hacking news

by

Experts warn of malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. Since January, researchers observed malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. The campaigns aimed at employees of large organizations, the messages attempt to trick the victims that they contain important information […]

The post Is BazarLoader malware linked to Trickbot operators? appeared first on Security Affairs.

Read More Is BazarLoader malware linked to Trickbot operators?
by

Google Project Zero security team has updated its vulnerability disclosure policy, it gives users 30 days to patch flaws before disclosing associated technical details. The Google Project Zero security team announced an update to its vulnerability disclosure policy, it could include additional 30 days to the disclosure process for some bugs to give end-users enough […]

The post Google Project Zero updates vulnerability disclosure policy moving to a “90+30” model appeared first on Security Affairs.

Read More Google Project Zero updates vulnerability disclosure policy moving to a “90+30” model
by

SolarWinds supply chain attack also impacted six European Union institutions, European Commissioner for Budget and Administration confirmed. European Commissioner for Budget and Administration Johannes Hahn confirmed the hack of some EU agencies as result of the SolarWinds supply chain attack in a response to a question filed by an EU Parliament member in February 2021. […]

The post 6 out of 11 EU agencies running Solarwinds Orion software were hacked appeared first on Security Affairs.

Read More 6 out of 11 EU agencies running Solarwinds Orion software were hacked
by

Cybersecurity provider Juniper Networks addressed a critical vulnerability that could be exploited by attackers to remotely hijack or disrupt vulnerable devices. Cybersecurity vendor Juniper Networks addressed a critical vulnerability in Junos OS, tracked as CVE-2021-0254, that could allow an attacker to remotely hijack or disrupt affected devices. This flaw stems from the improper buffer size […]

The post Critical RCE can allow attackers to compromise Juniper Networks devices appeared first on Security Affairs.

Read More Critical RCE can allow attackers to compromise Juniper Networks devices
by

The US government warned that Russian cyber espionage group SVR is exploiting five known vulnerabilities in enterprise infrastructure products. The U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have published a joint advisory that warns that Russia-linked APT group SVR  (aka APT29, Cozy Bear, and The Dukes). […]

The post Russia-linked APT SVR actively targets these 5 flaws appeared first on Security Affairs.

Read More Russia-linked APT SVR actively targets these 5 flaws
by

The U.S. and UK attributed with “high confidence” the recently disclosed supply chain attack on SolarWinds to Russia’s Foreign Intelligence Service (SVR). The U.S. and U.K. attributed with “high confidence” the supply chain attack on SolarWinds to operatives working for Russia’s Foreign Intelligence Service (SVR) (ska APT29, Cozy Bear, and The Dukes). The UK, US […]

The post US Gov sanctions Russia and expels 10 diplomats over SolarWinds hack appeared first on Security Affairs.

Read More US Gov sanctions Russia and expels 10 diplomats over SolarWinds hack
by

April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them fixes a critical issue in SAP Commerce. April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released ones, among the issues addressed by the software giant there is a […]

The post April 2021 Security Patch Day fixes a critical flaw in SAP Commerce appeared first on Security Affairs.

Read More April 2021 Security Patch Day fixes a critical flaw in SAP Commerce
by

For the second time in a week, a Chromium zero-day remote code execution exploit code has been released on Twitter, multiple browsers impacted. A new Chromium zero-day remote code execution exploit has been released on Twitter this week, kile the previous one that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers. The […]

The post For the second time in a week, a Google Chromium zero-day released online appeared first on Security Affairs.

Read More For the second time in a week, a Google Chromium zero-day released online
by

WhatsApp addressed two security vulnerabilities in its app for Android that could have been exploited to remotely hack the victim’s device. WhatsApp recently addressed two security vulnerabilities in its app for Android that could have been exploited by remote attackers to execute malicious code on a target device and potentially eavesdrop on communications. The vulnerabilities […]

The post WhatsApp flaws could have allowed hackers to remotely hack mobile devices appeared first on Security Affairs.

