MUST READ

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

 | 

Nigerian National pleads guilty to participating in a millionaire BEC scheme

 | 

New variant of BBTok Trojan targets users of +40 banks in LATAM

 | 

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

 | 

Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

 | 

Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

 | 

National Student Clearinghouse data breach impacted approximately 900 US schools

 | 

Government of Bermuda blames Russian threat actors for the cyber attack

 | 

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

 | 

CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog

 | 

Information of Air Canada employees exposed in recent cyberattack

 | 

Sandman APT targets telcos with LuaDream backdoor

 | 

Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws

 | 

Ukrainian hackers are behind the Free Download Manager supply chain attack

 | 

Space and defense tech maker Exail Technologies exposes database access

 | 

Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions

 | 

Experts found critical flaws in Nagios XI network monitoring software

 | 

The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs

 | 

International Criminal Court hit with a cyber attack

 | 

GitLab addressed critical vulnerability CVE-2023-5009

 | 

Trend Micro addresses actively exploited zero-day in Apex One and other security Products

 | 

ShroudedSnooper threat actors target telecom companies in the Middle East

 | 

Recent cyber attack is causing Clorox products shortage

 | 

Earth Lusca expands its arsenal with SprySOCKS Linux malware

 | 

Microsoft AI research division accidentally exposed 38TB of sensitive data

 | 

German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals

 | 

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

 | 

FBI hacker USDoD leaks highly sensitive TransUnion data

 | 

North Korea's Lazarus APT stole almost $240 million in crypto assets since June

 | 

Clop gang stolen data from major North Carolina hospitals

 | 

CardX released a data leak notification impacting their customers in Thailand

 | 

Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition

 | 

TikTok fined €345M by Irish DPC for violating children’s privacy

 | 

Dariy Pankov, the NLBrute malware author, pleads guilty

 | 

Dangerous permissions detected in top Android health apps

 | 

Caesars Entertainment paid a ransom to avoid stolen data leaks

 | 

Free Download Manager backdoored to serve Linux malware for more than 3 years

 | 

Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York

 | 

The iPhone of a Russian journalist was infected with the Pegasus spyware

 | 

Kubernetes flaws could lead to remote code execution on Windows endpoints

 | 

Threat actor leaks sensitive data belonging to Airbus

 | 

A new ransomware family called 3AM appears in the threat landscape

 | 

Redfly group infiltrated an Asian national grid as long as six months

 | 

Mozilla fixed a critical zero-day in Firefox and Thunderbird

 | 

Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws

 | 

Save the Children confirms it was hit by cyber attack

 | 

Adobe fixed actively exploited zero-day in Acrobat and Reader

 | 

A new Repojacking attack exposed over 4,000 GitHub repositories to hack

 | 

MGM Resorts hit by a cyber attack

 | 

Anonymous Sudan launched a DDoS attack against Telegram

 | 

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

 | 

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

 | 

CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog

 | 

UK and US sanctioned 11 members of the Russia-based TrickBot gang

 | 

New HijackLoader malware is rapidly growing in popularity in the cybercrime community

 | 

Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable

 | 

Evil Telegram campaign: Trojanized Telegram apps found on Google Play

 | 

Rhysida Ransomware gang claims to have hacked three more US hospitals

 | 

Akamai prevented the largest DDoS attack on a US financial company

 | 

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

 | 

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog

 | 

Ragnar Locker gang leaks data stolen from the Israel's Mayanei Hayeshua hospital

 | 

North Korea-linked threat actors target cybersecurity experts with a zero-day

 | 

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

 | 

Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

 | 

Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs

 | 

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

 | 

Two flaws in Apache SuperSet allow to remotely hack servers

 | 

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

 | 

Google addressed an actively exploited zero-day in Android

 | 

A zero-day in Atlas VPN Linux Client leaks users' IP address

 | 

MITRE and CISA release Caldera for OT attack emulation

 | 

ASUS routers are affected by three critical remote code execution flaws

 | 

Hackers stole $41M worth of crypto assets from crypto gambling firm Stake

 | 

Freecycle data breach impacted 7 Million users

 | 

Meta disrupted two influence campaigns from China and Russia

 | 

A massive DDoS attack took down the site of the German financial agency BaFin

 | 

"Smishing Triad" Targeted USPS and US Citizens for Data Theft

 | 

University of Sydney suffered a security breach caused by a third-party service provider

 | 

Cybercrime will cost Germany $224 billion in 2023

 | 

PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks

 | 

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

 | 

LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)

 | 

UNRAVELING EternalBlue: inside the WannaCry’s enabler

 | 

Researchers released a free decryptor for the Key Group ransomware

 | 

Fashion retailer Forever 21 data breach impacted +500,000 individuals

 | 

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

 | 

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

 | 

Paramount Global disclosed a data breach

 | 

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

 | 

Abusing Windows Container Isolation Framework to avoid detection by security products

 | 

Critical RCE flaw impacts VMware Aria Operations Networks

 | 

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

 | 

Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months

 | 

FIN8-linked actor targets Citrix NetScaler systems

 | 

Japan's JPCERT warns of new 'MalDoc in PDF' attack technique

 | 

Attackers can discover IP address by sending a link over the Skype mobile app

 | 

Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software

 | 

Cloud and hosting provider Leaseweb took down critical systems after a cyber attack

 | 

Crypto investor data exposed by a SIM swapping attack against a Kroll employee

 | 

China-linked Flax Typhoon APT targets Taiwan

 | 

Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035

 | 

Malware

Pierluigi Paganini June 06, 2015
Eataly NYC confirms data breach, customers card data exposed

