Pierluigi Paganini April 12, 2024
Security

CISA ADDS D-LINK MULTIPLE NAS DEVICES BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link
multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure Securit ...

Pierluigi Paganini April 11, 2024
Data Breach

US CISA PUBLISHED AN ALERT ON THE SISENSE DATA BREACH

Business intelligence software company Sisense suffered a cyberattack that may
have exposed sensitive information of major enterprises worldwide. Sisense, a
business intelligence software company, ...

Pierluigi Paganini April 11, 2024
Security

PALO ALTO NETWORKS FIXED MULTIPLE DOS BUGS IN ITS FIREWALLS

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system,
including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto
Networks released security updates ...

Pierluigi Paganini April 11, 2024
Security

APPLE WARNS OF MERCENARY SPYWARE ATTACKS ON IPHONE USERS IN 92 COUNTRIES

Apple is warning iPhone users in over 90 countries of targeted mercenary spyware
attacks, Reuters agency reported. Apple is alerting iPhone users in 92 countries
about mercenary spyware attacks, r ...

Pierluigi Paganini April 11, 2024
Security

MICROSOFT FIXED TWO ZERO-DAY BUGS EXPLOITED IN MALWARE ATTACKS

Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and
CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft
addressed two zero-day vulnerabilities, tracke ...

Pierluigi Paganini April 11, 2024
Data Breach

GROUP HEALTH COOPERATIVE DATA BREACH IMPACTED 530,000 INDIVIDUALS

Group Health Cooperative of South Central Wisconsin disclosed a data breach that
impacted over 500,000 individuals. The Group Health Cooperative of South Central
Wisconsin (GHC-SCW) is a non-prof ...

Pierluigi Paganini April 10, 2024
Data Breach

AT&T STATES THAT THE DATA BREACH IMPACTED 51 MILLION FORMER AND CURRENT
CUSTOMERS

AT&T confirmed that the data breach impacted 51 million former and current
customers and is notifying them. AT&T revealed that the recently disclosed data
breach impacts more than 51 milli ...

Pierluigi Paganini April 10, 2024
Security

FORTINET FIXED A CRITICAL REMOTE CODE EXECUTION BUG IN FORTICLIENTLINUX

Fortinet addressed multiple issues in FortiOS and other products, including a
critical remote code execution flaw in FortiClientLinux. Fortinet fixed a dozen
vulnerabilities in multiple products, ...

Pierluigi Paganini April 10, 2024
Breaking News

MICROSOFT PATCHES TUESDAY SECURITY UPDATES FOR APRIL 2024 FIXED HUNDREDS OF
ISSUES

Microsoft Patches Tuesday security updates for April 2024 addressed three
Critical vulnerabilities, none actively exploited in the wild. Microsoft Patches
Tuesday security updates for April 2024 a ...

Pierluigi Paganini April 10, 2024
Uncategorized

CYBERSECURITY IN THE EVOLVING THREAT LANDSCAPE

As technology evolves and our dependence on digital systems increases, the
cybersecurity threat landscape also rapidly changes, posing fresh challenges for
organizations striving to protect their ass ...

Pierluigi Paganini April 10, 2024
Hacking

OVER 91,000 LG SMART TVS RUNNING WEBOS ARE VULNERABLE TO HACKING

Researchers found multiple vulnerabilities in LG webOS running on smart TVs that
could allow attackers to gain root access to the devices. Bitdefender
researchers discovered multiple vulnerabiliti ...

Pierluigi Paganini April 09, 2024
Cyber Crime

SCRUBCRYPT USED TO DROP VENOMRAT ALONG WITH MANY MALICIOUS PLUGINS

Researchers discovered a sophisticated multi-stage attack that leverages
ScrubCrypt to drop VenomRAT along with many malicious plugins. Fortinet
researchers observed a threat actor sending out a p ...

Pierluigi Paganini April 09, 2024
Security

GOOGLE ANNOUNCES V8 SANDBOX TO PROTECT CHROME USERS

Google announced support for a V8 Sandbox in the Chrome web browser to protect
users from exploits triggering memory corruption issues. Google has announced
support for what's called a V8 Sandb ...

Pierluigi Paganini April 09, 2024
Security

CHINA IS USING GENERATIVE AI TO CARRY OUT INFLUENCE OPERATIONS

China-linked threat actors are using AI to carry out influence operations aimed
at fueling social disorders in the U.S. and Taiwan. China is using generative
artificial intelligence to carry out ...

Pierluigi Paganini April 09, 2024
Data Breach

GREYLOCK MCKINNON ASSOCIATES DATA BREACH EXPOSED DOJ DATA OF 341650 PEOPLE

Greylock McKinnon Associates, a service provider for the Department of Justice,
suffered a data breach that exposed data of 341650 people. Greylock McKinnon
Associates (GMA) provides expert econom ...

Pierluigi Paganini April 08, 2024
Hacking

CROWDFENSE IS OFFERING A LARGER 30M USD EXPLOIT ACQUISITION PROGRAM

Zero-day broker firm Crowdfense announced a 30 million USD offer as part of its
Exploit Acquisition Program. Crowdfense is a world-leading research hub and
acquisition platform focused on high-qua ...

Pierluigi Paganini April 08, 2024
Hacking

U.S. DEPARTMENT OF HEALTH WARNS OF ATTACKS AGAINST IT HELP DESKS

The U.S. Department of Health and Human Services (HHS) warns of attacks against
IT help desks across the Healthcare and Public Health (HPH) sector. The U.S.
Department of Health and Human Services ...

Pierluigi Paganini April 08, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 466 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini April 07, 2024
Hacking

OVER 92,000 INTERNET-FACING D-LINK NAS DEVICES CAN BE EASILY HACKED

A researcher disclosed an arbitrary command injection and hardcoded backdoor
issue in multiple end-of-life D-Link NAS models. A researcher who goes online
with the moniker 'Netsecfish' disclosed a ...

Pierluigi Paganini April 07, 2024
Security

MORE THAN 16,000 IVANTI VPN GATEWAYS STILL VULNERABLE TO RCE CVE-2024-21894

Experts warn of roughly 16,500 Ivanti Connect Secure and Poly Secure gateways
still vulnerable to a remote code execution (RCE) flaw. Shadowserver researchers
reported that roughly 16,500 Ivanti C ...

Pierluigi Paganini April 06, 2024
Security

CISCO WARNS OF XSS FLAW IN END-OF-LIFE SMALL BUSINESS ROUTERS

Cisco warns customers of Small Business RV016, RV042, RV042G, RV082, RV320, and
RV325 Routers Cross-Site scripting flaw. Cisco warns of a Small Business RV016,
RV042, RV042G, RV082, RV320, and RV3 ...

Pierluigi Paganini April 06, 2024
Hacking

MAGENTO FLAW EXPLOITED TO DEPLOY PERSISTENT BACKDOOR HIDDEN IN XML

Threat actors are exploiting critical Magento vulnerability CVE-2024-20720 to
install a persistent backdoor on e-stores. Sansec researchers observed threat
actors are exploiting the recently discl ...

Pierluigi Paganini April 05, 2024
Cyber Crime

CYBERATTACK DISRUPTED SERVICES AT OMNI HOTELS & RESORTS

US hotel chain Omni Hotels & Resorts suffered a cyber attack that forced the
company to shut down its systems. A cyberattack hit Omni Hotels & Resorts
disrupting its services and forcing t ...

Pierluigi Paganini April 05, 2024
Security

HTTP/2 CONTINUATION FLOOD TECHNIQUE CAN BE EXPLOITED IN DOS ATTACKS

HTTP/2 CONTINUATION Flood: Researchers warn of a new HTTP/2 vulnerability that
can be exploited to conduct powerful denial-of-service (DoS) attacks. HTTP
messages can contain named fields in both ...

Pierluigi Paganini April 05, 2024
Data Breach

US CANCER CENTER CITY OF HOPE: DATA BREACH IMPACTED 827149 INDIVIDUALS

US cancer center City of Hope suffered a data breach that impacted 800,000
individuals, personal and health information was compromised. City of Hope is a
renowned cancer research and treatment ce ...

Pierluigi Paganini April 04, 2024
Security

IVANTI FIXED FOR 4 NEW ISSUES IN CONNECT SECURE AND POLICY SECURE

Ivanti addressed four flaws impacting Connect Secure and Policy Secure Gateways
that could lead to code execution and denial-of-service (DoS) condition. Ivanti
has released security updates to add ...

Pierluigi Paganini April 04, 2024
Cyber Crime

JACKSON COUNTY, MISSOURI, DISCLOSES A RANSOMWARE ATTACK

Jackson County, Missouri, confirmed that a ransomware attack has disrupted
several county services. A ransomware attack disrupted several services of the
Jackson County, Missouri. The County Execu ...

Pierluigi Paganini April 04, 2024
Hacking

GOOGLE ADDRESSED ANOTHER CHROME ZERO-DAY EXPLOITED AT PWN2OWN IN MARCH

Google fixed another Chrome zero-day vulnerability exploited during the Pwn2Own
hacking competition in March. Google has addressed another zero-day
vulnerability in the Chrome browser, tracked as ...

Pierluigi Paganini April 03, 2024
Malware

THE NEW VERSION OF JSOUTPROX IS ATTACKING FINANCIAL INSTITUTIONS IN APAC AND
MENA VIA GITLAB ABUSE

Resecurity researchers warn that a new Version of JsOutProx is targeting
financial institutions in APAC and MENA via Gitlab abuse. Resecurity has
detected a new version of JSOutProx, which is targ ...

Pierluigi Paganini April 03, 2024
Security

GOOGLE FIXED TWO ACTIVELY EXPLOITED PIXEL VULNERABILITIES

Google addressed several vulnerabilities in Android and Pixel devices, including
two actively exploited flaws. Google addressed 28 vulnerabilities in Android and
25 flaws in Pixel devices. Two iss ...

Pierluigi Paganini April 03, 2024
Data Breach

HIGHLY SENSITIVE FILES MYSTERIOUSLY DISAPPEARED FROM EUROPOL HEADQUARTERS

Serious security breach hits EU police agency A batch of highly sensitive files
containing the personal information of top Europol executives mysteriously
disappeared last summer The website Po ...

Pierluigi Paganini April 03, 2024
Hacking

XSS FLAW IN WORDPRESS WP-MEMBERS PLUGIN CAN LEAD TO SCRIPT INJECTION

A cross-site scripting vulnerability (XXS) in the WordPress WP-Members
Membership plugin can lead to malicious script injection. Researchers from
Defiant’s Wordfence research team disclosed a cr ...

Pierluigi Paganini April 02, 2024
Security

BINARLY RELEASED THE FREE ONLINE SCANNER TO DETECT THE CVE-2024-3094 BACKDOOR

Researchers from the firmware security firm Binarly released a free online
scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer
Andres Freund discovered a backdoor issue in ...

Pierluigi Paganini April 02, 2024
Laws and regulations

GOOGLE AGREED TO ERASE BILLIONS OF BROWSER RECORDS TO SETTLE A CLASS ACTION
LAWSUIT

Google is going to delete data records related to the 'Incognito Mode' browsing
activity to settle a class action lawsuit. Google has agreed to delete billions
of data records related to users' br ...

Pierluigi Paganini April 02, 2024
Data Breach

PANDABUY DATA BREACH ALLEGEDLY IMPACTED OVER 1.3 MILLION CUSTOMERS

Threat actors claimed the hack of the PandaBuy online shopping platform and
leaked data belonging to more than 1.3 million customers. At least two threat
actors claimed the hack of the PandaBuy on ...

Pierluigi Paganini April 02, 2024
Data Breach

OWASP DISCLOSES A DATA BREACH

The OWASP Foundation disclosed a data breach that impacted some members due to a
misconfiguration of an old Wiki web server. The OWASP Foundation has disclosed a
data breach that impacted some of ...

Pierluigi Paganini April 01, 2024
Malware

NEW VULTUR MALWARE VERSION INCLUDES ENHANCED REMOTE CONTROL AND EVASION
CAPABILITIES

Researchers detected a new version of the Vultur banking trojan for Android with
enhanced remote control and evasion capabilities. Researchers from NCC Group
discovered a new version of the Vultur ...

Pierluigi Paganini April 01, 2024
Cyber warfare

PENTAGON ESTABLISHED THE OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE FOR CYBER
POLICY

The US government announced establishing the Office of the Assistant Secretary
of Defense for Cyber Policy. The US Defense Department announced establishing
the Office of the Assistant Secretary o ...

Pierluigi Paganini April 01, 2024
Malware

INFO STEALER ATTACKS TARGET MACOS USERS

Experts warn of info stealer malware, including Atomic Stealer, targeting Apple
macOS users via malicious ads and rogue websites. Jamf Threat Labs researchers
analyzed info stealer malware attack ...

Pierluigi Paganini April 01, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 465 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini March 31, 2024
Malware

DINODASRAT LINUX VARIANT TARGETS USERS WORLDWIDE

A Linux variant of the DinodasRAT backdoor used in attacks against users in
China, Taiwan, Turkey, and Uzbekistan, researchers from Kaspersky warn.
Researchers from Kaspersky uncovered a Linux ...

Pierluigi Paganini March 31, 2024
Data Breach

AT&T CONFIRMED THAT A DATA BREACH IMPACTED 73 MILLION CUSTOMERS

AT&T confirmed that a data breach impacted 73 million current and former
customers after its data were leaked on a cybercrime forum. In March 2024, more
than 70,000,000 records from an unspeci ...

Pierluigi Paganini March 31, 2024
Malware

EXPERT FOUND A BACKDOOR IN XZ TOOLS USED MANY LINUX DISTRIBUTIONS

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in
Fedora development and experimental versions. Red Hat urges users to immediately
stop using systems running Fedora ...

Pierluigi Paganini March 30, 2024
Security

GERMAN BSI WARNS OF 17,000 UNPATCHED MICROSOFT EXCHANGE SERVERS

The German Federal Office for Information Security (BSI) warned of thousands of
Microsoft Exchange servers in the country vulnerable to critical flaws. The
German Federal Office for Information Se ...

Pierluigi Paganini March 30, 2024
Hacking

CISCO WARNS OF PASSWORD-SPRAYING ATTACKS TARGETING SECURE FIREWALL DEVICES

Cisco warns customers of password-spraying attacks that have been targeting
Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is
warning customers of password-spraying att ...

Pierluigi Paganini March 29, 2024
Data Breach

AMERICAN FAST-FASHION FIRM HOT TOPIC HIT BY CREDENTIAL STUFFING ATTACKS

Hot Topic suffered credential stuffing attacks that exposed customers' personal
information and partial payment data. Hot Topic, Inc. is an
American fast-fashion company specializing in counte ...

Pierluigi Paganini March 29, 2024
Security

CISCO ADDRESSED HIGH-SEVERITY FLAWS IN IOS AND IOS XE SOFTWARE

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be
exploited to trigger a denial-of-service (DoS) condition. Cisco this week
released patches to address multiple IOS a ...

Pierluigi Paganini March 28, 2024
Hacking

GOOGLE: CHINA DOMINATES GOVERNMENT EXPLOITATION OF ZERO-DAY VULNERABILITIES IN
2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number
of actively exploited zero-day vulnerabilities in 2023. Google's Threat Analysis
Group (TAG) and its subsidiary Man ...

Pierluigi Paganini March 28, 2024
Security

GOOGLE ADDRESSED 2 CHROME ZERO-DAYS DEMONSTRATED AT PWN2OWN 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that
have been demonstrated during the Pwn2Own Vancouver 2024. Google addressed
several vulnerabilities in the Chrome web br ...

Pierluigi Paganini March 28, 2024
Security

CISA ADDS MICROSOFT SHAREPOINT BUG DISCLOSED AT PWN2OWN TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft
SharePoint vulnerability disclosed at the 2023 Pwn2Own to its Known Exploited
Vulnerabilities catalog. The U.S. Cybers ...

Pierluigi Paganini March 27, 2024
Security

THE DDR ADVANTAGE: REAL-TIME DATA DEFENSE

This is the advantage of Data Detection and Response (DDR) for organizations
aiming to build a real-time data defense. In cybersecurity, and in life, by the
time you find out that something went w ...

Pierluigi Paganini March 27, 2024
APT

FINNISH POLICE LINKED APT31 TO THE 2021 PARLIAMENT ATTACK

The Finnish Police attributed the attack against the parliament that occurred in
March 2021 to the China-linked group APT31. The Finnish Police attributed the
March 2021 attack on the parliament t ...

Pierluigi Paganini March 27, 2024
Malware

THEMOON BOT INFECTED 40,000 DEVICES IN JANUARY AND FEBRUARY

A new variant of TheMoon malware infected thousands of outdated small office and
home office (SOHO) routers and IoT devices worldwide. The Black Lotus Labs team
at Lumen Technologies uncovered an ...

Pierluigi Paganini March 26, 2024
APT

UK, NEW ZEALAND AGAINST CHINA-LINKED CYBER OPERATIONS

UK, Australia and New Zealand are accusing China-linked threat actors of cyber
operations against UK institutions and parliamentarians. GCHQ’s National Cyber
Security Centre believes that China- ...

Pierluigi Paganini March 26, 2024
APT

US TREASURY DEP ANNOUNCED SANCTIONS AGAINST MEMBERS OF CHINA-LINKED APT31

The US Treasury Department announced sanctions on two APT31 Chinese hackers
linked to attacks against organizations in the US critical infrastructure
sector. The US government announced sanctions ...

Pierluigi Paganini March 26, 2024
Security

CISA ADDS FORTICLIENT EMS, IVANTI EPM CSA, NICE LINEAR EMERGE E3-SERIES BUGS TO
ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FortiClient
EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited
Vulnerabilities catalog. The U.S. Cybers ...

Pierluigi Paganini March 25, 2024
APT

IRAN-LINKED APT TA450 EMBEDS MALICIOUS LINKS IN PDF ATTACHMENTS

In recent campaigns, Iran-linked APT group MuddyWater used a legitimate Remote
Monitoring and Management (RMM) solution called Atera. Proofpoint researchers
observed the Iran-linked APT group Mudd ...

Pierluigi Paganini March 25, 2024
Cyber Crime

STRELASTEALER TARGETED OVER 100 ORGANIZATIONS ACROSS THE EU AND US

Researchers reported that over 100 organizations in Europe and US were targeted
by a wave of large-scale StrelaStealer campaigns Palo Alto Networks' Unit42
spotted a wave of large-scale StrelaStea ...

Pierluigi Paganini March 25, 2024
Hacking

GOFETCH SIDE-CHANNEL ATTACK AGAINST APPLE SYSTEMS ALLOWS SECRET KEYS EXTRACTION

Researchers demonstrated a new side-channel attack, named GoFetch, against Apple
CPUs that could allow an attacker to obtain secret keys. A team of researchers
from several US universities demonst ...

Pierluigi Paganini March 25, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 464 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini March 24, 2024
Cyber Crime

CYBERCRIMINALS ACCELERATE ONLINE SCAMS DURING RAMADAN AND EID FITR

During the month of Ramadan, Resecurity observed a significant increase in
fraudulent activities and scams. During the month of Ramadan, Resecurity
observed a significant increase in fraudulent ac ...

Pierluigi Paganini March 24, 2024
APT

RUSSIA-LINKED APT29 TARGETED GERMAN POLITICAL PARTIES WITH WINELOADER BACKDOOR

Russia-linked threat actors employ the WINELOADER backdoor in recent attacks
targeting German political parties. In late February, Mandiant researchers
spotted the Russia-linked group APT29 using ...

Pierluigi Paganini March 23, 2024
Hacking

MOZILLA FIXED FIREFOX ZERO-DAYS EXPLOITED AT PWN2OWN VANCOUVER 2024

Mozilla addressed two Firefox zero-day vulnerabilities exploited during the
Pwn2Own Vancouver 2024 hacking competition. Mozilla has done an amazing job
addressing two zero-day vulnerabilities in t ...

Pierluigi Paganini March 23, 2024
Hacking

LARGE-SCALE SIGN1 MALWARE CAMPAIGN ALREADY INFECTED 39,000+ WORDPRESS SITES

A large-scale malware campaign, tracked as Sign1, has already compromised 39,000
WordPress sites in the last six months. Sucurity researchers at Sucuri spotted a
malware campaign, tracked as Sign1 ...

Pierluigi Paganini March 23, 2024
Cyber Crime

GERMAN POLICE SEIZED THE DARKNET MARKETPLACE NEMESIS MARKET

The German police seized the infrastructure of the darknet marketplace Nemesis
Market disrupting its operation. An operation conducted by the Federal Criminal
Police Office in Germany (BKA) and th ...

Pierluigi Paganini March 23, 2024
Hacking

UNSAFLOK FLAWS ALLOW TO OPEN MILLIONS OF DOORS USING DORMAKABA SAFLOK ELECTRONIC
LOCKS

A flaw in Dormakaba Saflok electronic locks, dubbed Unsaflok, can allow threat
actors to open millions of doors worldwide. Researchers Lennert Wouters, Ian
Carroll, rqu, BusesCanFly ...

Pierluigi Paganini March 22, 2024
Hacking

PWN2OWN VANCOUVER 2024: PARTICIPANTS EARNED $1,132,500 FOR 29 UNIQUE 0-DAYS

Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned
$1,132,500 for demonstrating 29 unique zero-days. Trend Micro’s Zero Day
Initiative (ZDI) announced that participant ...

Pierluigi Paganini March 22, 2024
Hacking

CRITICAL FORTINET'S FORTICLIENT EMS FLAW ACTIVELY EXPLOITED IN THE WILD

Researchers released a PoC exploit for a critical flaw in Fortinet's FortiClient
Enterprise Management Server (EMS) software, which is actively exploited.
Security researchers at Horizon3 have rel ...

Pierluigi Paganini March 21, 2024
Hacking

PWN2OWN VANCOUVER 2024 DAY 1 - TEAM SYNACKTIV HACKED A TESLA

Participants earned $732,500 on the first day of the Pwn2Own Vancouver 2024
hacking competition, a team demonstrated a Tesla hack. Participants earned
$732,000 on the first day of the Pwn2Own Vanc ...

Pierluigi Paganini March 21, 2024
Hacking

NEW LOOP DOS ATTACK MAY TARGET 300,000 VULNERABLE HOSTS

Boffins devised a new application-layer loop DoS attack based on the UDP
protocol that impacts major vendors, including Broadcom, Microsoft and MikroTik.
Researchers from the CISPA Helmholtz Cente ...

Pierluigi Paganini March 21, 2024
Security

CRITICAL FLAW IN ATLASSIAN BAMBOO DATA CENTER AND SERVER MUST BE FIXED
IMMEDIATELY

Atlassian fixed tens of vulnerabilities in Bamboo, Bitbucket, Confluence, and
Jira products, including a critical flaw that can be very dangerous. Atlassian
addressed multiple vulnerabilities in i ...

Pierluigi Paganini March 20, 2024
Breaking News

THREAT ACTORS ACTIVELY EXPLOIT JETBRAINS TEAMCITY FLAWS TO DELIVER MALWARE

Multiple threat actors are exploiting the recently disclosed JetBrains TeamCity
flaw CVE-2024-27198 in attacks in the wild. Trend Micro researchers are
exploiting the recently disclosed vulnerabil ...

Pierluigi Paganini March 20, 2024
Hacking

BUNNYLOADER 3.0 SURFACES IN THE THREAT LANDSCAPE

Researchers found a new variant of the BunnyLoader malware with a modular
structure and new evasion capabilities. In October 2023, Zscaler ThreatLabz
researchers discovered a new malware ...

Pierluigi Paganini March 20, 2024
Hacking

POKEMON COMPANY RESETS SOME USERS' PASSWORDS

The Pokemon Company resets some users' passwords in response to hacking attempts
against some of its users. The Pokemon Company announced it had reset the
passwords for some accounts after it had ...

Pierluigi Paganini March 20, 2024
Cyber Crime

UKRAINE CYBER POLICE ARRESTED CROOKS SELLING 100 MILLION COMPROMISED ACCOUNTS

Ukraine cyber police, along with the national police, arrested three hackers
attempting to sell 100 million compromised emails and Instagram accounts. The
Ukraine cyber police and the national pol ...

Pierluigi Paganini March 19, 2024
Cyber warfare

NEW ACIDPOUR WIPER TARGETS LINUX X86 DEVICES. IS IT A RUSSIA'S WEAPON?

A new variant of the Russia-linked wiper AcidRain, tracked as AcidPour, was
spotted targeting Linux x86 devices. A new variant of a data wiper AcidRain,
tracked as AcidPour, is specifically design ...

Pierluigi Paganini March 19, 2024
Hacking

PLAYERS HACKED DURING THE MATCHES OF APEX LEGENDS GLOBAL SERIES. TOURNAMENT
SUSPENDED

On Sunday, two competitive esports players were hacked while participating at
the Apex Legends Global Series tournament. Electronic Arts postponed the North
American (NA) finals of the Apex ...

Pierluigi Paganini March 19, 2024
APT

EARTH KRAHANG APT BREACHED TENS OF GOVERNMENT ORGANIZATIONS WORLDWIDE

Trend Micro uncovered a sophisticated campaign conducted by Earth Krahang APT
group that breached 70 organizations worldwide. Trend Micro researchers
uncovered a sophisticated campaign conducted b ...

Pierluigi Paganini March 19, 2024
Hacking

POC EXPLOIT FOR CRITICAL RCE FLAW IN FORTRA FILECATALYST TRANSFER TOOL RELEASED

Fortra addressed a critical remote code execution vulnerability impacting
its FileCatalyst file transfer product. Fortra has released updates to address a
critical vulnerability, tracked as CVE- ...

Pierluigi Paganini March 18, 2024
Hacking

FUJITSU SUFFERED A MALWARE ATTACK AND PROBABLY A DATA BREACH

Technology giant Fujitsu announced it had suffered a cyberattack that may have
resulted in the theft of customer information. Japanese technology giant Fujitsu
on Friday announced it had suffered ...

Pierluigi Paganini March 18, 2024
Hacking

REMOVE WORDPRESS MINIORANGE PLUGINS, A CRITICAL FLAW CAN ALLOW SITE TAKEOVER

A critical vulnerability in WordPress miniOrange's Malware Scanner and Web
Application Firewall plugins can allow site takeover. On March 1st, 2024,
WordPress security firm Wordfence received a su ...

Pierluigi Paganini March 18, 2024
Uncategorized

THE AVIATION AND AEROSPACE SECTORS FACE SKYROCKETING CYBER THREATS

Resecurity reported about the increasing wave of cyber incidents targeting the
aerospace and aviation sectors. The experts emphasized the importance of
rigorous cybersecurity risk assessments for ...

Pierluigi Paganini March 18, 2024
Hacking

EMAIL ACCOUNTS OF THE INTERNATIONAL MONETARY FUND COMPROMISED

Threat actors compromised at least 11 International Monetary Fund (IMF) email
accounts earlier this year, the organization revealed. The International
Monetary Fund (IMF) disclosed a security brea ...

Pierluigi Paganini March 18, 2024
Data Breach

THREAT ACTORS LEAKED 70,000,000+ RECORDS ALLEGEDLY STOLEN FROM AT&T

Researchers at vx-underground first noticed that more than 70,000,000 records
from AT&T were leaked on the Breached hacking forum. More than 70,000,000
records from an unspecified division of ...

Pierluigi Paganini March 17, 2024
Hacking

“GITGUB” MALWARE CAMPAIGN TARGETS GITHUB USERS WITH RISEPRO INFO-STEALER

Cybersecurity researchers discovered multiple GitHub repositories hosting
cracked software that are used to drop the RisePro info-stealer. G-Data
researchers found at least 13 such Github reposito ...

Pierluigi Paganini March 17, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 463 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini March 17, 2024
Data Breach

FRANCE TRAVAIL DATA BREACH IMPACTED 43 MILLION PEOPLE

Unemployment agency France Travail (Pôle Emploi) recently suffered a data breach
that could impact 43 million people. On August 2023, the French government
employment agency Pôle emploi suffered ...

Pierluigi Paganini March 16, 2024
Cyber Crime

SCRANTON SCHOOL DISTRICT IN PENNSYLVANIA SUFFERED A RANSOMWARE ATTACK

School districts continue to be under attack, schools in Scranton, Pennsylvania,
are suffering a ransomware attack. This week, schools in Scranton, Pennsylvania,
experienced a ransomware attack, r ...

Pierluigi Paganini March 16, 2024
Breaking News

LAZARUS APT GROUP RETURNED TO TORNADO CASH TO LAUNDER STOLEN FUNDS

North Korea-linked Lazarus APT group allegedly using again the mixer platform
Tornado Cash to launder $23 million.  North Korea-linked Lazarus APT group
allegedly has reportedly resumed using the ...

Pierluigi Paganini March 16, 2024
Cyber Crime

MOLDOVAN CITIZEN SENTENCED IN CONNECTION WITH THE E-ROOT CYBERCRIME MARKETPLACE
CASE

US DoJ sentenced a Moldovan national (31) to 42 months in federal prison for
operating the E-Root cybercrime marketplace. U.S. District Court sentenced the
Moldovan national (31) Sandu Boris Diaco ...

Pierluigi Paganini March 15, 2024
Cyber warfare

UK DEFENCE SECRETARY JET HIT BY AN ELECTRONIC WARFARE ATTACK IN POLAND

Russian hackers have knocked down the GPS and communications of Defence
Secretary Grant Shapps RAF Dassault Falcon 900 jet with electronic warfare
attack. Defence Secretary Grant Shapps RAF Dassau ...

Pierluigi Paganini March 15, 2024
Security

CISCO FIXED HIGH-SEVERITY ELEVATION OF PRIVILEGE AND DOS BUGS

Cisco this week addressed high-severity elevation of privilege and
denial-of-service (DoS) vulnerabilities in IOS RX software. Cisco addressed
multiple vulnerabilities in IOS RX software, includin ...

Pierluigi Paganini March 14, 2024
Malware

RECENT DARKGATE CAMPAIGN EXPLOITED MICROSOFT WINDOWS ZERO-DAY

Researchers recently uncovered a DarkGate campaign in mid-January 2024, which
exploited Microsoft zero-day vulnerability. Researchers at the Zero Day
Initiative (ZDI) recently uncovered a DarkGat ...

Pierluigi Paganini March 14, 2024
Data Breach

NISSAN OCEANIA DATA BREACH IMPACTED ROUGHLY 100,000 PEOPLE

The ransomware attack that hit the systems of Nissan Oceania in December 2023
impacted roughly 100,000 individuals. Nissan Oceania, the regional division of
the multinational carmaker, announced i ...

Pierluigi Paganini March 14, 2024
Hacking

RESEARCHERS FOUND MULTIPLE FLAWS IN CHATGPT PLUGINS

Researchers analyzed ChatGPT plugins and discovered several types of
vulnerabilities that could lead to data exposure and account takeover.
Researchers from Salt Security discovered three types of ...

Pierluigi Paganini March 14, 2024
Security

FORTINET FIXES CRITICAL BUGS IN FORTIOS, FORTIPROXY, AND FORTICLIENTEMS

Fortinet released security updates to address critical code execution
vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS. Fortinet this week
has released security updates to fix critical c ...

Pierluigi Paganini March 13, 2024
Data Breach

ACER PHILIPPINES DISCLOSED A DATA BREACH AFTER A THIRD-PARTY VENDOR HACK

Acer Philippines disclosed a data breach after employee data was leaked by a
threat actor on a hacking forum. Acer Philippines confirmed that employee data
was compromised in an attack targeting a ...

Pierluigi Paganini March 13, 2024
Cyber Crime

STANFORD UNIVERSITY ANNOUNCED THAT 27,000 INDIVIDUALS WERE IMPACTED IN THE 2023
RANSOMWARE ATTACK

Threat actors behind the ransomware attacks that hit Stanford University in 2023
gained access to 27,000 people. Stanford University confirmed that threat actors
behind the September 2023 ransomwa ...

Pierluigi Paganini March 13, 2024
Security

MICROSOFT PATCH TUESDAY SECURITY UPDATES FOR MARCH 2024 FIXED 59 FLAWS

Microsoft Patch Tuesday security updates for March 2024 addressed 59 security
vulnerabilities in its products, including RCE flaws. Microsoft released Patch
Tuesday security updates for March 2023 ...

Pierluigi Paganini March 12, 2024
Intelligence

RUSSIA'S FOREIGN INTELLIGENCE SERVICE (SVR) ALLEGES US IS PLOTTING TO INTERFERE
IN PRESIDENTIAL ELECTION

Russia’s Foreign Intelligence Service (SVR) claims that the US intelligence
plans to interfere with its presidential election. Russia's Foreign Intelligence
Service (SVR) alleges that the US is ...

Pierluigi Paganini March 12, 2024
Breaking News

FIRST-EVER SOUTH KOREAN NATIONAL DETAINED FOR ESPIONAGE IN RUSSIA

Russian authorities have detained a South Korean national on cyber espionage
charges, it is the first time for a Korean citizen. Russian authorities have
arrested a South Korean citizen on charges ...

