An alleged nation-state actor exploited three zero-day vulnerabilities in Ivanti Cloud Service Appliance (CSA) in recent attacks. Fortinet FortiGuard Labs researchers warn that a suspected nation-state actor has been exploiting three Ivanti Cloud Service Appliance (CSA) zero-day issues to carry…
Category: Security Affairs
Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’
Dutch police dismantled Bohemia/Cannabia, two major dark web markets for illegal goods, drugs, and cybercrime services. The Dutch police have announced the success of a new joint law enforcement operation that led to the shutdown of the dual dark web…
Fidelity Investments suffered a second data breach this year
US-based financial services company Fidelity Investments warns 77,000 individuals of a data breach that exposed their personal information. U.S.-based financial services company Fidelity Investments is notifying 77,099 individuals that their personal information was compromised in an August cyberattack. The data…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Over 300,000!…
Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A cyber attack…
Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale
U.S. and U.K. cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and JetBrains TeamCity servers on a large scale. Russia-linked cyber espionage group APT29 (aka SVR group, BlueBravo, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes) target vulnerable Zimbra and JetBrains TeamCity servers as…
A cyber attack hit Iranian government sites and nuclear facilities
As Middle East tensions rise, cyberattacks hit Iran’s government branches and nuclear facilities, following Israel’s response to Iran’s October 1 missile barrage. Amid escalating Middle East tensions, Iran faced major cyberattacks Saturday, disrupting its government branches and targeting nuclear facilities.…
Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks
Sophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup & Replication. Sophos researchers warn that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.…
GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline execution
GitLab issued updates for CE and EE to address multiple flaws, including a critical bug allowing CI/CD pipeline runs on unauthorized branches. GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE) to address multiple vulnerabilities, including a…
Iran and China-linked actors used ChatGPT for preparing attacks
OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and China-linked actors used ChatGPT for planning ICS attacks. OpenAI announced the disruption of over 20 cyber and influence operations this year, involving Iranian and Chinese state-sponsored hackers. The…
Internet Archive data breach impacted 31M users
The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” The Internet Archive is an American nonprofit digital library website that provides free access to collections of digitized materials…
E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer
Jscrambler researchers found a skimming campaign using unique JavaScript obfuscation with accented characters to hide a skimmer named Mongolian Skimmer. Jscrambler researchers uncovered a skimming campaign using unique JavaScript obfuscation with accented characters to hide a skimmer dubbed ‘Mongolian Skimmer.’…
U.S. CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week, Fortinet…
Mozilla issued an urgent Firefox update to fix an actively exploited flaw
Mozilla released an urgent Firefox update to fix a critical use-after-free vulnerability actively exploited in ongoing attacks. Mozilla released an emergency security update for its Firefox browser to address a critical use-after-free vulnerability, tracked as CVE-2024-9680, that is actively exploited…
Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices
Palo Alto fixed critical flaws in PAN-OS firewalls, warning that attackers could chain these vulnerabilities to hijack the devices. Palo Alto Networks addressed multiple vulnerabilities that an attacker can chain to hijack PAN-OS firewalls. The vulnerabilities reside in the Palo…
Cybercriminals Are Targeting AI Conversational Platforms
Resecurity reports a rise in attacks on AI Conversational platforms, targeting chatbots that use NLP and ML to enable automated, human-like interactions with consumers. Resecurity has observed a spike in malicious campaigns targeting AI agents and Conversational AI platforms that…
Awaken Likho APT group targets Russian government with a new implant
A threat actor tracked as Awaken Likho is targeting Russian government agencies and industrial entities, reported cybersecurity firm Kaspersky. A recent investigation by Kaspersky researchers into the APT group Awaken Likho (aka Core Werewolf and PseudoGamaredon) uncovered a new campaign…
U.S. CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Qualcomm this week addressed…
Three new Ivanti CSA zero-day actively exploited in attacks
