Author: Pierluigi Paganini

Cyber Defense Magazine March 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with over 110 pages of excellent content. 110 PAGESLOADED WITH EXCELLENT CONTENTLearn from the experts, cybersecurity best practicesFind out about upcoming information security related conferences, expos and trade shows.  Always free, no strings attached. CLICK HERE AND GRAB THIS VERSION AND […]

The post Cyber Defense Magazine – March 2021 has arrived. Enjoy it! appeared first on Security Affairs.

Read More Cyber Defense Magazine – March 2021 has arrived. Enjoy it!

WizCase experts found a major breach in phone-tracking service Ringostat ’s database, millions of Phone Numbers, Recordings, and Call Logs Compromised WizCase security team has found a major breach in phone-tracking service Ringostat ’s database. This leak left vulnerable phone numbers, call recordings, call logs, and more to potential attack. The leaked data numbers in the millions and […]

The post Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak appeared first on Security Affairs.

Read More Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak

The Perl.com domain was hijacked in January, but a senior editor at the site revealed that the hackers took control of the domain in September 2020. The Perl.com domain was hijacked in January 2021, but according to Brian Foy, senior editor of Perl.com, the attack took place months before, in September 2020. Attackers have taken over the […]

The post Attackers took over the Perl.com domain in September 2020 appeared first on Security Affairs.

Read More Attackers took over the Perl.com domain in September 2020

Microsoft released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day flaws. Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. The IT giant reported that at least one […]

The post Four zero-days in Microsoft Exchange actively exploited in the wild appeared first on Security Affairs.

Read More Four zero-days in Microsoft Exchange actively exploited in the wild

Google addressed 37 vulnerabilities with the release of the Android security updates for March 2021, including a critical flaw in the System component. Google released security updates to address 37 vulnerabilities as part of the Android security updates for March 2021, the most severe one is a critical flaw in the System component tracked as […]

The post Google fixes Critical Remote Code Execution issue in Android System component appeared first on Security Affairs.

Read More Google fixes Critical Remote Code Execution issue in Android System component

The popular jailbreaking tool called “unc0ver” now supports iOS 14.3 and earlier releases, and is able to unlock almost every iPhone device. Pwn20wnd, the author of the jailbreaking tool “unc0ver,” has updated their software to support iOS 14.3 and earlier releases. The last release of the jailbreaking tool, unc0ver v6.0.0, now includes the exploit code […]

The post Pwn20wnd released the unc0ver v 6.0 jailbreaking tool appeared first on Security Affairs.

Read More Pwn20wnd released the unc0ver v 6.0 jailbreaking tool

French multinational dairy products corporation Lactalis discloses cyberattack, but claimed that had no evidence of a data breach. France-based dairy giant Lactalis announced that it was hit by a cyber attack, but claimed that it had found no evidence of a data breach. Lactalis employs more than 80,000 people worldwide, at more than 230 production […]

The post French multinational dairy Lactalis hit by a cyber attack appeared first on Security Affairs.

Read More French multinational dairy Lactalis hit by a cyber attack

Recorded Future researchers uncovered a campaign conducted by Chinese APT41 group targeting critical infrastructure in India. Security researchers at Recorded Future have spotted a suspected Chinese APT actor targeting critical infrastructure operators in India. The list of targets includes power plants, electricity distribution centers, and seaports in the country. The attacks surged while relations between […]

The post Alleged China-linked APT41 group targets Indian critical infrastructures appeared first on Security Affairs.

Read More Alleged China-linked APT41 group targets Indian critical infrastructures

JFC International, a major wholesaler and distributor of Asian food products in the United States, was hit by ransomware. JFC International, a major distributor and wholesaler of Asian food products, announced it has recently suffered a ransomware attack. The ransomware attack only impacted JFC International’s Europe Group, the malware caused the disruption of some of its IT […]

The post Distributor of Asian food JFC International hit by Ransomware appeared first on Security Affairs.

Read More Distributor of Asian food JFC International hit by Ransomware

The Javascript-based infection framework for the Gootkit RAT was enhanced to deliver a wider variety of malware, including ransomware. Experts from Sophos documented the evolution of the “Gootloader,” the framework used for delivering the Gootkit RAT banking Trojan. The framework was improved to deploy a wider range of malware, including ransomware payloads. “In recent years, almost […]

The post Gootkit delivery platform Gootloader used to deliver additional payloads appeared first on Security Affairs.

Read More Gootkit delivery platform Gootloader used to deliver additional payloads

Top executives of the software firm SolarWinds blamed an intern for having used a weak password for several years, exposing the company to hack. Top executives of the SolarWinds firm believe that the root cause of the recently disclosed supply chain attack is an intern that has used a weak password for several years. Initial […]

The post Intern caused ‘solarwinds123’ password leak, former SolarWinds CEO says appeared first on Security Affairs.