Read More WhatsApp flaws could have allowed hackers to remotely hack mobile devices
by

FireEye published its M-Trend 2021 report based on the data collected during the investigation, 650 new threat groups were tracked in 2020 FireEye published its annual report, titled M-Trend 2021, which is based on the data collected during the investigation on security incidents it managed. Most of the incidents investigated by Mandiant (59%) in 2020 […]

The post FireEye: 650 new threat groups were tracked in 2020 appeared first on Security Affairs.

Read More FireEye: 650 new threat groups were tracked in 2020
by

FBI log into web shells that hackers installed on Microsoft Exchange email servers across the US and removed the malicious code used by threat actors. A US judge granted the FBI the power to log into web shells that were injected by nation-state hackers on Microsoft Exchange servers across the US and remove the malware, […]

The post FBI silently removed web shells planted on Microsoft Exchange servers in the US appeared first on Security Affairs.

Read More FBI silently removed web shells planted on Microsoft Exchange servers in the US
by

The Swedish Sports Confederation organization was compromised in 2017-18 by hackers working for Russian military intelligence, officials said. The Swedish Sports Confederation is the umbrella organisation of the Swedish sports movement, it was hacked by Russian military intelligence in a campaign conducted between December 2017 and May 2018, officials said. In the same period, Russia-linked […]

The post Sweden blames Russia for Swedish Sports Confederation hack appeared first on Security Affairs.

Read More Sweden blames Russia for Swedish Sports Confederation hack
by

Microsoft patch Tuesday security updates address four high and critical vulnerabilities in Microsoft Exchange Server that were reported by the NSA. Microsoft patch Tuesday security updates released today have addressed four critical and high severity vulnerabilities in Exchange Server (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483), some of these flaws were reported by the U.S. National Security Agency (NSA). All the […]

The post Microsoft fixes 2 critical Exchange Server flaws reported by the NSA appeared first on Security Affairs.

Read More Microsoft fixes 2 critical Exchange Server flaws reported by the NSA
by

Adobe has addressed security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. Adobe has fixed ten security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. Seven vulnerabilities have been rated as critical, some of them could be exploited by remote attackers to execute arbitrary code. Adobe has released two […]

The post Adobe addresses two critical vulnerabilities in Photoshop appeared first on Security Affairs.

Read More Adobe addresses two critical vulnerabilities in Photoshop
by

The exploit code for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices that run the Surveillance Station video management system is available online. An exploit for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices was publicly released. The vulnerability, tracked as CVE-2020-2501, is a stack-based buffer overflow issue that affects […]

The post Experts released PoC exploit code for a critical RCE in QNAP NAS devices appeared first on Security Affairs.

Read More Experts released PoC exploit code for a critical RCE in QNAP NAS devices
by

Security experts disclosed nine flaws, collectively tracked as NAME:WRECK, affecting implementations of the DNS protocol in popular TCP/IP network communication stacks. Security researchers disclosed nine vulnerabilities, collectively tracked as NAME:WRECK, that affect implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices. The flaws were […]

The post Millions of devices impacted by NAME:WRECK flaws appeared first on Security Affairs.

Read More Millions of devices impacted by NAME:WRECK flaws
by

An Indian security researcher has published a proof-of-concept (PoC) exploit code for a vulnerability impacting Google Chrome and other Chromium-based browsers. The Indian security researcher Rajvardhan Agarwal has publicly released a proof-of-concept exploit code for a recently discovered vulnerability that affects Google Chrome, Microsoft Edge, and other Chromium-based browsers (i.e. Opera, Brave). The researchers uploaded the PoC […]

The post Expert publicly released Chromium-based browsers exploit demonstrated at Pwn2Own 2021 appeared first on Security Affairs.

Read More Expert publicly released Chromium-based browsers exploit demonstrated at Pwn2Own 2021
by

Pulse Secure VPN users were not able to login due to the expiration of a code signing certificate used to digitally sign and verify software components. Pulse Secure VPN users were not able to login after a code signing certificate used to digitally sign and verify software components has expired. Multiple users have reported on […]

The post Expired certificate caused a Pulse Secure VPN global scale outage appeared first on Security Affairs.

