A man from Tracy, California, has been charged with a computer attack on the Discovery Bay water treatment facility. Rambler Gallo (53), a man from Tracy (California) has been charged with intentionally causing damage to a computer after he allegedly…
Category: Security Affairs
Progress warns customers of a new critical flaw in MOVEit Transfer software
Progress released security patches for a new critical SQL injection vulnerability affecting its MOVEit Transfer software. Progress is informing customers of a new critical SQL injection vulnerability, tracked as CVE-2023-36934, in its MOVEit Transfer software. MOVEit Transfer software recently made…
CISA and FBI warn of Truebot infecting US and Canada based organizations
CISA and the FBI warned today of a new Truebot variant employed in attacks against organizations in the United States and Canada. A new variant of the Truebot malware was used in attacks against organizations in the United States and Canada.…
Cisco warns of a flaw in Nexus 9000 series switches that allows modifying encrypted traffic
Cisco warns of a high-severity vulnerability in Nexus 9000 series switches that can allow attackers to read or modify encrypted traffic. Cisco disclosed a high-severity vulnerability, tracked as CVE-2023-20185 (CVSS Score 7.4), in the Cisco ACI Multi-Site CloudSec encryption feature…
StackRot, a new Linux Kernel privilege escalation vulnerability
StackRot is s new security vulnerability in the Linux kernel that could be exploited to gain elevated privileges on a target system. A security vulnerability, dubbed StackRot was found impacting Linux versions 6.1 through 6.4. The issue, tracked as CVE-2023-3269, (CVSS score:…
CVE-2022-29303 flaw in SolarView product can be exploited in attacks against the energy sector
A vulnerability in SolarView product can be exploited in attacks targeting organizations in the energy sector. Researchers from the cybersecurity firm VulnCheck reported that the vulnerability CVE-2022-29303 in the solar power monitoring Contec SolarView product can be exploited in attacks…
Ransomware accounts for 54% of cyber threats in the health sector
The European Union Agency for Cybersecurity (ENISA) releases its first cyber threat landscape report for the health sector. The European Union Agency for Cybersecurity (ENISA) releases today its first cyber threat landscape report for the health sector. The report identifies…
RedEnergy Stealer-as-a-Ransomware employed in attacks in the wild
RedEnergy is a sophisticated stealer-as-a-ransomware that was employed in attacks targeting energy utilities, oil, gas, telecom, and machinery sectors. Zscaler ThreatLabz researchers discovered a new Stealer-as-a-Ransomware named RedEnergy used in attacks against energy utilities, oil, gas, telecom, and machinery sectors.…
The Port of Nagoya, the largest Japanese port, suffered a ransomware attack
The Port of Nagoya, the largest port in Japan, suffered a ransomware attack that severely impacted its operations. The Port of Nagoya, in the Ise Bay, is the largest and busiest trading port in Japan, accounting for about 10% of…
NoName(057)16’s DDoSia Project’s gets an upgrade
The DDoSia attack tool received an upgrade, it supports a new security mechanism to conceal the list of targets. Researchers at the cybersecurity firm Sekoia analyzed an updated variant of the DDoSia attack tool that was developed and used by the pro-Russia collective NoName(057)16.…
Swedish data protection authority rules against the use of Google Analytics
Swedish data protection watchdog warns companies against using Google Analytics due to the risk of surveillance operated by the US government. The Swedish data protection watchdog warned businesses against using Google Analytics due to the risk of surveillance carried out…
MOVEit attack on Aon exposed data of the staff at the Dublin Airport
Personal data of the personnel at the Dublin Airport was compromised due to a MOVEit attack on professional service provider Aon. Data of about 3000 employees of Dublin Airport (DDA) were compromised after professional service provider Aon fell victim to…
Neo_Net runs eCrime campaign targeting clients of banks globally
A Mexican threat actor that goes online with the moniker Neo_Net is behind an Android malware campaign targeting banks worldwide. A joint study conducted by vx-underground and SentinelOne recently revealed that a Mexican threat actor that goes online with the…
Hackers stole millions of dollars worth of crypto assets from Poly Network platform
Poly Network platform suspended its services during the weekend due to a cyber attack that resulted in the theft of millions of dollars in crypto assets. Threat actors have stolen millions of dollars worth of crypto assets from the Poly…
