cybersecurity

Estonian hacker Pavel Tsurkan has pleaded guilty in a United States court to the counts of computer fraud and of creating and operating a proxy botnet. The Estonian national Pavel Tsurkan has pleaded guilty in a United States court to two counts of computer fraud and abuse. According to court documents, Pavel Tsurkan (33) operated […]

The post Estonian hacker Pavel Tsurkan pleads guilty for operating a proxy botnet. appeared first on Security Affairs.

Read More Estonian hacker Pavel Tsurkan pleads guilty for operating a proxy botnet.

WizCase’s team of ethical hackers, led by Ata Hakçıl, has found a major breach exposing a number of US cities, all of them using the same web service provider aimed at municipalities. Original post at https://www.wizcase.com/blog/us-municipality-breach-report/ This breach compromised citizens’ physical addresses, phone numbers, IDs, tax documents, and more. Due to the large number and various types […]

The post Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach appeared first on Security Affairs.

Read More Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach

How businesses can benefit from the adoption of an identity and access management solution. Businesses that use outdated manual processes to grant and control access to their IT resources are getting left behind. This article describes what an identity and access management solution is and how it can benefit your business. Identity Is the New […]

The post What Is An Identity and Access Management So-lution and How Can Businesses Benefit From It? appeared first on Security Affairs.

Read More What Is An Identity and Access Management So-lution and How Can Businesses Benefit From It?

The software provider Kaseya announced to have obtained a universal decryptor for the REvil ransomware. Earlier this month, a massive supply chain attack conducted by the REvil ransomware gang hit the cloud-based managed service provider platform Kaseya, impacting both other MSPs using its VSA software and their customers. The VSA tool is used by MSPs to perform […]

The post Kaseya obtained a universal decryptor for REvil ransomware attack appeared first on Security Affairs.

Read More Kaseya obtained a universal decryptor for REvil ransomware attack

Multiple major websites, including Steam, AWS, Amazon, Google, and Salesforce, went offline due to Akamai DNS global outage. A software configuration update triggered a bug in the Akamai DNS which took offline major websites, including Steam, the PlayStation Network, AWS, Google, and Salesforce. “A software configuration update triggered a bug in the DNS (domain name […]

The post Akamai software update triggered a bug that took offline major sites appeared first on Security Affairs.

Read More Akamai software update triggered a bug that took offline major sites

Oracle released its Critical Patch Update for July 2021, it fixes hundreds of flaws, including Critical Remotely Exploitable vulnerabilities in Weblogic Server. Oracle this week released its quarterly Critical Patch Update for July 2021 that contains 342 new security patches for multiple product families. Some of the vulnerabilities addressed by the IT giant could be remotely exploited by […]

The post Oracle fixes critical RCE vulnerabilities in Weblogic Server appeared first on Security Affairs.

Read More Oracle fixes critical RCE vulnerabilities in Weblogic Server

LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.

The post When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure appeared first on Microsoft Security Blog.

Read More When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

Researchers from threat intelligence firm Group-IB helps Dutch police identify members of phishing developer gang known as Fraud Family. Group-IB, one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, has assisted the Dutch National Police in the operation to apprehend alleged members of a cybercriminal group codenamed ‘Fraud Family.’ Group-IB’s […]

The post Group-IB helps Dutch police identify members of phishing developer gang Fraud Family appeared first on Security Affairs.

Read More Group-IB helps Dutch police identify members of phishing developer gang Fraud Family

A database belonging to TicketClub Italy, a company providing coupons platform for offline purchases, is available for sale on darkweb hacking forums. TicketClub is an Italian company providing a mobile-based coupons platform for offline purchases. Their clients include Burger King, McDonald’s, Cinecittà World, Rainbow Magicland, and many other enterprises having coupon and loyalty programs.  The […]

The post TicketClub Italy Database Offered in Dark Web appeared first on Security Affairs.

Read More TicketClub Italy Database Offered in Dark Web

Experts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana. An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum. The author of the post claims that the data was acquired from […]

The post Thousands of Humana customers have their medical data leaked online by threat actors appeared first on Security Affairs.