Read More Expired certificate caused a Pulse Secure VPN global scale outage
by

President Joe Biden has appointed two former senior NSA officials for two prominent cyber roles in his administration. President Joe Biden has assigned to two former senior National Security Agency (NSA) officials key cyber roles in his administration. The first name was John Chris Inglis, who was nominated as the first-ever National Cyber Director, a role […]

The post Two former NSA Officials appointed by Joe Biden for prominent cyber roles appeared first on Security Affairs.

Read More Two former NSA Officials appointed by Joe Biden for prominent cyber roles
by

Microsoft released as open-source the ‘CyberBattleSim Python-based toolkit which is an Enterprise Environment Simulator. Microsoft has recently announced the open-source availability of the Python-based enterprise environment simulator. named ‘CyberBattleSim.’ “CyberBattleSim is an experimentation research platform to investigate the interaction of automated agents operating in a simulated abstract enterprise network environment. The simulation provides a high-level […]

The post Microsoft is open sourcing CyberBattleSim Enterprise Environment Simulator appeared first on Security Affairs.

Read More Microsoft is open sourcing CyberBattleSim Enterprise Environment Simulator
by

Fitch Ratings is warning that cyberattacks could pose a risk to water and sewer utilities potentially impacting their ability to repay debt. Fitch Ratings Inc. is an American credit rating agency and is one of the “Big Three credit rating agencies”, the other two being Moody’s and Standard & Poor’s. It is one of the […]

The post Fitch Ratings: Cyberattacks could pose a material risk to water and sewer utilities appeared first on Security Affairs.

Read More Fitch Ratings: Cyberattacks could pose a material risk to water and sewer utilities
by

On Sunday, an “accident” occurred in the electricity distribution network at Iran’s Natanz nuclear facility, experts speculate it was caused by a cyberattack. A mysterious incident occurred on Sunday at the Natanz nuclear enrichment site and the media speculate it was caused by a cyber attack. The “accident” impacted the electricity distribution network at Iran’s […]

The post Is the recent accident at Iran Natanz nuclear plant a cyber attack? appeared first on Security Affairs.

Read More Is the recent accident at Iran Natanz nuclear plant a cyber attack?
by

An SQL database containing the personal data of 1.3 million Clubhouse users was leaked online for free, a few days after LinkedIn and Facebook suffered similar leaks. Researchers from Cyber News have discovered that the personal data of 1.3 million Clubhouse users was leaked online days after LinkedIn and Facebook also suffered data leaks. The […]

The post Personal data of 1.3 million Clubhouse users leaked online appeared first on Security Affairs.

Read More Personal data of 1.3 million Clubhouse users leaked online
by

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Clop Ransomware operators plunder US universities Malware attack on Applus blocked vehicle inspections in some US states 2,5M+ users can check whether their data were exposed in Facebook data leak […]

The post Security Affairs newsletter Round 309 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 309
by

More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. The fight to the Joker malware (aka Bread) begun in September […]

The post Joker malware infected 538,000 Huawei Android devices appeared first on Security Affairs.

Read More Joker malware infected 538,000 Huawei Android devices
by

Microsoft researchers spotted a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Security experts from Microsoft have uncovered a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Threat actors behind the operation are using contact forms published on websites to deliver malicious links to enterprises […]

The post Crooks abuse website contact forms to deliver IcedID malware appeared first on Security Affairs.

Read More Crooks abuse website contact forms to deliver IcedID malware
by

The FBI arrested a man for allegedly planning a bomb attack against Amazon Web Services (AWS) to kill about 70% of the internet. The FBI arrested Seth Aaron Pendley (28), from Texas, for allegedly planning to launch a bomb attack against Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia. The […]

The post This man was planning to kill 70% of Internet in a bomb attack against AWS appeared first on Security Affairs.

Read More This man was planning to kill 70% of Internet in a bomb attack against AWS
by

Zero-day broker Zerodium announced that will triples payouts for remote code execution exploits for the popular WordPress content management system. Zero-day broker Zerodium has tripled the payouts for exploits for the WordPress content management system that could be used to achieve remote code execution. Zerodium announced via Twitter that is temporarily offering a $300,000 payout […]

The post Zerodium will pay $300K for WordPress RCE exploits appeared first on Security Affairs.

