A new ongoing Magecart web skimmer campaign abuse legitimate websites to act as makeshift command and control (C2) servers. Akamai researchers discovered a new ongoing Magecart web skimmer campaign aimed at stealing personally identifiable information (PII) and credit card information…
Category: Security Affairs
Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Xplain…
Xplain hack impacted the Swiss cantonal police and Fedpol
Several Swiss cantonal police, the army, customs and the Federal Office of Police (Fedpol) were impacted by the attack against IT firm Xplain. Swiss police launched an investigation into the cyber attack that hit the Bernese IT company Xplain, which provides…
Zyxel published guidance for protecting devices from ongoing attacks
Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-28771, CVE-2023-33009, and CVE-2023-33010 vulnerabilities. “Simultaneously, Zyxel has been urging users to…
Kimsuky APT poses as journalists and broadcast writers in its attacks
North Korea-linked APT group Kimsuky is posing as journalists to gather intelligence, a joint advisory from NSA and FBI warns. A joint advisory from the FBI, the U.S. Department of State, the National Security Agency (NSA), South Korea’s National Intelligence Service…
New Linux Ransomware BlackSuit is similar to Royal ransomware
Experts noticed that the new Linux ransomware BlackSuit has significant similarities with the Royal ransomware family. Royal ransomware is one of the most notable ransomware families of 2022, it made the headlines in early May 2023 with the attack against the IT systems in…
CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog
US CISA added actively exploited Progress MOVEit Transfer zero-day vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a Progress MOVEit Transfer SQL injection vulnerability, tracked as CVE-2023-34362, to its Known Exploited Vulnerabilities Catalog. Threat…
New botnet Horabot targets Latin America
A new botnet malware dubbed Horabot is targeting Spanish-speaking users in Latin America since at least November 2020. Cisco Talos researchers were observed deploying a previously unidentified botnet, dubbed Horabot, that is targeting Spanish-speaking users in the Americas. The botnet is used…
Point32Health ransomware attack exposed info of 2.5M people
After the recent ransomware attack, Point32Health disclosed a data breach that impacted 2.5 million Harvard Pilgrim Health Care subscribers. In April, the non-profit health insurer Point32Health took systems offline in response to a ransomware attack that took place on April…
MOVEit Transfer software zero-day actively exploited in the wild
Threat actors are exploiting a zero-day flaw in Progress Software’s MOVEit Transfer product to steal data from organizations. Threat actors are actively exploiting a zero-day vulnerability in the Progress MOVEit Transfer file transfer product to steal data from organizations. MOVEit…
Russia’s FSB blames the US intelligence for Operation Triangulation
Russia’s intelligence Federal Security Service (FSB) said that the recent attacks against iPhones with a zero-click iOS exploit as part of Operation Triangulation were carried out by US intelligence. Researchers from the Russian firm Kaspersky have uncovered a previously unknown…
Operation Triangulation: previously undetected malware targets iOS devices
A previously undocumented APT group targets iOS devices with zero-click exploits as part of a long-running campaign dubbed Operation Triangulation. Researchers from the Russian firm Kaspersky have uncovered a previously unknown APT group that is targeting iOS devices with zero-click exploits…
California-based workforce platform Prosperix leaks drivers licenses and medical records
Prosperix leaked nearly 250,000 files. The breach exposed job seekers’ sensitive data, including home addresses and phone numbers. Prosperix, formally Crowdstaffing, calls itself a “workforce innovation” company that develops software solutions for businesses to build an “extraordinary” workforce. It lists…
Apps with over 420 Million downloads from Google Play unveil the discovery of SpinOk spyware
Researchers discovered spyware, dubbed SpinOk, hidden in 101 Android apps with over 400 million downloads in Google Play. The malicious module is distributed as a marketing SDK that developers behind the apps embedded in their applications and games, including those…
BlackCat claims the hack of the Casepoint legal technology platform used by US agencies
The BlackCat ransomware gang claims to have hacked the Casepoint legal technology platform used US agencies, including SEC and FBI. The cybersecurity researcher Dominic Alvieri first noticed that the BlackCat ransomware gang added the company Casepoint to the list of…
Widespread exploitation by botnet operators of Zyxel firewall flaw
Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771, that impacts Zyxel firewalls. Their objective is to…
Experts warn of backdoor-like behavior within Gigabyte systems