Read More Intern caused ‘solarwinds123’ password leak, former SolarWinds CEO says

ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S. users for illegal data collection. ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S. users. The settlement has yet to be approved by a federal judge. The Chinese firm was accused to have failed […]

The post ByteDance agreed to pay $92M in US privacy Settlement for TikTok data collection appeared first on Security Affairs.

Read More ByteDance agreed to pay $92M in US privacy Settlement for TikTok data collection

The National Security Agency (NSA) published a document to explain the advantages of implementing a zero-trust model. The National Security Agency (NSA) recently published a document to explain the benefits of adopting a zero-trust model, and advice to navigate the process. Modern infrastructure are complex environments that combine multiple technologies and that are exposed to […]

The post NSA embraces the Zero Trust Security Model appeared first on Security Affairs.

Read More NSA embraces the Zero Trust Security Model

During a video conference of the members of the European Council, EU leaders agreed on a new strategy aimed at boosting defense and security.  During the recent video conference of the members of the European Council (25-26 February 2021), NATO chief Jens Stoltenberg highlighted the importance to define a strategy to boost defense and security. “We […]

The post EU leaders aim at boosting defense and security, including cybersecurity appeared first on Security Affairs.

Read More EU leaders aim at boosting defense and security, including cybersecurity

The New Zealand-based cryptocurrency exchange Cryptopia suffered a new cyber heist while it is in liquidation due to a 2019 security breach. In 2019, the New Zealand-based cryptocurrency exchange Cryptopia discloses a cyber attack that took place on January 14th. At the time of the first attack, the threat actors stole approximately USD 30 million […]

The post New Zealand-based cryptocurrency exchange Cryptopia hacked again appeared first on Security Affairs.

Read More New Zealand-based cryptocurrency exchange Cryptopia hacked again

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com Experts warn of threat actors abusing […]

The post Security Affairs newsletter Round 303 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 303

A critical authentication bypass vulnerability could be exploited by remote attackers to Rockwell Automation programmable logic controllers (PLCs). A critical authentication bypass vulnerability, tracked as CVE-2021-22681, can be exploited by remote attackers to compromise programmable logic controllers (PLCs) manufactured by Rockwell Automation. The vulnerability was independently reported to Rockwell by researchers at the Soonchunhyang University […]

The post Experts found a critical authentication bypass flaw in Rockwell Automation software appeared first on Security Affairs.

Read More Experts found a critical authentication bypass flaw in Rockwell Automation software

‘Hotarus Corp’ Ransomware operators hacked Ecuador’s largest private bank, Banco Pichincha, and the country’s Ministry of Finance. ​A cybercrime group called ‘Hotarus Corp’ has breached the Ecuador’s largest private bank, Banco Pichincha, and the local Ministry of Finance (the Ministerio de Economía y Finanzas de Ecuador). The group claims to have also stolen data from […]

The post Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha appeared first on Security Affairs.

Read More Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks. Crooks conduct SIM swapping attacks to take control of victims’ […]

The post T-Mobile customers were hit with SIM swapping attacks appeared first on Security Affairs.

Read More T-Mobile customers were hit with SIM swapping attacks

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks. Experts from French national cyber-security agency ANSSI have spotted a new Ryuk ransomware variant that implements worm-like capabilities that allow within local networks. “On top of its usual functions, this version holds a new attribute […]

The post New Ryuk ransomware implements self-spreading capabilities appeared first on Security Affairs.

Read More New Ryuk ransomware implements self-spreading capabilities

Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack Microsoft has announced the availability of open-source CodeQL queries that the IT giant used during its investigation into the SolarWinds attack. In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a joint […]

The post Microsoft releases open-source CodeQL queries to assess Solorigate compromise appeared first on Security Affairs.

Read More Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Data Breach: WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket. The server contained 55,000 court papers regarding over 15,000 legal cases, which affected hundreds of thousands of people. What’s Going On? Our online security team has uncovered a massive data breach originating from a misconfigured […]

The post Data Breach: Turkish legal advising company exposed over 15,000 clients appeared first on Security Affairs.

Read More Data Breach: Turkish legal advising company exposed over 15,000 clients

Hackers have broken into the biochemical systems of an Oxford University lab where researchers are working on the study of Covid-19. Hackers compromised the systems at one of the most advanced biology labs at the Oxford University that is involved in the research on the Covid-19 pandemic. The news was disclosed by Forbes and the […]

The post Hackers are selling access to Biochemical systems at Oxford University Lab appeared first on Security Affairs.

