0

Security Affairs newsletter Round 452 by Pierluigi Paganini | #ransomware | #cybercrime


Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

INC RANSOM ransomware gang claims to have breached Xerox Corp

 | 

Spotify music converter TuneFab puts users at risk

 | 

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania

 | 

Russia-linked APT28 used new malware in a recent phishing campaign

 | 

Clash of Clans gamers at risk while using third-party app

 | 

New Version of Meduza Stealer Released in Dark Web

 | 

Operation Triangulation attacks relied on an undocumented hardware feature

 | 

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

 | 

Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network

 | 

Experts warn of critical Zero-Day in Apache OfBiz

 | 

Xamalicious Android malware distributed through the Play Store

 | 

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

 | 

Elections 2024, artificial intelligence could upset world balances

 | 

Experts analyzed attacks against poorly managed Linux SSH servers

 | 

A cyberattack hit Australian healthcare provider St Vincent’s Health Australia

 | 

Rhysida ransomware group hacked Abdali Hospital in Jordan

 | 

Carbanak malware returned in ransomware attacks

 | 

Resecurity Released a 2024 Cyber Threat Landscape Forecast

 | 

APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw

 | 

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

 | 

Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Europol and ENISA spotted 443 e-stores compromised with digital skimming

 | 

Video game giant Ubisoft investigates reports of a data breach

 | 

LockBit ransomware gang claims to have breached accountancy firm Xeinadin

 | 

Mobile virtual network operator Mint Mobile discloses a data breach

 | 

Akira ransomware gang claims the theft of sensitive data from Nissan Australia

 | 

Member of Lapsus$ gang sentenced to an indefinite hospital order

 | 

Real estate agency exposes details of 690k customers

 | 

ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products

 | 

Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

 | 

Data leak exposes users of car-sharing service Blink Mobility

 | 

Google addressed a new actively exploited Chrome zero-day

 | 

German police seized the dark web marketplace Kingdom Market

 | 

Law enforcement Operation HAECHI IV led to the seizure of $300 Million

 | 

Sophisticated JaskaGO info stealer targets macOS and Windows

 | 

BMW dealer at risk of takeover by cybercriminals

 | 

Comcast’s Xfinity customer data exposed after CitrixBleed attack

 | 

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

 | 

Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season

 | 

The ransomware attack on Westpole is disrupting digital services for Italian public administration

 | 

Info stealers and how to protect against them

 | 

Pro-Israel Predatory Sparrow hacker group disrupted services at around 70% of Iran’s fuel stations

 | 

Qakbot is back and targets the Hospitality industry

 | 

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

 | 

MongoDB investigates a cyberattack, customer data exposed

 | 

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

 | 

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

New NKAbuse malware abuses NKN decentralized P2P network protocol

 | 

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

 | 

Multiple flaws in pfSense firewall can lead to arbitrary code execution

 | 

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

 | 

Data of over a million users of the crypto exchange GokuMarket exposed

 | 

Idaho National Laboratory data breach impacted 45,047 individuals

 | 

Ubiquiti users claim to have access to other people’s devices

 | 

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

 | 

Microsoft seized the US infrastructure of the Storm-1152 cybercrime group

 | 

French authorities arrested a Russian national for his role in the Hive ransomware operation

 | 

China-linked APT Volt Typhoon linked to KV-Botnet

 | 

UK Home Office is ignoring the risk of ‘catastrophic ransomware attacks,’ report warns

 | 

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

 | 

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

 | 

December 2023 Microsoft Patch Tuesday fixed 4 critical flaws

 | 

Ukrainian military intelligence service hacked the Russian Federal Taxation Service

 | 

Kyivstar, Ukraine’s largest mobile carrier brought down by a cyber attack

 | 

Dubai’s largest taxi app exposes 220K+ users

 | 

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

 | 

Apple released iOS 17.2 to address a dozen of security flaws

 | 

Toyota Financial Services discloses a data breach

 | 

Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2

 | 

CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

 | 

CISA and ENISA signed a Working Arrangement to enhance cooperation

 | 

Researcher discovered a new lock screen bypass bug for Android 14 and 13

 | 

WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw

 | 

Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Hacktivists hacked an Irish water utility and interrupted the water supply