Researchers discovered a suspected backdoor-like behavior within Gigabyte systems that exposes devices to compromise. Researchers from firmware security firm Eclypsium have discovered a suspected backdoor-like behavior within Gigabyte systems. The experts discovered that the firmware in Gigabyte systems drops and executes…
Threat actors are exploiting Barracuda Email Security Gateway bug since October 2022
Recently disclosed zero-day flaw in Barracusa Email Security Gateway (ESG) appliances had been actively exploited by attackers since October 2022. The network security solutions provider Barracuda recently warned customers that some of its Email Security Gateway (ESG) appliances were recently…
Swiss real estate agency Neho fails to put a password on its systems
A misconfiguration of Swiss real estate agency Neho’s systems exposed sensitive credentials to the public. Neho, a Switzerland-based real estate agency, leaked credentials recently, potentially allowing threat actors to prey on sensitive data about the company and its clients. The…
Microsoft found a new bug that allows bypassing SIP root restrictions in macOS
Apple fixed a vulnerability discovered by Microsoft researchers that lets attackers with root privileges bypass System Integrity Protection (SIP). Researchers from Microsoft discovered a vulnerability, tracked as CVE-2023-32369 and dubbed Migraine, that can allow attackers with root privileges to bypass System…
PyPI enforces 2FA authentication to prevent maintainers’ account takeover
PyPI is going to enforce two-factor authentication (2FA) for all project maintainers by the end of this year over security concerns. Due to security concerns, PyPI will be mandating the use of two-factor authentication (2FA) for all project maintainers by…
A database containing 478,000 RaidForums members leaked online
The database of the popular RaidForums hacking forum has been leaked on a new hacking forum, 478,000 members exposed. A database belonging to the now-defunct RaidForums cybercrime platform has been leaked on a new hacking forum called Exposed. The database…
Beware of the new phishing technique “file archiver in the browser” that exploits zip domains
“file archiver in the browser” is a new phishing technique that can be exploited by phishers when victims visit a .ZIP domain. A new phishing technique called “file archiver in the browser” can be used by phishers to “emulate” a…
BrutePrint Attack allows to unlock smartphones with brute-forcing fingerprint
Researchers devised an attack technique, dubbed BrutePrint Attack, that allows brute-forcing fingerprints on smartphones to bypass authentication. Researchers have devised an attack technique, dubbed BrutePrint, that allows to brute-force fingerprints on smartphones to bypass user authentication. The attack technique exploits…
Lockbit ransomware attack on MCNA Dental impacts 8.9M individuals
Managed Care of North America (MCNA) Dental disclosed a data breach that impacted more than 8.9 million individuals. Managed Care of North America (MCNA) Dental suffered a data breach that impacted 8,923,662 patients. MCNA Dental is one of the largest…
New Go-written GobRAT RAT targets Linux Routers in Japan
A new Golang remote access trojan (RAT), tracked as GobRAT, is targeting Linux routers in Japan, the JPCERT Coordination Center warns. JPCERT/CC is warning of cyberattacks against Linux routers in Japan that have been infected with a new Golang remote access…
Researchers analyzed the PREDATOR spyware and its loader Alien
Cisco Talos and the Citizen Lab researchers have published a technical analysis of the powerful Android spyware Predator. Security researchers at Cisco Talos and the Citizen Lab have shared technical details about a commercial Android spyware named Predator that is…
Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks
Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and .rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at…
Industrial automation giant ABB disclosed data breach after ransomware attack
Swiss electrification and automation technology giant ABB confirmed it has suffered a data breach after a ransomware attack. ABB has more than 105,000 employees and has $29.4 billion in revenue for 2022. On May 7, 2023, the Swiss multinational company, leading…
New Bandit Stealer targets web browsers and cryptocurrency wallets
Bandit Stealer is a new stealthy information stealer malware that targets numerous web browsers and cryptocurrency wallets. Trend Micro researchers discovered a new info-stealing malware, dubbed Bandit Stealer, which is written in the Go language and targets multiple browsers and…
CISA adds recently patched Barracuda zero-day to its Known Exploited Vulnerabilities catalog
US CISA added recently patched Barracuda zero-day vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a recently patched Barracuda zero-day vulnerability to its Known Exploited Vulnerabilities Catalog. This week, the network security solutions provider…
Security Affairs newsletter Round 421 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Is…
Is the BlackByte ransomware gang behind the City of Augusta attack?
