Experts warn of vulnerabilities impacting the Ninja Forms plugin for WordPress that could be exploited for escalating privileges and data theft. The Ninja Forms plugin for WordPress is affected by multiple vulnerabilities (tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393) that can…
Category: Security Affairs
Experts warn attackers started exploiting Citrix ShareFile RCE flaw CVE-2023-24489
Researchers warn that threat actors started exploiting Citrix ShareFile RCE vulnerability CVE-2023-24489 in the wild. Citrix ShareFile is a widely used cloud-based file-sharing application, which is affected by the critical remote code execution (RCE) tracked as CVE-2023-24489 (CVSS score of…
In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues
Google’s Threat Analysis Group Google states that more than 40% of zero-day flaws discovered in 2022 were variants of previous issues. The popular Threat Analysis Group (TAG) Maddie Stone wrote Google’s fourth annual year-in-review of zero-day flaws exploited in-the-wild [2021,…
New flaw in Ivanti Endpoint Manager Mobile actively exploited in the wild
Software firm Ivanti disclosed another security vulnerability impacting Endpoint Manager Mobile (EPMM), that it said actively exploited. Ivanti disclosed a new security vulnerability impacting Endpoint Manager Mobile (EPMM), tracked as CVE-2023-35081 (CVSS score: 7.8), that was exploited in the wild as…
Security Affairs newsletter Round 430 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Now…
CISA warns about SUBMARINE Backdoor employed in Barracuda ESG attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of threat actors deploying the SUBMARINE Backdoor in Barracuda ESG attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an alert on a malware variant, tracked as SUBMARINE Backdoor, that…
Now Abyss Locker also targets VMware ESXi servers
A Linux variant of the Abyss Locker designed to target VMware ESXi servers appeared in the threat landscape, experts warn. The operators behind the Abyss Locker developed a Linux variant that targets VMware ESXi servers expanding their potential targets. VMware…
Russian APT BlueBravo targets diplomatic entities with GraphicalProton backdoor
Russia-linked BlueBravo has been spotted targeting diplomatic entities in Eastern Europe with the GraphicalProton Backdoor. The Russia-linked threat-state actor BlueBravo (aka APT29, Cloaked Ursa, and Midnight Blizzard, Nobelium) has been observed targeting diplomatic entities throughout Eastern Europe. The group was observed…
CoinsPaid blames North Korea-linked APT Lazarus for theft of $37M worth of cryptocurrency
Crypto-payments service provider CoinsPaid suffered a cyber attack that resulted in the theft of $37,200,000 worth of cryptocurrency. CoinsPaid, a crypto-payment service provider, fell victim to a cyber attack, leading to the theft of $37,200,000 worth of cryptocurrency. The company…
Monitor Insider Threats but Build Trust First
The issue of how to prevent insider threats without infringing on employee privacy is one that has been a hot topic of debate in recent years. Because insider threats are uniquely challenging to detect and identify, different methods are needed…
Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS
Zimbra addressed a zero-day vulnerability exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers. Two weeks ago Zimbra urged customers to manually install updates to fix a zero-day vulnerability, now tracked as CVE-2023-38750, that is actively exploited in…
DepositFiles exposed config file, jeopardizing user security
DepositFiles, a popular web hosting service, left its environment configuration file accessible, revealing a trove of highly sensitive credentials. The recent tsunami of Cl0p-driven ransomware attacks via the MOVEit Transfer exploit is a painful reminder of the general idea behind the pessimistic…
Group-IB CEO Ilya Sachkov sentenced to 14 years in a strict prison colony
Ilya Sachkov, CEO and co-founder of Group-IB was sentenced to 14 years in a high security prison colony according to the Moscow court announcement. As per the announcement from the Moscow court, Ilya Sachkov, the CEO and co-founder of Group-IB,…
Two flaws in Linux Ubuntu affect 40% of Ubuntu users
Wiz researchers discovered two Linux vulnerabilities in the Ubuntu kernel that can allow an unprivileged local user to gain elevated privileges. Wiz Research discovered two privilege escalation vulnerabilities, tracked as CVE-2023-2640 and CVE-2023-32629, in the OverlayFS module in the Linux…
Two ambulance services in UK lost access to patient records after a cyber attack on software provider