Pierluigi Paganini March 12, 2024
Cyber Crime

INSURANCE SCAMS VIA QR CODES: HOW TO RECOGNISE AND DEFEND YOURSELF

Threat actors can abuse QR codes to carry out sophisticated scams, as reported
by the Italian Postal Police in its recent alert. As is well known, QR codes are
two-dimensional barcodes that can be ...

Pierluigi Paganini March 12, 2024
Hacking

MASSIVE CYBERATTACKS HIT FRENCH GOVERNMENT AGENCIES

A series of “intense” cyberattacks hit multiple French government agencies,
revealed the prime minister’s office. "Several "intense" cyberattacks targeted
multiple French government agencies ...

Pierluigi Paganini March 11, 2024
Hacking

BIANLIAN GROUP EXPLOITS JETBRAINS TEAMCITY BUGS IN RANSOMWARE ATTACKS

BianLian ransomware group was spotted exploiting vulnerabilities in JetBrains
TeamCity software in recent attacks. Researchers from GuidePoint Security
noticed, while investigating a recent attack ...

Pierluigi Paganini March 11, 2024
Hacking

EXPERTS RELEASED POC EXPLOIT FOR CRITICAL PROGRESS SOFTWARE OPENEDGE BUG

Researchers released technical specifics and a PoC exploit for a recently
disclosed flaw in Progress Software OpenEdge Authentication Gateway and
AdminServer. Researchers from Horizon3.ai have pub ...

Pierluigi Paganini March 11, 2024
Cyber Crime

MAGNET GOBLIN GROUP USED A NEW LINUX VARIANT OF NERBIANRAT MALWARE

The financially motivated hacking group Magnet Goblin uses various 1-day flaws
to deploy custom malware on Windows and Linux systems. A financially motivated
threat actor named Magnet Goblin made ...

Pierluigi Paganini March 11, 2024
Hacking

HACKERS EXPLOITED WORDPRESS POPUP BUILDER PLUGIN FLAW TO COMPROMISE 3,300 SITES

Threat actors are hacking WordPress sites by exploiting a vulnerability, tracked
as CVE-2023-6000, in old versions of the Popup Builder plugin. In January,
Sucuri researchers reported that Balada ...

Pierluigi Paganini March 11, 2024
Intelligence

LITHUANIA SECURITY SERVICES WARN OF CHINA'S ESPIONAGE AGAINST THE COUNTRY

A report published by Lithuanian security services warned that China has
escalated its espionage operations against Lithuania. A report released by
Lithuanian security services has cautioned that ...

Pierluigi Paganini March 10, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 462 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini March 10, 2024
Hacking

THREAT ACTORS BREACHED TWO CRUCIAL SYSTEMS OF THE US CISA

Threat actors hacked the systems of the Cybersecurity and Infrastructure
Security Agency (CISA) by exploiting Ivanti flaws. The US Cybersecurity and
Infrastructure Security Agency (CISA) agency wa ...

Pierluigi Paganini March 09, 2024
Security

CISA ADDS JETBRAINS TEAMCITY BUG TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a JetBrains
TeamCity vulnerability to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Secur ...

Pierluigi Paganini March 09, 2024
Hacking

CRITICAL FORTINET FORTIOS BUG CVE-2024-21762 POTENTIALLY IMPACTS 150,000
INTERNET-FACING DEVICES

Researchers warn that the critical vulnerability CVE-2024-21762 in Fortinet
FortiOS could potentially impact 150,000 exposed devices. In February,
Fortinet warned that the critical remot ...

Pierluigi Paganini March 09, 2024
Internet of Things

QNAP FIXED THREE FLAWS IN ITS NAS DEVICES, INCLUDING AN AUTHENTICATION BYPASS

QNAP addressed three vulnerabilities in its NAS products that can be exploited
to access devices. QNAP addressed three vulnerabilities in Network Attached
Storage (NAS) devices that can be exploit ...

Pierluigi Paganini March 08, 2024
Hacking

RUSSIA-LINKED MIDNIGHT BLIZZARD BREACHED MICROSOFT SYSTEMS AGAIN

Microsoft revealed that Russia-linked APT group Midnight Blizzard recently
breached its internal systems and source code repositories. Microsoft published
an update on the attack that hit the comp ...

Pierluigi Paganini March 08, 2024
Security

CISCO ADDRESSED SEVERE FLAWS IN ITS SECURE CLIENT

Cisco addressed two high-severity vulnerabilities in Secure Client that could
lead to code execution and unauthorized remote access VPN sessions. Cisco
released security patches to address two hig ...

Pierluigi Paganini March 08, 2024
Data Breach

PLAY RANSOMWARE ATTACK ON XPLAIN EXPOSED 65,000 FILES CONTAINING DATA RELEVANT
TO THE SWISS FEDERAL ADMINISTRATION.

The ransomware attack on Xplain impacted tens of thousands Federal government
files, said the National Cyber Security Centre (NCSC) of Switzerland. The
National Cyber Security Centre (NCSC) publis ...

Pierluigi Paganini March 08, 2024
Cyber Crime

2023 FBI INTERNET CRIME REPORT REPORTED CYBERCRIME LOSSES REACHED $12.5 BILLION
IN 2023

The FBI Internet Crime Complaint Center (IC3) 2023 report states that reported
cybercrime losses reached $12.5 billion in 2023. The 2023 Internet Crime Report
published the FBI's Internet Crime Co ...

Pierluigi Paganini March 07, 2024
Cyber warfare

NATIONAL INTELLIGENCE AGENCY OF MOLDOVA WARNS OF RUSSIA ATTACKS AHEAD OF THE
PRESIDENTIAL ELECTION

The national intelligence agency of Moldova warns of hybrid attacks from Russia
ahead of the upcoming elections. The Moldovan national intelligence agency warns
of hybrid attacks from Russia ahead ...

Pierluigi Paganini March 07, 2024
Security

CISA ADDS APPLE IOS AND IPADOS MEMORY CORRUPTION BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS and
iPadOS memory corruption vulnerabilities to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and ...

Pierluigi Paganini March 07, 2024
Hacking

LINUX MALWARE TARGETS MISCONFIGURED MISCONFIGURED APACHE HADOOP, CONFLUENCE,
DOCKER, AND REDIS SERVERS

A new Linux malware campaign campaign is targeting misconfigured Apache Hadoop,
Confluence, Docker, and Redis instances. Researchers from Cado Security observed
a new Linux malware campaign target ...

Pierluigi Paganini March 07, 2024
Breaking News

CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel
and Sunhillo SureLine vulnerabilities to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Inf ...

Pierluigi Paganini March 06, 2024
Cyber Crime

WATCH OUT, GHOSTSEC AND STOURMOUS GROUPS JOINTLY CONDUCTING RANSOMWARE ATTACKS

Researchers warn that the cybercrime groups GhostSec and Stormous have joined
forces in a new ransomware campaign. The GhostSec and Stormous ransomware gang
are jointly conducting a ransomware cam ...

Pierluigi Paganini March 06, 2024
Cyber Crime

LOCKBIT 3.0’S BUNGLED COMEBACK HIGHLIGHTS THE UNDYING RISK OF TORRENT-BASED
(P2P) DATA LEAKAGE

The wide torrent-based accessibility of these leaked victim files ensures the
longevity of LockBit 3.0’s harmful impact. While embattled ransomware gang
LockBit 3.0 fights for its survival follo ...

Pierluigi Paganini March 06, 2024
Hacking

APPLE EMERGENCY SECURITY UPDATES FIX TWO NEW IOS ZERO-DAYS

Apple released emergency security updates to address two new iOS zero-day
vulnerabilities actively exploited in the wild against iPhone users. Apple
released emergency security updates to address ...

Pierluigi Paganini March 05, 2024
Security

VMWARE URGENT UPDATES ADDRESSED CRITICAL ESXI SANDBOX ESCAPE BUGS

VMware released urgent patches to address critical ESXi sandbox escape
vulnerabilities in the ESXi, Workstation, Fusion and Cloud Foundation products
Virtualization giant VMware released urgent up ...

Pierluigi Paganini March 05, 2024
Laws and regulations

US GOV SANCTIONED INTELLEXA CONSORTIUM INDIVIDUALS AND ENTITIES BEHIND PREDATOR
SPYWARE ATTACKS

The U.S. government sanctioned two individuals and five entities linked to the
development and distribution of the Predator spyware used to target Americans.
Today, the Department of the Treasury� ...

Pierluigi Paganini March 05, 2024
Hacking

CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN
EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft
Windows Kernel vulnerability to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini March 05, 2024
Security

EXPERTS DISCLOSED TWO SEVERE FLAWS IN JETBRAINS TEAMCITY ON-PREMISES SOFTWARE

Two new security flaws in JetBrains TeamCity On-Premises software can allow
attackers to take over affected systems. Rapid7 researchers disclosed two new
critical security vulnerabilities, tracked ...

Pierluigi Paganini March 05, 2024
Cyber warfare

UKRAINE'S GUR HACKED THE RUSSIAN MINISTRY OF DEFENSE

The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims
that it hacked the Russian Ministry of Defense. The Main Intelligence
Directorate (GUR) of Ukraine's Ministry of Def ...

Pierluigi Paganini March 05, 2024
Data Breach

SOME AMERICAN EXPRESS CUSTOMERS' DATA EXPOSED IN A THIRD-PARTY DATA BREACH

American Express warns customers that their credit cards were exposed due to a
data breach experienced by a third-party merchant processor. American Express
(Amex) notifies customers that thei ...

Pierluigi Paganini March 04, 2024
Social Networks

META HIT WITH PRIVACY COMPLAINTS BY EU CONSUMER GROUPS

This is my interview with TRT International on the Meta dispute with EU consumer
groups, which are calling on the bloc to sanction the company EU consumer groups
are calling on the bloc to sanctio ...

Pierluigi Paganini March 04, 2024
Hacking

NEW GTPDOOR BACKDOOR IS DESIGNED TO TARGET TELECOM CARRIER NETWORKS

Researcher HaxRob discovered a previously undetected Linux backdoor named
GTPDOOR, designed to target telecom carrier networks. Security researcher HaxRob
discovered a previously undetected Linux ...

Pierluigi Paganini March 04, 2024
Data Breach

THREAT ACTORS HACKED TAIWAN-BASED CHUNGHWA TELECOM

Threat actors stole sensitive and confidential data from the telecom giant
Chunghwa Telecom Company, revealed the Ministry of National Defense. Chunghwa
Telecom Company, Ltd. (literally Chinese Te ...

Pierluigi Paganini March 04, 2024
Malware

NEW LINUX VARIANT OF BIFROSE RAT USES DECEPTIVE DOMAIN STRATEGIES

A new Linux variant of the remote access trojan (RAT) BIFROSE (aka Bifrost) uses
a deceptive domain mimicking VMware. Palo Alto Networks Unit 42 researchers
discovered a new Linux variant of Bifro ...

Pierluigi Paganini March 04, 2024
Hacking

EKEN CAMERA DOORBELLS ALLOW ILL-INTENTIONED INDIVIDUALS TO SPY ON YOU

Camera doorbells manufactured by the Chinese company Eken Group Ltd under the
brands EKEN and Tuck are affected by major vulnerabilities. Researchers from
Consumer Reports (CR) discovered severe ...

Pierluigi Paganini March 03, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 461 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini March 03, 2024
Security

U.S. JUDGE ORDERED NSO GROUP TO HAND OVER THE PEGASUS SPYWARE CODE TO WHATSAPP

A U.S. Court ordered surveillance firm NSO Group to hand over the source code
for its Pegasus spyware and other products to Meta. Meta won the litigation
against the Israeli spyware vendor NSO G ...

Pierluigi Paganini March 03, 2024
Hacking

U.S. AUTHORITIES CHARGED AN IRANIAN NATIONAL FOR LONG-RUNNING HACKING CAMPAIGN

The U.S. DoJ charged Iranian national Alireza Shafie Nasab for his role in
attacks targeting U.S. government and defense entities. The U.S. Department of
Justice (DoJ) charged Iranian national Ali ...

Pierluigi Paganini March 02, 2024
Cyber Crime

US CYBER AND LAW ENFORCEMENT AGENCIES WARN OF PHOBOS RANSOMWARE ATTACKS

US CISA, the FBI, and MS-ISAC issued a joint CSA to warn of attacks involving
Phobos ransomware variants observed as recently as February 2024 US CISA, the
FBI, and MS-ISAC issued a joint cyber se ...

Pierluigi Paganini March 02, 2024
Cyber Crime

POLICE SEIZED CRIMEMARKET, THE LARGEST GERMAN-SPEAKING CYBERCRIME MARKETPLACE

German police seized the largest German-speaking cybercrime marketplace
Crimemarket and arrested one of its operators. The Düsseldorf Police announced
that a large-scale international law enforc ...

Pierluigi Paganini March 01, 2024
Hacking

FIVE EYES ALLIANCE WARNS OF ATTACKS EXPLOITING KNOWN IVANTI GATEWAY FLAWS

The Five Eyes alliance warns of threat actors exploiting known security flaws in
Ivanti Connect Secure and Ivanti Policy Secure gateways. The Five Eyes
intelligence alliance issued a joint cyberse ...

Pierluigi Paganini March 01, 2024
Cyber Crime

CROOKS STOLE €15 MILLION FROM EUROPEAN RETAIL COMPANY PEPCO

Crooks stole €15.5 million from the European variety retail and discount company
Pepco through a phishing attack. The Hungarian business of the European discount
retailer Pepco Group has been t ...

Pierluigi Paganini March 01, 2024
Security

CISA ADDS MICROSOFT STREAMING SERVICE BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft
Streaming Service vulnerability to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastruct ...

Pierluigi Paganini March 01, 2024
Hacking

RESEARCHERS FOUND A ZERO-CLICK FACEBOOK ACCOUNT TAKEOVER

A critical vulnerability in Facebook could have allowed threat actors to hijack
any Facebook account, researcher warns. Meta addressed a critical Facebook
vulnerability that could have allowed att ...

Pierluigi Paganini February 29, 2024
APT

NEW SPIKEDWINE APT GROUP IS TARGETING OFFICIALS IN EUROPE

A new threat actor, tracked as dubbed SPIKEDWINE, has been observed targeting
officials in Europe with a previously undetected backdoor WINELOADER. Zscaler
researchers warn that a previously un ...

Pierluigi Paganini February 29, 2024
Cyber Crime

IS THE LOCKBIT GANG RESUMING ITS OPERATION?

Experts warn that the LockBit ransomware group has started using updated
encryptors in new attacks, after the recent law enforcement operation. The
LockBit ransomware group appears to have fully r ...

Pierluigi Paganini February 29, 2024
APT

LAZARUS APT EXPLOITED ZERO-DAY IN WINDOWS DRIVER TO GAIN KERNEL PRIVILEGES

North Korea-linked Lazarus APT exploited a zero-day flaw in the Windows
AppLocker driver (appid.sys) to gain kernel-level access to target systems.
Avast researchers observed North Korea-linked La ...

Pierluigi Paganini February 29, 2024
Data Breach

PHARMACEUTICAL GIANT CENCORA DISCLOSES A DATA BREACH

Pharmaceutical giant Cencora suffered a cyber attack and threat actors stole
data from its infrastructure. Pharmaceutical giant Cencora disclosed a data
breach after it was the victim of a cyberat ...

Pierluigi Paganini February 28, 2024
Hacking

UNMASKING 2024'S EMAIL SECURITY LANDSCAPE

Analyzing the Email Security Landscape and exploring Emerging Threats and
Trends. In the ever-shifting digital arena, staying ahead of evolving threat
trends is paramount for organizations aiming ...

Pierluigi Paganini February 28, 2024
Cyber Crime

FBI, CISA, HHS WARN OF TARGETED ALPHV/BLACKCAT RANSOMWARE ATTACKS AGAINST THE
HEALTHCARE SECTOR

The FBI, CISA, and the Department of HHS warned U.S. healthcare organizations of
targeted ALPHV/Blackcat ransomware attacks. A cybersecurity alert published by
the FBI, CISA, and the Department of ...

Pierluigi Paganini February 28, 2024
Breaking News

RUSSIA-LINKED APT28 COMPROMISED UBIQUITI EDGEROUTERS TO FACILITATE CYBER
OPERATIONS

Russian cyberspies are compromising Ubiquiti EdgeRouters to evade detection,
warns a joint advisory published by authorities. The Federal Bureau of
Investigation (FBI), National Security Agency (N ...

Pierluigi Paganini February 28, 2024
Cyber Crime

BLACK BASTA AND BL00DY RANSOMWARE GANGS EXPLOIT RECENT CONNECTWISE SCREENCONNECT
BUGS

New threat actors have started exploiting ConnectWise ScreenConnect
vulnerabilities, including the Black Basta and Bl00dy ransomware gangs. Multiple
threat actors have started exploiting the recen ...

Pierluigi Paganini February 27, 2024
Hacking

XSS FLAW IN LITESPEED CACHE PLUGIN EXPOSES MILLIONS OF WORDPRESS SITES AT RISK

Researchers warn of an XSS vulnerability, tracked as CVE-2023-40000, in the
LiteSpeed Cache plugin for WordPress Patchstack researchers warn of an
unauthenticated site-wide stored XSS vulnerabilit ...

Pierluigi Paganini February 27, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 460 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini February 25, 2024
Cyber Crime

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND
AFFILIATES

U.S. government offers rewards of up to $15 million for information that could
lead to the identification or location of LockBit ransomware gang members and
affiliates. The U.S. Department of Stat ...

Pierluigi Paganini February 21, 2024
Malware

NEW REDIS MINER MIGO USES NOVEL SYSTEM WEAKENING TECHNIQUES

A new malware campaign targets Redis servers to deploy the mining crypto miner
Migo on compromised Linux hosts. Caro Security researchers have observed a new
malware campaign targeting Redis serve ...

Pierluigi Paganini February 21, 2024
Security

CRITICAL FLAW FOUND IN DEPRECATED VMWARE EAP. UNINSTALL IT IMMEDIATELY

VMware urges customers to uninstall the deprecated Enhanced Authentication
Plugin (EAP) after the disclosure of a critical flaw CVE-2024-22245. VMware is
urging users to uninstall the deprecated E ...

Pierluigi Paganini February 21, 2024
Hacking

MICROSOFT EXCHANGE FLAW CVE-2024-21410 COULD IMPACT UP TO 97,000 SERVERS

Researchers from Shadowserver Foundation identified roughly 28,000
internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The
vulnerability CVE-2024-21410 is a bypass vulnerabili ...

Pierluigi Paganini February 21, 2024
Security

CONNECTWISE FIXED CRITICAL FLAWS IN SCREENCONNECT REMOTE ACCESS TOOL

ConnectWise addressed two critical vulnerabilities in its ScreenConnect remote
desktop access product and urges customers to install the patches asap.
ConnectWise warns of the following two critic ...

Pierluigi Paganini February 20, 2024
Cyber Crime

MORE DETAILS ABOUT OPERATION CRONOS THAT DISRUPTED LOCKBIT OPERATION

Law enforcement provided additional details about the international Operation
Cronos that led to the disruption of the Lockbit ransomware operation.
Yesterday, a joint law enforcement action, code ...

Pierluigi Paganini February 20, 2024
Hacking

CACTUS RANSOMWARE GANG CLAIMS THE THEFT OF 1.5TB OF DATA FROM ENERGY MANAGEMENT
AND INDUSTRIAL AUTOMATION FIRM SCHNEIDER ELECTRIC

The Cactus ransomware gang claims the theft of 1.5TB of data from the Energy
management and industrial automation firm Schneider Electric. The Cactus
ransomware group claims responsibility for pil ...

Pierluigi Paganini February 20, 2024
Cyber Crime

OPERATION CRONOS: LAW ENFORCEMENT DISRUPTED THE LOCKBIT OPERATION

An international law enforcement operation codenamed 'Operation Cronos' led to
the disruption of the LockBit ransomware operation. A joint law enforcement
action, code-named Operation Cronos, con ...

Pierluigi Paganini February 19, 2024
Cyber Crime

A UKRAINIAN RACCOON INFOSTEALER OPERATOR IS AWAITING TRIAL IN THE US

The Raccoon Infostealer operator, Mark Sokolovsky, was extradited to the US from
the Netherlands to appear in a US court. In October 2020, the US Justice
Department charged a Ukrainian national, M ...

Pierluigi Paganini February 19, 2024
APT

RUSSIA-LINKED APT TAG-70 TARGETS EUROPEAN GOVERNMENT AND MILITARY MAIL SERVERS
EXPLOITING ROUNDCUBE XSS

An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS
flaws in Roundcube webmail servers to target over 80 organizations. Researchers
from Recorded Future’s Insikt Group id ...

Pierluigi Paganini February 19, 2024
Cyber Crime

HOW BRICS GOT "RUG PULLED" – CRYPTOCURRENCY COUNTERFEITING IS ON THE RISE

Resecurity has identified an increasing trend of cryptocurrency counterfeiting,
the experts found several tokens impersonating major brands, government
organizations and national fiat currencies. ...

Pierluigi Paganini February 19, 2024
Security

SOLARWINDS ADDRESSED CRITICAL RCES IN ACCESS RIGHTS MANAGER (ARM)

SolarWinds addressed three critical vulnerabilities in its Access Rights Manager
(ARM) solution, including two RCE bugs. SolarWinds has fixed several Remote Code
Execution (RCE) vulnerabilities in ...

Pierluigi Paganini February 19, 2024
Breaking News

ESET FIXED HIGH-SEVERITY LOCAL PRIVILEGE ESCALATION BUG IN WINDOWS PRODUCTS

Cybersecurity firm ESET has addressed a high-severity elevation of privilege
vulnerability in its Windows security solution. ESET addressed a high-severity
vulnerability, tracked as CVE-2024-0353 ...

Pierluigi Paganini February 18, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 459 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini February 18, 2024
Cyber Crime

UKRAINIAN NATIONAL FACES UP TO 20 YEARS IN PRISON FOR HIS ROLE IN ZEUS, ICEDID
MALWARE SCHEMES

A Ukrainian national pleaded guilty to his role in the Zeus and IcedID
operations, which caused tens of millions of dollars in losses. Ukrainian
national Vyacheslav Igorevich Penchukov has pleaded ...

Pierluigi Paganini February 17, 2024
Cyber Crime

CISA: CISCO ASA/FTD BUG CVE-2020-3259 EXPLOITED IN RANSOMWARE ATTACKS

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD
vulnerability CVE-2020-3259 (CVSS score: 7.5) in attacks in the wild. This week
the U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini February 17, 2024
Security

CISA ADDS MICROSOFT EXCHANGE AND CISCO ASA AND FTD BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft
Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Infrastru ...

Pierluigi Paganini February 16, 2024
Cyber Crime

US GOV OFFERS A REWARD OF UP TO $10M FOR INFO ON ALPHV/BLACKCAT GANG LEADERS

The U.S. government offers rewards of up to $10 million for information that
could lead to the identification or location of ALPHV/Blackcat ransomware gang
leaders. The U.S. Department of State is ...

Pierluigi Paganini February 16, 2024
Hacking

U.S. CISA: HACKERS BREACHED A STATE GOVERNMENT ORGANIZATION

U.S. CISA revealed that threat actors breached an unnamed state government
organization via an administrator account belonging to a former employee. The
U.S. Cybersecurity and Infrastructure Secur ...

Pierluigi Paganini February 16, 2024
APT

RUSSIA-LINKED TURLA APT USES NEW TINYTURLA-NG BACKDOOR TO SPY ON POLISH NGOS

Russia-linked APT group Turla has been spotted targeting Polish non-governmental
organizations (NGO) with a new backdoor dubbed TinyTurla-NG. Russia-linked
cyberespionage group Turla has been spo ...

Pierluigi Paganini February 16, 2024
Cyber Crime

US GOV DISMANTLED THE MOOBOT BOTNET CONTROLLED BY RUSSIA-LINKED APT28

The US authorities dismantled the Moobot botnet, which was controlled by the
Russia-linked cyberespionage group APT28. A court order allowed US authorities
to neutralize the Moobot botnet, a netwo ...

Pierluigi Paganini February 15, 2024
Hacking

A CYBERATTACK HALTED OPERATIONS AT VARTA PRODUCTION PLANTS

On February 12, 2023, a cyber attack halted operations at five production plants
of German battery manufacturer Varta. On February 13, German battery
manufacturer Varta announced that a cyber atta ...

Pierluigi Paganini February 15, 2024
APT

NORTH KOREA-LINKED ACTORS BREACHED THE EMAILS OF A PRESIDENTIAL OFFICE MEMBER

The office of South Korean President Yoon Suk Yeol said that North Korea-linked
actors breached the personal emails of one of his staff members. The office of
South Korean President Yoon Suk Yeol ...

Pierluigi Paganini February 15, 2024
Hacking

CISA ADDS MICROSOFT WINDOWS BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds 2 Microsoft
Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agenc ...

Pierluigi Paganini February 15, 2024
APT

NATION-STATE ACTORS ARE USING AI SERVICES AND LLMS FOR CYBERATTACKS

Microsoft and OpenAI warn that nation-state actors are using ChatGPT to automate
some phases of their attack chains, including target reconnaissance and social
engineering attacks. Multiple nation ...

Pierluigi Paganini February 15, 2024
Security

ABUSING THE UBUNTU 'COMMAND-NOT-FOUND' UTILITY TO INSTALL MALICIOUS PACKAGES

Researchers reported that attackers can exploit the 'command-not-found' utility
to trick users into installing rogue packages on Ubuntu systems. Cybersecurity
researchers from cloud security firm ...

Pierluigi Paganini February 14, 2024
Security

ZOOM FIXED CRITICAL FLAW CVE-2024-24691 IN WINDOWS SOFTWARE

Zoom addressed seven vulnerabilities in its desktop and mobile applications,
including a critical flaw (CVE-2024-24691) affecting the Windows software. The
popular Video messaging giant Zoom relea ...

Pierluigi Paganini February 14, 2024
Security

ADOBE PATCH TUESDAY FIXED CRITICAL VULNERABILITIES IN MAGENTO, ACROBAT AND
READER

Adobe Patch Tuesday security updates for February 2024 addressed more than 30
vulnerabilities in multiple products, including critical issues. Adobe Patch
Tuesday security updates released by Adob ...

Pierluigi Paganini February 14, 2024
Security

MICROSOFT PATCH TUESDAY FOR FEBRUARY 2024 FIXED 2 ACTIVELY EXPLOITED 0-DAYS

Microsoft Patch Tuesday security updates for February 2024 addressed 72 flaws,
two of which are actively exploited in the wild. Microsoft Patch Tuesday
security updates for February 2024 resolved ...

Pierluigi Paganini February 14, 2024
Cyber Crime

A RANSOMWARE ATTACK TOOK 100 ROMANIAN HOSPITALS DOWN

Authorities in Romania reported that at least 100 hospitals went offline after a
ransomware attack hit the Hipocrate platform. Authorities in Romania confirmed
that a ransomware attack that target ...

Pierluigi Paganini February 13, 2024
Data Breach

BANK OF AMERICA CUSTOMER DATA COMPROMISED AFTER A THIRD-PARTY SERVICES PROVIDER
DATA BREACH

Bank of America revealed that the personal information of some customers was
stolen in a data breach affecting a third-party services provider. Bank of
America began notifying some customers follo ...

Pierluigi Paganini February 13, 2024
Reports

RANSOMFEED - THIRD QUARTER REPORT 2023 IS OUT!

Maintainers behind the Ransomfeed platform have released Q3 Report 2023
including activities of 185 criminal groups operating worldwide. A comprehensive
report delving into the intricate landscape ...

Pierluigi Paganini February 13, 2024
Hacking

GLOBAL MALICIOUS ACTIVITY TARGETING ELECTIONS IS SKYROCKETING

Resecurity has identified a growing trend of malicious cyber-activity targeting
sovereign elections globally With more voters than ever in history heading to
the polls in 2024, Resecurity has iden ...

Pierluigi Paganini February 13, 2024
Cyber Crime

RESEARCHERS RELEASED A FREE DECRYPTION TOOL FOR THE RHYSIDA RANSOMWARE

Researchers discovered a vulnerability in the code of the Rhysida ransomware
that allowed them to develop a decryption tool. Cybersecurity researchers from
Kookmin University and the Korea Interne ...

Pierluigi Paganini February 12, 2024
Security

RESIDENTIAL PROXIES VS. DATACENTER PROXIES: CHOOSING THE RIGHT OPTION

Residential Proxies vs. Datacenter Proxies: this blog post examines the contours
of each type and provides info on how to choose the perfect proxy option In the
robust landscape of the digital era ...

Pierluigi Paganini February 12, 2024
Hacking

CISA ADDS ROUNDCUBE WEBMAIL PERSISTENT XSS BUG TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Roundcube
Webmail Persistent Cross-Site Scripting (XSS) Vulnerability to its Known
Exploited Vulnerabilities catalog. The U.S. Cyb ...

Pierluigi Paganini February 12, 2024
Security

CANADA GOV PLANS TO BAN THE FLIPPER ZERO TO CURB CAR THEFTS

The Canadian government is going to ban the tool Flipper Zero because it is
abused by crooks to steal vehicles in the country. The Canadian government
announced that it plans to ban the tool Flipp ...

Pierluigi Paganini February 12, 2024
Security

9 POSSIBLE WAYS HACKERS CAN USE PUBLIC WI-FI TO STEAL YOUR SENSITIVE DATA

Exploring the Risks: Unveiling 9 Potential Techniques Hackers Employ to Exploit
Public Wi-Fi and Compromise Your Sensitive Data We've all used public Wi-Fi:
it's convenient, saves our data, and sp ...

Pierluigi Paganini February 12, 2024
Cyber Crime

US FEDS ARRESTED TWO MEN INVOLVED IN THE WARZONE RAT OPERATION

The U.S. Justice Department (DoJ) seized the infrastructure that was used to
sell the remote access trojan (RAT) Warzone RAT. The Justice Department
announced the seizure of internet domains used ...

Pierluigi Paganini February 12, 2024
Malware

RASPBERRY ROBIN SPOTTED USING TWO NEW 1-DAY LPE EXPLOITS

Raspberry Robin continues to evolve, it was spotted using two new one-day
exploits for vulnerabilities either Discord to host samples.  Raspberry Robin is
a Windows worm discovered by cybers ...

Pierluigi Paganini February 11, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 458 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini February 11, 2024
Hacking

CISA ADDS FORTINET FORTIOS BUG TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet
FortiOS bug to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agency (CI ...

Pierluigi Paganini February 10, 2024
Malware

MACOS BACKDOOR RUSTDOOR LIKELY LINKED TO ALPHV/BLACKCAT RANSOMWARE OPERATIONS

Bitdefender Researchers linked a new macOS backdoor, named RustDoor, to the
Black Basta and Alphv/BlackCat ransomware operations. Researchers from
Bitdefender discovered a new macOS backdoor, dubb ...

Pierluigi Paganini February 10, 2024
Hacking

EXPLOITING A VULNERABLE MINIFILTER DRIVER TO CREATE A PROCESS KILLER

Researcher demonstrated how to exploit a signed Minifilter Driver in a BYOVD
attack to terminate a specific process from the kernel. Exploiting a signed
Minifilter Driver that can be used to used ...

Pierluigi Paganini February 09, 2024
Data Breach

BLACK BASTA RANSOMWARE GANG HACKED HYUNDAI MOTOR EUROPE

Black Basta ransomware gang claims the hack of the car maker Hyundai Motor
Europe and the theft of three terabytes of their data. BleepingComputer reported
that the Car maker Hyundai Motor Europe ...

Pierluigi Paganini February 09, 2024
Hacking

FORTINET WARNS OF A NEW ACTIVELY EXPLOITED RCE FLAW IN FORTIOS SSL VPN

Fortinet warns that the recently discovered critical remote code execution flaw
in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited.
Fortinet is warning that the recently disc ...

Pierluigi Paganini February 09, 2024
Security

IVANTI WARNS OF A NEW AUTH BYPASS FLAW IN ITS CONNECT SECURE, POLICY SECURE, AND
ZTA GATEWAY DEVICES

Ivanti warns customers of a new authentication bypass vulnerability in its
Connect Secure, Policy Secure, and ZTA gateway devices. Ivanti has warned
customers of a new high-severity security vulne ...

Pierluigi Paganini February 09, 2024
Security

26 CYBER SECURITY STATS EVERY USER SHOULD BE AWARE OF IN 2024

26 key cyber security stats for 2024 that every user should know, from rising
cyber crime rates to the impact of AI technology. Cyber Crime Surge: During
COVID-19, cyber crimes shot up by 600%, s ...

Pierluigi Paganini February 09, 2024
Cyber Crime

US OFFERS $10 MILLION REWARD FOR INFO ON HIVE RANSOMWARE GROUP LEADERS

U.S. Government offers rewards of up to $10 million for information that could
help locate, identify, or arrest members of the Hive ransomware group. The US
Department of State announced rewards u ...

Pierluigi Paganini February 08, 2024
Internet of Things

UNRAVELING THE TRUTH BEHIND THE DDOS ATTACK FROM ELECTRIC TOOTHBRUSHES

Several media reported that three million electric toothbrushes were compromised
and recruited into a DDoS botnet. Is it true? The Swiss newspaper Aargauer
Zeitung first published the news of a DD ...