The city of Augusta in Georgia, U.S., admitted that the recent IT system outage was caused by a cyber attack. While the City of Augusta revealed that a cyberattack caused the recent IT outage, the BlackByte ransomware gang has claimed responsibility…
New Buhti ransomware operation uses rebranded LockBit and Babuk payloads
The recently identified Buhti operation targets organizations worldwide with rebranded LockBit and Babuk ransomware variants. Researchers from Symantec discovered a new ransomware operation called Buhti (aka Blacktail) that is using LockBit and Babuk variants to target Linux and Windows systems…
New PowerExchange Backdoor linked to an Iranian APT group
An alleged Iran-linked APT group targeted an organization linked to the United Arab Emirates (U.A.E.) with the new PowerExchange backdoor. Researchers from the Fortinet FortiGuard Labs observed an attack targeting a government entity in the United Arab Emirates with a…
Dark Frost Botnet targets the gaming sector with powerful DDoS
Researchers spotted a new botnet dubbed Dark Frost that is used to launch distributed denial-of-service (DDoS) attacks against the gaming industry. Researchers from Akamai discovered a new botnet called Dark Frost that was employed in distributed denial-of-service (DDoS) attacks. The botnet borrows code…
New CosmicEnergy ICS malware threatens energy grid assets
Experts detailed a new piece of malware, named CosmicEnergy, that is linked to Russia and targets industrial control systems (ICS). Researchers from Mandiant discovered a new malware, named CosmicEnergy, designed to target operational technology (OT) / industrial control system (ICS) systems. The…
D-Link fixes two critical flaws in D-View 8 network management suite
D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. D-Link has addressed two critical vulnerabilities (CVSS score: 9.8) in its D-View 8 network management suite that could…
Zyxel firewall and VPN devices affected by critical flaws
Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, that affect several of its firewall and VPN…
China-linked APT Volt Typhoon targets critical infrastructure organizations
A China-linked APT group, tracked as Volt Typhoon, breached critical infrastructure organizations in the U.S. and Guam without being detected. China-linked APT cyber espionage group Volt Typhoon infiltrated critical infrastructure organizations in the U.S. and Guam without being detected. The…
North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware
North Korea-linked APT group Lazarus actor has been targeting vulnerable Microsoft IIS servers to deploy malware. AhnLab Security Emergency response Center (ASEC) researchers reported that the Lazarus APT Group is targeting vulnerable versions of Microsoft IIS servers in a recent wave…
Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites
Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. ClearSky Cyber Security uncovered a watering hole attack on at least eight Israeli websites belonging to shipping, logistics, and financial services companies and…
Barracuda Email Security Gateway (ESG) hacked via zero-day bug
Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were breached exploiting a zero-day vulnerability. Network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently breached by threat actors…
The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea
The US Department of the Treasury sanctioned four entities and one individual for their role in cyber operations conducted by North Korea. The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and…
Ukraine’s CERT-UA warns of espionage activity conducted by UAC-0063
The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a cyberespionage campaign targeting state bodies in the country. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting state bodies in the country as part…
AhRat Android RAT was concealed in iRecorder app in Google Play
ESET found a new remote access trojan (RAT), dubbed AhRat, on the Google Play Store that was concealed in an Android screen recording app. ESET researchers have discovered an Android app on Google Play that was hiding a new remote…
The previously undocumented GoldenJackal APT targets Middle East, South Asia entities
A previously undocumented APT group tracked as GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia since 2019. Kaspersky researchers shared details about the activity of a previously undocumented APT group, tracked as GoldenJackal,…
Google announced its Mobile VRP (vulnerability rewards program)
Google introduced Mobile VRP (vulnerability rewards program), a new bug bounty program for reporting vulnerabilities in its mobile applications. Google announced a new bug bounty program, named Mobile VRP (vulnerability rewards program), that covers its mobile applications. Google’s Mobile VRP…
German arms manufacturer Rheinmetall suffered Black Basta ransomware attack
The German automotive and arms manufacturer Rheinmetall announced it was victim of a Black Basta ransomware attack that took place last month. Rheinmetall is a German automotive and arms manufacturer that is listed on the Frankfurt stock exchange. The company this week announced it was victim…
A deeper insight into the CloudWizard APT’s activity revealed a long-running activity
Experts warn of a threat actor, tracked as CloudWizard APT, that is targeting organizations involved in the region of the Russo-Ukrainian conflict. On March 2023, researchers from Kaspersky spotted a previously unknown APT group, tracked as Bad Magic (aka Red Stinger), that targeted…