Swedish software firm Ortivus suffered a cyberattack that has resulted in at least two British ambulance services losing access to electronic patient records. Two British ambulance services were not able to access electronic patient records after a cyber attack that…
FraudGPT, a new malicious generative AI tool appears in the threat landscape
FraudGPT is another cybercrime generative artificial intelligence (AI) tool that is advertised in the hacking underground. Generative AI models are becoming attractive for crooks, Netenrich researchers recently spotted a new platform dubbed FraudGPT which is advertised on multiple marketplaces and…
CISA adds Ivanti EPMM flaw to its Known Exploited Vulnerabilities catalog
US CISA added actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability, tracked as CVE-2023-35078, to its Known…
Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw
Experts warn of a severe privilege escalation, tracked as CVE-2023-30799, in MikroTik RouterOS that can be exploited to hack vulnerable devices. VulnCheck researchers warn of a critical vulnerability, tracked as CVE-2023-30799 (CVSS score: 9.1), that can be exploited in large-scale attacks to…
Atlassian addressed 3 flaws in Confluence and Bamboo products
Atlassian addressed three vulnerabilities in its Confluence Server, Data Center, and Bamboo Data Center products that can lead to remote code execution. Atlassian has addressed three critical and high severity vulnerabilities impacting the Confluence Server, Data Center, and Bamboo Data Center products. Successful…
VMware addressed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment
VMware fixed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment that exposed CF API admin credentials in audit logs. VMware has addressed an information disclosure vulnerability, tracked as CVE-2023-20891 (CVSSv3 score 6.5), in VMware…
Apple addressed a new actively exploited zero-day tracked as CVE-2023-38606
Apple released security updates to address an actively exploited zero-day flaw in iOS, iPadOS, macOS, tvOS, watchOS, and Safari. Apple released urgent security updates to address multiple flaws in iOS, iPadOS, macOS, tvOS, watchOS, and Safari, including an actively exploited zero-day. The…
Twelve Norwegian ministries were hacked using a zero-day vulnerability
Threat actors exploited a zero-day flaw in third-party software in attacks against the ICT platform used by 12 Norwegian ministries. The ICT platform used by twelve ministries of the Norwegian government was hacked, and threat actors have exploited a zero-day…
A flaw in OpenSSH forwarded ssh-agent allows remote code execution
A new flaw in OpenSSH could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. Researchers from the Qualys Threat Research Unit (TRU) have discovered a remote code execution vulnerability in OpenSSH’s forwarded ssh-agent. OpenSSH…
Experts warn of OSS supply chain attacks against the banking sector
Checkmark researchers have uncovered the first known targeted OSS supply chain attacks against the banking sector. In the first half of 2023, Checkmarx researchers detected multiple open-source software supply chain attacks aimed at the banking sector. These attacks targeted specific components…
Apple could opt to stop iMessage and FaceTime services due to the government’s surveillance demands
Apple could opt to pull iMessage and FaceTime services in the U.K. in response to the government’s surveillance demands. In light of the government’s surveillance demands, Apple might consider withdrawing iMessage and FaceTime services from the U.K. The UK government…
Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Multiple…
Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519
Researchers reported that more than 15000 Citrix servers exposed online are likely vulnerable to attacks exploiting the vulnerability CVE-2023-3519. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week warned of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC)…
Multiple DDoS botnets were observed targeting Zyxel devices
Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. Fortinet FortiGuard Labs researchers warned of multiple DDoS botnets exploiting a vulnerability impacting multiple Zyxel firewalls. The flaw, tracked as CVE-2023-28771 (CVSS score: 9.8),…
CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices
The US CISA warns of cyber attacks targeting Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warning of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting…
Experts believe North Korea behind JumpCloud supply chain attack
SentinelOne researchers attribute the recent supply chain attacks on JumpCloud to North Korea-linked threat actors. JumpCloud is a cloud-based directory service platform designed to manage user identities, devices, and applications in a seamless and secure manner. It allows IT administrators…