Read More Hackers are selling access to Biochemical systems at Oxford University Lab

Dutch Research Council (NWO) confirmed that the recent cyberattack that forced it to take its servers offline was caused by the DoppelPaymer ransomware gang. On February 14, Dutch Research Council (NWO) was hit by a cyber attack that compromised its network and impacted its operations. In response to the incident, the Dutch Research Council (NWO) […]

The post Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack appeared first on Security Affairs.

Read More Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack

The Chinese hacking group, tracked as TA413, used a malicious Firefox add-on in a cyberespionage campaign aimed at Tibetans. China-linked cyberespionage group TA413 targeted Tibetan organizations across the world using a malicious Firefox add-on, dubbed FriarFox, that allowed them to steal Gmail and Firefox browser data and deliver malware on infected systems. “We attribute this […]

The post China-linked TA413 group target Tibetan organizations appeared first on Security Affairs.

Read More China-linked TA413 group target Tibetan organizations

Cisco addressed over a dozen vulnerabilities in its products, including three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. Cisco released security updates to address over a dozen vulnerabilities affecting multiple products, including three critical flaws impacting its ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. The most severe vulnerability […]

The post Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS appeared first on Security Affairs.

Read More Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS

North Korea-linked Lazarus APT group has targeted the defense industry with the custom-backdoor dubbed ThreatNeedle since 2020. North Korea-linked Lazarus APT group has targeted the defense industry with the backdoor dubbed ThreatNeedle since early 2020. The state-sponsored hackers targeted organizations from more than a dozen countries. The experts discovered the custom backdoor while investigating an […]

The post North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor appeared first on Security Affairs.

Read More North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Google Project Zero team disclosed the details of a recently patched remote code execution vulnerability (CVE-2021-24093) in Windows Operating system. White hat hacker at Google Project Zero disclosed the details of a recently patched Windows vulnerability, tracked as CVE-2021-24093, that can be exploited for remote code execution in the context of the DirectWrite client. DirectWrite […]

The post Google discloses technical details of Windows CVE-2021-24093 RCE flaw appeared first on Security Affairs.

Read More Google discloses technical details of Windows CVE-2021-24093 RCE flaw

A Chinese security researcher published a PoC code for the CVE-2021-21972 vulnerability in VMware Center, thousands of vulnerable servers are exposed online. A Chinese security researcher published the Proof-of-concept exploit code for the CVE-2021-21972 RCE vulnerability affecting VMware vCenter servers. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi […]

The post Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw appeared first on Security Affairs.

Read More Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw

Ukraine ‘s government attributes a cyberattack on the government document management system to a Russia-linked APT group. The Ukraine ‘s government blames a Russia-linked APT group for an attack on a government document management system, the System of Electronic Interaction of Executive Bodies (SEI EB). According to Ukrainian officials, the hackers aimed at disseminating malicious […]

The post Ukraine: nation-state hackers hit government document management system appeared first on Security Affairs.

Read More Ukraine: nation-state hackers hit government document management system

Crooks are exploiting BTC blockchain transactions to hide backup command-and-control (C2) server addresses for a cryptomining botnet. Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2.  This technique allows botnet operators to make their infrastructure resilient […]

The post A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism appeared first on Security Affairs.

Read More A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism

Vietnam-linked APT32 group targeted Vietnamese human rights defenders (HRDs) between February 2018 and November 2020. Vietnam-linked APT32 (aka Ocean Lotus) group has conducted a cyberespionage campaign targeting Vietnamese human rights defenders (HRDs) and a nonprofit (NPO) human rights organization from Vietnam between February 2018 and November 2020. The threat actors used by spyware to take […]

The post APT32 state hackers target human rights defenders with spyware appeared first on Security Affairs.

Read More APT32 state hackers target human rights defenders with spyware

Hackers posted data stolen from manufacturer of business jets Bombardier on Clop ransomware leak site following alleged FTA hack. Hackers exploited vulnerabilities in Accellion FTA file-sharing legacy servers to steal data from the airplane maker Bombardier and leak data on the site operated by the Clop ransomware gang. The wave of attacks exploiting multiple zero-day […]

The post Airplane manufacturer Bombardier has disclosed a security breach, data leaked online appeared first on Security Affairs.

Read More Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

VMware addressed a critical remote code execution flaw, tracked as CVE-2021-21972, in vCenter Server virtual infrastructure management platform. VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform, tracked as CVE-2021-21972, that could be exploited by attackers to potentially take control of affected systems. vCenter Server is the centralized […]

The post VMware addresses a critical RCE issue in vCenter Server appeared first on Security Affairs.

Read More VMware addresses a critical RCE issue in vCenter Server

Twitter removed dozens of accounts allegedly used by Russia-linked threat actors to disseminate disinformation and target western countries. Twitter has removed dozens of accounts used by Russia-linked threat actors that were used to disseminate disinformation and to target the European Union, the United States, and the NATO alliance. Experts believe the accounts were part of […]

The post Twitter removes 100 accounts linked to Russia disseminating disinformation appeared first on Security Affairs.

