Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Trustwave researchers are monitoring malicious activity associated with Phishing-as-a-Service (PaaS) platforms, their latest report focuses on a toolkit called Rockstar 2FA. Rockstar 2FA targets…
Category: Security Affairs
Zello urges users to reset passwords following a cyber attack
Zello urges customers with accounts created before November 2 to reset passwords following a potential security breach. Zello is warning customers who have an account created before November 2 to reset their passwords, a circumstance that suggests that the incident…
A cyberattack impacted operations at UK Wirral University Teaching Hospital
UK’s Wirral University Teaching Hospital suffered a cyberattack that caused delays in appointments and procedures. Wirral University Teaching Hospital NHS Foundation Trust (WUTH) is an NHS Foundation Trust. It provides healthcare for people of the Wirral Peninsula and the surrounding…
T-Mobile detected network intrusion attempts and blocked them
T-Mobile reported recent infiltration attempts but pointed out that threat actors had no access to its systems and no sensitive data was compromised. T-Mobile detected recent infiltration attempts but confirmed no unauthorized system access occurred, and no sensitive data was…
ProjectSend critical flaw actively exploited in the wild, experts warn
Researchers warn that a critical security flaw in ProjectSend open-source file-sharing application may be under active exploitation. VulnCheck researchers warn that ProjectSend vulnerability CVE-2024-11680 (CVSS score: 9.8) appears to have been exploited by attackers in the wild. The vulnerability is an improper…
Bootkitty is the first UEFI Bootkit designed for Linux systems
ESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit specifically designed for Linux systems, named Bootkitty. Cybersecurity researchers from ESET discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty. The bootkit allows attackers…
VMware fixed five vulnerabilities in Aria Operations product
Virtualization giant VMware addressed multiple vulnerabilities in its Aria Operations product that can led to privilege escalation and XSS attacks. VMware released security updates to address five vulnerabilities in its Aria Operations product. Aria Operations (formerly known as VMware vRealize…
Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries
Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries and dismantled 134,089 malicious networks. A joint law enforcement operation by INTERPOL and AFRIPOL across 19 African countries, dubbed Operation Serengeti, led to the arrest of 1,006 suspects. The authorities…
How DSPM Helps Businesses Meet Compliance Requirements
Data Security Posture Management (DSPM) helps monitor, secure, and ensure compliance for sensitive data, reducing risks across diverse environments. Complying with cybersecurity regulations can be a source of great pain for organizations, especially those that handle and store particularly valuable…
Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Europe and North America
The Russian RomCom group exploited Firefox and Tor Browser zero-day vulnerabilities in attacks on users in Europe and North America. Russian-based cybercrime group RomCom (aka UAT-5647, Storm-0978, Tropical Scorpius, UAC-0180, UNC2596) exploited two Firefox and Tor Browser zero-day vulnerabilities in recent attacks on users across…
Software firm Blue Yonder providing services to US and UK stores, including Starbucks, hit by ransomware attack
Blue Yonder, a supply chain software provider, suffered a ransomware attack, impacting operations for clients like Starbucks and grocery stores. A ransomware attack on Blue Yonder disrupted operations for several customers, including Starbucks and U.K. grocery chain Sainsbury. “A ransomware attack has…
The source code of Banshee Stealer leaked online
Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. The code is now available on GitHub. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data,…
U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Array Networks AG and vxAG ArrayOS flaw CVE-2023-28461 (CVSS score: 9.8) to…
Thai police arrested Chinese hackers involved in SMS blaster attacks
Thai authorities arrested fraud gangs in Bangkok for SMS blaster attacks, they used fake cell towers to send thousands of malicious SMS messages to nearby phones. Thai authorities arrested members of two Chinese cybercrime organizations, one of these groups carried…
Zyxel firewalls targeted in recent ransomware attacks
Zyxel warns that a ransomware group has been observed exploiting a recently patched command injection issue in its firewalls. Zyxel warns that a ransomware gang has been observed exploiting a recently patched command injection vulnerability, tracked as CVE-2024-42057, in its…
Malware campaign abused flawed Avast Anti-Rootkit driver