Pierluigi Paganini February 08, 2024
APT

CHINA-LINKED APT VOLT TYPHOON REMAINED UNDETECTED FOR YEARS IN US INFRASTRUCTURE

China-linked APT Volt Typhoon infiltrated a critical infrastructure network in
the US and remained undetected for at least five years. US CISA, the NSA, the
FBI, along with partner Five Eyes agenc ...

Pierluigi Paganini February 08, 2024
Security

CISCO FIXES CRITICAL EXPRESSWAY SERIES CSRF VULNERABILITIES

CISCO fixed two critical flaws in Expressway Series collaboration gateways
exposing vulnerable devices to cross-site request forgery (CSRF) attacks. Cisco
addressed several vulnerabilities in its ...

Pierluigi Paganini February 08, 2024
Security

CISA ADDS GOOGLE CHROMIUM V8 TYPE CONFUSION BUG TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google
Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Se ...

Pierluigi Paganini February 07, 2024
Security

FORTINET ADDRESSED TWO CRITICAL FORTISIEM VULNERABILITIES

Fortinet warns of two critical OS command injection vulnerabilities in FortiSIEM
that could allow remote attackers to execute arbitrary code Cybersecurity vendor
Fortinet warned of two critical vu ...

Pierluigi Paganini February 07, 2024
Hacking

EXPERTS WARN OF A CRITICAL BUG IN JETBRAINS TEAMCITY ON-PREMISES

A new vulnerability in JetBrains TeamCity On-Premises can be exploited by threat
actors to take over vulnerable instances. JetBrains addressed a critical
security vulnerability, tracked as CVE-202 ...

Pierluigi Paganini February 07, 2024
Hacking

CRITICAL SHIM BUG IMPACTS EVERY LINUX BOOT LOADER SIGNED IN THE PAST DECADE

The maintainers of Shim addressed six vulnerabilities, including a critical flaw
that could potentially lead to remote code execution. The maintainers of 'shim'
addressed six vulnerabilities with ...

Pierluigi Paganini February 07, 2024
APT

CHINA-LINKED APT DEPLOYED MALWARE IN A NETWORK OF THE DUTCH MINISTRY OF DEFENCE

China-linked APT group breached the Dutch Ministry of Defence last year and
installed malware on compromised systems. Dutch Military Intelligence and
Security Service (MIVD) and the General Int ...

Pierluigi Paganini February 07, 2024
Hacking

COMMERCIAL SPYWARE VENDORS ARE BEHIND MOST ZERO-DAY EXPLOITS DISCOVERED BY
GOOGLE TAG

Google's TAG revealed that Commercial spyware vendors (CSV) were behind most of
the zero-day vulnerabilities discovered in 2023. The latest report published by
Google Threat Analysis Group (TAG), ...

Pierluigi Paganini February 06, 2024
Mobile

GOOGLE FIXED AN ANDROID CRITICAL REMOTE CODE EXECUTION FLAW

Google released Android ’s February 2024 security patches to address 46
vulnerabilities, including a critical remote code execution issue. Google
released Android February 2024 security patches ...

Pierluigi Paganini February 06, 2024
Cyber Crime

A MAN FACES UP TO 25 YEARS IN PRISON FOR HIS ROLE IN OPERATING UNLICENSED CRYPTO
EXCHANGE BTC-E

A Belarusian and Cypriot national linked with the cryptocurrency exchange BTC-e
is facing charges that can lead maximum penalty of 25 years in prison.
Aliaksandr Klimenka, a Belarusian and Cypriot ...

Pierluigi Paganini February 06, 2024
Laws and regulations

U.S. GOV IMPOSES VISA RESTRICTIONS ON INDIVIDUALS MISUSING COMMERCIAL SPYWARE

The U.S. government imposes visa restrictions on individuals who are involved in
the illegal use of commercial spyware. The U.S. State Department announced it is
implementing a new policy to impo ...

Pierluigi Paganini February 06, 2024
Cyber Crime

HPE IS INVESTIGATING CLAIMS OF A NEW SECURITY BREACH

Hewlett Packard Enterprise (HPE) is investigating a new data breach after a
threat actor claimed to have stolen data on a hacking forum. Hewlett Packard
Enterprise (HPE) is investigating a new dat ...

Pierluigi Paganini February 06, 2024
Hacking

EXPERTS WARN OF A SURGE OF ATTACKS TARGETING IVANTI SSRF FLAW 

The Ivanti SSRF vulnerability tracked as CVE-2024-21893 is actively exploited in
attacks in the wild by multiple threat actors. The Ivanti Server-Side Request
Forgery (SSRF) vulnerability, identi ...

Pierluigi Paganini February 05, 2024
Hacking

HOW TO HACK THE AIRBUS NAVBLUE FLYSMART+ MANAGER

Airbus Navblue Flysmart+ Manager allowed attackers to tamper with the engine
performance calculations and intercept data. Flysmart+ is a suite of apps for
pilot EFBs, helping deliver efficient and ...

Pierluigi Paganini February 05, 2024
Cyber Crime

CROOKS STOLE $25.5 MILLION FROM A MULTINATIONAL FIRM USING A 'DEEPFAKE' VIDEO
CALL

Scammers stole HK$200 million (roughly $25,5 million) from a multi-national
company using a deepfake conf call to trick an employee into transferring the
funds. Scammers successfully stole HK$200 ...

Pierluigi Paganini February 05, 2024
Hacking

SOFTWARE FIRM ANYDESK DISCLOSED A SECURITY BREACH

Remote desktop software company AnyDesk announced that threat actors compromised
its production environment. Remote desktop software company AnyDesk announced on
Friday that threat actors had acce ...

Pierluigi Paganini February 05, 2024
Data Breach

THE 'MOTHER OF ALL BREACHES': NAVIGATING THE AFTERMATH AND FORTIFYING YOUR DATA
WITH DSPM

What is Data Security Posture Management (DSPM) and how you can mitigate the
risks of data leaks such as the 'Mother of All Breaches' Cybersecurity
researchers recently uncovered what is now being ...

Pierluigi Paganini February 04, 2024
Cyber warfare

US GOVERNMENT IMPOSED SANCTIONS ON SIX IRANIAN INTEL OFFICIALS

The US government issued sanctions against six Iranian government officials
linked to cyberattacks against critical infrastructure organizations.  The U.S.
Treasury Department's Office of Foreign ...

Pierluigi Paganini February 04, 2024
Cyber Crime

A CYBERATTACK IMPACTED OPERATIONS AT LURIE CHILDREN'S HOSPITAL

A cyber attack forced Lurie Children's Hospital in Chicago to take IT systems
offline with a severe impact on its operations. The Lurie Children's Hospital in
Chicago took IT systems offline after ...

Pierluigi Paganini February 04, 2024
Cyber Crime

ANYDESK INCIDENT: CUSTOMER CREDENTIALS LEAKED AND PUBLISHED FOR SALE ON THE DARK
WEB

Resecurity identified bad actors offering a significant number of AnyDesk
customer credentials for sale on the Dark Web. Such information being available
for cybercriminals could act as a catalys ...

Pierluigi Paganini February 04, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 457 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini February 04, 2024
Security

CLOROX ESTIMATES THE COSTS OF THE AUGUST CYBERATTACK WILL EXCEED $49 MILLION

Cleaning products giant Clorox estimates the economic impact of the cyber attack
that hit the company in August 2023 at $49 million. The Clorox Company is a
multinational consumer goods company th ...

Pierluigi Paganini February 03, 2024
Hacking

MASTODON FIXED A FLAW THAT CAN ALLOW THE TAKEOVER OF ANY ACCOUNT

A vulnerability impacting the decentralized social network Mastodon can be
exploited by threat actors to impersonate and take over any account. A security
flaw, tracked as CVE-2024-23832 (CVSS sco ...

Pierluigi Paganini February 03, 2024
Hacking

IRANIAN HACKERS BREACHED ALBANIA’S INSTITUTE OF STATISTICS (INSTAT)

Albania’s Institute of Statistics (INSTAT) announced that it was targeted by a
sophisticated cyberattack that affected some of its systems. A sophisticated
cyberattack on Wednesday hit Albania� ...

Pierluigi Paganini February 02, 2024
Cyber Crime

OPERATION SYNERGIA LED TO THE ARREST OF 31 INDIVIDUALS

An international law enforcement operation, named Synergia, led to the arrest of
31 individuals involved in ransomware, banking malware, and phishing attacks.
Operation Synergia was led by Interpo ...

Pierluigi Paganini February 02, 2024
Intelligence

EX CIA EMPLOYEE JOSHUA ADAM SCHULTE SENTENCED TO 40 YEARS IN PRISON

A former software engineer with the U.S. CIA has been sentenced to 40 years in
prison for leaking classified documents. Former CIA employee Joshua Adam Schulte
has been sentenced to 40 years in p ...

Pierluigi Paganini February 02, 2024
Hacking

CLOUDFLARE BREACHED ON THANKSGIVING DAY, BUT THE ATTACK WAS PROMPTLY CONTAINED

Cloudflare revealed that a nation-state actor breached its internal Atlassian
server, gaining access to the internal wiki and its bug database (Atlassian
Jira). The incident took place on Thanksg ...

Pierluigi Paganini February 02, 2024
Malware

PURPLEFOX MALWARE INFECTED AT LEAST 2,000 COMPUTERS IN UKRAINE

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a
PurpleFox malware campaign had already infected at least 2,000 computers in the
country. The Computer Emergency Response T ...

Pierluigi Paganini February 02, 2024
Cyber Crime

MAN SENTENCED TO SIX YEARS IN PRISON FOR STEALING MILLIONS IN CRYPTOCURRENCY VIA
SIM SWAPPING

A US man has been sentenced to federal prison for his role in a fraudulent
scheme that resulted in the theft of millions of dollars through SIM swapping.
Daniel James Junk (22) of Portland was sen ...

Pierluigi Paganini February 01, 2024
Security

CISA ORDERS FEDERAL AGENCIES TO DISCONNECT IVANTI VPN INSTANCES BY FEBRUARY 2

CISA is ordering federal agencies to disconnect Ivanti Connect Secure and Ivanti
Policy Secure products within 48 hours. For the first time since its
establishment, CISA is ordering federal agenci ...

Pierluigi Paganini February 01, 2024
APT

MULTIPLE MALWARE USED IN ATTACKS EXPLOITING IVANTI VPN FLAWS

Mandiant spotted new malware used by a China-linked threat actor UNC5221
targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant
researchers discovered new malware employed by a Ch ...

Pierluigi Paganini February 01, 2024
Cyber Crime

POLICE SEIZED 50,000 BITCOIN FROM OPERATOR OF THE NOW-DEFUNCT PIRACY SITE
MOVIE2K

German police seized 50,000 Bitcoin from the former operator of the now-defunct
piracy website movie2k.to. The police in Saxony, Germany, have seized 50,000
Bitcoin (more than $2.1 billion at the ...

Pierluigi Paganini February 01, 2024
Cyber Crime

CROOKS STOLE AROUND $112 MILLION WORTH OF XRP FROM RIPPLE’S CO-FOUNDER

Crooks stole around $112 million worth of Ripple XRP from the crypto wallet of
Ripple’s co-founder Chris Larsen. This week, crooks stole around $112 million
worth of the Ripple-focused cryptocur ...

Pierluigi Paganini January 31, 2024
Security

CISA ADDS APPLE IMPROPER AUTHENTICATION BUG TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper
authentication bug to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Securi ...

Pierluigi Paganini January 31, 2024
Hacking

IVANTI WARNS OF A NEW ACTIVELY EXPLOITED ZERO-DAY

Ivanti warns of two new vulnerabilities in its Connect Secure and Policy Secure
products, one of which is actively exploited in the wild. Ivanti is warning of
two new high-severity vulnerabilities ...

Pierluigi Paganini January 31, 2024
Malware

THREAT ACTORS EXPLOIT IVANTI VPN BUGS TO DEPLOY KRUSTYLOADER MALWARE

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect
Secure (ICS) VPN devices to deliver KrustyLoader. In early January 2024,
software firm Ivanti reported that threat ...

Pierluigi Paganini January 31, 2024
Security

DATA LEAK AT FINTECH GIANT DIRECT TRADING TECHNOLOGIES

Sensitive data and trading activity of over 300K traders leaked online by
international fintech firm Direct Trading Technologies. Direct Trading
Technologies, an international fintech company, jeo ...

Pierluigi Paganini January 31, 2024
Breaking News

ROOT ACCESS VULNERABILITY IN GNU LIBRARY C (GLIBC) IMPACTS MANY LINUX DISTROS

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in
GNU Library C (glibc) affecting multiple Linux distributions. The Qualys Threat
Research Unit discovered four securit ...

Pierluigi Paganini January 30, 2024
Laws and regulations

ITALIAN DATA PROTECTION AUTHORITY SAID THAT CHATGPT VIOLATED EU PRIVACY LAWS

Italian data protection authority regulator authority Garante said that ChatGPT
violated European Union data privacy regulations. The Italian data protection
authority regulator authority, known a ...

Pierluigi Paganini January 30, 2024
Data Breach

750 MILLION INDIAN MOBILE SUBSCRIBERS' DATA OFFERED FOR SALE ON DARK WEB

Data of 750 million Indian mobile subscribers was offered for sale on dark web
hacker forums earlier in January. CloudSEK researchers warned that a database
containing data of 750 million Indian m ...

Pierluigi Paganini January 30, 2024
Security

JUNIPER NETWORKS RELEASED OUT-OF-BAND UPDATES TO FIX HIGH-SEVERITY FLAWS

Juniper Networks released out-of-band updates to fix high-severity flaws in SRX
Series and EX Series that can allow attackers to take over unpatched systems.
Juniper Networks has released out-of ...

Pierluigi Paganini January 30, 2024
Cyber Crime

HUNDREDS OF NETWORK OPERATORS’ CREDENTIALS FOUND CIRCULATING IN DARK WEB

Hundreds of compromised credentials of customers of RIPE, APNIC, AFRINIC, and
LACNIC are available on the dark web, Resecurity warns. Resecurity conducted a
thorough scan of the Dark Web and ident ...

Pierluigi Paganini January 30, 2024
Data Breach

CACTUS RANSOMWARE GANG CLAIMS THE SCHNEIDER ELECTRIC HACK

Energy management and industrial automation firm Schneider Electric suffered a
data breach after a Cactus ransomware attack. Schneider Electric is a
multinational company that specializes in energ ...

Pierluigi Paganini January 30, 2024
Data Breach

MERCEDES-BENZ ACCIDENTALLY EXPOSED SENSITIVE DATA, INCLUDING SOURCE CODE

Researchers discovered that Mercedes-Benz accidentally left a private key online
exposing internal data, including the company’s source code. RedHunt Labs
researchers discovered that Mercedes-Be ...

Pierluigi Paganini January 29, 2024
Hacking

EXPERTS DETAILED MICROSOFT OUTLOOK FLAW THAT CAN LEAK NTLM V2 HASHED PASSWORDS

A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords
by tricking users into opening a specially crafted file. The vulnerability
CVE-2023-35636 impacting Microsoft Outloo ...

Pierluigi Paganini January 29, 2024
Intelligence

NSA BUYS INTERNET BROWSING RECORDS FROM DATA BROKERS WITHOUT A WARRANT

The U.S. National Security Agency (NSA) admitted to buying internet browsing
records from data brokers to monitor Americans' activity online without a court
order. U.S. Senator Ron Wyden, D-Ore., ...

Pierluigi Paganini January 29, 2024
Intelligence

UKRAINE’S SBU ARRESTED A MEMBER OF PRO-RUSSIA HACKERS GROUP 'CYBER ARMY OF
RUSSIA'

Ukraine's security service (SBU) detained an alleged member of the pro-Russia
hacker group "the Cyber Army of Russia." Ukraine's security service, the
SBU, announced that it has identified and de ...

Pierluigi Paganini January 29, 2024
Hacking

MULTIPLE POC EXPLOITS RELEASED FOR JENKINS FLAW CVE-2024-23897

Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins
vulnerability CVE-2024-23897 have been released. Researchers warn that several
proof-of-concept (PoC) exploits targ ...

Pierluigi Paganini January 28, 2024
Cyber Crime

MEDUSA RANSOMWARE ATTACK HIT KANSAS CITY AREA TRANSPORTATION AUTHORITY

Medusa ransomware gang claimed responsibility for the attack against the Kansas
City Area Transportation Authority (KCATA). On January 23, 2023, the Kansas City
Area Transportation Authority (KCAT ...

Pierluigi Paganini January 28, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 456 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini January 28, 2024
Hacktivism

PRO-UKRAINE HACKERS WIPED 2 PETABYTES OF DATA FROM RUSSIAN RESEARCH CENTER

The Main Intelligence Directorate of Ukraine's Ministry of Defense states that
pro-Ukraine hackers wiped 2 petabytes of data from a Russian research center.
The Main Directorate of Intelligence of ...

Pierluigi Paganini January 27, 2024
Hacking

PARTICIPANTS EARNED MORE THAN $1.3M AT THE PWN2OWN AUTOMOTIVE COMPETITION

Bug bounty hunters earned more than $1.3 million for hacking Teslas,
infotainment systems, and electric vehicle chargers at the Pwn2Own Automotive
competition. The Zero Day Initiative’s Pwn2Own ...

Pierluigi Paganini January 27, 2024
Cyber Crime

A TRICKBOT MALWARE DEVELOPER SENTENCED TO 64 MONTHS IN PRISON

The Russian national malware developer Vladimir Dunaev was sentenced to more
than 5 years in prison for his role in the TrickBot operation. The Russian
national Vladimir Dunaev (40) has been sente ...

Pierluigi Paganini January 26, 2024
APT

RUSSIAN MIDNIGHT BLIZZARD APT IS TARGETING ORGS WORLDWIDE, MICROSOFT WARNS

Microsoft revealed that Russia-linked APT Midnight Blizzard has been targeting
organizations worldwide in a cyberespionage campaign. Microsoft announced that
the Russia-linked APT Midnight Blizzar ...

Pierluigi Paganini January 26, 2024
Security

WATCH OUT, EXPERTS WARN OF A CRITICAL FLAW IN JENKINS

Jenkins maintainers addressed several security vulnerabilities, including a
critical remote code execution (RCE) flaw. Jenkins is the most popular open
source automation server, it is maintai ...

Pierluigi Paganini January 26, 2024
Hacking

PWN2OWN AUTOMOTIVE 2024 DAY 2 - TESLA HACKED AGAIN

Researchers hacked the Tesla infotainment system and found 24 zero-days on day 2
of Pwn2Own Automotive 2024 hacking competition. White hat hackers from the
Synacktiv Team (@Synacktiv) compromised ...

Pierluigi Paganini January 26, 2024
Reports

YEARLY INTEL TREND REVIEW: THE 2023 REDSENSE REPORT

The 2023 RedSense report covers long-term observations we have made regarding
intel trends and interconnectivity. These observations were made by analyzing
numerous 2023 threat findings and disco ...

Pierluigi Paganini January 25, 2024
Security

CISCO WARNS OF A CRITICAL BUG IN UNIFIED COMMUNICATIONS PRODUCTS, PATCH IT NOW!

Cisco addressed a critical flaw in its Unified Communications and Contact Center
Solutions products that could lead to remote code execution. Cisco released
security patches to address a critical ...

Pierluigi Paganini January 25, 2024
Security

RUSSIA-LINKED APT GROUP MIDNIGHT BLIZZARD HACKED HEWLETT PACKARD ENTERPRISE
(HPE)

Hewlett Packard Enterprise (HPE) revealed that Russia-linked APT group Midnight
Blizzard gained access to its Microsoft Office 365 email system. Hewlett Packard
Enterprise (HPE) revealed that alle ...

Pierluigi Paganini January 25, 2024
Hacking

CISA ADDS ATLASSIAN CONFLUENCE DATA CENTER BUG TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Atlassian
Confluence Data Center and Server Template Injection bug to its Known Exploited
Vulnerabilities catalog. The U.S. Cyber ...

Pierluigi Paganini January 25, 2024
Hacking

5379 GITLAB SERVERS VULNERABLE TO ZERO-CLICK ACCOUNT TAKEOVER ATTACKS

Thousands of GitLab servers are vulnerable to zero-click account takeover
attacks exploiting the flaw CVE-2023-7028. GitLab has recently released security
updates to address two critical vulnerabi ...

Pierluigi Paganini January 24, 2024
Hacking

EXPERTS RELEASED POC EXPLOIT FOR FORTRA GOANYWHERE MFT FLAW CVE-2024-0204

Researchers released PoC exploit code for a recently disclosed critical
authentication bypass flaw in Fortra's GoAnywhere MFT (Managed File Transfer).
Researchers with cybersecurity firm Horizon3' ...

Pierluigi Paganini January 24, 2024
Security

SPLUNK FIXED HIGH-SEVERITY FLAW IMPACTING WINDOWS VERSIONS

Splunk addressed multiple vulnerabilities in Splunk Enterprise, including a
high-severity flaw impacting Windows installs. Splunk addressed multiple
vulnerabilities in Splunk Enterprise, including ...

Pierluigi Paganini January 24, 2024
Hacking

WATCH OUT, A NEW CRITICAL FLAW AFFECTS FORTRA GOANYWHERE MFT

Fortra addressed a new authentication bypass vulnerability impacting GoAnywhere
MFT (Managed File Transfer) product. Fortra warns customers of a new
authentication bypass vulnerability tracked as� ...

Pierluigi Paganini January 23, 2024
Hacking

AUSTRALIAN GOVERNMENT ANNOUNCED SANCTIONS FOR MEDIBANK HACKER

The Australian government announced sanctions for a member of the REvil
ransomware group for the Medibank hack that occurred in 2022. The Australian
government announced sanctions for Aleksandr Ge ...

Pierluigi Paganini January 23, 2024
Hacking

LOANDEPOT DATA BREACH IMPACTED ROUGHLY 16.6 INDIVIDUALS

Financial services company LoanDepot disclosed a data breach that impacted
roughly 16.6 million individuals. LoanDepot is a financial services company that
primarily operates as a mortgage lender. ...

Pierluigi Paganini January 23, 2024
Cyber Crime

BLACK BASTA GANG CLAIMS THE HACK OF THE UK WATER UTILITY SOUTHERN WATER

The Black Basta ransomware gang claimed to have hacked the UK water utility
Southern Water, a major player in the UK water industry. Southern Water is a
private utility company responsible for col ...

Pierluigi Paganini January 23, 2024
Security

CISA ADDS VMWARE VCENTER SERVER BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds VMware vCenter
Server Out-of-Bounds Write bug to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastr ...

Pierluigi Paganini January 23, 2024
Breaking News

MOTHER OF ALL BREACHES - A HISTORIC DATA LEAK REVEALS 26 BILLION RECORDS: CHECK
WHAT'S EXPOSED

Cybersecurity researcher Bob Dyachenko and CyberNews researchers discovered the
largest data leak ever discovered. The supermassive leak contains data from
numerous previous breaches, comprising a ...

Pierluigi Paganini January 22, 2024
Security

APPLE FIXED ACTIVELY EXPLOITED ZERO-DAY CVE-2024-23222

Apple addressed the first zero-day vulnerability that impacts iPhones, Macs, and
Apple TVs. The issue is actively exploited in the wild. Apple released security
updates to address a zero-day vulne ...

Pierluigi Paganini January 22, 2024
Cyber Crime

“MY SLICE”, AN ITALIAN ADAPTIVE PHISHING CAMPAIGN

Adaptive phishing campaigns are emerging as an increasingly sophisticated threat
in the cybersecurity landscape. The phenomenon This phenomenon represents an
evolution of traditional phishing t ...

Pierluigi Paganini January 22, 2024
Malware

THREAT ACTORS EXPLOIT APACHE ACTIVEMQ FLAW TO DELIVER THE GODZILLA WEB SHELL

Researchers warn of a spike in attacks exploiting a now-patched flaw in Apache
ActiveMQ to deliver the Godzilla web shell. Trustwave researchers observed a
surge in attacks exploiting a now-patche ...

Pierluigi Paganini January 22, 2024
Data Breach

CYBERCRIMINALS LEAKED MASSIVE VOLUMES OF STOLEN PII DATA FROM THAILAND IN DARK
WEB

Resecurity researchers warn of massive leak of stolen Thai personally
identifiable information (PII) on the dark web by cybercriminals. Resecurity has
detected a noticeable increase in data leaks ...

Pierluigi Paganini January 22, 2024
Malware

BACKDOORED PIRATED APPLICATIONS TARGETS APPLE MACOS USERS

Researchers warned that pirated applications have been employed to deliver a
backdoor to Apple macOS users. Jamf Threat Labs researchers warned that pirated
applications have been utilized to dist ...

Pierluigi Paganini January 22, 2024
Cyber Crime

LOCKBIT RANSOMWARE GANG CLAIMS THE ATTACK ON THE SANDWICH CHAIN SUBWAY

The LockBit ransomware gang claimed to have hacked Subway, the American
multinational fast food restaurant franchise.  Subway IP LLC is an American
multinational fast-food restauran ...

Pierluigi Paganini January 21, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 455 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini January 21, 2024
Cyber Crime

ADMIN OF THE BREACHFORUMS HACKING FORUM SENTENCED TO 20 YEARS SUPERVISED RELEASE

Conor Brian Fitzpatrick, the admin of the BreachForums hacking forum, has been
sentenced to 20 years supervised release. Conor Brian Fitzpatrick, the admin of
the BreachForums hacking forum, was s ...

Pierluigi Paganini January 20, 2024
Data Breach

VF CORP DECEMBER DATA BREACH IMPACTS 35 MILLION CUSTOMERS

American global apparel and footwear company VF Corp revealed that the December
data breach impacted 35.5 million customers. VF Corporation is an American
global apparel and footwear company ...

Pierluigi Paganini January 19, 2024
APT

CHINA-LINKED APT UNC3886 EXPLOITS VMWARE ZERO-DAY SINCE 2021

China-linked group UNC3886 has been exploiting vCenter Server zero-day
vulnerability CVE-2023-34048 since at least late 2021. Mandiant researchers
reported that China-linked APT group UNC3886 has ...

Pierluigi Paganini January 19, 2024
Reports

RANSOMWARE ATTACKS BREAK RECORDS IN 2023: THE NUMBER OF VICTIMS ROSE BY 128%

Ransomware groups claimed that they successfully targeted 4191 victims in 2023,
Cybernews researchers report. According to the Ransomlooker tool, the number of
ransomware attack victims increased ...

Pierluigi Paganini January 19, 2024
Hacking

U.S. CISA WARNS OF ACTIVELY EXPLOITED IVANTI EPMM FLAW CVE-2023-35082

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM
flaw CVE-2023-35082 to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Securit ...

Pierluigi Paganini January 19, 2024
Security

THE QUANTUM COMPUTING CRYPTOPOCALYPSE – I’LL KNOW IT WHEN I SEE IT

Can quantum computing break cryptography? Can it do it within a person’s
lifetime? Will it be a cryptopocalypse, as some experts suggest? Can quantum
computing break cryptography? Sure, it can. ...

Pierluigi Paganini January 19, 2024
Security

KANSAS STATE UNIVERSITY SUFFERED A SERIOUS CYBERSECURITY INCIDENT

Kansas State University (K-State) suffered a cybersecurity incident that has
disrupted part of its network and services. Kansas State University (K-State)
suffered a cybersecurity incident that im ...

Pierluigi Paganini January 19, 2024
Hacking

CISA ADDS CHROME AND CITRIX NETSCALER TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chrome and
Citrix flaws to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini January 18, 2024
APT

GOOGLE TAG WARNS THAT RUSSIAN COLDRIVER APT IS USING A CUSTOM BACKDOOR

Google warns that the Russia-linked threat actor COLDRIVER expands its targeting
and is developing a custom malware. The ColdRiver APT (aka “Seaborgium“,
"Callisto", “Star Blizzard”, “TA ...

Pierluigi Paganini January 18, 2024
Hacking

PIXIEFAIL: NINE FLAWS IN UEFI OPEN-SOURCE REFERENCE IMPLEMENTATION COULD HAVE
SEVERE IMPACTS

Experts found multiple flaws, collectively named PixieFail, in the network
protocol stack of an open-source reference implementation of the UEFI. Quarkslab
researchers discovered nine vulnerabili ...

Pierluigi Paganini January 18, 2024
Malware

ISHUTDOWN LIGHTWEIGHT METHOD ALLOWS TO DISCOVER SPYWARE INFECTIONS ON IPHONES

Researchers devised a "lightweight method," called iShutdown, to determine
whether Apple iOS devices have been infected with spyware. Cybersecurity
researchers from Kaspersky have identified a " ...

Pierluigi Paganini January 18, 2024
Hacking

PRO-RUSSIA GROUP HIT SWISS GOVT SITES AFTER ZELENSKY VISIT IN DAVOS

Switzerland believes that the attack claimed by pro-Russian group NoName that
hit the government websites is retaliation for Zelensky’s presence at Davos.
Switzerland believes that the cyberatta ...

Pierluigi Paganini January 17, 2024
Security

GITHUB ROTATED CREDENTIALS AFTER THE DISCOVERY OF A VULNERABILITY

GitHub rotated some credentials after the discovery of a flaw that allowed
access to the environment variables of a production container. After GitHub
became aware of a vulnerability through its b ...

Pierluigi Paganini January 17, 2024
Cyber Crime

FBI, CISA WARN OF ANDROXGH0ST BOTNET FOR VICTIM IDENTIFICATION AND EXPLOITATION

U.S. CISA and the FBI warned of AndroxGh0st malware used to create a botnet for
victim identification and exploitation in target networks. US CISA and the
Federal Bureau of Investigation (FBI) r ...

Pierluigi Paganini January 17, 2024
Hacking

CITRIX WARNS ADMINS TO IMMEDIATELY PATCH NETSCALER FOR ACTIVELY EXPLOITED
ZERO-DAYS

Citrix fixed two actively exploited zero-day vulnerabilities impacting Netscaler
ADC and Gateway appliances. Citrix warns customers to install security updates
to address two actively exploited ze ...

Pierluigi Paganini January 17, 2024
Security

GOOGLE FIXED THE FIRST ACTIVELY EXPLOITED CHROME ZERO-DAY OF 2024

Google has addressed the first Chrome zero-day vulnerability of the year that is
actively being exploited in the wild. Google has released security updates to
address the first Chrome zero-day vul ...

Pierluigi Paganini January 16, 2024
Breaking News

ATLASSIAN FIXED CRITICAL RCE IN OLDER CONFLUENCE VERSIONS

Atlassian warns of a critical remote code execution issue in Confluence Data
Center and Confluence Server that impacts older versions. Atlassian warns of a
critical remote code execution vulnerabi ...

Pierluigi Paganini January 16, 2024
Security

VMWARE FIXED A CRITICAL FLAW IN ARIA AUTOMATION. PATCH IT NOW!

VMware warns customers of a critical vulnerability impacting its Aria Automation
multi-cloud infrastructure automation platform. VMware Aria Automation (formerly
vRealize Automation) is a modern c ...

Pierluigi Paganini January 16, 2024
Hacking

EXPERTS WARN OF MASS EXPLOITATION OF IVANTI CONNECT SECURE VPN FLAWS

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure
vulnerabilities are massively exploited in the wild. Last week, software firm
Ivanti reported that threat actors ar ...

Pierluigi Paganini January 16, 2024
Security

EXPERTS WARN OF A VULNERABILITY AFFECTING BOSCH BCC100 THERMOSTAT

Researchers warn of high-severity vulnerability affecting Bosch BCC100
thermostats. Researchers from Bitdefender discovered a high-severity
vulnerability affecting Bosch BCC100 thermostats. The ...

Pierluigi Paganini January 16, 2024
Hacking

OVER 178,000 SONICWALL NEXT-GENERATION FIREWALLS (NGFW) ONLINE EXPOSED TO HACK

Researchers from Bishop Fox found over 178,000 SonicWall next-generation
firewalls (NGFW) publicly exploitable. SonicWall next-generation firewall (NGFW)
series 6 and 7 devices are affected by two ...

Pierluigi Paganini January 15, 2024
Hacking

PHEMEDRONE INFO STEALER CAMPAIGN EXPLOITS WINDOWS SMARTSCREEN BYPASS

Threat actors exploit a recent Windows SmartScreen bypass flaw CVE-2023-36025 to
deliver the Phemedrone info stealer. Trend Micro researchers uncovered a malware
campaign exploiting the vulnerabil ...

Pierluigi Paganini January 15, 2024
Malware

BALADA INJECTOR CONTINUES TO INFECT THOUSANDS OF WORDPRESS SITES

Balada Injector malware infected more than 7100 WordPress sites using a
vulnerable version of the Popup Builder plugin. In September, Sucuri researchers
reported that more than 17,000 WordPress we ...

Pierluigi Paganini January 15, 2024
Hacking

ATTACKERS TARGET APACHE HADOOP AND FLINK TO DELIVER CRYPTOMINERS

Researchers devised a new attack that exploits misconfigurations in Apache
Hadoop and Flink to deploy cryptocurrency miners. Cybersecurity researchers from
cyber security firm Aqua have uncovered ...