Software company Ivanti released security patches for three new CSA zero-day vulnerabilities actively exploited in attacks. Ivanti warned of three new security vulnerabilities (CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381) in its Cloud Service Appliance (CSA) that are actively exploited in attacks in…
Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer
Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer, used to steal sensitive data globally. Ukrainian national Mark Sokolovsky has pleaded guilty in a US court to operating the Raccoon Infostealer. In October 2020, the US Justice…
Qualcomm fixed a zero-day exploited limited, targeted attacks
Qualcomm warns of 20 flaws in its products, including a potential zero-day vulnerability, in the DSP service that impacts multiple chipsets. Qualcomm addressed 20 vulnerabilities in its products, including a potential zero-day issue tracked as CVE-2024-43047 (CVSS score 7.8). The…
MoneyGram discloses data breach following September cyberattack
MoneyGram disclosed a data breach following a cyberattack in September, during which threat actors stole customer data. In September, American interstate and international peer-to-peer payments and money transfer company MoneyGram confirmed that its services are currently unavailable due to a cyberattack. On September 22, the…
American Water shut down some of its systems following a cyberattack
American Water, the largest publicly traded water and wastewater utility company in the US, shut down some of its systems following a cyberattack. American Water, the largest U.S. water and wastewater utility company, shut down some systems following a cyberattack.…
Universal Music data breach impacted 680 individuals
Universal Music Group notified hundreds of individuals about a data breach compromising their personal information. Universal Music Group is notifying 680 individuals about a data breach that compromised their personal information, including their Social Security number. The data breach occurred…
Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birthday
Russian state media VGTRK faced a major cyberattack, which a Ukrainian source claimed was conducted by Kyiv’s hackers. A Ukrainian government source told Reuters that Kyiv’s hackers are behind the cyber attack that disrupted operations at the Russian state media…
FBCS data breach impacted 238,000 Comcast customers
238,000 Comcast customers were impacted by the FBCS data breach following the February ransomware attack, Comcast reports. Telecommunications giant Comcast is notifying approximately 238,000 customers impacted by the Financial Business and Consumer Solutions (FBCS) data breach. FBCS, a third-party debt…
Critical Apache Avro SDK RCE flaw impacts Java applications
A critical vulnerability in the Apache Avro Java Software Development Kit (SDK) could be exploited to execute arbitrary code on vulnerable instances. A critical vulnerability, tracked as CVE-2024-47561, in the Apache Avro Java Software Development Kit (SDK) could allow the…
Man pleads guilty to stealing over $37 Million worth of cryptocurrency
A man from Indiana pleaded guilty to stealing over $37M in cryptocurrency from 571 victims during a 2022 cyberattack. Evan Frederick Light, 21, of Lebanon, Indiana, pleaded guilty to conspiracy to commit wire fraud and conspiracy to launder monetary instruments. …
U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Zimbra Collaboration vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Zimbra Collaboration vulnerability CVE-2024-45519 (CVSS score of 10) to its Known Exploited Vulnerabilities (KEV) catalog. This…
China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems
China-linked APT group Salt Typhoon breached U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Rhadamanthys Stealer…
Security Affairs newsletter Round 492 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WordPress LiteSpeed Cache…
Google Pixel 9 supports new security features to mitigate baseband attacks
Google announced that its Pixel 9 has implemented new security features, and it supports measures to mitigate baseband attacks. Pixel phones are known for their strong security features, particularly in protecting the cellular baseband, which is the processor handling LTE,…
WordPress LiteSpeed Cache plugin flaw could allow site takeover
A high-severity flaw in the WordPress LiteSpeed Cache plugin could allow attackers to execute arbitrary JavaScript code under certain conditions. A high-severity security flaw, tracked as CVE-2024-47374 (CVSS score 7.2), in the LiteSpeed Cache plugin for WordPress could allow attackers…
Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs
Apple released iOS 18.0.1 update that addressed two vulnerabilities that exposed passwords and audio snippets to attackers. Apple released iOS 18.0.1 and iPadOS 18.0.1 updates to fix two vulnerabilities, respectively tracked as CVE-2024-44207 and CVE-2024-44204. The company addressed the vulnerability…
