Author: Pierluigi Paganini

Cisco fixes an OS command-injection flaw, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco addressed a high-severity OS command-injection vulnerability, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco SD-WAN is a cloud-delivered overlay WAN architecture […]

The post Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now! appeared first on Security Affairs.

Read More Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now!

The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The U.S. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. The popular library has million of weekly downloads. “Versions of a popular […]

The post Supply-chain attack on NPM Package UAParser, which has millions of daily downloads appeared first on Security Affairs.

Read More Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Facebook developed a new tool that allows security experts to look for Server-Side Request Forgery (SSRF) vulnerabilities in their software. Facebook announced to have designed a new tool, named SSRF Dashboard, that allows security researchers to search for Server-Side Request Forgery (SSRF) vulnerabilities. Server-side request forgery is a web security vulnerability that allows an attacker […]

The post Facebook SSRF Dashboard allows hunting SSRF vulnerabilities appeared first on Security Affairs.

Read More Facebook SSRF Dashboard allows hunting SSRF vulnerabilities

Groove ransomware operators call on other ransomware groups to stop competing and join the forces to fight against the US. The Groove ransomware gang is calling on other ransomware groups to attack US public sector after a an operation of of law enforcement shut down the infrastructure of the REvil gang. “The ransomware group REvil […]

The post Groove ransomware group calls on other ransomware gangs to hit US public sector appeared first on Security Affairs.

Read More Groove ransomware group calls on other ransomware gangs to hit US public sector

Darkside and BlackMatter ransomware operators have moved a large amount of their Bitcoin reserves after the recent shutdown of REvil’s infrastructure. The gangs behind the Darkside and BlackMatter ransomware operations have moved 107 BTC ($6.8 million) after the news of the recent shutdown of REvil’s infrastructure by law enforcement agencies. “The ransomware group REvil was […]

The post DarkSide ransomware operators move 6.8M worth of Bitcoin after REvil shutdown appeared first on Security Affairs.

Read More DarkSide ransomware operators move 6.8M worth of Bitcoin after REvil shutdown

FIN7 hacking group created fake cybersecurity companies to hire experts and involve them in ransomware attacks tricking them of conducting a pentest. The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang space creates fake cybersecurity companies that hire experts requesting them to […]

The post FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks appeared first on Security Affairs.

Read More FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Bitdefender researchers discovered a new Rootkit named FiveSys that abuses Microsoft-Issued Digital Signature signature to evade detection. FiveSys is a new rootkit discovered by researchers from Bitdefender, it is able to evade detection by abusing a Microsoft-issued digital signature. Driver packages that pass Windows Hardware Lab Kit (HLK) testing can be digitally-signed by Microsoft WHQL (Windows Hardware Quality […]

The post FiveSys, a new digitally-signed rootkit spotted by Bitdefender experts appeared first on Security Affairs.

Read More FiveSys, a new digitally-signed rootkit spotted by Bitdefender experts

Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. Bleeping Computer, citing Emsisoft CTO Fabian Wosar, reported that the Macaw […]

The post Evil Corp rebrands their ransomware, this time is the Macaw Locker appeared first on Security Affairs.

Read More Evil Corp rebrands their ransomware, this time is the Macaw Locker

A vulnerability in the WinRAR is a trialware file archiver utility for Windows could be exploited by a remote attacker to hack a system. Positive Technologies researcher Igor Sak-Sakovskiy discovered a remote code execution vulnerability, tracked as CVE-2021-35052, in the popular WinRAR trialware file archiver utility for Windows. The vulnerability affects the trial version of […]

The post A flaw in WinRAR could lead to remote code execution appeared first on Security Affairs.

Read More A flaw in WinRAR could lead to remote code execution

The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The United States Department of Justice sentenced to prison two individuals involved in providing bulletproof hosting to various malware operations, including Citadel, SpyEye, Zeus, and the Blackhole exploit kit. The two individuals, Aleksandr Skorodumov (33) of Lithuania, […]

The post Administrators of bulletproof hosting sentenced to prison in the US appeared first on Security Affairs.

Read More Administrators of bulletproof hosting sentenced to prison in the US

The Commerce Department’s Bureau of Industry and Security (BIS) would ban U.S. firms from selling hacking tools to authoritarian regimes. The Commerce Department’s Bureau of Industry and Security (BIS) would introduce a new export control rule aimed at banning the export or resale of hacking tools to authoritarian regimes.  The rule announced by the BIS […]

The post US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes appeared first on Security Affairs.

Read More US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes

Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look out for in 2022. Malicious actors are continually looking for better ways to carry out successful cyber attacks. Whether motivated by a potential payday or the ability to access confidential information, cybercriminals have plenty of […]

The post Top 5 Attack Vectors to Look Out For in 2022 appeared first on Security Affairs.

Read More Top 5 Attack Vectors to Look Out For in 2022

Researchers warn of a new evolution of the PurpleFox botnet, operators included exploits and leverage WebSockets for C2 communication. Researchers from TrendMicro have documented a recent evolution of the PurpleFox botnet, the experts discovered a new .NET backdoor, dubbed FoxSocket, that is highly associated with the PurpleFox operation. Its operators have added new exploits and […]

The post PurpleFox botnet variant uses WebSockets for more secure C2 communication appeared first on Security Affairs.