Nice Suzuki, sport: shame dealer left your data up for grabs
Cybernews research team discovered that two Suzuki-authorized dealer websites were leaking customers’ sensitive information. Suzuki or otherwise, buying a new vehicle is an intense experience with complicated credit, insurance, documentation, and contracts. Think of all the data that you leave…
Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group
China-linked group APT41 was spotted using two previously undocumented Android spyware called WyrmSpy and DragonEgg China-linked APT group APT41 has been observed using two previously undocumented Android spyware called WyrmSpy and DragonEgg. The APT41 group, aka Winnti, Axiom, Barium, Blackfly, HOODOO) is a…
ALPHV/BlackCat and Clop gangs claim to have hacked cosmetics giant Estée Lauder
The American cosmetics giant company Estée Lauder was hacked by two distinct ransomware groups, the ALPHV/BlackCat and Clop gangs. Yesterday the cybersecurity expert @sonoclaudio first alerted me about a strange circumstance, two ransomware actors, ALPHV/BlackCat and Clop, claim to have…
P2PInfect, a Rusty P2P worm targets Redis Servers on Linux and Windows systems
Cybersecurity researchers discovered a new peer-to-peer (P2P) worm called P2PInfect that targets Redis servers. Palo Alto Networks Unit 42 researchers have discovered a new peer-to-peer (P2P) worm called P2PInfect that targets Redis servers running on both Linux and Windows systems. The capability to target…
Adobe out-of-band update addresses an actively exploited ColdFusion zero-day
Adobe released an emergency update to address critical vulnerabilities in ColdFusion, including an actively exploited zero-day. Adobe released an out-of-band update to address critical and moderate vulnerabilities in ColdFusion, including a zero-day flaw that is actively exploited in attacks. The vulnerabilities…
Ukraine’s cyber police dismantled a massive bot farm spreading propaganda
The Cyber Police Department of the National Police of Ukraine dismantled a massive bot farm and seized 150,000 SIM cards. A gang of more than 100 individuals used fake social network accounts to conduct disinformation and psychological operations in support…
US Gov adds surveillance firms Cytrox and Intellexa to Entity List for trafficking in cyber exploits
The U.S. government added surveillance technology vendors Cytrox and Intellexa to an economic blocklist for trafficking in cyber exploits. The Commerce Department’s Bureau of Industry and Security (BIS) added surveillance technology vendors Intellexa and Cytrox to the Entity List for…
Citrix warns of actively exploited zero-day in ADC and Gateway
Citrix is warning customers of an actively exploited critical vulnerability in NetScaler Application Delivery Controller (ADC) and Gateway. Citrix is warning customers of a critical vulnerability, tracked as CVE-2023-3519 (CVSS score: 9.8), in NetScaler Application Delivery Controller (ADC) and Gateway that is…
FIA World Endurance Championship driver passports leaked
Le Mans Endurance Management, operating the FIA World Endurance Championship’s website, exposed the data of hundreds of drivers by leaking their IDs and drivers’ licenses, the Cybernews research team has discovered. On June 16th, our researchers came across two misconfigured,…
Virustotal data leak exposed data of some registered customers, including intelligence members
The online malware scanning service VirusTotal leaked data associated with some registered customers, German newspapers reported. German newspapers Der Spiegel and Der Standard reported that the online malware scanning service VirusTotal leaked data associated with some registered customers. At the end of June,…
FIN8 Group spotted delivering the BlackCat Ransomware
The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The financially motivated group FIN8 (aka Syssphinx) was spotted using a revamped version of a backdoor tracked as Sardonic to deliver the BlackCat ransomware (aka Noberus ransomware).…
Hacking campaign targets sites using WordPress WooCommerce Payments Plugin
Threat actors are actively exploiting a critical flaw, tracked as CVE-2023-28121, in the WooCommerce Payments WordPress plugin. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2023-28121 (CVSS score: 9.8), in the WooCommerce Payments WordPress plugin. The flaw is…
JumpCloud revealed it was hit by a sophisticated attack by a nation-state actor
Software firm JumpCloud announced it was the victim of a sophisticated cyber attack carried out by a nation-state actor. JumpCloud is a cloud-based directory service platform designed to manage user identities, devices, and applications in a seamless and secure manner.…
