Mercury Archives - Security Affairs

U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity

|

A cyber attack paralyzed operations at Synlab Italia

|

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

|

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

|

A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites

|

Akira ransomware received $42M in ransom payments from over 250 victims

|

DuneQuixote campaign targets the Middle East with a complex backdoor

|

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Critical CrushFTP zero-day exploited in attacks in the wild

|

A French hospital was forced to reschedule procedures after cyberattack

|

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

|

FBI chief says China is preparing to attack US critical infrastructure

|

United Nations Development Programme (UNDP) investigates data breach

|

FIN7 targeted a large U.S. carmaker with phishing attacks

|

Law enforcement operation dismantled phishing-as-a-service platform LabHost

|

Previously unknown Kapeka backdoor linked to Russian Sandworm APT

|

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

|

Linux variant of Cerber ransomware targets Atlassian servers

|

Ivanti fixed two critical flaws in its Avalanche MDM

|

Researchers released exploit code for actively exploited Palo Alto PAN-OS bug

|

Cisco warns of large-scale brute-force attacks against VPN and SSH services

|

PuTTY SSH Client flaw allows of private keys recovery

|

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

|

Misinformation and hacktivist campaigns targeting the Philippines skyrocket

|

Russia is trying to sabotage European railways, Czech minister said

|

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

|

Cisco Duo warns telephony supplier data breach exposed MFA SMS logs

|

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

|

CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog

|

Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor

|

U.S. and Australian police arrested Firebird RAT author and operator

|

Canadian retail chain Giant Tiger data breach may have impacted millions of customers

|

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Crooks manipulate GitHub's search results to distribute malware

|

BatBadBut flaw allowed an attacker to perform command injection on Windows

|

Roku disclosed a new security breach impacting 576,000 accounts

|

LastPass employee targeted via an audio deepfake call

|

TA547 targets German organizations with Rhadamanthys malware

|

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog

|

US CISA published an alert on the Sisense data breach

|

Palo Alto Networks fixed multiple DoS bugs in its firewalls

|

Apple warns of mercenary spyware attacks on iPhone users in 92 countries

|

Microsoft fixed two zero-day bugs exploited in malware attacks

|

Group Health Cooperative data breach impacted 530,000 individuals

|

AT&T states that the data breach impacted 51 million former and current customers

|

Fortinet fixed a critical remote code execution bug in FortiClientLinux

|

Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues

|

Cybersecurity in the Evolving Threat Landscape

|

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

|

ScrubCrypt used to drop VenomRAT along with many malicious plugins

|

Google announces V8 Sandbox to protect Chrome users

|

China is using generative AI to carry out influence operations

|

Greylock McKinnon Associates data breach exposed DOJ data of 341650 people

|

Crowdfense is offering a larger 30M USD exploit acquisition program

|

U.S. Department of Health warns of attacks against IT help desks

|

Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

|

More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

|

Cisco warns of XSS flaw in end-of-life small business routers

|

Magento flaw exploited to deploy persistent backdoor hidden in XML

|

Cyberattack disrupted services at Omni Hotels & Resorts

|

HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

|

US cancer center City of Hope: data breach impacted 827149 individuals

|

Ivanti fixed for 4 new issues in Connect Secure and Policy Secure

|

Jackson County, Missouri, discloses a ransomware attack

|

Google addressed another Chrome zero-day exploited at Pwn2Own in March

|

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

|

Google fixed two actively exploited Pixel vulnerabilities

|

Highly sensitive files mysteriously disappeared from EUROPOL headquarters

|

XSS flaw in WordPress WP-Members Plugin can lead to script injection

|

Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

|

Google agreed to erase billions of browser records to settle a class action lawsuit

|

PandaBuy data breach allegedly impacted over 1.3 million customers

|

OWASP discloses a data breach

|

New Vultur malware version includes enhanced remote control and evasion capabilities

|

Pentagon established the Office of the Assistant Secretary of Defense for Cyber Policy

|

Info stealer attacks target macOS users

|

Security Affairs newsletter Round 465 by Pierluigi Paganini – INTERNATIONAL EDITION

|

DinodasRAT Linux variant targets users worldwide

|

AT&T confirmed that a data breach impacted 73 million customers

|

Expert found a backdoor in XZ tools used many Linux distributions

|

German BSI warns of 17,000 unpatched Microsoft Exchange servers

|

Cisco warns of password-spraying attacks targeting Secure Firewall devices

|

American fast-fashion firm Hot Topic hit by credential stuffing attacks

|

Cisco addressed high-severity flaws in IOS and IOS XE software

|

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

|

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

|

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

|

The DDR Advantage: Real-Time Data Defense

|

Finnish police linked APT31 to the 2021 parliament attack

|

TheMoon bot infected 40,000 devices in January and February

|

UK, New Zealand against China-linked cyber operations

|

US Treasury Dep announced sanctions against members of China-linked APT31

|

CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog

|

Iran-Linked APT TA450 embeds malicious links in PDF attachments

|

StrelaStealer targeted over 100 organizations across the EU and US

|

GoFetch side-channel attack against Apple systems allows secret keys extraction

|

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr

|

Russia-linked APT29 targeted German political parties with WINELOADER backdoor

|

Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

|

Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites

|

German police seized the darknet marketplace Nemesis Market

|

Unsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic locks

|

Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days

|

Critical Fortinet's FortiClient EMS flaw actively exploited in the wild

|

Pwn2Own Vancouver 2024 Day 1 - team Synacktiv hacked a Tesla

|

New Loop DoS attack may target 300,000 vulnerable hosts

|

Critical flaw in Atlassian Bamboo Data Center and Server must be fixed immediately