Read More Zerodium will pay $300K for WordPress RCE exploits
by

Cisco announced it will not release security updates to address a critical security vulnerability affecting some of its Small Business routers. Cisco is urging customers that are using some of its Small Business routers to replace their devices because they will no longer receive security updates. According a security advisory published by the company, Cisco […]

The post Cisco will not release updates to fix critical RCE flaw in EoF Business Routers appeared first on Security Affairs.

Read More Cisco will not release updates to fix critical RCE flaw in EoF Business Routers
by

The Pwn2Own 2021 hacking competition was concluded, participants earned more than $1.2 million, the greatest total payout ever. The Pwn2Own 2021 hacking competition reached the end, participants earned more than $1.2 million which is more than ever paid out at this contest. White hat hackers demonstrated exploits for Safari, Chrome, Edge, Windows 10, Ubuntu, Microsoft […]

The post Pwn2Own 2021: participants earned $1,2M of the $1.5M prize pool appeared first on Security Affairs.

Read More Pwn2Own 2021: participants earned $1,2M of the $1.5M prize pool
by

A threat actor has sold almost 900,000 gift cards and over 300,000 payment cards on a cybercrime forum on the dark web. A crook has sold 895,000 gift cards and over 300,000 payment cards, for a total of US$38 million, on a  top-tier Russian-language hacking forum on the dark web. The criminal actor was spotted offering […]

The post 330K stolen payment cards and 895K stolen gift cards sold on dark web appeared first on Security Affairs.

Read More 330K stolen payment cards and 895K stolen gift cards sold on dark web
by

Group-IB, a global threat hunting and adversary-centric cyber intelligence company, discovered that user data of the Swarmshop card shop have been leaked online on March 17, 2021. The database was posted on a different underground forum and contained 12,344 records of the card shop admins, sellers and buyers including their nicknames, hashed passwords, contact details, history of activity, and […]

The post Swarmshop – What goes around comes around: hackers leak other hackers’ data online appeared first on Security Affairs.

Read More Swarmshop – What goes around comes around: hackers leak other hackers’ data online
by

Pwn2Own 2021 – Day 2: a security duo earned $200,000 for a zero-interaction Zoom exploit allowing remote code execution. One of the most interesting working exploits of the second day of the Pwn2Own 2021 was demonstrated by security researchers Daan Keuper and Thijs Alkemade from Computest. The duo successfully targeted Zoom Messenger in the Enterprise […]

The post Pwn2Own 2021 Day 2 – experts earned $200K for a zero-interaction Zoom exploit appeared first on Security Affairs.

Read More Pwn2Own 2021 Day 2 – experts earned $200K for a zero-interaction Zoom exploit
by

Days after a massive Facebook data leak made the headlines, 500 million LinkedIn users are being sold online, seller leaked 2 million records as proof. Original Post at https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/ An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as […]

The post Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof appeared first on Security Affairs.

Read More Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof
by

The maintainers of the PHP programming language confirmed that threat actors may have compromised a user database containing their passwords. The maintainers of the PHP programming language have provided an update regarding the security breach that took place on March 28. Unknown attackers hacked the official Git server of the PHP programming language and pushed […]

The post User database was also hacked in the recent hack of PHP ‘s Git Server appeared first on Security Affairs.

Read More User database was also hacked in the recent hack of PHP ‘s Git Server
by

A joint operation of Europol and the Italian Postal and Communication Police resulted in the arrest of an Italian national who hired a hitman on the dark web. Europol and the Italian Postal and Communication Police (Polizia Postale e delle Comunicazioni) arrested an Italian national as part of the “Operation Hitman” because he is suspected […]

The post Man arrested after hired a hitman on the dark web appeared first on Security Affairs.

Read More Man arrested after hired a hitman on the dark web
by

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. Threat actors are actively exploiting the CVE-2018-13379 vulnerability in Fortinet VPNs to deploy a new piece of ransomware, tracked as Cring ransomware (also known as Crypt3r, Vjiszy1lo, Ghost, Phantom), to organizations in the industrial sector. […]

The post New Cring ransomware deployed targeting unpatched Fortinet VPN devices appeared first on Security Affairs.