Adobe warns customers of a critical ColdFusion RCE exploited in attacks
Adobe is warning customers of a critical ColdFusion pre-authentication RCE bug, tracked as CVE-2023-29300, which is actively exploited. Adobe warns customers of a critical ColdFusion pre-authentication remote code execution vulnerability, tracked as CVE-2023-29300 (CVSS score 9.8), that is actively exploited…
Admins of Genesis Market marketplace sold their infrastructure on a hacker forum
The admins of the darkweb Genesis Market announced the sale of their platform to a threat actor that will restart operations next month. In April, the FBI seized the Genesis Market, a black marketplace for stolen credentials that was launched in…
Cisco fixed a critical flaw in SD-WAN vManage
Cisco warns of a critical unauthenticated REST API access vulnerability, tracked as CVE-2023-20214, impacting its SD-WAN vManage. Cisco addressed a critical unauthenticated REST API access vulnerability, tracked as CVE-2023-20214 (CVSS Score 9.1), impacting its SD-WAN vManage. An unauthenticated, remote attacker…
Pompompurin, the BreachForums owner, pleads guilty to hacking charges and possession of child pornography
The owner of the BreachForums Conor Brian Fitzpatrick, aka Pompompurin, pleads guilty to hacking charges. The owner of the BreachForums Conor Brian Fitzpatrick agrees to plead guilty to a three-count criminal information charging the defendant with conspiracy to commit access…
WormGPT, the generative AI tool to launch sophisticated BEC attacks
The WormGPT case: How Generative artificial intelligence (AI) can improve the capabilities of cybercriminals and allows them to launch sophisticated attacks. Researchers from SlashNext warn of the dangers related to a new generative AI cybercrime tool dubbed WormGPT. Since chatbots like…
Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Russia-linked…
Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise
Ukraine’s Computer Emergency Response Team (CERT-UA) states that Russia-linked APT Gamaredon starts stealing data 30 minutes after the initial compromise. Ukraine’s Computer Emergency Response Team (CERT-UA) is warning that the Russia-linked APT group Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) use to…
The source code of the BlackLotus UEFI Bootkit was leaked on GitHub
The source code for the BlackLotus UEFI bootkit has been published on GitHub and experts warn of the risks of proliferation of custom versions. Researchers from ESET discovered in March a new stealthy Unified Extensible Firmware Interface (UEFI) bootkit, named BlackLotus,…
US CISA warns of Rockwell Automation ControlLogix flaws
The U.S. CISA warns of two flaws impacting Rockwell Automation ControlLogix that can lead to remote code execution and DoS attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of two vulnerabilities affecting Rockwell Automation ControlLogix EtherNet/IP (ENIP)…
Indexing Over 15 Million WordPress Websites with PWNPress
Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data related to vulnerabilities and misconfigurations Leveraging the extensive Common Crawl dataset and pushing the boundaries of data analysis, cybersecurity firm Sicuranex successfully indexed over 15 million WordPress websites using…
New AVrecon botnet remained under the radar for two years while targeting SOHO Routers
A new malware dubbed AVrecon targets small office/home office (SOHO) routers, it infected over 70,000 devices from 20 countries. Lumen Black Lotus Labs uncovered a long-running hacking campaign targeting SOHO routers with a strain of malware dubbed AVrecon. The malware was…
Apple re-released Rapid Security Response to fix recently disclosed zero-day
Apple re-released its Rapid Security Response updates for iOS and macOS after fixing browsing issues on certain websites caused by the first RSR. Apple has re-released its Rapid Security Response updates to address the CVE-2023-37450 flaw in iOS and macOS…
Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG
Zimbra has released updates to address a zero-day vulnerability actively exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers. Zimbra urges customers to manually install updates to fix a zero-day vulnerability that is actively exploited in attacks against…
Chinese hackers compromised emails of U.S. Government agencies
Chinese hackers have compromised the emails of an unnamed US Federal Civilian Executive Branch (FCEB) agency. In Mid-June a malicious email activity was reported by an unnamed US Federal Civilian Executive Branch (FCEB) agency. Microsoft experts who investigated the suspicious…