Read More PurpleFox botnet variant uses WebSockets for more secure C2 communication

Tech giant Acer was hacked again in a few days, after the compromise of the servers in India, threat actors also breached some of its systems in Taiwan. Tech giant Acer was hacked twice in a week, the same threat actor (Desorden) initially breached some of its servers in India, now it is claiming to […]

The post Acer suffers a second data breach in a week appeared first on Security Affairs.

Read More Acer suffers a second data breach in a week

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. A China-linked hacking group, tracked as LightBasin (aka UNC1945), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. The cyberespionage group has been active […]

The post China-linked LightBasin group accessed calling records from telcos worldwide appeared first on Security Affairs.

Read More China-linked LightBasin group accessed calling records from telcos worldwide

Zero-day exploit broker Zerodium announced it is looking for zero-day vulnerabilities in the Windows clients of ExpressVPN, NordVPN, and Surfshark. Zerodium is looking to pay for zero-day exploits for vulnerabilities in the Windows clients of three virtual private network (VPN) service providers, ExpressVPN, NordVPN, and Surfshark. The company announced with a message posted on Twitter: […]

The post Zerodium is looking for zero-day exploits in ExpressVPN, NordVPN, and Surfshark Windows VPN clients appeared first on Security Affairs.

Read More Zerodium is looking for zero-day exploits in ExpressVPN, NordVPN, and Surfshark Windows VPN clients

Sentinel Labs experts have analyzed the new Karma ransomware and speculate it represents an evolution of the Nemty ransomware operation. Karma ransomware is a new threat that was first spotted in June of 2021, it is important to distinguish it from a different threat with the same name that is active since 2016. Sentinel Labs […]

The post Experts found many similarities between the new Karma Ransomware and Nemty variants appeared first on Security Affairs.

Read More Experts found many similarities between the new Karma Ransomware and Nemty variants

Symantec spotted a previously unknown nation-state actor, tracked as Harvester, that is targeting telecommunication providers and IT firms in South Asia. Symantec spotted a previously unknown nation-state actor, tracked as Harvester, that is using a custom implant, dubbed Backdoor.Graphon, in attacks aimed at telecommunication providers, IT firms, and government entities in South Asia. At this […]

The post Symantec uncovered a previously unknown nation-state actor, named Harvester, that targeted telcos appeared first on Security Affairs.

Read More Symantec uncovered a previously unknown nation-state actor, named Harvester, that targeted telcos

FBI, CISA, NSA have published a joint advisory about the operation of the BlackMatter ransomware gang and provides defense recommendations. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have published an advisory that provides details about the BlackMatter ransomware operations and defense recommendations. This advisory provides […]

The post FBI, CISA, NSA published a joint advisory on BlackMatter ransomware operations appeared first on Security Affairs.

Read More FBI, CISA, NSA published a joint advisory on BlackMatter ransomware operations

Trustwave’s SpiderLabs researchers have released a free decryptor for the BlackByte ransomware that can allow victims to recover their files. Researchers from Trustwave’s SpiderLabs have released a decryptor that can allow victims of the BlackByte ransomware to restore their files for free. The experts spotted the BlackByte ransomware while investigating a recent malware incident. The […]

The post Trustwave released a free decryptor for the BlackByte ransomware appeared first on Security Affairs.

Read More Trustwave released a free decryptor for the BlackByte ransomware

The Uptycs Threat Research Team spotted a campaign in which the TeamTNT threat actors deployed a malicious container image on Docker hub. The Uptycs Threat Research Team recently identified a campaign in which the TeamTNT threat actors deployed a malicious container image (hosted on Docker Hub) with an embedded script to download Zgrab scanner and masscanner—penetration testing tools […]

The post TeamTNT Deploys Malicious Docker Image On Docker Hub appeared first on Security Affairs.

Read More TeamTNT Deploys Malicious Docker Image On Docker Hub

Experts discovered several unprotected installs of open source event monitoring solution Prometheus that may expose sensitive data. JFrog researchers have discovered multiple unprotected instances of open source event monitoring solution Prometheus that may leak sensitive data. The solution scrapes real-time metrics from multiple endpoints, it is used by several major organizations such as Uber. Prometheus’ […]

The post Prometheus endpoint unprotected installs could expose sensitive data appeared first on Security Affairs.

Read More Prometheus endpoint unprotected installs could expose sensitive data

A ransomware attack is likely the cause of the recent downtime for TV stations owned by the Sinclair Broadcast Group broadcast television company. TV stations owned by the Sinclair Broadcast Group went down over the weekend officially due to technical issues, but some media [1,2] reported that it was a victim of a ransomware attack. […]

The post Sinclair TV stations downtime allegedly caused by a ransomware attack appeared first on Security Affairs.

Read More Sinclair TV stations downtime allegedly caused by a ransomware attack

It seems that the REvil ransomware operation has shut down once again after a threat actor has hijacked their Tor hidden service. The REvil ransomware gang has shut down its operation once again after a threat actor has hijacked their Tor leak site and payment portal. The news of the hack was shared by the […]

The post REvil ransomware operation shuts down once again appeared first on Security Affairs.