|

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

|

BunnyLoader 3.0 surfaces in the threat landscape

|

Pokemon Company resets some users' passwords

|

Ukraine cyber police arrested crooks selling 100 million compromised accounts

|

New AcidPour wiper targets Linux x86 devices. Is it a Russia's weapon?

|

Players hacked during the matches of Apex Legends Global Series. Tournament suspended

|

Earth Krahang APT breached tens of government organizations worldwide

|

PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

|

Fujitsu suffered a malware attack and probably a data breach

|

Remove WordPress miniOrange plugins, a critical flaw can allow site takeover

|

The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats

|

Email accounts of the International Monetary Fund compromised

|

Threat actors leaked 70,000,000+ records allegedly stolen from AT&T

|

“gitgub” malware campaign targets Github users with RisePro info-stealer

|

Security Affairs newsletter Round 463 by Pierluigi Paganini – INTERNATIONAL EDITION

|

France Travail data breach impacted 43 Million people

|

Scranton School District in Pennsylvania suffered a ransomware attack

|

Lazarus APT group returned to Tornado Cash to launder stolen funds

|

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

|

UK Defence Secretary jet hit by an electronic warfare attack in Poland

|

Cisco fixed high-severity elevation of privilege and DoS bugs

|

Recent DarkGate campaign exploited Microsoft Windows zero-day

|

Nissan Oceania data breach impacted roughly 100,000 people

|

Researchers found multiple flaws in ChatGPT plugins

|

Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS

|

Acer Philippines disclosed a data breach after a third-party vendor hack

|

Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack

|

Microsoft Patch Tuesday security updates for March 2024 fixed 59 flaws

|

Russia's Foreign Intelligence Service (SVR) alleges US is plotting to interfere in presidential election

|

First-ever South Korean national detained for espionage in Russia

|

Insurance scams via QR codes: how to recognise and defend yourself

|

Massive cyberattacks hit French government agencies

|

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

|

Experts released PoC exploit for critical Progress Software OpenEdge bug

|

Magnet Goblin group used a new Linux variant of NerbianRAT malware

|

Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites

|

Lithuania security services warn of China's espionage against the country

|

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Threat actors breached two crucial systems of the US CISA

|

CISA adds JetBrains TeamCity bug to its Known Exploited Vulnerabilities catalog

|

Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices

|

QNAP fixed three flaws in its NAS devices, including an authentication bypass

|

Russia-linked Midnight Blizzard breached Microsoft systems again

|

Cisco addressed severe flaws in its Secure Client

|

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

|

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023

|

National intelligence agency of Moldova warns of Russia attacks ahead of the presidential election

|

CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog

|

Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers

|

CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

|

Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks

|

LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage

|

Apple emergency security updates fix two new iOS zero-days

|

VMware urgent updates addressed Critical ESXi Sandbox Escape bugs

|

US Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacks

|

CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

|

Experts disclosed two severe flaws in JetBrains TeamCity On-Premises software

|

Ukraine's GUR hacked the Russian Ministry of Defense

|

Some American Express customers' data exposed in a third-party data breach

|

META hit with privacy complaints by EU consumer groups

|

New GTPDOOR backdoor is designed to target telecom carrier networks

|

Threat actors hacked Taiwan-based Chunghwa Telecom

|

New Linux variant of BIFROSE RAT uses deceptive domain strategies

|

Eken camera doorbells allow ill-intentioned individuals to spy on you

|

Security Affairs newsletter Round 461 by Pierluigi Paganini – INTERNATIONAL EDITION

|

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

|

U.S. authorities charged an Iranian national for long-running hacking campaign

|

US cyber and law enforcement agencies warn of Phobos ransomware attacks

|

Police seized Crimemarket, the largest German-speaking cybercrime marketplace

|

Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws

|

Crooks stole €15 Million from European retail company Pepco

|

CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog

|

Researchers found a zero-click Facebook account takeover

|

New SPIKEDWINE APT group is targeting officials in Europe

|

Is the LockBit gang resuming its operation?