Google removed Kaspersky’s security apps from the Play Store
Google removed Kaspersky ‘s Android security apps from the Play Store and suspended its developer accounts over the weekend. Over the weekend, all the Android products designed by the Russian cybersecurity firm Kaspersky were removed from the official Google Play in…
New Perfctl Malware targets Linux servers in cryptomining campaign
perfctl malware targets misconfigured Linux servers to deploy cryptocurrency miners and proxyjacking software in an ongoing campaign. Aqua Nautilus researchers shed light on a Linux malware, dubbed perfctl malware, that over the past 3-4 years targeted misconfigured Linux servers. The…
Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group
Microsoft and the U.S. DoJ seized over 100 domains used by the Russia-linked Callisto Group for launching attacks on U.S. government and nonprofits. The Justice Department revealed the unsealing of a warrant to seize 41 domains used by Russia-linked Callisto…
Dutch police breached by a state actor
The Dutch government blames a “state actor” for hacking a police system, exposing the contact details of all police officers, according to the justice minister. The Dutch police blame a state actor for the recent data breach that exposed officers’…
Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug
Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise…
Cloudflare mitigated new record-breaking DDoS attack of 3.8 Tbps
Cloudflare recently mitigated a new record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion packets per second (Pps). Cloudflare reported that starting from early September, it has mitigated over 100 hyper-volumetric L3/4 DDoS attacks, with many exceeding 2 billion…
Telegram revealed it shared U.S. user data with law enforcement
Telegram fulfilled over a dozen U.S. law enforcement data requests this year, potentially revealing the IP addresses or phone numbers of 100+ users. Independent website 404 Media first revealed that in 2024 Telegram has fulfilled more than a dozen law…
U.S. CISA adds Ivanti Endpoint Manager (EPM) flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Endpoint Manager (EPM) vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-29824 (CVSS score of 9.6)…
14 New DrayTek routers’ flaws impacts over 700,000 devices in 168 countries
Multiple flaws in DrayTek residential and enterprise routers can be exploited to fully compromise vulnerable devices. Forescout researchers discovered 14 new vulnerabilities in DrayTek routers, two of which have been rated as critical. Of the 14 security flaws nine are…
Rhadamanthys information stealer introduces AI-driven capabilities
The Rhadamanthys information stealer has been upgraded with advanced features, including the use of artificial intelligence (AI) for optical character recognition (OCR). Researchers at the Recorded Future’s Insikt group have documented the evolution of the Rhadamanthys info stealer. The malware…
Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now!
Threat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519 in Synacor’s Zimbra Collaboration. Proofpoint cybersecurity researchers reported that threat actors are attempting to exploit a recently disclosed vulnerability, tracked as CVE-2024-45519, in Synacor’s Zimbra Collaboration. Starting on September 28, 2024,…
Police arrested four new individuals linked to the LockBit ransomware operation
An international police operation led to the arrest of four individuals linked to the LockBit ransomware group, including a developer. Europol, the UK, and the US law enforcement authorities announced a new operation against the LockBit ransomware gang. The police…
UMC Health System diverted patients following a ransomware attack
US healthcare provider UMC Health System had to divert patients due to a network outage caused by a ransomware attack. On September 27, 2024, US healthcare provider UMC Health System announced an investigation into an IT outage across its network.…
U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux…
News agency AFP hit by cyberattack, client services impacted
AFP suffered a cyberattack affecting its IT systems and content delivery for partners, the incident impacted some client services. Agence France-Presse (AFP) reported a cyberattack on Friday that impacted its IT systems and content delivery for partners. The media agency…
North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence
North Korea-linked APT Kimsuky has been linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems. North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the…
Patelco Credit Union data breach impacted over 1 million people
The ransomware attack on Patelco Credit Union this summer led to a data breach affecting over 1 million individuals, revealed the company. Patelco Credit Union is a member-owned, not-for-profit credit union that serves Northern California, particularly the San Francisco Bay Area.…
Community Clinic of Maui discloses a data breach following May Lockbit ransomware attack