Pierluigi Paganini January 15, 2024
Hacking

APPLE FIXED A BUG IN MAGIC KEYBOARD THAT ALLOWS TO MONITOR BLUETOOTH TRAFFIC

Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability
with the release of Magic Keyboard firmware. Apple released Magic Keyboard
Firmware Update 2.0.6 to address a recen ...

Pierluigi Paganini January 15, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 454 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini January 13, 2024
Security

GITLAB FIXED A CRITICAL ZERO-CLICK ACCOUNT HIJACKING FLAW

GitLab addressed two critical flaws impacting both the Community and Enterprise
Edition, including a critical zero-click account hijacking vulnerability GitLab
has released security updates to add ...

Pierluigi Paganini January 13, 2024
Security

JUNIPER NETWORKS FIXED A CRITICAL RCE BUG IN ITS FIREWALLS AND SWITCHES

Juniper Networks fixed a critical pre-auth remote code execution (RCE) flaw,
tracked as CVE-2024-21591, in its SRX Series firewalls and EX Series switches.
Juniper Networks released security updat ...

Pierluigi Paganini January 12, 2024
Deep Web

VAST VOTER DATA LEAKS CAST SHADOW OVER INDONESIA ’S 2024 PRESIDENTIAL ELECTION

Investigators from Resecurity’s HUNTER (HUMINT) warn that Indonesia is
increasingly being targeted by cyber-threat actors. Investigators from
Resecurity’s HUNTER (HUMINT) have found that Indon ...

Pierluigi Paganini January 12, 2024
Hacking

RESEARCHERS CREATED A POC FOR APACHE OFBIZ FLAW CVE-2023-51467

Researchers published a proof-of-concept (PoC) code for the recently disclosed
critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity
firm VulnCheck have created a pro ...

Pierluigi Paganini January 12, 2024
Security

TEAM LIQUID’S WIKI LEAK EXPOSES 118K USERS

Liquipedia, an online e-sports platform run by Team Liquid, exposed a database
revealing its users’ email addresses and other details. Users of the e-sports
knowledge base were exposed via a pub ...

Pierluigi Paganini January 12, 2024
Security

CISA ADDS IVANTI AND MICROSOFT SHAREPOINT BUGS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect
Secure and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and In ...

Pierluigi Paganini January 11, 2024
Hacking

TWO ZERO-DAY BUGS IN IVANTI CONNECT SECURE ACTIVELY EXPLOITED

Ivanti revealed that two threat actors are exploiting two zero-day
vulnerabilities in its Connect Secure (ICS) and Policy Secure. Software firm
Ivanti reported that threat actors are exploiting tw ...

Pierluigi Paganini January 11, 2024
Cyber Crime

X ACCOUNT OF LEADING CYBERSECURITY FIRM MANDIANT WAS HACKED BECAUSE NOT
ADEQUATELY PROTECTED

The X account of cybersecurity firm Mandiant was likely hacked through a
brute-force password attack, the company revealed. Last week, threat actors
hacked the X account of cybersecurity firm Mand ...

Pierluigi Paganini January 11, 2024
Security

CISCO FIXED CRITICAL UNITY CONNECTION VULNERABILITY CVE-2024-20272

Cisco addressed a critical Unity Connection security flaw that can be exploited
by an unauthenticated attacker to get root privileges. Cisco has addressed a
critical flaw, tracked as CVE-2024-2027 ...

Pierluigi Paganini January 11, 2024
Cyber Crime

SHINYHUNTERS MEMBER SENTENCED TO THREE YEARS IN PRISON

A U.S. District Court sentenced ShinyHunters hacker Sebastien Raoult to three
years in prison and ordered him to pay more than $5 million in restitution. The
member of the ShinyHunters hacker grou ...

Pierluigi Paganini January 10, 2024
Data Breach

HMG HEALTHCARE DISCLOSED A DATA BREACH

The Healthcare services provider HMG Healthcare has disclosed a data breach that
impacted 40 affiliated nursing facilities. In November 2023, the Healthcare
services provider HMG Healthcare discov ...

Pierluigi Paganini January 10, 2024
Hacking

THREAT ACTORS HACKED THE X ACCOUNT OF THE SECURITIES AND EXCHANGE COMMISSION
(SEC) AND ANNOUNCED FAKE BITCOIN ETF APPROVAL

Threat actors hacked the X account of the US Securities and Exchange Commission
(SEC) and used it to publish the fake news on the Bitcoin ETF approval. Hackers
hijacked the X account of the US Sec ...

Pierluigi Paganini January 10, 2024
Cyber Crime

DECRYPTOR FOR TORTILLA VARIANT OF BABUK RANSOMWARE RELEASED

Researchers and the Dutch Police released a decryptor for the Tortilla variant
of the Babuk ransomware after the arrest of its operator. Cisco Talos
researchers obtained a decryptor for the Babuk ...

Pierluigi Paganini January 10, 2024
Security

MICROSOFT PATCH TUESDAY FOR JANUARY 2024 FIXED 2 CRITICAL FLAWS

Microsoft Patch Tuesday security updates for January 2024 addressed a total of
49 flaws, including two critical vulnerabilities. Microsoft Patch Tuesday
security updates for January 2024 fixed 49 ...

Pierluigi Paganini January 09, 2024
Security

CISA ADDS APACHE SUPERSET BUG TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache
Superset vulnerability to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Secur ...

Pierluigi Paganini January 09, 2024
Cyber Crime

SYRIAN GROUP ANONYMOUS ARABIC DISTRIBUTES STEALTHY MALWARE SILVER RAT

A hacker group that calls itself Anonymous Arabic is distributing a stealthy
remote access trojan called Silver RAT. Cyfirma researchers observed threat
actors called ‘Anonymous Arabic’ distr ...

Pierluigi Paganini January 09, 2024
Cyber Crime

SWISS AIR FORCE SENSITIVE FILES STOLEN IN THE HACK OF ULTRA INTELLIGENCE &
COMMUNICATIONS

Documents belonging to the Swiss Air Force were leaked on the dark web as a
result of cyberattack on a US security provider. Documents belonging to the
Swiss Air Force were leaked on the dark web ...

Pierluigi Paganini January 08, 2024
Cyber Crime

DOJ CHARGED 19 INDIVIDUALS IN A TRANSNATIONAL CYBERCRIME INVESTIGATION XDEDIC
MARKETPLACE

19 individuals worldwide were charged in a transnational cybercrime
investigation of the now defunct xDedic marketplace. The U.S. DoJ charged 19
individuals worldwide for their role in the operati ...

Pierluigi Paganini January 08, 2024
Malware

LONG-EXISTING BANDOOK RAT TARGETS WINDOWS MACHINES

A new variant of the Bandook remote access trojan (RAT) was spotted in attacks
aimed at Windows machines. Reseachers from Fortinet observed a new variant of a
remote access trojan dubbed Bandook� ...

Pierluigi Paganini January 08, 2024
Hacking

A CYBER ATTACK HIT THE BEIRUT INTERNATIONAL AIRPORT

A cyber attack hit the Beirut International Airport, Rafic Hariri (Lebanon),
threat actors breached the Flight Information Display System (FIDS). Threat
actors hit the Beirut International Airport ...

Pierluigi Paganini January 07, 2024
Breaking News

IRANIAN CRYPTO EXCHANGE BIT24.CASH LEAKS USER PASSPORTS AND IDS

Bit24.cash has inadvertently exposed sensitive data belonging to nearly 230,000
users, as revealed by Cybernews research. Due to its limited access to foreign
financial markets, Iran has embraced ...

Pierluigi Paganini January 07, 2024
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 453 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini January 07, 2024
APT

TURKISH SEA TURTLE APT TARGETS DUTCH IT AND TELECOM FIRMS

Sea Turtle cyber espionage group targeted telco, media, ISPs, IT service
providers, and Kurdish websites in the Netherlands. Researchers from Dutch
security firm Hunt & Hackett observed Sea Tu ...

Pierluigi Paganini January 07, 2024
APT

EXPERTS SPOTTED A NEW MACOS BACKDOOR NAMED SPECTRALBLUR LINKED TO NORTH KOREA

Researchers discovered a macOS backdoor, called SpectralBlur, which shows
similarities with a North Korean APT's malware family. Security researcher Greg
Lesnewich discovered a backdoor, call ...

Pierluigi Paganini January 06, 2024
Laws and regulations

MERCK SETTLES WITH INSURERS REGARDING A $1.4 BILLION CLAIM OVER NOTPETYA DAMAGES

Merck has resolved a dispute with insurers regarding a $1.4 billion claim
arising from the NotPetya malware incident. Merck and its insurers have agreed
with a $1.4 billion claim arising from the ...

Pierluigi Paganini January 06, 2024
Cyber Crime

THE SOURCE CODE OF ZEPPELIN RANSOMWARE SOLD ON A HACKING FORUM

A threat actor announced the sale of the source code and a cracked version of
the Zeppelin ransomware builder for $500. Researchers from cybersecurity
firm KELA reported that a threat actor ann ...

Pierluigi Paganini January 05, 2024
Cyber warfare

RUSSIA-LINKED APT SANDWORM WAS INSIDE UKRAINE TELECOMS GIANT KYIVSTAR FOR MONTHS

Ukrainian authorities revealed that Russia-linked APT Sandworm had been inside
telecom giant Kyivstar at least since May 2023. Russia-linked APT group Sandworm
was inside Ukrainian telecoms giant ...

Pierluigi Paganini January 05, 2024
Security

IVANTI FIXED A CRITICAL EPM FLAW THAT CAN RESULT IN REMOTE CODE EXECUTION

Ivanti fixed a critical vulnerability in its Endpoint Manager (EPM) solution
that could lead to remote code execution (RCE) on vulnerable servers Ivanti has
released security updates to address a ...

Pierluigi Paganini January 05, 2024
Security

MYESTATEPOINT PROPERTY SEARCH ANDROID APP LEAKS USER PASSWORDS

The MyEstatePoint Property Search app leaked data on nearly half a million of
its users, exposing their names and plain-text passwords, the Cybernews research
team has found. The all-in-one real e ...

Pierluigi Paganini January 05, 2024
Hacking

HACKER HIJACKED ORANGE SPAIN RIPE ACCOUNT CAUSING INTERNET OUTAGE TO COMPANY
CUSTOMERS

An internet outage impacted Orange Spain after a hacker gained access to the
company's RIPE account to misconfigure BGP routing. The hacker, who uses the
moniker ‘Snow’, gained access to the R ...

Pierluigi Paganini January 04, 2024
Data Breach

HEALTHEC DATA BREACH IMPACTED MORE THAN 4.5 MILLION PEOPLE

Healthcare technology company HealthEC disclosed a data breach that exposed the
personal information of 4.5 million Individuals. Healthcare technology company
HealthEC (HEC) disclosed a data brea ...

Pierluigi Paganini January 04, 2024
Malware

EXPERTS FOUND 3 MALICIOUS PACKAGES HIDING CRYPTO MINERS IN PYPI REPOSITORY

Researchers discovered three malicious packages in the PyPI repository targeting
Linux systems with a cryptocurrency miner. Fortinet researchers discovered three
malicious packages in the open-sou ...

Pierluigi Paganini January 04, 2024
Hacking

CROOKS HACKED MANDIANT X ACCOUNT TO PUSH CRYPTOCURRENCY SCAM

The X account of cybersecurity giant Mandiant was hacked, attackers used it to
impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks
hacked the X account of cybersecurity fi ...

Pierluigi Paganini January 04, 2024
Cyber Crime

CYBERCRIMINALS IMPLEMENTED ARTIFICIAL INTELLIGENCE (AI) FOR INVOICE FRAUD

Crooks created a new tool that uses Artificial Intelligence (AI) for creating
fraudulent invoices used for wire fraud and BEC. Resecurity has uncovered a
cybercriminal faction known as "GXC Team", ...

Pierluigi Paganini January 03, 2024
Security

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome
and Perl library flaws to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Se ...

Pierluigi Paganini January 03, 2024
Reports

DON’T TRUST LINKS WITH KNOWN DOMAINS: BMW AFFECTED BY REDIRECT VULNERABILITY

Sometimes, you can’t even trust links with your own domain. As the Cybernews
research team has discovered, some BMW subdomains were vulnerable to redirect
vulnerability, enabling attackers to forge ...

Pierluigi Paganini January 03, 2024
Cyber Crime

HACKERS STOLE MORE THAN $81 MILLION WORTH OF CRYPTO ASSETS FROM ORBIT CHAIN

Crypto platform Orbit Chain suffered a cyberattack, threat actors have stolen
more than $81 million worth of cryptocurrency. Orbit Chain has suffered a
security breach that has resulted in the the ...

Pierluigi Paganini January 03, 2024
Intelligence

UKRAINE’S SBU SAID THAT RUSSIA'S INTELLIGENCE HACKED SURVEILLANCE CAMERAS TO
DIRECT A MISSILE STRIKE ON KYIV

Ukraine’s SBU revealed that Russia-linked threat actors hacked surveillance
cameras to spy on air defense forces and critical infrastructure in Kyiv.
Ukraine’s SBU announced they shut down two ...

Pierluigi Paganini January 03, 2024
Malware

EXPERTS WARN OF JINXLOADER LOADER USED TO SPREAD FORMBOOK AND XLOADER

JinxLoader is a new Go-based loader that was spotted delivering next-stage
malware such as Formbook and XLoader. Researchers from Palo Alto Networks and
Symantec warned of a new Go-based malware ...

Pierluigi Paganini January 02, 2024
Hacking

TERRAPIN ATTACK ALLOWS TO DOWNGRADE SSH PROTOCOL SECURITY

Researchers discovered an SSH vulnerability, called Terrapin, that could allow
an attacker to downgrade the connection's security. Security researchers from
Ruhr University Bochum (Fabian Bäumer, ...

Pierluigi Paganini January 02, 2024
Hacking

MULTIPLE ORGANIZATIONS IN IRAN WERE BREACHED BY A MYSTERIOUS HACKER

Hudson Researchers reported that a mysterious hacker launched a series of
attacks against industry-leading companies in Iran. Hudson Researchers reported
that on December 20th, a hacker using the ...

Pierluigi Paganini January 02, 2024
Breaking News

TOP 2023 SECURITY AFFAIRS CYBERSECURITY STORIES

These are the Top 2023 Security Affairs cybersecurity stories … enjoy it.
CYBERCRIMINALS LAUNCHED “LEAKSMAS” EVENT IN THE DARK WEB EXPOSING MASSIVE
VOLUMES OF LEAKED PII AND COMPROMISED DATA ...

Pierluigi Paganini January 01, 2024
Hacking

MALWARE EXPLOITS UNDOCUMENTED GOOGLE OAUTH ENDPOINT TO REGENERATE GOOGLE COOKIES

CloudSEK researchers analyzed a zero-day exploit that can allow the generation
of persistent Google cookies through token manipulation. In October 2023, a
developer known as PRISMA first uncovered ...

Pierluigi Paganini January 01, 2024
Cyber Crime

CACTUS RANSOMWARE GANG HIT THE SWEDISH RETAIL AND GROCERY PROVIDER COOP

The Cactus ransomware group claims to have hacked Coop, one of the largest
retail and grocery providers in Sweden. Coop is one of the largest retail and
grocery providers in Sweden, with approxima ...

Pierluigi Paganini January 01, 2024
Laws and regulations

GOOGLE AGREED TO SETTLE A $5 BILLION PRIVACY LAWSUIT

Google has agreed to settle a $5 billion privacy lawsuit, which alleged that the
company monitored individuals using the Chrome "incognito" mode. Google agreed
to settle a $5 billion privacy lawsu ...

Pierluigi Paganini December 31, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 452 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini December 31, 2023
Cyber Crime

INC RANSOM RANSOMWARE GANG CLAIMS TO HAVE BREACHED XEROX CORP

The INC RANSOM ransomware group claims to have hacked the American multinational
corporation Xerox Corp. Xerox Corp provides document management solutions
worldwide. The company's Document Technol ...

Pierluigi Paganini December 30, 2023
Security

SPOTIFY MUSIC CONVERTER TUNEFAB PUTS USERS AT RISK

TuneFab converter, used to convert copyrighted music from streaming platforms
such as Spotify, Amazon’s Audible, or Apple Music, has exposed its users'
private data. Cybernews research showed th ...

Pierluigi Paganini December 30, 2023
Security

CYBER ATTACKS HIT THE ASSEMBLY OF THE REPUBLIC OF ALBANIA AND TELECOM COMPANY
ONE ALBANIA

Cyber attacks hit the Assembly of the Republic of Albania and telecom company
One Albania, a government agency reported. Albania's National Authority for
Electronic Certification and Cyber Securit ...

Pierluigi Paganini December 29, 2023
APT

RUSSIA-LINKED APT28 USED NEW MALWARE IN A RECENT PHISHING CAMPAIGN

Ukraine's CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to
deploy previously undocumented malware strains. The Computer Emergency Response
Team of Ukraine (CERT-UA) warned of ...

Pierluigi Paganini December 29, 2023
Security

CLASH OF CLANS GAMERS AT RISK WHILE USING THIRD-PARTY APP

An exposed database and secrets on a third-party app puts Clash of Clans players
at risk of attacks from threat actors. The Cybernews research team has
discovered that the Clash Base Designer Easy ...

Pierluigi Paganini December 29, 2023
Malware

NEW VERSION OF MEDUZA STEALER RELEASED IN DARK WEB

The Resecurity's HUNTER unit spotted a new version of the Meduza stealer
(version (2.2)) that was released in the dark web. On Christmas Eve,
Resecurity's HUNTER unit spotted the author of perspec ...

Pierluigi Paganini December 29, 2023
Intelligence

OPERATION TRIANGULATION ATTACKS RELIED ON AN UNDOCUMENTED HARDWARE FEATURE

Experts discovered that Operation Triangulation targeting Apple iOS devices
leveraged an undocumented hardware feature. Researchers from the Russian
cybersecurity firm Kaspersky discovered that t ...

Pierluigi Paganini December 28, 2023
Deep Web

CYBERCRIMINALS LAUNCHED “LEAKSMAS” EVENT IN THE DARK WEB EXPOSING MASSIVE
VOLUMES OF LEAKED PII AND COMPROMISED DATA

Leaksmas: On Christmas Eve, multiple threat actors released substantial data
leaks, Resecurity experts reported. On Christmas Eve, Resecurity protecting
Fortune 100 and government agencies globall ...

Pierluigi Paganini December 28, 2023
Cyber Crime

LOCKBIT RANSOMWARE ATTACK INTERRUPTED MEDICAL EMERGENCIES GANG AT A GERMAN
HOSPITAL NETWORK

A Lockbit ransomware attack against the German hospital network Katholische
Hospitalvereinigung Ostwestfalen (KHO) caused service disruptions at three
hospitals. German hospital network Katholisch ...

Pierluigi Paganini December 28, 2023
Security

EXPERTS WARN OF CRITICAL ZERO-DAY IN APACHE OFBIZ

Experts warn of a zero-day flaw that affects Apache OfBiz, an open-source
Enterprise Resource Planning (ERP) system. Experts warn of an authentication
bypass zero-day flaw that affects Apache OfBi ...

Pierluigi Paganini December 28, 2023
Malware

XAMALICIOUS ANDROID MALWARE DISTRIBUTED THROUGH THE PLAY STORE

Researchers discovered a new Android malware dubbed Xamalicious that can take
full control of the device and perform fraudulent actions. McAfee Mobile
Research Team discovered a new Android backdo ...

Pierluigi Paganini December 27, 2023
Breaking News

BARRACUDA FIXED A NEW ESG ZERO-DAY EXPLOITED BY CHINESE GROUP UNC4841

Security firm Barracuda addressed a new zero-day, affecting its Email Security
Gateway (ESG) appliances, that is actively exploited by the China-linked UNC4841
group. On December 21, network and e ...

Pierluigi Paganini December 27, 2023
Security

ELECTIONS 2024, ARTIFICIAL INTELLIGENCE COULD UPSET WORLD BALANCES

Governments should recognize electoral processes as critical infrastructure and
enact laws to regulate the use of generative Artificial Intelligence. Elections
are scheduled in several countries w ...

Pierluigi Paganini December 27, 2023
Hacking

EXPERTS ANALYZED ATTACKS AGAINST POORLY MANAGED LINUX SSH SERVERS

Researchers warn of attacks against poorly managed Linux SSH servers that mainly
aim at installing DDoS bot and CoinMiner. Researchers at AhnLab Security
Emergency Response Center (ASEC) are warni ...

Pierluigi Paganini December 27, 2023
Data Breach

A CYBERATTACK HIT AUSTRALIAN HEALTHCARE PROVIDER ST VINCENT’S HEALTH AUSTRALIA

St Vincent’s Health Australia, the largest Australian healthcare provider,
suffered a data breach after a cyber attack. St Vincent’s Health Australia is
the largest non-profit healthcare prov ...

Pierluigi Paganini December 27, 2023
Cyber Crime

RHYSIDA RANSOMWARE GROUP HACKED ABDALI HOSPITAL IN JORDAN

The Rhysida ransomware group claimed to have hacked Abdali Hospital, a
multi-specialty hospital located in Jordan. Abdali Hospital is a
multi-specialty hospital located in the modern developm ...

Pierluigi Paganini December 26, 2023
Malware

CARBANAK MALWARE RETURNED IN RANSOMWARE ATTACKS

Researchers at NCC Group reported that in November they observed the return of
the infamous banking malware Carbanak in ransomware attacks. The cybersecurity
firm NCC Group reported that in Novemb ...

Pierluigi Paganini December 26, 2023
Reports

RESECURITY RELEASED A 2024 CYBER THREAT LANDSCAPE FORECAST

Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape
Forecast. Resecurity, a Los Angeles-based cybersecurity company protecting
Fortune 100 and government agencies worldw ...

Pierluigi Paganini December 26, 2023
Hacking

APT GROUP UAC-0099 TARGETS UKRAINE EXPLOITING A WINRAR FLAW

The threat actor UAC-0099 is exploiting a flaw in the WinRAR to deliver LONEPAGE
malware in attacks against Ukraine. A threat actor, tracked as UAC-0099,
continues to target Ukraine. In some att ...

Pierluigi Paganini December 25, 2023
APT

IRAN-LINKED APT33 TARGETS DEFENSE INDUSTRIAL BASE SECTOR WITH FALSEFONT BACKDOOR

Microsoft reports that the Iran-linked APT33 group is targeting defense
contractors worldwide with FalseFont backdoor. Microsoft says the APT33 (aka
Peach Sandstorm, Holmium, Elfin, and Magic ...

Pierluigi Paganini December 25, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 451 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email
box.Enjoy a new round of the weekly SecurityAf ...

Pierluigi Paganini December 25, 2023
Security

EUROPOL AND ENISA SPOTTED 443 E-STORES COMPROMISED WITH DIGITAL SKIMMING

A joint law enforcement operation led by Europol and the ENISA, along with
private security firms, identified 443 online shops compromised with digital
skimming. Europol and ENISA collaborated in ...

Pierluigi Paganini December 24, 2023
Data Breach

VIDEO GAME GIANT UBISOFT INVESTIGATES REPORTS OF A DATA BREACH

Video game publisher Ubisoft is investigating reports of an alleged data breach
after popular researchers shared evidence of the hack. Ubisoft, the popular
video game publisher, is examining repor ...

Pierluigi Paganini December 24, 2023
Cyber Crime

LOCKBIT RANSOMWARE GANG CLAIMS TO HAVE BREACHED ACCOUNTANCY FIRM XEINADIN

The LockBit ransomware claims to have hacked accountancy firm Xeinadin threatens
to leak the alleged stolen data. The LockBit ransomware claims responsibility
for hacking the Xeinadin accountancy ...

Pierluigi Paganini December 23, 2023
Data Breach

MOBILE VIRTUAL NETWORK OPERATOR MINT MOBILE DISCLOSES A DATA BREACH

Mobile virtual network operator Mint Mobile suffered a new data breach, threat
actors had access to customers' personal information. Mint Mobile experienced a
recent data breach, exposing customer ...

Pierluigi Paganini December 23, 2023
Cyber Crime

AKIRA RANSOMWARE GANG CLAIMS THE THEFT OF SENSITIVE DATA FROM NISSAN AUSTRALIA

The Akira ransomware group announced it had breached the network of Nissan
Australia, the Australian branch of the car maker giant. The Akira ransomware
gang claimed to have breached Nissan Austra ...

Pierluigi Paganini December 22, 2023
Cyber Crime

MEMBER OF LAPSUS$ GANG SENTENCED TO AN INDEFINITE HOSPITAL ORDER

A member of the Lapsus$ cyber extortion group, Arion Kurtaj, has been sentenced
to an indefinite hospital order. The UK Southwark Crown Court has sentenced
Arion Kurtaj, a prominent member of the ...

Pierluigi Paganini December 22, 2023
Security

REAL ESTATE AGENCY EXPOSES DETAILS OF 690K CUSTOMERS

An exposed instance contained information for a customer relationship management
(CRM) system that likely belongs to Goyzer, a real estate property management
software maker, the Cybernews research t ...

Pierluigi Paganini December 22, 2023
Security

ESET FIXED A HIGH-SEVERITY BUG IN THE SECURE TRAFFIC SCANNING FEATURE OF SEVERAL
PRODUCTS

ESET fixes a high-severity flaw in Secure Traffic Scanning Feature that could
have been exploited to cause web browsers to trust sites that should not be
trusted. ESET has addressed a vulnerabilit ...

Pierluigi Paganini December 21, 2023
Cyber Crime

PHISHING ATTACKS USE AN OLD MICROSOFT OFFICE FLAW TO SPREAD AGENT TESLA MALWARE

Threat actors are exploiting an old Microsoft Office vulnerability, tracked as
CVE-2017-11882, to spread the Agent Tesla malware. Threat actors are exploiting
an old Microsoft Office vulnerability ...

Pierluigi Paganini December 21, 2023
Breaking News

DATA LEAK EXPOSES USERS OF CAR-SHARING SERVICE BLINK MOBILITY

More than 22,000 users of Blink Mobility should take the necessary steps to
protect themselves against the risk of identity theft. The Cybernews research
team has discovered that their personal data ...

Pierluigi Paganini December 21, 2023
Security

GOOGLE ADDRESSED A NEW ACTIVELY EXPLOITED CHROME ZERO-DAY

Google has released emergency updates to address a new actively exploited
zero-day vulnerability in the Chrome browser. Google has released emergency
updates to address a new zero-day vulnerabili ...

Pierluigi Paganini December 20, 2023
Cyber Crime

GERMAN POLICE SEIZED THE DARK WEB MARKETPLACE KINGDOM MARKET

The German police seized the dark web marketplace Kingdom Market as a result of
an international law enforcement operation. The Federal Criminal Police Office
in Germany (BKA) and the internet-cri ...

Pierluigi Paganini December 20, 2023
Cyber Crime

LAW ENFORCEMENT OPERATION HAECHI IV LED TO THE SEIZURE OF $300 MILLION

An international law enforcement operation, named HAECHI IV, led to the arrest
of approximately 3,500 suspects and the seizure of roughly $300 million worth of
assets. Interpol this week announced ...

Pierluigi Paganini December 20, 2023
Malware

SOPHISTICATED JASKAGO INFO STEALER TARGETS MACOS AND WINDOWS

JaskaGO is a new Go-based information stealer malware that targets both Windows
and Apple macOS systems, experts warn. Researchers from AT&T Alien Labs
uncovered a previously undetected Go-ba ...

Pierluigi Paganini December 20, 2023
Data Breach

BMW DEALER AT RISK OF TAKEOVER BY CYBERCRIMINALS

By neglecting to set a password, a BMW dealer in India has jeopardized the
entire network of car dealerships in the country and put its clients at risk.
The Cybernews research team has discovered ...

Pierluigi Paganini December 20, 2023
Data Breach

COMCAST’S XFINITY CUSTOMER DATA EXPOSED AFTER CITRIXBLEED ATTACK

Comcast’s Xfinity discloses a data breach after a cyber attack hit the company
by exploiting the CitrixBleed vulnerability. Comcast's Xfinity is notifying its
customers about the compromise of t ...

Pierluigi Paganini December 19, 2023
Breaking News

FBI CLAIMS TO HAVE DISMANTLED ALPHV/BLACKCAT RANSOMWARE OPERATION, BUT THE GROUP
DENIES IT

The Federal Bureau of Investigation (FBI) announced the seizure of the Tor leak
site of the AlphV/Blackcat ransomware group. The FBI seized the Tor leak site of
the AlphV/Blackcat ransomware ...

Pierluigi Paganini December 19, 2023
Cyber Crime

SMISHING TRIAD: CYBERCRIMINALS IMPERSONATE UAE FEDERAL AUTHORITY FOR IDENTITY
AND CITIZENSHIP ON THE PEAK OF HOLIDAYS SEASON

Smishing Triad: Researchers warn crooks impersonating UAE Federal Authority for
Identity and citizenship ahead of the Holiday Season Resecurity, Inc. (USA) has
identified a new fraudulent campaign ...

Pierluigi Paganini December 19, 2023
Cyber Crime

THE RANSOMWARE ATTACK ON WESTPOLE IS DISRUPTING DIGITAL SERVICES FOR ITALIAN
PUBLIC ADMINISTRATION

An alleged Lockbit 3.0 ransomware attack on the Italian cloud service provider
Westpole disrupted multiple services of local and government organizations and
municipalities. A cyber attack hit on ...

Pierluigi Paganini December 19, 2023
Malware

INFO STEALERS AND HOW TO PROTECT AGAINST THEM

Info stealers, the type of malware with its purpose in the name, can cripple
businesses and everyday users alike. So, how do you protect against them? Info
stealers, also known as information stea ...

Pierluigi Paganini December 18, 2023
Hacktivism

PRO-ISRAEL PREDATORY SPARROW HACKER GROUP DISRUPTED SERVICES AT AROUND 70% OF
IRAN’S FUEL STATIONS

A group of Pro-Israel hacktivists, called Predatory Sparrow, is suspected of
having carried out a cyber attack against petrol stations across Iran. A
Pro-Israel hacktivist group, called Predatory ...

Pierluigi Paganini December 18, 2023
Cyber Crime

QAKBOT IS BACK AND TARGETS THE HOSPITALITY INDUSTRY

Experts warn of a new phishing campaign distributing the QakBot malware, months
after law enforcement dismantled its infrastructure. In August, the
FBI announced that the Qakbot bot ...

Pierluigi Paganini December 18, 2023
Hacking

A SUPPLY CHAIN ATTACK ON CRYPTO HARDWARE WALLET LEDGER LED TO THE THEFT OF $600K

A supply chain attack against Crypto hardware wallet maker Ledger resulted in
the theft of $600,000 in virtual assets. Threat actors pushed a malicious
version of the "@ledgerhq/connect-kit" npm ...

Pierluigi Paganini December 18, 2023
Hacking

MONGODB INVESTIGATES A CYBERATTACK, CUSTOMER DATA EXPOSED

MongoDB on Saturday announced it is investigating a cyberattack that exposed
customer account metadata and contact information. MongoDB on Saturday disclosed
it is investigating a cyber attack aga ...

Pierluigi Paganini December 17, 2023
Hacking

INFECTEDSLURS BOTNET TARGETS QNAP VIOSTOR NVR VULNERABILITY

The Mirai-based botnet InfectedSlurs was spotted targeting QNAP VioStor NVR
(Network Video Recorder) devices. In November, Akamai warned of a new
Mirai-based DDoS botnet, named InfectedSlurs, acti ...

Pierluigi Paganini December 17, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 450 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini December 17, 2023
Data Breach

HUNTERS INTERNATIONAL RANSOMWARE GANG CLAIMS TO HAVE HACKED THE FRED HUTCH
CANCER CENTER

The Hunters International ransomware gang claims to have hacked the Fred
Hutchinson Cancer Center (Fred Hutch). Another healthcare organization suffered
a ransomware attack, the Hunters Internatio ...

Pierluigi Paganini December 16, 2023
Malware

NEW NKABUSE MALWARE ABUSES NKN DECENTRALIZED P2P NETWORK PROTOCOL

Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse,
which is the first malware abusing NKN technology. Researchers from Kaspersky’s
Global Emergency Response Team (GERT) ...

Pierluigi Paganini December 16, 2023
Cyber Crime

SNATCH RANSOMWARE GANG CLAIMS THE HACK OF THE FOOD GIANT KRAFT HEINZ

The Snatch ransomware group announced it had hacked the food giant Kraft Heinz,
the company is investigating the claims. Kraft Heinz is an American food
company, it is one of the largest food and ...

Pierluigi Paganini December 15, 2023
Security

MULTIPLE FLAWS IN PFSENSE FIREWALL CAN LEAD TO ARBITRARY CODE EXECUTION

Security flaws in Netgate pfSense firewall solution can potentially lead to
arbitrary code execution on vulnerable devices. pfSense is a popular open-source
firewall solution maintained by Netgat ...