|

Lazarus APT exploited zero-day in Windows driver to gain kernel privileges

|

Pharmaceutical giant Cencora discloses a data breach

|

Unmasking 2024's Email Security Landscape

|

FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector

|

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

|

Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs

|

XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk

|

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

|

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

|

New Redis miner Migo uses novel system weakening techniques

|

Critical flaw found in deprecated VMware EAP. Uninstall it immediately

|

Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers

|

ConnectWise fixed critical flaws in ScreenConnect remote access tool

|

More details about Operation Cronos that disrupted Lockbit operation

|

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

|

Operation Cronos: law enforcement disrupted the LockBit operation

|

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

|

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

|

How BRICS Got "Rug Pulled" – Cryptocurrency Counterfeiting is on the Rise

|

SolarWinds addressed critical RCEs in Access Rights Manager (ARM)

|

ESET fixed high-severity local privilege escalation bug in Windows products

|

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

|

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

|

CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog

|

US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders

|

U.S. CISA: hackers breached a state government organization

|

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

|

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

|

A cyberattack halted operations at Varta production plants

|

North Korea-linked actors breached the emails of a Presidential Office member

|

CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog

|

Nation-state actors are using AI services and LLMs for cyberattacks

|

Abusing the Ubuntu 'command-not-found' utility to install malicious packages

|

Zoom fixed critical flaw CVE-2024-24691 in Windows software

|

Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader

|

Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days

|

A ransomware attack took 100 Romanian hospitals down

|

Bank of America customer data compromised after a third-party services provider data breach

|

Ransomfeed - Third Quarter Report 2023 is out!

|

Global Malicious Activity Targeting Elections is Skyrocketing

|

Researchers released a free decryption tool for the Rhysida Ransomware

|

Residential Proxies vs. Datacenter Proxies: Choosing the Right Option

|

CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog

|

Canada Gov plans to ban the Flipper Zero to curb car thefts

|

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

|

US Feds arrested two men involved in the Warzone RAT operation

|

Raspberry Robin spotted using two new 1-day LPE exploits

|

Security Affairs newsletter Round 458 by Pierluigi Paganini – INTERNATIONAL EDITION

|

CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog

|

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

|

Exploiting a vulnerable Minifilter Driver to create a process killer

|

Black Basta ransomware gang hacked Hyundai Motor Europe

|

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

|

Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices

|

26 Cyber Security Stats Every User Should Be Aware Of in 2024

|

US offers $10 million reward for info on Hive ransomware group leaders

|

Unraveling the truth behind the DDoS attack from electric toothbrushes

|

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

|

Cisco fixes critical Expressway Series CSRF vulnerabilities

|

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

|

Fortinet addressed two critical FortiSIEM vulnerabilities

|

Experts warn of a critical bug in JetBrains TeamCity On-Premises

|

Critical shim bug impacts every Linux boot loader signed in the past decade

|

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

|

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

|

Google fixed an Android critical remote code execution flaw

|

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

|

U.S. Gov imposes visa restrictions on individuals misusing Commercial Spyware

|

HPE is investigating claims of a new security breach

|

Experts warn of a surge of attacks targeting Ivanti SSRF flaw

|

How to hack the Airbus NAVBLUE Flysmart+ Manager

|

Crooks stole $25.5 million from a multinational firm using a 'deepfake' video call

|

Software firm AnyDesk disclosed a security breach

|

The 'Mother of all Breaches': Navigating the Aftermath and Fortifying Your Data with DSPM

|

US government imposed sanctions on six Iranian intel officials

|

A cyberattack impacted operations at Lurie Children's Hospital

|

AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web

|

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Clorox estimates the costs of the August cyberattack will exceed $49 Million

|

Mastodon fixed a flaw that can allow the takeover of any account

|

Iranian hackers breached Albania’s Institute of Statistics (INSTAT)

|

Operation Synergia led to the arrest of 31 individuals

|

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

|

Cloudflare breached on Thanksgiving Day, but the attack was promptly contained

|

PurpleFox malware infected at least 2,000 computers in Ukraine

|

Man sentenced to six years in prison for stealing millions in cryptocurrency via SIM swapping

|

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

|

Multiple malware used in attacks exploiting Ivanti VPN flaws

|

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

|

Crooks stole around $112 million worth of XRP from Ripple’s co-founder

|

CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

|

Ivanti warns of a new actively exploited zero-day

|

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

|

Data leak at fintech giant Direct Trading Technologies

|

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

|

Italian data protection authority said that ChatGPT violated EU privacy laws

|

750 million Indian mobile subscribers' data offered for sale on dark web

|

Juniper Networks released out-of-band updates to fix high-severity flaws

|

Hundreds of network operators’ credentials found circulating in Dark Web

|

Cactus ransomware gang claims the Schneider Electric hack

|

Mercedes-Benz accidentally exposed sensitive data, including source code

|

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

|

NSA buys internet browsing records from data brokers without a warrant

|

Ukraine’s SBU arrested a member of Pro-Russia hackers group 'Cyber Army of Russia'

|

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

|

Medusa ransomware attack hit Kansas City Area Transportation Authority

|

Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center

|

Participants earned more than $1.3M at the Pwn2Own Automotive competition

|

A TrickBot malware developer sentenced to 64 months in prison

|

Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns

|

Watch out, experts warn of a critical flaw in Jenkins

|

Pwn2Own Automotive 2024 Day 2 - Tesla hacked again

|

Yearly Intel Trend Review: The 2023 RedSense report

|

Cisco warns of a critical bug in Unified Communications products, patch it now!

