¿securityaffairs.co está no funciona hoy?
¿Qué pasó con securityaffairs.co? ¿Por qué el sitio web dejó de funcionar y no funcionó? Aquí puedes ver quién más tiene el mismo problema con securityaffairs.co, así como las posibles soluciones. Según nuestras estadísticas, lo siguiente no suele funcionar: .
Estado actual: Sin fallas
Por el momento, de acuerdo con nuestros datos, securityaffairs.co está funcionando bien, pero es posible que haya fallas únicas. Si securityaffairs.co no funciona para usted, informe su problema y escriba un comentario.
¿Qué hacer si el sitio securityaffairs.co no está disponible? Prueba nuestra guía.
securityaffairs.co - informes de cortes en las últimas 24 horas
securityaffairs.co - informes de errores y fallas, métodos de solución de problemas
Deja tu comentario describiendo la falla y comparte con otros usuarios cómo resolver el problema.
- No es necesario registrarse.
- No se permite publicar mensajes con lenguaje obsceno e insultos, así como infringir la ley.
- Enlaces activos en el texto del mensaje no se publica, sino que se muestra en texto sin formato.
- Está prohibido publicar datos personales propios y de otras personas: direcciones, números de teléfono, correos electrónicos, cuentas en mensajería instantánea, etc.
Información técnica
| Título de la página principal: | ||||||||||||||||||||||||
| Security Affairs - Read, think, share … Security is everyone's responsibility | ||||||||||||||||||||||||
| Descripción de la página principal: | ||||||||||||||||||||||||
| Security Affairs - Every security issue is our affair. Read, think, share … Security is everyone's responsibility | ||||||||||||||||||||||||
| Protocolo: | ||||||||||||||||||||||||
| https | ||||||||||||||||||||||||
| Código de estado: | ||||||||||||||||||||||||
| 200 | ||||||||||||||||||||||||
| Tamaño de página: | ||||||||||||||||||||||||
| 2.1 MB | ||||||||||||||||||||||||
| Tiempo de respuesta: | ||||||||||||||||||||||||
| 0.460seg. | ||||||||||||||||||||||||
| IP: | ||||||||||||||||||||||||
| 188.114.97.0 | ||||||||||||||||||||||||
| Encabezados de respuesta: | ||||||||||||||||||||||||
|
Encabezados de SEO
h1 Telegram revealed it shared U.S. user data with law enforcement
h3 Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now!
h3 Cloudflare mitigated new record-breaking DDoS attack of 3.8 Tbps
h2 LATEST NEWS
h5 Cloudflare mitigated new record-breaking DDoS attack of 3.8 Tbps
h5 Telegram revealed it shared U.S. user data with law enforcement
h5 U.S. CISA adds Ivanti Endpoint Manager (EPM) flaw to its Known Exploited Vulnerabilities catalog
h5 14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries
h4 top articles
h6 Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea
h6 Ukraine’s SBU said that Russia's intelligence hacked surveillance cameras to direct a missile strike on Kyiv
h6 A cyber attack hit the Beirut International Airport
h6 Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications
h6 Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud
h4 newsletter
h6 Subscribe to my email list and stay up-to-date!
h2 most popular
h2 U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog
h5 Ransomware drama: Law enforcement seized Lockbit group's website again
h5 Zimbra zero-day exploited to steal government emails by four groups
h5 FBI and CISA warn of attacks by Rhysida ransomware gang
h5 VMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director Appliance
h2 recent articles
h5 Telegram revealed it shared U.S. user data with law enforcement
h5 U.S. CISA adds Ivanti Endpoint Manager (EPM) flaw to its Known Exploited Vulnerabilities catalog
h5 14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries
h5 Rhadamanthys information stealer introduces AI-driven capabilities
h5 Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now!
h5 Police arrested four new individuals linked to the LockBit ransomware operation
h5 UMC Health System diverted patients following a ransomware attack
h5 U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog
h5 News agency AFP hit by cyberattack, client services impacted
h5 North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence
h5 Patelco Credit Union data breach impacted over 1 million people
h5 Community Clinic of Maui discloses a data breach following May Lockbit ransomware attack
h5 A British national has been charged for his execution of a hack-to-trade scheme
h5 Critical NVIDIA Container Toolkit flaw could allow access to the underlying host
h5 Israel army hacked the communication network of the Beirut Airport control tower
h5 SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13
h5 Security Affairs newsletter Round 491 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Irish Data Protection Commission fined Meta €91 million for storing passwords in readable format
h5 A cyberattack on Kuwait Health Ministry impacted hospitals in the country
h5 The Tor Project and Tails have merged operations
h5 Cyber vandalism on Wi-Fi networks at UK train stations spread an anti-Islam message
h5 CUPS flaws allow remote code execution on Linux systems under certain conditions
h5 U.S. sanctioned virtual currency exchanges Cryptex and PM2BTC for facilitating illegal activities
h5 Hacking Kia cars made after 2013 using just their license plate
h5 Critical RCE vulnerability found in OpenPLC
h5 China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)
h5 Privacy non-profit noyb claims that Firefox tracks users with privacy preserving feature
h5 Data of 3,191 congressional staffers leaked in the dark web
h5 New variant of Necro Trojan infected more than 11 million devices
h5 U.S. CISA adds Ivanti Virtual Traffic Manager flaw to its Known Exploited Vulnerabilities catalog
h5 Arkansas City water treatment facility switched to manual operations following a cyberattack
h5 New Android banking trojan Octo2 targets European banks
h5 A generative artificial intelligence malware used in phishing attacks
h5 A cyberattack on MoneyGram caused its service outage
h5 Did Israel infiltrate Lebanese telecoms networks?
h5 Telegram will provide user data to law enforcement in response to legal requests
h5 ESET fixed two privilege escalation flaws in its products
h5 North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages
h5 Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw
h5 Hacktivist group Twelve is back and targets Russian entities
h5 SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 12
h5 Security Affairs newsletter Round 490 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Noise Storms: Mysterious massive waves of spoofed traffic observed since 2020
h5 Hackers stole over $44 million from Asian crypto platform BingX
h5 OP KAERB: Europol dismantled phishing scheme targeting mobile users
h5 Ukraine bans Telegram for government agencies, military, and critical infrastructure
h5 Tor Project responded to claims that law enforcement can de-anonymize Tor users
h5 UNC1860 provides Iran-linked APTs with access to Middle Eastern networks
h5 US DoJ charged two men with stealing and laundering $230 Million worth of cryptocurrency
h5 The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector
h5 U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog
h5 Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw
h5 International law enforcement operation dismantled criminal communication platform Ghost
h5 U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog
h5 SIEM for Small and Medium-Sized Enterprises: What you need to know
h5 Antivirus firm Dr.Web disconnected all servers following a cyberattack
h5 Experts warn of China-linked APT's Raptor Train IoT Botnet
h5 Credential Flusher, understanding the threat and how to protect your login data
h5 U.S. Treasury issued fresh sanctions against entities linked to the Intellexa Consortium
h5 Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812
h5 Remote attack on pagers used by Hezbollah caused 9 deaths and thousands of injuries
h5 Chinese man charged for spear-phishing against NASA and US Government
h5 U.S. CISA adds Microsoft Windows MSHTML Platform and Progress WhatsUp Gold bugs to its Known Exploited Vulnerabilities catalog
h5 Taking Control Online: Ensuring Awareness of Data Usage and Consent
h5 Qilin ransomware attack on Synnovis impacted over 900,000 patients
h5 D-Link addressed three critical RCE in wireless router models
h5 Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024
h5 SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager
h5 Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure
h5 Hacker tricked ChatGPT into providing detailed instructions to make a homemade bomb
h5 Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack
h5 SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11
h5 U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog
h5 Ivanti Cloud Service Appliance flaw is being actively exploited in the wild
h5 GitLab fixed a critical flaw in GitLab CE and GitLab EE
h5 New Linux malware called Hadooken targets Oracle WebLogic servers
h5 Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach
h5 Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries
h5 Cybersecurity giant Fortinet discloses a data breach
h5 Singapore Police arrest six men allegedly involved in a cybercrime syndicate
h5 Adobe Patch Tuesday security updates fixed multiple critical issues in the company's products
h5 Highline Public Schools school district suspended its activities following a cyberattack
h5 RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR
h5 Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)
h5 Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days
h5 Quad7 botnet evolves to more stealthy tactics to evade detection
h5 Poland thwarted cyberattacks that were carried out by Russia and Belarus
h5 U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog
h5 Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals
h5 Predator spyware operation is back with a new infrastructure
h5 TIDRONE APT targets drone manufacturers in Taiwan
h5 Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401
h5 Progress Software fixed a maximum severity flaw in LoadMaster
h5 Feds indicted two alleged administrators of WWH Club dark web marketplace
h5 SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 10
h5 Security Affairs newsletter Round 488 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog
h5 A flaw in WordPress LiteSpeed Cache Plugin allows account takeover
h5 Car rental company Avis discloses a data breach
h5 SonicWall warns that SonicOS bug exploited in attacks
h5 Apache fixed a new remote code execution flaw in Apache OFBiz
h5 Russia-linked GRU Unit 29155 targeted critical infrastructure globally
h5 Veeam fixed a critical flaw in Veeam Backup & Replication software
h5 Earth Lusca adds multiplatform malware KTLVdoor to its arsenal
h5 Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?
h5 Quishing, an insidious threat to electric car owners
h5 Discontinued D-Link DIR-846 routers are affected by code execution flaws. Replace them!
