Category: Security Affairs

Crooks stole $200 million worth of assets from Mixin Network

Crooks stole $200 million from Mixin Network, a free, lightning fast and decentralized network for transferring digital assets. Mixin Network, the Hong Kong-based crypto firm behind a free, lightning fast and decentralized network for transferring digital assets announced it has…

Alert! Patch your TeamCity instance to avoid server hack

Experts warn of a critical vulnerability in the TeamCity CI/CD server that can be exploited to take over a vulnerable server. JetBrains TeamCity is a popular and highly extensible Continuous Integration (CI) and Continuous Delivery (CD) server developed by JetBrains,…

Sandman APT targets telcos with LuaDream backdoor

A previously undocumented APT dubbed Sandman targets telecommunication service providers in the Middle East, Western Europe, and South Asia. A joint research conducted by SentinelLabs and QGroup GmbH revealed that a previously undetected APT group, dubbed Sandman, is targeting telecommunication…

Experts warn of a 600X increase in P2Pinfect traffic

The experts warn of a surge in P2PInfect botnet activity since late August 2023, they are witnessing a 600x jump between September 12 and 19, 2023. In July 2023, Palo Alto Networks Unit 42 researchers discovered a new peer-to-peer (P2P) worm called P2PInfect that targets Redis…

Experts found critical flaws in Nagios XI network monitoring software

Researchers discovered multiple vulnerabilities in the Nagios XI network and IT infrastructure monitoring and management solution. Researchers discovered four vulnerabilities (CVE-2023-40931, CVE-2023-40932, CVE-2023-40933, CVE-2023-40934) in the Nagios XI network and IT infrastructure monitoring solution that could lead to information disclosure…

International Criminal Court hit with a cyber attack

A cyberattack hit the International Criminal Court (ICC) disclosed a cyberattack this week, its systems were compromised last week. The International Criminal Court (ICC) announced that threat actors have breached its systems last week. The experts at the International Criminal…

GitLab addressed critical vulnerability CVE-2023-5009

GitLab rolled out security patches to address a critical vulnerability, tracked as CVE-2023-5009, that can be exploited to run pipelines as another user. GitLab has released security patches to address a critical vulnerability, tracked as CVE-2023-5009 (CVSS score: 9.6), that allows an…

Recent cyber attack is causing Clorox products shortage

The cyber attack that hit the cleaning products manufacturer Clorox in August is still affecting the supply of the products to customers. The Clorox Company is a multinational consumer goods company that specializes in the production and marketing of various…

FBI hacker USDoD leaks highly sensitive TransUnion data

Researchers from vx-underground reported that FBI hacker ‘USDoD‘ leaked sensitive data from consumer credit reporting agency TransUnion. TransUnion is an American consumer credit reporting agency. TransUnion collects and aggregates information on over one billion individual consumers in over thirty countries, including “200…

Clop gang stolen data from major North Carolina hospitals

Researchers at healthcare technology firm Nuance blame the Clop gang for a series of cyber thefts at major North Carolina hospitals. The Microsoft-owned healthcare technology firm Nuance revealed that the Clop extortion gang has stolen personal data on major North Carolina hospitals as…

Dangerous permissions detected in top Android health apps

Leading Android health apps expose users to avoidable threats like surveillance and identity theft, due to their risky permissions. Cybernews has the story. The Android challenge In the digital age, mobile applications have become an integral part of our lives,…

UK Greater Manchester Police disclosed a data breach

UK Greater Manchester Police (GMP) disclosed a data breach, threat actors had access to some of its employees’ personal information. UK Greater Manchester Police (GMP) announced that threat actors had access to the personal information of some of its employees…

Threat actor leaks sensitive data belonging to Airbus

The multinational aerospace corporation Airbus has launched an investigation into the recent leak of information allegedly stolen from the company. The multinational aerospace corporation Airbus announced that it is investigating a data leak after cybersecurity firm Hudson Rock reported that a hacker posted information…

Mozilla fixed a critical zero-day in Firefox and Thunderbird

Mozilla addressed a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in attacks in the wild. Mozilla rolled out security updates to address a critical zero-day vulnerability, tracked as CVE-2023-4863, in Firefox and Thunderbird that has…

Save the Children confirms it was hit by cyber attack

The international non-governmental organization (NGO) Save the Children International was recently hit with a cyberattack. The charity organization Save the Children International revealed that it was hit by a cyber attack. The company disclosed the security incident after the ransomware…

MGM Resorts hit by a cyber attack

Hospitality and entertainment company MGM Resorts was hit by a cyber attack that shut down its systems at MGM Hotels and Casinos. Hospitality and entertainment company MGM Resorts was the victim of a cyber attack, the IT infrastructure across the…

Anonymous Sudan launched a DDoS attack against Telegram

Anonymous Sudan launched a DDoS attack against Telegram after the company suspended the account of the group. The hacker collective Anonymous Sudan (aka Storm-1359) has launched a distributed denial-of-service (DDoS) attack against Telegram in retaliation for the suspension of their…

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

Google rolled out emergency security updates to address a new Chrome zero-day (CVE-2023-4863) actively exploited in the wild. Google rolled out emergency security updates to address a zero-day vulnerability that has been actively exploited in attacks in the wild since…

Akamai prevented the largest DDoS attack on a US financial company

Akamai announced it has mitigated the largest distributed denial-of-service (DDoS) attack on a U.S. financial company. Cybersecurity firm Akamai successfully identified and prevented a massive distributed denial-of-service (DDoS) attack targeting an unnamed, leading American financial institution. The attack took place last…

Two flaws in Apache SuperSet allow to remotely hack servers

A couple of security vulnerabilities in Apache SuperSet could be exploited by an attacker to gain remote code execution on vulnerable systems. Apache Superset is an open-source Data Visualization and Data Exploration Platform, it is written in Python and based on the…

Google addressed an actively exploited zero-day in Android

Google released September 2023 Android security updates to address multiple flaws, including an actively exploited zero-day. Google released September 2023 Android security updates that address tens of vulnerabilities, including a zero-day flaw tracked as CVE-2023-35674 that was actively exploited in…

MITRE and CISA release Caldera for OT attack emulation

MITRE and CISA released a Caldera extension for OT that allows the emulation of attacks on operational technology systems. MITRE Caldera is an open-source adversary emulation platform that helps cybersecurity practitioners to automate security assessments. The tool is built on…

Freecycle data breach impacted 7 Million users

The nonprofit organization Freecycle Network (Freecycle.org) confirmed that it has suffered a data breach that impacted more than 7 million users. The Freecycle Network (TFN,) is a private, nonprofit organization that coordinates a worldwide network of “gifting” groups to divert…

X will collect biometric data from its premium users

The social media site X announced that it will collect premium users’ biometric data for security and identification purposes. The social media platform X (formerly known as Twitter) has updated its privacy policy informing its premium users that the company…

Cybercrime will cost Germany $224 billion in 2023

Cybercrime will cost Germany 206 billion euros ($224 billion) in 2023, German digital association Bitkom told Reuters. According to the German digital association Bitkom, cybercrime will have a worrisome impact on the economy of the state in 2023. Bitkom estimated…