|

Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)

|

CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog

|

5379 GitLab servers vulnerable to zero-click account takeover attacks

|

Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204

|

Splunk fixed high-severity flaw impacting Windows versions

|

Watch out, a new critical flaw affects Fortra GoAnywhere MFT

|

Australian government announced sanctions for Medibank hacker

|

LoanDepot data breach impacted roughly 16.6 individuals

|

Black Basta gang claims the hack of the UK water utility Southern Water

|

CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog

|

Mother of all breaches - a historic data leak reveals 26 billion records: check what's exposed

|

Apple fixed actively exploited zero-day CVE-2024-23222

|

“My Slice”, an Italian adaptive phishing campaign

|

Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell

|

Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web

|

Backdoored pirated applications targets Apple macOS users

|

LockBit ransomware gang claims the attack on the sandwich chain Subway

|

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Admin of the BreachForums hacking forum sentenced to 20 years supervised release

|

VF Corp December data breach impacts 35 million customers

|

China-linked APT UNC3886 exploits VMware zero-day since 2021

|

Ransomware attacks break records in 2023: the number of victims rose by 128%

|

U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082

|

The Quantum Computing Cryptopocalypse – I’ll Know It When I See It

|

Kansas State University suffered a serious cybersecurity incident

|

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

|

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

|

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

|

iShutdown lightweight method allows to discover spyware infections on iPhones

|

Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

|

Github rotated credentials after the discovery of a vulnerability

|

FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation

|

Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

|

Google fixed the first actively exploited Chrome zero-day of 2024

|

Atlassian fixed critical RCE in older Confluence versions

|

VMware fixed a critical flaw in Aria Automation. Patch it now!

|

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

|

Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

|

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

|

Phemedrone info stealer campaign exploits Windows smartScreen bypass

|

Balada Injector continues to infect thousands of WordPress sites

|

Attackers target Apache Hadoop and Flink to deliver cryptominers

|

Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic

|

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

|

GitLab fixed a critical zero-click account hijacking flaw

|

Juniper Networks fixed a critical RCE bug in its firewalls and switches

|

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

|

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

|

Team Liquid’s wiki leak exposes 118K users

|

CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog

|

Two zero-day bugs in Ivanti Connect Secure actively exploited

|

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

|

Cisco fixed critical Unity Connection vulnerability CVE-2024-20272

|

ShinyHunters member sentenced to three years in prison

|

HMG Healthcare disclosed a data breach

|

Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval

|

Decryptor for Tortilla variant of Babuk ransomware released

|

Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws

|

CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog

|

Syrian group Anonymous Arabic distributes stealthy malware Silver RAT

|

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

|

DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace

|

Long-existing Bandook RAT targets Windows machines

|

A cyber attack hit the Beirut International Airport

|

Iranian crypto exchange Bit24.cash leaks user passports and IDs

|

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

|

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

|

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

|

The source code of Zeppelin Ransomware sold on a hacking forum

|

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

|

Ivanti fixed a critical EPM flaw that can result in remote code execution

|

MyEstatePoint Property Search Android app leaks user passwords

|

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

|

HealthEC data breach impacted more than 4.5 Million people

|

Experts found 3 malicious packages hiding crypto miners in PyPi repository

|

Crooks hacked Mandiant X account to push cryptocurrency scam

|

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

|

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

|

Don’t trust links with known domains: BMW affected by redirect vulnerability

|

Hackers stole more than $81 million worth of crypto assets from Orbit Chain

|

Ukraine’s SBU said that Russia's intelligence hacked surveillance cameras to direct a missile strike on Kyiv

|

Experts warn of JinxLoader loader used to spread Formbook and XLoader

|

Terrapin attack allows to downgrade SSH protocol security

|

Multiple organizations in Iran were breached by a mysterious hacker

|

Top 2023 Security Affairs cybersecurity stories

|

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

|

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

|

Google agreed to settle a $5 billion privacy lawsuit

|

Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION

|

INC RANSOM ransomware gang claims to have breached Xerox Corp

|

Spotify music converter TuneFab puts users at risk

|

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania

|

Russia-linked APT28 used new malware in a recent phishing campaign

|

Clash of Clans gamers at risk while using third-party app

|

New Version of Meduza Stealer Released in Dark Web

|

Operation Triangulation attacks relied on an undocumented hardware feature

|

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

|

Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network

|

Experts warn of critical Zero-Day in Apache OfBiz

|

Xamalicious Android malware distributed through the Play Store

|

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

|

Elections 2024, artificial intelligence could upset world balances

|

Experts analyzed attacks against poorly managed Linux SSH servers

|

A cyberattack hit Australian healthcare provider St Vincent’s Health Australia

|

Rhysida ransomware group hacked Abdali Hospital in Jordan

|

Carbanak malware returned in ransomware attacks

|

Resecurity Released a 2024 Cyber Threat Landscape Forecast

|

APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw

|

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

|

Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Europol and ENISA spotted 443 e-stores compromised with digital skimming