SonicWall urges organizations to fix critical flaws in GMS/Analytics products
SonicWall fixed multiple critical vulnerabilities impacting its GMS firewall management and Analytics management and reporting engine. SonicWall addressed multiple critical vulnerabilities in its Global Management System (GMS) firewall management and Analytics network management and reporting engine. The company fixed 15…
Citrix fixed a critical flaw in Secure Access Client for Ubuntu
Citrix fixed a critical flaw affecting the Secure Access client for Ubuntu that could be exploited to achieve remote code execution. Citrix addressed a critical vulnerability, tracked as CVE-2023-24492 (CVSS score of 9.6), affecting the Secure Access client for Ubuntu…
Cl0p hacker operating from Russia-Ukraine war front line – exclusive
CyberNews researchers discovered that at least one of the Cl0p ransomware gang masterminds is still residing in Ukraine. Original post at: https://cybernews.com/security/cl0p-hacker-hides-in-ukraine/ As the Cl0p ransomware gang continues to sow anxiety worldwide, affecting prominent companies like the BBC and Deutsche…
Fortinet fixed a critical flaw in FortiOS and FortiProxy
Fortinet warns of a critical vulnerability impacting FortiOS and FortiProxy that can allow remote attackers to perform arbitrary code execution. Fortinet has disclosed a critical vulnerability, tracked as CVE-2023-33308 (CVSS score 9.8), that impacts FortiOS and FortiProxy. A remote attacker…
Microsoft mitigated an attack by Chinese threat actor Storm-0558
Microsoft announced it has mitigated a cyber attack by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Microsoft announced it has mitigated an attack conducted by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails.…
Unpatched Office zero-day CVE-2023-36884 actively exploited in targeted attacks
Microsoft warned today that an unpatched zero-day in multiple Windows and Office products was actively exploited in the wild. Microsoft disclosed an unpatched zero-day vulnerability in multiple Windows and Office products that has been actively exploited in the wild. The…
HCA Healthcare data breach impacted 11 million patients
HCA Healthcare disclosed a data breach that exposed the personal information of roughly 11 million patients. HCA Healthcare this week announced that the personal information of roughly 11 million patients was compromised in a data breach. The organization discovered the…
Apple issued Rapid Security Response updates to fix a zero-day but pulled them due to a Safari bug
Apple released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address an actively exploited zero-day. Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw, tracked as CVE-2023-37450, that has been actively exploited…
VMware warns customers of exploit available for critical vRealize RCE flaw CVE-2023-20864
VMware warns customers of the public availability of an exploit code for the RCE vulnerability CVE-2023-20864 affecting vRealize. VMware warned customers of the availability of an exploit code for the critical RCE vulnerability CVE-2023-20864 in the VMware Aria Operations for…
Cybercriminals Evolve Antidetect Tooling for Mobile OS-Based Fraud
Resecurity identified the emergence of adversarial mobile Android-based Antidetect Tooling for Mobile OS-Based Fraud. Resecurity has identified the emergence of adversarial mobile Android-based tools (called “mobile anti-detects”), like Enclave and McFly, as a new frontier in fraud tradecraft evolution. These…
Experts released PoC exploit for Ubiquiti EdgeRouter flaw
A Proof-of-Concept (PoC) exploit for the CVE-2023-31998 vulnerability in the Ubiquiti EdgeRouter has been publicly released. The CVE-2023-31998 flaw (CVSS v3 5.9) is a heap overflow issue impacting Ubiquiti EdgeRouters and Aircubes, an attacker can exploit it to potentially execute…
RomCom RAT attackers target groups supporting NATO membership of Ukraine
Threat actors are targeting NATO and groups supporting Ukraine in a spear-phishing campaign distributing the RomCom RAT. On July 4, the BlackBerry Threat Research and Intelligence team uncovered a spear phishing campaign aimed at an organization supporting Ukraine abroad. The researchers discovered…
A flaw in Revolut US payments resulted in the theft of $20 Million
A zero-day vulnerability in the Revolut payment systems allowed threat actors to steal more than $20 million in early 2022. In early 2022, threat actors exploited a zero-day flaw in Revolut payment systems to steal more than $20 million, reported…
France’s government is giving the police more surveillance power