Read More Thousands of Humana customers have their medical data leaked online by threat actors

French cyber-security agency ANSSI warned of an ongoing cyberespionage campaign aimed at French organizations carried out by China-linked APT31 group. The French national cyber-security agency ANSSI warned of ongoing attacks against a large number of French organizations conducted by the Chine-linked APT31 cyberespionage group. The state-sponsored hackers are hijacking home routers to set up a […]

The post France ANSSI agency warns of APT31 campaign against French organizations appeared first on Security Affairs.

Read More France ANSSI agency warns of APT31 campaign against French organizations

Today on the Official Microsoft Blog, Microsoft announced the acquisition of CloudKnox Security, a leader in Cloud Infrastructure Entitlement Management (CIEM). CloudKnox offers complete visibility into privileged access.

The post Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management appeared first on Microsoft Security Blog.

Read More Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management

As containers become a major part of many organizations’ IT workloads, it becomes crucial to consider the unique security threats that target such environments when building security solutions. The first step in this process is understanding the relevant attack landscape.

The post The evolution of a matrix: How ATT&CK for Containers was built appeared first on Microsoft Security Blog.

Read More The evolution of a matrix: How ATT&CK for Containers was built

Check Point Research (CPR) experts have spotted a cheap malware, dubbed XLoader variant, which was upgraded to target both Windows and macOS PCs. XLoader is a very cheap malware strain that is based on the popular Formbook Windows malware.  FormBook is a data-stealing malware that is used in cyber espionage campaigns, like other spyware it is […]

The post XLoader, a $49 spyware that could target both Windows and macOS devices appeared first on Security Affairs.

Read More XLoader, a $49 spyware that could target both Windows and macOS devices

Quick Heal Security Lab has seen a sudden increase in dotnet samples which are using steganography. Initially, in…
The post FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data appeared first…

Read More FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data

A US federal judge sentenced Russian hacker Peter Levashov to 33 months, time served, and three years of supervised release for his role in operating the Kelihos botnet. The creator of the Kelihos Botnet, Peter Yuryevich Levashov (40), was sentenced to 33 months, time served, and three years of supervised release. Levashev used the pseudonym of […]

The post Kelihos botmaster Peter Levashov gets time served appeared first on Security Affairs.

Read More Kelihos botmaster Peter Levashov gets time served

Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros. Qualys researchers discovered a local privilege escalation (LPE) tracked as CVE-2021-33909, aka Sequoia, an unprivileged attacker can exploit the flaw to get root privileges on most Linux distros. The issue is a size_t-to-int type […]

The post LPE flaw in Linux kernel allows attackers to get root privileges on most distros appeared first on Security Affairs.

Read More LPE flaw in Linux kernel allows attackers to get root privileges on most distros

Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros. Qualys researchers discovered a local privilege escalation (LPE) tracked as CVE-2021-33909, aka Sequoia, an unprivileged attacker can exploit the flaw to get root privileges on most Linux distros. The issue is a size_t-to-int type […]

The post LPE flaw in Linux kernel allows attackers to get root privileges on most distros appeared first on Security Affairs.

Read More LPE flaw in Linux kernel allows attackers to get root privileges on most distros

Experts warn of a 16-year-old vulnerability (CVE-2021-3438) in an HP, Xerox, and Samsung printers driver that an attacker could exploit to gain admin rights on systems. Researchers from SentinelOne discovered a 16-year-old security vulnerability in an HP, Xerox, and Samsung printers driver that can allow attackers to gain admin rights on systems running the flawed […]

The post A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide appeared first on Security Affairs.

Read More A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide

Fortinet fixes a serious bug in its FortiManager and FortiAnalyzer network management solutions that could be exploited to execute arbitrary code as root. Fortinet has released security updates to address a serious bug, tracked as CVE-2021-32589, affecting FortiManager and FortiAnalyzer network management solutions. The CVE-2021-32589 vulnerability is a Use After Free issue that an attacker […]

The post A bug in Fortinet FortiManager and FortiAnalyzer allows unauthenticated hackers to run code as root appeared first on Security Affairs.