|

Video game giant Ubisoft investigates reports of a data breach

|

LockBit ransomware gang claims to have breached accountancy firm Xeinadin

|

Mobile virtual network operator Mint Mobile discloses a data breach

|

Akira ransomware gang claims the theft of sensitive data from Nissan Australia

|

Member of Lapsus$ gang sentenced to an indefinite hospital order

|

Real estate agency exposes details of 690k customers

|

ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products

|

Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

|

Data leak exposes users of car-sharing service Blink Mobility

|

Google addressed a new actively exploited Chrome zero-day

|

German police seized the dark web marketplace Kingdom Market

|

Law enforcement Operation HAECHI IV led to the seizure of $300 Million

|

Sophisticated JaskaGO info stealer targets macOS and Windows

|

BMW dealer at risk of takeover by cybercriminals

|

Comcast’s Xfinity customer data exposed after CitrixBleed attack

|

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

|

Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season

|

The ransomware attack on Westpole is disrupting digital services for Italian public administration

|

Info stealers and how to protect against them

|

Pro-Israel Predatory Sparrow hacker group disrupted services at around 70% of Iran’s fuel stations

|

Qakbot is back and targets the Hospitality industry

|

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

|

MongoDB investigates a cyberattack, customer data exposed

|

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

|

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

|

New NKAbuse malware abuses NKN decentralized P2P network protocol

|

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

|

Multiple flaws in pfSense firewall can lead to arbitrary code execution

|

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

|

Data of over a million users of the crypto exchange GokuMarket exposed

|

Idaho National Laboratory data breach impacted 45,047 individuals

|

Ubiquiti users claim to have access to other people’s devices

|

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

|

Microsoft seized the US infrastructure of the Storm-1152 cybercrime group

|

French authorities arrested a Russian national for his role in the Hive ransomware operation

|

China-linked APT Volt Typhoon linked to KV-Botnet

|

UK Home Office is ignoring the risk of 'catastrophic ransomware attacks,' report warns

|

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

|

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

|

December 2023 Microsoft Patch Tuesday fixed 4 critical flaws

|

Ukrainian military intelligence service hacked the Russian Federal Taxation Service

|

Kyivstar, Ukraine's largest mobile carrier brought down by a cyber attack

|

Dubai’s largest taxi app exposes 220K+ users

|

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

|

Apple released iOS 17.2 to address a dozen of security flaws

|

Toyota Financial Services discloses a data breach

|

Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2

|

CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

|

CISA and ENISA signed a Working Arrangement to enhance cooperation

|

Researcher discovered a new lock screen bypass bug for Android 14 and 13

|

WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw

|

Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Hacktivists hacked an Irish water utility and interrupted the water supply

|

5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips

|

Norton Healthcare disclosed a data breach after a ransomware attack

|

Bypassing major EDRs using Pool Party process injection techniques

|

Founder of Bitzlato exchange has pleaded for unlicensed money transmitting

|

Android barcode scanner app exposes user passwords

|

UK and US expose Russia Callisto Group's activity and sanction members

|

A cyber attack hit Nissan Oceania

|

New Krasue Linux RAT targets telecom companies in Thailand

|

Atlassian addressed four new RCE flaws in its products

|

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

|

Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

|

GST Invoice Billing Inventory exposes sensitive data to threat actors

|

Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw

|

ENISA published the ENISA Threat Landscape for DoS Attacks Report

|

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

|

Google fixed critical zero-click RCE in Android

|

New P2PInfect bot targets routers and IoT devices

|

Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

|

LockBit on a Roll - ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

|

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

|

New Agent Raccoon malware targets the Middle East, Africa and the US

|

Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Researchers devised an attack technique to extract ChatGPT training data

|

Fortune-telling website WeMystic exposes 13M+ user records

|

Expert warns of Turtle macOS ransomware

|

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

|

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

|

Apple addressed 2 new iOS zero-day vulnerabilities

|

Critical Zoom Room bug allowed to gain access to Zoom Tenants

|

Rhysida ransomware group hacked King Edward VII’s Hospital in London

|

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

|

Okta reveals additional attackers' activities in October 2023 Breach

|

Thousands of secrets lurk in app images on Docker Hub

|

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

|

International police operation dismantled a prominent Ukraine-based Ransomware group

|

Daixin Team group claimed the hack of North Texas Municipal Water District

|

Healthcare provider Ardent Health Services disclosed a ransomware attack

|

Ukraine's intelligence service hacked Russia's Federal Air Transport Agency, Rosaviatsia

|

Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania

|

The hack of MSP provider CTS potentially impacted hundreds of UK law firms

|

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Rhysida ransomware gang claimed China Energy hack

|

North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

|

Hamas-linked APT uses Rust-based SysJoker backdoor against Israel

|

App used by hundreds of schools leaking children's data

|

Microsoft launched its new Microsoft Defender Bounty Program

|

Exposed Kubernetes configuration secrets can fuel supply chain attacks

|

North Korea-linked Konni APT uses Russian-language weaponized documents

|

ClearFake campaign spreads macOS AMOS information stealer

|

Welltok data breach impacted 8.5 million patients in the U.S.