Read More New Cring ransomware deployed targeting unpatched Fortinet VPN devices
by

Not only the European Commission, but many other organizations of the European Union have been targeted by a cyberattack in March. A European Commission spokesperson confirmed that the European Commission, along with other European Union organizations, was hit by a cyberattack in March. The authorities did not disclose any details about the type of threats […]

The post European Commission and other institutions were hit by a major cyber-attack appeared first on Security Affairs.

Read More European Commission and other institutions were hit by a major cyber-attack
by

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda, Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing. The threat actors are sending out spear-phishing messages to compromise diplomatic targets in Southeast […]

The post Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks appeared first on Security Affairs.

Read More Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks
by

Security researcher implemented a service to verify if your mobile number is included in the recent Facebook data leak. Security researcher Yaser Alosefer developed a new tool to help users to determine if their mobile numbers are included within the recent Facebook data leak that impacted 553 million users of the social networking giant. The […]

The post This service allows checking if your mobile is included in the Facebook leak appeared first on Security Affairs.

Read More This service allows checking if your mobile is included in the Facebook leak
by

Experts discovered a vulnerability in the popular CMS Umbraco that could allow low privileged users to escalate privileges to “admin.” Security experts from Trustwave have discovered a privilege escalation vulnerability in the popular website CMS, Umbraco. The vulnerability affects an API endpoint that fails to properly check the user’s authorization prior to returning results found to […]

The post Experts discovered a privilege escalation issue in popular Umbraco CMS appeared first on Security Affairs.

Read More Experts discovered a privilege escalation issue in popular Umbraco CMS
by

Rockwell Automation has recently addressed nine critical vulnerabilities in its FactoryTalk AssetCentre product with the release of version v11. The American provider of industrial automation Rockwell Automation on Thursday informed customers that it has patched nine critical vulnerabilities in its FactoryTalk AssetCentre product. FactoryTalk AssetCentre provides customers with a centralized tool for securing, managing, versioning, […]

The post Experts found critical flaws in Rockwell FactoryTalk AssetCentre appeared first on Security Affairs.

Read More Experts found critical flaws in Rockwell FactoryTalk AssetCentre
by

You can check if your personal information is included in the Facebook data leak by querying the data breach notification service Have I Been Pwned. The news of the availability on a hacking forum of the personal information for 533,313,128 Facebook users made the headlines. The availability of the data was first reported by Alon Gal, […]

The post 2,5M+ users can check whether their data were exposed in Facebook data leak appeared first on Security Affairs.

Read More 2,5M+ users can check whether their data were exposed in Facebook data leak
by

H2 2020 – Kaspersky observed an increase in ransomware attacks on industrial control system (ICS) systems in developed countries. Cybersecurity firm Kaspersky has published the Industrial Control System Threat Landscape report for H2 2020 which is based on statistical data collected by the distributed antivirus Kaspersky Security Network (KSN).  The data analyzed by the experts were received […]

The post 33.4% of ICS computers hit by a cyber attack in H2 2020 appeared first on Security Affairs.

Read More 33.4% of ICS computers hit by a cyber attack in H2 2020
by

A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack. Microsoft recently published a report that states, titled “March 2021 Security Signals report,” that revealed that more than 80% of enterprises were victims of at least one firmware attack in the past two years. The study pointed out that […]

The post Firmware attacks, a grey area in cybersecurity of organizations appeared first on Security Affairs.

Read More Firmware attacks, a grey area in cybersecurity of organizations
by

A malware attack against vehicle inspection services provider Applus Technologies paralyzed preventing vehicle inspections in eight US states. Applus Technologies is a worldwide leader in the testing, inspection and certification sector, the company was recently hit by a malware cyberattack that impacted vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin. […]

The post Malware attack on Applus blocked vehicle inspections in some US states appeared first on Security Affairs.