335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997
Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. In Mid-June Fortinet addressed a critical flaw, tracked as CVE-2023-27997 (CVSS score: 9.2), in FortiOS and FortiProxy…
Anonymous Sudan claims to have stolen 30 million Microsoft’s customer accounts
Microsoft denied the data breach after the collective of hacktivists known as Anonymous Sudan claimed to have hacked the company. In early June, Microsoft suffered severe outages for some of its services, including Outlook email, OneDrive file-sharing apps, and the…
SmugX: Chinese APT uses HTML smuggling to target European Ministries and embassies
China-linked APT group was spotted using HTML smuggling in attacks aimed at Foreign Affairs ministries and embassies in Europe. A China-linked APT group was observed using HTML smuggling in attacks against Foreign Affairs ministries and embassies in Europe, reports the…
The Impacts of Data Loss on Your Organization
What are the causes of Data Loss and which are their impact on your organization? In today’s digital age, data has become the lifeblood of organizations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses…
CISA adds Samsung and D-link bugs to its Known Exploited Vulnerabilities catalog
US CISA added actively exploited Samsung and D-Link vulnerabilities to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added six Samsung and two D-Link vulnerabilities to its Known Exploited Vulnerabilities Catalog. Below is the list of flaws…
New Windows Meduza Stealer targets tens of crypto wallets and password managers
Researchers spotted a new Windows information stealer called Meduza Stealer, the authors employ sophisticated marketing strategies to promote it. The Meduza Stealer can steal browsing activities and extract a wide array of browser-related data, including login credentials, browsing history and bookmarks.…
Experts detected a new variant of North Korea-linked RUSTBUCKET macOS malware
Researchers spotted a new version of the RustBucket Apple macOS malware that supports enhanced capabilities. Researchers from the Elastic Security Labs have spotted a new variant of the RustBucket Apple macOS malware. In April, the security firm Jamf observed the…
Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WordPress…
WordPress sites using the Ultimate Member plugin are under attack
Threat actors are exploiting a critical WordPress zero-day in the Ultimate Member plugin to create secret admin accounts. Hackers are actively exploiting a critical unpatched WordPress Plugin flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), to create secret admin accounts. Ultimate…
LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC
The LockBit ransomware gang claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC). The LockBit ransomware group this week claimed to have hacked the Taiwan Semiconductor Manufacturing Company (TSMC) and $70 million ransom. TSMC is the world’s biggest contract manufacturer…
Avast released a free decryptor for the Windows version of the Akira ransomware
Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data without paying the ransom. Cybersecurity firm Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data…
Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor
Iran-linked Charming Kitten group used an updated version of the PowerShell backdoor called POWERSTAR in a spear-phishing campaign. Security firm Volexity observed the Iran-linked Charming Kitten (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) group using an updated version of the PowerShell backdoor POWERSTAR in…
North Korea-linked Andariel APT used a new malware named EarlyRat last year
North Korea-linked cyberespionage group Andariel used a previously undocumented malware called EarlyRat. Kaspersky researchers reported that the North Korea-linked APT group Andariel used a previously undocumented malware dubbed EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. The Andariel APT (aka Stonefly) has been active since at…
miniOrange’s WordPress Social Login and Register plugin was affected by a critical auth bypass bug
A critical authentication bypass flaw in miniOrange’s WordPress Social Login and Register plugin, can allow gaining access to any account on a site. Wordfence researchers discovered an authentication bypass vulnerability in miniOrange’s WordPress Social Login and Register plugin, that can allow an unauthenticated…
The phone monitoring app LetMeSpy disclosed a data breach