Eataly NYC confirmed that New York retail location has been victim of a security incident, hackers used a PoS malware to steal customers’s card data. The Italian food market Eataly has confirmed a data breach occurred earlier this year. According investigators the data breach could have exposed data related to payment cards over a four-month period. […]

Pierluigi Paganini June 05, 2015
CryptoWall 3.0 Still Actively Being Spread as a New Campaign is Discovered in-the-wild

A new malicious phishing campaign is spreading CryptoWall ransomware in the wild, the expert Michael Fratello has analyzed it for us. Just a reminder to all — CryptoWall 3.0 is still very much active, with phish tactics that I think are less effective, but who knows; maybe they’re seeing great success with this method.  Personally, […]

Pierluigi Paganini June 03, 2015
APWG Global Phishing Survey – Registered malicious domains increased in H2 2014

The APWG Global Phishing Survey 2H2014 seeks to understand what the phishers are doing, and how, by quantifying the scope of the global phishing problem. The Anti-Phishing Working Group (APWG) has published the “Global Phishing Survey 2H2014“, a report that comes with some interesting numbers on phishing activities. The Global Phishing Survey 2H2014 report states […]

Pierluigi Paganini June 02, 2015
New Rombertik Sample has originated in Nigeria

ThreatConnect has conducted further investigations on the Rombertik malware and traced a malicious sample they analyzed to a Nigeria-based man. Lately Rombertik have been making the headlines of security related news, I wrote on SecurityAffairs about the malware a few weeks ago, last update from security researchers at ThreatConnect is that a new analysis traced […]

Pierluigi Paganini June 02, 2015
NjRat campaign coming from Saudi Arabia is using old FakeAv tactics

Security experts discovered a new njRat campaign using old tactics, making use of compromised websites as a third layer, communication proxy. A recent post published on http://blog.0x3a.com/ it was described a new njRat campaign using old tactics, making use of compromised websites as a third layer, communication proxy. Using FakeAV tactics was in vogue some years […]

Pierluigi Paganini June 01, 2015
Google blocks Chrome extensions out of the official Store

The use of malicious Chrome extensions in the criminal ecosystem, so Google decided to restrict the use of extensions not available on the Chrome Web Store. The use of malicious Chrome extensions in the criminal ecosystem, so Google decided to restrict the use of extensions not available on the Chrome Web Store. With new policies […]

Pierluigi Paganini May 30, 2015
Locker Ransomware Author Allegedly Releases Database Dump of Private Keys

Allegedly, the author of the “Locker” ransomware has uploaded a dump of the C2 server database, releasing private keys of infected hosts to the public. Allegedly, the author of the “Locker” ransomware has uploaded a dump of the C2 server database, releasing private keys of infected hosts worldwide to the public.  The “author” claims that […]

Pierluigi Paganini May 30, 2015
US failed a Stuxnet-style attack against North Korea

New revelations came after a high-profile defector warns of that North Korea’s cyber army has the capability to run cyber attacks that could cause loss of human lives. According to an exclusive report by Reuters, The US was attempting without success to interfere with the nuclear programme of Pyongyang, in the same way it has done with Iran … SCADA systems […]

Pierluigi Paganini May 30, 2015
Locker Ransomware Utilizes a Unique Delivery Mechanism

The cyber security expert Michael Fratello has made a detailed analysis of the locker ransomware that implements a unique delivery mechanism On May 25th, 2015, a wave of reports came flooding in from users around the globe, claiming that their computers have become compromised.  Messages from users looking for help began appearing on forums such […]

Pierluigi Paganini May 29, 2015
The recently Patched Flash flaw exploited by Angler EK to serve malware

The authors of the popular Angler exploit kit integrated an exploit for a Flash Player flaw fixed by Adobe just a couple of weeks ago. The creators of the popular Angler exploit KIT are known for being quick in integrating and exploiting zero-day vulnerabilities, this time they added an exploit related with the Flash player, […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

APT / September 25, 2023

Nigerian National pleads guilty to participating in a millionaire BEC scheme

Cyber Crime / September 25, 2023

New variant of BBTok Trojan targets users of +40 banks in LATAM

Malware / September 25, 2023

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Malware / September 24, 2023

Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

Data Breach / September 24, 2023