Read More A bug in Fortinet FortiManager and FortiAnalyzer allows unauthenticated hackers to run code as root

A recently discovered iPhone Wi-Fi bug that could crash the WiFi connectivity could be exploited by attackers to achieve remote code execution. In June, the researcher Carl Schou discovered a new bug in iPhone that can permanently break users’ WiFi by disabling it, the issue could be triggered by simply connecting to a rogue hotspot.  Once an […]

The post WiFiDemon – Recently discovered iPhone Wi-Fi bug could also allow RCE appeared first on Security Affairs.

Read More WiFiDemon – Recently discovered iPhone Wi-Fi bug could also allow RCE

Telus last week announced the launch of its new managed cloud security service built on global cybersecurity firm Palo Alto Networks’ Prisma Access technology to help Canadian organizations securely access data and applications from anywhere. 

The post Telus and Palo Alto Networks launch new managed cloud security service for Canadian businesses first appeared on IT World Canada.

Read More Telus and Palo Alto Networks launch new managed cloud security service for Canadian businesses

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The U.S. Justice Department (DoJ) indicted four members of the China-linked cyber espionage group APT40 (aka TEMP.Periscope, TEMP.Jumper, and Leviathan) for hacking tens of government organizations, private businesses and universities around the world between 2011 and 2018. […]

The post US DoJ indicts four members of China-linked APT40 cyberespionage group appeared first on Security Affairs.

Read More US DoJ indicts four members of China-linked APT40 cyberespionage group

Cisco Talos experts disclose details of several critical flaws in a router monitoring application developed by industrial and IoT firm Advantech. Cisco Talos researchers discovered multiple critical vulnerabilities in the R-SeeNet application developed by industrial and IoT firm Advantech. The application allows network administrators to monitor Advantech routers in their infrastructure. The monitoring tool collects […]

The post Experts disclose critical flaws in Advantech router monitoring tool appeared first on Security Affairs.

Read More Experts disclose critical flaws in Advantech router monitoring tool

A hacker claims to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant, Saudi Aramco. Threat actors that goes online with the moniker ZeroX  claim to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant end it is offering for sale […]

The post Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco appeared first on Security Affairs.

Read More Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware. Pegasus is a surveillance malware developed by […]

The post Pegasus Project – how governments use Pegasus spyware against journalists appeared first on Security Affairs.

Read More Pegasus Project – how governments use Pegasus spyware against journalists

Security researchers demonstrated how to bypass the Windows Hello facial recognition that is used in Windows 10 as a login mechanism. Security researchers at CyberArk Labs discovered a security bypass vulnerability, tracked as CVE-2021-34466, affecting the Windows Hello facial authentication process, An attacker could exploit the vulnerability to login systems running the Windows 10 OS. […]

The post Experts show how to bypass Windows Hello feature to login on Windows 10 PCs appeared first on Security Affairs.

Read More Experts show how to bypass Windows Hello feature to login on Windows 10 PCs

Cyberspace Administration of China (CAC) issued new vulnerability disclosure regulations that oblige experts to report zero-days to the government. The Cyberspace Administration of China (CAC) has issued a new exacerbated vulnerability disclosure regulation that requires white hat hackers uncovering critical zero-day flaws in computer systems to first report them to the government authorities within two […]

The post Chinese government issues new vulnerability disclosure regulations appeared first on Security Affairs.

Read More Chinese government issues new vulnerability disclosure regulations

Instagram introduced a new security feature dubbed “Security Checkup” to help users to recover their accounts that have been compromised. Good news for the owners of Instagram accounts that may have been compromised, the company launched a new feature named ‘Security Checkup‘ feature that aims to keep accounts safe and help users to recover them. […]

The post Instagram implements ‘Security Checkup’ to help users recover compromised accounts appeared first on Security Affairs.