Community Clinic of Maui experienced a data breach impacting over 120,000 people following a LockBit ransomware attack. In May, the Community Clinic of Maui experienced a major IT outage that impacted thousands of patients following a cyber attack. In June,…
A British national has been charged for his execution of a hack-to-trade scheme
The Department of Justice charged a British national for hacking into the systems of five U.S. organizations. The Department of Justice charged the British national Robert Westbrook (39) for hacking into the systems of five U.S. companies. Westbrook was arrested…
Critical NVIDIA Container Toolkit flaw could allow access to the underlying host
A critical vulnerability in the NVIDIA Container Toolkit could allow a container to escape and gain full access to the underlying host. Critical vulnerability CVE-2024-0132 (CVSS score 9.0) in the NVIDIA Container Toolkit could allow an attacker to escape the…
Israel army hacked the communication network of the Beirut Airport control tower
Israel allegedly hacked Beirut airport ‘s control tower, warning an Iranian plane not to land, forcing it to return to Tehran. The Israeli cyber army on Saturday hacked into the control tower of Beirut Airport, the Rafic Hariri International Airport.…
Security Affairs newsletter Round 491 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hackers stole over…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. How the…
Progress Software fixed 2 new critical flaws in WhatsUp Gold
Progress Software addresses six new security vulnerabilities affecting its WhatsUp Gold, two of them are rated as critical severity. Progress Software has addressed six new security vulnerabilities in its IT infrastructure monitoring product WhatsUp Gold. “The WhatsUp Gold team has…
Irish Data Protection Commission fined Meta €91 million for storing passwords in readable format
The Irish Data Protection Commission (DPC) fined Meta €91 million for storing the passwords of hundreds of millions of users in plaintext. The Irish Data Protection Commission (DPC) has fined Meta Platforms Ireland Limited (MPIL) €91 million ($100 million) for…
A cyberattack on Kuwait Health Ministry impacted hospitals in the country
The Kuwait Health Ministry is recovering from a cyberattack that disrupted systems at multiple hospitals and disabled the Sahel healthcare app. Kuwait’s Health Ministry was the victim of a cyberattack that took systems at several of the country’s hospitals offline.…
The Tor Project and Tails have merged operations
The Tor Project and Tails OS have joined forces and merged operations to counter a growing number of digital threats. The Tor Project and Tails have merged operations to enhance collaboration and expand training, outreach, and strengthen both organizations’ efforts…
Cyber vandalism on Wi-Fi networks at UK train stations spread an anti-Islam message
UK police are investigating a cyberattack that disrupted Wi-Fi networks at several train stations across the country. U.K. transport officials and police are investigating a cyber attack on public Wi-Fi networks at the country’s biggest railway stations. Following the ‘cyber-security…
CUPS flaws allow remote code execution on Linux systems under certain conditions
A researcher has disclosed details of an unpatched Linux vulnerability, initially labeled as critical, that allows remote code execution. The popular cybersecurity researcher Simone Margaritelli (@evilsocket) disclosed technical details of an unpatched vulnerability impacting Linux systems. On September 23, Margaritelli…
U.S. sanctioned virtual currency exchanges Cryptex and PM2BTC for facilitating illegal activities
The U.S. government sanctioned the virtual currency exchanges Cryptex and PM2BTC for facilitating cybercrime and money maundering. The U.S. government sanctioned two cryptocurrency exchanges, Cryptex and PM2BTC, and indicted a Russian national for allegedly facilitating cybercriminal activities and money laundering.…
Hacking Kia cars made after 2013 using just their license plate
Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. In June 2024, a team of experts (Neiko Rivera, Sam Curry, Justin Rhinehart, Ian Carroll) discovered multiple…
Critical RCE vulnerability found in OpenPLC
Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could lead to DoS condition and remote code execution. Cisco’s Talos threat intelligence unit has disclosed details of five newly patched vulnerabilities in OpenPLC, an open-source programmable logic controller. These…
China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)
China-linked threat actors compromised some U.S. internet service providers (ISPs) as part of a cyber espionage campaign code-named Salt Typhoon. China-linked threat actors have breached several U.S. internet service providers in recent months as part of a cyber espionage campaign…
Privacy non-profit noyb claims that Firefox tracks users with privacy preserving feature