Pierluigi Paganini December 15, 2023
Cyber Crime

BIANLIAN, WHITE RABBIT, AND MARIO RANSOMWARE GANGS SPOTTED IN A JOINT CAMPAIGN

Resecurity has uncovered a meaningful link between three major ransomware
groups, BianLian, White Rabbit, and Mario Ransomware. Based on a recent Digital
Forensics & Incident Response (DFIR) e ...

Pierluigi Paganini December 15, 2023
Security

DATA OF OVER A MILLION USERS OF THE CRYPTO EXCHANGE GOKUMARKET EXPOSED

GokuMarket, a centralized crypto exchange owned by ByteX, left an open instance,
revealing the details of virtually all of its users, the Cybernews research team
has discovered. The leak comes aft ...

Pierluigi Paganini December 15, 2023
Data Breach

IDAHO NATIONAL LABORATORY DATA BREACH IMPACTED 45,047 INDIVIDUALS

The Idaho National Laboratory (INL) announced that it has suffered a data breach
impacting more than 45,000 individuals. In November, the hacktivist group
SiegedSec claimed responsibility for the ...

Pierluigi Paganini December 15, 2023
Security

UBIQUITI USERS CLAIM TO HAVE ACCESS TO OTHER PEOPLE’S DEVICES

Users of Ubiquiti WiFi products started reporting that they are accessing other
people’s devices when logging into their accounts. Some users of Ubiquiti wifi
products started reporting unexpec ...

Pierluigi Paganini December 14, 2023
APT

RUSSIA-LINKED APT29 SPOTTED TARGETING JETBRAINS TEAMCITY SERVERS

Russia-linked cyber espionage group APT29 has been targeting JetBrains TeamCity
servers since September 2023. Experts warn that the Russia-linked APT29 group
has been observed targeting JetBrains ...

Pierluigi Paganini December 14, 2023
Security

MICROSOFT SEIZED THE US INFRASTRUCTURE OF THE STORM-1152 CYBERCRIME GROUP

Microsoft's Digital Crimes Unit seized multiple domains used by cybercrime group
Storm-1152 to sell fraudulent Outlook accounts. Microsoft's Digital Crimes Unit
seized multiple domains used by a c ...

Pierluigi Paganini December 14, 2023
Cyber Crime

FRENCH AUTHORITIES ARRESTED A RUSSIAN NATIONAL FOR HIS ROLE IN THE HIVE
RANSOMWARE OPERATION

French police arrested a Russian national who is suspected of laundering money
resulting from the criminal activity of the Hive ransomware gang. The French
authorities arrested in Paris a Russian ...

Pierluigi Paganini December 14, 2023
APT

CHINA-LINKED APT VOLT TYPHOON LINKED TO KV-BOTNET

Researchers linked a sophisticated botnet, tracked as KV-Botnet, to the
operation of the China-linked threat actor Volt Typhoon. The Black Lotus Labs
team at Lumen Technologies linked a small offi ...

Pierluigi Paganini December 14, 2023
Security

UK HOME OFFICE IS IGNORING THE RISK OF 'CATASTROPHIC RANSOMWARE ATTACKS,' REPORT
WARNS

A Joint Committee on the National Security Strategy (JCNSS) warns of the high
risk of a catastrophic ransomware attack on the UK government. The British
government is accused of failing to mitigat ...

Pierluigi Paganini December 13, 2023
Hacking

OAUTH APPS USED IN CRYPTOCURRENCY MINING, PHISHING CAMPAIGNS, AND BEC ATTACKS

Microsoft warns that threat actors are using OAuth applications cryptocurrency
mining campaigns and phishing attacks. Threat actors are using OAuth
applications such as an automation tool in crypt ...

Pierluigi Paganini December 13, 2023
Security

SOPHOS BACKPORTS FIX FOR CVE-2022-3236 FOR EOL FIREWALL FIRMWARE VERSIONS DUE TO
ONGOING ATTACKS

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall
firmware versions due to ongoing attacks exploiting the issue. Sophos backports
the fix for the critical code injection ...

Pierluigi Paganini December 13, 2023
Security

DECEMBER 2023 MICROSOFT PATCH TUESDAY FIXED 4 CRITICAL FLAWS

Microsoft Patch Tuesday security updates for December 2023 addressed 33
vulnerabilities in multiple products, including a zero-day. Microsoft Patch
Tuesday security updates for December 2023 addre ...

Pierluigi Paganini December 13, 2023
Cyber warfare

UKRAINIAN MILITARY INTELLIGENCE SERVICE HACKED THE RUSSIAN FEDERAL TAXATION
SERVICE

The Ukrainian government's military intelligence service announced the hack of
the Russian Federal Taxation Service (FNS). Hackers of the Main Intelligence
Directorate of the Ministry of Defense o ...

Pierluigi Paganini December 12, 2023
Hacking

KYIVSTAR, UKRAINE'S LARGEST MOBILE CARRIER BROUGHT DOWN BY A CYBER ATTACK

Kyivstar, the largest Ukraine service provider, was hit by a cyber attack that
paralyzed its services. The attack is linked to the ongoing conflict. Kyivstar,
the largest Ukraine service provider ...

Pierluigi Paganini December 12, 2023
Security

DUBAI’S LARGEST TAXI APP EXPOSES 220K+ USERS

The Dubai Taxi Company (DTC) app, which provides taxi, limousine, and other
transport services, left a database open to the public, exposing sensitive
customer and driver data. Dubai Taxi Company, ...

Pierluigi Paganini December 12, 2023
APT

OPERATION BLACKSMITH: LAZARUS EXPLOITS LOG4J FLAWS TO DEPLOY DLANG MALWARE

North Korea-linked APT group Lazarus was spotted exploiting Log4j
vulnerabilities to deploy previously undocumented remote access trojans. The
North Korea-linked APT group Lazarus is behind a ne ...

Pierluigi Paganini December 12, 2023
Security

APPLE RELEASED IOS 17.2 TO ADDRESS A DOZEN OF SECURITY FLAWS

Apple rolled out emergency security updates to backport patches for two actively
exploited zero-day flaws to older devices. The company released iOS 17.2 and
iPadOS 17.2 which address a dozen of ...

Pierluigi Paganini December 12, 2023
Data Breach

TOYOTA FINANCIAL SERVICES DISCLOSES A DATA BREACH

Toyota Financial Services (TFS) disclosed a data breach, threat actors had
access to sensitive personal and financial data. Toyota Financial Services (TFS)
is warning customers it has suffered a d ...

Pierluigi Paganini December 11, 2023
Hacking

APACHE FIXED CRITICAL RCE FLAW CVE-2023-50164 IN STRUTS 2

The Apache Software Foundation addressed a critical remote code execution
vulnerability in the Apache Struts 2 open-source framework. The Apache Software
Foundation released security updates to ad ...

Pierluigi Paganini December 11, 2023
Security

CISA ADDS QLIK SENSE FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Qlik Sense
vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security ...

Pierluigi Paganini December 11, 2023
Security

CISA AND ENISA SIGNED A WORKING ARRANGEMENT TO ENHANCE COOPERATION

ENISA has signed a Working Arrangement with the US CISA to enhance
capacity-building, best practices exchange and awareness. The European Union
Agency for Cybersecurity (ENISA) has signed a Workin ...

Pierluigi Paganini December 11, 2023
Hacking

RESEARCHER DISCOVERED A NEW LOCK SCREEN BYPASS BUG FOR ANDROID 14 AND 13

Researchers discovered a lock screen bypass bug in Android 14 and 13 that could
expose sensitive data in users' Google accounts. The security researcher Jose
Rodriguez (@VBarraquito) discovered a ...

Pierluigi Paganini December 10, 2023
Security

WORDPRESS 6.4.2 FIXED A REMOTE CODE EXECUTION (RCE) FLAW

WordPress 6.4.2 addressed a security vulnerability that could be chained with
another flaw to achieve remote code execution. WordPress released a security
update to address a flaw that can be chai ...

Pierluigi Paganini December 10, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 449 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini December 10, 2023
Hacktivism

HACKTIVISTS HACKED AN IRISH WATER UTILITY AND INTERRUPTED THE WATER SUPPLY

Threat actors launched a cyberattack on an Irish water utility causing the
interruption of the power supply for two days. Threat actors hacked a small
water utility in Ireland and interrupted the ...

Pierluigi Paganini December 09, 2023
Hacking

5GHOUL FLAWS IMPACT HUNDREDS OF 5G DEVICES WITH QUALCOMM, MEDIATEK CHIPS

A set of flaws, collectively called 5Ghoul, in the firmware implementation of 5G
mobile network modems from major vendors impacts Android and iOS devices. A team
of researchers from the Singapore ...

Pierluigi Paganini December 09, 2023
Data Breach

NORTON HEALTHCARE DISCLOSED A DATA BREACH AFTER A RANSOMWARE ATTACK

Kentucky health system Norton Healthcare disclosed a data breach after it was a
victim of a ransomware attack in May. Norton Healthcare disclosed a data breach
after a ransomware attack that hit t ...

Pierluigi Paganini December 09, 2023
Hacking

BYPASSING MAJOR EDRS USING POOL PARTY PROCESS INJECTION TECHNIQUES

Researchers devised a novel attack vector for process injection, dubbed Pool
Party, that evades EDR solutions. Researchers from cybersecurity firm SafeBreach
devised a set of process injection tec ...

Pierluigi Paganini December 08, 2023
Cyber Crime

FOUNDER OF BITZLATO EXCHANGE HAS PLEADED FOR UNLICENSED MONEY TRANSMITTING

Anatoly Legkodymov, the founder of the Bitzlato cryptocurrency exchange has
pleaded in a money-laundering scheme. Anatoly Legkodymov (41) (aka Anatolii
Legkodymov, Gandalf, and Tolik), the Russian ...

Pierluigi Paganini December 08, 2023
Mobile

ANDROID BARCODE SCANNER APP EXPOSES USER PASSWORDS

An Android app with over 100k Google Play downloads and a 4.5-star average
rating has let an open instance go unchecked, leaving sensitive user data up for
grabs. The Cybernews team discovered the ...

Pierluigi Paganini December 08, 2023
APT

UK AND US EXPOSE RUSSIA CALLISTO GROUP'S ACTIVITY AND SANCTION MEMBERS

The UK NCSC and Microsoft warned that Russia-linked threat actor Callisto Group
is targeting organizations worldwide. The UK National Cyber Security Centre
(NCSC) and Microsoft reported that the R ...

Pierluigi Paganini December 07, 2023
Security

A CYBER ATTACK HIT NISSAN OCEANIA

Japanese carmaker Nissan announced it has suffered a cyberattack impacting the
internal systems at Nissan Oceania. Nissan Oceania, the regional division of the
multinational carmaker, announced it ...

Pierluigi Paganini December 07, 2023
Malware

NEW KRASUE LINUX RAT TARGETS TELECOM COMPANIES IN THAILAND

A previously undetected Linux RAT dubbed Krasue has been observed targeting
telecom companies in Thailand. Group-IB researchers discovered a previously
undetected Linux remote access trojan called ...

Pierluigi Paganini December 07, 2023
Security

ATLASSIAN ADDRESSED FOUR NEW RCE FLAWS IN ITS PRODUCTS

Australian Software giant Atlassian addressed four critical Remote Code
Execution (RCE) vulnerabilities in its products. Atlassian released security
patches to address four critical remote c ...

Pierluigi Paganini December 06, 2023
Security

CISA ADDS QUALCOMM FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds four Qualcomm
vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S.
Cybersecurity and Infrastructure Security ...

Pierluigi Paganini December 06, 2023
Security

EXPERTS DEMONSTRATE A POST-EXPLOITATION TAMPERING TECHNIQUE TO DISPLAY FAKE
LOCKDOWN MODE

Researchers devised a new post-exploitation tampering technique to trick users
into believing that their iPhone is in Lockdown Mode. Researchers from Jamf
Threat Labs devised a new post-exploit ta ...

Pierluigi Paganini December 06, 2023
Hacking

GST INVOICE BILLING INVENTORY EXPOSES SENSITIVE DATA TO THREAT ACTORS

GST Invoice Billing Inventory, a business accounting app for small and medium
businesses with over 1M downloads has left a database open, exposing sensitive
personal and corporate data up for grabs. ...

Pierluigi Paganini December 06, 2023
Security

THREAT ACTORS BREACHED US GOVT SYSTEMS BY EXPLOITING ADOBE COLDFUSION FLAW

The U.S. CISA warns that threat actors are actively exploiting a critical
vulnerability in Adobe ColdFusion to breach government agencies. The U.S.
Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini December 06, 2023
Security

ENISA PUBLISHED THE ENISA THREAT LANDSCAPE FOR DOS ATTACKS REPORT

ENISA published the ENISA Threat Landscape for DoS Attacks report to bring new
insights to the DoS threat landscape. Denial-of-Service (DoS) attacks pose a
persistent and significant security risk ...

Pierluigi Paganini December 05, 2023
APT

RUSSIA-LINKED APT28 GROUP SPOTTED EXPLOITING OUTLOOK FLAW TO HIJACK MS EXCHANGE
ACCOUNTS

Microsoft warns that the Russia-linked APT28 group is actively exploiting the
CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. Microsoft's
Threat Intelligence is warning of Russi ...

Pierluigi Paganini December 05, 2023
Mobile

GOOGLE FIXED CRITICAL ZERO-CLICK RCE IN ANDROID

Google fixed a critical zero-click RCE vulnerability (CVE-2023-40088) with the
release of the December 2023 Android security updates. Google December 2023
Android security updates addressed 85 vul ...

Pierluigi Paganini December 05, 2023
Malware

NEW P2PINFECT BOT TARGETS ROUTERS AND IOT DEVICES

Cybersecurity researchers discovered a new variant of the P2PInfect botnet that
targets routers and IoT devices. Researchers at Cado Security Labs discovered a
new variant of the P2Pinfect botne ...

Pierluigi Paganini December 04, 2023
Cyber Crime

MALVERTISING ATTACKS RELY ON DANABOT TROJAN TO SPREAD CACTUS RANSOMWARE

Microsoft warns of ongoing malvertising attacks using the DanaBot malware to
deploy the CACTUS ransomware. Microsoft uncovered ongoing malvertising attacks
using the DanaBot Trojan (Storm-1044) to ...

Pierluigi Paganini December 04, 2023
Cyber Crime

LOCKBIT ON A ROLL - ICBC RANSOMWARE ATTACK STRIKES AT THE HEART OF THE GLOBAL
FINANCIAL ORDER

The LockBit ransomware attack on the Industrial & Commercial Bank of China
demonstrates the weakness of global financial system to cyberattacks. The
ransomware breach that crippled U.S. Treasu ...

Pierluigi Paganini December 04, 2023
Security

ZYXEL FIXED TENS OF FLAWS IN FIREWALLS, ACCESS POINTS, AND NAS DEVICES

Zyxel addressed tens of vulnerabilities that expose users to cyber attacks,
including command injection and authentication bypass. Taiwanese vendor Zyxel
addressed tens of vulnerabilities in its f ...

Pierluigi Paganini December 04, 2023
Malware

NEW AGENT RACCOON MALWARE TARGETS THE MIDDLE EAST, AFRICA AND THE US

Threat actors are using the Agent Raccoon malware in attacks against
organizations in the Middle East, Africa and the U.S. Unit42 researchers
uncovered a new backdoor named Agent Raccoon, which is ...

Pierluigi Paganini December 03, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 448 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini December 03, 2023
Hacking

RESEARCHERS DEVISED AN ATTACK TECHNIQUE TO EXTRACT CHATGPT TRAINING DATA

Researchers devised an attack technique that could have been used to trick
ChatGPT into disclosing training data. A team of researchers from several
universities and Google have demonstrated an at ...

Pierluigi Paganini December 02, 2023
Security

FORTUNE-TELLING WEBSITE WEMYSTIC EXPOSES 13M+ USER RECORDS

WeMystic, a website on astrology, numerology, tarot, and spiritual orientation,
left an open database exposing 34GB of sensitive data about the platforms'
users. Telling the future is a tricky bus ...

Pierluigi Paganini December 02, 2023
Security

EXPERT WARNS OF TURTLE MACOS RANSOMWARE

The popular cybersecurity researcher Patrick Wardle dissected the new macOS
ransomware Turtle used to target Apple devices. The popular cyber security
researcher Patrick Wardle published a detaile ...

Pierluigi Paganini December 01, 2023
Cyber Crime

BLACK BASTA RANSOMWARE GANG ACCUMULATED AT LEAST $107 MILLION IN BITCOIN RANSOM
PAYMENTS SINCE EARLY 2022

The Black Basta ransomware gang infected over 300 victims accumulating ransom
payments exceeding $100 million since early 2022. The Black Basta ransomware
group has been active since April 2022, l ...

Pierluigi Paganini December 01, 2023
Security

CISA ADDS OWNCLOUD AND GOOGLE CHROME BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

US CISA added ownCloud and Google Chrome vulnerabilities to its Known Exploited
Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security
Agency (CISA) added ownCloud and Googl ...

Pierluigi Paganini December 01, 2023
Security

APPLE ADDRESSED 2 NEW IOS ZERO-DAY VULNERABILITIES

Apple released emergency security updates to fix two actively exploited zero-day
flaws impacting iPhone, iPad, and Mac devices. Apple released emergency security
updates to address two zero-day vu ...

Pierluigi Paganini November 30, 2023
Hacking

CRITICAL ZOOM ROOM BUG ALLOWED TO GAIN ACCESS TO ZOOM TENANTS

A critical vulnerability in Zoom Room allowed threat actors to take over
meetings and steal sensitive data. Researchers at AppOms discovered a
vulnerability in Zoom Room as part of the HackerOne ...

Pierluigi Paganini November 30, 2023
Cyber Crime

RHYSIDA RANSOMWARE GROUP HACKED KING EDWARD VII’S HOSPITAL IN LONDON

The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital
in London. King Edward VII's Hospital is a private hospital located on Beaumont
Street in the Marylebone district o ...

Pierluigi Paganini November 30, 2023
Security

GOOGLE ADDRESSED THE SIXTH CHROME ZERO-DAY VULNERABILITY IN 2023

Google released security updates to address a new actively exploited zero-day
vulnerability, tracked as CVE-2023-6345, in the Chrome browser. Google on
Wednesday released security updates to addre ...

Pierluigi Paganini November 29, 2023
Hacking

OKTA REVEALS ADDITIONAL ATTACKERS' ACTIVITIES IN OCTOBER 2023 BREACH

Cloud identity and access management solutions provider Okta revealed additional
threat actor activity linked to the October 2023 breach. Okta provided
additional details about the October 20 ...

Pierluigi Paganini November 29, 2023
Security

THOUSANDS OF SECRETS LURK IN APP IMAGES ON DOCKER HUB

Thousands of secrets have been left exposed on Docker Hub, a platform where web
developers collaborate on their code for web applications. While some are
harmless API keys, others could lead to unaut ...

Pierluigi Paganini November 29, 2023
Hacking

THREAT ACTORS STARTED EXPLOITING CRITICAL OWNCLOUD FLAW CVE-2023-49103

Threat actors started exploiting a critical ownCloud vulnerability
(CVE-2023-49103) that can lead to sensitive information disclosure. ownCloud is
an open-source software platform designed for fil ...

Pierluigi Paganini November 28, 2023
Cyber Crime

INTERNATIONAL POLICE OPERATION DISMANTLED A PROMINENT UKRAINE-BASED RANSOMWARE
GROUP

An international law enforcement operation dismantled the core of a ransomware
group operating from Ukraine. A joint law enforcement operation led by Europol
and Eurojust, with the support of the ...

Pierluigi Paganini November 28, 2023
Cyber Crime

DAIXIN TEAM GROUP CLAIMED THE HACK OF NORTH TEXAS MUNICIPAL WATER DISTRICT

The Daixin Team group claims to have hacked the North Texas Municipal Water
District (US) and threatened to leak the stolen data. The North Texas Municipal
Water District (NTMWD) is a regional wa ...

Pierluigi Paganini November 28, 2023
Cyber Crime

HEALTHCARE PROVIDER ARDENT HEALTH SERVICES DISCLOSED A RANSOMWARE ATTACK

The US Healthcare provider Ardent Health Services disclosed that it was the
victim of a ransomware attack last week. Ardent Health Services is a healthcare
company that operates hospitals and othe ...

Pierluigi Paganini November 28, 2023
Cyber warfare

UKRAINE'S INTELLIGENCE SERVICE HACKED RUSSIA'S FEDERAL AIR TRANSPORT AGENCY,
ROSAVIATSIA

Ukraine's intelligence service announced the hack of the Russian Federal Air
Transport Agency, 'Rosaviatsia.' Ukraine's intelligence service announced they
have hacked Russia's Federal Air Transpo ...

Pierluigi Paganini November 27, 2023
Hacktivism

IRANIAN HACKER GROUP CYBER AV3NGERS HACKED THE MUNICIPAL WATER AUTHORITY OF
ALIQUIPPA IN PENNSYLVANIA

Threat actors breached the Municipal Water Authority of Aliquippa in
Pennsylvania and took control of a booster station. During the weekend, Iranian
threat actors hacked the Municipal Water Author ...

Pierluigi Paganini November 27, 2023
Hacking

THE HACK OF MSP PROVIDER CTS POTENTIALLY IMPACTED HUNDREDS OF UK LAW FIRMS

The cyber attack that hit the managed service provider (MSP) CTS potentially
impacted hundreds in the United Kingdom. CTS is a trusted provider of IT
services to the legal sector in the UK. The co ...

Pierluigi Paganini November 27, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 447 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini November 26, 2023
Cyber Crime

RHYSIDA RANSOMWARE GANG CLAIMED CHINA ENERGY HACK

The Rhysida ransomware group claimed to have hacked the Chinese state-owned
energy conglomerate China Energy Engineering Corporation. The Rhysida ransomware
gang added the China Energy Engineering ...

Pierluigi Paganini November 25, 2023
APT

NORTH KOREA-LINKED APT LAZARUS IS USING A MAGICLINE4NX ZERO-DAY FLAW IN SUPPLY
CHAIN ATTACK

UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a
MagicLine4NX zero-day flaw in supply-chain attack The National Cyber Security
Centre (NCSC) and Korea's National Int ...

Pierluigi Paganini November 25, 2023
Malware

HAMAS-LINKED APT USES RUST-BASED SYSJOKER BACKDOOR AGAINST ISRAEL

Researchers reported that a Hamas-linked APT group is using a Rust-based
SysJoker backdoor against Israeli entities. Check Point researchers observed a
Hamas-linked APT group is using the SysJoker ...

Pierluigi Paganini November 25, 2023
Security

APP USED BY HUNDREDS OF SCHOOLS LEAKING CHILDREN'S DATA

Almost a million files with minors' data, including home addresses and photos
were left open to anyone on the internet, posing a threat to children. During a
recent investigation, the Cybernews re ...

Pierluigi Paganini November 24, 2023
Security

MICROSOFT LAUNCHED ITS NEW MICROSOFT DEFENDER BOUNTY PROGRAM

Microsoft announced this week it will pay up to $20,000 for security
vulnerabilities in its Defender products. Microsoft launched its new Microsoft
Defender Bounty Program with a focus on Defender ...

Pierluigi Paganini November 24, 2023
Hacking

EXPOSED KUBERNETES CONFIGURATION SECRETS CAN FUEL SUPPLY CHAIN ATTACKS

Researchers warn of publicly exposed Kubernetes configuration secrets that could
pose a threat of supply chain attack for organizations. Aqua Nautilus
researchers warn of publicly exposed Kubernet ...

Pierluigi Paganini November 24, 2023
APT

NORTH KOREA-LINKED KONNI APT USES RUSSIAN-LANGUAGE WEAPONIZED DOCUMENTS

North Korea-linked Konni APT group used Russian-language Microsoft Word
documents to deliver malware. FortiGuard Labs researchers observed the North
Korea-linked Konni APT group using a weaponized ...

Pierluigi Paganini November 24, 2023
Malware

CLEARFAKE CAMPAIGN SPREADS MACOS AMOS INFORMATION STEALER

Threat actors spread Atomic Stealer (AMOS) macOS information stealer via a bogus
web browser update as part of the ClearFake campaign. Atomic Stealer (AMOS)
macOS information stealer is now being ...

Pierluigi Paganini November 23, 2023
Data Breach

WELLTOK DATA BREACH IMPACTED 8.5 MILLION PATIENTS IN THE U.S.

Healthcare services provider Welltok disclosed a data breach that impacted
nearly 8.5 million patients in the U.S. Welltok is a company that specializes in
health optimization solutions. It provi ...

Pierluigi Paganini November 23, 2023
APT

NORTH KOREA-LINKED APT DIAMOND SLEET SUPPLY CHAIN ATTACK RELIES ON CYBERLINK
SOFTWARE

North Korea-linked APT group Diamond Sleet is distributing a trojanized version
of the CyberLink software in a supply chain attack. Microsoft Threat
Intelligence researchers uncovered a supply cha ...

Pierluigi Paganini November 23, 2023
Data Breach

AUTOMOTIVE PARTS GIANT AUTOZONE DISCLOSED DATA BREACH AFTER MOVEIT HACK

American retailer and distributor of automotive parts and accessories AutoZone
discloses a data breach after a MOVEit attack. AutoZone is an American retailer
and distributor of automotive parts a ...

Pierluigi Paganini November 23, 2023
Malware

NEW INFECTEDSLURS MIRAI-BASED BOTNET EXPLOITS TWO ZERO-DAYS

Mirai-based botnet InfectedSlurs has been spotted exploiting two zero-day RCE
flaws to compromise routers and video recorder (NVR) devices. Akamai warned of a
new Mirai-based DDoS botnet, named In ...

Pierluigi Paganini November 22, 2023
Hacktivism

SIEGEDSEC HACKTIVIST GROUP HACKED IDAHO NATIONAL LABORATORY (INL)

The Idaho National Laboratory (INL) disclosed a data breach after the SiegedSec
hacktivist group leaked stolen human resources data. SiegedSec hacktivists group
claimed responsibility for the hack ...

Pierluigi Paganini November 22, 2023
Security

CISA ADDS LOONEY TUNABLES LINUX BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

US CISA adds Looney Tunables Linux flaw to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Infrastructure Security Agency
(CISA) added Looney Tunables Linux ...

Pierluigi Paganini November 22, 2023
Hacking

CITRIX PROVIDES ADDITIONAL MEASURES TO ADDRESS CITRIX BLEED

Citrix urges admins to kill NetScaler user sessions after patching their
appliances against the CVE-2023-4966 Citrix Bleed vulnerability. Citrix is
providing additional measures to admins who are ...

Pierluigi Paganini November 22, 2023
Digital ID

TOR PROJECT REMOVED SEVERAL RELAYS ASSOCIATED WITH A SUSPICIOUS CRYPTOCURRENCY
SCHEME

The Tor Project removed several relays that were used as part of a
cryptocurrency scheme and represented a threat to the users.  The Tor Project
announced the removal of multiple network relays t ...

Pierluigi Paganini November 21, 2023
Malware

EXPERTS WARN OF A SURGE IN NETSUPPORT RAT ATTACKS AGAINST EDUCATION AND
GOVERNMENT SECTORS

Experts warn of a surge in NetSupport RAT attacks against education, government,
and business services sectors. The Carbon Black Managed Detection & Response
team is warning of a surge in the ...

Pierluigi Paganini November 21, 2023
Security

THE TOP 5 REASONS TO USE AN API MANAGEMENT PLATFORM

Organizations need to govern and control the API ecosystem, this governance is
the role of API management. Uber uses APIs (Application Programming Interfaces)
to connect with third-party services ...

Pierluigi Paganini November 21, 2023
Data Breach

CANADIAN GOVERNMENT IMPACTED BY DATA BREACHES OF TWO OF ITS CONTRACTORS

The Canadian government discloses a data breach after threat actors hacked two
of its contractors.  The Canadian government declared that two of its
contractors,Brookfield Global Relocation S ...

Pierluigi Paganini November 20, 2023
Data Breach

RHYSIDA RANSOMWARE GANG IS AUCTIONING DATA STOLEN FROM THE BRITISH LIBRARY

The Rhysida ransomware group claimed responsibility for the recent cyberattack
on the British Library that has caused a major IT outage. The Rhysida ransomware
gang added the British Library to th ...

Pierluigi Paganini November 20, 2023
APT

RUSSIA-LINKED APT29 GROUP EXPLOITED WINRAR 0DAY IN ATTACKS AGAINST EMBASSIES

Russia-linked cyberespionage group APT29 has been observed leveraging the
CVE-2023-38831 vulnerability in WinRAR in recent attacks. The Ukrainian National
Security and Defense Council (NDSC) repor ...

Pierluigi Paganini November 20, 2023
APT

DARKCASINO JOINS THE LIST OF APT GROUPS EXPLOITING WINRAR ZERO-DAY

The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day
vulnerability tracked as CVE-2023-38831. Researchers at cybersecurity firm
NSFOCUS analyzed DarkCasino attack pattern exploi ...

Pierluigi Paganini November 20, 2023
Cyber Crime

US TEENAGER PLEADS GUILTY TO HIS ROLE IN CREDENTIAL STUFFING ATTACK ON A BETTING
SITE

US teenager Joseph Garrison pleads guilty to carrying out a credential stuffing
attack on a betting website. US teenager Joseph Garrison (19) has pleaded guilty
to his involvement in a credential ...

Pierluigi Paganini November 20, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 446 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini November 19, 2023
Malware

8BASE RANSOMWARE OPERATORS USE A NEW VARIANT OF THE PHOBOS RANSOMWARE

8Base ransomware operators were observed using a variant of the Phobos
ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base
ransomware operators using a variant of the ...

Pierluigi Paganini November 19, 2023
APT

RUSSIAN APT GAMAREDON USES USB WORM LITTERDRIFTER AGAINST UKRAINE

Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm
called LitterDrifter via USB. Check Point researchers observed Russia-linked
Gamaredon spreading the worm called  ...

Pierluigi Paganini November 18, 2023
Breaking News

THE BOARD OF DIRECTORS OF OPENAI FIRED SAM ALTMAN

OpenAI fired its CEO Sam Altman, and the Chief technology officer Mira Murati
appointed interim CEO to lead the company. Sam Altman has been removed as CEO of
OpenAI. The company announced that Mi ...

Pierluigi Paganini November 17, 2023
Data Breach

MEDUSA RANSOMWARE GANG CLAIMS THE HACK OF TOYOTA FINANCIAL SERVICES

Toyota Financial Services discloses unauthorized activity on systems after the
Medusa ransomware gang claimed to have hacked the company. Toyota Financial
Services confirmed the discovery of unaut ...

Pierluigi Paganini November 17, 2023
Security

CISA ADDS SOPHOS WEB APPLIANCE BUG TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

US CISA added three new vulnerabilities (tracked as CVE-2023-36584,
CVE-2023-1671, and CVE-2023-2551) to its Known Exploited Vulnerabilities
catalog. The U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini November 17, 2023
APT

ZIMBRA ZERO-DAY EXPLOITED TO STEAL GOVERNMENT EMAILS BY FOUR GROUPS

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite
zero-day (CVE-2023-37580) to steal emails from governments. Google Threat
Analysis Group (TAG) researchers revealed t ...

Pierluigi Paganini November 16, 2023
Data Breach

VIETNAM POST EXPOSES 1.2TB OF DATA, INCLUDING EMAIL ADDRESSES

Vietnam Post Corporation, a Vietnamese government-owned postal service, exposed
security logs and employee email addresses to external cyber threats Vietnam
Post Corporation, a Vietnamese governme ...

Pierluigi Paganini November 16, 2023
Data Breach

SAMSUNG SUFFERED A NEW DATA BREACH

Samsung Electronics disclosed a data breach that exposed customer personal
information to an unauthorized individual. Samsung Electronics suffered a data
breach that exposed the personal informati ...

Pierluigi Paganini November 16, 2023
Malware

FBI AND CISA WARN OF ATTACKS BY RHYSIDA RANSOMWARE GANG

The FBI and CISA warn of attacks carried out by the Rhysida ransomware group
against organizations across multiple industry sectors. FBI and CISA published a
joint Cybersecurity Advisory (CSA) to ...

Pierluigi Paganini November 16, 2023
Security

CRITICAL FLAW FIXED IN SAP BUSINESS ONE PRODUCT

Enterprise software giant SAP addressed a critical improper access control
vulnerability in its Business One product. SAP November 2023 Security Patch Day
includes three new and three updated secu ...

Pierluigi Paganini November 15, 2023
Cyber Crime

LAW ENFORCEMENT AGENCIES DISMANTLED THE ILLEGAL BOTNET PROXY SERVICE IPSTORM

The Federal Bureau of Investigation (FBI) dismantled the infrastructure behind
the illegal botnet proxy service IPStorm. The IPStorm botnet was first uncovered
in May 2019 while targeting Windows ...

Pierluigi Paganini November 15, 2023
Security

GAMBLERS’ DATA COMPROMISED AFTER CASINO GIANT STRENDUS FAILS TO SET PASSWORD

Mexican online casino Strendus has exposed sensitive user data, including home
addresses and the amounts of money they spent on gambling. Strendus, one of the
biggest online casinos in Mexico has ...