The French government is going to grant law enforcement the power to spy on suspects through smartphones and other devices. French legislators are going to approve a justice reform bill that also gives more power to law enforcement, allowing them…
Two spyware sending data of more than 1.5M users to China were found in Google Play Store
Two apps on the Google Play Store with more than 1.5 million downloads have been discovered spying on users and sending data to China. Researchers from cybersecurity firm Pradeo discovered two malicious apps on Google Play hinding spyware and spying…
Security Affairs newsletter Round 427 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Google…
Google addressed 3 actively exploited flaws in Android
Google released July security updates for Android that addressed tens of vulnerabilities, including three actively exploited flaws. July security updates for Android addressed more than 40 vulnerabilities, including three flaws that were actively exploited in targeted attacks. “There are indications…
Iran-linked APT TA453 targets Windows and macOS systems
Iran-linked APT group tracked TA453 has been linked to a new malware campaign targeting both Windows and macOS systems. The Iran-linked threat actor TA453 has been linked to a malware campaign that targets both Windows and macOS. TA453 is a…
Bangladesh government website leaked data of millions of citizens
A researcher recently discovered that a Bangladesh government website leaks the personal data of citizens. The researcher Viktor Markopoulos discovered a Bangladeshi government website that was leaking the personal information of millions of Bangladesh citizens. According to TechCrunch, which first…
A man has been charged with a cyber attack on the Discovery Bay water treatment facility
A man from Tracy, California, has been charged with a computer attack on the Discovery Bay water treatment facility. Rambler Gallo (53), a man from Tracy (California) has been charged with intentionally causing damage to a computer after he allegedly…
Progress warns customers of a new critical flaw in MOVEit Transfer software
Progress released security patches for a new critical SQL injection vulnerability affecting its MOVEit Transfer software. Progress is informing customers of a new critical SQL injection vulnerability, tracked as CVE-2023-36934, in its MOVEit Transfer software. MOVEit Transfer software recently made…
CISA and FBI warn of Truebot infecting US and Canada based organizations
CISA and the FBI warned today of a new Truebot variant employed in attacks against organizations in the United States and Canada. A new variant of the Truebot malware was used in attacks against organizations in the United States and Canada.…
Cisco warns of a flaw in Nexus 9000 series switches that allows modifying encrypted traffic
Cisco warns of a high-severity vulnerability in Nexus 9000 series switches that can allow attackers to read or modify encrypted traffic. Cisco disclosed a high-severity vulnerability, tracked as CVE-2023-20185 (CVSS Score 7.4), in the Cisco ACI Multi-Site CloudSec encryption feature…
StackRot, a new Linux Kernel privilege escalation vulnerability
StackRot is s new security vulnerability in the Linux kernel that could be exploited to gain elevated privileges on a target system. A security vulnerability, dubbed StackRot was found impacting Linux versions 6.1 through 6.4. The issue, tracked as CVE-2023-3269, (CVSS score:…
CVE-2022-29303 flaw in SolarView product can be exploited in attacks against the energy sector
A vulnerability in SolarView product can be exploited in attacks targeting organizations in the energy sector. Researchers from the cybersecurity firm VulnCheck reported that the vulnerability CVE-2022-29303 in the solar power monitoring Contec SolarView product can be exploited in attacks…
Ransomware accounts for 54% of cyber threats in the health sector
The European Union Agency for Cybersecurity (ENISA) releases its first cyber threat landscape report for the health sector. The European Union Agency for Cybersecurity (ENISA) releases today its first cyber threat landscape report for the health sector. The report identifies…
RedEnergy Stealer-as-a-Ransomware employed in attacks in the wild
RedEnergy is a sophisticated stealer-as-a-ransomware that was employed in attacks targeting energy utilities, oil, gas, telecom, and machinery sectors. Zscaler ThreatLabz researchers discovered a new Stealer-as-a-Ransomware named RedEnergy used in attacks against energy utilities, oil, gas, telecom, and machinery sectors.…
The Port of Nagoya, the largest Japanese port, suffered a ransomware attack
The Port of Nagoya, the largest port in Japan, suffered a ransomware attack that severely impacted its operations. The Port of Nagoya, in the Ise Bay, is the largest and busiest trading port in Japan, accounting for about 10% of…