BlackCat Ransomware affiliate uses signed kernel driver to evade detection
Experts spotted the ALPHV/BlackCat ransomware group using signed malicious Windows kernel drivers to evade detection. Trend Micro researchers shared details about ALPHV/BlackCat ransomware incident that took place on February 2023. A BlackCat affiliate employed signed malicious Windows kernel drivers to evade detection.…
CISA adds iPhone bugs to its Known Exploited Vulnerabilities catalog
US CISA added three zero-day vulnerabilities affecting iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added three zero-day vulnerabilities affecting iPhones, Macs, and iPads to its Known Exploited Vulnerabilities Catalog. The three issues…
EU hits Meta with $1.3 billion fine for transferring European user data to the US
The European Union condemned Meta with a record $1.3 billion fine for transferring European user data to the US. The European Union fined Meta $1.3 billion for transferring user data to the US. This is the biggest fine since the adoption of the General…
Dish Network says the February ransomware attack impacted +300,000 individuals
Satellite TV giant Dish Network disclosed a data breach after the February ransomware attack and started notifying impacted individuals. The American satellite broadcast provider Dish Network went offline on February 24, 2023, the outage impacted Dish.com, Dish Anywhere app, and…
China bans chip maker Micron from its key information infrastructure
The Chinese government announced the ban on the products made by the US memory chip giant Micron Technology over national security concerns. The Cyberspace Administration of China announced the ban on products made by US memory chip giant Micron Technology…
BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer
Researchers identified an ongoing BatLoader campaign relying on Google Search Ads to deliver rogue web pages for ChatGPT and Midjourney. In early May, researchers at eSentire Threat Response Unit (TRU) spotted an ongoing BatLoader campaign using Google Search Ads to…
PyPI Repository temporarily suspends user sign-ups and package uploads due to ongoing attacks
The Python Package Index (PyPI) maintainers have temporarily disabled the sign up and package upload processes due to an ongoing attack. The maintainers of Python Package Index (PyPI), the Python software repository, have temporarily disabled the sign up and package…
Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. We…
2021 data breach exposed data of 70 Million Luxottica customers
Luxottica has finally confirmed the 2021 data breach that exposed the personal information of 70 million customers. Luxottica Group S.p.A. is an Italian eyewear conglomerate and the world’s largest company in the eyewear industry. As a vertically integrated company, Luxottica designs,…
Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware
Cybercriminal gang FIN7 returned with a new wave of attacks aimed at deploying the Clop ransomware on victims’ networks. Researchers at Microsoft Security Intelligence team published a series of tweets to warn of a new wave of attacks aimed at…
US CISA warns of a Samsung vulnerability under active exploitation
US CISA added the vulnerability CVE-2023-21492 flaw affecting Samsung devices to its Known Exploited Vulnerabilities Catalog. US CISA added the vulnerability CVE-2023-21492 vulnerability (CVSS score: 4.4) affecting Samsung devices to its Known Exploited Vulnerabilities Catalog. The issue affects Samsung mobile…
February cyber incident will cost molten metal flow engineering firm Vesuvius £3.5 million
Vesuvius, a leader in molten metal flow engineering and technology, revealed that the February cyber incident will cost it £3.5 million Vesuvius is a global leader in molten metal flow engineering and technology, it employs more than 10,000 people and…
NPM packages found containing the TurkoRat infostealer
Experts discovered two malicious packages in the npm package repository, both were laced with an open-source info-stealer called TurkoRat. ReversingLabs discovered two malicious packages, respectively named nodejs-encrypt-agent and nodejs-cookie-proxy-agent, in the npm package repository containing an open-source info-stealer called TurkoRat. TurkoRat is…
Lemon Group gang pre-infected 9 million Android devices for fraudulent activities
The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. Infected devices were…
Apple fixed three new actively exploited zero-day vulnerabilities
Apple released security updates to address three zero-day vulnerabilities in iPhones, Macs, and iPads that are actively exploited in attacks. Apple has addressed three new zero-day vulnerabilities that are actively exploited in attacks in the wild to hack into iPhones,…
KeePass 2.X Master Password Dumper allows retrieving the KeePass master password
A researcher published a PoC tool to retrieve the master password from KeePass by exploiting the CVE-2023-32784 vulnerability. Security researcher Vdohney released a PoC tool called KeePass 2.X Master Password Dumper that allows retrieving the master password for KeePass. The tool…
Admin of the darknet carding platform Skynet Market pleads guilty
A US national has pleaded guilty to operating the carding site Skynet Market and selling financial information belonging to tens of thousands of US victims. The U.S. national Michael D. Mihalo, aka Dale Michael Mihalo Jr. and ggmccloud1, pleaded guilty…
