Encrypted messaging app Signal denied claims of an alleged zero-day flaw in its platform after a responsible investigation. The popular encrypted messaging app Signal denied claims of an alleged zero-day vulnerability in its platform. The company launched an investigation into…
Category: Security Affairs
Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm
Microsoft thwarted a large-scale hacking campaign carried out by Akira ransomware operators targeting an unknown industrial organization. Microsoft announced that its Microsoft Defender for Endpoint helped to block a large-scale hacking campaign carried out by Akira ransomware operators (tracked by Microsoft as…
DarkGate malware campaign abuses Skype and Teams
Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. From July to September, researchers from Trend Micro observed a malicious campaign DarkGate campaign abusing instant messaging platforms to deliver a VBA loader…
The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital
The Alphv ransomware group added the Morrison Community Hospital to its dark web leak site. Threat actors continue to target hospitals. The ALPHV/BlackCat ransomware group claims to have hacked the Morrison Community Hospital and added it to its dark web…
Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Lockbit…
Lockbit ransomware gang demanded an 80 million ransom to CDW
The Lockbit ransomware gang claims to have hacked the technology services giant CDW and threatens to leak the stolen data. The technology services giant CDW announced it has launched an investigation into claims made by the Lockbit ransomware gang that…
CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks
CISA warns organizations of vulnerabilities and misconfigurations that are known to be exploited in ransomware operations. The US cybersecurity agency CISA is sharing knowledge about vulnerabilities and misconfigurations exploited in ransomware attacks. The initiative is part of its Ransomware Vulnerability…
Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?
A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. Cybersecurity company Check Point uncovered a malicious activity, tracked as Stayin’ Alive, that is targeting high-profile government and telecom entities in Asian countries, including Vietnam, Uzbekistan, Pakistan,…
FBI and CISA published a new advisory on AvosLocker ransomware
FBI and CISA published a joint Cybersecurity Advisory (CSA) to disseminate IOCs, TTPs, and detection methods associated with AvosLocker ransomware. The joint Cybersecurity Advisory (CSA) published by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency…
More than 17,000 WordPress websites infected with the Balada Injector in September
In September more than 17,000 WordPress websites have been compromised by the Balada Injector malware. Sucuri researchers reported that more than 17,000 WordPress websites have been compromised in September with the Balada Injector. The researchers noticed that the number of Balada…
Ransomlooker, a new tool to track and analyze ransomware groups’ activities
Ransomlooker monitors ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide. Cybernews presented Ransomlooker, a tool to monitor ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide. The researchers have created the tool to help…
Apple releases iOS 16 update to fix CVE-2023-42824 on older devices
Apple released versions iOS 16.7.1 and iPadOS 16.7.1 to address the CVE-2023-42824 vulnerability that has been actively exploited in attacks. Apple has released iOS 16.7.1 and iPadOS 16.7.1 to address the recently disclosed zero-day CVE-2023-42824. The vulnerability is a privilege…
Phishing, the campaigns that are targeting Italy
This post analyzed the numerous phishing campaigns targeting users and organizations in Italy. Phishing is a ploy to trick users into revealing personal or financial information through an e-mail, Web site, and even through instant messaging. Particularly very popular is…
A new Magecart campaign hides the malicious code in 404 error page
Researchers observed a new Magecart web skimming campaign changing the websites’ default 404 error page to steal credit cards. Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the website’s default 404 error page to…
CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog
US CISA added the flaw CVE-2023-21608 in Adobe Acrobat Reader to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog, including a high-severity flaw (CVE-2023-21608) (CVSS score: 7.8) in Adobe Acrobat…
Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers
A Mirai-based DDoS botnet tracked as IZ1H9 has added thirteen new exploits to target routers from different vendors, including D-Link, Zyxel, and TP-Link. Fortinet researchers observed a new Mirai-based DDoS botnet, tracked as IZ1H9, that added thirteen new payloads to target routers from…
Air Europa data breach exposed customers’ credit cards
Airline Air Europa disclosed a data breach and warned customers to cancel their credit cards after threat actors accessed their card information. Air Europa is a Spanish airline and a subsidiary of the Globalia Corporation. It operates as a full-service…
#OpIsrael, #FreePalestine & #OpSaudiArabia – How Cyber Actors Capitalize On War Actions Via Psy-Ops
Gaza: Resecurity identified threat actors exploiting the conflict to weaponize psychological operations (PSYOPs) campaigns. Amidst the outbreak of war on the Gaza Strip last weekend, Resecurity (Los Angeles-based cybersecurity company protecting Fortune 100) has identified multiple cyber-threat actors staging online…
The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum
A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. Cybersecurity researchers 3xp0rt reported that a threat actor that goes online with the moniker ‘kapuchin0’ (and also uses the alias Gookee)…
The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum
A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. Cybersecurity researchers 3xp0rt reported that a threat actor that goes online with the moniker ‘kapuchin0’ (and also uses the alias Gookee)…
Gaza-linked hackers and Pro-Russia groups are targeting Israel
Microsoft linked a Gaza-based threat actor tracked as Storm-1133 to a series of attacks aimed at private organizations in Israel. The fourth annual Digital Defense Report published by Microsoft linked a series of attacks against organizations in Israel to a Gaza-based…
Flagstar Bank suffered a data breach once again
Flagstar Bank announced a data breach suffered by a third-party service provider exposed the personal information of over 800,000 US customers. Flagstar Bank is warning 837,390 US customers that their personal information was exposed after threat actors breached the third-party…
Android devices shipped with backdoored firmware as part of the BADBOX network
Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed…
Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. QakBot…
North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime
North Korea-linked APT group Lazarus has laundered $900 million worth of cryptocurrency, Elliptic researchers reported. Researchers from blockchain analytics firm Elliptic reported that threat actors has already laundered a record $7 billion through cross-chain crime. The term “Cross-chain crime” is…
QakBot threat actors are still operational after the August takedown
Threat actors behind the QakBot malware are still active, since August they are carrying out a phishing campaign delivering Ransom Knight ransomware and Remcos RAT. In August, the FBI announced that the Qakbot botnet was dismantled as a result of an international law enforcement…
Ransomware attack on MGM Resorts costs $110 Million
Hospitality and entertainment company MGM Resorts announced that the costs of the recent ransomware attack costs exceeded $110 million. In September the hospitality and entertainment company MGM Resorts was hit by a ransomware attack that shut down its systems at…
Cybersecurity, why a hotline number could be important?
The creation of a dedicated emergency number for cybersecurity could provide an effective solution to this rapidly growing challenge The growing threat of cybercrime is calling for new and innovative defense strategies. While the phone number for physical emergencies is…
Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables
Researchers published PoC exploits for CVE-2023-4911 vulnerability (aka Looney Tunables) impacting most popular Linux distributions. The vulnerability CVE-2023-4911 (CVSS score 7.8) is a buffer overflow issue that resides in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES…
Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!