Read More Malware attack on Applus blocked vehicle inspections in some US states
by

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to receive the complete weekly Security Affairs Newsletter for free, including the international press, subscribe here. Experts found two flaws in Facebook for WordPress Plugin Hackers disrupted live […]

The post Security Affairs newsletter Round 308 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 308
by

Clop ransomware gang leaked online data stolen from Stanford Medicine, University of Maryland Baltimore, and the University of California. Clop ransomware operators have leaked the personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California.. Data were stolen by the ransomware gang by compromising the Accellion File […]

The post Clop Ransomware operators plunder US universities appeared first on Security Affairs.

Read More Clop Ransomware operators plunder US universities
by

On April 3, a user has leaked the phone numbers and personal data of 533 million Facebook users in a hacking forum for free online. Bad news for Facebook, a user in a hacking forum has published the phone numbers and personal data of 533 million Facebook users. The availability of the data was first […]

The post Data of 533 million Facebook users leaked in a hacking forum for free appeared first on Security Affairs.

Read More Data of 533 million Facebook users leaked in a hacking forum for free
by

More clients of Capital One have been impacted in the 2019 data breach, the US bank is notifying them of their SSNs exposure. US bank Capital One notified a number of additional customers that their Social Security numbers were exposed in the data breach that took place in July 2019. A hacker that was going […]

The post Capital One discovered more customers’ SSNs exposed in 2019 hack appeared first on Security Affairs.

Read More Capital One discovered more customers’ SSNs exposed in 2019 hack
by

The popular code repository hosting service GitHub is investigating a crypto-mining campaign abusing its infrastructure. Code repository hosting service GitHub launched an investigation in a series of attacks aimed at abusing its infrastructure to illicitly mine cryptocurrency. Such kind of attacks was reported at least since the end of 2020, when some software developers reported the malicious activity […]

The post Attackers are abusing GitHub infrastructure to mine cryptocurrency appeared first on Security Affairs.

Read More Attackers are abusing GitHub infrastructure to mine cryptocurrency
by

The Avaddon ransomware operators updated their malware after security researchers released a public decryptor in February 2021. The Avaddon ransomware family first appeared in the threat landscape in February 2020, and its authors started offering it with a Ransomware-as-a-Service (RaaS) model in June, 2020. In August 2020, cybersecurity intelligence firm Kela was the first to report that […]

The post Evolution and rise of the Avaddon Ransomware-as-a-Service appeared first on Security Affairs.

Read More Evolution and rise of the Avaddon Ransomware-as-a-Service
by

FBI and CISA published a joint alert to warn of advanced persistent threat (APT) groups targeting Fortinet FortiOS to access networks of multiple organizations. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) published a joint alert to warn of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits. The […]

The post FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers appeared first on Security Affairs.

Read More FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers
by

Researchers from TIM’s Red Team Research discovered five new vulnerabilities affecting the CA eHealth Performance Manager product. Researchers from TIM’s Red Team Research led by Massimiliano Brolli, discovered 5 new vulnerabilities affecting the CA eHealth Performance Manager product. CA Technologies is an American multinational corporation specialized in business-to-business (B2B) software with a product portfolio focused […]

The post TIM’s Red Team Research (RTR) team found 5 zero-day flaws in the CA eHealth Performance Manager product appeared first on Security Affairs.

Read More TIM’s Red Team Research (RTR) team found 5 zero-day flaws in the CA eHealth Performance Manager product
by

Unpatched vulnerabilities in QNAP small office/home office (SOHO) network-attached storage (NAS) devices could be exploited by remote attackers to remotely execute arbitrary code. Security researchers at SAM Seamless Network discovered a couple of critical unpatched flawsin QNAP small office/home office (SOHO) network-attached storage (NAS) devices that could allow remote attackers to execute arbitrary code on […]

The post Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs appeared first on Security Affairs.

Read More Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs
by

Ransomware gang demanded a $40,000,000 ransom to the Broward County Public Schools district, Florida. It is just the last attack of a long string against the sector. Ransomware operators continue to target organizations worldwide and school districts particularly exposed to these malicious campaigns. Recently the Broward County Public Schools district announced that it was victim […]

The post Conti Ransomware gang demanded $40 million ransom to Broward County Public Schools appeared first on Security Affairs.