Pierluigi Paganini November 15, 2023
Security

VMWARE DISCLOSED A CRITICAL AND UNPATCHED AUTHENTICATION BYPASS FLAW IN VMWARE
CLOUD DIRECTOR APPLIANCE

VMware disclosed a critical bypass vulnerability in VMware Cloud Director
Appliance that can be exploited to bypass login restrictions when authenticating
on certain ports. VMware disclosed an aut ...

Pierluigi Paganini November 15, 2023
APT

DANISH CRITICAL INFRASTRUCTURE HIT BY THE LARGEST CYBER ATTACK IN DENMARK'S
HISTORY

Danish critical infrastructure was hit by the largest cyber attack on record
that hit the country, according to Denmark's SektorCERT. In May, Danish critical
infrastructure faced the biggest cyber ...

Pierluigi Paganini November 14, 2023
Cyber Crime

MAJOR AUSTRALIAN PORTS BLOCKED AFTER A CYBER ATTACK ON DP WORLD

A cyber attack on the logistics giant DP World caused significant disruptions in
the operations of several major Australian ports. A cyberattack hit the
international logistics firm DP World Aust ...

Pierluigi Paganini November 14, 2023
Malware

NUCLEAR AND OIL & GAS ARE MAJOR TARGETS OF RANSOMWARE GROUPS IN 2024

Experts warn of an alarming rise in ransomware operations targeting the energy
sector, including nuclear facilities and related research entities. Resecurity,
Inc. (USA) protecting major Fortune 1 ...

Pierluigi Paganini November 14, 2023
Security

CISA ADDS FIVE VULNERABILITIES IN JUNIPER DEVICES TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

US CISA added four vulnerabilities (tracked as CVE-2023-36844, CVE-2023-36845,
CVE-2023-36846, and CVE-2023-36847) in Juniper devices to its Known Exploited
Vulnerabilities catalog. The U.S. Cybe ...

Pierluigi Paganini November 13, 2023
Cyber Crime

LOCKBIT RANSOMWARE GANG LEAKED DATA STOLEN FROM BOEING

The LockBit ransomware group published data allegedly stolen from the aerospace
giant Boeing in a recent attack. The Boeing Company, commonly known as Boeing,
is one of the world’s largest aeros ...

Pierluigi Paganini November 13, 2023
APT

NORTH KOREA-LINKED APT SAPPHIRE SLEET TARGETS IT JOB SEEKERS WITH BOGUS SKILLS
ASSESSMENT PORTALS

North Korea-linked APT group Sapphire Sleet set up bogus skills assessment
portals in attacks aimed at IT job seekers. The North Korea-linked APT group
Sapphire Sleet (aka APT38, BlueNoroff, Cagey ...

Pierluigi Paganini November 13, 2023
Data Breach

THE LORENZ RANSOMWARE GROUP HIT TEXAS-BASED COGDELL MEMORIAL HOSPITAL

The Lorenz extortion group leaked the data stolen from the Texas-based Cogdell
Memorial Hospital. In early November, the Cogdell Memorial Hospital (Scurry
County Hospital District) announced it w ...

Pierluigi Paganini November 12, 2023
Data Breach

THE STATE OF MAINE DISCLOSED A DATA BREACH THAT IMPACTED 1.3M PEOPLE

The State of Maine disclosed a data breach that impacted about 1.3 million
people after an attack hit its MOVEit file transfer install. The State of Maine
was the victim of the large-scale hack ...

Pierluigi Paganini November 12, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 445 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini November 12, 2023
Cyber Crime

POLICE SEIZED BULLETPROFTLINK PHISHING-AS-A-SERVICE (PHAAS) PLATFORM

The Royal Malaysian Police announced the seizure of the
notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal
Malaysian Police announced to have dismantled the notorious Bu ...

Pierluigi Paganini November 11, 2023
Cyber Crime

SERBIAN PLEADS GUILTY TO RUNNING ‘MONOPOLY’ DARK WEB DRUG MARKET

The Serbian citizen Milomir Desnica (33) has pleaded guilty to running the dark
web Monopoly drug marketplace. Milomir Desnica, a 33-year-old Serbian citizen,
admited to being responsible for oper ...

Pierluigi Paganini November 11, 2023
Data Breach

MCLAREN HEALTH CARE REVEALED THAT A DATA BREACH IMPACTED 2.2 MILLION PEOPLE

McLaren Health Care (McLaren) experienced a data breach that compromised the
sensitive personal information of approximately 2.2 million individuals. McLaren
Health Care (McLaren) disclosed a data ...

Pierluigi Paganini November 10, 2023
Hacktivism

AFTER CHATGPT, ANONYMOUS SUDAN TOOK DOWN THE CLOUDFLARE WEBSITE

After ChatGPT, Anonymous Sudan took down the Cloudflare website with a
distributed denial-of-service (DDoS) attack. The hacktivist group Anonymous
Sudan claimed responsibility for the massive di ...

Pierluigi Paganini November 10, 2023
Hacking

INDUSTRIAL AND COMMERCIAL BANK OF CHINA (ICBC) SUFFERED A RANSOMWARE ATTACK

The Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack
that disrupted trades in the US Treasury market. The Industrial and Commercial
Bank of China (ICBC) announced it has ...

Pierluigi Paganini November 10, 2023
Hacking

SYSAID ZERO-DAY EXPLOITED BY CLOP RANSOMWARE GROUP

Microsoft spotted the exploitation of a SysAid zero-day vulnerability in limited
attacks carried out by the Lace Tempest group. Microsoft reported the
exploitation of a zero-day vulnerability, tra ...

Pierluigi Paganini November 10, 2023
Cyber Crime

DOLLY.COM PAYS RANSOM, ATTACKERS RELEASE DATA ANYWAY

On-demand moving and delivery platform Dolly.com allegedly paid a ransom but
crooks found an excuse not to hold their end of the bargain. Cybercriminals are
hardly a trustworthy bunch. Case in poi ...

Pierluigi Paganini November 10, 2023
Hacktivism

DDOS ATTACK LEADS TO SIGNIFICANT DISRUPTION IN CHATGPT SERVICES

OpenAI confirmed that the outage suffered by ChatGPT and its API on Wednesday
was caused by a distributed denial-of-service (DDoS) attack. OpenAI confirmed
earlier today that the outage suffered ...

Pierluigi Paganini November 09, 2023
APT

RUSSIAN SANDWORM DISRUPTS POWER IN UKRAINE WITH A NEW OT ATTACK

Mandiant reported that Russia-linked Sandworm APT used a novel OT attack to
cause power outages during mass missile strikes on Ukraine. Mandiant researchers
reported that Russia-linked APT group S ...

Pierluigi Paganini November 09, 2023
Security

VEEAM FIXED MULTIPLE FLAWS IN VEEAM ONE, INCLUDING CRITICAL ISSUES

Veeam addressed multiple vulnerabilities in its Veeam ONE IT infrastructure
monitoring and analytics platform, including two critical issues. Veeam
addressed four vulnerabilities (CVE-2023-38547, ...

Pierluigi Paganini November 07, 2023
Security

PRO-PALESTINIAN HACKERS GROUP 'SOLDIERS OF SOLOMON' DISRUPTED THE PRODUCTION
CYCLE OF THE BIGGEST FLOUR PRODUCTION PLANT IN ISRAEL

Pro-Palestinian hackers group 'Soldiers of Solomon' claims to have hacked one of
the largest Israeli flour plants causing severe damage to the operations. The
Pro-Palestinian hackers group 'Soldie ...

Pierluigi Paganini November 07, 2023
APT

IRANIAN AGONIZING SERPENS APT IS TARGETING ISRAELI ENTITIES WITH DESTRUCTIVE
CYBER ATTACKS

Iran-linked Agonizing Serpens group has been targeting Israeli organizations
with destructive cyber attacks since January. Iran-linked Agonizing Serpens
group (aka Agrius, BlackShadow,&n ...

Pierluigi Paganini November 07, 2023
Security

CRITICAL CONFLUENCE FLAW EXPLOITED IN RANSOMWARE ATTACKS

Experts warn threat actors that started exploiting a recent critical flaw
CVE-2023-22518 in Confluence Data Center and Confluence Server. Over the weekend
threat actors started exploiting a recent ...

Pierluigi Paganini November 06, 2023
Security

QNAP FIXED TWO CRITICAL VULNERABILITIES IN QTS OS AND APPS

Taiwanese vendor QNAP warns of two critical command injection flaws in the QTS
operating system and applications on its NAS devices. Taiwanese vendor QNAP
Systems addressed two critical command in ...

Pierluigi Paganini November 06, 2023
Hacking

ATTACKERS USE GOOGLE CALENDAR RAT TO ABUSE CALENDAR SERVICE AS C2 INFRASTRUCTURE

Google warns of multiple threat actors that are leveraging its Calendar service
as a command-and-control (C2) infrastructure. Google warns of multiple threat
actors sharing a public proof-of-con ...

Pierluigi Paganini November 06, 2023
Cyber Crime

SOCKS5SYSTEMZ PROXY SERVICE DELIVERED VIA PRIVATELOADER AND AMADEY

Threat actors infected more than 10,000 devices worldwide with the
'PrivateLoader' and 'Amadey' loaders to recruit them into the proxy botnet
'Socks5Systemz.' Bitsight researchers uncovered a pro ...

Pierluigi Paganini November 06, 2023
Breaking News

US GOVT SANCTIONED A RUSSIAN WOMAN FOR LAUNDERING VIRTUAL CURRENCY ON BEHALF OF
THREAT ACTORS

The Treasury Department sanctioned a Russian woman accused of laundering virtual
currency on behalf of cybercriminals. The Department of the Treasury’s Office of
Foreign Assets Control (OFAC) on ...

Pierluigi Paganini November 05, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 444 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini November 05, 2023
APT

LAZARUS TARGETS BLOCKCHAIN ENGINEERS WITH NEW KANDYKORN MACOS MALWARE

North Korea-linked Lazarus group is using new KandyKorn macOS Malware in attacks
against blockchain engineers. North Korea-linked Lazarus APT group were spotted
using new KandyKorn macOS malware i ...

Pierluigi Paganini November 05, 2023
Hacking

KINSING THREAT ACTORS PROBED THE LOONEY TUNABLES FLAWS IN RECENT ATTACKS

Kinsing threat actors are exploiting the recently disclosed Linux privilege
escalation flaw Looney Tunables to target cloud environments. Researchers are
cloud security firm Aqua have observed th ...

Pierluigi Paganini November 04, 2023
Hacking

ZDI DISCLOSES FOUR ZERO-DAY FLAWS IN MICROSOFT EXCHANGE

Researchers disclosed four zero-day flaws in Microsoft Exchange that can be
remotely exploited to execute arbitrary code or disclose sensitive information
on vulnerable installs. Trend Micro's Zer ...

Pierluigi Paganini November 03, 2023
Data Breach

OKTA CUSTOMER SUPPORT SYSTEM BREACH IMPACTED 134 CUSTOMERS

Threat actors who breached the Okta customer support system also gained access
to files belonging to 134 customers. Threat actors who breached the Okta
customer support system in October gained ac ...

Pierluigi Paganini November 03, 2023
Mobile

MULTIPLE WHATSAPP MODS SPOTTED CONTAINING THE CANESSPY SPYWARE

Kaspersky researchers are warning of multiple WhatsApp mods that embed a spyware
module dubbed CanesSpy. Kaspersky researchers discovered multiple WhatsApp mods
that embed a spyware module du ...

Pierluigi Paganini November 03, 2023
Cyber warfare

RUSSIAN FSB ARRESTED RUSSIAN HACKERS WHO SUPPORTED UKRAINIAN CYBER OPERATIONS

The FSB arrested two Russian hackers who are accused of having helped Ukrainian
entities carry out cyberattacks on critical infrastructure targets. The Russian
intelligence agency Federal Security ...

Pierluigi Paganini November 03, 2023
APT

MUDDYWATER HAS BEEN SPOTTED TARGETING TWO ISRAELI ENTITIES

Iran-linked cyberespionage group MuddyWater is targeting Israeli entities in a
new spear-phishing campaign. Iran-linked APT group
MuddyWater (aka SeedWorm, TEMP.Zagros, and&nbs ...

Pierluigi Paganini November 03, 2023
Data Breach

CLOP GROUP OBTAINED ACCESS TO THE EMAIL ADDRESSES OF ABOUT 632,000 US FEDERAL
EMPLOYEES

Clop ransomware gang gained access to the email addresses of more than 632K US
federal employees at the departments of Defense and Justice. Russian-speaking
Clop ransomware group gained access to ...

Pierluigi Paganini November 02, 2023
Data Breach

OKTA DISCLOSES A NEW DATA BREACH AFTER A THIRD-PARTY VENDOR WAS HACKED

Okta warns approximately 5,000 employees that their personal information was
compromised due to a third-party vendor data breach. Cloud identity and access
management solutions provider Okta warns ...

Pierluigi Paganini November 02, 2023
Hacking

SUSPECTED EXPLOITATION OF APACHE ACTIVEMQ FLAW CVE-2023-46604 TO INSTALL
HELLOKITTY RANSOMWARE

Rapid7 researchers warn of the suspected exploitation of a recently disclosed
critical security flaw (CVE-2023-46604) in the Apache ActiveMQ. Cybersecurity
researchers at Rapid7 are warning of the ...

Pierluigi Paganini November 02, 2023
Cyber Crime

BOEING CONFIRMED ITS SERVICES DIVISION SUFFERED A CYBERATTACK

Boeing confirmed it is facing a cyber incident that hit its global services
division, the company pointed out that flight safety isn’t affected. The Boeing
Company, commonly known as Boeing, is ...

Pierluigi Paganini November 02, 2023
Data Breach

RESECURITY: INSECURITY OF 3RD-PARTIES LEADS TO AADHAAR DATA LEAKS IN INDIA

Data leaks containing Aadhaar IDs in India were caused by the insecurity of 3rd
parties while aggregating such information for KYC. According to Resecurity, a
global cybersecurity provider protect ...

Pierluigi Paganini November 02, 2023
Cyber Crime

WHO IS BEHIND THE MOZI BOTNET KILL SWITCH?

Researchers speculate that the recent shutdown of the Mozi botnet was the
response of its authors to the pressure from Chinese law enforcement. ESET
researchers speculate that the recent shutdown ...

Pierluigi Paganini November 02, 2023
Hacking

CISA ADDS TWO F5 BIG-IP FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

US CISA added two vulnerabilities, tracked as CVE-2023-46747 and
CVE-2023-46748, in BIG-IP to its Known Exploited Vulnerabilities catalog. The
U.S. Cybersecurity and Infrastructure Security Agenc ...

Pierluigi Paganini November 01, 2023
Security

THREAT ACTORS ACTIVELY EXPLOIT F5 BIG-IP FLAWS CVE-2023-46747 AND CVE-2023-46748

Experts warn that threat actors started exploiting the critical flaw
CVE-2023-46747 in F5 BIG-IP installs less than five days after PoC exploit
disclosure. F5 this week warned customers about a cr ...

Pierluigi Paganini November 01, 2023
Malware

PRO-HAMAS HACKTIVIST GROUP TARGETS ISRAEL WITH BIBI-LINUX WIPER

A pro-Hamas hacker group is targeting Israeli entities using a new Linux-based
wiper malware dubbed BiBi-Linux Wiper. During a forensics investigation,
Security Joes Incident Response team di ...

Pierluigi Paganini November 01, 2023
Hacking

BRITISH LIBRARY SUFFERS MAJOR OUTAGE DUE TO CYBERATTACK

Last weekend, the British Library suffered a cyberattack that caused a major IT
outage, impacting many of its services. The British Library is facing a major
outage that impacts the website and ma ...

Pierluigi Paganini November 01, 2023
Security

CRITICAL ATLASSIAN CONFLUENCE FLAW CAN LEAD TO SIGNIFICANT DATA LOSS

Atlassian warned of a critical security vulnerability, tracked as
CVE-2023-22518, in the Confluence Data Center and Server. Atlassian is warning
of a critical security flaw, tracked as CVE-2023-2 ...

Pierluigi Paganini October 31, 2023
Deep Web

WIHD LEAK EXPOSES DETAILS OF ALL TORRENT USERS

World-in-HD (WiHD), a French private video torrent community, left an open
instance exposing the emails and passwords of all of its users and
administrators. WiHD, a popular torrent tracker specia ...

Pierluigi Paganini October 31, 2023
Hacking

EXPERTS RELEASED POC EXPLOIT CODE FOR CISCO IOS XE FLAW CVE-2023-20198

Researchers publicly released the exploit code for the critical Cisco IOS XE
vulnerability tracked as CVE-2023-20198. Researchers from Researchers at
Horizon3.ai publicly released the exploit code ...

Pierluigi Paganini October 31, 2023
Intelligence

CANADA BANS WECHAT AND KASPERSKY APPS ON GOVERNMENT-ISSUED MOBILE DEVICES

Canada banned the Chinese messaging app WeChat and Kaspersky antivirus on
government mobile devices due to privacy and security risks. The Government of
Canada announced a ban on the use of the We ...

Pierluigi Paganini October 31, 2023
Cyber Crime

FLORIDA MAN SENTENCED TO PRISON FOR SIM SWAPPING CONSPIRACY THAT LED TO THEFT OF
$1M IN CRYPTOCURRENCY

A man from Orlando was sentenced to prison for SIM Swapping conspiracy that led
to the theft of approximately $1M in cryptocurrency. Jordan Dave Persad (20),
from Orlando, Florida, was sentenced t ...

Pierluigi Paganini October 30, 2023
Hacking

WIKI-SLACK ATTACK ALLOWS REDIRECTING BUSINESS PROFESSIONALS TO MALICIOUS
WEBSITES

eSentire researchers devised a new attack technique, named Wiki-Slack attack,
that can be used to redirect business professionals to malicious websites.
eSentire Threat Response Unit (TRU) secur ...

Pierluigi Paganini October 30, 2023
Security

HACKERONE AWARDED OVER $300 MILLION BUG HUNTERS

HackerOne announced that it has awarded over $300 million bug hunters as part of
its bug bounty programs since the launch of its platform. HackerOne announced
that it has surpassed $300 million in ...

Pierluigi Paganini October 30, 2023
Malware

STRIPEDFLY, A COMPLEX MALWARE THAT INFECTED ONE MILLION DEVICES WITHOUT BEING
NOTICED

A sophisticated malware tracked as StripedFly remained undetected for five years
and infected approximately one million devices. Researchers from Kaspersky
discovered a sophisticated malware, dubb ...

Pierluigi Paganini October 30, 2023
Hacktivism

IT ARMY OF UKRAINE DISRUPTED INTERNET PROVIDERS IN TERRITORIES OCCUPIED BY
RUSSIA

IT Army of Ukraine hacktivists have temporarily disrupted internet services in
some of the territories that have been occupied by Russia. Ukrainian hacktivists
belonging to the IT Army of Ukraine� ...

Pierluigi Paganini October 29, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 443 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini October 29, 2023
Hacking

BUG HUNTERS EARNED $1,038,250 FOR 58 UNIQUE 0-DAYS AT PWN2OWN TORONTO 2023

The Pwn2Own Toronto 2023 hacking competition is over, bug hunters earned
$1,038,500 for 58 zero-day exploits. The Pwn2Own Toronto 2023 hacking
competition is over, the organizers awarded $1,038,25 ...

Pierluigi Paganini October 28, 2023
Cyber Crime

LOCKBIT RANSOMWARE GANG CLAIMS TO HAVE STOLEN DATA FROM BOEING

The Lockbit ransomware gang claims to have hacked the aerospace manufacturer and
defense contractor Boeing and threatened to leak the stolen data. The Boeing
Company, commonly known as Boeing, is ...

Pierluigi Paganini October 27, 2023
APT

FRANCE AGENCY ANSSI WARNS OF RUSSIA-LINKED APT28 ATTACKS ON FRENCH ENTITIES

France National Agency for the Security of Information Systems warns that the
Russia-linked APT28 group has breached several critical networks. The French
National Agency for the Security of Infor ...

Pierluigi Paganini October 27, 2023
Security

HOW TO COLLECT MARKET INTELLIGENCE WITH RESIDENTIAL PROXIES?

How residential proxies using real IPs from diverse locations enable businesses
to gather comprehensive and accurate data from the web Since the adoption of the
first digital tools and connection ...

Pierluigi Paganini October 27, 2023
Hacking

F5 URGES TO ADDRESS A CRITICAL FLAW IN BIG-IP

F5 warns customers of a critical vulnerability impacting BIG-IP that could lead
to unauthenticated remote code execution. F5 is warning customers about a
critical security vulnerability, tracked a ...

Pierluigi Paganini October 27, 2023
Data Breach

HELLO ALFRED APP EXPOSES USER DATA

Hello Alfred, an in-home hospitality app, left a database accessible without
password protection, exposing almost 170,000 records containing private user
data. Hello Alfred is a one-stop applicat ...

Pierluigi Paganini October 27, 2023
Hacking

ILEAKAGE ATTACK EXPLOITS SAFARI TO STEAL DATA FROM APPLE DEVICES

Boffins devised a new iLeakage side-channel speculative execution attack
exploits Safari to steal sensitive data from Macs, iPhones, and iPads. A team of
researchers from the University of Michiga ...

Pierluigi Paganini October 26, 2023
Hacking

CLOUDFLARE MITIGATED 89 HYPER-VOLUMETRIC HTTP DISTRIBUTED DDOS ATTACKS EXCEEDING
100 MILLION RPS

Cloudflare mitigated thousands of hyper-volumetric HTTP distributed
denial-of-service (DDoS) attacks exploiting the flaw HTTP/2 Rapid Reset.
Cloudflare DDoS threat report of 2023 states that the c ...

Pierluigi Paganini October 26, 2023
Data Breach

SEIKO CONFIRMED A DATA BREACH AFTER BLACKCAT ATTACK

Japanese watchmaker Seiko revealed that the attack that suffered earlier this
year was carried out by the Black Cat ransomware gang. On August 10, 2023, the
Japanese maker of watches Seiko disclos ...

Pierluigi Paganini October 26, 2023
APT

WINTER VIVERN APT EXPLOITED ZERO-DAY IN ROUNDCUBE WEBMAIL SOFTWARE IN RECENT
ATTACKS

Russia-linked threat actor Winter Vivern has been observed exploiting a zero-day
flaw in Roundcube webmail software. Russian APT group Winter Vivern (aka TA473)
has been observed exploiting a ze ...

Pierluigi Paganini October 26, 2023
Hacking

PWN2OWN TORONTO 2023 DAY 1 - ORGANIZERS AWARDED $438,750 IN PRIZES

The Pwn2Own Toronto 2023 hacking contest has begun and during the first day,
participants received $438,750 in prizes! During the Day 1 of the Pwn2Own
Toronto 2023 hacking contest, the organizatio ...

Pierluigi Paganini October 25, 2023
Security

VMWARE ADDRESSED CRITICAL VCENTER FLAW ALSO FOR END-OF-LIFE PRODUCTS

VMware addressed a critical out-of-bounds write vulnerability, tracked
as CVE-2023-34048, that impacts vCenter Server. vCenter Server is a critical
component in VMware virtualization and cloud c ...

Pierluigi Paganini October 25, 2023
Security

CITRIX WARNS ADMINS TO PATCH NETSCALER CVE-2023-4966 BUG IMMEDIATELY

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in
NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure
all NetScaler ADC and Gateway applia ...

Pierluigi Paganini October 25, 2023
Data Breach

NEW ENGLAND BIOLABS LEAK SENSITIVE DATA

On September 18th, the Cybernews research team discovered two publicly hosted
environment files (.env) attributed to New England Biolabs. Leaving environment
files open to the public is one of the ...

Pierluigi Paganini October 25, 2023
Intelligence

FORMER NSA EMPLOYEE PLEADS GUILTY TO ATTEMPTED SELLING CLASSIFIED DOCUMENTS TO
RUSSIA

A former NSA employee has pleaded guilty to charges of attempting to transmit
classified defense information to Russia. Jareh Sebastian Dalke (31), a former
NSA employee has admitted to attempting ...

Pierluigi Paganini October 24, 2023
Hacking

EXPERTS RELEASED POC EXPLOIT CODE FOR VMWARE ARIA OPERATIONS FOR LOGS FLAW.
PATCH IT NOW!

VMware is aware of the availability of a proof-of-concept (PoC) exploit code for
an authentication bypass flaw in VMware Aria Operations for Logs. VMware warned
customers of the availability of a ...

Pierluigi Paganini October 24, 2023
Hacking

HOW DID THE OKTA SUPPORT BREACH IMPACT 1PASSWORD?

1Password detected suspicious activity on its Okta instance after the recent
compromise of the Okta support system. The password management and security
application 1Password announced it had dete ...

Pierluigi Paganini October 24, 2023
Security

PII BELONGING TO INDIAN CITIZENS, INCLUDING THEIR AADHAAR IDS, OFFERED FOR SALE
ON THE DARK WEB

Hundreds of millions of PII records belonging to Indian residents, including
Aadhaar cards, are being offered for sale on the Dark Web. PII Belonging to
Indian Citizens, Including their Aadhaar ID ...

Pierluigi Paganini October 24, 2023
Cyber Crime

SPAIN POLICE DISMANTLED A CYBERCRIMINAL GROUP WHO STOLE THE DATA OF 4 MILLION
INDIVIDUALS

The Spanish police have arrested 34 members of the cybercriminal group that is
accused of having stolen data of over four million individuals. The Spanish
police have arrested 34 members of a cybe ...

Pierluigi Paganini October 24, 2023
Security

CISA ADDS SECOND CISCO IOS XE FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

US CISA added the vulnerability CVE-2023-20273 in Cisco IOS XE to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added the vulner ...

Pierluigi Paganini October 23, 2023
Hacking

CISCO WARNS OF A SECOND IOS XE ZERO-DAY USED TO INFECT DEVICES WORLDWIDE

Cisco found a second IOS XE zero-day vulnerability, tracked as CVE-2023-20273,
which is actively exploited in attacks in the wild. Cisco last
week warned customers of a zero-day vulnerability, ...

Pierluigi Paganini October 23, 2023
Hacking

CITY OF PHILADELPHIA SUFFERS A DATA BREACH

The City of Philadelphia discloses a data breach that resulted from a cyber
attack that took place on May 24 and that compromised City email accounts. The
City of Philadelphia announced it is inve ...

Pierluigi Paganini October 23, 2023
Security

SOLARWINDS FIXED THREE CRITICAL RCE FLAWS IN ITS ACCESS RIGHTS MANAGER PRODUCT

Researchers discovered three critical remote code execution vulnerabilities in
the SolarWinds Access Rights Manager (ARM) product. Security researchers
discovered three critical remote code execu ...

Pierluigi Paganini October 23, 2023
Intelligence

DON'T USE AI-BASED APPS, PHILIPPINE DEFENSE ORDERED ITS PERSONNEL

The Philippine defense ordered its personnel to stop using AI-based applications
to generate personal portraits. The Philippine defense warned of the risks of
using AI-based applications to genera ...

Pierluigi Paganini October 23, 2023
Malware

VIETNAMESE THREAT ACTORS LINKED TO DARKGATE MALWARE CAMPAIGN

Researchers linked Vietnamese threat actors to the string of DarkGate malware
attacks on entities in the U.K., the U.S., and India. WithSecure researchers
linked the recent attacks using the DarkG ...

Pierluigi Paganini October 23, 2023
Intelligence

MI5 CHIEF WARNS OF CHINESE CYBER ESPIONAGE REACHED AN UNPRECEDENTED SCALE

MI5 chief warns Chinese cyber espionage reached an epic scale, more than 20,000
people in the UK have now been targeted. The head of MI5, Ken McCallum, warns
that Chinese spies targeted more than ...

Pierluigi Paganini October 22, 2023
Intelligence

THE ATTACK ON THE INTERNATIONAL CRIMINAL COURT WAS TARGETED AND SOPHISTICATED

The International Criminal Court revealed the recent attack was carried out by a
threat actor for espionage purposes. The International Criminal Court shared
additional information about the cyber ...

Pierluigi Paganini October 22, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 442 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini October 22, 2023
Cyber Crime

A THREAT ACTOR IS SELLING ACCESS TO FACEBOOK AND INSTAGRAM'S POLICE PORTAL

A threat actor is selling access to Facebook and Instagram's Police Portal used
by law enforcement agencies to request data relating to users under
investigation. Cyber security researcher Alon Ga ...

Pierluigi Paganini October 21, 2023
Data Breach

THREAT ACTORS BREACHED OKTA SUPPORT SYSTEM AND STOLE CUSTOMERS' DATA

Okta revealed that threat actors breached its support case management system and
stole sensitive data that can be used in future attacks. Okta says that threat
actors broke into its support case m ...

Pierluigi Paganini October 21, 2023
Security

US DOJ SEIZED DOMAINS USED BY NORTH KOREAN IT WORKERS TO DEFRAUD BUSINESSES
WORLDWIDE

The U.S. government seized 17 website domains used by North Korean IT workers in
a fraudulent scheme to defraud businesses worldwide. The U.S.
government announced the seizure of 17 website doma ...

Pierluigi Paganini October 21, 2023
Cyber Crime

ALLEGED DEVELOPER OF THE RAGNAR LOCKER RANSOMWARE WAS ARRESTED

A joint international law enforcement investigation led to the arrest of a
malware developer who was involved in the Ragnar Locker ransomware operation.
Yesterday we became aware of a joint law en ...

Pierluigi Paganini October 20, 2023
Hacking

CISA ADDS CISCO IOS XE FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

US CISA added the vulnerability CVE-2021-1435 in Cisco IOS XE to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added the vulnera ...

Pierluigi Paganini October 20, 2023
Hacking

TENS OF THOUSANDS CISCO IOS XE DEVICES WERE HACKED BY EXPLOITING CVE-2023-20198

More than 40,000 Cisco IOS XE devices have been compromised in attacks
exploiting recently disclosed critical vulnerability CVE-2023-20198. Researchers
from LeakIX used the indicators of compromis ...

Pierluigi Paganini October 20, 2023
Cyber Crime

LAW ENFORCEMENT OPERATION SEIZED RAGNAR LOCKER GROUP'S INFRASTRUCTURE

An international law enforcement operation shuts down the infrastructure of the
Ragnar Locker ransomware operation. Law enforcement from the US, Europe,
Germany, France, Italy, Japan, Spain, Nethe ...

Pierluigi Paganini October 19, 2023
Security

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

I’m proud to announce the release of the 11th edition of the ENISA Threat
Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen
Agency for cybersecurity ENISA releases ...

Pierluigi Paganini October 19, 2023
APT

NORTH KOREA-LINKED APT GROUPS ACTIVELY EXPLOIT JETBRAINS TEAMCITY FLAW

North Korea-linked threat actors are actively exploiting a critical
vulnerability CVE-2023-42793 in JetBrains TeamCity. Microsoft warns that North
Korea-linked threat actors are actively exploitin ...

Pierluigi Paganini October 19, 2023
APT

MULTIPLE APT GROUPS EXPLOITED WINRAR FLAW CVE-2023-38831

Google TAG reported that both Russia and China-linked threat actors are
weaponizing the a high-severity vulnerability in WinRAR. Google's Threat
Analysis Group (TAG) reported that in recent weeks ...

Pierluigi Paganini October 19, 2023
Data Breach

CALIFORNIAN IT COMPANY DNA MICRO LEAKS PRIVATE MOBILE PHONE DATA

Hundreds of thousands of clients who opted-in for a screen warranty were exposed
when DNA Micro leaked data from its systems. The Cybernews research team found
that DNA Micro, a California-based I ...

Pierluigi Paganini October 18, 2023
Hacking

THREAT ACTORS HAVE BEEN EXPLOITING CVE-2023-4966 IN CITRIX NETSCALER ADC/GATEWAY
DEVICES SINCE AUGUST

Experts reported that the vulnerability CVE-2023-4966 in Citrix NetScaler
ADC/Gateway devices has been exploited in attacks since late August. On October
10, Citrix published a security bulletin ...

Pierluigi Paganini October 18, 2023
Hacking

A FLAW IN SYNOLOGY DISKSTATION MANAGER ALLOWS ADMIN ACCOUNT TAKEOVER

A vulnerability in Synology DiskStation Manager (DSM) could be exploited to
decipher an administrator's password. Researchers from Claroty's Team82
discovered a vulnerability, tracked as CVE-2023- ...

Pierluigi Paganini October 18, 2023
Hacking

D-LINK CONFIRMS DATA BREACH, BUT DOWNPLAYED THE IMPACT

Taiwanese manufacturer D-Link confirmed a data breach after a threat actor
offered for sale on BreachForums stolen data. The global networking equipment
and technology company D-Link confirmed a ...

Pierluigi Paganini October 18, 2023
Breaking News

CVE-2023-20198 ZERO-DAY WIDELY EXPLOITED TO INSTALL IMPLANTS ON CISCO IOS XE
SYSTEMS

Threat actors exploited the recently disclosed zero-day flaw (CVE-2023-20198) in
a large-scale hacking campaign on Cisco IOS XE devices. Threat actors have
exploited the recently disclosed critica ...