h5 Head Mare hacktivist group targets Russia and Belarus
h5 Zyxel fixed critical OS command injection flaw in multiple routers
h5 VMware fixed a code execution flaw in Fusion hypervisor
h5 Vulnerabilities in Microsoft apps for macOS allow stealing permissions
h5 Three men plead guilty to running MFA bypass service OTP.Agency
h5 Transport for London (TfL) is dealing with an ongoing cyberattack
h5 Lockbit gang claims the attack on the Toronto District School Board (TDSB)
h5 A new variant of Cicada ransomware targets VMware ESXi systems
h5 An air transport security system flaw allowed to bypass airport security screenings
h5 SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 9
h5 Security Affairs newsletter Round 487 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Fortra fixed two severe issues in FileCatalyst Workflow, including a critical flaw
h5 South Korea-linked group APT-C-60 exploited a WPS Office zero-day
h5 Threat actors exploit Atlassian Confluence bug in cryptomining campaigns
h5 Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa
h5 Cisco addressed a high-severity flaw in NX-OS software
h5 Corona Mirai botnet spreads via AVTECH CCTV zero-day
h5 Telegram CEO Pavel Durov charged in France for facilitating criminal activities
h5 Iran-linked group APT33 adds new Tickler malware to its arsenal
h5 U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog
h5 Young Consulting data breach impacts 954,177 individuals
h5 BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085
h5 US offers $2.5M reward for Belarusian man involved in mass malware distribution
h5 U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog
h5 China-linked APT Volt Typhoon exploited a zero-day in Versa Director
h5 Researchers unmasked the notorious threat actor USDoD
h5 The Dutch Data Protection Authority (DPA) has fined Uber a record €290M
h5 Google addressed the tenth actively exploited Chrome zero-day this year
h5 SonicWall addressed an improper access control issue in its firewalls
h5 A cyberattack impacted operations at the Port of Seattle and Sea-Tac Airport
h5 Linux malware sedexp uses udev rules for persistence and evasion
h5 France police arrested Telegram CEO Pavel Durov
h5 SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 8
h5 Security Affairs newsletter Round 486 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog
h5 Hackers can take over Ecovacs home robots to spy on their owners
h5 Russian national arrested in Argentina for laundering money of crooks and Lazarus APT
h5 Qilin ransomware steals credentials stored in Google Chrome
h5 Phishing attacks target mobile users via progressive web applications (PWA)
h5 Member of cybercrime group Karakurt charged in the US
h5 New malware Cthulhu Stealer targets Apple macOS users
h5 China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches
h5 A cyberattack hit US oil giant Halliburton
h5 U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog
h5 SolarWinds fixed a hardcoded credential issue in Web Help Desk
h5 A cyberattack disrupted operations of US chipmaker Microchip Technology
h5 Google addressed the ninth actively exploited Chrome zero-day this year
h5 GitHub fixed a new critical flaw in the GitHub Enterprise Server
h5 Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio
h5 North Korea-linked APT used a new RAT called MoonPeak
h5 Pro-Russia group Vermin targets Ukraine with a new malware family
h5 A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloning
h5 Ransomware payments rose from $449.1 million to $459.8 million
h5 Previously unseen Msupedge backdoor targeted a university in Taiwan
h5 Oracle NetSuite misconfiguration could lead to data exposure
h5 Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum
h5 CISA adds Jenkins Command Line Interface (CLI) bug to its Known Exploited Vulnerabilities catalog
h5 Researchers uncovered new infrastructure linked to the cybercrime group FIN7
h5 Experts warn of exploit attempt for Ivanti vTM bug
h5 Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT
h5 The Mad Liberator ransomware group uses social-engineering techniques
h5 From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs
h5 SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7
h5 Security Affairs newsletter Round 485 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Large-scale extortion campaign targets publicly accessible environment variable files (.env)
h5 OpenAI dismantled an Iranian influence operation targeting the U.S. presidential election
h5 National Public Data confirms a data breach
h5 CISA adds SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalog
h5 Russian national sentenced to 40 months for selling stolen data on the dark web
h5 Banshee Stealer, a new macOS malware with a monthly subscription price of $3,000
h5 Millions of Pixel devices can be hacked due to a pre-installed vulnerable app
h5 Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack
h5 A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter
h5 Google disrupted hacking campaigns carried out by Iran-linked APT42
h5 Black Basta ransomware gang linked to a SystemBC malware campaign
h5 A massive cyber attack hit Central Bank of Iran and other Iranian banks
h5 China-linked APT Earth Baku targets Europe, the Middle East, and Africa
h5 SolarWinds addressed a critical RCE in all Web Help Desk versions
h5 Kootenai Health data breach impacted 464,000 patients
h5 Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs
h5 A PoC exploit code is available for critical Ivanti vTM bug
h5 Elon Musk claims that a DDoS attack caused problems with the livestream interview with Donald Trump
h5 CERT-UA warns of a phishing campaign targeting government entities
h5 US DoJ dismantled remote IT worker fraud schemes run by North Korea
h5 A FreeBSD flaw could allow remote code execution, patch it now!
h5 EastWind campaign targets Russian organizations with sophisticated backdoors
h5 Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE
h5 Foreign nation-state actors hacked Donald Trump’s campaign
h5 SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
h5 Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 ADT disclosed a data breach that impacted more than 30,000 customers
h5 Is the INC ransomware gang behind the attack on McLaren hospitals?
h5 Crooks took control of a cow milking robot causing the death of a cow
h5 Sonos smart speakers flaw allowed to eavesdrop on users
h5 Five zero-days impacts EoL Cisco Small Business IP Phones. Replace them with newer models asap!
h5 CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog
h5 Russian cyber spies stole data and emails from UK government systems
h5 0.0.0.0 Day flaw allows malicious websites to bypass security in major browsers
h5 FBI and CISA update a joint advisory on the BlackSuit Ransomware group
h5 Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware
h5 Critical XSS bug in Roundcube Webmail allows attackers to steal emails and sensitive data
h5 New Android spyware LianSpy relies on Yandex Cloud to avoid detection
h5 Hackers breached MDM firm Mobile Guardian and wiped thousands of devices
h5 A ransomware attack hit French museum network
h5 CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog
h5 Google warns of an actively exploited Android kernel flaw
h5 Should Organizations Pay Ransom Demands?
h5 North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks
h5 Researchers warn of a new critical Apache OFBiz flaw
h5 Keytronic incurred approximately $17 million of expenses following ransomware attack
h5 A flaw in Rockwell Automation ControlLogix 1756 could expose critical control systems to unauthorized access
h5 China-linked APT41 breached Taiwanese research institute
h5 Chinese StormBamboo APT compromised ISP to deliver malware
h5 Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach
h5 Security Affairs Malware Newsletter - Round 5
h5 Security Affairs newsletter Round 483 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 US sued TikTok and ByteDance for violating children’s privacy laws
h5 Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware
h5 Investors sued CrowdStrike over false claims about its Falcon platform
h5 Avtech camera vulnerability actively exploited in the wild, CISA warns
h5 U.S. released Russian cybercriminals in diplomatic prisoner exchange
h5 Sitting Ducks attack technique exposes over a million domains to hijacking
h5 Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085
h5 BingoMod Android RAT steals money from victims' bank accounts and wipes data
h5 A ransomware attack disrupted operations at OneBlood blood bank
h5 Apple fixed dozens of vulnerabilities in iOS and macOS
h5 Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families
h5 A Fortune 50 company paid a record-breaking $75 million ransom
h5 CISA adds VMware ESXi bug to its Known Exploited Vulnerabilities catalog
h5 Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022
h5 SideWinder phishing campaign targets maritime facilities in multiple countries
h5 A crafty phishing campaign targets Microsoft OneDrive users
h5 Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085
h5 Acronis Cyber Infrastructure bug actively exploited in the wild
h5 Fake Falcon crash reporter installer used to target German Crowdstrike users
h5 Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware
h5 French authorities launch disinfection operation to eradicate PlugX malware from infected hosts
h5 Security Affairs Malware Newsletter - Round 4
h5 Security Affairs newsletter Round 482 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Ukraine's cyber operation shut down the ATM services of major Russian banks
h5 A bug in Chrome Password Manager caused user credentials to disappear
h5 BIND updates fix four high-severity DoS bugs in the DNS software suite
h5 Terrorist Activity is Accelerating in Cyberspace - Risk Precursor to Summer Olympics and Elections
h5 Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server
h5 Critical bug in Docker Engine allowed attackers to bypass authorization plugins
h5 Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers
h5 Michigan Medicine data breach impacted 56953 patients
h5 U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog
h5 China-linked APT group uses new Macma macOS backdoor version
h5 FrostyGoop ICS malware targets Ukraine
h5 Hackers abused swap files in e-skimming attacks on Magento sites
h5 US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group
h5 EvilVideo, a Telegram Android zero-day allowed sending malicious APKs disguised as videos
h5 SocGholish malware used to spread AsyncRAT malware
h5 UK police arrested a 17-year-old linked to the Scattered Spider gang
h5 Security Affairs Malware Newsletter - Round 3
h5 Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog
h5 Threat actors attempted to capitalize CrowdStrike incident
h5 Russian nationals plead guilty to participating in the LockBit ransomware group
h5 MediSecure data breach impacted 12.9 million individuals
h5 CrowdStrike update epic fail crashed Windows systems worldwide
h5 Cisco fixed a critical flaw in Security Email Gateway that could allow attackers to add root users
h5 SAPwned flaws in SAP AI core could expose customers' data
h5 Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums
h5 How to Protect Privacy and Build Secure AI Products
h5 A critical flaw in Cisco SSM On-Prem allows attackers to change any user's password
h5 MarineMax data breach impacted over 123,000 individuals
h5 Void Banshee exploits CVE-2024-38112 zero-day to spread malware
h5 The Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal
h5 CISA adds OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog
h5 Kaspersky leaves U.S. market following the ban on the sale of its software in the country
h5 FBI unlocked the phone of the suspect in the assassination attempt on Donald Trump
h5 Ransomware groups target Veeam Backup & Replication bug
h5 AT&T paid a $370,000 ransom to prevent stolen data from being leaked
h5 HardBit ransomware version 4.0 supports new obfuscation techniques
h5 Dark Gate malware campaign uses Samba file shares
h5 Security Affairs Malware Newsletter - Round 2
h5 Security Affairs newsletter Round 480 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations
h5 Rite Aid disclosed data breach following RansomHub ransomware attack
h5 New AT&T data breach exposed call logs of almost all customers
h5 Critical flaw in Exim MTA could allow to deliver malware to users' inboxes
h5 Palo Alto Networks fixed a critical bug in the Expedition tool
h5 Smishing Triad Is Targeting India To Steal Personal and Payment Data at Scale
h5 October ransomware attack on Dallas County impacted over 200,000 people
h5 CrystalRay operations have scaled 10x to over 1,500 victims
h5 Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware
h5 AI-Powered Russia's bot farm operates on X, US and its allies warn
h5 VMware fixed critical SQL-Injection in Aria Automation product
h5 Citrix fixed critical and high-severity bugs in NetScaler product
h5 A new flaw in OpenSSH can lead to remote code execution
h5 Microsoft Patch Tuesday for July 2024 fixed 2 actively exploited zero-days
h5 U.S. CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog
h5 Evolve Bank data breach impacted over 7.6 million individuals
h5 More than 31 million customer email addresses exposed following Neiman Marcus data breach
h5 Avast released a decryptor for DoNex Ransomware and its predecessors
h5 RockYou2024 compilation containing 10 billion passwords was leaked online
h5 Critical Ghostscript flaw exploited in the wild. Patch it now!