Cisco addressed a critical Static Credentials Vulnerability, tracked as CVE-2023-20101, impacting Emergency Responder. Cisco released security updates to address a critical vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), impacting Emergency Responder. A remote, unauthenticated attacker can exploit the vulnerability to log in…
Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege
Belgian intelligence agency State Security Service (VSSE) fears that Chinese giant Alibaba is spying on logistics to gather financial intelligence. The Belgian intelligence service VSSE revealed that is investigating potential cyber espionage activities carried out by Chinese firms, including the…
A WhatsApp zero-day exploit can cost several million dollars
TechCrunch reported that a working zero-day exploit for the popular WhatsApp can be paid millions of dollars. The research of zero-day exploits for popular applications such as WhatsApp is even more complex due to the security mechanisms implemented by the…
CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog
The U.S. CISA added JetBrains TeamCity and Windows vulnerabilities to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the JetBrains TeamCity flaw CVE-2023-42793 (CVSS score: 9.8) and Windows bug CVE-2023-28229 (CVSS score: 7.0) to its Known…
NATO is investigating a new cyber attack claimed by the SiegedSec group
NATO is investigating claims that a group called SiegedSec has breached its systems and leaked a cache of unclassified documents online. NATO announced it is investigating claims that a politically motivated threat actor called SiegedSec has breached its systems and…
Global CRM Provider Exposed Millions of Clients’ Files Online
Researcher discovered that global B2B CRM provider Really Simple Systems exposed online a non-password-protected database with million records. Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained over 3 million records. The documents appeared to…
Sony sent data breach notifications to about 6,800 individuals
Sony Interactive Entertainment has notified current and former employees and their family members about a data breach. Sony Interactive Entertainment (SIE) has notified current and former employees and their family members about a data breach that exposed their personal information.…
Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks
Atlassian fixed a critical zero-day flaw in its Confluence Data Center and Server software, which has been exploited in the wild. Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10),…
Apple fixed the 17th zero-day flaw exploited in attacks
Apple released emergency security updates to address a new actively exploited zero-day vulnerability impacting iPhone and iPad devices. Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting iPhone and iPad devices.…
A cyberattack disrupted Lyca Mobile services
International mobile virtual network operator Lyca Mobile announced it has been the victim of a cyber attack that disrupted its network. Lyca Mobile is a mobile virtual network operator (MVNO) that provides prepaid mobile phone services to customers in several…
Chipmaker Qualcomm warns of three actively exploited zero-days
Chipmaker Qualcomm addressed 17 vulnerabilities in various components and warns of three other actively exploited zero-day flaws. Chipmaker Qualcomm released security updates to address 17 vulnerabilities in several components. Three out of 17 flaws are rated Critical, 13 are rated…
DRM Report Q2 2023 – Ransomware threat landscape
The DRM Report Q2 2023 report provides a detailed insight into the ransomware threat landscape during the period between May and August 2023. In an era where digitalization has woven its web into the very fabric of our lives, the…
Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform
Threat actors exploited an open redirection vulnerability in the job search platform Indeed to carry out phishing attacks. Researchers from the cybersecurity firm Menlo Security reported that threat actors exploited an open redirection vulnerability in the job search platform Indeed…
San Francisco’s transport agency Metropolitan Transportation Commission (MTC) exposes drivers’ plate numbers and addresses
A misconfiguration in the Metropolitan Transportation Commission (MTC) systems caused a leak of over 26K files, exposing clients’ home addresses and the plate numbers of their vehicles. The Metropolitan Transportation Commission (MTC) is a governmental agency responsible for regional transportation…
BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums
Cybersecurity researchers spotted a new malware-as-a-service (MaaS) called BunnyLoader that’s appeared in the threat landscape. Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023. The BunnyLoader…
Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)
Researchers have identified the exfiltration infrastructure of a LockBit affiliate while investigating a LockBit extortion incident that occurred in Q3 2023. Executive Summary NOTE: This version of the report has been redacted for TLP:WHITE disclosure. Introduction Digging into ransomware infections…
Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV
Researchers from cybersecurity firm TG Soft are warning Italian entities and companies of LockBit 3.0 Black and BlackCat/AlphV attacks. In the last few weeks, two cybercriminal groups that have also targeted Italian entities and businesses, are back in the news; they are LockBit…
European Telecommunications Standards Institute (ETSI) suffered a data breach
The European Telecommunications Standards Institute (ETSI) disclosed a data breach, threat actors had access to a database of its users. Threat actors stole a database containing the list of users of the portal of the European Telecommunications Standards Institute (ETSI).…
WS_FTP flaw CVE-2023-40044 actively exploited in the wild
Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Software’s WS_FTP products. Progress Software recently warned customers to address a critical severity vulnerability, tracked as CVE-2023-40044 (CVSS score 10), in its WS_FTP Server software which is…
National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers
The National Logistics Portal (NLP), a newly launched platform to manage all port operations in India, left public access to sensitive data, posing the risk of a potential takeover by threat actors. On September 24th, researchers discovered that the NLP…
North Korea-linked Lazarus targeted a Spanish aerospace company
North Korea-linked APT group Lazarus impersonated Meta’s recruiters in an attack against a Spanish company in the Aerospace industry. ESET researchers linked the North Korea-linked Lazarus APT Group to a cyber attack targeting an unnamed Spanish aerospace firm. The cyberspies impersonated Meta’s…
Ransomware attack on Johnson Controls may have exposed sensitive DHS data
Experts warn that the recent attack on building automation giant Johnson Controls may have exposed data of the Department of Homeland Security (DHS). Johnson Controls International plc is a multinational conglomerate with a diversified portfolio of products and services primarily…
BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care
The ALPHV/BlackCat ransomware gang added McLaren Health Care to the list of victims on its Tor leak site. McLaren Health Care is a not-for-profit healthcare system based in Michigan, United States. It is one of the largest integrated health systems…
Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ALPHV/BlackCat…
ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One
The ALPHV/BlackCat ransomware gang added the hotel chain Motel One to the list of victims on its Tor leak site. Motel One is a German hotel chain that offers budget-friendly accommodations primarily targeted at business and leisure travelers. It is…
FBI warns of dual ransomware attacks
The U.S. Federal Bureau of Investigation (FBI) warns of dual ransomware attacks aimed at the same victims. The U.S. Federal Bureau of Investigation (FBI) is warning of dual ransomware attacks, a new worrisome trend in the threat landscape that sees…
Progress Software fixed two critical severity flaws in WS_FTP Server
Progress Software has addressed a critical severity vulnerability in its WS_FTP Server software used by thousands of IT teams worldwide. Progress Software warned customers to address a critical severity vulnerability, tracked as CVE-2023-40044 (CVSS score 10), in its WS_FTP Server…
Child abuse site taken down, organized child exploitation crime suspected – exclusive
A child abuse site has been taken down following a request to German law enforcement by Cybernews research team. A hacker collective, who wanted to remain anonymous, has been relentlessly hunting online crooks who benefit from videos of children being…
A still unpatched zero-day RCE impacts more than 3.5M Exim servers
Experts warn of a critical zero-day vulnerability, tracked as CVE-2023-42115, in all versions of Exim mail transfer agent (MTA) software. A critical zero-day vulnerability, tracked as CVE-2023-42115 (CVSS score 9.8), affects all versions of Exim mail transfer agent (MTA) software. A…
Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach
China-linked threat actors stole around 60,000 emails from U.S. State Department after breaching Microsoft’s Exchange email platform in May. China-linked hackers who breached Microsoft’s email platform in May have stolen tens of thousands of emails from U.S. State Department accounts, a…
Misconfigured WBSC server leaks thousands of passports
The World Baseball Softball Confederation (WBSC) left open a data repository exposing nearly 50,000 files, some of which were highly sensitive, the Cybernews research team has discovered. On June 5th, our researchers discovered a misconfigured Amazon Web Services (AWS) bucket…
CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog
US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) affecting Red Hat JBoss RichFaces Framework to its Known…
Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109
Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. Cisco warned customers to install security updates to address an actively exploited zero-day vulnerability, tracked as…
Dark Angels Team ransomware group hit Johnson Controls
Johnson Controls International suffered a ransomware attack that impacted the operations of the company and its subsidiaries. Johnson Controls International plc is a multinational conglomerate with a diversified portfolio of products and services primarily focused on building technologies and solutions.…
GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023
Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-5217, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day flaw in the Chrome browser which is tracked…
Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices
A Russian zero-day broker is willing to pay $20 million for zero-day exploits for iPhones and Android mobile devices. The Russian zero-day broker firm Operation Zero is increasing payouts for top-tier mobile exploits. The company is willing to pay up…
China-linked APT BlackTech was spotted hiding in Cisco router firmware
US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. US and Japanese intelligence, law enforcement and cybersecurity agencies warn of a China-linked APT, tracked as BlackTech…
Watch out! CVE-2023-5129 in libwebp library affects millions applications
Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in…
DarkBeam leaks billions of email and password combinations
DarkBeam left an Elasticsearch and Kibana interface unprotected, exposing records from previously reported and non-reported data breaches. The leaked logins present cybercriminals with almost limitless attack capabilities. DarkBeam, a digital risk protection firm, left an Elasticsearch and Kibana interface unprotected,…
‘Ransomed.vc’ in the Spotlight – What is Known About the Ransomware Group Targeting Sony and NTT Docomo
Following the recently announced data leak from Sony, Ransomed.vc group claimed the hack of the Japanese giant NTT Docomo. Following the recently announced data leak from Sony, the notorious ransomware syndicate Ransomed.vc announced a new victim today in face of…
Top 5 Problems Solved by Data Lineage
Data lineage is the visualization and tracking of data as it moves through various stages of its lifecycle. In an age where data drives decisions and fuels innovation, understanding the journey of data from its inception to its final destination…
Threat actors claim the hack of Sony, and the company investigates
Sony launched an investigation into an alleged data breach after the RansomedVC group claimed the hack of the company. Sony announced it is investigating allegations of a data breach after the RansomedVC extortion group claimed to have hacked the company…
Canadian Flair Airlines left user data leaking for months
Researchers discovered that Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months, the Cybernews research…
The Rhysida ransomware group hit the Kuwait Ministry of Finance
This week the Rhysida ransomware group claimed the hack of the Kuwait Ministry of Finance and added it to its Tor leak site. Last week a ransomware attack hit the Government of Kuwait, the attack took place on September 18…
BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients
The Better Outcomes Registry & Network (BORN), the Ontario birth registry disclosed a data breach affecting some 3.4 million people. The Better Outcomes Registry & Network (BORN) is a program and database used in the healthcare sector, particularly in maternal…
Xenomorph malware is back after months of hiatus and expands the list of targets
A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world.…
Smishing Triad Stretches Its Tentacles into the United Arab Emirates
Resecurity research found that the ‘Smishing Triad’ cybercrime group has expanded its phishing campaign into the United Arab Emirates (UAE). Resecurity research recently found that ‘Smishing Triad,’ a group specializing in phishing scams conducted via SMS (smishing attacks), has expanded…
Crooks stole $200 million worth of assets from Mixin Network
Crooks stole $200 million from Mixin Network, a free, lightning fast and decentralized network for transferring digital assets. Mixin Network, the Hong Kong-based crypto firm behind a free, lightning fast and decentralized network for transferring digital assets announced it has…
A phishing campaign targets Ukrainian military entities with drone manual lures
A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed…
Alert! Patch your TeamCity instance to avoid server hack
Experts warn of a critical vulnerability in the TeamCity CI/CD server that can be exploited to take over a vulnerable server. JetBrains TeamCity is a popular and highly extensible Continuous Integration (CI) and Continuous Delivery (CD) server developed by JetBrains,…
Is Gelsemium APT behind a targeted attack in Southeast Asian Government?