Pierluigi Paganini October 17, 2023
APT

RUSSIA-LINKED SANDWORM APT COMPROMISED 11 UKRAINIAN TELECOMMUNICATIONS PROVIDERS

Russia-linked APT group Sandworm has hacked eleven telecommunication service
providers in Ukraine between May and September 2023. The Russia-linked APT group
Sandworm (UAC-0165) has compromised el ...

Pierluigi Paganini October 17, 2023
Cyber Crime

RANSOMWARE REALITIES IN 2023: ONE EMPLOYEE MISTAKE CAN COST A COMPANY MILLIONS

What is the impact of ransomware on organizations? One employee's mistake can
cost a company millions of dollars. Studies show that human error is the root
cause of more than 80% of all cyber brea ...

Pierluigi Paganini October 17, 2023
Malware

MALWARE-LACED 'REDALERT - ROCKET ALERTS' APP TARGETS ISRAELI USERS 

Threat actors are targeting Israeli Android users with a malicious version of
the 'RedAlert – Rocket Alerts' that hide spyware. A threat actor is targeting
Israeli Android users with a spyware-l ...

Pierluigi Paganini October 17, 2023
Hacking

CISCO WARNS OF ACTIVE EXPLOITATION OF IOS XE ZERO-DAY

Cisco warned customers of a critical zero-day vulnerability in its IOS XE
Software that is actively exploited in attacks. Cisco warned customers of a
zero-day vulnerability, tracked as CVE-2023-2 ...

Pierluigi Paganini October 16, 2023
Hacking

SIGNAL DENIES CLAIMS OF AN ALLEGED ZERO-DAY FLAW IN ITS PLATFORM

Encrypted messaging app Signal denied claims of an alleged zero-day flaw in its
platform after a responsible investigation. The popular encrypted messaging app
Signal denied claims of an alleged z ...

Pierluigi Paganini October 16, 2023
Malware

MICROSOFT DEFENDER THWARTED AKIRA RANSOMWARE ATTACK ON AN INDUSTRIAL ENGINEERING
FIRM

Microsoft thwarted a large-scale hacking campaign carried out by Akira
ransomware operators targeting an unknown industrial organization. Microsoft
announced that its Microsoft Defender for Endpo ...

Pierluigi Paganini October 16, 2023
Cyber Crime

DARKGATE MALWARE CAMPAIGN ABUSES SKYPE AND TEAMS

Researchers uncovered an ongoing campaign abusing popular messaging platforms
Skype and Teams to distribute the DarkGate malware. From July to September,
researchers from Trend Micro observed a ma ...

Pierluigi Paganini October 16, 2023
Cyber Crime

THE ALPHV RANSOMWARE GANG STOLE 5TB OF DATA FROM THE MORRISON COMMUNITY HOSPITAL

The Alphv ransomware group added the Morrison Community Hospital to its dark web
leak site. Threat actors continue to target hospitals. The ALPHV/BlackCat
ransomware group claims to have hacked th ...

Pierluigi Paganini October 15, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 441 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini October 15, 2023
Cyber Crime

LOCKBIT RANSOMWARE GANG DEMANDED AN 80 MILLION RANSOM TO CDW

The Lockbit ransomware gang claims to have hacked the technology services giant
CDW and threatens to leak the stolen data. The technology services giant CDW
announced it has launched an investiga ...

Pierluigi Paganini October 14, 2023
Breaking News

CISA WARNS OF VULNERABILITIES AND MISCONFIGURATIONS EXPLOITED IN RANSOMWARE
ATTACKS

CISA warns organizations of vulnerabilities and misconfigurations that are known
to be exploited in ransomware operations. The US cybersecurity agency CISA is
sharing knowledge about vulnerabiliti ...

Pierluigi Paganini October 14, 2023
APT

STAYIN' ALIVE CAMPAIGN TARGETS HIGH-PROFILE ASIAN GOVERNMENT AND TELECOM
ENTITIES. IS IT LINKED TO TODDYCAT APT?

A cyberespionage campaign, tracked as Stayin' Alive, targeted high-profile
government and telecom entities in Asia. Cybersecurity company Check Point
uncovered a malicious activity, tracked as  ...

Pierluigi Paganini October 13, 2023
Uncategorized

FBI AND CISA PUBLISHED A NEW ADVISORY ON AVOSLOCKER RANSOMWARE

FBI and CISA published a joint Cybersecurity Advisory (CSA) to disseminate IOCs,
TTPs, and detection methods associated with AvosLocker ransomware. The joint
Cybersecurity Advisory (CSA) published ...

Pierluigi Paganini October 13, 2023
Hacking

MORE THAN 17,000 WORDPRESS WEBSITES INFECTED WITH THE BALADA INJECTOR IN
SEPTEMBER

In September more than 17,000 WordPress websites have been compromised by
the Balada Injector malware. Sucuri researchers reported that more than 17,000
WordPress websites have been compromised i ...

Pierluigi Paganini October 13, 2023
Malware

RANSOMLOOKER, A NEW TOOL TO TRACK AND ANALYZE RANSOMWARE GROUPS' ACTIVITIES

Ransomlooker monitors ransomware groups' extortion sites and delivers
consolidated feeds of their claims worldwide. Cybernews presented Ransomlooker,
a tool to monitor ransomware groups' extortio ...

Pierluigi Paganini October 12, 2023
Cyber Crime

PHISHING, THE CAMPAIGNS THAT ARE TARGETING ITALY

This post analyzed the numerous phishing campaigns targeting users and
organizations in Italy. Phishing is a ploy to trick users into revealing
personal or financial information through an e-mail ...

Pierluigi Paganini October 12, 2023
Cyber Crime

A NEW MAGECART CAMPAIGN HIDES THE MALICIOUS CODE IN 404 ERROR PAGE

Researchers observed a new Magecart web skimming campaign changing the websites'
default 404 error page to steal credit cards. Researchers from the Akamai
Security Intelligence Group unc ...

Pierluigi Paganini October 12, 2023
Hacking

CISA ADDS ADOBE ACROBAT READER FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

US CISA added the flaw CVE-2023-21608 in Adobe Acrobat Reader to its Known
Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added five new fl ...

Pierluigi Paganini October 11, 2023
Malware

MIRAI-BASED DDOS BOTNET IZ1H9 ADDED 13 PAYLOADS TO TARGET ROUTERS

A Mirai-based DDoS botnet tracked as IZ1H9 has added thirteen new exploits to
target routers from different vendors, including D-Link, Zyxel, and TP-Link.
Fortinet researchers observed a new Mir ...

Pierluigi Paganini October 11, 2023
Data Breach

AIR EUROPA DATA BREACH EXPOSED CUSTOMERS' CREDIT CARDS

Airline Air Europa disclosed a data breach and warned customers to cancel their
credit cards after threat actors accessed their card information. Air Europa is
a Spanish airline and a subsidiary o ...

Pierluigi Paganini October 11, 2023
Cyber warfare

#OPISRAEL, #FREEPALESTINE & #OPSAUDIARABIA - HOW CYBER ACTORS CAPITALIZE ON WAR
ACTIONS VIA PSY-OPS

Gaza: Resecurity identified threat actors exploiting the conflict to weaponize
psychological operations (PSYOPs) campaigns. Amidst the outbreak of war on the
Gaza Strip last weekend, Resecurity (L ...

Pierluigi Paganini October 11, 2023
Security

MICROSOFT PATCH TUESDAY UPDATES FOR OCTOBER 2023 FIXED THREE ACTIVELY EXPLOITED
ZERO-DAY FLAWS

Microsoft Patch Tuesday security updates for October 2023 fixed three actively
exploited zero-day vulnerabilities. Microsoft Patch Tuesday security updates for
October 2023 addressed a total of 10 ...

Pierluigi Paganini October 11, 2023
Hacking

NEW 'HTTP/2 RAPID RESET' TECHNIQUE BEHIND RECORD-BREAKING DDOS ATTACKS

A new DDoS technique named 'HTTP/2 Rapid Reset' is actively employed in attacks
since August enabling record-breaking attacks. Researchers disclosed a new
zero-day DDoS attack technique, named 'HT ...

Pierluigi Paganini October 10, 2023
Hacking

EXPOSED SECURITY CAMERAS IN ISRAEL AND PALESTINE POSE SIGNIFICANT RISKS

Many poorly configured security cameras are exposed to hacktivists in Israel and
Palestine, placing the owners using them and the people around them at
substantial risk. After the Hamas attacks on ...

Pierluigi Paganini October 10, 2023
Hacking

A FLAW IN LIBCUE LIBRARY IMPACTS GNOME LINUX SYSTEMS

A vulnerability in the libcue library impacting GNOME Linux systems can be
exploited to achieve remote code execution (RCE) on affected hosts. A threat
actor can trigger a vulnerability, tracked a ...

Pierluigi Paganini October 10, 2023
Hacktivism

HACKTIVISTS IN PALESTINE AND ISRAEL AFTER SCADA AND OTHER INDUSTRIAL CONTROL
SYSTEMS

Both pro-Israeli and pro-Palestinian hacktivists have joined the fight and are
targeting SCADA and ICS systems. Both pro-Israeli and pro-Palestinian
hacktivists have joined the fight in the cyber ...

Pierluigi Paganini October 10, 2023
Hacking

LARGE-SCALE CITRIX NETSCALER GATEWAY CREDENTIAL HARVESTING CAMPAIGN EXPLOITS
CVE-2023-3519

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler
gateways affected by the CVE-2023-3519 vulnerability. IBM's X-Force researchers
reported that threat actors are con ...

Pierluigi Paganini October 09, 2023
Malware

THE SOURCE CODE OF THE 2020 VARIANT OF HELLOKITTY RANSOMWARE WAS LEAKED ON A
CYBERCRIME FORUM

A threat actor has leaked the source code for the first version of the
HelloKitty ransomware on a Russian-speaking cybercrime forum. Cybersecurity
researchers 3xp0rt reported that a threat actor ...

Pierluigi Paganini October 09, 2023
Hacking

GAZA-LINKED HACKERS AND PRO-RUSSIA GROUPS ARE TARGETING ISRAEL

Microsoft linked a Gaza-based threat actor tracked as Storm-1133 to a series of
attacks aimed at private organizations in Israel. The fourth annual Digital
Defense Report published by Microsoft l ...

Pierluigi Paganini October 09, 2023
Data Breach

FLAGSTAR BANK SUFFERED A DATA BREACH ONCE AGAIN

Flagstar Bank announced a data breach suffered by a third-party service provider
exposed the personal information of over 800,000 US customers. Flagstar Bank is
warning 837,390 US customers that t ...

Pierluigi Paganini October 09, 2023
Malware

ANDROID DEVICES SHIPPED WITH BACKDOORED FIRMWARE AS PART OF THE BADBOX NETWORK

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and
tablets were shipped with backdoored firmware as part of BADBOX network.
Cybersecurity researchers at Human Security disc ...

Pierluigi Paganini October 09, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 440 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini October 08, 2023
APT

NORTH KOREA-LINKED LAZARUS APT LAUNDERED OVER $900 MILLION THROUGH CROSS-CHAIN
CRIME

North Korea-linked APT group Lazarus has laundered $900 million worth of
cryptocurrency, Elliptic researchers reported. Researchers from blockchain
analytics firm Elliptic reported that threat act ...

Pierluigi Paganini October 08, 2023
Cyber Crime

QAKBOT THREAT ACTORS ARE STILL OPERATIONAL AFTER THE AUGUST TAKEDOWN

Threat actors behind the QakBot malware are still active, since August they are
carrying out a phishing campaign delivering Ransom Knight ransomware and Remcos
RAT. In August, the FBI announced th ...

Pierluigi Paganini October 07, 2023
Cyber Crime

RANSOMWARE ATTACK ON MGM RESORTS COSTS $110 MILLION

Hospitality and entertainment company MGM Resorts announced that the costs of
the recent ransomware attack costs exceeded $110 million. In September the
hospitality and entertainment company MGM R ...

Pierluigi Paganini October 06, 2023
Breaking News

CYBERSECURITY, WHY A HOTLINE NUMBER COULD BE IMPORTANT?

The creation of a dedicated emergency number for cybersecurity could provide an
effective solution to this rapidly growing challenge The growing threat of
cybercrime is calling for new and innovat ...

Pierluigi Paganini October 06, 2023
Hacking

MULTIPLE EXPERTS RELEASED EXPLOITS FOR LINUX LOCAL PRIVILEGE ESCALATION FLAW
LOONEY TUNABLES

Researchers published PoC exploits for CVE-2023-4911 vulnerability (aka Looney
Tunables) impacting most popular Linux distributions. The vulnerability
CVE-2023-4911 (CVSS score 7.8) is a buffer ov ...

Pierluigi Paganini October 06, 2023
Security

CISCO EMERGENCY RESPONDER IS AFFECTED BY A CRITICAL STATIC CREDENTIALS BUG. FIX
IT IMMEDIATELY!

Cisco addressed a critical Static Credentials Vulnerability, tracked as
CVE-2023-20101, impacting Emergency Responder. Cisco released security updates
to address a critical vulnerability, tracked ...

Pierluigi Paganini October 06, 2023
Intelligence

BELGIAN INTELLIGENCE SERVICE VSSE ACCUSED ALIBABA OF ‘POSSIBLE ESPIONAGE’ AT
EUROPEAN HUB IN LIEGE

Belgian intelligence agency State Security Service (VSSE) fears that Chinese
giant Alibaba is spying on logistics to gather financial intelligence. The
Belgian intelligence service VSSE revealed t ...

Pierluigi Paganini October 06, 2023
Hacking

CISA ADDS JETBRAINS TEAMCITY AND WINDOWS FLAWS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

The U.S. CISA added JetBrains TeamCity and Windows vulnerabilities to its Known
Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) added the JetBra ...

Pierluigi Paganini October 05, 2023
Hacking

NATO IS INVESTIGATING A NEW CYBER ATTACK CLAIMED BY THE SIEGEDSEC GROUP

NATO is investigating claims that a group called SiegedSec has breached its
systems and leaked a cache of unclassified documents online. NATO announced it
is investigating claims that a politicall ...

Pierluigi Paganini October 05, 2023
Data Breach

GLOBAL CRM PROVIDER EXPOSED MILLIONS OF CLIENTS’ FILES ONLINE

Researcher discovered that global B2B CRM provider Really Simple Systems exposed
online a non-password-protected database with million records. Cybersecurity
Researcher, Jeremiah Fowler, discovere ...

Pierluigi Paganini October 05, 2023
Data Breach

SONY SENT DATA BREACH NOTIFICATIONS TO ABOUT 6,800 INDIVIDUALS

Sony Interactive Entertainment has notified current and former employees and
their family members about a data breach. Sony Interactive Entertainment (SIE)
has notified current and former employee ...

Pierluigi Paganini October 05, 2023
Hacking

APPLE FIXED THE 17TH ZERO-DAY FLAW EXPLOITED IN ATTACKS

Apple released emergency security updates to address a new actively exploited
zero-day vulnerability impacting iPhone and iPad devices. Apple released
emergency security updates to address a new ...

Pierluigi Paganini October 04, 2023
Hacking

ATLASSIAN CONFLUENCE ZERO-DAY CVE-2023-22515 ACTIVELY EXPLOITED IN ATTACKS

Atlassian fixed a critical zero-day flaw in its Confluence Data Center and
Server software, which has been exploited in the wild. Software giant Atlassian
released emergency security updates to ad ...

Pierluigi Paganini October 04, 2023
Hacking

A CYBERATTACK DISRUPTED LYCA MOBILE SERVICES

International mobile virtual network operator Lyca Mobile announced it has been
the victim of a cyber attack that disrupted its network. Lyca Mobile is a mobile
virtual network operator (MVNO) tha ...

Pierluigi Paganini October 04, 2023
Security

CHIPMAKER QUALCOMM WARNS OF THREE ACTIVELY EXPLOITED ZERO-DAYS

Chipmaker Qualcomm addressed 17 vulnerabilities in various components and warns
of three other actively exploited zero-day flaws. Chipmaker Qualcomm released
security updates to address 17 vulnera ...

Pierluigi Paganini October 04, 2023
Reports

DRM REPORT Q2 2023 - RANSOMWARE THREAT LANDSCAPE

The DRM Report Q2 2023 report provides a detailed insight into the ransomware
threat landscape during the period between May and August 2023. In an era where
digitalization has woven its web into ...

Pierluigi Paganini October 04, 2023
Cyber Crime

PHISHING CAMPAIGN TARGETED US EXECUTIVES EXPLOITING A FLAW IN INDEED JOB SEARCH
PLATFORM

Threat actors exploited an open redirection vulnerability in the job search
platform Indeed to carry out phishing attacks. Researchers from the
cybersecurity firm Menlo Security reported that thre ...

Pierluigi Paganini October 04, 2023
Data Breach

SAN FRANCISCO’S TRANSPORT AGENCY EXPOSES DRIVERS’ PARKING PERMITS AND ADDRESSES

A misconfiguration in the Metropolitan Transportation Commission (MTC) systems
caused a leak of over 26K files, exposing clients’ parking permits and home
addresses. The MTC is a governmental ag ...

Pierluigi Paganini October 03, 2023
Malware

BUNNYLOADER, A NEW MALWARE-AS-A-SERVICE ADVERTISED IN CYBERCRIME FORUMS

Cybersecurity researchers spotted a new malware-as-a-service (MaaS)
called BunnyLoader that's appeared in the threat landscape. Zscaler ThreatLabz
researchers discovered a new malware-as-a-servi ...

Pierluigi Paganini October 03, 2023
Breaking News

EXCLUSIVE: LIGHTING THE EXFILTRATION INFRASTRUCTURE OF A LOCKBIT AFFILIATE (AND
MORE)

Researchers have identified the exfiltration infrastructure of a LockBit
affiliate while investigating a LockBit extortion incident that occurred in Q3
2023. Executive Summary We investigated ...

Pierluigi Paganini October 03, 2023
Malware

TWO HACKER GROUPS ARE BACK IN THE NEWS, LOCKBIT 3.0 BLACK AND BLACKCAT/ALPHV

Researchers from cybersecurity firm TG Soft are warning Italian entities and
companies of LockBit 3.0 Black and BlackCat/AlphV attacks. In the last few
weeks, two cybercriminal groups th ...

Pierluigi Paganini October 03, 2023
Data Breach

EUROPEAN TELECOMMUNICATIONS STANDARDS INSTITUTE (ETSI) SUFFERED A DATA BREACH

The European Telecommunications Standards Institute (ETSI) disclosed a data
breach, threat actors had access to a database of its users. Threat actors stole
a database containing the list of users ...

Pierluigi Paganini October 03, 2023
Hacking

WS_FTP FLAW CVE-2023-40044 ACTIVELY EXPLOITED IN THE WILD

Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in
recently disclosed flaw in Progress Software’s WS_FTP products. Progress
Software recently warned customers to address a ...

Pierluigi Paganini October 02, 2023
Data Breach

NATIONAL LOGISTICS PORTAL (NLP) DATA LEAK: SEAPORTS IN INDIA WERE LEFT
VULNERABLE TO TAKEOVER BY HACKERS

The National Logistics Portal (NLP), a newly launched platform to manage all
port operations in India, left public access to sensitive data, posing the risk
of a potential takeover by threat actors. ...

Pierluigi Paganini October 02, 2023
APT

NORTH KOREA-LINKED LAZARUS TARGETED A SPANISH AEROSPACE COMPANY

North Korea-linked APT group Lazarus impersonated Meta's recruiters in an attack
against a Spanish company in the Aerospace industry. ESET researchers linked the
North Korea-linked Lazarus AP ...

Pierluigi Paganini October 02, 2023
Data Breach

RANSOMWARE ATTACK ON JOHNSON CONTROLS MAY HAVE EXPOSED SENSITIVE DHS DATA

Experts warn that the recent attack on building automation giant Johnson
Controls may have exposed data of the Department of Homeland Security (DHS).
Johnson Controls International plc is a multin ...

Pierluigi Paganini October 02, 2023
Cyber Crime

BLACKCAT GANG CLAIMS THEY STOLE DATA OF 2.5 MILLION PATIENTS OF MCLAREN HEALTH
CARE

The ALPHV/BlackCat ransomware gang added McLaren Health Care to the list of
victims on its Tor leak site. McLaren Health Care is a not-for-profit healthcare
system based in Michigan, United States ...

Pierluigi Paganini October 01, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 439 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini October 01, 2023
Cyber Crime

ALPHV/BLACKCAT RANSOMWARE GANG HACKED THE HOTEL CHAIN MOTEL ONE

The ALPHV/BlackCat ransomware gang added the hotel chain Motel One to the list
of victims on its Tor leak site. Motel One is a German hotel chain that offers
budget-friendly accommodations primari ...

Pierluigi Paganini September 30, 2023
Cyber Crime

FBI WARNS OF DUAL RANSOMWARE ATTACKS

The U.S. Federal Bureau of Investigation (FBI) warns of dual ransomware attacks
aimed at the same victims. The U.S. Federal Bureau of Investigation (FBI) is
warning of dual ransomware attacks, a n ...

Pierluigi Paganini September 30, 2023
Breaking News

PROGRESS SOFTWARE FIXED TWO CRITICAL SEVERITY FLAWS IN WS_FTP SERVER

Progress Software has addressed a critical severity vulnerability in its WS_FTP
Server software used by thousands of IT teams worldwide. Progress Software
warned customers to address a critical se ...

Pierluigi Paganini September 30, 2023
Security

CHILD ABUSE SITE TAKEN DOWN, ORGANIZED CHILD EXPLOITATION CRIME SUSPECTED –
EXCLUSIVE

A child abuse site has been taken down following a request to German law
enforcement by Cybernews research team. A hacker collective, who wanted to
remain anonymous, has been relentlessly hunting ...

Pierluigi Paganini September 30, 2023
Hacking

A STILL UNPATCHED ZERO-DAY RCE IMPACTS MORE THAN 3.5M EXIM SERVERS

Experts warn of a critical zero-day vulnerability, tracked as CVE-2023-42115, in
all versions of Exim mail transfer agent (MTA) software. A critical zero-day
vulnerability, tracked as CVE-2023-421 ...

Pierluigi Paganini September 29, 2023
Hacking

CHINESE THREAT ACTORS STOLE AROUND 60,000 EMAILS FROM US STATE DEPARTMENT IN
MICROSOFT BREACH

China-linked threat actors stole around 60,000 emails from U.S. State Department
after breaching Microsoft's Exchange email platform in May. China-linked hackers
who breached Microsoft's email pl ...

Pierluigi Paganini September 29, 2023
Data Breach

MISCONFIGURED WBSC SERVER LEAKS THOUSANDS OF PASSPORTS

The World Baseball Softball Confederation (WBSC) left open a data repository
exposing nearly 50,000 files, some of which were highly sensitive, the Cybernews
research team has discovered. On June ...

Pierluigi Paganini September 29, 2023
Security

CISA ADDS JBOSS RICHFACES FRAMEWORK FLAW TO ITS KNOWN EXPLOITED VULNERABILITIES
CATALOG

US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to
its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure
Security Agency (CISA) added the ...

Pierluigi Paganini September 29, 2023
Hacking

CISCO URGES TO PATCH ACTIVELY EXPLOITED IOS ZERO-DAY CVE-2023-20109

Cisco released security updates for an actively exploited zero-day flaw
(CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software.
Cisco warned customers to install security ...

Pierluigi Paganini September 28, 2023
Cyber Crime

DARK ANGELS TEAM RANSOMWARE GROUP HIT JOHNSON CONTROLS

Johnson Controls International suffered a ransomware attack that impacted the
operations of the company and its subsidiaries. Johnson Controls International
plc is a multinational conglomerate wit ...

Pierluigi Paganini September 28, 2023
Hacking

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Google released security updates to address a new actively exploited zero-day
vulnerability, tracked as CVE-2023-5217, in the Chrome browser. Google on
Wednesday released security updates to addre ...

Pierluigi Paganini September 28, 2023
Hacking

RUSSIAN ZERO-DAY BROKER IS WILLING TO PAY $20M FOR ZERO-DAY EXPLOITS FOR IPHONES
AND ANDROID DEVICES

A Russian zero-day broker is willing to pay $20 million for zero-day exploits
for iPhones and Android mobile devices. The Russian zero-day broker firm
Operation Zero is increasing payouts for top- ...

Pierluigi Paganini September 27, 2023
APT

CHINA-LINKED APT BLACKTECH WAS SPOTTED HIDING IN CISCO ROUTER FIRMWARE

US and Japanese authorities warn that a China-linked APT BlackTech planted
backdoor in Cisco router firmware to hack the businesses in both countries. US
and Japanese intelligence, law enforcement ...

Pierluigi Paganini September 27, 2023
Hacking

WATCH OUT! CVE-2023-5129 IN LIBWEBP LIBRARY AFFECTS MILLIONS APPLICATIONS

Google assigned a maximum score to a critical security flaw, tracked as
CVE-2023-5129, in the libwebp image library for rendering images in the WebP
format. Google assigned a new CVE identifier f ...

Pierluigi Paganini September 27, 2023
Security

DARKBEAM LEAKS BILLIONS OF EMAIL AND PASSWORD COMBINATIONS

DarkBeam left an Elasticsearch and Kibana interface unprotected, exposing
records from previously reported and non-reported data breaches. The leaked
logins present cybercriminals with almost limi ...

Pierluigi Paganini September 27, 2023
Data Breach

'RANSOMED.VC' IN THE SPOTLIGHT - WHAT IS KNOWN ABOUT THE RANSOMWARE GROUP
TARGETING SONY AND NTT DOCOMO

Following the recently announced data leak from Sony, Ransomed.vc group claimed
the hack of the Japanese giant NTT Docomo. Following the recently announced data
leak from Sony, the notorious ranso ...

Pierluigi Paganini September 27, 2023
Security

TOP 5 PROBLEMS SOLVED BY DATA LINEAGE

Data lineage is the visualization and tracking of data as it moves through
various stages of its lifecycle. In an age where data drives decisions and fuels
innovation, understanding the journey of ...

Pierluigi Paganini September 27, 2023
Data Breach

THREAT ACTORS CLAIM THE HACK OF SONY, AND THE COMPANY INVESTIGATES

Sony launched an investigation into an alleged data breach after the RansomedVC
group claimed the hack of the company. Sony announced it is investigating
allegations of a data breach after the Ran ...

Pierluigi Paganini September 26, 2023
Data Breach

CANADIAN FLAIR AIRLINES LEFT USER DATA LEAKING FOR MONTHS

Researchers discovered that Canadian Flair Airlines left credentials to
sensitive databases and email addresses open for at least seven months Canadian
Flair Airlines left credentials to sensitive ...

Pierluigi Paganini September 26, 2023
Cyber Crime

THE RHYSIDA RANSOMWARE GROUP HIT THE KUWAIT MINISTRY OF FINANCE

This week the Rhysida ransomware group claimed the hack of the Kuwait Ministry
of Finance and added it to its Tor leak site. Last week a ransomware attack hit
the Government of Kuwait, the attack ...

Pierluigi Paganini September 26, 2023
Data Breach

BORN ONTARIO DATA BREACH IMPACTED 3.4 MILLION NEWBORNS AND PREGNANCY CARE
PATIENTS

The Better Outcomes Registry & Network (BORN), the Ontario birth registry
disclosed a data breach affecting some 3.4 million people. The Better Outcomes
Registry & Network (BORN) is a prog ...

Pierluigi Paganini September 26, 2023
Malware

XENOMORPH MALWARE IS BACK AFTER MONTHS OF HIATUS AND EXPANDS THE LIST OF TARGETS

A new campaign is spreading Xenomorph malware to Android users in the United
States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from
ThreatFabric uncovered a new campaign spreading ...

Pierluigi Paganini September 26, 2023
Cyber Crime

SMISHING TRIAD STRETCHES ITS TENTACLES INTO THE UNITED ARAB EMIRATES

Resecurity research found that the 'Smishing Triad' cybercrime group has
expanded its phishing campaign into the United Arab Emirates (UAE). Resecurity
research recently found that 'Smishing Triad ...

Pierluigi Paganini September 26, 2023
Hacking

CROOKS STOLE $200 MILLION WORTH OF ASSETS FROM MIXIN NETWORK

Crooks stole $200 million from Mixin Network, a free, lightning fast and
decentralized network for transferring digital assets. Mixin Network, the Hong
Kong-based crypto firm behind a free, lightn ...

Pierluigi Paganini September 25, 2023
Cyber warfare

A PHISHING CAMPAIGN TARGETS UKRAINIAN MILITARY ENTITIES WITH DRONE MANUAL LURES

A phishing campaign targets Ukrainian military entities using drone manuals as
lures to deliver the post-exploitation toolkit Merlin. Securonix researchers
recently uncovered a phishing campaign u ...

Pierluigi Paganini September 25, 2023
Hacking

ALERT! PATCH YOUR TEAMCITY INSTANCE TO AVOID SERVER HACK

Experts warn of a critical vulnerability in the TeamCity CI/CD server that can
be exploited to take over a vulnerable server. JetBrains TeamCity is a popular
and highly extensible Continuous Integ ...

Pierluigi Paganini September 25, 2023
APT

IS GELSEMIUM APT BEHIND A TARGETED ATTACK IN SOUTHEAST ASIAN GOVERNMENT?

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast
Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT
group tracked as Gelsemium targeting a Sout ...

Pierluigi Paganini September 25, 2023
Cyber Crime

NIGERIAN NATIONAL PLEADS GUILTY TO PARTICIPATING IN A MILLIONAIRE BEC SCHEME

A Nigerian national pleaded guilty to wire fraud and money laundering through
business email compromise (BEC). The Nigerian national Kosi Goodness Simon-Ebo
(29), who is residing in South Africa, ...

Pierluigi Paganini September 25, 2023
Malware

NEW VARIANT OF BBTOK TROJAN TARGETS USERS OF +40 BANKS IN LATAM

A new variant of a banking trojan, called BBTok, targets users of over 40 banks
in Latin America, particularly Brazil and Mexico. Check Point researchers warn
of a new variant of a banking trojan ...

Pierluigi Paganini September 25, 2023
Malware

DEADGLYPH, A VERY SOPHISTICATED AND UNKNOWN BACKDOOR TARGETS THE MIDDLE EAST

Researchers discovered a previously undocumented sophisticated backdoor, named
Deadglyph, used by the Stealth Falcon group for espionage in the Middle East
ESET researchers discovered a very sophi ...

Pierluigi Paganini September 24, 2023
Data Breach

ALPHV GROUP CLAIMS THE HACK OF CLARION, A GLOBAL MANUFACTURER OF AUDIO AND VIDEO
EQUIPMENT FOR CARS

The Alphv ransomware group claims to have hacked Clarion, the global
manufacturer of audio and video equipment for cars and other vehicles. The
Alphv ransomware group added Clarion, the global ...

Pierluigi Paganini September 24, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 438 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini September 24, 2023
Data Breach

NATIONAL STUDENT CLEARINGHOUSE DATA BREACH IMPACTED APPROXIMATELY 900 US SCHOOLS

U.S. educational nonprofit organization National Student Clearinghouse disclosed
a data breach that impacted approximately 900 US schools. The National Student
Clearinghouse (NSC) is a nonprofit o ...

Pierluigi Paganini September 24, 2023
Hacking

GOVERNMENT OF BERMUDA BLAMES RUSSIAN THREAT ACTORS FOR THE CYBER ATTACK

The Government of Bermuda believes that the recent cyberattack against its IT
infrastructure was launched by Russian threat actors. This week a cyber attack
hit the Government of Bermuda causing t ...

Pierluigi Paganini September 23, 2023
Mobile

RECENTLY PATCHED APPLE AND CHROME ZERO-DAYS EXPLOITED TO INFECT DEVICES IN EGYPT
WITH PREDATOR SPYWARE

Citizen Lab and Google's TAG revealed that the three recently patched Apple
zero-days were used to install Cytrox Predator spyware. Researchers from the
Citizen Lab and Google's Threat Analysis Gr ...

Pierluigi Paganini September 22, 2023
Hacking

CISA ADDS TREND MICRO APEX ONE AND WORRY-FREE BUSINESS SECURITY FLAW TO ITS
KNOWN EXPLOITED VULNERABILITIES CATALOG

US CISA added the flaw CVE-2023-41179 in Trend Micro Apex and other security
products to its Known Exploited Vulnerabilities catalog. US Cybersecurity and
Infrastructure Security Agency (CISA) a ...

Pierluigi Paganini September 22, 2023
Data Breach

INFORMATION OF AIR CANADA EMPLOYEES EXPOSED IN RECENT CYBERATTACK

Air Canada, the flag carrier and largest airline of Canada, announced that the
personal information of some employees was exposed as a result of a recent
cyberattack. Air Canada, the flag carrier ...

Pierluigi Paganini September 22, 2023
APT

SANDMAN APT TARGETS TELCOS WITH LUADREAM BACKDOOR

A previously undocumented APT dubbed Sandman targets telecommunication service
providers in the Middle East, Western Europe, and South Asia. A joint research
conducted by SentinelLabs and QGroup G ...