Critical fixed critical flaws in Cisco Small Business Switches
Cisco fixed nine flaws in its Small Business Series Switches that could be exploited to execute arbitrary code or cause a DoS condition. Cisco has released security updates to address nine security vulnerabilities in the web-based user interface of certain…
Ukraine, Ireland, Japan and Iceland join NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)
The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) announced that Ukraine, Ireland, Japan and Iceland joined the organization. The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) is a multinational organization established to enhance cyber defence capabilities and promote…
Monitoring the dark web to identify threats to energy sector organizations
Searchlight Cyber researchers warn of threat actors that are offering on the dark web access to energy sector organizations. Dark web intelligence firm Searchlight Cyber published a report that analyzes how threat actors in the dark web prepare their malicious…
US Gov offers a $10M reward for a Russian ransomware actor
The US government is offering a $10M reward for Russian national Mikhail Pavlovich Matveev (30) charged for his role in ransomware attacks The US Justice Department charged Russian national Mikhail Pavlovich Matveev (30), aka Wazawaka, m1x, Boriselcin, and Uhodiransomwar, for…
Multiple flaws in Teltonika industrial cellular router expose OT networks to hack
Experts found multiple vulnerabilities in Teltonika industrial cellular routers that could expose OT networks to cyber attacks. A joint analysis conducted by industrial cybersecurity firms Claroty and Otorio discovered multiple flaws in Teltonika Networks’ IIoT products that can expose OT…
University admission platform Leverage EDU exposed student passports
The popular university admission platform Leverage EDU leaked almost 240,000 sensitive files, including students’ passports, financial documents, certificates, and exam results. The Cybernews research team discovered that Leverage EDU leaked extremely sensitive data due to the misconfiguration of their systems.…
Lacroix Group shut down three facilities after a ‘targeted cyberattack’
French electronics manufacturer Lacroix Group shut down three plants after a cyber attack, experts believe it was the victim of a ransomware attack. The French electronics manufacturer Lacroix Group shut down three facilities in France, Germany, and Tunisia in response…
China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant
China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. Since January 2023, Check Point Research monitored a series of targeted attacks aimed at European foreign affairs entities that have been linked…
President Zelensky imposes sanctions against the Russian IT sector
Ukraine’s President Zelensky and the country’s Council of National Security introduced new sanctions against individuals and businesses. Ukraine’s President Volodymyr Zelensky and the country’s Council of National Security introduced new sanctions against 351 Russian individuals and 241 business entities. The…
CISA adds Ruckus bug and another six flaws to its Known Exploited Vulnerabilities catalog
US Cybersecurity and Infrastructure Security Agency (CISA) added seven new flaws to its Known Exploited Vulnerabilities catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog: CVE-2023-25717 – Ruckus Wireless…
Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs
The Lancefly APT group is using a custom powerful backdoor called Merdoor in attacks against organizations in South and Southeast Asia. Symantec researchers reported that the Lancefly APT group is using a custom-written backdoor in attacks targeting organizations in South…
PharMerica data breach impacts more than 5.8 million individuals
National pharmacy network PharMerica discloses a data breach that impacted more than 5.8 million individuals. National pharmacy network PharMerica disclosed a data breach that exposed the personal information of 5,815,591 individuals. The incident took place in March and the company…
New RA Group ransomware gang is the latest group using leaked Babuk source code
A previously unknown ransomware group known as RA Group is targeting companies in U.S. and South Korea with leaked Babuk source code. Cisco Talos researchers recently discovered a new ransomware operation called RA Group that has been active since at…
Introducing the DRM-Report Q1 2023: Unveiling the Current State of Ransomware
DRM Dashboard Ransomware Monitor released the first quarterly report for the year 2023 about the activities of ransomware groups globally. DRM Dashboard Ransomware Monitor, an independent platform of cybersecurity monitoring, is pleased to release the quarterly the DRM-Report for the…
Former Ubiquiti employee gets 6 years in jail for stealing confidential data and extorting company
A former Ubiquiti employee has been sentenced to six years in jail for the theft of confidential data and extorting company for ransom. NICKOLAS SHARP, a former Ubiquiti employee was sentenced today to six years in prison. In December 2020, SHARP stole…
Former ByteDance executive alleges TikTok of wrongful conduct
A former ByteDance executive revealed that the China government has access to TikTok data, including data stored in the United. Yintao Yu, the head of engineering for ByteDance’s U.S. operations from August 2017 to November 2018, revealed that the Chinese…