Read More Instagram implements ‘Security Checkup’ to help users recover compromised accounts

BleepingComputer became aware that the recent wave of attacks targeting vulnerable SonicWall devices was carried out by HelloKitty ransomware operators. SonicWall this week has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL). Threat actors could target unpatched devices belonging to Secure Mobile Access […]

The post HelloKitty ransomware gang targets vulnerable SonicWall devices appeared first on Security Affairs.

Read More HelloKitty ransomware gang targets vulnerable SonicWall devices

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Biden discussed Russian ransomware gangs with Putin in a phone call Hackers accessed Mint Mobile subscribers data and […]

The post Security Affairs newsletter Round 323 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 323

The US government is offering a $10 million reward to everyone that provides information on operations conducted by nation-state actors. The US government is offering a $10 million reward for information on campaigns conducted by state-sponsored hackers. The move was announced by the U.S. Department of State, the US agency states that its Rewards for […]

The post US govt offers $10 million reward for info on nation-state cyber operations appeared first on Security Affairs.

Read More US govt offers $10 million reward for info on nation-state cyber operations

Cisco addressed a high severity DoS vulnerability in the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco this week released security updates for a high severity vulnerability in the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products. The flaw resides in the software cryptography module of both ASA and FTD […]

The post Cisco fixes high-risk DoS flaw in ASA, FTD Software appeared first on Security Affairs.

Read More Cisco fixes high-risk DoS flaw in ASA, FTD Software

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. An attacker could exploit the flaws to execute arbitrary code on unpatched routers, crash the devices, or gain access […]

The post D-Link issues beta hotfix for multiple flaws in DIR-3040 routers appeared first on Security Affairs.

Read More D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

This is an interesting development:

Just days after President Biden demanded that President Vladimir V. Putin of Russia shut down ransomware groups attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday.

[…]

Gone was the publicly available “happy blog” the group maintained, listing some of its victims and the group’s earnings from its digital extortion schemes. Internet security groups said the custom-made sites ­- think of them as virtual conference rooms — where victims negotiated with REvil over how much ransom they would pay to get their data unlocked also disappeared. So did the infrastructure for making payments…

Read More REvil is Off-Line

Microsoft published guidance to mitigate the impact of a new Windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed today. Microsoft published a security advisory for a new Windows Print Spooler vulnerability, tracked as CVE-2021-34481, that was disclosed on Thursday. The flaw is a privilege elevation vulnerability that resides in the Windows Print Spooler, it was […]

The post Microsoft alerts about a new Windows Print Spooler vulnerability appeared first on Security Affairs.

Read More Microsoft alerts about a new Windows Print Spooler vulnerability

Google Chrome 91.0.4472.164 addresses seven security vulnerabilities, including a high severity zero-day flaw exploited in the wild. Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux that addresses seven vulnerabilities, including a high severity zero-day vulnerability, tracked as CVE-2021-30563, that has been exploited in the wild. The CVE-2021-30563 is a “type confusion” issue that […]

The post Google Chrome 91.0.4472.164 fixes a new zero-day exploited in the wild appeared first on Security Affairs.

Read More Google Chrome 91.0.4472.164 fixes a new zero-day exploited in the wild

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. Experts reported an uptick in malicious Android apps on the official Google Play store laced with the Joker mobile trojan. The Joker malware is a malicious code camouflaged as a system app and […]

The post New enhanced Joker Malware samples appear in the threat landscape appeared first on Security Affairs.

Read More New enhanced Joker Malware samples appear in the threat landscape

Experts said that Israeli surveillance firm Candiru, tracked as Sourgum, exploited zero-days to deliver a new Windows spyware. Microsoft and Citizen Lab believe that the secretive Israel-based Israeli surveillance firm Candiru, tracked as Sourgum, used Windows zero-day exploits to deliver a new Windows spyware dubbed DevilsTongue. According to the experts, at least 100 activists, journalists […]

The post Israeli surveillance firm Candiru used Windows zero-days to deploy spyware appeared first on Security Affairs.