|

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

|

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

|

New InfectedSlurs Mirai-based botnet exploits two zero-days

|

SiegedSec hacktivist group hacked Idaho National Laboratory (INL)

|

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

|

Citrix provides additional measures to address Citrix Bleed

|

Tor Project removed several relays associated with a suspicious cryptocurrency scheme

|

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

|

The Top 5 Reasons to Use an API Management Platform

|

Canadian government impacted by data breaches of two of its contractors

|

Rhysida ransomware gang is auctioning data stolen from the British Library

|

Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies

|

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

|

US teenager pleads guilty to his role in credential stuffing attack on a betting site

|

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

|

8Base ransomware operators use a new variant of the Phobos ransomware

|

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

|

The board of directors of OpenAI fired Sam Altman

|

Medusa ransomware gang claims the hack of Toyota Financial Services

|

CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog

|

Zimbra zero-day exploited to steal government emails by four groups

|

Vietnam Post exposes 1.2TB of data, including email addresses

|

Samsung suffered a new data breach

|

FBI and CISA warn of attacks by Rhysida ransomware gang

|

Critical flaw fixed in SAP Business One product

|

Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

|

Gamblers’ data compromised after casino giant Strendus fails to set password

|

VMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director Appliance

|

Danish critical infrastructure hit by the largest cyber attack in Denmark's history

|

Major Australian ports blocked after a cyber attack on DP World

|

Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024

|

CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog

|

LockBit ransomware gang leaked data stolen from Boeing

|

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

|

The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital

|

The State of Maine disclosed a data breach that impacted 1.3M people

|

Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

|

Serbian pleads guilty to running ‘Monopoly’ dark web drug market

|

McLaren Health Care revealed that a data breach impacted 2.2 million people

|

After ChatGPT, Anonymous Sudan took down the Cloudflare website

|

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

|

SysAid zero-day exploited by Clop ransomware group

|

Dolly.com pays ransom, attackers release data anyway

|

DDoS attack leads to significant disruption in ChatGPT services

|

Russian Sandworm disrupts power in Ukraine with a new OT attack

|

Veeam fixed multiple flaws in Veeam ONE, including critical issues

|

Pro-Palestinian hackers group 'Soldiers of Solomon' disrupted the production cycle of the biggest flour production plant in Israel

|

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

|

Critical Confluence flaw exploited in ransomware attacks

|

QNAP fixed two critical vulnerabilities in QTS OS and apps

|

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

|

Socks5Systemz proxy service delivered via PrivateLoader and Amadey

|

US govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actors

|

Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

|

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

|

ZDI discloses four zero-day flaws in Microsoft Exchange

|

Okta customer support system breach impacted 134 customers

|

Multiple WhatsApp mods spotted containing the CanesSpy Spyware

|

Russian FSB arrested Russian hackers who supported Ukrainian cyber operations

|

MuddyWater has been spotted targeting two Israeli entities

|

Clop group obtained access to the email addresses of about 632,000 US federal employees

|

Okta discloses a new data breach after a third-party vendor was hacked

|

Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware

|

Boeing confirmed its services division suffered a cyberattack

|

Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India

|

Who is behind the Mozi Botnet kill switch?

|

CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog

|

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

|

Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper

|

British Library suffers major outage due to cyberattack

|

Critical Atlassian Confluence flaw can lead to significant data loss

|

WiHD leak exposes details of all torrent users

|

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

|

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

|

Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency

|

Wiki-Slack attack allows redirecting business professionals to malicious websites

|

HackerOne awarded over $300 million bug hunters

|

StripedFly, a complex malware that infected one million devices without being noticed

|

IT Army of Ukraine disrupted internet providers in territories occupied by Russia

|

Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023

|

Lockbit ransomware gang claims to have stolen data from Boeing

|

How to Collect Market Intelligence with Residential Proxies?

|

F5 urges to address a critical flaw in BIG-IP

|

Hello Alfred app exposes user data

|

iLeakage attack exploits Safari to steal data from Apple devices

|

Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps

|

Seiko confirmed a data breach after BlackCat attack

|

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

|

Pwn2Own Toronto 2023 Day 1 - organizers awarded $438,750 in prizes

|

VMware addressed critical vCenter flaw also for End-of-Life products

|

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

|

New England Biolabs leak sensitive data

|

Former NSA employee pleads guilty to attempted selling classified documents to Russia

|

Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!

|

How did the Okta Support breach impact 1Password?