Read More REvil ransomware operation shuts down once again

Researchers warn of an Ad-Blocking Chrome extension that was abused by threat actors to Injecting Ads in Google search pages. Researchers from Imperva have spotted a new deceptive ad injection campaign that is targeting users of some large websites leveraging an AD-blocking extension, named AllBlock, that is available on both Chrome and Opera browsers. Ad […]

The post Experts spotted an Ad-Blocking Chrome extension injecting malicious ads appeared first on Security Affairs.

Read More Experts spotted an Ad-Blocking Chrome extension injecting malicious ads

White hat hackers earned $1.88 million at the Tianfu Cup hacking contest by finding vulnerabilities in popular software. The Tianfu Cup is the most important hacking contest held in China, this year white hat hackers earned $1.88 Million on a total bonus of up to $1.5 Million by demonstrating vulnerabilities in popular software. The edition […]

The post Experts hacked a fully patched iOS 15 running on iPhone 13 at China’s Tianfu Cup hacking contest appeared first on Security Affairs.

Read More Experts hacked a fully patched iOS 15 running on iPhone 13 at China’s Tianfu Cup hacking contest

Twitch provided an update for the recent security breach, the company confirmed that it only had a limited impact on a small number of users. Twitch downplayed the recent security breach in an update, the company said it only impacted a small number of users. According to the update, login credentials or full payment card […]

The post Twitch security breach had minimal impact, the company states appeared first on Security Affairs.

Read More Twitch security breach had minimal impact, the company states

The customers of Banco Pichincha, the largest bank in Ecuador, are still experiencing service disruptions after a massive cyberattack hit the financial organization early this week. The cyberattack took place over the last weekend and forced the bank to shut down a large part of its computer network in response to the incident. Many services […]

The post Ecuador’s Banco Pichincha has yet to recover after recent cyberattack appeared first on Security Affairs.

Read More Ecuador’s Banco Pichincha has yet to recover after recent cyberattack

TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware. The gang support other cybercrime groups such as known Hive0105, Hive0106 (aka TA551 or Shathak), and […]

The post Trickbot spreads malware through new distribution channels appeared first on Security Affairs.

Read More Trickbot spreads malware through new distribution channels

Russia-linked TA505 group leverages a lightweight Office file to spread malware in a campaign, tracked as MirrorBlast, aimed at financial institutions. Russia-linked APT group TA505 (e.g. Evil Corp) is leveraging a lightweight Office file in a new malware campaign, tracked as MirrorBlast, targeting financial institutions in multiple geographies. TA505 hacking group has been active since 2014 […]

The post Russia-Linked TA505 targets financial institutions in a new malspam campaign appeared first on Security Affairs.

Read More Russia-Linked TA505 targets financial institutions in a new malspam campaign

The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) linked roughly $5.2 billion worth of Bitcoin transactions to ransomware. The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has identified approximately $5.2 billion worth of Bitcoin transactions likely associated with operations of top 10 most commonly reported ransomware variants FinCEN analyzed a data set composed […]

The post US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments appeared first on Security Affairs.

Read More US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

IT and consulting giant Accenture confirmed a data breach after the ransomware attack conducted by LockBit operators in August 2021. Global IT consultancy giant Accenture discloses a data breach after the LockBit ransomware attack that hit the company in August 2021. News about the attack was included in the company’s financial report for the fourth quarter […]

The post Accenture discloses data breach after LockBit ransomware attack appeared first on Security Affairs.

Read More Accenture discloses data breach after LockBit ransomware attack

Cybersecurity provider Juniper Networks released more than 40 security advisories to address over 70 vulnerabilities that affect its solutions. Cybersecurity provider Juniper Networks released more than 40 security advisories to address more than 70 vulnerabilities that affect its solutions. US CISA also issued a security advisory to warn organizations of the security updates released by […]

The post Juniper Networks released +40 security advisories to fix +70 vulnerabilities appeared first on Security Affairs.

Read More Juniper Networks released +40 security advisories to fix +70 vulnerabilities

A group of researchers from the Graz University of Technology and CISPA Helmholtz Center for Information Security devised a new side-channel attack that affects AMD CPUs. Researchers Moritz Lipp and Daniel Gruss of the Graz University of Technology and Michael Schwarz of the CISPA Helmholtz Center for Information Security devised a new side-channel attack that […]

The post Boffins devise a new side-channel attack affecting all AMD CPUs appeared first on Security Affairs.

Read More Boffins devise a new side-channel attack affecting all AMD CPUs

A joint cybersecurity advisory published by US agencies revealed that three ransomware attacks on wastewater systems this year. A joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA revealed three more attacks launched by Ransomware gangs against US water and wastewater treatment facilities (WWS) this year. This is the first time that these attacks […]

The post Three more ransomware attacks hit Water and Wastewater systems in 2021 appeared first on Security Affairs.

Read More Three more ransomware attacks hit Water and Wastewater systems in 2021

WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats. WhatsApp is rolling out end-to-end encrypted chat backups on both iOS and Android devices, the move aims at implementing an optional layer of security to protect backups stored on Google Drive or iCloud cloud storage. Currently, WhatsApp […]

The post WhatsApp made available end-to-end encrypted chat backups appeared first on Security Affairs.