Privacy non-profit noyb filed a complaint with the Austrian DPA against Firefox for enabling tracking in Firefox without user consent. Privacy non-profit None Of Your Business (noyb) has filed a complaint with Austria’s data protection authority (DSB) against Mozilla for…
Data of 3,191 congressional staffers leaked in the dark web
The personal information of over 3,000 congressional staffers was leaked on the dark web following a major cyberattack on the U.S. Capitol. The personal information of approximately 3,191 congressional staffers has been leaked on the dark web, according to new…
New variant of Necro Trojan infected more than 11 million devices
Experts warn of Necro Trojan found in Google Play, threat actors are spreading it through fake versions of legitimate Android apps. Researchers from Kaspersky discovered a new version of the Necro Trojan in multiple apps uploaded to the Google Play…
U.S. CISA adds Ivanti Virtual Traffic Manager flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Virtual Traffic Manager vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-7593(CVSS score of 9.8) to its…
Arkansas City water treatment facility switched to manual operations following a cyberattack
Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations due to a cyberattack. Arkansas City, Kansas, had to switch its water treatment facility to manual operations over the weekend…
New Android banking trojan Octo2 targets European banks
A new version of the Android banking trojan Octo, called Octo2, supports improved features that allow to takeover infected devices. ThreatFabric researchers discovered a new version of the Android banking trojan Octo, called Octo2, that supports more advanced remote action…
A generative artificial intelligence malware used in phishing attacks
HP researchers detected a dropper that was generated by generative artificial intelligence services and used to deliver AsyncRAT malware. While investigating a malicious email, HP researchers discovered a malware generated by generative artificial intelligence services and used to deliver the AsyncRAT malware.…
A cyberattack on MoneyGram caused its service outage
American peer-to-peer payments and money transfer company MoneyGram confirmed that a cyberattack caused its service outage. American interstate and international peer-to-peer payments and money transfer company MoneyGram confirmed that its services are currently unavailable due to a cyberattack. On September 22, the company informed its customers that…
Did Israel infiltrate Lebanese telecoms networks?
Israel has been sending text messages, recordings, and hacking radio networks to warn Lebanese citizens to evacuate certain areas. Israel has been sending text messages, recordings, and hacking radio networks to warn Lebanese citizens to evacuate certain areas in the…
Telegram will provide user data to law enforcement in response to legal requests
Telegram will provide user data to law enforcement agencies in response to valid legal requests, according to a recent policy update Telegram has updated its privacy policy informing users that it will share users’ phone numbers and IP addresses with…
ESET fixed two privilege escalation flaws in its products
ESET addressed two local privilege escalation vulnerabilities in security products for Windows and macOS operating systems. Cybersecurity firm ESET released security patches for two local privilege escalation vulnerabilities impacting Windows and macOS products. The first vulnerability, tracked as CVE-2024-7400 (CVSS…
North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages
North Korea-linked APT group Gleaming Pisces is distributing a new malware called PondRAT through tainted Python packages. Unit 42 researchers uncovered an ongoing campaign distributing Linux and macOS malwar PondRAT through poisoned Python packages. The campaign is attributed to North…
Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw
Suspected China-linked APT Earth Baxia targeted a government organization in Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Trend Micro researchers reported that China-linked APT group Earth Baxia has targeted a government organization in Taiwan and potentially other…
Hacktivist group Twelve is back and targets Russian entities
Hacktivist group Twelve is back and targets Russian entities to destroy critical assets and disrupt their operations. The hacktivist group Twelve has been active since at least April 2023, it was formed in the wake of the conflict between Russia…
Security Affairs newsletter Round 490 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hackers stole over…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 12
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Protect Your Crypto: Understanding the Ongoing Global Malware Attacks and What We Are Doing to Stop Them CISA warns of Windows…
Noise Storms: Mysterious massive waves of spoofed traffic observed since 2020