Read More Twitter removes 100 accounts linked to Russia disseminating disinformation

IBM has released security patches to address high- and medium-severity vulnerabilities impacting some of its enterprise solutions.  IBM has released security updates to address several high- and medium-severity flaws affecting some of its enterprise products, including IBM Java Runtime, IBM Planning Analytics Workspace, and IBM Kenexa LMS On Premise.  Two issues, tracked as CVE-2020-14782 and […]

The post IBM addressed flaws in Java Runtime, Planning Analytics Workspace, Kenexa LMS appeared first on Security Affairs.

Read More IBM addressed flaws in Java Runtime, Planning Analytics Workspace, Kenexa LMS

FireEye experts linked a series of attacks targeting Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. Security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. “Starting in mid-December 2020, malicious actors that Mandiant […]

The post FIN11 cybercrime group is behind recent wave of attacks on FTA servers appeared first on Security Affairs.

Read More FIN11 cybercrime group is behind recent wave of attacks on FTA servers

Daycare camera product NurseryCam was hacked last week, the company was forced to shut down its IoT camera service. On Friday, The Register become aware of the compromise of the NurseryCam network. NurseryCam is produced by the companies FootfallCam Ltd and Meta Technologies Ltd. In response to the incident, the company shut down its IoT […]

The post NurseryCam daycare cam service shut down after security breach appeared first on Security Affairs.

Read More NurseryCam daycare cam service shut down after security breach

Ukraine ‘s government accused unnamed Russian traffic networks as the source of massive attacks on Ukrainian security and defense websites. Today Ukraine accused unnamed Russian internet networks of massive attacks that targeted Ukrainian security and defense websites. The Ukrainian officials did not provide details about the attacks either the damage they have caused. “It was […]

The post Ukraine sites suffered massive attacks launched from Russian networks appeared first on Security Affairs.

Read More Ukraine sites suffered massive attacks launched from Russian networks

The systems of Georgetown County have been hacked at the end of January, and the county staff is still working to rebuild its computer network. The systems of Georgetown County have been hit with a sophisticated cyber attack at the end of January, and the county staff is still working to recover from the incident. […]

The post Georgetown County has yet to recover from a sophisticated cyber attack appeared first on Security Affairs.

Read More Georgetown County has yet to recover from a sophisticated cyber attack

The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group. Check Point Research team discovered that China-linked APT31 group (aka Zirconium.) used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool years […]

The post NSA Equation Group tool was used by Chinese hackers years before it was leaked online appeared first on Security Affairs.

Read More NSA Equation Group tool was used by Chinese hackers years before it was leaked online

An attacker demonstrated this week that Clubhouse chats are not secure, he was able to siphon audio feeds from “multiple rooms” into its own website While the popularity of the audio chatroom app Clubhouse continues to increase experts are questioning the security and privacy level it offers to its users. Recently the company announced it […]

The post An attacker was able to siphon audio feeds from multiple Clubhouse rooms appeared first on Security Affairs.

Read More An attacker was able to siphon audio feeds from multiple Clubhouse rooms

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide. APOMacroSploit is a macro builder that was […]

The post Researchers uncovered a new Malware Builder dubbed APOMacroSploit appeared first on Security Affairs.

Read More Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Experts warn of threat actors using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Experts from BleepingComputer are warning of threat actors that are using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Bad actors publish posts with titles containing popular keywords to […]

The post Experts warn of threat actors abusing Google Alerts to deliver unwanted programs appeared first on Security Affairs.

Read More Experts warn of threat actors abusing Google Alerts to deliver unwanted programs

A white hat hacker has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. The bug bounty hunter Vishal Bharad has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. Bharad was searching for cross-site request forgery (CSRF), insecure direct object […]

The post Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com appeared first on Security Affairs.

Read More Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com

The Federal Bureau of Investigation (FBI) has issued a warning about the risks of telephony denial-of-service (TDoS) attacks on call centers. The United States’ Federal Bureau of Investigation (FBI) is warning of the consequences of telephony denial-of-service (TDoS) attacks on call centers, which in some cases could threaten people’s lives. TDoS attacks could render telephone systems unavailable […]

The post FBI warns of the consequences of telephony denial-of-service (TDoS) attacks appeared first on Security Affairs.