NoName(057)16’s DDoSia Project’s gets an upgrade
The DDoSia attack tool received an upgrade, it supports a new security mechanism to conceal the list of targets. Researchers at the cybersecurity firm Sekoia analyzed an updated variant of the DDoSia attack tool that was developed and used by the pro-Russia collective NoName(057)16.…
Swedish data protection authority rules against the use of Google Analytics
Swedish data protection watchdog warns companies against using Google Analytics due to the risk of surveillance operated by the US government. The Swedish data protection watchdog warned businesses against using Google Analytics due to the risk of surveillance carried out…
MOVEit attack on Aon exposed data of the staff at the Dublin Airport
Personal data of the personnel at the Dublin Airport was compromised due to a MOVEit attack on professional service provider Aon. Data of about 3000 employees of Dublin Airport (DDA) were compromised after professional service provider Aon fell victim to…
Neo_Net runs eCrime campaign targeting clients of banks globally
A Mexican threat actor that goes online with the moniker Neo_Net is behind an Android malware campaign targeting banks worldwide. A joint study conducted by vx-underground and SentinelOne recently revealed that a Mexican threat actor that goes online with the…
Hackers stole millions of dollars worth of crypto assets from Poly Network platform
Poly Network platform suspended its services during the weekend due to a cyber attack that resulted in the theft of millions of dollars in crypto assets. Threat actors have stolen millions of dollars worth of crypto assets from the Poly…
335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997
Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. In Mid-June Fortinet addressed a critical flaw, tracked as CVE-2023-27997 (CVSS score: 9.2), in FortiOS and FortiProxy…
Anonymous Sudan claims to have stolen 30 million Microsoft’s customer accounts
Microsoft denied the data breach after the collective of hacktivists known as Anonymous Sudan claimed to have hacked the company. In early June, Microsoft suffered severe outages for some of its services, including Outlook email, OneDrive file-sharing apps, and the…
SmugX: Chinese APT uses HTML smuggling to target European Ministries and embassies
China-linked APT group was spotted using HTML smuggling in attacks aimed at Foreign Affairs ministries and embassies in Europe. A China-linked APT group was observed using HTML smuggling in attacks against Foreign Affairs ministries and embassies in Europe, reports the…
The Impacts of Data Loss on Your Organization
What are the causes of Data Loss and which are their impact on your organization? In today’s digital age, data has become the lifeblood of organizations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses…
CISA adds Samsung and D-link bugs to its Known Exploited Vulnerabilities catalog
US CISA added actively exploited Samsung and D-Link vulnerabilities to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added six Samsung and two D-Link vulnerabilities to its Known Exploited Vulnerabilities Catalog. Below is the list of flaws…
New Windows Meduza Stealer targets tens of crypto wallets and password managers
Researchers spotted a new Windows information stealer called Meduza Stealer, the authors employ sophisticated marketing strategies to promote it. The Meduza Stealer can steal browsing activities and extract a wide array of browser-related data, including login credentials, browsing history and bookmarks.…
Experts detected a new variant of North Korea-linked RUSTBUCKET macOS malware
Researchers spotted a new version of the RustBucket Apple macOS malware that supports enhanced capabilities. Researchers from the Elastic Security Labs have spotted a new variant of the RustBucket Apple macOS malware. In April, the security firm Jamf observed the…
Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WordPress…
WordPress sites using the Ultimate Member plugin are under attack
Threat actors are exploiting a critical WordPress zero-day in the Ultimate Member plugin to create secret admin accounts. Hackers are actively exploiting a critical unpatched WordPress Plugin flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), to create secret admin accounts. Ultimate…
LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC
The LockBit ransomware gang claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC). The LockBit ransomware group this week claimed to have hacked the Taiwan Semiconductor Manufacturing Company (TSMC) and $70 million ransom. TSMC is the world’s biggest contract manufacturer…