 | 

5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips

 | 

Norton Healthcare disclosed a data breach after a ransomware attack

 | 

Bypassing major EDRs using Pool Party process injection techniques

 | 

Founder of Bitzlato exchange has pleaded for unlicensed money transmitting

 | 

Android barcode scanner app exposes user passwords

 | 

UK and US expose Russia Callisto Group’s activity and sanction members

 | 

A cyber attack hit Nissan Oceania

 | 

New Krasue Linux RAT targets telecom companies in Thailand

 | 

Atlassian addressed four new RCE flaws in its products

 | 

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

 | 

Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

 | 

GST Invoice Billing Inventory exposes sensitive data to threat actors

 | 

Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw

 | 

ENISA published the ENISA Threat Landscape for DoS Attacks Report

 | 

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

 | 

Google fixed critical zero-click RCE in Android

 | 

New P2PInfect bot targets routers and IoT devices

 | 

Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

 | 

LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

 | 

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

 | 

New Agent Raccoon malware targets the Middle East, Africa and the US

 | 

Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Researchers devised an attack technique to extract ChatGPT training data

 | 

Fortune-telling website WeMystic exposes 13M+ user records

 | 

Expert warns of Turtle macOS ransomware

 | 

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

 | 

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

 | 

Apple addressed 2 new iOS zero-day vulnerabilities

 | 

Critical Zoom Room bug allowed to gain access to Zoom Tenants

 | 

Rhysida ransomware group hacked King Edward VII’s Hospital in London

 | 

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

 | 

Okta reveals additional attackers’ activities in October 2023 Breach

 | 

Thousands of secrets lurk in app images on Docker Hub

 | 

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

 | 

International police operation dismantled a prominent Ukraine-based Ransomware group

 | 

Daixin Team group claimed the hack of North Texas Municipal Water District

 | 

Healthcare provider Ardent Health Services disclosed a ransomware attack

 | 

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

 | 

Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania

 | 

The hack of MSP provider CTS potentially impacted hundreds of UK law firms

 | 

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Rhysida ransomware gang claimed China Energy hack

 | 

North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

 | 

Hamas-linked APT uses Rust-based SysJoker backdoor against Israel

 | 

App used by hundreds of schools leaking children’s data

 | 

Microsoft launched its new Microsoft Defender Bounty Program

 | 

Exposed Kubernetes configuration secrets can fuel supply chain attacks

 | 

North Korea-linked Konni APT uses Russian-language weaponized documents

 | 

ClearFake campaign spreads macOS AMOS information stealer

 | 

Welltok data breach impacted 8.5 million patients in the U.S.

 | 

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

 | 

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

 | 

New InfectedSlurs Mirai-based botnet exploits two zero-days

 | 

SiegedSec hacktivist group hacked Idaho National Laboratory (INL)

 | 

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

 | 

Citrix provides additional measures to address Citrix Bleed

 | 

Tor Project removed several relays associated with a suspicious cryptocurrency scheme

 | 

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

 | 

The Top 5 Reasons to Use an API Management Platform

 | 

Canadian government impacted by data breaches of two of its contractors

 | 

Rhysida ransomware gang is auctioning data stolen from the British Library

 | 

Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies

 | 

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

 | 

US teenager pleads guilty to his role in credential stuffing attack on a betting site

 | 

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

8Base ransomware operators use a new variant of the Phobos ransomware

 | 

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

 | 

The board of directors of OpenAI fired Sam Altman

 | 

Medusa ransomware gang claims the hack of Toyota Financial Services

 | 

CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog

 | 

Zimbra zero-day exploited to steal government emails by four groups

 | 

Vietnam Post exposes 1.2TB of data, including email addresses

 | 

Samsung suffered a new data breach

 | 

FBI and CISA warn of attacks by Rhysida ransomware gang

 | 

Critical flaw fixed in SAP Business One product

 | 

Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

 | 

Gamblers’ data compromised after casino giant Strendus fails to set password

 | 

VMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director Appliance

 | 

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

 | 

Major Australian ports blocked after a cyber attack on DP World

 | 

Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024

 | 

CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog

 | 

LockBit ransomware gang leaked data stolen from Boeing

 | 

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

 | 

The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital

 | 

The State of Maine disclosed a data breach that impacted 1.3M people

 | 

Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

 | 

Serbian pleads guilty to running ‘Monopoly’ dark web drug market

 | 

McLaren Health Care revealed that a data breach impacted 2.2 million people

 | 

After ChatGPT, Anonymous Sudan took down the Cloudflare website

 | 

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

 | 

SysAid zero-day exploited by Clop ransomware group

 | 

Dolly.com pays ransom, attackers release data anyway

 | 

DDoS attack leads to significant disruption in ChatGPT services

 | 

Russian Sandworm disrupts power in Ukraine with a new OT attack

 | 

Veeam fixed multiple flaws in Veeam ONE, including critical issues

 | 

Pro-Palestinian hackers group ‘Soldiers of Solomon’ disrupted the production cycle of the biggest flour production plant in Israel