Android app LetMeSpy disclosed a security breach, sensitive data associated with thousands of Android users were exposed. The phone monitoring app LetMeSpy disclosed a security breach, threat actors have stolen sensitive data associated with thousands of Android users, including messages, locations, call…
Previously undetected ThirdEye malware appears in the threat landscape
A new Windows information stealer dubbed ThirdEye appeared in the threat landscape, it has been active since April. Fortinet FortiGuard Labs discovered a previously undetected information stealer named ThirdEye. The malicious code is not sophisticated and can allow operators to steal various…
Former Group-IB manager has been arrested in Kazahstan
The former head of network security at Group-IB has been arrested in Kazakhstan based on a request from U.S. law enforcement. Nikita Kislitsin who worked as the head of network security at Group-IB, as well as its Russian-based spinoff company…
Experts published PoC exploits for Arcserve UDP authentication bypass issue
Data protection firm Arcserve addressed an authentication bypass vulnerability in its Unified Data Protection (UDP) backup software. Data protection vendor Arcserve addressed a high-severity bypass authentication flaw, tracked as CVE-2023-26258, in its Unified Data Protection (UDP) backup software. Threat actors…
Using Electromagnetic Fault Injection Attacks to take over drones
Electromagnetic fault injection (EMFI) attacks on drones can potentially allow attackers to achieve arbitrary code execution and take over them. While the use of drones continues to grow, researchers from IOActive analyzed how to develop fault injection attacks against hardened…
Experts warn of a spike in May and June of 8Base ransomware attacks
Researchers warn of a massive spike in May and June 2023 of the activity associated with the ransomware group named 8Base. VMware Carbon Black researchers observed an intensification of the activity associated with a stealthy ransomware group named 8Base. The experts observed…
Critical SQL Injection flaws in Gentoo Soko can lead to Remote Code Execution
SQL injection vulnerabilities in Gentoo Soko could lead to remote code execution (RCE) on impacted systems. SonarSource researchers discovered two SQL injection vulnerabilities in Gentoo Soko, collectively tracked as CVE-2023-28424 (CVSS score: 9.1) [1],[2], that can be exploited by a…
EncroChat dismantling led to 6,558 arrests and the seizure of $979M in criminal funds
Europol announced that the takedown of the EncroChat encrypted chat network has led to the arrest of 6,558 people and the seizure of $979 million in illicit funds. Europol announced that the dismantling of the encrypted chat network EncroChat has…
Mockingjay process injection technique allows EDR bypass
Mockingjay is a new process injection technique that can be exploited to bypass security solutions to execute malware on compromised systems. A new process injection technique dubbed Mockingjay can be exploited by attackers to bypass security controls and gain unauthorized…
Experts found hundreds of devices within federal networks having internet-exposed management interfaces
Researchers at Censys have identified hundreds of devices deployed within federal networks that have internet-exposed management interfaces. Researchers at Censys have analyzed the attack surfaces of more than 50 Federal Civilian Executive Branch (FCEB) organizations and sub-organizations and discovered more…
Schneider Electric and Siemens Energy are two more victims of a MOVEit attack
Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including Schneider Electric and Siemens Energy. The Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including…
JOKERSPY used to target a cryptocurrency exchange in Japan
An unnamed Japanese cryptocurrency exchange was the victim of a cyber attack aimed at deploying an Apple macOS backdoor named JokerSpy. Elastic Security Labs researchers provided details about a recently discovered intrusion at an unnamed cryptocurrency exchange, aimed at deploying…
Citizen of Croatia charged with running the Monopoly Market drug marketplace
Milomir Desnica, a citizen of Croatia and Serbia, has been charged with running the Monopoly Market drug darknet marketplace. Milomir Desnica (33), a citizen of Croatia and Serbia, has been extradited from Austria to the United States to face charges…
Energy company Suncor suffered a cyber attack and its company Petro-Canada gas reported problems at its gas stations in Canada
The cyber attack suffered by Suncor Energy impacted payment operations at Petro-Canada gas stations in Canada. Suncor Energy is Canada’s leading integrated energy company that provides oil sands development, production and upgrading, offshore oil and gas, and petroleum refining in…