The latest variant of the RapperBot botnet adds cryptojacking capabilities
FortiGuard Labs Researchers spotted new samples of the RapperBot botnet that support cryptojacking capabilities. FortiGuard Labs researchers have discovered new samples of the RapperBot bot that added cryptojacking capabilities. Researchers from FortiGuard Labs first discovered the previously undetected RapperBot IoT…
Capita warns customers to assume that their data was stolen
UK outsourcing giant Capita is informing customers that their data may have been stolen in the cyberattack that hit the company in early April. In early April, the UK outsourcing giant Capita confirmed that its staff was locked out of…
Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. We are in the final! Please vote for Security Affairs (https://securityaffairs.com/) as the best…
Personal info of 90k hikers leaked by French tourism company La Malle Postale
La Malle Postale, a transportation company serving hikers on popular hiking trails in France, leaked personal data and private messages of their clients. The Cybernews research team has discovered a data leak on La Malle Postale’s system that exposed the…
Data of more than 2M Toyota customers exposed in ten years-long data breach
A data breach disclosed by Toyota Motor Corporation exposed info of more than 2 million customers for ten years Toyota Motor Corporation disclosed a data breach that exposed the car-location information of 2,150,000 customers between November 6, 2013, and April…
Discord suffered a data after third-party support agent was hacked
Discord disclosed a data breach, the security breach was caused by the compromise of a third-party support agent’s account. Discord, the popular VoIP and instant messaging social platform, disclosed a data breach and is notifying the impacted users. The security breach resulted in…
Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol
The CheckMate ransomware operators have been targeting the Server Message Block (SMB) communication protocol used for file sharing to compromise their victims’ networks. Unlike most ransom campaigns, CheckMate, discovered in 2022, has been quiet throughout its operations. To the best…
Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE
U.S. CISA and FBI warned of attacks conducted by the Bl00dy Ransomware Gang against the education sector in the country. The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by…
Leaked source code of Babuk ransomware used by 10 different ransomware families targeting VMware ESXi
The leak of the source code of the Babuk ransomware allowed 9 ransomware gangs to create their own ransomware targeting VMware ESXi systems. SentinelLabs researchers have identified 10 ransomware families using VMware ESXi lockers based on the source code of…
What the Email Security Landscape Looks Like in 2023
Email-based threats have become increasingly sophisticated, how is changing the Email Security Landscape? For over a decade, email has been a common source of cybersecurity threats. During that time, email-based threats have become increasingly sophisticated. What started as notes from…
The Black Basta ransomware gang hit multinational company ABB
Swiss electrification and automation technology giant ABB suffered a Black Basta ransomware attack that impacted its business operations. Swiss multinational company ABB, a leading electrification and automation technology provider, it the last victim of the notorious Black Basta ransomware group.…
A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking
Experts warn of an unauthenticated privilege escalation flaw in the popular Essential ‘Addons for Elementor’ WordPress plugin. Essential ‘Addons for Elementor’ WordPress plugin is a collection of 90+ creative elements and extensions Enhance that allow admins to enhance Elementor page building…
A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking
Experts warn of an unauthenticated privilege escalation flaw in the popular Essential ‘Addons for Elementor’ WordPress plugin. Essential ‘Addons for Elementor’ WordPress plugin is a collection of 90+ creative elements and extensions Enhance that allow admins to enhance Elementor page building…
Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers
Researchers disclosed the details of five vulnerabilities that can be chained to take over some Netgear router models. Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82…
Google will provide dark web monitoring to all US Gmail users and more
Google announced the opening of the dark web monitoring report security feature to all Gmail users in the United States. Google is going to offer dark web monitoring to all U.S. Gmail users, the feature allows them to search for…
We are in the final! Please vote for Security Affairs and Pierluigi Paganini
Dear readers and friends, once again we are in the final of the European Cybersecurity Blogger Awards 2022 and I need your support. Please help me in reaching this new target. I work hard every day to provide updated news…
North Korea-linked APT breached the Seoul National University Hospital
The Korean National Police Agency (KNPA) warns that a North Korea-linked APT group had breached the Seoul National University Hospital (SNUH). The Korean National Police Agency (KNPA) revealed that a North Korea-linked APT group has breached one of the largest…