Threat actors exploit an outdated Avast Anti-Rootkit driver to evade detection, disable security tools, and compromise the target systems. Trellix researchers uncovered a malware campaign that abused a vulnerable Avast Anti-Rootkit driver (aswArPot.sys) to gain deeper access to the target…
Russia-linked APT TAG-110 uses targets Europe and Asia
Russia-linked threat actors TAG-110 employed custom malware HATVIBE and CHERRYSPY to target organizations in Asia and Europe. Insikt Group researchers uncovered an ongoing cyber-espionage campaign by Russia-linked threat actor TAG-110 that employed custom malware tools HATVIBE and CHERRYSPY. The campaign…
Russia-linked threat actors threaten the UK and its allies, minister to say
A senior UK minister will warn that Russia is preparing cyberattacks against the UK and its allies to undermine support for Ukraine. Russia may launch cyberattacks against the UK and its allies in retaliation for their support of Ukraine, Chancellor…
Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A cyberattack on…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Fake AI video generators infect Windows, macOS with infostealers How Italy became an unexpected spyware hub Babble Babble Babble Babble Babble…
DoJ seized credit card marketplace PopeyeTools and charges its administrators
The U.S. seized the stolen credit card marketplace PopeyeTools and charged its operators, this is a major success against cybercrime. The US Department of Justice announced the seizure of PopeyeTools, an illegal carding platform, and charges against three administrators (Abdul…
A cyberattack on gambling giant IGT disrupted portions of its IT systems
A cyberattack on gambling giant IGT disrupted its systems, forcing the company to take certain services offline. International Game Technology (IGT) detected a cyberattack on November 17, the company promptly started its incident response procedures. International Game Technology PLC (IGT),…
China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane
China-linked APT Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane in attacks targeting East and Southeast Asia. China-linked APT Gelsemium has deployed a previously unknown Linux backdoor, WolfsBane, in attacks targeting East and Southeast Asia, according to ESET.…
Microsoft seized 240 sites used by the ONNX phishing service
Microsoft disrupted the ONNX phishing service, seizing 240 sites and naming an Egyptian man as the operator behind the operation. Microsoft announced the disruption of the ONNX phishing service, another success against cybercrime which led to the seizure of 240…
U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week, Apple…
More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days
Threat actors already hacked thousands of Palo Alto Networks firewalls exploiting recently patched zero-day vulnerabilities. Thousands of Palo Alto Networks firewalls have reportedly been compromised in attacks exploiting recently patched zero-day vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in PAN-OS. CVE-2024-0012 is a vulnerability…
Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office
Mexico is investigating a ransomware attack targeting its legal affairs office, as confirmed by the president amidst growing cybersecurity concerns. Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. “Today they…
Hacker obtained documents tied to lawsuit over Matt Gaetz’s sexual misconduct allegations
A hacker allegedly accessed a file containing testimony from a woman claiming she had sex with Matt Gaetz when she was 17, sparking controversy. The New York Times reported that a hacker, who goes online with the name name Altam…
Ford data breach involved a third-party supplier
Ford investigates a data breach linked to a third-party supplier and pointed out that its systems and customer data were not compromised. Ford investigation investigated a data breach after a threat actors claimed the theft of customer information on the…
Decade-old local privilege escalation bugs impacts Ubuntu needrestart package
Decade-old flaws in the needrestart package in Ubuntu Server could allow local attackers to gain root privileges without user interaction. The Qualys Threat Research Unit (TRU) discovered five Local Privilege Escalation (LPE) decade-old security vulnerabilities in the needrestart package that…
Threat actor sells data of over 750,000 patients from a French hospital
A threat actor had access to electronic patient record system of an unnamed French hospital, and the health data of 750,000 patients was compromised. An unnamed French hospital suffered a data breach that impacted more than 758,000 patients, a threat…
US DoJ charges five alleged members of the Scattered Spider cybercrime gang
The U.S. Justice Department charged five suspects linked to the Scattered Spider cybercrime gang with wire fraud conspiracy. The U.S. Justice Department charged five alleged members of the cybercrime gang Scattered Spider (also known as UNC3944, 0ktapus) with conspiracy to commit wire…