h5 Apple removed 25 VPN apps from the App Store in Russia following Moscow's requests
h5 CISA adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog
h5 Apache fixed a source code disclosure flaw in Apache HTTP Server
h5 Security Affairs Malware Newsletter - Round 1
h5 Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Alabama State Department of Education suffered a data breach following a blocked attack
h5 GootLoader is still active and efficient
h5 Hackers stole OpenAI secrets in a 2023 security breach
h5 Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes
h5 Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain
h5 New Golang-based Zergeca Botnet appeared in the threat landscape
h5 Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus
h5 Hackers compromised Ethereum mailing list and launched a crypto draining attack
h5 OVHcloud mitigated a record-breaking DDoS attack in April 2024
h5 Healthcare fintech firm HealthEquity disclosed a data breach
h5 Brazil data protection authority bans Meta from training AI models with data originating in the country
h5 Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform
h5 Operation Morpheus took down 593 Cobalt Strike servers used by threat actors
h5 LockBit group claims the hack of the Fairfield Memorial Hospital in the US
h5 American Patelco Credit Union suffered a ransomware attack
h5 Polish government investigates Russia-linked cyberattack on state news agency
h5 Evolve Bank data breach impacted fintech firms Wise and Affirm
h5 Prudential Financial data breach impacted over 2.5 million individuals
h5 Australian man charged for Evil Twin Wi-Fi attacks on domestic flights
h5 China-linked APT exploited Cisco NX-OS zero-day to deploy custom malware
h5 Critical unauthenticated remote code execution flaw in OpenSSH server
h5 Monti gang claims the hack of the Wayne Memorial Hospital in Pennsylvania
h5 Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769
h5 Russia-linked Midnight Blizzard stole email of more Microsoft customers
h5 Russia-linked group APT29 likely breached TeamViewer's corporate network
h5 Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Infosys McCamish Systems data breach impacted over 6 million people
h5 A cyberattack shut down the University Hospital Centre Zagreb in Croatia
h5 US announces a $10M reward for Russia's GRU hacker behind attacks on Ukraine
h5 LockBit group falsely claimed the hack of the Federal Reserve
h5 CISA adds GeoSolutionsGroup JAI-EXT, Linux Kernel, and Roundcube Webmail bugs to its Known Exploited Vulnerabilities catalog
h5 New P2Pinfect version delivers miners and ransomware on Redis servers
h5 New MOVEit Transfer critical bug is actively exploited
h5 New Caesar Cipher Skimmer targets popular CMS used by e-stores
h5 Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw
h5 Wikileaks founder Julian Assange is free
h5 CISA confirmed that its CSAT environment was breached in January.
h5 Threat actors compromised 1,590 CoinStats crypto wallets
h5 Experts observed approximately 120 malicious campaigns using the Rafel RAT
h5 LockBit claims the hack of the US Federal Reserve
h5 Ransomware threat landscape Jan-Apr 2024: insights and challenges
h5 ExCobalt Cybercrime group targets Russian organizations in multiple sectors
h5 Threat actor attempts to sell 30 million customer records allegedly stolen from TEG
h5 Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Threat actors are actively exploiting SolarWinds Serv-U bug CVE-2024-28995
h5 US government sanctions twelve Kaspersky Lab executives
h5 Experts found a bug in the Linux version of RansomHub ransomware
h5 UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models
h5 Russia-linked APT Nobelium targets French diplomatic entities
h5 US bans sale of Kaspersky products due to risks to national security
h5 Atlassian fixed six high-severity bugs in Confluence Data Center and Server
h5 China-linked spies target Asian Telcos since at least 2021
h5 New Rust infostealer Fickle Stealer spreads through various attack methods
h5 An unpatched bug allows anyone to impersonate Microsoft corporate email accounts
h5 Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
h5 Alleged researchers stole $3 million from Kraken exchange
h5 Google Chrome 126 update addresses multiple high-severity flaws
h5 Chip maker giant AMD investigates a data breach
h5 Cryptojacking campaign targets exposed Docker APIs
h5 VMware fixed RCE and privilege escalation bugs in vCenter Server
h5 Meta delays training its AI using public content shared by EU users
h5 Keytronic confirms data breach after ransomware attack
h5 The Financial Dynamics Behind Ransomware Attacks
h5 Empire Market owners charged with operating $430M dark web marketplace
h5 China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign
h5 LA County’s Department of Public Health (DPH) data breach impacted over 200,000 individuals
h5 Spanish police arrested an alleged member of the Scattered Spider group
h5 Online job offers, the reshipping and money mule scams
h5 Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 ASUS fixed critical remote authentication bypass bug in several routers
h5 London hospitals canceled over 800 operations in the week after Synnovis ransomware attack
h5 DORA Compliance Strategy for Business Leaders
h5 CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog
h5 City of Cleveland still working to fully restore systems impacted by a cyber attack
h5 Google fixed an actively exploited zero-day in the Pixel Firmware
h5 Multiple flaws in Fortinet FortiOS fixed
h5 CISA adds Arm Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog
h5 Ukraine Police arrested a hacker who developed a crypter used by Conti and LockBit ransomware operation
h5 JetBrains fixed IntelliJ IDE flaw exposing GitHub access tokens
h5 Microsoft Patch Tuesday security updates for June 2024 fixed only one critical issue
h5 Cylance confirms the legitimacy of data offered for sale in the dark web
h5 Arm zero-day in Mali GPU Drivers actively exploited in the wild
h5 Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. Patch it now!
h5 Japanese video-sharing platform Niconico was victim of a cyber attack
h5 UK NHS call for O-type blood donations following ransomware attack on London hospitals
h5 Christie’s data breach impacted 45,798 individuals
h5 Sticky Werewolf targets the aviation industry in Russia and Belarus
h5 Frontier Communications data breach impacted over 750,000 individuals
h5 PHP addressed critical RCE flaw potentially impacting millions of servers
h5 Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform
h5 Pandabuy was extorted twice by the same threat actor
h5 UAC-0020 threat actor used the SPECTR Malware to target Ukraine's defense forces
h5 A new Linux version of TargetCompany ransomware targets VMware ESXi environments
h5 FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support
h5 RansomHub operation is a rebranded version of the Knight RaaS
h5 Malware can steal data collected by the Windows Recall tool, experts warn
h5 Cisco addressed Webex flaws used to compromise German government meetings
h5 CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs
h5 Zyxel addressed three RCEs in end-of-life NAS devices
h5 A ransomware attack on Synnovis impacted several London hospitals
h5 RansomHub gang claims the hack of the telecommunications giant Frontier Communications
h5 Cybercriminals attack banking customers in EU with V3B phishing kit - PhotoTAN and SmartID supported.
h5 Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers
h5 Multiple flaws in Cox modems could have impacted millions of devices
h5 CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog
h5 Spanish police shut down illegal TV streaming network
h5 APT28 targets key networks in Europe with HeadLace malware
h5 Experts found information of European politicians on the dark web
h5 FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware
h5 Security Affairs newsletter Round 474 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Ticketmaster confirms data breach impacting 560 million customers
h5 Critical Apache Log4j2 flaw still threatens global finance
h5 Crooks stole more than $300M worth of Bitcoin from the exchange DMM Bitcoin
h5 ShinyHunters is selling data of 30 million Santander customers
h5 Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours
h5 LilacSquid APT targeted organizations in the U.S., Europe, and Asia since at least 2021
h5 BBC disclosed a data breach impacting its Pension Scheme members
h5 CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog
h5 Experts found a macOS version of the sophisticated LightSpy spyware
h5 Operation Endgame, the largest law enforcement operation ever against botnets
h5 Law enforcement operation dismantled 911 S5 botnet
h5 Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature
h5 Check Point released hotfix for actively exploited VPN zero-day
h5 ABN Amro discloses data breach following an attack on a third-party provider
h5 Christie disclosed a data breach after a RansomHub attack
h5 Experts released PoC exploit code for RCE in Fortinet SIEM
h5 WordPress Plugin abused to install e-skimmers in e-commerce sites
h5 TP-Link Archer C5400X gaming router is affected by a critical flaw
h5 Sav-Rx data breach impacted over 2.8 million individuals
h5 The Impact of Remote Work and Cloud Migrations on Security Perimeters
h5 New ATM Malware family emerged in the threat landscape
h5 A high-severity vulnerability affects Cisco Firepower Management Center
h5 CERT-UA warns of malware campaign conducted by threat actor UAC-0006
h5 Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack
h5 Fake AV websites used to distribute info-stealer malware
h5 MITRE December 2023 attack: Threat actors created rogue VMs to evade detection
h5 An XSS flaw in GitLab allows attackers to take over accounts
h5 Google fixes eighth actively exploited Chrome zero-day this year, the third in a month
h5 CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog
h5 Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors
h5 Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns
h5 APT41: The threat of KeyPlug against Italian industries
h5 Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM)
h5 Chinese actor 'Unfading Sea Haze' remained undetected for five years
h5 A consumer-grade spyware app found in check-in systems of 3 US hotels
h5 Critical Veeam Backup Enterprise Manager authentication bypass bug
h5 Cybercriminals are targeting elections in India with influence campaigns
h5 Critical GitHub Enterprise Server Authentication Bypass bug. Fix it now!