Pierluigi Paganini September 22, 2023
Hacking

APPLE ROLLED OUT EMERGENCY UPDATES TO ADDRESS 3 NEW ACTIVELY EXPLOITED ZERO-DAY
FLAWS

Apple released emergency security updates to address three new actively
exploited zero-day vulnerabilities. Apple released emergency security updates to
address three new zero-day vulnerabilities ...

Pierluigi Paganini September 21, 2023
Hacking

UKRAINIAN HACKERS ARE BEHIND THE FREE DOWNLOAD MANAGER SUPPLY CHAIN ATTACK

The recently discovered Free Download Manager (FDM) supply chain attack, which
distributed Linux malware, started back in 2020. The maintainers of Free
Download Manager (FDM) confirmed that the re ...

Pierluigi Paganini September 21, 2023
Data Breach

SPACE AND DEFENSE TECH MAKER EXAIL TECHNOLOGIES EXPOSES DATABASE ACCESS

Exail Technologies, a high-tech manufacturer whose clients include the US Coast
Guard, exposed sensitive company data that could’ve enabled attackers to access
its databases. Exail, a French hig ...

Pierluigi Paganini September 21, 2023
Hacking

PRO-RUSSIA HACKER GROUP NONAME LAUNCHED A DDOS ATTACK ON CANADIAN AIRPORTS
CAUSING SEVERE DISRUPTIONS

Pro-Russia hacker group NoName is suspected to have launched a cyberattack that
caused border checkpoint outages at several Canadian airports. A massive DDoS
cyber attack, likely carried out by Pr ...

Pierluigi Paganini September 21, 2023
Security

EXPERTS FOUND CRITICAL FLAWS IN NAGIOS XI NETWORK MONITORING SOFTWARE

Researchers discovered multiple vulnerabilities in the Nagios XI network and IT
infrastructure monitoring and management solution. Researchers discovered four
vulnerabilities (CVE-2023-40931, CVE- ...

Pierluigi Paganini September 20, 2023
Deep Web

THE DARK WEB DRUG MARKETPLACE PIILOPUOTI WAS DISMANTLED BY FINNISH CUSTOMS

Finnish police announced the takedown of the dark web marketplace PIILOPUOTI
which focuses on the sale of illegal narcotics. Finnish Customs announced the
seizure of the dark web marketplace Piilo ...

Pierluigi Paganini September 20, 2023
Hacking

INTERNATIONAL CRIMINAL COURT HIT WITH A CYBER ATTACK

A cyberattack hit the International Criminal Court (ICC) disclosed a cyberattack
this week, its systems were compromised last week. The International Criminal
Court (ICC) announced that threat act ...

Pierluigi Paganini September 20, 2023
Security

GITLAB ADDRESSED CRITICAL VULNERABILITY CVE-2023-5009

GitLab rolled out security patches to address a critical vulnerability, tracked
as CVE-2023-5009, that can be exploited to run pipelines as another user. GitLab
has released security patches to ad ...

Pierluigi Paganini September 20, 2023
Hacking

TREND MICRO ADDRESSES ACTIVELY EXPLOITED ZERO-DAY IN APEX ONE AND OTHER SECURITY
PRODUCTS

Trend Micro addressed a zero-day code execution vulnerability (CVE-2023-41179)
in Apex One that has been actively exploited in the wild. Trend Micro has
released security updates to patch an activ ...

Pierluigi Paganini September 20, 2023
APT

SHROUDEDSNOOPER THREAT ACTORS TARGET TELECOM COMPANIES IN THE MIDDLE EAST

ShroudedSnooper threat actors are targeting telecommunication service providers
in the Middle East with a backdoor called HTTPSnoop. Cisco Talos researchers
recently discovered a new stealthy impl ...

Pierluigi Paganini September 19, 2023
Security

RECENT CYBER ATTACK IS CAUSING CLOROX PRODUCTS SHORTAGE

The cyber attack that hit the cleaning products manufacturer Clorox in August is
still affecting the supply of the products to customers. The Clorox Company is a
multinational consumer goods compa ...

Pierluigi Paganini September 19, 2023
APT

EARTH LUSCA EXPANDS ITS ARSENAL WITH SPRYSOCKS LINUX MALWARE

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS
in a recent cyber espionage campaign. Researchers from Trend Micro, while
monitoring the activity of the China-linke ...

Pierluigi Paganini September 19, 2023
Data Breach

MICROSOFT AI RESEARCH DIVISION ACCIDENTALLY EXPOSED 38TB OF SENSITIVE DATA

Microsoft AI researchers accidentally exposed 38TB of sensitive data via a
public GitHub repository since July 2020. Cybersecurity firm Wiz discovered that
the Microsoft AI research division accid ...

Pierluigi Paganini September 18, 2023
Hacking

GERMAN INTELLIGENCE WARNS CYBERATTACKS COULD TARGET LIQUEFIED NATURAL GAS (LNG)
TERMINALS

The head of Germany’s foreign intelligence service warns of state-sponsored
attacks aimed at liquefied natural gas (LNG) terminals in the country. Bruno
Kahl, the President of the Bundesnachrich ...

Pierluigi Paganini September 18, 2023
Hacking

DEEPFAKE AND SMISHING. HOW HACKERS COMPROMISED THE ACCOUNTS OF 27 RETOOL
CUSTOMERS IN THE CRYPTO INDUSTRY

Software development company Retool was the victim of a smishing attack that
resulted in the compromise of 27 accounts of its cloud customers. Software
development company Retool revealed that 27 ...

Pierluigi Paganini September 18, 2023
Data Breach

FBI HACKER USDOD LEAKS HIGHLY SENSITIVE TRANSUNION DATA

Researchers from vx-underground reported that FBI hacker 'USDoD' leaked
sensitive data from consumer credit reporting agency TransUnion. TransUnion is
an American consumer credit reporti ...

Pierluigi Paganini September 18, 2023
APT

NORTH KOREA'S LAZARUS APT STOLE ALMOST $240 MILLION IN CRYPTO ASSETS SINCE JUNE

The North Korea-linked APT group Lazarus has stolen more than $240 million worth
of cryptocurrency since June 2023, researchers warn. According to a report
published by blockchain cyber security f ...

Pierluigi Paganini September 18, 2023
Cyber Crime

CLOP GANG STOLEN DATA FROM MAJOR NORTH CAROLINA HOSPITALS

Researchers at healthcare technology firm Nuance blame the Clop gang for a
series of cyber thefts at major North Carolina hospitals. The
Microsoft-owned healthcare technology firm N ...

Pierluigi Paganini September 17, 2023
Data Breach

CARDX RELEASED A DATA LEAK NOTIFICATION IMPACTING THEIR CUSTOMERS IN THAILAND

One of Thailand's major digital financial platforms, CardX, recently disclosed a
data leak that affected their customers. According to the statement published on
the CardX official website on Sep ...

Pierluigi Paganini September 17, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 437 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini September 17, 2023
Breaking News

TIKTOK FINED €345M BY IRISH DPC FOR VIOLATING CHILDREN’S PRIVACY

The Irish Data Protection Commission (DPC) fined TikTok €345 million ($368
million) for violating the privacy of children. The Irish Data Protection
Commission (DPC) fined TikTok €345 million ...

Pierluigi Paganini September 16, 2023
Cyber Crime

DARIY PANKOV, THE NLBRUTE MALWARE AUTHOR, PLEADS GUILTY

The Russian national Dariy Pankov, aka dpxaker, has pleaded guilty to conspiracy
to commit wire and computer fraud. The Russian national Dariy Pankov (28), aka
dpxaker, is the author of the NLBrut ...

Pierluigi Paganini September 15, 2023
Security

DANGEROUS PERMISSIONS DETECTED IN TOP ANDROID HEALTH APPS

Leading Android health apps expose users to avoidable threats like surveillance
and identity theft, due to their risky permissions. Cybernews has the story. The
Android challenge In the digital ...

Pierluigi Paganini September 15, 2023
Cyber Crime

CAESARS ENTERTAINMENT PAID A RANSOM TO AVOID STOLEN DATA LEAKS

Caesars Entertainment announced it has paid a ransom to avoid the leak of
customer data stolen in a recent intrusion. Caesars Entertainment is the world's
most geographically diversified casino-en ...

Pierluigi Paganini September 15, 2023
Malware

FREE DOWNLOAD MANAGER BACKDOORED TO SERVE LINUX MALWARE FOR MORE THAN 3 YEARS

Researchers discovered a free download manager site that has been compromised to
serve Linux malware to users for more than three years. Researchers from
Kaspersky discovered a free download manag ...

Pierluigi Paganini September 15, 2023
Cyber Crime

LOCKBIT RANSOMWARE GANG HIT THE CARTHAGE AREA HOSPITAL AND THE CLAYTON-HEPBURN
MEDICAL CENTER IN NEW YORK

LockBit ransomware group breached two hospitals, the Carthage Area Hospital and
the Clayton-Hepburn Medical Center in New York. The Lockbit ransomware group
claims to have hacked two major hospita ...

Pierluigi Paganini September 14, 2023
Data Breach

UK GREATER MANCHESTER POLICE DISCLOSED A DATA BREACH

UK Greater Manchester Police (GMP) disclosed a data breach, threat actors had
access to some of its employees' personal information. UK Greater Manchester
Police (GMP) announced that threat actors ...

Pierluigi Paganini September 14, 2023
Intelligence

THE IPHONE OF A RUSSIAN JOURNALIST WAS INFECTED WITH THE PEGASUS SPYWARE

The iPhone of a prominent Russian journalist, who is at odds with Moscow, was
infected with NSO Group's Pegasus spyware. The iPhone of the Russian journalist
Galina Timchenko was compromised with ...

Pierluigi Paganini September 14, 2023
Hacking

KUBERNETES FLAWS COULD LEAD TO REMOTE CODE EXECUTION ON WINDOWS ENDPOINTS

Researchers discovered three security flaws in Kubernetes that can lead to
remote code execution on Windows endpoints. Akamai researchers recently
discovered a high-severity vulnerability in Kub ...

Pierluigi Paganini September 14, 2023
Data Breach

THREAT ACTOR LEAKS SENSITIVE DATA BELONGING TO AIRBUS

The multinational aerospace corporation Airbus has launched an investigation
into the recent leak of information allegedly stolen from the company. The
multinational aerospace corporation Airb ...

Pierluigi Paganini September 14, 2023
Malware

A NEW RANSOMWARE FAMILY CALLED 3AM APPEARS IN THE THREAT LANDSCAPE

3AM is a new strain of ransomware that was spotted in a single incident in which
the threat actors failed to deploy the LockBit ransomware in the target
infrastructure. Symantec’s Threat Hunte ...

Pierluigi Paganini September 13, 2023
Hacking

REDFLY GROUP INFILTRATED AN ASIAN NATIONAL GRID AS LONG AS SIX MONTHS

A threat actor tracked as Redfly had infected the systems at a national grid
located in an unnamed Asian country for six months starting in January.
Symantec’s Threat Hunter Team discovered th ...

Pierluigi Paganini September 13, 2023
Hacking

MOZILLA FIXED A CRITICAL ZERO-DAY IN FIREFOX AND THUNDERBIRD

Mozilla addressed a critical zero-day vulnerability in Firefox and Thunderbird
that has been actively exploited in attacks in the wild. Mozilla rolled out
security updates to address a critical ze ...

Pierluigi Paganini September 13, 2023
Security

MICROSOFT SEPTEMBER 2023 PATCH TUESDAY FIXED 2 ACTIVELY EXPLOITED ZERO-DAY FLAWS

Microsoft September 2023 Patch Tuesday addressed 59 new flaws, including two
vulnerabilities under active attack. Microsoft September 2023 Patch Tuesday
security updates addressed 59 vulnerabiliti ...

Pierluigi Paganini September 13, 2023
Cyber Crime

SAVE THE CHILDREN CONFIRMS IT WAS HIT BY CYBER ATTACK

The international non-governmental organization (NGO) Save the Children
International was recently hit with a cyberattack. The charity organization Save
the Children International revealed that it ...

Pierluigi Paganini September 12, 2023
Security

ADOBE FIXED ACTIVELY EXPLOITED ZERO-DAY IN ACROBAT AND READER

Software giant Adobe is warning of a critical security vulnerability in the PDF
Acrobat and Reader that is actively exploited in the wild. Adobe Patch Tuesday
security updates (APSB23-34) addresse ...

Pierluigi Paganini September 12, 2023
Hacking

A NEW REPOJACKING ATTACK EXPOSED OVER 4,000 GITHUB REPOSITORIES TO HACK

A critical vulnerability in GitHub could have exposed more than 4,000 code
packages to Repojacking attack. Checkmarx researchers discovered a new
vulnerability in GitHub could have exposed over 4, ...

Pierluigi Paganini September 12, 2023
Hacking

MGM RESORTS HIT BY A CYBER ATTACK

Hospitality and entertainment company MGM Resorts was hit by a cyber attack that
shut down its systems at MGM Hotels and Casinos. Hospitality and entertainment
company MGM Resorts was the victim o ...

Pierluigi Paganini September 12, 2023
Hacking

ANONYMOUS SUDAN LAUNCHED A DDOS ATTACK AGAINST TELEGRAM

Anonymous Sudan launched a DDoS attack against Telegram after the company
suspended the account of the group. The hacker collective Anonymous Sudan (aka
Storm-1359) has launched a distributed deni ...

Pierluigi Paganini September 12, 2023
APT

IRANIAN CHARMING KITTEN APT TARGETS VARIOUS ENTITIES IN BRAZIL, ISRAEL, AND THE
U.A.E. USING A NEW BACKDOOR

Iran-linked APT group Charming Kitten used a previously undocumented backdoor
named Sponsor in attacks against entities in Brazil, Israel, and the U.A.E. ESET
researchers observed a series of a ...

Pierluigi Paganini September 12, 2023
Hacking

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

Google rolled out emergency security updates to address a new Chrome zero-day
(CVE-2023-4863) actively exploited in the wild. Google rolled out emergency
security updates to address a zero-day vul ...

Pierluigi Paganini September 11, 2023
Security

CISA ADDS RECENTLY DISCOVERED APPLE ZERO-DAYS TO KNOWN EXPLOITED VULNERABILITIES
CATALOG

U.S. CISA adds vulnerabilities in Apple devices exploited to install NSO Group's
Pegasus spyware on iPhones to Known Exploited Vulnerabilities Catalog US
Cybersecurity and Infrastructure Security ...

Pierluigi Paganini September 11, 2023
Cyber Crime

UK AND US SANCTIONED 11 MEMBERS OF THE RUSSIA-BASED TRICKBOT GANG

The U.K. and U.S. governments sanctioned 11 more individuals who were alleged
members of the Russia-based TrickBot cybercrime gang. The United States, in
coordination with the United Kingdom, sanc ...

Pierluigi Paganini September 11, 2023
Cyber Crime

NEW HIJACKLOADER MALWARE IS RAPIDLY GROWING IN POPULARITY IN THE CYBERCRIME
COMMUNITY

Zscaler ThreatLabz detailed a new malware loader, named HijackLoader, which has
grown in popularity over the past few months HijackLoader is a loader that is
gaining popularity among the cybercrim ...

Pierluigi Paganini September 11, 2023
Security

SOME OF TOP UNIVERSITIES WOULDN’T PASS CYBERSECURITY EXAM: LEFT WEBSITES
VULNERABLE

CyberNews researchers discovered that many universities worldwide are leaking
sensitive information and are even open to full takeover. Many universities
worldwide, including some of the most pres ...

Pierluigi Paganini September 11, 2023
Malware

EVIL TELEGRAM CAMPAIGN: TROJANIZED TELEGRAM APPS FOUND ON GOOGLE PLAY

Evil Telegram: a Trojanized version of the Telegram app was spotted on the
Google Play Store, Kaspersky researchers reported. Researchers from Kaspersky
discovered several Telegram mods on the Goo ...

Pierluigi Paganini September 11, 2023
Cyber Crime

RHYSIDA RANSOMWARE GANG CLAIMS TO HAVE HACKED THREE MORE US HOSPITALS

Rhysida Ransomware group added three more US hospitals to the list of victims on
its Tor leak site after the PROSPECT MEDICAL attack. Recently the Rhysida
ransomware group made the headlines becau ...

Pierluigi Paganini September 10, 2023
Cyber Crime

AKAMAI PREVENTED THE LARGEST DDOS ATTACK ON A US FINANCIAL COMPANY

Akamai announced it has mitigated the largest distributed denial-of-service
(DDoS) attack on a U.S. financial company. Cybersecurity firm
Akamai successfully identified and prevented a massive d ...

Pierluigi Paganini September 10, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 436 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini September 10, 2023
Hacking

US CISA ADDED CRITICAL APACHE ROCKETMQ FLAW TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

US CISA added critical vulnerability CVE-2023-33246 in Apache RocketMQ to its
Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure
Security Agency (CISA) added a critical ...

Pierluigi Paganini September 09, 2023
Hacking

RAGNAR LOCKER GANG LEAKS DATA STOLEN FROM THE ISRAEL'S MAYANEI HAYESHUA HOSPITAL

The Ragnar Locker ransomware gang added Israel's Mayanei Hayeshua hospital to
the list of victims on its Tor leak site The Ragnar Locker ransomware gang
claimed responsibility for an attack on Isr ...

Pierluigi Paganini September 09, 2023
Intelligence

NORTH KOREA-LINKED THREAT ACTORS TARGET CYBERSECURITY EXPERTS WITH A ZERO-DAY

North Korea-linked threat actors associated with North Korea exploited a
zero-day flaw in attacks against cybersecurity experts. North Korea-linked
threat actors were observed exploiting a zero-da ...

Pierluigi Paganini September 08, 2023
Hacking

ZERO-DAY IN CISCO ASA AND FTD IS ACTIVELY EXPLOITED IN RANSOMWARE ATTACKS

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively
exploited in ransomware attacks, the company warns. Cisco warns that a zero-day
vulnerability (CVE-2023-20269) in Adapti ...

Pierluigi Paganini September 08, 2023
Security

ZERO-DAYS FIXED BY APPLE WERE USED TO DELIVER NSO GROUP’S PEGASUS SPYWARE

Citizen Lab reported that the actively exploited zero-days fixed by Apple are
being used in Pegasus spyware attacks Researchers at Citizen Lab reported that
the actively exploited zero-day flaws ( ...

Pierluigi Paganini September 08, 2023
Hacking

APPLE DISCLOSES 2 NEW ACTIVELY EXPLOITED ZERO-DAY FLAWS IN IPHONES, MACS

Apple rolled out emergency security updates to address two new actively
exploited zero-day vulnerabilities impacting iPhones and Macs. The two Apple
zero-day vulnerabilities, tracked as CVE-2023-4 ...

Pierluigi Paganini September 07, 2023
Malware

A MALVERTISING CAMPAIGN IS DELIVERING A NEW VERSION OF THE MACOS ATOMIC STEALER

Researchers spotted a new malvertising campaign targeting Mac users with a new
version of the macOS stealer Atomic Stealer. Malwarebytes researchers have
observed a new malvertising campaign distr ...

Pierluigi Paganini September 07, 2023
Hacking

TWO FLAWS IN APACHE SUPERSET ALLOW TO REMOTELY HACK SERVERS

A couple of security vulnerabilities in Apache SuperSet could be exploited by an
attacker to gain remote code execution on vulnerable systems. Apache Superset is
an open-source Data Visualizatio ...

Pierluigi Paganini September 07, 2023
Hacking

CHINESE CYBERSPIES OBTAINED MICROSOFT SIGNING KEY FROM WINDOWS CRASH DUMP DUE TO
A MISTAKE

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to
breach government email accounts from a Windows crash dump. In July, Microsoft
announced it had mitigated an attack ...

Pierluigi Paganini September 07, 2023
Hacking

GOOGLE ADDRESSED AN ACTIVELY EXPLOITED ZERO-DAY IN ANDROID

Google released September 2023 Android security updates to address multiple
flaws, including an actively exploited zero-day. Google released September 2023
Android security updates that address te ...

Pierluigi Paganini September 06, 2023
Hacking

A ZERO-DAY IN ATLAS VPN LINUX CLIENT LEAKS USERS' IP ADDRESS

Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can
reveal the user's IP address by visiting a website. A Reddit user with the
handle 'Educational-Map-8145' published a ...

Pierluigi Paganini September 06, 2023
Hacking

MITRE AND CISA RELEASE CALDERA FOR OT ATTACK EMULATION

MITRE and CISA released a Caldera extension for OT that allows the emulation of
attacks on operational technology systems. MITRE Caldera is an open-source
adversary emulation platform that helps c ...

Pierluigi Paganini September 06, 2023
Internet of Things

ASUS ROUTERS ARE AFFECTED BY THREE CRITICAL REMOTE CODE EXECUTION FLAWS

Three critical remote code execution vulnerabilities in ASUS routers potentially
allow attackers to hijack the network devices. ASUS routers RT-AX55,
RT-AX56U_V2, and RT-AC86U are affected by thre ...

Pierluigi Paganini September 06, 2023
Hacking

HACKERS STOLE $41M WORTH OF CRYPTO ASSETS FROM CRYPTO GAMBLING FIRM STAKE

Crypto gambling site Stake suffered a security breach, and threat actors
withdrew $41M of funds stolen including Tether and Ether. Researchers reported
abnormally large withdrawals made from the c ...

Pierluigi Paganini September 05, 2023
Security

FREECYCLE DATA BREACH IMPACTED 7 MILLION USERS

The nonprofit organization Freecycle Network (Freecycle.org) confirmed that it
has suffered a data breach that impacted more than 7 million users. The
Freecycle Network (TFN,) is a private, nonpro ...

Pierluigi Paganini September 05, 2023
Social Networks

META DISRUPTED TWO INFLUENCE CAMPAIGNS FROM CHINA AND RUSSIA

Meta disrupted two influence campaigns orchestrated by China and Russia, the
company blocked thousands of accounts and pages. Meta announced it has taken
down two of the largest known covert influ ...

Pierluigi Paganini September 05, 2023
Hacking

A MASSIVE DDOS ATTACK TOOK DOWN THE SITE OF THE GERMAN FINANCIAL AGENCY BAFIN

A distributed denial-of-service (DDoS) attack took the site of the German
Federal Financial Supervisory Authority (BaFin) down. A distributed
denial-of-service (DDoS) attack took the site of the G ...

Pierluigi Paganini September 05, 2023
Cyber Crime

"SMISHING TRIAD" TARGETED USPS AND US CITIZENS FOR DATA THEFT

Resecurity has identified a large-scale smishing campaign, tracked as Smishing
Triad, targeting the US Citizens. Earlier episodes have revealed victims from
the U.K., Poland, Sweden, Italy, Indon ...

Pierluigi Paganini September 04, 2023
Hacking

UNIVERSITY OF SYDNEY SUFFERED A SECURITY BREACH CAUSED BY A THIRD-PARTY SERVICE
PROVIDER

The University of Sydney (USYD) suffered a security breach caused by a
third-party service provider that exposed personal information of recent
applicants. The University of Sydney (USYD) announce ...

Pierluigi Paganini September 04, 2023
Cyber Crime

CYBERCRIME WILL COST GERMANY $224 BILLION IN 2023

Cybercrime will cost Germany 206 billion euros ($224 billion) in 2023, German
digital association Bitkom told Reuters. According to the German digital
association Bitkom, cybercrime will have a wo ...

Pierluigi Paganini September 04, 2023
Hacking

POC EXPLOIT CODE RELEASED FOR CVE-2023-34039 BUG IN VMWARE ARIA OPERATIONS FOR
NETWORKS

Researcher released PoC exploit code for a recent critical flaw (CVE-2023-34039)
in VMware Aria Operations for Networks. At the end of August, VMware released
security updates to address two vulne ...

Pierluigi Paganini September 03, 2023
Breaking News

SECURITY AFFAIRS NEWSLETTER ROUND 435 BY PIERLUIGI PAGANINI – INTERNATIONAL
EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the
best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly Securi ...

Pierluigi Paganini September 03, 2023
Cyber Crime

LOCKBIT RANSOMWARE GANG HIT THE COMMISSION DES SERVICES ELECTRIQUES DE MONTRÉAL
(CSEM)

The LockBit ransomware gang claims to have breached the Commission des services
electriques de Montréal (CSEM). The LockBit ransomware group continues to be one
of the most active extortion gangs ...

Pierluigi Paganini September 03, 2023
Hacking

UNRAVELING ETERNALBLUE: INSIDE THE WANNACRY’S ENABLER

WannaCry and NotPetya, probably two most damaging cyberattacks in recent
history, were both only made possible because of EternalBlue. Here is how the
NSA-developed cyber monster works, and how you s ...

Pierluigi Paganini September 01, 2023
Malware

RESEARCHERS RELEASED A FREE DECRYPTOR FOR THE KEY GROUP RANSOMWARE

Researchers released a free decryptor for the Key Group ransomware that allows
victims to recover their data without paying a ransom. Threat intelligence firm
EclecticIQ released a free decryption ...

Pierluigi Paganini September 01, 2023
Data Breach

FASHION RETAILER FOREVER 21 DATA BREACH IMPACTED +500,000 INDIVIDUALS

Fashion retailer Forever 21 disclosed a data breach that exposed the personal
information of more than 500,000 individuals. On March 20, 2023, the fashion
retailer Forever 21 has discovered a cybe ...

Pierluigi Paganini August 31, 2023
Cyber warfare

RUSSIA-LINKED HACKERS TARGET UKRAINIAN MILITARY WITH INFAMOUS CHISEL ANDROID
MALWARE

Russia-linked threat actors have been targeting Android devices of the Ukrainian
military with a new malware dubbed Infamous Chisel. GCHQ’s National Cyber
Security Centre and international partn ...

Pierluigi Paganini August 31, 2023
Cyber Crime

AKIRA RANSOMWARE GANG TARGETS CISCO ASA WITHOUT MULTI-FACTOR AUTHENTICATION

Experts warn of ongoing credential stuffing and brute-force attacks targeting
Cisco ASA (Adaptive Security Appliance) SSL VPNs. Cisco is aware of attacks
conducted by Akira ransomware threat actor ...

Pierluigi Paganini August 31, 2023
Data Breach

PARAMOUNT GLOBAL DISCLOSED A DATA BREACH

Multinational mass media conglomerate Paramount Global suffered a data breach
after an unauthorized party accessed files from certain of its systems.
Multinational mass media conglomerate Paramoun ...

Pierluigi Paganini August 31, 2023
Security

NATIONAL SAFETY COUNCIL DATA LEAK: CREDENTIALS OF NASA, TESLA, DOJ, VERIZON, AND
2K OTHERS LEAKED BY WORKPLACE SAFETY ORGANIZATION

The National Safety Council leaked thousands of emails and passwords of their
members, including companies such as NASA and Tesla. The National Safety Council
has leaked nearly 10,000 emails and p ...

Pierluigi Paganini August 31, 2023
Hacking

ABUSING WINDOWS CONTAINER ISOLATION FRAMEWORK TO AVOID DETECTION BY SECURITY
PRODUCTS

Researchers demonstrated how attackers can abuse the Windows Container Isolation
Framework to bypass endpoint security solutions. Researcher Daniel Avinoam at
the recent DEF CON hacking conferen ...

Pierluigi Paganini August 31, 2023
Security

CRITICAL RCE FLAW IMPACTS VMWARE ARIA OPERATIONS NETWORKS

VMware fixed two security flaws in Aria Operations for Networks that could be
exploited to bypass authentication and gain remote code execution. VMware has
released security updates to address two ...

Pierluigi Paganini August 30, 2023
APT

UNC4841 THREAT ACTORS HACKED US GOVERNMENT EMAIL SERVERS EXPLOITING BARRACUDA
ESG FLAW

China-linked threat actors breached government organizations worldwide with
attacks exploiting Barracuda ESG zero-day. In June, Mandiant researchers linked
the threat actor UNC4841 to the attacks ...

Pierluigi Paganini August 29, 2023
Intelligence

HACKERS INFILTRATED JAPAN’S NATIONAL CENTER OF INCIDENT READINESS AND STRATEGY
FOR CYBERSECURITY (NISC) FOR MONTHS

Japan’s National Center of Incident Readiness and Strategy for Cybersecurity
(NISC) has been infiltrated for months. Threat actors have infiltrated Japan’s
National Center of Incident Readines ...

Pierluigi Paganini August 29, 2023
Hacking

FIN8-LINKED ACTOR TARGETS CITRIX NETSCALER SYSTEMS

A financially motivated actor linked to the FIN8 group exploits the
CVE-2023-3519 RCE in attacks on Citrix NetScaler systems in massive attacks.
Sophos X-Ops is tracking an ongoing campaign, which ...

Pierluigi Paganini August 29, 2023
Hacking

JAPAN'S JPCERT WARNS OF NEW 'MALDOC IN PDF' ATTACK TECHNIQUE

Japan's JPCERT warns of a new recently detected 'MalDoc in PDF' attack that
embeds malicious Word files into PDFs. Japan's computer emergency response team
(JPCERT) has recently observed a new att ...

Pierluigi Paganini August 29, 2023
Hacking

ATTACKERS CAN DISCOVER IP ADDRESS BY SENDING A LINK OVER THE SKYPE MOBILE APP

A security researcher demonstrated how to discover a target’s IP address by
sending a link over the Skype mobile app. The security researcher Yossi
discovered that is possible to discover a targ ...

Pierluigi Paganini August 28, 2023
Security

CISCO FIXES 3 HIGH-SEVERITY DOS FLAWS IN NX-OS AND FXOS SOFTWARE

Cisco addressed three high-severity flaws in NX-OS and FXOS software that could
cause denial-of-service (DoS) conditions. Cisco this week addressed multiple
flaws in its products, including three ...

Pierluigi Paganini August 27, 2023
Hacking

CLOUD AND HOSTING PROVIDER LEASEWEB TOOK DOWN CRITICAL SYSTEMS AFTER A CYBER
ATTACK

The cloud and hosting provider Leaseweb suffered a security breach that impacted
some "critical" systems of the company. Global hosting and cloud services
provider Leaseweb has disabled some "crit ...

Pierluigi Paganini August 26, 2023
Cyber Crime

CRYPTO INVESTOR DATA EXPOSED BY A SIM SWAPPING ATTACK AGAINST A KROLL EMPLOYEE

Security consulting giant Kroll disclosed a data breach resulting from a
SIM-swapping attack against one of its employees. Security consulting firm
Kroll revealed that a SIM-swappin ...

Pierluigi Paganini August 26, 2023
APT

CHINA-LINKED FLAX TYPHOON APT TARGETS TAIWAN

China-linked APT group Flax Typhoon targeted dozens of organizations in Taiwan
as part of a suspected espionage campaign. Microsoft linked the Chinese APT Flax
Typhoon (aka Ethereal Panda) to a cy ...

Pierluigi Paganini August 25, 2023
Breaking News

RESEARCHERS RELEASED POC EXPLOIT FOR IVANTI SENTRY FLAW CVE-2023-38035

Proof-of-concept exploit code for critical Ivanti Sentry authentication bypass
flaw CVE-2023-38035 has been released. Researchers released a proof-of-concept
(PoC) exploit code for critical Ivanti ...

Pierluigi Paganini August 24, 2023
Security

RESECURITY IDENTIFIED A ZERO-DAY VULNERABILITY IN SCHNEIDER ELECTRIC ACCUTECH
MANAGER

Resecurity researchers identified a zero-day Buffer Overflow vulnerability in
the Schneider Electric Accutech Manager product. Resecurity identified a
zero-day vulnerability in the Schneider Elec ...

Pierluigi Paganini July 11, 2023
Next


To contact me write an email to:

Pierluigi Paganini :
pierluigi.paganini@securityaffairs.co

LEARN MORE

QUICK LINKS

 * Home
 * Cyber Crime
 * Cyber warfare
 * APT
 * Data Breach
 * Deep Web
 * Digital ID
 * Hacking
 * Hacktivism
 * Intelligence
 * Internet of Things
 * Laws and regulations
 * Malware
 * Mobile
 * Reports
 * Security
 * Social Networks
 * Terrorism
 * ICS-SCADA
 * POLICIES
 * Contact me

Copyright@securityaffairs 2024



We use cookies on our website to give you the most relevant experience by
remembering your preferences and repeat visits. By clicking “Accept All”, you
consent to the use of ALL the cookies. However, you may visit "Cookie Settings"
to provide a controlled consent.
Cookie SettingsAccept All
Manage consent
Close

PRIVACY OVERVIEW

This website uses cookies to improve your experience while you navigate through
the website. Out of these cookies, the cookies that are categorized as necessary
are stored on your browser as they are essential for the working of basic
functionalities...
Necessary
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly.
This category only includes cookies that ensures basic functionalities and
security features of the website. These cookies do not store any personal
information.
Non-necessary
Non-necessary
Any cookies that may not be particularly necessary for the website to function
and is used specifically to collect user personal data via analytics, ads, other
embedded contents are termed as non-necessary cookies. It is mandatory to
procure user consent prior to running these cookies on your website.
SAVE & ACCEPT