U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV)…
Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals
A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information. On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. The organization launched an investigation into the incident…
Recently disclosed VMware vCenter Server bugs are actively exploited in attacks
Threat actors are actively exploiting two VMware vCenter Server vulnerabilities tracked as CVE-2024-38812 and CVE-2024-38813, Broadcom warns. Broadcom warns that the two VMware vCenter Server vulnerabilities CVE-2024-38812 and CVE-2024-38813 are actively exploited in the wild. “Updated advisory to note that…
Foreign adversary hacked email communications of the Library of Congress says
The Library of Congress discloses the compromise of some of its IT systems, an alleged foreign threat actor hacked their emails. The Library of Congress informed lawmakers about a security breach, an alleged foreign adversary compromised some of their IT…
T-Mobile is one of the victims of the massive Chinese breach of telecom firms
T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. Recently, the FBI and CISA announced they…
Increased GDPR Enforcement Highlights the Need for Data Security
GDPR protects sensitive data like health and financial details, and its enforcement underscores the growing need for stronger data security measures. GDPR: The landscape of data privacy and protection has never been more critical. With regulators around the world intensifying…
Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites
A Really Simple Security plugin flaw affects 4M+ sites, allowing attackers full admin access. It’s one of the most critical WordPress vulnerabilities ever. Wordfence researchers warn of a vulnerability, tracked as CVE-2024-10924 (CVSS Score of 9.8), in the Really Simple Security…
Security Affairs newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A botnet exploits…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 20
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. New Campaign…
A botnet exploits e GeoVision zero-day to compromise EoL devices
A botnet employed in DDoS or cryptomining attacks is exploiting a zero-day in end-of-life GeoVision devices to grow up. Researchers at the Shadowserver Foundation observed a botnet exploiting a zero-day in GeoVision EOL (end-of-Life) devices to compromise devices in the…
Palo Alto Networks confirmed active exploitation of recently disclosed zero-day
Palo Alto Networks confirmed active exploitation of a zero-day in its PAN-OS firewall and released new indicators of compromise (IoCs). Last week, Palo Alto Networks warned customers to limit access to their next-gen firewall management interface due to a potential…
NSO Group used WhatsApp exploits even after Meta-owned company sued it
Court filing revealed that NSO Group used WhatsApp exploits after the instant messaging firm sued the surveillance company. NSO Group developed malware that relied on WhatsApp exploits to infect target individuals even after the Meta-owned instant messaging company sued the…
Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies
The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. Glove Stealer is a .NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data. The malware could harvest…
Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison
Bitfinex hacker, Ilya Lichtenstein, who stole 1 billion worth of Bitcoins from Bitfinex in 2016, has been sentenced to five years in prison. “Ilya Lichtenstein was sentenced today to five years in prison for his involvement in a money laundering…
U.S. CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following Palo Alto Networks Expedition vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:…
Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices
The exploitation of the recently disclosed ‘won’t fix’ issue CVE-2024-10914 in legacy D-Link NAS devices began days after its disclosure. Days after D-Link announced it wouldn’t patch a critical vulnerability, tracked as CVE-2024-10914 (CVSS score of 9.8), in legacy D-Link…
China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials
China-linked threat actors breached U.S. broadband providers and gained access to private communications of a limited number of U.S. government officials. The FBI and CISA continues to investigate a large-scale cyber-espionage campaign by China-linked threat actors targeting U.S. telecoms, compromising…
Bitdefender released a decryptor for the ShrinkLocker ransomware
Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. ShrinkLocker ransomware was first discovered in May 2024 by researchers from Kaspersky. Unlike modern ransomware it doesn’t rely on sophisticated encryption algorithms and…
China’s Volt Typhoon botnet has re-emerged