Internet Systems Consortium (ISC) fixed three DoS flaw in BIND
The Internet Systems Consortium (ISC) addressed three denial-of-service (DoS) vulnerabilities in the DNS software suite BIND. The Internet Systems Consortium (ISC) released security updates to address three denial-of-service (DoS) vulnerabilities in the DNS software suite BIND. The three issues, tracked…
China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks
China-linked APT group VANGUARD PANDA, aka Volt Typhoon, was spotted observing a novel tradecraft to gain initial access to target networks. CrowdStrike researchers observed the China-linked APT group VANGUARD PANDA, aka Volt Typhoon, using a novel tradecraft to gain initial…
Trojanized Super Mario Bros game spreads malware
Researchers observed threat actors spreading a trojanized Super Mario Bros game installer to deliver multiple malware. Researchers from Cyble Research and Intelligence Labs (CRIL) discovered a trojanized Super Mario Bros game installer for Windows that was used to deliver multiple malware,…
Twitter hacker sentenced to five years in prison for cybercrime offenses
A U.K. citizen, who was involved in the attack on Twitter in 2020, was sentenced to five years in prison for cybercrime offenses. Joseph James O’Connor, aka PlugwalkJoe (24), the hacker who was involved in the attacks on Twitter in…
Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Someone…
Someone is sending mysterious smartwatches to the US Military personnel
U.S. Army’s Criminal Investigation Division warns that US military personnel have reported receiving unsolicited smartwatches in the mail. The U.S. Army’s Criminal Investigation Division reported that service members across the military received smartwatches unsolicited in the mail. Upon using these smartwatches, the devices…
CISA orders govt agencies to fix recently disclosed flaws in Apple devices
U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new security flaws to its Known Exploited Vulnerabilities Catalog. Below is the list…
VMware fixed five memory corruption issues in vCenter Server
VMware addressed multiple memory corruption vulnerabilities in vCenter Server that can be exploited to achieve remote code execution. VMware released security updates to five memory corruption vulnerabilities (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895, CVE-2023-20896) in vCenter Server that could lead to remote…
Fortinet fixes critical FortiNAC RCE, install updates asap
Fortinet addressed a critical remote command execution vulnerability, tracked as CVE-2023-33299, affecting FortiNAC solution. FortiNAC is a network access control (NAC) solution designed by Fortinet that is used by organizations to secure and control access to networks by enforcing security…
More than a million GitHub repositories potentially vulnerable to RepoJacking
Researchers reported that millions of GitHub repositories are likely vulnerable to an attack called RepoJacking. A study conducted by Aqua researchers revealed that millions of GitHub repositories are potentially vulnerable to RepoJacking. In the RepoJacking attack, attackers claim the old username…
New Mirai botnet targets tens of flaws in popular IoT devices
Since March 2023, Unit 42 researchers have observed a variant of the Mirai botnet spreading by targeting tens of flaws in D-Link, Zyxel, and Netgear devices. Since March 2023, researchers at Palo Alto Networks Unit 42 have observed a new…
Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure
The proof-of-concept (PoC) exploit code for high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure was published online. A security researcher has published a proof-of-concept (PoC) exploit code for the high-severity vulnerability, tracked as CVE-2023-20178 (CVSS score of 7.8), impacting Cisco AnyConnect…
Norton parent firm Gen Digital, was victim of a MOVEit ransomware attack too
Norton parent firm, Gen Digital, was the victim of a ransomware attack that exploited the recently disclosed MOVEit zero-day vulnerability. Gen Digital Inc. (formerly Symantec Corporation and NortonLifeLock) is a multinational software company that provides cybersecurity software and services. The company owns multiple brands, including Norton, Avast, LifeLock, Avira,…
Apple addressed actively exploited zero-day flaws in iOS, macOS, and Safari
Apple rolled out security updates to address actively exploited zero-day flaws in iOS, iPadOS, macOS, watchOS, and Safari. Apple addressed a set of vulnerabilities in iOS, iPadOS, macOS, watchOS, and the Safari browser that were actively exploited in the wild.…