Read More Conti Ransomware gang demanded $40 million ransom to Broward County Public Schools
by

PrivacySavvy experts discovered an OTP vulnerability in Airlift Express, which could lead to account hacks and exploits by cybercriminals. A team of security researchers from PrivacySavvy recently discovered an OTP vulnerability in Airlift Express, which could lead to account hacks and exploits by cybercriminals. Fortunately, the company has successfully fixed the security loopholes, but the […]

The post Airlift Express Fixes Vulnerabilities in Its E-commerce Store appeared first on Security Affairs.

Read More Airlift Express Fixes Vulnerabilities in Its E-commerce Store
by

The DHS CISA has issued a supplemental directive that requires all federal agencies to identify vulnerable Microsoft Exchange servers in their infrastructure within five days. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a supplemental directive requiring all federal agencies to identify Microsoft Exchange servers in their environments impacted by […]

The post DHS CISA requires federal agencies to assess their Microsoft Exchange servers by April 5 appeared first on Security Affairs.

Read More DHS CISA requires federal agencies to assess their Microsoft Exchange servers by April 5
by

The United States Department of Justice (DoJ) charged a Kansas man, for accessing and tampering with a public water system. The United States Department of Justice charged Wyatt A. Travnichek (22), of Ellsworth County, Kansas, for accessing and tampering with the computer system of the Ellsworth County Rural Water District. Travnichek accessed the computer system of […]

The post Man indicted for tampering with public water system in Kansas appeared first on Security Affairs.

Read More Man indicted for tampering with public water system in Kansas
by

VMware addressed two vulnerabilities in its vRealize Operations (vROps) product that can expose organizations to a significant risk of attacks The vROps delivers self-driving IT operations management for private, hybrid, and multi-cloud environments in a unified, AI-powered platform. Security researcher Egor Dimitrenko from Positive Technologies discovered a server-side request forgery (SSRF) vulnerability tracked as CVE-2021-21975 […]

The post VMware fixed flaws in vROps that can be chained to compromise organizations appeared first on Security Affairs.

Read More VMware fixed flaws in vROps that can be chained to compromise organizations
by

Akamai has recently involved in the mitigation of two of the largest known ransom DDoS attacks, one of them peaked at 800Gbps. CDN and cybersecurity firm Akamai warns of a worrying escalation in ransom DDoS attacks since the beginning of the year. The company recently mitigated three of the six biggest volumetric DDoS attacks it […]

The post Akamai dealt with an 800Gbps ransom DDoS against a gambling company appeared first on Security Affairs.

Read More Akamai dealt with an 800Gbps ransom DDoS against a gambling company
by

The data breach disclosed by Ubiquiti in January could be just the tip of the iceberg, a deeper incident could have hit the company. In January, American technology vendor Ubiquiti Networks suffered a data breach, it sent out notification emails to its customers asking them to change their passwords and enable 2FA for their accounts. […]

The post Ubiquiti security breach may be a catastrophe appeared first on Security Affairs.

Read More Ubiquiti security breach may be a catastrophe
by

Citrix addressed vulnerabilities in Hypervisor that could be exploited by threat actors to execute code in a virtual machine to trigger a denial of service condition on the host. US CISA warns that Citrix has released security updates to address flaws in Hypervisor that could be exploited by threat actors to execute code in a […]

The post US CISA warns of DoS flaws in Citrix Hypervisor appeared first on Security Affairs.

Read More US CISA warns of DoS flaws in Citrix Hypervisor
by

President Joe Biden has extended Executive Order 13694, issued in 2015 by President Obama, regarding sanctions issued in response to cyberattacks. President Joe Biden this week has extended Executive Order 13694 regarding sanctions issued in response to cyberattacks. Executive Order 13694 was issued by President Barack Obama in 2015, it allows the government to block […]

The post President Biden extended Executive Order 13694 regarding cyberattack sanctions appeared first on Security Affairs.

Read More President Biden extended Executive Order 13694 regarding cyberattack sanctions
by

Experts warn that cybercriminals are targeting Indonesia’s major banks posing as bank representatives or customer support team members on Twitter. Group-IB, a global threat hunting and adversary-centric cyber intelligence company, warns of an ongoing fraudulent campaign targeting Indonesia’s largest banks that cybercriminals run on social media with the ultimate goal of stealing bank customers’ money. […]

The post 5-star customer service: fraudsters launch massive campaign against Indonesia’s major banks on Twitter appeared first on Security Affairs.