Read More FBI warns of the consequences of telephony denial-of-service (TDoS) attacks

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. PayPal addresses reflected XSS bug in user wallet currency converter The kingpin behind Jokers Stash retires with a […]

The post Security Affairs newsletter Round 302 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 302

The US is going to respond to the SolarWinds supply chain attack within weeks, national security adviser Jake Sullivan told CNN. The US will respond within weeks to the devastating SolarWinds supply cyber attack, national security adviser Jake Sullivan told CNN. “We are in the process now of working through, with the intelligence community and [President […]

The post The US Government is going to respond to the SolarWinds hack very soon appeared first on Security Affairs.

Read More The US Government is going to respond to the SolarWinds hack very soon

Sequoia Capital, one of the most prominent venture capital firms, told its investors that an unauthorized third party had access to their information. Sequoia Capital, one of the most prominent venture capital firms that focus on the technology industry, discloses a data breach. The company informed its investors that an unauthorized third party had access to their […]

The post Sequoia Capital Venture Capital firm discloses a data breach appeared first on Security Affairs.

Read More Sequoia Capital Venture Capital firm discloses a data breach

Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. SonicWall disclosed a security breach on January 22, it blamed sophisticated threat actors for the intrusion. On January, 29 […]

The post SonicWall releases second firmware updates for SMA 100 vulnerability appeared first on Security Affairs.

Read More SonicWall releases second firmware updates for SMA 100 vulnerability

Experts warn of new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. Malware researchers at Red Canary uncovered a new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. According to data shared by Malwarebytes, as […]

The post Silver Sparrow, a new malware infects Mac systems using Apple M1 chip appeared first on Security Affairs.

Read More Silver Sparrow, a new malware infects Mac systems using Apple M1 chip

A privacy bug in the Brave Browser caused the leak of the Tor onion URL addresses visited in the Tor mode by the users. A bug in the Private Window with Tor implemented in the Brave web browser could reveal the onion sites visited by the users. The Tor mode implemented in the Brave web […]

The post Privacy bug in the Brave browser exposes Tor addresses to user’s DNS provider appeared first on Security Affairs.

Read More Privacy bug in the Brave browser exposes Tor addresses to user’s DNS provider

MassLogger Windows credential stealer infamous is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. MassLogger Windows credential stealer is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. Cisco Talos experts uncovered attacks against users in Turkey, Latvia, and Italy, the […]

The post New Masslogger Trojan variant exfiltrates user credentials appeared first on Security Affairs.

Read More New Masslogger Trojan variant exfiltrates user credentials

Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are their next targets. The popular security researcher Patrick Wardle discovered one of the first malware designed to target latest generation of Apple devices using the company M1 chip. The discovery suggests threat actors are tailoring […]

The post Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning appeared first on Security Affairs.

Read More Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning

Hackers abuse Google Apps Script to steal credit cards, bypass CSP Attackers are abusing Google’s Apps Script business application development platform to steal payment card information from e-stores. Sansec researchers reported that threat actors are abusing Google’s Apps Script business application development platform to steal credit card data provided by customers of e-commerce websites. “Attackers use […]

The post Hackers steal credit card data abusing Google’s Apps Script appeared first on Security Affairs.

Read More Hackers steal credit card data abusing Google’s Apps Script

RIPE NCC has disclosed a failed credential stuffing attack against its infrastructure, it asking its members to enable 2FA for their accounts. RIPE NCC announced to have suffered a credential stuffing attack attempting to gain access to single sign-on (SSO) accounts. The RIPE NCC is a not-for-profit membership association, a Regional Internet Registry and the […]

The post Credential stuffing attack hit RIPE NCC: Members have to enable 2FA appeared first on Security Affairs.

Read More Credential stuffing attack hit RIPE NCC: Members have to enable 2FA

Microsoft announced that SolarWinds hackers could have had access to repositories containing some components used by Azure, Intune, and Exchange. Microsoft announced that the threat actors behind the SolarWinds supply chain attack could have had access to repositories containing the source code for a limited number of components used by Azure, Intune, and Exchange. In […]

The post SolarWinds hackers had access to components used by Azure, Intune, and Exchange appeared first on Security Affairs.

Read More SolarWinds hackers had access to components used by Azure, Intune, and Exchange

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. WatchDog is one of the largest and longest-lasting Monero cryptojacking operations uncovered by security experts, […]

The post WatchDog botnet targets Windows and Linux servers in cryptomining campaign appeared first on Security Affairs.

Read More WatchDog botnet targets Windows and Linux servers in cryptomining campaign

The OpenSSL Project addressed three vulnerabilities, including two denial-of-service (DoS) issues and a bug in the SSLv2 rollback protection. The OpenSSL Project released security patches to address three vulnerabilities, two denial-of-service (DoS) flaws, and an incorrect SSLv2 rollback protection issue. The fist vulnerability, tracked as CVE-2021-23841, is a NULL pointer dereference issue that can be […]

The post The OpenSSL Project addressed three vulnerabilities appeared first on Security Affairs.