China’s Volt Typhoon botnet has re-emerged, using the same core infrastructure and techniques, according to SecurityScorecard researchers. The China-linked Volt Typhoon’s botnet has resurfaced using the same infrastructure and techniques, per SecurityScorecard researchers. In May 2023, Microsoft reported that the Volt Typhoon…
Zoom addressed two high-severity issues in its platform
Zoom addressed six flaws, including two high-severity issues that could allow remote attackers to escalate privileges or leak sensitive information. Zoom addressed six vulnerabilities in its video conferencing and communication platform. Two of these vulnerabilities, tracked as CVE-2024-45421 and CVE-2024-45419,…
Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days
Microsoft Patch Tuesday security updates for November 2024 addressed 89 vulnerabilities, including two actively exploited zero-day flaws. Microsoft Patch Tuesday security updates for November 2024 fixed 89 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; .NET and…
Ahold Delhaize experienced a cyber incident affecting several of its U.S. brands
A cyber attack affected Ahold Delhaize USA brands, disrupting Giant Food, Hannaford, their pharmacies, and e-commerce services. A cyber attack hit the food giant Ahold Delhaize impacting US pharmacies and supermarket chains owned by the company. As of Tuesday, Hannaford’s…
A cyberattack on payment systems blocked cards readers across stores and gas stations in Israel
A cyberattack in Israel allegedly disrupted communication services, causing widespread malfunction of credit card readers across the country on Sunday. The Jerusalem Post reported that thousands of credit card readers across at gas stations and supermarket chains in Israel stopped…
Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices
Apple iOS supports a new feature that reboots locked devices after extended inactivity, aiming to enhance data security for users. Apple ‘quietly’ implemented a new security feature that automatically reboots a locked device if it has not been used for…
Ymir ransomware, a new stealthy ransomware grow in the wild
New Ymir ransomware was deployed in attacks shortly after systems were breached by RustyStealer malware, Kaspersky warns. Kaspersky researchers discovered a new ransomware family, called Ymir ransomware, which attackers deployed after breaching systems via PowerShell commands. Ymir includes detection-evasion features,…
Amazon discloses employee data breach after May 2023 MOVEit attacks
Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks. Amazon disclosed a data breach that exposed employee information after data was allegedly stolen during the May 2023 MOVEit attacks. The company…
A new fileless variant of Remcos RAT observed in the wild
Fortinet researchers discovered a new phishing campaign spreading a variant of the commercial malware Remcos RAT. Fortinet’s FortiGuard Labs recently uncovered a phishing campaign spreading a new variant of the Remcos RAT. Remcos is a commercial remote administration tool (RAT)…
A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine
South Korea claims Pro-Russia actors intensified cyberattacks on national sites after it decided to monitor North Korean troops in Ukraine. South Korea’s government blames pro-Russia threat actors for an intensification of cyberattacks on national sites after it decided to monitor…
Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Mazda Connect flaws…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 19
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. CRON#TRAP: Emulated…
U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers
US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. The US government’s Consumer Financial Protection Bureau (CFPB) advises employees to avoid using cellphones for work after China-linked APT group Salt…
Mazda Connect flaws allow to hack some Mazda vehicles
Multiple vulnerabilities in the infotainment unit Mazda Connect could allow attackers to execute arbitrary code with root access. Trend Micro’s Zero Day Initiative warned of multiple vulnerabilities in the Mazda Connect infotainment system that could allow attackers to execute code…
Veeam Backup & Replication exploit reused in new Frag ransomware attack
A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR) was also recently exploited to deploy Frag ransomware. In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue…
Texas oilfield supplier Newpark Resources suffered a ransomware attack
Texas oilfield supplier Newpark Resources suffered a ransomware attack that disrupted its information systems and business applications. Texas oilfield supplier Newpark Resources revealed that a ransomware attack on October 29 disrupted access to some of its information systems and business…
Palo Alto Networks warns of potential RCE in PAN-OS management interface
Palo Alto Networks warns customers to restrict access to their next-generation firewalls because of a potential RCE flaw in the PAN-OS management interface. Palo Alto Networks warns customers to limit access to their next-gen firewall management interface due to a…
iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state
Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them harder to unlock, reported 404 Media. Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock,…
U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:…
DPRK-linked BlueNoroff used macOS malware with novel persistence
SentinelLabs observed North Korea-linked threat actor BlueNoroff targeting businesses in the crypto industry with a new multi-stage malware. SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign tracked as “Hidden…
Canada ordered ByteDance to shut down TikTok operations in the country over security concerns
Canada ordered ByteDance to shut down TikTok operations over security concerns but did not issue a full ban on the platform. The Canadian government ordered ByteDance to wind up TikTok Technology Canada, Inc. over security concerns following a national security…
Critical bug in Cisco UWRB access points allows attackers to run commands as root
Cisco fixed a critical flaw in URWB access points, allowing attackers to run root commands, compromising industrial wireless automation security. Cisco has addressed a critical vulnerability, tracked as CVE-2024-20418, that could be exploited by unauthenticated, remote attackers to run commands…
INTERPOL: Operation Synergia II disrupted +22,000 malicious IPs
A global law enforcement operation called Operation Synergia II dismantled over 22,000 malicious IPs linked to phishing, infostealers, and ransomware, INTERPOL said. INTERPOL announced this week it took down more than 22,000 malicious servers linked to cybercriminal activities as part…
Memorial Hospital and Manor suffered a ransomware attack
Georgia, a ransomware attack disrupted Memorial Hospital and Manor’s access to its Electronic Health Record system. A ransomware attack hit Memorial Hospital and Manor in Bainbridge, Georgia, and disrupted the access to its Electronic Health Record system. Memorial Hospital and…
South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users
South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users’ sensitive data, including political views and sexual orientation, with advertisers. South Korea’s data privacy watchdog, Personal Information Protection Commission (PIPC), fined Meta 21.62 billion won ($15.67 million) for…
Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices
Synology addressed a critical vulnerability in DiskStation and BeePhotos NAS devices that could lead to remote code execution. Taiwanese vendor Synology has addressed a critical security vulnerability, tracked as CVE-2024-10443, that impacts DiskStation and BeePhotos. An attacker can exploit the…
ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy
The ToxicPanda Android malware has infected over 1,500 devices, enabling attackers to perform fraudulent banking transactions. Cleafy researchers spotted a new Android banking malware, dubbed ToxicPanda, which already infected over 1,500 Android devices. The ToxicPanda malware shares some bot command…
U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds PTZOptics PT30X-SDI/NDI camera bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Threat actors are attempting to exploit…
Canadian authorities arrested alleged Snowflake hacker
Canadian authorities arrested a suspect linked to multiple hacks following a breach of cloud data platform Snowflake earlier this year. Canadian law enforcement agencies arrested a suspect, Alexander “Connor” Moucka (aka Judische and Waifu), who is accused of being responsible…
Android flaw CVE-2024-43093 may be under limited, targeted exploitation
Google warned that a vulnerability, tracked as CVE-2024-43093, in the Android OS is actively exploited in the wild. Threat actors are actively exploiting a vulnerability, tracked as CVE-2024-43093, in the Android OS, Google warns. The vulnerability is a privilege escalation…
July 2024 ransomware attack on the City of Columbus impacted 500,000 people
The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 18, 2024, the City of Columbus, Ohio, suffered a cyber attack that impacted the City’s services. On…
Nigerian man Sentenced to 26+ years in real estate phishing scams
Nigerian Kolade Ojelade gets 26 years in U.S. for phishing scams that stole millions by hacking email accounts. A Nigerian national was sentenced to 26 years in prison in the US for stealing millions by compromising the email accounts of…
Russian disinformation campaign active ahead of 2024 US election
U.S. intel says Russia made a fake video claiming Haitians voted illegally in Georgia, aiming to spread election disinformation. U.S. intel reports Russia created a fake viral video falsely claiming Haitians illegally voted multiple times in Georgia, aiming to spread…
International law enforcement operation shut down DDoS-for-hire platform Dstat.cc