Read More WhatsApp made available end-to-end encrypted chat backups

The popular Google’s VirusTotal scanning service has published an interesting analysis of more than 80 Million ransomware samples. VirusTotal has published its first ransomware activity report based on the analysis of more than 80 million samples that have been uploaded from 140 countries worldwide. Since 2020, at least 130 different ransomware families have been active. […]

The post Since 2020, at least 130 different ransomware families have been active appeared first on Security Affairs.

Read More Since 2020, at least 130 different ransomware families have been active

Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. The data were provided by Google’s Threat Analysis Group (TAG), which tracks government-backed hacking campaign, which warns of a […]

The post Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020 appeared first on Security Affairs.

Read More Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

The Hillel Yaffe Medical Center in Hadera, Israel, was hit by a ransomware attack that was defined by Israel’s National Cyber Directorate as a “major” attack. The Hillel Yaffe Medical Center in Hadera, Israel was hit by a ransomware attack that impacted the system of the hospital. Local media outlets reported that the hospital has […]

The post For the first time, an Israeli hospital was hit by a major ransomware attack appeared first on Security Affairs.

Read More For the first time, an Israeli hospital was hit by a major ransomware attack

The Hillel Yaffe Medical Center in Hadera, Israel, was hit by a ransomware attack that was defined by Israel’s National Cyber Directorate as a “major” attack. The Hillel Yaffe Medical Center in Hadera, Israel was hit by a ransomware attack that impacted the system of the hospital. Local media outlets reported that the hospital has […]

The post For the first time, an Israeli hospital was hit by a major ransomware attack appeared first on Security Affairs.

Read More For the first time, an Israeli hospital was hit by a major ransomware attack

Taiwanese electronics technology giant Acer discloses a security breach suffered by its after-sales service systems in India after an isolated attack. Bad news for the Taiwanese electronics technology giant Acer, it disclosed a second security breach this year. The company revealed that its after-sales service systems in India were hit by an isolated attack. The […]

The post Acer suffered the second security breach in a few months appeared first on Security Affairs.

Read More Acer suffered the second security breach in a few months

Researchers spotted a new strain of ransomware, dubbed Yanluowang, that was used in highly targeted attacks against enterprises. Researchers from Symantec Threat Hunter Team discovered a ransomware family, tracked as Yanluowang ransomware that was used in highly targeted attacks against large enterprises. The discovery is part of an investigation into a recent attempted ransomware attack […]

The post New Yanluowang ransomware used in highly targeted attacks on large orgs appeared first on Security Affairs.

Read More New Yanluowang ransomware used in highly targeted attacks on large orgs

Apple has silently addressed a zero-day vulnerability that could allow attackers to gain access to sensitive user data. Apple has silently addressed zero-day vulnerability with the release of iOS 15.0.2, the vulnerability could allow attackers gain access to sensitive user information. The flaw was reported to the IT giant by software developers Denis Tokarev seven […]

The post Apple silently fixed iOS zero-day without crediting the expet who reported it appeared first on Security Affairs.

Read More Apple silently fixed iOS zero-day without crediting the expet who reported it

The MyKings botnet (aka Smominru or DarkCloud) is still alive and continues to spread, allowing its operators to make huge amounts of money. Avast Threat Labs researchers reported that the MyKings botnet (aka Smominru or DarkCloud) is still alive and is allowing its operators to earn huge amounts of money via cryptomining activities. Avast researchers reported […]

The post MyKings botnet operators already amassed at least $24 million appeared first on Security Affairs.

Read More MyKings botnet operators already amassed at least $24 million

Dutch police warn customers of a distributed denial-of-service (DDoS) website of stopping using the service to avoid prosecution. Dutch police warn customers of a booter service, abused to carry out distributed denial-of-service (DDoS) attacks, of to stop using it to avoid prosecution. The letter sent by the Dutch Police aims to work as a deterrent […]

The post Dutch police warn customers of a popular DDoS booter service appeared first on Security Affairs.

Read More Dutch police warn customers of a popular DDoS booter service

Threat actors are using mathematical symbols on impersonated company logos to evade detection in phishing campaigns. Researchers from anti-phishing cybersecurity firm INKY have detailed a new technique to evade detection in phishing attacks, it leverages using mathematical symbols on impersonated company logos. The experts analyzed the case of a campaign targeting the customers of the […]

The post Crooks use math symbols to evade anti-phishing solutions appeared first on Security Affairs.

Read More Crooks use math symbols to evade anti-phishing solutions

A Chinese-speaking hacking group exploited a Windows zero-day vulnerability in a wave of attacks on defense and IT businesses. A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a new remote access trojan (RAT), tracked as MysterySnail. The attacks were conducted between late August and early September 2021 […]

The post Chinese APT IronHusky use Win zero-day in recent wave of attacks appeared first on Security Affairs.

Read More Chinese APT IronHusky use Win zero-day in recent wave of attacks

The FreakOut (aka Necro, N3Cr0m0rPh) Python botnet evolves, it now includes a recently published PoC exploit for Visual Tools DVR. Operators behind the FreakOut (aka Necro, N3Cr0m0rPh) Python botnet have added a PoC exploit for Visual Tools DVR, a professional digital video recorder used in surveillance video systems. The POC exploit code for this vulnerability is publicly […]

The post Necro botnet now targets Visual Tools DVRs appeared first on Security Affairs.