|

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

|

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

|

CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

|

Cisco warns of a second IOS XE zero-day used to infect devices worldwide

|

City of Philadelphia suffers a data breach

|

SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

|

Don't use AI-based apps, Philippine defense ordered its personnel

|

Vietnamese threat actors linked to DarkGate malware campaign

|

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

|

The attack on the International Criminal Court was targeted and sophisticated

|

Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION

|

A threat actor is selling access to Facebook and Instagram's Police Portal

|

Threat actors breached Okta support system and stole customers' data

|

US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide

|

Alleged developer of the Ragnar Locker ransomware was arrested

|

CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

|

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

|

Law enforcement operation seized Ragnar Locker group's infrastructure

|

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

|

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

|

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

|

Californian IT company DNA Micro leaks private mobile phone data

|

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

|

A flaw in Synology DiskStation Manager allows admin account takeover

|

D-Link confirms data breach, but downplayed the impact

|

CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems

|

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

|

Ransomware realities in 2023: one employee mistake can cost a company millions

|

Malware-laced 'RedAlert - Rocket Alerts' app targets Israeli users

|

Cisco warns of active exploitation of IOS XE zero-day

|

Signal denies claims of an alleged zero-day flaw in its platform

|

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

|

DarkGate malware campaign abuses Skype and Teams

|

The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital

|

Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION

|

Lockbit ransomware gang demanded an 80 million ransom to CDW

|

CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks

|

Stayin' Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

|

FBI and CISA published a new advisory on AvosLocker ransomware

|

More than 17,000 WordPress websites infected with the Balada Injector in September

|

Ransomlooker, a new tool to track and analyze ransomware groups' activities

|

Phishing, the campaigns that are targeting Italy

|

A new Magecart campaign hides the malicious code in 404 error page

|

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

|

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

|

Air Europa data breach exposed customers' credit cards

|

#OpIsrael, #FreePalestine & #OpSaudiArabia - How Cyber Actors Capitalize On War Actions Via Psy-Ops

|

Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws

|

New 'HTTP/2 Rapid Reset' technique behind record-breaking DDoS attacks

|

Exposed security cameras in Israel and Palestine pose significant risks

|

A flaw in libcue library impacts GNOME Linux systems

|

Hacktivists in Palestine and Israel after SCADA and other industrial control systems

|

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

|

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

|

Gaza-linked hackers and Pro-Russia groups are targeting Israel

|

Flagstar Bank suffered a data breach once again

|

Android devices shipped with backdoored firmware as part of the BADBOX network

|

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

|

North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime

|

QakBot threat actors are still operational after the August takedown

|

Ransomware attack on MGM Resorts costs $110 Million

|

Cybersecurity, why a hotline number could be important?

|

Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables

|

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

|

Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege

|

CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog

|

NATO is investigating a new cyber attack claimed by the SiegedSec group

|

Global CRM Provider Exposed Millions of Clients’ Files Online

|

Sony sent data breach notifications to about 6,800 individuals

|

Apple fixed the 17th zero-day flaw exploited in attacks

|

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

|

A cyberattack disrupted Lyca Mobile services

|

Chipmaker Qualcomm warns of three actively exploited zero-days

|

DRM Report Q2 2023 - Ransomware threat landscape

|

Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform

|

San Francisco’s transport agency exposes drivers’ parking permits and addresses

|

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

|

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

|

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

|

European Telecommunications Standards Institute (ETSI) suffered a data breach

|

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

|

National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers

|

North Korea-linked Lazarus targeted a Spanish aerospace company

|

Ransomware attack on Johnson Controls may have exposed sensitive DHS data

|

BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care

|

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

|

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

|

FBI warns of dual ransomware attacks

|

Progress Software fixed two critical severity flaws in WS_FTP Server

|

Child abuse site taken down, organized child exploitation crime suspected – exclusive

|

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

|

Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

|

Misconfigured WBSC server leaks thousands of passports

|

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

|

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

|

Dark Angels Team ransomware group hit Johnson Controls

|

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

|

Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices

|

China-linked APT BlackTech was spotted hiding in Cisco router firmware

|

Watch out! CVE-2023-5129 in libwebp library affects millions applications

|

DarkBeam leaks billions of email and password combinations

|

'Ransomed.vc' in the Spotlight - What is Known About the Ransomware Group Targeting Sony and NTT Docomo

|

Top 5 Problems Solved by Data Lineage

|

Threat actors claim the hack of Sony, and the company investigates

|

Canadian Flair Airlines left user data leaking for months

|

The Rhysida ransomware group hit the Kuwait Ministry of Finance

|

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

|

Xenomorph malware is back after months of hiatus and expands the list of targets

|

Smishing Triad Stretches Its Tentacles into the United Arab Emirates

|

Crooks stole $200 million worth of assets from Mixin Network

|

A phishing campaign targets Ukrainian military entities with drone manual lures

|

Alert! Patch your TeamCity instance to avoid server hack

|

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

|

Nigerian National pleads guilty to participating in a millionaire BEC scheme

|

New variant of BBTok Trojan targets users of +40 banks in LATAM

|

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

|

Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

|

Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

|

National Student Clearinghouse data breach impacted approximately 900 US schools

|

Government of Bermuda blames Russian threat actors for the cyber attack

|

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

|

CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog

|

Information of Air Canada employees exposed in recent cyberattack

|

Sandman APT targets telcos with LuaDream backdoor

|

Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws

|

Ukrainian hackers are behind the Free Download Manager supply chain attack

|

Space and defense tech maker Exail Technologies exposes database access

|

Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions

|

Experts found critical flaws in Nagios XI network monitoring software

|

The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs

|

International Criminal Court hit with a cyber attack

|

GitLab addressed critical vulnerability CVE-2023-5009

|

Trend Micro addresses actively exploited zero-day in Apex One and other security Products