h5 OmniVision disclosed a data breach after the 2023 Cactus ransomware attack
h5 CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog
h5 Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors
h5 Experts warn of a flaw in Fluent Bit utility that is used by major cloud platforms and firms
h5 Experts released PoC exploit code for RCE in QNAP QTS
h5 GitCaught campaign relies on Github and Filezilla to deliver multiple malware
h5 Two students uncovered a flaw that allows to use laundry machines for free
h5 Grandoreiro Banking Trojan is back and targets banks worldwide
h5 Healthcare firm WebTPA data breach impacted 2.5 million individuals
h5 Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 North Korea-linked Kimsuky used a new Linux backdoor in recent attacks
h5 North Korea-linked IT workers infiltrated hundreds of US firms
h5 Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs
h5 City of Wichita disclosed a data breach after the recent ransomware attack
h5 CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog
h5 CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog
h5 North Korea-linked Kimsuky APT attack targets victims via Messenger
h5 Electronic prescription provider MediSecure impacted by a ransomware attack
h5 Google fixes seventh actively exploited Chrome zero-day this year, the third in a week
h5 Santander: a data breach at a third-party provider impacted customers and employees
h5 FBI seized the notorious BreachForums hacking forum
h5 A Tornado Cash developer has been sentenced to 64 months in prison
h5 Adobe fixed multiple critical flaws in Acrobat and Reader
h5 Ransomware attack on Singing River Health System impacted 895,000 people
h5 Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days
h5 VMware fixed zero-day flaws demonstrated at Pwn2Own Vancouver 2024
h5 MITRE released EMB3D Threat Model for embedded devices
h5 Google fixes sixth actively exploited Chrome zero-day this year
h5 Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware
h5 Threat actors may have exploited a zero-day in older iPhones, Apple warns
h5 City of Helsinki suffered a data breach
h5 Russian hackers defaced local British news sites
h5 Australian Firstmac Limited disclosed a data breach after cyber attack
h5 Pro-Russia hackers targeted Kosovo’s government websites
h5 Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide
h5 Ohio Lottery data breach impacted over 538,000 individuals
h5 Notorius threat actor IntelBroker claims the hack of the Europol
h5 A cyberattack hit the US healthcare giant Ascension
h5 Google fixes fifth actively exploited Chrome zero-day this year
h5 Russia-linked APT28 targets government Polish institutions
h5 Citrix warns customers to update PuTTY version installed on their XenCenter system manually
h5 Dell discloses data breach impacting millions of customers
h5 Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs
h5 Zscaler is investigating data breach claims
h5 Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover
h5 LockBit gang claimed responsibility for the attack on City of Wichita
h5 New TunnelVision technique can bypass the VPN encapsulation
h5 LiteSpeed Cache WordPress plugin actively exploited in the wild
h5 Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606
h5 UK Ministry of Defense disclosed a third-party data breach exposing military personnel data
h5 Law enforcement agencies identified LockBit ransomware admin and sanctioned him
h5 MITRE attributes the recent attack to China-linked UNC5221
h5 Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering
h5 City of Wichita hit by a ransomware attack
h5 El Salvador suffered a massive leak of biometric data
h5 Finland authorities warn of Android malware campaign targeting bank users
h5 Ransomware drama: Law enforcement seized Lockbit group's website again
h5 NATO and the EU formally condemned Russia-linked APT28 cyber espionage
h5 Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Blackbasta gang claimed responsibility for Synlab Italia attack
h5 LockBit published data stolen from Simone Veil hospital in Cannes
h5 Russia-linked APT28 and crooks are still using the Moobot botnet
h5 Dirty stream attack poses billions of Android installs at risk
h5 ZLoader Malware adds Zeus's anti-analysis feature
h5 Ukrainian REvil gang member sentenced to 13 years in prison
h5 HPE Aruba Networking addressed four critical ArubaOS RCE flaws
h5 Threat actors hacked the Dropbox Sign production environment
h5 CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog
h5 Panda Restaurant Group disclosed a data breach
h5 Ex-NSA employee sentenced to 262 months in prison for attempting to transfer classified documents to Russia
h5 Cuttlefish malware targets enterprise-grade SOHO routers
h5 A flaw in the R programming language could allow code execution
h5 Muddling Meerkat, a mysterious DNS Operation involving China's Great Firewall
h5 Notorious Finnish Hacker sentenced to more than six years in prison
h5 CISA guidelines to protect critical infrastructure against AI-based threats
h5 NCSC: New UK law bans default passwords on smart devices
h5 The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data
h5 Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023
h5 Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals
h5 Cyber-Partisans hacktivists claim to have breached Belarus KGB
h5 The Los Angeles County Department of Health Services disclosed a data breach
h5 Multiple Brocade SANnav SAN Management SW flaws allow device compromise
h5 ICICI Bank exposed credit card data of 17000 customers
h5 Okta warns of unprecedented scale in credential stuffing attacks on online services
h5 Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Targeted operation against Ukraine exploited 7-year-old MS Office bug
h5 Hackers may have accessed thousands of accounts on the California state welfare platform
h5 Brokewell Android malware supports an extensive set of Device Takeover capabilities
h5 Experts warn of an ongoing malware campaign targeting WP-Automatic plugin
h5 Cryptocurrencies and cybercrime: A critical intermingling
h5 Kaiser Permanente data breach may have impacted 13.4 million patients
h5 Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug
h5 Sweden’s liquor supply severely impacted by ransomware attack on logistics company
h5 CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog
h5 CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog
h5 DOJ arrested the founders of crypto mixer Samourai for facilitating $2 Billion in illegal transactions
h5 Google fixed critical Chrome vulnerability CVE-2024-4058
h5 Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks
h5 Hackers hijacked the eScan Antivirus update mechanism in malware campaign
h5 US offers a $10 million reward for information on four Iranian nationals
h5 The street lights in Leicester City cannot be turned off due to a cyber attack
h5 North Korea-linked APT groups target South Korean defense contractors
h5 U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity
h5 A cyber attack paralyzed operations at Synlab Italia
h5 Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw
h5 Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities
h5 A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites
h5 Akira ransomware received $42M in ransom payments from over 250 victims
h5 DuneQuixote campaign targets the Middle East with a complex backdoor
h5 Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Critical CrushFTP zero-day exploited in attacks in the wild
h5 A French hospital was forced to reschedule procedures after cyberattack
h5 MITRE revealed that nation-state actors breached its systems via Ivanti zero-days
h5 FBI chief says China is preparing to attack US critical infrastructure
h5 United Nations Development Programme (UNDP) investigates data breach
h5 FIN7 targeted a large U.S. carmaker with phishing attacks
h5 Law enforcement operation dismantled phishing-as-a-service platform LabHost
h5 Previously unknown Kapeka backdoor linked to Russian Sandworm APT
h5 Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available
h5 Linux variant of Cerber ransomware targets Atlassian servers
h5 Ivanti fixed two critical flaws in its Avalanche MDM
h5 Researchers released exploit code for actively exploited Palo Alto PAN-OS bug
h5 Cisco warns of large-scale brute-force attacks against VPN and SSH services
h5 PuTTY SSH Client flaw allows of private keys recovery
h5 A renewed espionage campaign targets South Asia with iOS spyware LightSpy
h5 Misinformation and hacktivist campaigns targeting the Philippines skyrocket
h5 Russia is trying to sabotage European railways, Czech minister said
h5 Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia
h5 Cisco Duo warns telephony supplier data breach exposed MFA SMS logs
h5 Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets
h5 CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog
h5 Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor
h5 U.S. and Australian police arrested Firebird RAT author and operator
h5 Canadian retail chain Giant Tiger data breach may have impacted millions of customers
h5 Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Crooks manipulate GitHub's search results to distribute malware
h5 BatBadBut flaw allowed an attacker to perform command injection on Windows
h5 Roku disclosed a new security breach impacting 576,000 accounts
h5 LastPass employee targeted via an audio deepfake call
h5 TA547 targets German organizations with Rhadamanthys malware
h5 CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog
h5 US CISA published an alert on the Sisense data breach
h5 Palo Alto Networks fixed multiple DoS bugs in its firewalls
h5 Apple warns of mercenary spyware attacks on iPhone users in 92 countries
h5 Microsoft fixed two zero-day bugs exploited in malware attacks
h5 Group Health Cooperative data breach impacted 530,000 individuals
h5 AT&T states that the data breach impacted 51 million former and current customers
h5 Fortinet fixed a critical remote code execution bug in FortiClientLinux
h5 Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues
h5 Cybersecurity in the Evolving Threat Landscape
h5 Over 91,000 LG smart TVs running webOS are vulnerable to hacking
h5 ScrubCrypt used to drop VenomRAT along with many malicious plugins
h5 Google announces V8 Sandbox to protect Chrome users
h5 China is using generative AI to carry out influence operations
h5 Greylock McKinnon Associates data breach exposed DOJ data of 341650 people
h5 Crowdfense is offering a larger 30M USD exploit acquisition program
h5 U.S. Department of Health warns of attacks against IT help desks
h5 Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Over 92,000 Internet-facing D-Link NAS devices can be easily hacked
h5 More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894
h5 Cisco warns of XSS flaw in end-of-life small business routers
h5 Magento flaw exploited to deploy persistent backdoor hidden in XML
h5 Cyberattack disrupted services at Omni Hotels & Resorts
h5 HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks
h5 US cancer center City of Hope: data breach impacted 827149 individuals
h5 Ivanti fixed for 4 new issues in Connect Secure and Policy Secure
h5 Jackson County, Missouri, discloses a ransomware attack
h5 Google addressed another Chrome zero-day exploited at Pwn2Own in March
h5 The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse
h5 Google fixed two actively exploited Pixel vulnerabilities
h5 Highly sensitive files mysteriously disappeared from EUROPOL headquarters
h5 XSS flaw in WordPress WP-Members Plugin can lead to script injection
h5 Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor
h5 Google agreed to erase billions of browser records to settle a class action lawsuit
h5 PandaBuy data breach allegedly impacted over 1.3 million customers
h5 OWASP discloses a data breach
h5 New Vultur malware version includes enhanced remote control and evasion capabilities
h5 Pentagon established the Office of the Assistant Secretary of Defense for Cyber Policy
h5 Info stealer attacks target macOS users
h5 Security Affairs newsletter Round 465 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 DinodasRAT Linux variant targets users worldwide
h5 AT&T confirmed that a data breach impacted 73 million customers
h5 Expert found a backdoor in XZ tools used many Linux distributions
h5 German BSI warns of 17,000 unpatched Microsoft Exchange servers
h5 Cisco warns of password-spraying attacks targeting Secure Firewall devices
h5 American fast-fashion firm Hot Topic hit by credential stuffing attacks
h5 Cisco addressed high-severity flaws in IOS and IOS XE software
h5 Google: China dominates government exploitation of zero-day vulnerabilities in 2023
h5 Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024
h5 CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog
h5 The DDR Advantage: Real-Time Data Defense
h5 Finnish police linked APT31 to the 2021 parliament attack
h5 TheMoon bot infected 40,000 devices in January and February
h5 UK, New Zealand against China-linked cyber operations
h5 US Treasury Dep announced sanctions against members of China-linked APT31
h5 CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog
h5 Iran-Linked APT TA450 embeds malicious links in PDF attachments
h5 StrelaStealer targeted over 100 organizations across the EU and US
h5 GoFetch side-channel attack against Apple systems allows secret keys extraction
h5 Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr
h5 Russia-linked APT29 targeted German political parties with WINELOADER backdoor
h5 Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024
h5 Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites
h5 German police seized the darknet marketplace Nemesis Market
h5 Unsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic locks
h5 Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days
h5 Critical Fortinet's FortiClient EMS flaw actively exploited in the wild
h5 Pwn2Own Vancouver 2024 Day 1 - team Synacktiv hacked a Tesla
h5 New Loop DoS attack may target 300,000 vulnerable hosts
h5 Critical flaw in Atlassian Bamboo Data Center and Server must be fixed immediately
h5 Threat actors actively exploit JetBrains TeamCity flaws to deliver malware
h5 BunnyLoader 3.0 surfaces in the threat landscape
h5 Pokemon Company resets some users' passwords
h5 Ukraine cyber police arrested crooks selling 100 million compromised accounts
h5 New AcidPour wiper targets Linux x86 devices. Is it a Russia's weapon?