Read More The OpenSSL Project addressed three vulnerabilities

The US DOJ charged three members of the North Korea-linked Lazarus Advanced Persistent Threat (APT) group. The U.S. Justice Department indicted three North Korean military intelligence officials, members of the Lazarus APT group, for their involvement in cyber-attacks, including the theft of $1.3 billion in money and crypto-currency from organizations around the globe. The indictment […]

The post US DoJ charges three members of the North Korea-linked Lazarus APT group appeared first on Security Affairs.

Read More US DoJ charges three members of the North Korea-linked Lazarus APT group

Malvertising gang ScamClub has exploited an unpatched zero-day vulnerability in WebKit-based browsers in a campaign aimed at realizing online gift card scams. The Malvertising gang ScamClub has abused an unpatched zero-day vulnerability in WebKit-based browsers to bypass security measures and redirect users from legitimate sites to websites hosting online gift card scams. The malvertising campaign […]

The post ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams appeared first on Security Affairs.

Read More ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams

French software firm Centreon announced this week that the recently disclosed supply chain attack did not impact its paid customers. The French security agency ANSSI recently warned of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates […]

The post Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software appeared first on Security Affairs.

Read More Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication. Although exists a strong adoption of technologies with the goal of protecting the final user such as plugins, tokens, e-tokens, two-factor-authentication mechanisms, CHIP, PIN […]

The post Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware appeared first on Security Affairs.

Read More Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Experts at Shielder disclosed a flaw in the Telegram app that could have exposed users’ secret messages, photos, and videos to remote attackers. Researchers at cyber security firm Shielder discovered a critical flaw affecting iOS, Android, and macOS versions of the instant messaging app Telegram. The experts discovered that sending a sticker to a Telegram user could […]

The post Telegram flaw could have allowed access to users secret chats appeared first on Security Affairs.

Read More Telegram flaw could have allowed access to users secret chats

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost. ngrok is a cross-platform application used to […]

The post Hackers abusing the Ngrok platform phishing attacks appeared first on Security Affairs.

Read More Hackers abusing the Ngrok platform phishing attacks

Multiple vulnerabilities in the popular file-sharing app SHAREit have yet, to be addressed, experts from Trend Micro warned. SHAREit is a popular file-sharing Android app with more than one billion downloads, experts from Trend Micro discovered multiple unpatched vulnerabilities in its code. The vulnerabilities impact the Android version of SHAREit, a mobile app that allows users […]

The post Popular SHAREit app is affected by severe flaws yet to be fixed appeared first on Security Affairs.

Read More Popular SHAREit app is affected by severe flaws yet to be fixed

Experts discovered a new Bluetooth overlay skimmer that interferes with the ability of the terminal to read chip-based cards, forcing the use of the stripe. The popular investigator Brian Krebs reported the discovery of a new Bluetooth overlay skimmer that interfered with the terminal’s ability to read chip-based cards, forcing the use of the magnetic […]

The post A new Bluetooth overlay skimmer block chip-based transactions appeared first on Security Affairs.

Read More A new Bluetooth overlay skimmer block chip-based transactions

VMware released security patches for a potentially serious vulnerability affecting the vSphere Replication product. VMware has recently released security patches to address a serious command injection vulnerability, tracked as CVE-2021-21976, in its vSphere Replication product. VMware vSphere Replication is an extension to VMware vCenter Server that provides hypervisor-based virtual machine replication and recovery. vSphere Replication […]

The post VMware fixes command injection issue in vSphere Replication appeared first on Security Affairs.

Read More VMware fixes command injection issue in vSphere Replication

French agency ANSSI attributes a series of attacks targeting Centreon servers to the Russia-linked Sandworm APT group. The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back […]

The post France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers appeared first on Security Affairs.

Read More France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack Microsoft’s analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers. Microsoft president Brad Smith provided further details about the investigation of the SolarWinds supply chain attack, the company’s analysis of […]

The post The malicious code in SolarWinds attack was the work of 1,000+ developers appeared first on Security Affairs.

Read More The malicious code in SolarWinds attack was the work of 1,000+ developers

An international operation conducted in Ukraine and France lead to the arrest of criminals believed to be affiliated with the Egregor RaaS. Some affiliated with the Egregor RaaS, not the main ransomware gang, have been arrested as a result of a joint operation conducted by law enforcement in Ukraine and France. Authorities did not reveal […]

The post French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine appeared first on Security Affairs.

Read More French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine

The administrators of the most popular carding marketplace on the dark web Joker’s Stash announced his retirement. Cybercriminal behind the most prominent carding marketplace on the dark web Joker’s Stash retires, he will shut down its servers and destroy the backups. According to Forbes, the man has amassed a billion dollars worth of Bitcoin with […]

The post The kingpin behind Joker’s Stash retires with a billionaire exit appeared first on Security Affairs.