Read More Necro botnet now targets Visual Tools DVRs

Adobe addressed ten vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products. Adobe has released security updates to address ten vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products. The IT giant addressed four vulnerabilities in Acrobat and Reader for Windows and macOS, two arbitrary code execution flaws, tracked […]

The post Adobe addresses four critical flaws in its products appeared first on Security Affairs.

Read More Adobe addresses four critical flaws in its products

Olympus US was forced to take down IT systems in the American region (U.S., Canada, and Latin America) following a cyberattack. The medical technology giant Olympus was forced to shut down its computer network in America (U.S., Canada, and Latin America) following a cyberattack. The attack took place on October 10, 2021. “Upon detection of […]

The post Olympus US was forced to take down computer systems due to cyberattack appeared first on Security Affairs.

Read More Olympus US was forced to take down computer systems due to cyberattack

Git GUI client GitKraken team fixed a flaw that lead to the generation of weak SSH keys, users are recommended to revoke and renew their keys. The development team behind the Git GUI client GitKraken has fixed a vulnerability that was leading to the generation of weak SSH keys. The developers addressed the flaw with […]

The post GitKraken flaw lead to the generation of weak SSH keys appeared first on Security Affairs.

Read More GitKraken flaw lead to the generation of weak SSH keys

Microsoft Azure cloud service mitigated a massive DDoS attack of 2.4 terabytes per second (Tbps) at the end of August, it is the largest DDoS attack to date. Microsoft announced that its Azure cloud service mitigated a 2.4 terabytes per second (Tbps) DDoS attack at the end of August, it represents the largest DDoS attack […]

The post Microsoft mitigated a record 2.4 Tbps DDoS attack in August appeared first on Security Affairs.

Read More Microsoft mitigated a record 2.4 Tbps DDoS attack in August

Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the wild. Apple has released iOS 15.0.2 and iPadOS 15.0.2 to address a zero-day flaw, tracked as CVE-2021-30883, that is actively exploited in the wild. The flaw is a critical memory corruption issue that resides in […]

The post Apple released emergency update to fix zero-day actively exploited appeared first on Security Affairs.

Read More Apple released emergency update to fix zero-day actively exploited

Ukrainian police arrested a cybercriminal who controlled a botnet composed of 100,000 devices that was available for rent to launch DDoS attacks. Security Service of Ukraine (SSU) has arrested a hacker who controlled a DDoS botnet composed of 100,000 devices that was available for rent. The botnet was also used for other malicious activities, including […]

The post Security Service of Ukraine arrested a man operating a huge DDoS botnet appeared first on Security Affairs.

Read More Security Service of Ukraine arrested a man operating a huge DDoS botnet

DEV-0343: Iran-linked threat actors are targeting US and Israeli defense technology companies leveraging password spraying attacks. Researchers at Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU) uncovered a malicious activity cluster, tracked as DEV-0343, that is targeting the Office 365 tenants of US and Israeli defense technology companies. Threat actors are launching extensive […]

The post Iran-linked DEV-0343 APT target US and Israeli defense technology firms appeared first on Security Affairs.

Read More Iran-linked DEV-0343 APT target US and Israeli defense technology firms

LibreOffice and OpenOffice released security updates to address a vulnerability that can be exploited by an attacker to spoof signed documents.  LibreOffice and OpenOffice released security updates to address a moderate-severity flaw that can allow attackers to manipulate documents to appear as signed by a trusted source.  “It is possible for an attacker to manipulate documents […]

The post Improper Certificate Validation issue in LibreOffice and OpenOffice allows signed docs spoofing appeared first on Security Affairs.

Read More Improper Certificate Validation issue in LibreOffice and OpenOffice allows signed docs spoofing

A Togolese human rights advocate was hit by mobile spyware that has been allegedly developed by an Indian firm called Innefu Labs. Researchers from Amnesty International have uncovered a cyberespionage campaign tracked as ‘Donot Team‘ (aka APT-C-35) which was orchestrated by threat actors in India and Pakistan. Experts believe the attackers used a spyware developed […]

The post Donot Team targets a Togo prominent activist with Indian-made spyware appeared first on Security Affairs.

Read More Donot Team targets a Togo prominent activist with Indian-made spyware

The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. A wildcard certificate is a public key certificate that can be used […]

The post NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks appeared first on Security Affairs.

Read More NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks

Medical device maker Medtronic recalled the remote controllers used with some of its insulin pumps because of dangerous vulnerabilities. Medical device maker Medtronic has recalled the remote controllers used with some of its insulin pumps because of they are affected by severe vulnerabilities that could lead to injury or death of the patients. An attacker can exploit the vulnerabilities […]

The post Medtronic recalls some controllers used with some of its insulin pumps over cyberattack risks appeared first on Security Affairs.

Read More Medtronic recalls some controllers used with some of its insulin pumps over cyberattack risks

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Previously undetected FontOnLake Linux malware used in targeted attacks Google addresses four high-severity flaws in Chrome Security […]

The post Security Affairs newsletter Round 335 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 335

ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that has been employed in targeted attacks. ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that was employed in targeted attacks on organizations in Southeast Asia. According to the experts, modules of this malware family are under development and continuously improved. […]

The post Previously undetected FontOnLake Linux malware used in targeted attacks appeared first on Security Affairs.