h5 Players hacked during the matches of Apex Legends Global Series. Tournament suspended
h5 Earth Krahang APT breached tens of government organizations worldwide
h5 PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released
h5 Fujitsu suffered a malware attack and probably a data breach
h5 Remove WordPress miniOrange plugins, a critical flaw can allow site takeover
h5 The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats
h5 Email accounts of the International Monetary Fund compromised
h5 Threat actors leaked 70,000,000+ records allegedly stolen from AT&T
h5 “gitgub” malware campaign targets Github users with RisePro info-stealer
h5 Security Affairs newsletter Round 463 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 France Travail data breach impacted 43 Million people
h5 Scranton School District in Pennsylvania suffered a ransomware attack
h5 Lazarus APT group returned to Tornado Cash to launder stolen funds
h5 Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case
h5 UK Defence Secretary jet hit by an electronic warfare attack in Poland
h5 Cisco fixed high-severity elevation of privilege and DoS bugs
h5 Recent DarkGate campaign exploited Microsoft Windows zero-day
h5 Nissan Oceania data breach impacted roughly 100,000 people
h5 Researchers found multiple flaws in ChatGPT plugins
h5 Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS
h5 Acer Philippines disclosed a data breach after a third-party vendor hack
h5 Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack
h5 Microsoft Patch Tuesday security updates for March 2024 fixed 59 flaws
h5 Russia's Foreign Intelligence Service (SVR) alleges US is plotting to interfere in presidential election
h5 First-ever South Korean national detained for espionage in Russia
h5 Insurance scams via QR codes: how to recognise and defend yourself
h5 Massive cyberattacks hit French government agencies
h5 BianLian group exploits JetBrains TeamCity bugs in ransomware attacks
h5 Experts released PoC exploit for critical Progress Software OpenEdge bug
h5 Magnet Goblin group used a new Linux variant of NerbianRAT malware
h5 Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites
h5 Lithuania security services warn of China's espionage against the country
h5 Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Threat actors breached two crucial systems of the US CISA
h5 CISA adds JetBrains TeamCity bug to its Known Exploited Vulnerabilities catalog
h5 Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices
h5 QNAP fixed three flaws in its NAS devices, including an authentication bypass
h5 Russia-linked Midnight Blizzard breached Microsoft systems again
h5 Cisco addressed severe flaws in its Secure Client
h5 Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.
h5 2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023
h5 National intelligence agency of Moldova warns of Russia attacks ahead of the presidential election
h5 CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog
h5 Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers
h5 CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
h5 Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks
h5 LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage
h5 Apple emergency security updates fix two new iOS zero-days
h5 VMware urgent updates addressed Critical ESXi Sandbox Escape bugs
h5 US Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacks
h5 CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
h5 Experts disclosed two severe flaws in JetBrains TeamCity On-Premises software
h5 Ukraine's GUR hacked the Russian Ministry of Defense
h5 Some American Express customers' data exposed in a third-party data breach
h5 META hit with privacy complaints by EU consumer groups
h5 New GTPDOOR backdoor is designed to target telecom carrier networks
h5 Threat actors hacked Taiwan-based Chunghwa Telecom
h5 New Linux variant of BIFROSE RAT uses deceptive domain strategies
h5 Eken camera doorbells allow ill-intentioned individuals to spy on you
h5 Security Affairs newsletter Round 461 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp
h5 U.S. authorities charged an Iranian national for long-running hacking campaign
h5 US cyber and law enforcement agencies warn of Phobos ransomware attacks
h5 Police seized Crimemarket, the largest German-speaking cybercrime marketplace
h5 Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws
h5 Crooks stole €15 Million from European retail company Pepco
h5 CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog
h5 Researchers found a zero-click Facebook account takeover
h5 New SPIKEDWINE APT group is targeting officials in Europe
h5 Is the LockBit gang resuming its operation?
h5 Lazarus APT exploited zero-day in Windows driver to gain kernel privileges
h5 Pharmaceutical giant Cencora discloses a data breach
h5 Unmasking 2024's Email Security Landscape
h5 FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector
h5 Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations
h5 Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs
h5 XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk
h5 Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES
h5 New Redis miner Migo uses novel system weakening techniques
h5 Critical flaw found in deprecated VMware EAP. Uninstall it immediately
h5 Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers
h5 ConnectWise fixed critical flaws in ScreenConnect remote access tool
h5 More details about Operation Cronos that disrupted Lockbit operation
h5 Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric
h5 Operation Cronos: law enforcement disrupted the LockBit operation
h5 A Ukrainian Raccoon Infostealer operator is awaiting trial in the US
h5 Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS
h5 How BRICS Got "Rug Pulled" – Cryptocurrency Counterfeiting is on the Rise
h5 SolarWinds addressed critical RCEs in Access Rights Manager (ARM)
h5 ESET fixed high-severity local privilege escalation bug in Windows products
h5 Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes
h5 CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks
h5 CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog
h5 US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders
h5 U.S. CISA: hackers breached a state government organization
h5 Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs
h5 US Gov dismantled the Moobot botnet controlled by Russia-linked APT28
h5 A cyberattack halted operations at Varta production plants
h5 North Korea-linked actors breached the emails of a Presidential Office member
h5 CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog
h5 Nation-state actors are using AI services and LLMs for cyberattacks
h5 Abusing the Ubuntu 'command-not-found' utility to install malicious packages
h5 Zoom fixed critical flaw CVE-2024-24691 in Windows software
h5 Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader
h5 Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days
h5 A ransomware attack took 100 Romanian hospitals down
h5 Bank of America customer data compromised after a third-party services provider data breach
h5 Ransomfeed - Third Quarter Report 2023 is out!
h5 Global Malicious Activity Targeting Elections is Skyrocketing
h5 Researchers released a free decryption tool for the Rhysida Ransomware
h5 Residential Proxies vs. Datacenter Proxies: Choosing the Right Option
h5 CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog
h5 Canada Gov plans to ban the Flipper Zero to curb car thefts
h5 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data
h5 US Feds arrested two men involved in the Warzone RAT operation
h5 Raspberry Robin spotted using two new 1-day LPE exploits
h5 Security Affairs newsletter Round 458 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog
h5 macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations
h5 Exploiting a vulnerable Minifilter Driver to create a process killer
h5 Black Basta ransomware gang hacked Hyundai Motor Europe
h5 Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN
h5 Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices
h5 26 Cyber Security Stats Every User Should Be Aware Of in 2024
h5 US offers $10 million reward for info on Hive ransomware group leaders
h5 Unraveling the truth behind the DDoS attack from electric toothbrushes
h5 China-linked APT Volt Typhoon remained undetected for years in US infrastructure
h5 Cisco fixes critical Expressway Series CSRF vulnerabilities
h5 CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog
h5 Fortinet addressed two critical FortiSIEM vulnerabilities
h5 Experts warn of a critical bug in JetBrains TeamCity On-Premises
h5 Critical shim bug impacts every Linux boot loader signed in the past decade
h5 China-linked APT deployed malware in a network of the Dutch Ministry of Defence
h5 Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG
h5 Google fixed an Android critical remote code execution flaw
h5 A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e
h5 U.S. Gov imposes visa restrictions on individuals misusing Commercial Spyware
h5 HPE is investigating claims of a new security breach
h5 Experts warn of a surge of attacks targeting Ivanti SSRF flaw
h5 How to hack the Airbus NAVBLUE Flysmart+ Manager
h5 Crooks stole $25.5 million from a multinational firm using a 'deepfake' video call
h5 Software firm AnyDesk disclosed a security breach
h5 The 'Mother of all Breaches': Navigating the Aftermath and Fortifying Your Data with DSPM
h5 US government imposed sanctions on six Iranian intel officials
h5 A cyberattack impacted operations at Lurie Children's Hospital
h5 AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web
h5 Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Clorox estimates the costs of the August cyberattack will exceed $49 Million
h5 Mastodon fixed a flaw that can allow the takeover of any account
h5 Iranian hackers breached Albania’s Institute of Statistics (INSTAT)
h5 Operation Synergia led to the arrest of 31 individuals
h5 Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison
h5 Cloudflare breached on Thanksgiving Day, but the attack was promptly contained
h5 PurpleFox malware infected at least 2,000 computers in Ukraine
h5 Man sentenced to six years in prison for stealing millions in cryptocurrency via SIM swapping
h5 CISA orders federal agencies to disconnect Ivanti VPN instances by February 2
h5 Multiple malware used in attacks exploiting Ivanti VPN flaws
h5 Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k
h5 Crooks stole around $112 million worth of XRP from Ripple’s co-founder
h5 CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog
h5 Ivanti warns of a new actively exploited zero-day
h5 Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware
h5 Data leak at fintech giant Direct Trading Technologies
h5 Root access vulnerability in GNU Library C (glibc) impacts many Linux distros
h5 Italian data protection authority said that ChatGPT violated EU privacy laws
h5 750 million Indian mobile subscribers' data offered for sale on dark web
h5 Juniper Networks released out-of-band updates to fix high-severity flaws
h5 Hundreds of network operators’ credentials found circulating in Dark Web
h5 Cactus ransomware gang claims the Schneider Electric hack
h5 Mercedes-Benz accidentally exposed sensitive data, including source code
h5 Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords
h5 NSA buys internet browsing records from data brokers without a warrant
h5 Ukraine’s SBU arrested a member of Pro-Russia hackers group 'Cyber Army of Russia'
h5 Multiple PoC exploits released for Jenkins flaw CVE-2024-23897
h5 Medusa ransomware attack hit Kansas City Area Transportation Authority
h5 Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center
h5 Participants earned more than $1.3M at the Pwn2Own Automotive competition
h5 A TrickBot malware developer sentenced to 64 months in prison
h5 Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns
h5 Watch out, experts warn of a critical flaw in Jenkins
h5 Pwn2Own Automotive 2024 Day 2 - Tesla hacked again
h5 Yearly Intel Trend Review: The 2023 RedSense report
h5 Cisco warns of a critical bug in Unified Communications products, patch it now!