Read More The kingpin behind Joker’s Stash retires with a billionaire exit

PayPal has addressed a reflected cross-site scripting (XSS) vulnerability that affected the currency converter feature of user wallets.  PayPal has fixed a reflected cross-site scripting (XSS) vulnerability that was discovered in the currency converter feature of user wallets on February 19, 2020, close one year ago. The ‘reflected XSS and CSP bypass’ vulnerability was reported […]

The post PayPal addresses reflected XSS bug in user wallet currency converter appeared first on Security Affairs.

Read More PayPal addresses reflected XSS bug in user wallet currency converter

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. COMB breach: 3.2B email and password pairs leaked online Hacking Nespresso machines to have unlimited funds to purchase […]

The post Security Affairs newsletter Round 301 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 301

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. The FBI issues this week a Private Industry Notification (PIN) alert to warn companies about the risks of using out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. The alert comes […]

The post FBI’s alert warns about using Windows 7 and TeamViewer appeared first on Security Affairs.

Read More FBI’s alert warns about using Windows 7 and TeamViewer

Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may have a tool to access private Signal messages. The documents revealed that encrypted messages can be intercepted from […]

The post Court documents show FBI could use a tool to access private Signal messages on iPhones appeared first on Security Affairs.

Read More Court documents show FBI could use a tool to access private Signal messages on iPhones

Personal and Corporate data is now regularly targeted and traded by unscrupulous actors, protect it with a proactive Cyber Defense solution. If your enemy is secure at all points, be prepared for them. If they are in superior strength, evade them. If your opponent is temperamental, seek to irritate him. Pretend to be weak, that […]

The post The Importance of a Proactive Cyber Defense Solution To Protect Your Critical Data appeared first on Security Affairs.

Read More The Importance of a Proactive Cyber Defense Solution To Protect Your Critical Data

Google revealed that Gmail users from the United States are the most targeted by email-based phishing and malware. A joint five-month study conducted by Google with Stanford University researchers analyzed over 1.2 billion email-based phishing and malware attacks against Gmail users to determine what are factors influence the risk of attack. Experts discovered that malicious […]

The post Gmail users from US most targeted by email-based phishing and malware appeared first on Security Affairs.

Read More Gmail users from US most targeted by email-based phishing and malware

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system administrators was caught selling access to 4,887 user email accounts. The security incident was discovered […]

The post Yandex security team caught admin selling access to users’ inboxes appeared first on Security Affairs.

Read More Yandex security team caught admin selling access to users’ inboxes

Researchers at TIM’s Red Team Research discovered a zero-day vulnerability in IBM InfoSphere Information Server. Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered a new critical vulnerability in IBM InfoSphere Information Server. The flaw has not addressed by IBM, because the product version 8.5.0.0 is in End-of-life. Today, TIM’s Red Team Research led […]

The post TIM’s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM InfoSphere Information Server appeared first on Security Affairs.

Read More TIM’s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM InfoSphere Information Server

Researchers from Microsoft are warning that the number of monthly web shell attacks has doubled since last year. Microsoft reported that the number of monthly web shell attacks has almost doubled since last year, its experts observed an average of 140,000 of these software installs on servers on a monthly basis, while in 2020 they […]

The post Microsoft warns of the rise of web shell attacks appeared first on Security Affairs.

Read More Microsoft warns of the rise of web shell attacks

Security expert Dhiraj Mishra analyzed the popular instant messaging app Telegram and identified some failures in terms of handling the users’ data. Summary: While understanding the implementation of various security and privacy measures in Telegram, I identified that telegram fails again in terms of handling the users data. My initial study started with understanding how self-destructing […]

The post The “P” in Telegram stands for Privacy appeared first on Security Affairs.

Read More The “P” in Telegram stands for Privacy

The fresh release of the Latin American Lampion trojan was updated with a new C2 address. Lampion trojan disseminated in Portugal using COVID-19 template. In the last few days, a new release of the Latin American Lampion trojan was released in Portugal using a template related to COVID-19. This trojan has been distributed in Portugal […]

The post Lampion trojan disseminated in Portugal using COVID-19 template appeared first on Security Affairs.

Read More Lampion trojan disseminated in Portugal using COVID-19 template

An expert released a free decryption tool for the Avaddon ransomware, but operators quickly updated malware code to make it inefficient. The Spanish student Javier Yuste has released a free decryption tool for the Avaddon ransomware that can be used by the victims to recover their encrypted files for free. Yuste is a student at […]

The post Avaddon ransomware decryptor released, but operators quickly reacted appeared first on Security Affairs.