 | 

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

 | 

Critical Confluence flaw exploited in ransomware attacks

 | 

QNAP fixed two critical vulnerabilities in QTS OS and apps

 | 

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

 | 

Socks5Systemz proxy service delivered via PrivateLoader and Amadey

 | 

US govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actors

 | 

Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

 | 

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

 | 

ZDI discloses four zero-day flaws in Microsoft Exchange

 | 

Okta customer support system breach impacted 134 customers

 | 

Multiple WhatsApp mods spotted containing the CanesSpy Spyware

 | 

Russian FSB arrested Russian hackers who supported Ukrainian cyber operations

 | 

MuddyWater has been spotted targeting two Israeli entities

 | 

Clop group obtained access to the email addresses of about 632,000 US federal employees

 | 

Okta discloses a new data breach after a third-party vendor was hacked

 | 

Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware

 | 

Boeing confirmed its services division suffered a cyberattack

 | 

Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India

 | 

Who is behind the Mozi Botnet kill switch?

 | 

CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog

 | 

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

 | 

Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper

 | 

British Library suffers major outage due to cyberattack

 | 

Critical Atlassian Confluence flaw can lead to significant data loss

 | 

WiHD leak exposes details of all torrent users

 | 

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

 | 

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

 | 

Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency

 | 

Wiki-Slack attack allows redirecting business professionals to malicious websites

 | 

HackerOne awarded over $300 million bug hunters

 | 

StripedFly, a complex malware that infected one million devices without being noticed

 | 

IT Army of Ukraine disrupted internet providers in territories occupied by Russia

 | 

Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023

 | 

Lockbit ransomware gang claims to have stolen data from Boeing

 | 

How to Collect Market Intelligence with Residential Proxies?

 | 

F5 urges to address a critical flaw in BIG-IP

 | 

Hello Alfred app exposes user data

 | 

iLeakage attack exploits Safari to steal data from Apple devices

 | 

Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps

 | 

Seiko confirmed a data breach after BlackCat attack

 | 

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

 | 

Pwn2Own Toronto 2023 Day 1 – organizers awarded $438,750 in prizes

 | 

VMware addressed critical vCenter flaw also for End-of-Life products

 | 

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

 | 

New England Biolabs leak sensitive data

 | 

Former NSA employee pleads guilty to attempted selling classified documents to Russia

 | 

Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!

 | 

How did the Okta Support breach impact 1Password?

 | 

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

 | 

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

 | 

CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

 | 

Cisco warns of a second IOS XE zero-day used to infect devices worldwide

 | 

City of Philadelphia suffers a data breach

 | 

SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

 | 

Don’t use AI-based apps, Philippine defense ordered its personnel

 | 

Vietnamese threat actors linked to DarkGate malware campaign

 | 

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

 | 

The attack on the International Criminal Court was targeted and sophisticated

 | 

Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

A threat actor is selling access to Facebook and Instagram’s Police Portal

 | 

Threat actors breached Okta support system and stole customers’ data

 | 

US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide

 | 

Alleged developer of the Ragnar Locker ransomware was arrested

 | 

CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

 | 

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

 | 

Law enforcement operation seized Ragnar Locker group’s infrastructure

 | 

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

 | 

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

 | 

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

 | 

Californian IT company DNA Micro leaks private mobile phone data

 | 

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

 | 

A flaw in Synology DiskStation Manager allows admin account takeover

 | 

D-Link confirms data breach, but downplayed the impact

 | 

CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems

 | 

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

 | 

Ransomware realities in 2023: one employee mistake can cost a company millions

 | 

Malware-laced ‘RedAlert – Rocket Alerts’ app targets Israeli users 

 | 

Cisco warns of active exploitation of IOS XE zero-day

 | 

Signal denies claims of an alleged zero-day flaw in its platform

 | 

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

 | 

DarkGate malware campaign abuses Skype and Teams

 | 

The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital

 | 

Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Lockbit ransomware gang demanded an 80 million ransom to CDW

 | 

CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks

 | 

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

 | 

FBI and CISA published a new advisory on AvosLocker ransomware

 | 

More than 17,000 WordPress websites infected with the Balada Injector in September

 | 

Ransomlooker, a new tool to track and analyze ransomware groups’ activities

 | 

Phishing, the campaigns that are targeting Italy

 | 

A new Magecart campaign hides the malicious code in 404 error page

 | 

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

 | 

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

 | 

Air Europa data breach exposed customers’ credit cards

 | 

#OpIsrael, #FreePalestine & #OpSaudiArabia – How Cyber Actors Capitalize On War Actions Via Psy-Ops