Analyzing the TriangleDB implant used in Operation Triangulation
Kaspersky provided more details about Operation Triangulation, including the exploitation chain and the implant used by the threat actors. Kaspersky researchers dug into Operation Triangulation and discovered more details about the exploit chain employed to deliver the spyware to iOS…
Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities
Russia-linked APT28 group hacked into Roundcube email servers belonging to multiple Ukrainian organizations. A joint investigation conducted by Ukraine’s Computer Emergency Response Team (CERT-UA) and Recorded Future revealed that the Russia-linked APT28 group hacked into Roundcube email servers belonging to…
New Condi DDoS botnet targets TP-Link Wi-Fi routers
Researchers discovered a new strain of malware called Condi that targets TP-Link Archer AX21 (AX1800) Wi-Fi routers. Fortinet FortiGuard Labs Researchers discovered a new strain of malware called Condi that was observed exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers. “FortiGuard Labs encountered…
Critical RCE flaw CVE-2023-20887 in VMware vRealize exploited in the wild
VMware is warning customers that critical remote code execution vulnerability CVE-2023-20887 is being actively exploited in attacks. VMware is warning customers that a critical remote code execution vulnerability in Aria Operations for Networks (Formerly vRealize Network Insight), tracked as CVE-2023-20887,…
3CX data exposed, third-party to blame
A third-party vendor of 3CX, a popular Voice over Internet Protocol (VoIP) comms provider, left an open server and exposed sensitive 3CX data. The issue went under the company’s radar, even though it was recently targeted by North Korean hackers.…
New Tsunami botnet targets Linux SSH servers
Researchers warn of an ongoing Tsunami DDoS botnet campaign targeting inadequately protected Linux SSH servers. Researchers from AhnLab Security Emergency response Center (ASEC) have uncovered an ongoing hacking campaign, aimed at poorly protected Linux SSH servers, to install the Tsunami…
Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices
Zyxel released security updates to address a critical vulnerability affecting its network-attached storage (NAS) devices. Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. The vulnerability is a…
Tackling Data Sovereignty with DDR
Data-centric distributed resilience (DDR) offers a compelling approach to addressing data sovereignty in cybersecurity. As much of our modern life relies upon the cloud, the question of data protection is front of mind for many organizations. Those who fail to…
ASUS addressed critical flaws in some router models
ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. The impacted models are GT6, GT-AXE16000, GT-AX11000 PRO,…
Experts found components of a complex toolkit employed in macOS attacks
Researchers uncovered a set of malicious files with backdoor capabilities that they believe is part of a toolkit targeting Apple macOS systems. Bitdefender researchers discovered a set of malicious files with backdoor capabilities that are suspected to be part of…
EU member states are urged to restrict without delay 5G equipment from risky suppliers
The European Commission urges member states to limit “without delay” equipment from Chinese suppliers from their 5G networks, specifically Huawei and ZTE. The European Commission told member states to impose restrictions on high-risk suppliers for 5G networks without delay, with…
Diicot cybercrime gang expands its attack capabilities
Researchers found evidence that Diicot threat actors are expanding their capabilities with new payloads and the Cayosin Botnet. Cado researchers recently detected an interesting attack pattern linked to an emerging cybercrime group tracked as Diicot (formerly, “Mexals”) and described in…
Microsoft: June Outlook and cloud platform outages were caused by DDoS
Microsoft confirmed that the recent outages to the Azure, Outlook, and OneDrive services were caused by cyber attacks. In early June, Microsoft suffered severe outages for some of its services, including Outlook email, OneDrive file-sharing apps, and the cloud computing…
Reddit Files: BlackCat/ALPHV ransomware gang claims to have stolen 80GB of data from Reddit
The BlackCat/ALPHV ransomware gang claims to have stolen 80GB of data from the Reddit in February cyberattack. In February, the social news aggregation platform Reddit suffered a security breach, attackers gained unauthorized access to internal documents, code, and some business…
US govt offers $10 million bounty for info linking Clop ransomware gang to a foreign government.