|

ShroudedSnooper threat actors target telecom companies in the Middle East

|

Recent cyber attack is causing Clorox products shortage

|

Earth Lusca expands its arsenal with SprySOCKS Linux malware

|

Microsoft AI research division accidentally exposed 38TB of sensitive data

|

German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals

|

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

|

FBI hacker USDoD leaks highly sensitive TransUnion data

|

North Korea's Lazarus APT stole almost $240 million in crypto assets since June

|

Clop gang stolen data from major North Carolina hospitals

|

CardX released a data leak notification impacting their customers in Thailand

|

Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition

|

TikTok fined €345M by Irish DPC for violating children’s privacy

|

Dariy Pankov, the NLBrute malware author, pleads guilty

|

Dangerous permissions detected in top Android health apps

|

Caesars Entertainment paid a ransom to avoid stolen data leaks

|

Free Download Manager backdoored to serve Linux malware for more than 3 years

|

Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York

|

The iPhone of a Russian journalist was infected with the Pegasus spyware

|

Kubernetes flaws could lead to remote code execution on Windows endpoints

|

Threat actor leaks sensitive data belonging to Airbus

|

A new ransomware family called 3AM appears in the threat landscape

|

Redfly group infiltrated an Asian national grid as long as six months

|

Mozilla fixed a critical zero-day in Firefox and Thunderbird

|

Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws

|

Save the Children confirms it was hit by cyber attack

|

Adobe fixed actively exploited zero-day in Acrobat and Reader

|

A new Repojacking attack exposed over 4,000 GitHub repositories to hack

|

MGM Resorts hit by a cyber attack

|

Anonymous Sudan launched a DDoS attack against Telegram

|

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

|

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

|

CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog

|

UK and US sanctioned 11 members of the Russia-based TrickBot gang

|

New HijackLoader malware is rapidly growing in popularity in the cybercrime community

|

Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable

|

Evil Telegram campaign: Trojanized Telegram apps found on Google Play

|

Rhysida Ransomware gang claims to have hacked three more US hospitals

|

Akamai prevented the largest DDoS attack on a US financial company

|

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

|

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog

|

Ragnar Locker gang leaks data stolen from the Israel's Mayanei Hayeshua hospital

|

North Korea-linked threat actors target cybersecurity experts with a zero-day

|

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

|

Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

|

Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs

|

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

|

Two flaws in Apache SuperSet allow to remotely hack servers

|

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

|

Google addressed an actively exploited zero-day in Android

|

A zero-day in Atlas VPN Linux Client leaks users' IP address

|

MITRE and CISA release Caldera for OT attack emulation

|

ASUS routers are affected by three critical remote code execution flaws

|

Hackers stole $41M worth of crypto assets from crypto gambling firm Stake

|

Freecycle data breach impacted 7 Million users

|

Meta disrupted two influence campaigns from China and Russia

|

A massive DDoS attack took down the site of the German financial agency BaFin

|

"Smishing Triad" Targeted USPS and US Citizens for Data Theft

|

University of Sydney suffered a security breach caused by a third-party service provider

|

Cybercrime will cost Germany $224 billion in 2023

|

PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks

|

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

|

LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)

|

UNRAVELING EternalBlue: inside the WannaCry’s enabler

|

Researchers released a free decryptor for the Key Group ransomware

|

Fashion retailer Forever 21 data breach impacted +500,000 individuals

|

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

|

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

|

Paramount Global disclosed a data breach

|

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

|

Abusing Windows Container Isolation Framework to avoid detection by security products

|

Critical RCE flaw impacts VMware Aria Operations Networks

|

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

|

Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months

|

FIN8-linked actor targets Citrix NetScaler systems

|

Japan's JPCERT warns of new 'MalDoc in PDF' attack technique

|

Attackers can discover IP address by sending a link over the Skype mobile app

|

Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software

|

Cloud and hosting provider Leaseweb took down critical systems after a cyber attack

|

Crypto investor data exposed by a SIM swapping attack against a Kroll employee

|

China-linked Flax Typhoon APT targets Taiwan

|

Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035

|

Resecurity identified a zero-day vulnerability in Schneider Electric Accutech Manager

|

Mercury

Pierluigi Paganini April 10, 2023

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Iran-linked APT group MERCURY is behind destructive attacks on hybrid environments masquerading as a ransomware operation. The Microsoft Threat Intelligence team observed a series of destructive attacks on hybrid environments that were carried out by MuddyWater APT group (aka MERCURY). Threat actors masqueraded the attacks as a standard ransomware operation. MERCURY (aka MuddyWater, SeedWorm and TEMP.Zagros) has been active since […]

Pierluigi Paganini August 26, 2022

Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access

An Iran-linked Mercury APT group exploited the Log4Shell vulnerability in SysAid applications for initial access to the targeted organizations. The Log4Shell flaw (CVE-2021-44228) made the headlines in December after Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for the critical remote code execution zero-day vulnerability (aka Log4Shell) that affects the Apache Log4j Java-based logging library. The flaw can be exploited […]