Read More Avaddon ransomware decryptor released, but operators quickly reacted

Lookout researchers provided details about two Android spyware families employed by an APT group tracked as Confucius. Researchers at mobile security firm Lookout have provided details about two recently discovered Android spyware families, dubbed Hornbill and SunBird, used by an APT group named Confucius. Confucius is a pro-India APT group that has been active since […]

The post Experts spotted two Android spyware used by Indian APT Confucius appeared first on Security Affairs.

Read More Experts spotted two Android spyware used by Indian APT Confucius

A total of eight criminals have been arrested on 9 February as a result of an international police operation into a series of SIM swapping attacks.  Eight men were arrested in England and Scotland as part of a year-long international investigation into a series of SIM swapping attacks targeting high-profile victims in the United States. […]

The post Law enforcement arrested 8 people that targeted celebrities with SIM swapping attacks appeared first on Security Affairs.

Read More Law enforcement arrested 8 people that targeted celebrities with SIM swapping attacks

SAP released seven new security notes on February 2021 Security Patch Day, including a Hot News note for a critical issue affecting SAP Commerce. SAP released seven new security notes on February 2021 Security Patch Day and updated six previously released notes. The new security notes include a Hot News note that addresses a critical vulnerability, tracked as CVE-2021-21477, […]

The post SAP addresses a critical flaw in SAP Commerce Product appeared first on Security Affairs.

Read More SAP addresses a critical flaw in SAP Commerce Product

Antivirus firm Emsisoft discloses a data breach, a third-party had access to a publicly exposed database containing technical logs. The anti-malware solutions provider Emsisoft disclosed last week a data breach. The company revealed that a third-party had accessed a publicly exposed database containing technical logs. The root cause of the incident was a misconfiguration of […]

The post Anti-malware firm Emsisoft accidentally exposes internal DB appeared first on Security Affairs.

Read More Anti-malware firm Emsisoft accidentally exposes internal DB

The gaming firm CD Projekt Red, which developed popular games like Cyberpunk 2077 and The Witcher, has disclosed a ransomware attack. The gaming firm CD Projekt Red, which developed popular games like Cyberpunk 2077 and The Witcher series, has suffered a ransomware attack. The company confirmed the security breach with a series of messages on […]

The post CD Projekt Red game maker discloses ransomware attack appeared first on Security Affairs.

Read More CD Projekt Red game maker discloses ransomware attack

Adobe released security patches for 50 flaws affecting six products, including a zero-day flaw in Reader that has been exploited in the wild. Adobe has released security updates that address 50 vulnerabilities affecting its Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver products. Adobe fixed 23 CVEs in Adobe Reader, 17 of which have been rated […]

The post Adobe fixes a buffer overflow issue in Reader which is exploited in the wild appeared first on Security Affairs.

Read More Adobe fixes a buffer overflow issue in Reader which is exploited in the wild

Microsoft February 2021 Patch Tuesday addresses 56 vulnerabilities, including a flaw that is known to be actively exploited in the wild. Microsoft February 2021 Patch Tuesday security updates address 56 CVEs in multiple products, including Windows components, .NET Framework, Azure IoT, Azure Kubernetes Service, Microsoft Edge for Android, Exchange Server, Office and Office Services and […]

The post Microsoft February 2021 Patch Tuesday fixes 56 bugs, including an actively exploited Windows zero-day appeared first on Security Affairs.

Read More Microsoft February 2021 Patch Tuesday fixes 56 bugs, including an actively exploited Windows zero-day

An international operation conducted by Ukraine’s police, along with the US and Australia peers, shut down the world’s largest phishing Service U-Admin. Last week, an international operation conducted by Ukraine’s police, along with the US and Australian authorities, lead to the shut down of the world’s phishing framework U-Admin. The National Police and its Main […]

The post Ukraine’s police arrested the author of the U-Admin phishing kit appeared first on Security Affairs.

Read More Ukraine’s police arrested the author of the U-Admin phishing kit

The development team behind the NextGen Gallery plugin has addressed two severe CSRF vulnerabilities that could have allowed site takeover. The developers behind the NextGen Gallery plugin have fixed two critical Cross-site request forgery (CSRF) vulnerabilities, their exploitation could lead to a site takeover, malicious redirects, spam injection, phishing, and other malicious activities. The NextGEN […]

The post Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs appeared first on Security Affairs.

Read More Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

Microsoft implements alerts for ‘nation-state activity’ in the Defender for Office 365 dashboard, to allow organizations to quickly respond. Since 2016, Microsoft has been alerting users of nation-state activity, now the IT giant added the same service to the Defender for Office 365 dashboard. The new security alert will notify companies when their employees are […]

The post Microsoft to notify Office 365 users of nation-state attacks appeared first on Security Affairs.

Read More Microsoft to notify Office 365 users of nation-state attacks