The U.S. government announced up to a $10 million bounty for information linking the Clop ransomware gang to a foreign government. The US goverment is offering up to a $10 million bounty for information linking CL0P Ransomware Gang or any…
Security Affairs newsletter Round 424 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Law…
Law enforcement shutdown a long-standing DDoS-for-hire service
Polish police, as part of the international law enforcement operation PowerOFF, dismantled a DDoS-for-hire service that has been active since at least 2013. An international operation codenamed PowerOff led to the shutdown of a DDoS-for-hire service that has been active…
A Russian national charged for committing LockBit Ransomware attacks
DoJ charged a Russian national with conspiring to carry out LockBit ransomware attacks against U.S. and foreign businesses. The Justice Department announced charges against the Russian national Ruslan Magomedovich Astamirov (20) for his role in numerous LockBit ransomware attacks against…
Oil and gas giant Shell is another victim of Clop ransomware attacks
British multinational oil and gas company Shell has confirmed that it has suffered a ransomware attack conducted by the Clop group. Oil and Gas giant Shell has confirmed that it is one of the victims of the recent large-scale ransomware campaign conducted by the Clop…
Progress fixed a third flaw in MOVEit Transfer software
Progress Software addressed a third vulnerability impacting its MOVEit Transfer application that could lead to privilege escalation and information disclosure. Progress Software disclosed a new SQL injection vulnerability impacting its MOVEit Transfer application, it is the third issue fixed by the company…
Updated Android spyware GravityRAT steals WhatsApp Backups
An updated version of the Android remote access trojan GravityRAT can steal WhatsApp backup files and can delete files ESET researchers discovered an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can delete files. The malware is…
Barracuda ESG zero-day exploited by China-linked APT
Experts linked the UNC4841 threat actor behind the attacks exploiting the recently patched Barracuda ESG zero-day to China. Mandiant researchers linked the threat actor UNC4841 behind the attacks that exploited the recently patched Barracuda ESG zero-day vulnerability to China. “Through…
Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine
Russia-linked APT group Gamaredon is using a new toolset in attacks aimed at critical organizations in Ukraine. The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government…
Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine
Russia-linked APT group Gamaredon is using a new toolset in attacks aimed at critical organizations in Ukraine. The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government…
Cybersecurity agencies published a joint LockBit ransomware advisory
The LockBit ransomware group successfully extorted roughly $91 million from approximately 1,700 U.S. organizations since 2020. According to a joint advisory published by cybersecurity agencies, the LockBit ransomware group has successfully extorted roughly $91 million in about 1,700 attacks against…
Microsoft links Cadet Blizzard APT to Russia’s military intelligence GRU
Microsoft linked a series of wiping attacks to a Russia-linked APT group, tracked as Cadet Blizzard, that is under the control of the GRU. Microsoft attributes the operations carried out by the Russia-linked APT group tracked as Cadet Blizzard to the…
Critical flaw found in WooCommerce Stripe Gateway Plugin used by +900K sites
Hundreds of thousands of online stores are potentially exposed to hacking due to a critical vulnerability in the WooCommerce Stripe Payment Gateway plugin. The WooCommerce Stripe Payment Gateway plugin is affected by a critical vulnerability tracked as CVE-2023-34000. The Stripe…
Unveiling the Balada injector: a malware epidemic in WordPress
Learn the shocking truth behind the Balada Injector campaign and find out how to protect your organization from this relentless viral invasion. A deadly cyber campaign has been working silently to undermine website security by exploiting popular WordPress plugins —…
China-linked APT UNC3886 used VMware ESXi Zero-Day
A China-linked APT group tracked as UNC3886 has been spotted exploiting a VMware ESXi zero-day vulnerability. Mandiant researchers observed a China-linked cyberespionage group, tracked as UNC3886, exploiting a VMware ESXi zero-day vulnerability tracked as CVE-2023-20867. “VMware Tools contains an Authentication…
LLM meets Malware: Starting the Era of Autonomous Threat