h5 Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)
h5 CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog
h5 5379 GitLab servers vulnerable to zero-click account takeover attacks
h5 Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204
h5 Splunk fixed high-severity flaw impacting Windows versions
h5 Watch out, a new critical flaw affects Fortra GoAnywhere MFT
h5 Australian government announced sanctions for Medibank hacker
h5 LoanDepot data breach impacted roughly 16.6 individuals
h5 Black Basta gang claims the hack of the UK water utility Southern Water
h5 CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog
h5 Mother of all breaches - a historic data leak reveals 26 billion records: check what's exposed
h5 Apple fixed actively exploited zero-day CVE-2024-23222
h5 “My Slice”, an Italian adaptive phishing campaign
h5 Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell
h5 Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web
h5 Backdoored pirated applications targets Apple macOS users
h5 LockBit ransomware gang claims the attack on the sandwich chain Subway
h5 Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Admin of the BreachForums hacking forum sentenced to 20 years supervised release
h5 VF Corp December data breach impacts 35 million customers
h5 China-linked APT UNC3886 exploits VMware zero-day since 2021
h5 Ransomware attacks break records in 2023: the number of victims rose by 128%
h5 U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082
h5 The Quantum Computing Cryptopocalypse – I’ll Know It When I See It
h5 Kansas State University suffered a serious cybersecurity incident
h5 CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog
h5 Google TAG warns that Russian COLDRIVER APT is using a custom backdoor
h5 PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts
h5 iShutdown lightweight method allows to discover spyware infections on iPhones
h5 Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos
h5 Github rotated credentials after the discovery of a vulnerability
h5 FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation
h5 Citrix warns admins to immediately patch NetScaler for actively exploited zero-days
h5 Google fixed the first actively exploited Chrome zero-day of 2024
h5 Atlassian fixed critical RCE in older Confluence versions
h5 VMware fixed a critical flaw in Aria Automation. Patch it now!
h5 Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws
h5 Experts warn of a vulnerability affecting Bosch BCC100 Thermostat
h5 Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack
h5 Phemedrone info stealer campaign exploits Windows smartScreen bypass
h5 Balada Injector continues to infect thousands of WordPress sites
h5 Attackers target Apache Hadoop and Flink to deliver cryptominers
h5 Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic
h5 Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 GitLab fixed a critical zero-click account hijacking flaw
h5 Juniper Networks fixed a critical RCE bug in its firewalls and switches
h5 Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election
h5 Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467
h5 Team Liquid’s wiki leak exposes 118K users
h5 CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog
h5 Two zero-day bugs in Ivanti Connect Secure actively exploited
h5 X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected
h5 Cisco fixed critical Unity Connection vulnerability CVE-2024-20272
h5 ShinyHunters member sentenced to three years in prison
h5 HMG Healthcare disclosed a data breach
h5 Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval
h5 Decryptor for Tortilla variant of Babuk ransomware released
h5 Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws
h5 CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog
h5 Syrian group Anonymous Arabic distributes stealthy malware Silver RAT
h5 Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications
h5 DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace
h5 Long-existing Bandook RAT targets Windows machines
h5 A cyber attack hit the Beirut International Airport
h5 Iranian crypto exchange Bit24.cash leaks user passports and IDs
h5 Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Turkish Sea Turtle APT targets Dutch IT and Telecom firms
h5 Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea
h5 Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages
h5 The source code of Zeppelin Ransomware sold on a hacking forum
h5 Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months
h5 Ivanti fixed a critical EPM flaw that can result in remote code execution
h5 MyEstatePoint Property Search Android app leaks user passwords
h5 Hacker hijacked Orange Spain RIPE account causing internet outage to company customers
h5 HealthEC data breach impacted more than 4.5 Million people
h5 Experts found 3 malicious packages hiding crypto miners in PyPi repository
h5 Crooks hacked Mandiant X account to push cryptocurrency scam
h5 Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud
h5 CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
h5 Don’t trust links with known domains: BMW affected by redirect vulnerability
h5 Hackers stole more than $81 million worth of crypto assets from Orbit Chain
h5 Ukraine’s SBU said that Russia's intelligence hacked surveillance cameras to direct a missile strike on Kyiv
h5 Experts warn of JinxLoader loader used to spread Formbook and XLoader
h5 Terrapin attack allows to downgrade SSH protocol security
h5 Multiple organizations in Iran were breached by a mysterious hacker
h5 Top 2023 Security Affairs cybersecurity stories
h5 Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies
h5 Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop
h5 Google agreed to settle a $5 billion privacy lawsuit
h5 Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 INC RANSOM ransomware gang claims to have breached Xerox Corp
h5 Spotify music converter TuneFab puts users at risk
h5 Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania
h5 Russia-linked APT28 used new malware in a recent phishing campaign
h5 Clash of Clans gamers at risk while using third-party app
h5 New Version of Meduza Stealer Released in Dark Web
h5 Operation Triangulation attacks relied on an undocumented hardware feature
h5 Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data
h5 Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network
h5 Experts warn of critical Zero-Day in Apache OfBiz
h5 Xamalicious Android malware distributed through the Play Store
h5 Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841
h5 Elections 2024, artificial intelligence could upset world balances
h5 Experts analyzed attacks against poorly managed Linux SSH servers
h5 A cyberattack hit Australian healthcare provider St Vincent’s Health Australia
h5 Rhysida ransomware group hacked Abdali Hospital in Jordan
h5 Carbanak malware returned in ransomware attacks
h5 Resecurity Released a 2024 Cyber Threat Landscape Forecast
h5 APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw
h5 Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor
h5 Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Europol and ENISA spotted 443 e-stores compromised with digital skimming
h5 Video game giant Ubisoft investigates reports of a data breach
h5 LockBit ransomware gang claims to have breached accountancy firm Xeinadin
h5 Mobile virtual network operator Mint Mobile discloses a data breach
h5 Akira ransomware gang claims the theft of sensitive data from Nissan Australia
h5 Member of Lapsus$ gang sentenced to an indefinite hospital order
h5 Real estate agency exposes details of 690k customers
h5 ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products
h5 Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware
h5 Data leak exposes users of car-sharing service Blink Mobility
h5 Google addressed a new actively exploited Chrome zero-day
h5 German police seized the dark web marketplace Kingdom Market
h5 Law enforcement Operation HAECHI IV led to the seizure of $300 Million
h5 Sophisticated JaskaGO info stealer targets macOS and Windows
h5 BMW dealer at risk of takeover by cybercriminals
h5 Comcast’s Xfinity customer data exposed after CitrixBleed attack
h5 FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it
h5 Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season
h5 The ransomware attack on Westpole is disrupting digital services for Italian public administration
h5 Info stealers and how to protect against them
h5 Pro-Israel Predatory Sparrow hacker group disrupted services at around 70% of Iran’s fuel stations
h5 Qakbot is back and targets the Hospitality industry
h5 A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K
h5 MongoDB investigates a cyberattack, customer data exposed
h5 InfectedSlurs botnet targets QNAP VioStor NVR vulnerability
h5 Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center
h5 New NKAbuse malware abuses NKN decentralized P2P network protocol
h5 Snatch ransomware gang claims the hack of the food giant Kraft Heinz
h5 Multiple flaws in pfSense firewall can lead to arbitrary code execution
h5 BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign
h5 Data of over a million users of the crypto exchange GokuMarket exposed
h5 Idaho National Laboratory data breach impacted 45,047 individuals
h5 Ubiquiti users claim to have access to other people’s devices
h5 Russia-linked APT29 spotted targeting JetBrains TeamCity servers
h5 Microsoft seized the US infrastructure of the Storm-1152 cybercrime group
h5 French authorities arrested a Russian national for his role in the Hive ransomware operation
h5 China-linked APT Volt Typhoon linked to KV-Botnet
h5 UK Home Office is ignoring the risk of 'catastrophic ransomware attacks,' report warns
h5 OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks
h5 Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks
h5 December 2023 Microsoft Patch Tuesday fixed 4 critical flaws
h5 Ukrainian military intelligence service hacked the Russian Federal Taxation Service
h5 Kyivstar, Ukraine's largest mobile carrier brought down by a cyber attack
h5 Dubai’s largest taxi app exposes 220K+ users
h5 Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware
h5 Apple released iOS 17.2 to address a dozen of security flaws
h5 Toyota Financial Services discloses a data breach
h5 Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2
h5 CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog
h5 CISA and ENISA signed a Working Arrangement to enhance cooperation
h5 Researcher discovered a new lock screen bypass bug for Android 14 and 13
h5 WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw
h5 Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Hacktivists hacked an Irish water utility and interrupted the water supply
h5 5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips
h5 Norton Healthcare disclosed a data breach after a ransomware attack
h5 Bypassing major EDRs using Pool Party process injection techniques
h5 Founder of Bitzlato exchange has pleaded for unlicensed money transmitting
h5 Android barcode scanner app exposes user passwords
h5 UK and US expose Russia Callisto Group's activity and sanction members
h5 A cyber attack hit Nissan Oceania
h5 New Krasue Linux RAT targets telecom companies in Thailand
h5 Atlassian addressed four new RCE flaws in its products
h5 CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog
h5 Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode
h5 GST Invoice Billing Inventory exposes sensitive data to threat actors
h5 Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw
h5 ENISA published the ENISA Threat Landscape for DoS Attacks Report
h5 Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts
h5 Google fixed critical zero-click RCE in Android
h5 New P2PInfect bot targets routers and IoT devices
h5 Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware
h5 LockBit on a Roll - ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order
h5 Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices
h5 New Agent Raccoon malware targets the Middle East, Africa and the US
h5 Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Researchers devised an attack technique to extract ChatGPT training data
h5 Fortune-telling website WeMystic exposes 13M+ user records
h5 Expert warns of Turtle macOS ransomware
h5 Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022
h5 CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog
h5 Apple addressed 2 new iOS zero-day vulnerabilities
h5 Critical Zoom Room bug allowed to gain access to Zoom Tenants
h5 Rhysida ransomware group hacked King Edward VII’s Hospital in London
h5 Google addressed the sixth Chrome Zero-Day vulnerability in 2023
h5 Okta reveals additional attackers' activities in October 2023 Breach
h5 Thousands of secrets lurk in app images on Docker Hub
h5 Threat actors started exploiting critical ownCloud flaw CVE-2023-49103
h5 International police operation dismantled a prominent Ukraine-based Ransomware group
h5 Daixin Team group claimed the hack of North Texas Municipal Water District
h5 Healthcare provider Ardent Health Services disclosed a ransomware attack
h5 Ukraine's intelligence service hacked Russia's Federal Air Transport Agency, Rosaviatsia
h5 Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania
h5 The hack of MSP provider CTS potentially impacted hundreds of UK law firms
h5 Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Rhysida ransomware gang claimed China Energy hack
h5 North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack
h5 Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
h5 App used by hundreds of schools leaking children's data
h5 Microsoft launched its new Microsoft Defender Bounty Program
h5 Exposed Kubernetes configuration secrets can fuel supply chain attacks
h5 North Korea-linked Konni APT uses Russian-language weaponized documents
h5 ClearFake campaign spreads macOS AMOS information stealer
h5 Welltok data breach impacted 8.5 million patients in the U.S.
h5 North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software
h5 Automotive parts giant AutoZone disclosed data breach after MOVEit hack
h5 New InfectedSlurs Mirai-based botnet exploits two zero-days
h5 SiegedSec hacktivist group hacked Idaho National Laboratory (INL)
h5 CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog
h5 Citrix provides additional measures to address Citrix Bleed
h5 Tor Project removed several relays associated with a suspicious cryptocurrency scheme
h5 Experts warn of a surge in NetSupport RAT attacks against education and government sectors
h5 The Top 5 Reasons to Use an API Management Platform
h5 Canadian government impacted by data breaches of two of its contractors
h5 Rhysida ransomware gang is auctioning data stolen from the British Library
h5 Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies
h5 DarkCasino joins the list of APT groups exploiting WinRAR zero-day
h5 US teenager pleads guilty to his role in credential stuffing attack on a betting site
h5 Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 8Base ransomware operators use a new variant of the Phobos ransomware
h5 Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
h5 The board of directors of OpenAI fired Sam Altman
h5 Medusa ransomware gang claims the hack of Toyota Financial Services
h5 CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog
h5 Zimbra zero-day exploited to steal government emails by four groups
h5 Vietnam Post exposes 1.2TB of data, including email addresses
h5 Samsung suffered a new data breach
h5 FBI and CISA warn of attacks by Rhysida ransomware gang
h5 Critical flaw fixed in SAP Business One product
h5 Law enforcement agencies dismantled the illegal botnet proxy service IPStorm
h5 Gamblers’ data compromised after casino giant Strendus fails to set password
h5 VMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director Appliance
h5 Danish critical infrastructure hit by the largest cyber attack in Denmark's history
h5 Major Australian ports blocked after a cyber attack on DP World
h5 Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024
h5 CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog
h5 LockBit ransomware gang leaked data stolen from Boeing
h5 North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals
h5 The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital
h5 The State of Maine disclosed a data breach that impacted 1.3M people
h5 Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Police seized BulletProftLink phishing-as-a-service (PhaaS) platform
h5 Serbian pleads guilty to running ‘Monopoly’ dark web drug market
h5 McLaren Health Care revealed that a data breach impacted 2.2 million people
h5 After ChatGPT, Anonymous Sudan took down the Cloudflare website
h5 Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack
h5 SysAid zero-day exploited by Clop ransomware group
h5 Dolly.com pays ransom, attackers release data anyway
h5 DDoS attack leads to significant disruption in ChatGPT services
h5 Russian Sandworm disrupts power in Ukraine with a new OT attack
h5 Veeam fixed multiple flaws in Veeam ONE, including critical issues
h5 Pro-Palestinian hackers group 'Soldiers of Solomon' disrupted the production cycle of the biggest flour production plant in Israel
h5 Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks
h5 Critical Confluence flaw exploited in ransomware attacks
h5 QNAP fixed two critical vulnerabilities in QTS OS and apps
h5 Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure
h5 Socks5Systemz proxy service delivered via PrivateLoader and Amadey
h5 US govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actors
h5 Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Lazarus targets blockchain engineers with new KandyKorn macOS Malware
h5 Kinsing threat actors probed the Looney Tunables flaws in recent attacks
h5 ZDI discloses four zero-day flaws in Microsoft Exchange
h5 Okta customer support system breach impacted 134 customers
h5 Multiple WhatsApp mods spotted containing the CanesSpy Spyware
h5 Russian FSB arrested Russian hackers who supported Ukrainian cyber operations
h5 MuddyWater has been spotted targeting two Israeli entities
h5 Clop group obtained access to the email addresses of about 632,000 US federal employees
h5 Okta discloses a new data breach after a third-party vendor was hacked
h5 Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware
h5 Boeing confirmed its services division suffered a cyberattack
h5 Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India
h5 Who is behind the Mozi Botnet kill switch?
h5 CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog
h5 Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748
h5 Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper
h5 British Library suffers major outage due to cyberattack
h5 Critical Atlassian Confluence flaw can lead to significant data loss
h5 WiHD leak exposes details of all torrent users
h5 Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198
h5 Canada bans WeChat and Kaspersky apps on government-issued mobile devices
h5 Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency
h5 Wiki-Slack attack allows redirecting business professionals to malicious websites
h5 HackerOne awarded over $300 million bug hunters
h5 StripedFly, a complex malware that infected one million devices without being noticed
h5 IT Army of Ukraine disrupted internet providers in territories occupied by Russia
h5 Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023
h5 Lockbit ransomware gang claims to have stolen data from Boeing
h5 France agency ANSSI warns of Russia-linked APT28 attacks on French entities
h5 How to Collect Market Intelligence with Residential Proxies?
h5 F5 urges to address a critical flaw in BIG-IP
h5 Hello Alfred app exposes user data
h5 iLeakage attack exploits Safari to steal data from Apple devices
h5 Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps
h5 Seiko confirmed a data breach after BlackCat attack
h5 Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks
h5 Pwn2Own Toronto 2023 Day 1 - organizers awarded $438,750 in prizes
h5 VMware addressed critical vCenter flaw also for End-of-Life products
h5 Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately
h5 New England Biolabs leak sensitive data
h5 Former NSA employee pleads guilty to attempted selling classified documents to Russia
h5 Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!
h5 How did the Okta Support breach impact 1Password?
h5 PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web
h5 Spain police dismantled a cybercriminal group who stole the data of 4 million individuals
h5 CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
h5 Cisco warns of a second IOS XE zero-day used to infect devices worldwide
h5 City of Philadelphia suffers a data breach
h5 SolarWinds fixed three critical RCE flaws in its Access Rights Manager product
h5 Don't use AI-based apps, Philippine defense ordered its personnel
h5 Vietnamese threat actors linked to DarkGate malware campaign
h5 MI5 chief warns of Chinese cyber espionage reached an unprecedented scale
h5 The attack on the International Criminal Court was targeted and sophisticated
h5 Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 A threat actor is selling access to Facebook and Instagram's Police Portal
h5 Threat actors breached Okta support system and stole customers' data
h5 US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide
h5 Alleged developer of the Ragnar Locker ransomware was arrested
h5 CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
h5 Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198
h5 Law enforcement operation seized Ragnar Locker group's infrastructure
h5 THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!
h5 North Korea-linked APT groups actively exploit JetBrains TeamCity flaw
h5 Multiple APT groups exploited WinRAR flaw CVE-2023-38831
h5 Californian IT company DNA Micro leaks private mobile phone data
h5 Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August
h5 A flaw in Synology DiskStation Manager allows admin account takeover
h5 D-Link confirms data breach, but downplayed the impact
h5 CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems
h5 Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers
h5 Ransomware realities in 2023: one employee mistake can cost a company millions
h5 Malware-laced 'RedAlert - Rocket Alerts' app targets Israeli users
h5 Cisco warns of active exploitation of IOS XE zero-day
h5 Signal denies claims of an alleged zero-day flaw in its platform
h5 Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm
h5 DarkGate malware campaign abuses Skype and Teams
h5 The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital
h5 Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION
h5 Lockbit ransomware gang demanded an 80 million ransom to CDW
h5 CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks
h5 Stayin' Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?