Read More Previously undetected FontOnLake Linux malware used in targeted attacks

Google has addressed a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac, and Linux. Google released security updates to address a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac, and Linux. The most severe vulnerability, tracked as CVE-2021-37977, is an after-free issue in Garbage Collection that could […]

The post Google addresses four high-severity flaws in Chrome appeared first on Security Affairs.

Read More Google addresses four high-severity flaws in Chrome

Security expert Dhiraj Mishra published an NMAP script for the CVE-2021-41773 Path Traversal vulnerability affecting Apache Web Server version 2.4.49. Security researcher Dhiraj Mishra released an NMAP script for the CVE-2021-41773 path traversal vulnerability affecting Apache Web Server version 2.4.49. This week Apache Software Foundation has released HTTP Web Server 2.4.51 to address an actively exploited path […]

The post Security expert published NMAP script for Apache CVE-2021-41773 vulnerability appeared first on Security Affairs.

Read More Security expert published NMAP script for Apache CVE-2021-41773 vulnerability

CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain containing production data. Original post @ https://cybernews.com/news/sky-com-servers-exposed-via-misconfiguration/ CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain, containing what appear to be production-level database access credentials, as well as addresses to development endpoints. Sky, a subsidiary of Comcast, is Europe’s largest […]

The post Sky.com servers exposed via misconfiguration appeared first on Security Affairs.

Read More Sky.com servers exposed via misconfiguration

American media conglomerate Cox Media Group (CMG) was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021. The American media conglomerate Cox Media Group (CMG) announced it was hit by a ransomware attack that caused the interruption of the live TV and radio broadcast streams in June […]

The post Cox Media Group took down broadcasts after a ransomware attack appeared first on Security Affairs.

Read More Cox Media Group took down broadcasts after a ransomware attack

Microsoft revealed that Russia-linked cyberespionage groups are behind the majority of the nation-state cyber attacks on US government agencies. Microsoft revealed that most of the cyber attacks on US government agencies are orchestrated by Russia-linked cyberespionage groups. According to the IT giant, approximately 58% of all nation-state attacks between July 2020 and June 2021 were […]

The post 58% of all nation-state attacks in the last year were launched by Russian nation-state actors appeared first on Security Affairs.

Read More 58% of all nation-state attacks in the last year were launched by Russian nation-state actors

The Dutch government will not tolerate ransomware attacks that could threaten national security, it will use intelligence or military services to curb them. The Dutch government announced that it will not tolerate cyberattacks that pose a risk to its national security and will employ intelligence or military services to counter them. Cyberespionage and sabotage attacks, […]

The post The Netherlands declares war on ransomware operations appeared first on Security Affairs.

Read More The Netherlands declares war on ransomware operations

Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns. On Wednesday, Google announced to have warned approximately 14,000 Gmail users that they had been targeted by nation-state hackers. Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch […]

The post Google warns of APT28 attack attempts against 14,000 Gmail users appeared first on Security Affairs.

Read More Google warns of APT28 attack attempts against 14,000 Gmail users

Apache Software Foundation has released HTTP Web Server 2.4.51 to completely address a vulnerability that has been actively exploited in the wild. Apache Software Foundation has released HTTP Web Server 2.4.51 to address an actively exploited path traversal vulnerability (CVE-2021-41773) that was only partially addressed with a previous release. An attacker can trigger the flaw […]

The post Apache rolled out a new update in a few days to fix incomplete patch for an actively exploited flaw appeared first on Security Affairs.

Read More Apache rolled out a new update in a few days to fix incomplete patch for an actively exploited flaw

Researchers detailed the activities of the FIN12 ransomware group that earned million of dollars over the past years. Researchers from Mandiant published a detailed report on the activities of a financially motivated ransomware group tracked as FIN12 that has been active since at least October 2018. The vast majority of FIN12 victims have more than […]

The post FIN12 ransomware gang don’t implement double extortion to prioritize speed appeared first on Security Affairs.

Read More FIN12 ransomware gang don’t implement double extortion to prioritize speed

Security researchers disclosed a new zero-day flaw in Apple’s macOS Finder that can allow attackers to run arbitrary commands on Macs. Independent security researcher Park Minchan disclosed a zero-day vulnerability in Apple’s macOS Finder that can be exploited by attackers to run arbitrary commands on Mac systems running any macOS version. The flaw is due […]

The post A zero-day flaw allows to run arbitrary commands on macOS systems appeared first on Security Affairs.

Read More A zero-day flaw allows to run arbitrary commands on macOS systems

Russia-linked cyber espionage group Turla made the headlines again, the APT has employed a new backdoor in a recent wave of attacks Cisco Talos researchers reported that the Russia-linked Turla APT group recently used a new backdoor, dubbed TinyTurla, in a series of attacks against the US, Germany, and Afghanistan. The threat actors are using […]

The post Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US appeared first on Security Affairs.

Read More Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US

Apache OpenOffice (AOO) is currently impacted by a remote code execution flaw, tracked as CVE-2021-33035, that has yet to be fixed in the official release. Security researcher Eugene Lim (@spaceraccoonsec) recently revealed technical details about a remote code execution flaw, tracked as CVE-2021-33035, (CVE-2021-33035) that impacts OpenOffice (AOO). The experts disclosed the flaw at HackerOne’s […]

The post Apache OpenOffice is currently impacted by a remote code execution flaw appeared first on Security Affairs.