 | 

Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws

 | 

New ‘HTTP/2 Rapid Reset’ technique behind record-breaking DDoS attacks

 | 

Exposed security cameras in Israel and Palestine pose significant risks

 | 

A flaw in libcue library impacts GNOME Linux systems

 | 

Hacktivists in Palestine and Israel after SCADA and other industrial control systems

 | 

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

 | 

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

 | 

Gaza-linked hackers and Pro-Russia groups are targeting Israel

 | 

Flagstar Bank suffered a data breach once again

 | 

Android devices shipped with backdoored firmware as part of the BADBOX network

 | 

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

 | 

North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime

 | 

QakBot threat actors are still operational after the August takedown

 | 

Ransomware attack on MGM Resorts costs $110 Million

 | 

Cybersecurity, why a hotline number could be important?

 | 

Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables

 | 

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

 | 

Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege

 | 

CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog

 | 

NATO is investigating a new cyber attack claimed by the SiegedSec group

 | 

Global CRM Provider Exposed Millions of Clients’ Files Online

 | 

Sony sent data breach notifications to about 6,800 individuals

 | 

Apple fixed the 17th zero-day flaw exploited in attacks

 | 

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

 | 

A cyberattack disrupted Lyca Mobile services

 | 

Chipmaker Qualcomm warns of three actively exploited zero-days

 | 

DRM Report Q2 2023 – Ransomware threat landscape

 | 

Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform

 | 

San Francisco’s transport agency exposes drivers’ parking permits and addresses

 | 

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

 | 

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

 | 

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

 | 

European Telecommunications Standards Institute (ETSI) suffered a data breach

 | 

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

 | 

National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers

 | 

North Korea-linked Lazarus targeted a Spanish aerospace company

 | 

Ransomware attack on Johnson Controls may have exposed sensitive DHS data

 | 

BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care

 | 

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

 | 

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

 | 

FBI warns of dual ransomware attacks

 | 

Progress Software fixed two critical severity flaws in WS_FTP Server

 | 

Child abuse site taken down, organized child exploitation crime suspected – exclusive

 | 

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

 | 

Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

 | 

Misconfigured WBSC server leaks thousands of passports

 | 

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

 | 

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

 | 

Dark Angels Team ransomware group hit Johnson Controls

 | 

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

 | 

Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices

 | 

China-linked APT BlackTech was spotted hiding in Cisco router firmware

 | 

Watch out! CVE-2023-5129 in libwebp library affects millions applications

 | 

DarkBeam leaks billions of email and password combinations

 | 

‘Ransomed.vc’ in the Spotlight – What is Known About the Ransomware Group Targeting Sony and NTT Docomo

 | 

Top 5 Problems Solved by Data Lineage

 | 

Threat actors claim the hack of Sony, and the company investigates

 | 

Canadian Flair Airlines left user data leaking for months

 | 

The Rhysida ransomware group hit the Kuwait Ministry of Finance

 | 

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

 | 

Xenomorph malware is back after months of hiatus and expands the list of targets

 | 

Smishing Triad Stretches Its Tentacles into the United Arab Emirates

 | 

Crooks stole $200 million worth of assets from Mixin Network

 | 

A phishing campaign targets Ukrainian military entities with drone manual lures

 | 

Alert! Patch your TeamCity instance to avoid server hack

 | 

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

 | 

Nigerian National pleads guilty to participating in a millionaire BEC scheme

 | 

New variant of BBTok Trojan targets users of +40 banks in LATAM

 | 

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

 | 

Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

 | 

Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

 | 

National Student Clearinghouse data breach impacted approximately 900 US schools

 | 

Government of Bermuda blames Russian threat actors for the cyber attack

 | 

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

 | 

CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog

 | 

Information of Air Canada employees exposed in recent cyberattack

 | 

Sandman APT targets telcos with LuaDream backdoor

 | 

Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws

 | 

Ukrainian hackers are behind the Free Download Manager supply chain attack

 | 

Space and defense tech maker Exail Technologies exposes database access

 | 

Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions

 | 

Experts found critical flaws in Nagios XI network monitoring software

 | 

The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs

 | 

International Criminal Court hit with a cyber attack

 | 

GitLab addressed critical vulnerability CVE-2023-5009

 | 

Trend Micro addresses actively exploited zero-day in Apex One and other security Products