h5 FBI and CISA published a new advisory on AvosLocker ransomware
h5 More than 17,000 WordPress websites infected with the Balada Injector in September
h5 Ransomlooker, a new tool to track and analyze ransomware groups' activities
h5 Phishing, the campaigns that are targeting Italy
h5 A new Magecart campaign hides the malicious code in 404 error page
h5 CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog
h5 Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers
h5 Air Europa data breach exposed customers' credit cards
h5 #OpIsrael, #FreePalestine & #OpSaudiArabia - How Cyber Actors Capitalize On War Actions Via Psy-Ops
h5 Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws
h5 New 'HTTP/2 Rapid Reset' technique behind record-breaking DDoS attacks
h5 Exposed security cameras in Israel and Palestine pose significant risks
h5 A flaw in libcue library impacts GNOME Linux systems
h5 Hacktivists in Palestine and Israel after SCADA and other industrial control systems
h5 Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519
h5 The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum
h5 Gaza-linked hackers and Pro-Russia groups are targeting Israel
h5 Flagstar Bank suffered a data breach once again
h5 Android devices shipped with backdoored firmware as part of the BADBOX network
h5 Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition
h5 North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime
h5 QakBot threat actors are still operational after the August takedown
h5 Ransomware attack on MGM Resorts costs $110 Million
h5 Cybersecurity, why a hotline number could be important?
h5 Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables
h5 Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!
h5 Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege
h5 CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog
h5 NATO is investigating a new cyber attack claimed by the SiegedSec group
h5 Global CRM Provider Exposed Millions of Clients’ Files Online
h5 Sony sent data breach notifications to about 6,800 individuals
h5 Apple fixed the 17th zero-day flaw exploited in attacks
h5 Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks
h5 A cyberattack disrupted Lyca Mobile services
h5 Chipmaker Qualcomm warns of three actively exploited zero-days
h5 DRM Report Q2 2023 - Ransomware threat landscape
h5 Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform
h5 San Francisco’s transport agency exposes drivers’ parking permits and addresses
h5 BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums
h5 Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)
h5 Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV
h5 European Telecommunications Standards Institute (ETSI) suffered a data breach
h5 WS_FTP flaw CVE-2023-40044 actively exploited in the wild
h5 National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers
h5 North Korea-linked Lazarus targeted a Spanish aerospace company
h5 Ransomware attack on Johnson Controls may have exposed sensitive DHS data
h5 BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care
h5 Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition
h5 ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One
h5 FBI warns of dual ransomware attacks
h5 Progress Software fixed two critical severity flaws in WS_FTP Server
h5 Child abuse site taken down, organized child exploitation crime suspected – exclusive
h5 A still unpatched zero-day RCE impacts more than 3.5M Exim servers
h5 Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach
h5 Misconfigured WBSC server leaks thousands of passports
h5 CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog
h5 Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109
h5 Dark Angels Team ransomware group hit Johnson Controls
h5 GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023
h5 Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices
h5 China-linked APT BlackTech was spotted hiding in Cisco router firmware
h5 Watch out! CVE-2023-5129 in libwebp library affects millions applications
h5 DarkBeam leaks billions of email and password combinations
h5 'Ransomed.vc' in the Spotlight - What is Known About the Ransomware Group Targeting Sony and NTT Docomo
h5 Top 5 Problems Solved by Data Lineage
h5 Threat actors claim the hack of Sony, and the company investigates
h5 Canadian Flair Airlines left user data leaking for months
h5 The Rhysida ransomware group hit the Kuwait Ministry of Finance
h5 BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients
h5 Xenomorph malware is back after months of hiatus and expands the list of targets
h5 Smishing Triad Stretches Its Tentacles into the United Arab Emirates
h5 Crooks stole $200 million worth of assets from Mixin Network
h5 A phishing campaign targets Ukrainian military entities with drone manual lures
h5 Alert! Patch your TeamCity instance to avoid server hack
h5 Is Gelsemium APT behind a targeted attack in Southeast Asian Government?
h5 Nigerian National pleads guilty to participating in a millionaire BEC scheme
h5 New variant of BBTok Trojan targets users of +40 banks in LATAM
h5 Deadglyph, a very sophisticated and unknown backdoor targets the Middle East
h5 Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars
h5 Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition
h5 National Student Clearinghouse data breach impacted approximately 900 US schools
h5 Government of Bermuda blames Russian threat actors for the cyber attack
h5 Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware
h5 CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog
h5 Information of Air Canada employees exposed in recent cyberattack
h5 Sandman APT targets telcos with LuaDream backdoor
h5 Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws
h5 Ukrainian hackers are behind the Free Download Manager supply chain attack
h5 Space and defense tech maker Exail Technologies exposes database access
h5 Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions
h5 Experts found critical flaws in Nagios XI network monitoring software
h5 The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs
h5 International Criminal Court hit with a cyber attack
h5 GitLab addressed critical vulnerability CVE-2023-5009
h5 Trend Micro addresses actively exploited zero-day in Apex One and other security Products
h5 ShroudedSnooper threat actors target telecom companies in the Middle East
h5 Recent cyber attack is causing Clorox products shortage
h5 Earth Lusca expands its arsenal with SprySOCKS Linux malware
h5 Microsoft AI research division accidentally exposed 38TB of sensitive data
h5 German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals
h5 Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry
h5 FBI hacker USDoD leaks highly sensitive TransUnion data
h5 North Korea's Lazarus APT stole almost $240 million in crypto assets since June
h5 Clop gang stolen data from major North Carolina hospitals
h5 CardX released a data leak notification impacting their customers in Thailand
h5 Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition
h5 TikTok fined €345M by Irish DPC for violating children’s privacy
h5 Dariy Pankov, the NLBrute malware author, pleads guilty
h5 Dangerous permissions detected in top Android health apps
h5 Caesars Entertainment paid a ransom to avoid stolen data leaks
h5 Free Download Manager backdoored to serve Linux malware for more than 3 years
h5 Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York
h5 UK Greater Manchester Police disclosed a data breach
h5 The iPhone of a Russian journalist was infected with the Pegasus spyware
h5 Kubernetes flaws could lead to remote code execution on Windows endpoints
h5 Threat actor leaks sensitive data belonging to Airbus
h5 A new ransomware family called 3AM appears in the threat landscape
h5 Redfly group infiltrated an Asian national grid as long as six months
h5 Mozilla fixed a critical zero-day in Firefox and Thunderbird
h5 Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws
h5 Save the Children confirms it was hit by cyber attack
h5 Adobe fixed actively exploited zero-day in Acrobat and Reader
h5 A new Repojacking attack exposed over 4,000 GitHub repositories to hack
h5 MGM Resorts hit by a cyber attack
h5 Anonymous Sudan launched a DDoS attack against Telegram
h5 Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor
h5 GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023
h5 CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog
h5 UK and US sanctioned 11 members of the Russia-based TrickBot gang
h5 New HijackLoader malware is rapidly growing in popularity in the cybercrime community
h5 Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable
h5 Evil Telegram campaign: Trojanized Telegram apps found on Google Play
h5 Rhysida Ransomware gang claims to have hacked three more US hospitals
h5 Akamai prevented the largest DDoS attack on a US financial company
h5 Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition
h5 US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog
h5 Ragnar Locker gang leaks data stolen from the Israel's Mayanei Hayeshua hospital
h5 North Korea-linked threat actors target cybersecurity experts with a zero-day
h5 Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks
h5 Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware
h5 Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs
h5 A malvertising campaign is delivering a new version of the macOS Atomic Stealer
h5 Two flaws in Apache SuperSet allow to remotely hack servers
h5 Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake
h5 Google addressed an actively exploited zero-day in Android
h5 A zero-day in Atlas VPN Linux Client leaks users' IP address
h5 MITRE and CISA release Caldera for OT attack emulation
h5 ASUS routers are affected by three critical remote code execution flaws
h5 Hackers stole $41M worth of crypto assets from crypto gambling firm Stake
h5 Freecycle data breach impacted 7 Million users
h5 Meta disrupted two influence campaigns from China and Russia
h5 A massive DDoS attack took down the site of the German financial agency BaFin
h5 "Smishing Triad" Targeted USPS and US Citizens for Data Theft
h5 University of Sydney suffered a security breach caused by a third-party service provider
h5 Cybercrime will cost Germany $224 billion in 2023
h5 PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks
h5 Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition
h5 LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)
h5 UNRAVELING EternalBlue: inside the WannaCry’s enabler
h5 Researchers released a free decryptor for the Key Group ransomware
h5 Fashion retailer Forever 21 data breach impacted +500,000 individuals
h5 Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware
h5 Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication
h5 Paramount Global disclosed a data breach
h5 National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization
h5 Abusing Windows Container Isolation Framework to avoid detection by security products
h5 Critical RCE flaw impacts VMware Aria Operations Networks
h5 UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw
h5 Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months
h5 FIN8-linked actor targets Citrix NetScaler systems
h5 Japan's JPCERT warns of new 'MalDoc in PDF' attack technique
h5 Attackers can discover IP address by sending a link over the Skype mobile app
h5 Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software
h5 Cloud and hosting provider Leaseweb took down critical systems after a cyber attack
h5 Crypto investor data exposed by a SIM swapping attack against a Kroll employee
h5 China-linked Flax Typhoon APT targets Taiwan
h5 Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035
h5 Resecurity identified a zero-day vulnerability in Schneider Electric Accutech Manager
h4 QUICK LINKS
h4 Privacy Overview
Cómo resolver problemas con securityaffairs.co
Los errores en el sitio web de securityaffairs.co pueden ser del lado del servidor o de su lado (lado del cliente). Si no hay prácticamente nada que hacer con los errores del lado del servidor (solo queda esperar para que el sitio vuelva a funcionar), luego, con errores en el lado del cliente, es posible resolver el problema con la disponibilidad de securityaffairs.co por su cuenta.