Read More Apache OpenOffice is currently impacted by a remote code execution flaw

U.S. The farmers cooperative NEW Cooperative was hit by Black Matter ransomware gang that is demanding a $5.9 million ransom. BlackMatter ransomware gang hit NEW Cooperative, a farmer’s feed and grain cooperative, and is demanding a $5.9 million ransom. The ransomware gang claims to have stolen 1,000 GB of data including the source code for […]

The post Black Matter gang demanded a $5.9M ransom to NEW Cooperative appeared first on Security Affairs.

Read More Black Matter gang demanded a $5.9M ransom to NEW Cooperative

Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand. The popular cybersecurity research Bob Diachenko discovered his personal data online stored on an unprotected Elasticsearch database containing the personal details of more than 106 million visitors to Thailand. The expert discovered the unsecured database on August […]

The post Data of 106 million visitors to Thailand leaked online appeared first on Security Affairs.

Read More Data of 106 million visitors to Thailand leaked online

Security researchers uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries.  Researchers from cybersecurity firm Cyjax uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries.  The phishing campaign has been ongoing since spring 2020 when the domains were first transferred to their current host. At […]

The post Large phishing campaign targets EMEA and APAC governments appeared first on Security Affairs.

Read More Large phishing campaign targets EMEA and APAC governments

Europol, along with Italian and Spanish police, dismantled a major crime organization linked to the Italian Mafia that focuses on online frauds. Europol, along with law enforcement agencies in Italy and Spain, has dismantled a major crime group linked to the Italian Mafia that was involved in online fraud, drug trafficking, money laundering, and property […]

The post Europol arrested 106 fraudsters, members of a major crime ring appeared first on Security Affairs.

Read More Europol arrested 106 fraudsters, members of a major crime ring

A Pakistani national has been sentenced to 12 years of prison in the US for his role in a hacking scheme against the telecom giant AT&T. The Pakistani national Muhammad Fahd (35) was sentenced to 12 years of prison in the United States for his primary role in a seven-year scheme to illegally unlock nearly […]

The post Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme appeared first on Security Affairs.

Read More Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Numando, a new banking Trojan that abuses YouTube, Pastebin, and other public platforms as C2 infrastructure and to spread. ESET researchers spotted a new LATAM banking trojan, tracked as Numando, that abuses YouTube, Pastebin, and other public platforms as C2 infrastructure and to spread. The threat actor behind this banking Trojan has been active since […]

The post Numando, a new banking Trojan that abuses YouTube for remote configuration appeared first on Security Affairs.

Read More Numando, a new banking Trojan that abuses YouTube for remote configuration

The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry’s leading virtual private networks ExpressVPN, as part of a $936 million deal. Kape announced that the acquisition will more than double its overall customer base, from almost 3 million customers to more than […]

The post Why Edward Snowden is urging users to stop using ExpressVPN? appeared first on Security Affairs.

Read More Why Edward Snowden is urging users to stop using ExpressVPN?

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The Biden administration plans to target exchanges supporting ransomware operations with sanctions Threat actor has been targeting the aviation industry since at least 2018 Expert discloses details and PoC […]

The post Security Affairs newsletter Round 332 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 332

US Government is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware operations to cash out ransom payments. The Biden administration is putting in place all the strategies to disrupt the operations of the ransomware gangs, and according to the Wall Street Journal, it is now planning to target the digital […]

The post The Biden administration plans to target exchanges supporting ransomware operations with sanctions appeared first on Security Affairs.

Read More The Biden administration plans to target exchanges supporting ransomware operations with sanctions

Security researchers from the Cisco Talos team uncovered a spear-phishing campaign targeting the aviation industry for two years avoiding detection. Security researchers from Cisco Talos uncovered a spear-phishing campaign targeting, dubbed Operation Layover, that targeted the aviation industry for two years without being detected. The experts believe that the threat actor behind this campaign is […]

The post Threat actor has been targeting the aviation industry since at least 2018 appeared first on Security Affairs.

Read More Threat actor has been targeting the aviation industry since at least 2018

A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and take over impacted devices. Researchers provided technical details about a recently addressed critical vulnerability, dubbed Seventh Inferno, in Netgear smart switches that could be exploited by an attacker to potentially execute malicious code and take […]

The post Expert discloses details and PoC code for Netgear Seventh Inferno bug appeared first on Security Affairs.

Read More Expert discloses details and PoC code for Netgear Seventh Inferno bug

Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system. Chipmaker AMD has addressed a medium severity issue in Platform Security Processor (PSP) chipset driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system. […]

The post CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data appeared first on Security Affairs.

Read More CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

The Mirai botnet starts exploiting the recently disclosed OMIGOD vulnerability to compromise vulnerable systems exposed online. Threat actors behind a Mirai botnet starts exploiting a critical Azure OMIGOD vulnerability, tracked as CVE-2021-38647, a few days after Microsoft disclosed them. Recently released September 2021 Patch Tuesday security updates have addressed four severe vulnerabilities, collectively tracked as OMIGOD, in the Open Management […]

The post Experts warn that Mirai Botnet starts exploiting OMIGOD flaw appeared first on Security Affairs.