Malware researchers analyzed the application of Large Language Models (LLM) to malware automation investigating future abuse in autonomous threats. Executive Summary In this report we shared some insight that emerged during our exploratory research, and proof of concept, on the…
Microsoft Patch Tuesday for June 2023 fixes 6 critical flaws
Microsoft Patch Tuesday security updates for June 2023 fixed 69 flaws in its products, including six critical issues. Microsoft Patch Tuesday security updates for June 2023 fixed 69 vulnerabilities in multiple products, including Microsoft Windows and Windows Components; Office and…
St. Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure
St. Margaret’s Health in Illinois is partly closing operations at its hospitals due to a 2021 ransomware attack that impacted its payment system. In February 2021a ransomware attack hit the St. Margaret’s Health in Illinois and forced the organization to…
A database containing data of +8.9 million Zacks users was leaked online
A database containing the personal information of more than 8.9 million Zacks Investment Research users was leaked on a cybercrime forum. A database containing personal information of 8,929,503 Zacks Investment Research users emerged on a popular hacking forum on June…
Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls
Fortinet addressed a new critical flaw, tracked as CVE-2023-27997, in FortiOS and FortiProxy that is likely exploited in a limited number of attacks. Fortinet has finally published an official advisory about the critical vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), impacting FortiOS and FortiProxy.…
UK communications regulator Ofcom hacked with a MOVEit file transfer zero-day
UK communications regulator Ofcom suffered a data breach after a Clop ransomware attack exploiting the MOVEit file transfer zero-day. UK’s communications regulator Ofcom disclosed a data breach after a Clop ransomware attack. The threat actors exploited the zero-day flaw (CVE-2023-34362,)…
Experts released PoC exploit for MOVEit Transfer CVE-2023-34362 flaw
Security firm Horizon3 released proof-of-concept (PoC) exploit code for the remote code execution (RCE) flaw CVE-2023-34362 in the MOVEit Transfer MFT. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP,…
Intellihartx data breach exposed the personal and health info of 490,000 individuals
Intellihartx is notifying about 490,000 individuals that their personal information was compromised in the GoAnywhere zero-day attack in January. The Clop ransomware group has stolen stole personal and health information of 489,830 individuals as a result of a ransomware attack…
FUD Malware obfuscation engine BatCloak continues to evolve
Researchers detailed a fully undetectable (FUD) malware obfuscation engine named BatCloak that is used by threat actors. Researchers from Trend Micro have analyzed the BatCloak, a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since…
Fortinet urges to patch a critical RCE flaw in Fortigate firewalls
Fortinet released security updates to fix a critical security flaw in its FortiGate firewalls that lead to remote code execution. Fortinet has released security patches to address a critical security vulnerability, tracked as CVE-2023-27997, in its FortiGate firewalls. An attacker can…
Xplain data breach also impacted the national Swiss railway FSS
The Play ransomware attack suffered by the IT services provider Xplain also impacted the national railway company of Switzerland (FSS) and the canton of Aargau. The Play ransomware attack suffered by the IT services provider Xplain is worse than initially…
Microsoft warns of multi-stage AiTM phishing and BEC attacks
Microsoft researchers warn of banking adversary-in-the-middle (AitM) phishing and BEC attacks targeting banking and financial organizations. Microsoft discovered multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attacks against banking and financial services organizations. In AiTM phishing, threat actors set…
Security Affairs newsletter Round 423 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Experts…
Pro-Ukraine Cyber Anarchy Squad claims the hack of the Russian telecom provider Infotel JSC
Pro-Ukraine hackers Cyber Anarchy Squad claimed responsibility for the attack that hit Russian telecom provider Infotel JSC. Pro-Ukraine hacking group Cyber.Anarchy.Squad claimed responsibility for an attack on Russian telecom provider Infotel JSC. The company provides connectivity services to the Russian…
Experts found new MOVEit Transfer SQL Injection flaws
Progress Software released security updates to fix several new SQL injection vulnerabilities in the MOVEit Transfer application. Progress Software has released security updates to address new SQL injection vulnerabilities in the MOVEit Transfer application. An attacker can exploit the SQL…