GreyNoise Intelligence firm warns of a mysterious phenomenon observed since January 2020, massive waves of spoofed traffic called Noise Storms. GreyNoise Intelligence has been tracking a mysterious phenomenon since January 2020 consisting of massive waves of spoofed traffic, tracked by…
Hackers stole over $44 million from Asian crypto platform BingX
Cybercriminals stole more than $44 million worth of cryptocurrency from the Singaporean crypto platform BingX. Singaporean crypto platform BingX reported a cyberattack on Friday. Threat actors stole over $44 million worth of cryptocurrency. The crypto platform discovered unauthorized transfers of…
OP KAERB: Europol dismantled phishing scheme targeting mobile users
A joint international law enforcement operation led by Europol dismantled a major phishing scheme targeting mobile users. Europol supported European and Latin American law enforcement agencies in dismantling an international criminal network that unlocks stolen or lost mobile phones using…
Ukraine bans Telegram for government agencies, military, and critical infrastructure
Ukraine’s NCCC banned the Telegram app for government agencies, military, and critical infrastructure, due to national security concerns. Ukraine’s National Coordination Centre for Cybersecurity (NCCC) has banned the Telegram messaging app on government agencies, military, and critical infrastructure, due to…
Tor Project responded to claims that law enforcement can de-anonymize Tor users
The maintainers of the Tor Project have responded to claims that German police have devised a technique to deanonymize users. The maintainers of the Tor Project have responded to claims that German law enforcement has devised a technique to deanonymize…
UNC1860 provides Iran-linked APTs with access to Middle Eastern networks
Iran-linked APT group UNC1860 is operating as an initial access facilitator that provides remote access to Middle Eastern Networks. Mandiant researchers warn that an Iran-linked APT group, tracked as UNC1860, is operating as an initial access facilitator that provides remote…
US DoJ charged two men with stealing and laundering $230 Million worth of cryptocurrency
The US DoJ arrested two people and charged them with stealing and laundering more than $230 million worth of cryptocurrency. The U.S. DoJ arrested two people, Malone Lam (20) (aka “Greavys,” “Anne Hathaway,” and “$$$”) and Jeandiel Serrano (21) (aka…
The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector
Microsoft warns that financially motivated threat actor Vanilla Tempest is using INC ransomware in attacks aimed at the healthcare sector in the U.S. Microsoft Threat Intelligence team revealed that a financially motivated threat actor, tracked as Vanilla Tempest (formerly DEV-0832) is…
U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance a path traversal vulnerability CVE-2024-8190 (CVSS score of 9.4)…
Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw
Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability that is being exploited in attacks in the wild against a limited number of customers. Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability, tracked as CVE-2024-8963 (CVSS score…
International law enforcement operation dismantled criminal communication platform Ghost
An international law enforcement operation infiltrated the encrypted messaging app Ghost, which was widely used by criminals, resulting in the arrest of dozens of individuals. An international law enforcement operation infiltrated the encrypted communications app Ghost, designed for criminal use,…
U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux…
SIEM for Small and Medium-Sized Enterprises: What you need to know
Small and medium-sized enterprises (SMEs) are a frequent target for cybercriminals. How can SIEM help them improve their cybersecurity? Contrary to what they might believe, small and medium-sized enterprises (SMEs) are a favorite target for cybercriminals. Research from the Identity…
Antivirus firm Dr.Web disconnected all servers following a cyberattack
Russian anti-virus firm Doctor Web (Dr.Web) disconnected all servers following a cyberattack over the weekend. This week, the Russian anti-malware firm Doctor Web (Dr.Web) announced that it had disconnected all servers following a cyberattack on Saturday, September 14. The company…
Experts warn of China-linked APT’s Raptor Train IoT Botnet
Researchers warn of a new IoT botnet called Raptor Train that already compromised over 200,000 devices worldwide. Cybersecurity researchers from Lumen’s Black Lotus Labs discovered a new botnet, named Raptor Train, composed of small office/home office (SOHO) and IoT devices.…
Credential Flusher, understanding the threat and how to protect your login data
Credential Flusher is a method that allows hackers to steal login credentials directly from the victim’s web browser. The cyber attacks have become increasingly sophisticated, putting our personal information at risk. One of the latest and most insidious techniques is…