Read More Experts warn that Mirai Botnet starts exploiting OMIGOD flaw

A spokesman for the authority running Germany’s September 26 general election confirmed that hackers briefly disrupted its website last month. Threat actors last month hit the website of the authority running Germany’s September 26 general election, reported AFP. According to a spokesman for the organization, the attack took place at the end of August and […]

The post German Election body hit by a cyber attack appeared first on Security Affairs.

Read More German Election body hit by a cyber attack

A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved in attacks aimed at WordPress installs and Linux systems.  The malware spread through attacks exploiting known vulnerabilities (i.e. CVE-2020-14882 […]

The post New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems appeared first on Security Affairs.

Read More New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines. Security researchers from Lumen’s Black Lotus Labs have discovered several malicious Linux binaries developed to target the Windows Subsystem for Linux (WSL). Windows Subsystem for Linux (WSL) is a compatibility layer for running Linux […]

The post A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection appeared first on Security Affairs.

Read More A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection

The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warn of state-sponsored attacks that are actively exploiting CVE-2021-40539 Zoho flaw. The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warn that nation-state APT groups are actively exploiting a critical vulnerability, tracked as CVE-2021-40539, in the Zoho ManageEngine ADSelfService Plus software. ManageEngine ADSelfService Plus […]

The post FBI, CISA, and CGCYBER warn of nation-state actors exploiting CVE-2021-40539 Zoho bug appeared first on Security Affairs.

Read More FBI, CISA, and CGCYBER warn of nation-state actors exploiting CVE-2021-40539 Zoho bug

Microsoft revealed that multiple threat actors are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444). Microsoft warns of multiple threat actors, including ransomware operators, that are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444) in attacks against organizations. The IT giant says that threat actors started targeting […]

The post Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug appeared first on Security Affairs.

Read More Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug

Researchers from Bitdefender released a free master decryptor for the REvil ransomware operation that allows past victims to recover their files for free. Good news for the victims of REvil ransomware gangs that were infected before the operations were temporarily halted on July 13th, Bitdefender released a free master decryptor that allows them to recover […]

The post Bitdefender released free REvil ransomware decryptor that works for past victims appeared first on Security Affairs.

Read More Bitdefender released free REvil ransomware decryptor that works for past victims

Anonymous claims to have hacked the controversial web hosting provider Epik, known for allowing far-right, neo-Nazi, and other extremist content. Anonymous hacktivist collective claims has claimed to have hacked the controversial web hosting provided Epik and stolen its data, including information of the clients of the company, as part of an operation codenamed EPIKFAIL. The hosting […]

The post Anonymous hacked the controversial, far-right web host Epik appeared first on Security Affairs.

Read More Anonymous hacked the controversial, far-right web host Epik

OMIGOD – Microsoft addressed four vulnerabilities in the Open Management Infrastructure (OMI) software agent that could expose Azure users to attacks. Recently released September 2021 Patch Tuesday security updates have addressed four severe vulnerabilities, collectively tracked as OMIGOD, in the Open Management Infrastructure (OMI) software agent that exposes Azure users to attack. Below is the list of the […]

The post OMIGOD vulnerabilities expose thousands of Azure users to hack appeared first on Security Affairs.

Read More OMIGOD vulnerabilities expose thousands of Azure users to hack

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. Microsoft will allow its users to log into their consumer accounts without using passwords, they will be able to use Microsoft’s Authenticator app, Windows Hello, physical security keys, or phone/email verification codes. “Which is why I’m so […]

The post Microsoft announces passwordless authentication for consumer accounts appeared first on Security Affairs.

Read More Microsoft announces passwordless authentication for consumer accounts

Three former NSA employees entered into a deferred prosecution agreement that restricts their future activities and employment and requires the payment of a penalty. Three former NSA employees (Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40) entered into a deferred prosecution agreement that restricts their future activities and employment. The trio has worked as hackers-for-hire […]

The post Three formers NSA employees fined for providing hacker-for-hire services to UAE firm appeared first on Security Affairs.

Read More Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has appointed Kiersten Todt as its new chief of staff. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced to have appointed Kiersten Todt as its new chief of staff, she will replace Acting Chief of Staff Kate Nichols. “The Cybersecurity and Infrastructure Security Agency (CISA) announced today Kiersten […]

The post US CISA appointed Kiersten Todt as new chief of staff appeared first on Security Affairs.

Read More US CISA appointed Kiersten Todt as new chief of staff

Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day flaw actively exploited in targeted attacks. Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day RCE actively exploited in targeted attacks aimed at Microsoft Office and Office 365 on Windows 10 computers. The flaw, tracked as CVE-2021-40444, resides in the MSHTML, […]

The post Microsoft Patch Tuesday fixes CVE-2021-40444 MSHTML zero-day appeared first on Security Affairs.

Read More Microsoft Patch Tuesday fixes CVE-2021-40444 MSHTML zero-day

Latvian vendor MikroTik revealed that recently discovered Mēris botnet is targeting devices that were compromised three years ago. Last week, the Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the resilience of the country to an […]

The post Mēris Bot infects MikroTik routers compromised in 2018 appeared first on Security Affairs.

Read More Mēris Bot infects MikroTik routers compromised in 2018