 | 

ShroudedSnooper threat actors target telecom companies in the Middle East

 | 

Recent cyber attack is causing Clorox products shortage

 | 

Earth Lusca expands its arsenal with SprySOCKS Linux malware

 | 

Microsoft AI research division accidentally exposed 38TB of sensitive data

 | 

German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals

 | 

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

 | 

FBI hacker USDoD leaks highly sensitive TransUnion data

 | 

North Korea’s Lazarus APT stole almost $240 million in crypto assets since June

 | 

Clop gang stolen data from major North Carolina hospitals

 | 

CardX released a data leak notification impacting their customers in Thailand

 | 

Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition

 | 

TikTok fined €345M by Irish DPC for violating children’s privacy

 | 

Dariy Pankov, the NLBrute malware author, pleads guilty

 | 

Dangerous permissions detected in top Android health apps

 | 

Caesars Entertainment paid a ransom to avoid stolen data leaks

 | 

Free Download Manager backdoored to serve Linux malware for more than 3 years

 | 

Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York

 | 

The iPhone of a Russian journalist was infected with the Pegasus spyware

 | 

Kubernetes flaws could lead to remote code execution on Windows endpoints

 | 

Threat actor leaks sensitive data belonging to Airbus

 | 

A new ransomware family called 3AM appears in the threat landscape

 | 

Redfly group infiltrated an Asian national grid as long as six months

 | 

Mozilla fixed a critical zero-day in Firefox and Thunderbird

 | 

Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws

 | 

Save the Children confirms it was hit by cyber attack

 | 

Adobe fixed actively exploited zero-day in Acrobat and Reader

 | 

A new Repojacking attack exposed over 4,000 GitHub repositories to hack

 | 

MGM Resorts hit by a cyber attack

 | 

Anonymous Sudan launched a DDoS attack against Telegram

 | 

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

 | 

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

 | 

CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog

 | 

UK and US sanctioned 11 members of the Russia-based TrickBot gang

 | 

New HijackLoader malware is rapidly growing in popularity in the cybercrime community

 | 

Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable

 | 

Evil Telegram campaign: Trojanized Telegram apps found on Google Play

 | 

Rhysida Ransomware gang claims to have hacked three more US hospitals

 | 

Akamai prevented the largest DDoS attack on a US financial company

 | 

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

 | 

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog

 | 

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

 | 

North Korea-linked threat actors target cybersecurity experts with a zero-day

 | 

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

 | 

Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

 | 

Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs

 | 

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

 | 

Two flaws in Apache SuperSet allow to remotely hack servers

 | 

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

 | 

Google addressed an actively exploited zero-day in Android

 | 

A zero-day in Atlas VPN Linux Client leaks users’ IP address

 | 

MITRE and CISA release Caldera for OT attack emulation

 | 

ASUS routers are affected by three critical remote code execution flaws

 | 

Hackers stole $41M worth of crypto assets from crypto gambling firm Stake

 | 

Freecycle data breach impacted 7 Million users

 | 

Meta disrupted two influence campaigns from China and Russia

 | 

A massive DDoS attack took down the site of the German financial agency BaFin

 | 

“Smishing Triad” Targeted USPS and US Citizens for Data Theft

 | 

University of Sydney suffered a security breach caused by a third-party service provider

 | 

Cybercrime will cost Germany $224 billion in 2023

 | 

PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks

 | 

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

 | 

LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)

 | 

UNRAVELING EternalBlue: inside the WannaCry’s enabler

 | 

Researchers released a free decryptor for the Key Group ransomware

 | 

Fashion retailer Forever 21 data breach impacted +500,000 individuals

 | 

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

 | 

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

 | 

Paramount Global disclosed a data breach

 | 

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

 | 

Abusing Windows Container Isolation Framework to avoid detection by security products

 | 

Critical RCE flaw impacts VMware Aria Operations Networks

 | 

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

 | 

Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months

 | 

FIN8-linked actor targets Citrix NetScaler systems

 | 

Japan’s JPCERT warns of new ‘MalDoc in PDF’ attack technique

 | 

Attackers can discover IP address by sending a link over the Skype mobile app

 | 

Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software

 | 

Cloud and hosting provider Leaseweb took down critical systems after a cyber attack

 | 

Crypto investor data exposed by a SIM swapping attack against a Kroll employee

 | 

China-linked Flax Typhoon APT targets Taiwan

 | 

Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035

 | 

Resecurity identified a zero-day vulnerability in Schneider Electric Accutech Manager

 | 



Source link

National Cyber Security

FREE
VIEW