A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. The experts tracked the cluster as CL-STA-0046,…
Nigerian National pleads guilty to participating in a millionaire BEC scheme
A Nigerian national pleaded guilty to wire fraud and money laundering through business email compromise (BEC). The Nigerian national Kosi Goodness Simon-Ebo (29), who is residing in South Africa, pleaded guilty to conspiracy to commit wire fraud and conspiracy to…
New variant of BBTok Trojan targets users of +40 banks in LATAM
A new variant of a banking trojan, called BBTok, targets users of over 40 banks in Latin America, particularly Brazil and Mexico. Check Point researchers warn of a new variant of a banking trojan, called BBTok, that is targeting users of over…
Deadglyph, a very sophisticated and unknown backdoor targets the Middle East
Researchers discovered a previously undocumented sophisticated backdoor, named Deadglyph, used by the Stealth Falcon group for espionage in the Middle East ESET researchers discovered a very sophisticated and unknown backdoor, named Deadglyph, employed by the Stealth Falcon group for espionage…
Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars
The Alphv ransomware group claims to have hacked Clarion, the global manufacturer of audio and video equipment for cars and other vehicles. The Alphv ransomware group added Clarion, the global manufacturer of audio and video equipment for cars and other vehicles, to…
Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Government…
National Student Clearinghouse data breach impacted approximately 900 US schools
U.S. educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. The National Student Clearinghouse (NSC) is a nonprofit organization based in the United States that provides educational verification and reporting services to educational…
Government of Bermuda blames Russian threat actors for the cyber attack
The Government of Bermuda believes that the recent cyberattack against its IT infrastructure was launched by Russian threat actors. This week a cyber attack hit the Government of Bermuda causing the interruption of internet/email and phone services. The attack impacted…
City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack
The City of Dallas revealed that the Royal ransomware gang that hit the city system in May used a stolen account. In May 2023, a ransomware attack hit the IT systems at the City of Dallas, Texas. To prevent the…
Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware
Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. Researchers from the Citizen Lab and Google’s Threat Analysis Group (TAG) revealed that the three Apple zero-days addressed this week…
CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog
US CISA added the flaw CVE-2023-41179 in Trend Micro Apex and other security products to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the high-severity flaw CVE-2023-41179 (CVSS score 7.2) affecting Trend Micro Apex One and Worry-Free Business Security…
Information of Air Canada employees exposed in recent cyberattack
Air Canada, the flag carrier and largest airline of Canada, announced that the personal information of some employees was exposed as a result of a recent cyberattack. Air Canada, the flag carrier and largest airline of Canada, announced that threat…
Sandman APT targets telcos with LuaDream backdoor
A previously undocumented APT dubbed Sandman targets telecommunication service providers in the Middle East, Western Europe, and South Asia. A joint research conducted by SentinelLabs and QGroup GmbH revealed that a previously undetected APT group, dubbed Sandman, is targeting telecommunication…
Experts warn of a 600X increase in P2Pinfect traffic
The experts warn of a surge in P2PInfect botnet activity since late August 2023, they are witnessing a 600x jump between September 12 and 19, 2023. In July 2023, Palo Alto Networks Unit 42 researchers discovered a new peer-to-peer (P2P) worm called P2PInfect that targets Redis…
Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws
Apple released emergency security updates to address three new actively exploited zero-day vulnerabilities. Apple released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild. The three flaws were…
Ukrainian hackers are behind the Free Download Manager supply chain attack
The recently discovered Free Download Manager (FDM) supply chain attack, which distributed Linux malware, started back in 2020. The maintainers of Free Download Manager (FDM) confirmed that the recently discovered supply chain attack dates back to 2020. Recently, researchers from…
Space and defense tech maker Exail Technologies exposes database access
Exail Technologies, a high-tech manufacturer whose clients include the US Coast Guard, exposed sensitive company data that could’ve enabled attackers to access its databases. Exail, a French high-tech industrial group, left exposed a publicly accessible environment (.env) file with database…
Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions
Pro-Russia hacker group NoName is suspected to have launched a cyberattack that caused border checkpoint outages at several Canadian airports. A massive DDoS cyber attack, likely carried out by Pro-Russia hacker group NoName, severely impacted operations at several Canadian airports…
Experts found critical flaws in Nagios XI network monitoring software
Researchers discovered multiple vulnerabilities in the Nagios XI network and IT infrastructure monitoring and management solution. Researchers discovered four vulnerabilities (CVE-2023-40931, CVE-2023-40932, CVE-2023-40933, CVE-2023-40934) in the Nagios XI network and IT infrastructure monitoring solution that could lead to information disclosure…
The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs
Finnish police announced the takedown of the dark web marketplace PIILOPUOTI which focuses on the sale of illegal narcotics. Finnish Customs announced the seizure of the dark web marketplace Piilopuoti as part of an international law enforcement operation. The dark…
International Criminal Court hit with a cyber attack
A cyberattack hit the International Criminal Court (ICC) disclosed a cyberattack this week, its systems were compromised last week. The International Criminal Court (ICC) announced that threat actors have breached its systems last week. The experts at the International Criminal…