German police shut down DDoS-for-hire platform Dstat.cc and arrested two men accused of operating the site used for launching DDoS attacks. German police shut down the DDoS-for-hire platform Dstat.cc that allowed its customers to launch DDoS attacks. Two men, aged…
Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Chinese threat actors…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 18
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. EIW —…
US Election 2024 – FBI warning about fake election videos
US Election 2024 – The FBI warned that two fake videos on X spread false claims of ballot fraud and misinformation about Kamala Harris’s husband. In a post on X on Saturday, the Federal Bureau of Investigation (FBI) said the…
Chinese threat actors use Quad7 botnet in password-spray attacks
Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out password-spray attacks and steal credentials. Chinese threat actors use the Quad7 botnet in password-spray attacks to steal credentials, Microsoft warns. Quad7 botnet, also known as CovertNetwork-1658 or…
FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info
A former Disney World employee hacked servers after being fired, altering prices, adding profanities, and mislabeling allergy info. A former Walt Disney World employee hacked servers after being fired by the company. He is accused of changing prices, adding profanities,…
Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide
Sophos used custom implants to monitor China-linked thret actors targeting firewall zero-days in a years-long battle. Sophos revealed a years-long “cat-and-mouse” battle with China-linked threat actors, using custom implants to track the attackers’ activities. Since 2018, Sophos has faced increasingly…
PTZOptics cameras zero-days actively exploited in the wild
Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, GretNoise researchers warn. GreyNoise discovered the two flaws while investigating…
New LightSpy spyware version targets iPhones with destructive capabilities
New LightSpy spyware targets iPhones supporting destructive features that can block compromised devices from booting up. In May 2024, ThreatFabric researchers discovered a macOS version of LightSpy spyware that has been active in the wild since at least January 2024.…
LottieFiles confirmed a supply chain attack on Lottie-Player
LottieFiles confirmed a supply chain attack on Lottie-Player, and threat actors targeted cryptocurrency wallets to steal funds. LottieFiles confirmed that threat actors have hacked the Lottie-Player software in a supply chain attack. Lottie-Player is a web component from LottieFiles designed…
Threat actor says Interbank refused to pay the ransom after a two-week negotiation
Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Interbank, formally the Banco Internacional del Perú Service Holding S.A.A. is a leading Peruvian provider of financial services has over 2 million customers. Interbank disclosed a…
QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024
QNAP addressed the second zero-day vulnerability demonstrated by security researchers during the recent Pwn2Own Ireland 2024. Taiwanese manufacturer QNAP patched the second zero-day vulnerability, tracked as CVE-2024-50387, which was exploited by security researchers during the recent Pwn2Own Ireland 2024. The vulnerability…
New version of Android malware FakeCall redirects bank calls to scammers
The latest FakeCall malware version for Android intercepts outgoing bank calls, redirecting them to attackers to steal sensitive info and bank funds. Zimperium researchers spotted a new version of the FakeCall malware for Android that hijacks outgoing victims’ calls and…
Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files
Microsoft warns of a new phishing campaign by Russia-linked APT Midnight Blizzard targeting hundreds of organizations. Microsoft warns of a large-scale spear-phishing campaign by Russia-linked APT Midnight Blizzard (aka APT29, SVR group, BlueBravo, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes), targeting 1,000+ users across 100+…
Google fixed a critical vulnerability in Chrome browser
Google addressed a critical vulnerability in its Chrome browser, tracked as CVE-2024-10487, which was reported by Apple. Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. The…
QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024
QNAP fixed critical zero-day CVE-2024-50388 which was demonstrated against a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. QNAP addressed a critical zero-day vulnerability, tracked as CVE-2024-50388, which was exploited by white hat hackers against a TS-464 NAS device…
International law enforcement operation dismantled RedLine and Meta infostealers
A global law enforcement operation disrupted RedLine and Meta infostealers, seizing their infrastructure and making arrests. The Dutch police announced it has dismantled infrastructure used by RedLine and Meta infostealers as part of an international law enforcement operation led by…