Read More Israeli surveillance firm Candiru used Windows zero-days to deploy spyware

Zero-day exploit broker Zerodium is looking for 0day exploits for the VMware vCenter Server Zero-day exploit broker Zerodium announced it is looking for zero-day exploits for VMware vCenter Server. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. The company will […]

The post Exploit broker Zerodium is looking for VMware vCenter Server exploits appeared first on Security Affairs.

Read More Exploit broker Zerodium is looking for VMware vCenter Server exploits

Security researchers have linked a new ransomware strain called Diavol to the Wizard Spider threat group behind the Trickbot botnet. BleepingComputer noted the ransomware families utilize the same I/O operations for file encryption queueing and use nearly identical command-line parameters for the same functionality. There may be some similarities, but as they’ve explained and SpearTip […]

The post SpearTip Finds New Diavol Ransomware Does Steal Data appeared first on Security Affairs.

Read More SpearTip Finds New Diavol Ransomware Does Steal Data

HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. A Linux variant of the HelloKitty ransomware was employed in attacks against VMware ESXi systems. The move of the ransomware gang aims at expanding the operations targeting enterprises that are largely adopting virtualizing platforms. Targeting VMware ESXi […]

The post HelloKitty ransomware now targets VMware ESXi servers appeared first on Security Affairs.

Read More HelloKitty ransomware now targets VMware ESXi servers

HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. A Linux variant of the HelloKitty ransomware was employed in attacks against VMware ESXi systems. The move of the ransomware gang aims at expanding the operations targeting enterprises that are largely adopting virtualizing platforms. Targeting VMware ESXi […]

The post HelloKitty ransomware now targets VMware ESXi servers appeared first on Security Affairs.

Read More HelloKitty ransomware now targets VMware ESXi servers

The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771).

The post Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware appeared first on Microsoft Security Blog.

Read More Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

SonicWall has issued an urgent security alert to warn customers of “an imminent ransomware campaing” targeting EOL equipment. SonicWall has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL). Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series […]

The post SonicWall warns of ‘imminent ransomware’ attacks on its EOL products appeared first on Security Affairs.

Read More SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Uptycs threat research team analyzed macOS malware threat landscape and discovered that Shlayer and Bundlore are the most predominant malware. The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer telemetry alerts using shell scripts. Though these scripts have slight variations, they mostly belong to a […]

The post macOS: Bashed Apples of Shlayer and Bundlore appeared first on Security Affairs.

Read More macOS: Bashed Apples of Shlayer and Bundlore

At the recent ITWC Digital Transformation Conference, Dr. Ketaki Desai, Vice President, Business Development, with the Ontario Centre of Innovation (OCI) moderated a panel of quantum computing experts exploring how businesses should be preparing for the impact of quantum computing. Technology writer Steve Prentice was on hand and shared his thought on what he heard.  […]

The post Quantum computing: A new generation of compute power first appeared on IT World Canada.

Read More Quantum computing: A new generation of compute power

Google security experts revealed that Russia-linked APT group targeted LinkedIn users with Safari zero-day. Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been exploited in the wild earlier this year. The four security flaws were discovered earlier this year and affect Google Chrome, Internet Explorer, and WebKit browser […]

The post Google: four zero-day flaws have been exploited in the wild appeared first on Security Affairs.

Read More Google: four zero-day flaws have been exploited in the wild

LuminousMoth: Kaspersky uncovered an ongoing and large-scale APT campaign that targeted government entities in Southeast Asia, including Myanmar and the Philippines. Kaspersky experts uncovered an ongoing and large-scale cyber espionage campaign, tracked as LuminousMoth, aimed at government entities from Southeast Asia, including Myanmar and the Philippines government entities. The LuminousMoth campaign has been linked by […]

The post China-linked LuminousMoth APT targets entities from Southeast Asia appeared first on Security Affairs.

Read More China-linked LuminousMoth APT targets entities from Southeast Asia

Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data.

The post Microsoft delivers comprehensive solution to battle rise in consent phishing emails appeared first on Microsoft Security Blog.

Read More Microsoft delivers comprehensive solution to battle rise in consent phishing emails