Read More 5-star customer service: fraudsters launch massive campaign against Indonesia’s major banks on Twitter
by

Researchers have reported to Google a sandbox escape vulnerability in the Chrome web browser to Google that awarded them $20,000. Experts from the Chinese cybersecurity company Qihoo 360 have reported to Google another sandbox escape vulnerability (CVE-2021-21194) affecting the Chrome web browser. The tech giant awarded the researchers Leecraso and Guang Gong from the 360 Alpha […]

The post Chinese experts earned $20,000 for reporting a Chrome Sandbox Escape appeared first on Security Affairs.

Read More Chinese experts earned $20,000 for reporting a Chrome Sandbox Escape
by

Russian hackers accessed the email accounts of US Department of Homeland Security (DHS) officials as a result of the SolarWinds hack. Russia-linked hackers were able to access email accounts belonging to US Department of Homeland Security (DHS) officials during the SolarWinds supply chain attack.  “Suspected Russian hackers gained access to email accounts belonging to the […]

The post Email accounts of DHS members were compromised in the SolarWinds hack appeared first on Security Affairs.

Read More Email accounts of DHS members were compromised in the SolarWinds hack
by

IETF has formally deprecated the TLS 1.0 and TLS 1.1 cryptographic protocols because they lack support for recommended cryptographic algorithms and mechanisms The Internet Engineering Task Force (IETF) formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Both versions lack support for current and recommended cryptographic algorithms and mechanisms. TLS […]

The post IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions appeared first on Security Affairs.

Read More IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions
by

VMware addressed a high severity vulnerability in vRealize Operations that could allow stealing admin credentials from vulnerable servers. VMware has published security updates to address multiple vulnerabilities in VMware vRealize Operations that could allow threat actors to steal admin credentials from vulnerable installs. VMware vRealize Operations is a self-driving and AI-powered platform for the management of IT operations […]

The post VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials appeared first on Security Affairs.

Read More VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials
by

Researchers discovered a reflected XSS vulnerability in the Ivory Search WordPress Plugin installed on over 60,000 sites. On March 28, 2021, Astra Security Threat Intelligence Team responsibly disclosed a vulnerability in Ivory Search, a WordPress Search Plugin installed on over 60,000 sites. This security vulnerability could be exploited by an attacker to perform malicious actions […]

The post Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites appeared first on Security Affairs.

Read More Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites
by

Linux kernel recently fixed a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices against Spectre attacks. Kernel updates released in March have addressed a couple of vulnerabilities that could be exploited by an attacker to bypass mitigations designed to protect devices against Spectre attacks. In January 2018, White […]

The post Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations appeared first on Security Affairs.

Read More Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations
by

A vulnerability in the netmask npm package, tracked as CVE-2021-28918, could be exploited by attackers to conduct a variety of attacks. A vulnerability in the netmask npm package, tracked as CVE-2021-28918, could expose private networks to multiple attacks. The flaw is caused by the improper input validation of octal strings in netmask npm package, it […]

The post Hundreds of thousands of projects affected by a flaw in netmask npm package appeared first on Security Affairs.

Read More Hundreds of thousands of projects affected by a flaw in netmask npm package
by

Experts discovered that 30 malicious Docker images with a total number of 20 million pulls were involved in cryptomining operations. Palo Alto Network researcher Aviv Sasson discovered 30 malicious Docker images, which were downloaded 20 million times, that were involved in cryptojacking operations. The expert determined the number of cryptocurrencies that were mined to a mining […]

The post 30 Docker images downloaded 20M times in cryptojacking attacks appeared first on Security Affairs.

Read More 30 Docker images downloaded 20M times in cryptojacking attacks
by

Harris Federation, the multi-academy trust of 50 primary and secondary academies in and around London, was hit by a ransomware attack. A ransomware attack hit the IT systems of London-based nonprofit multi-academy trust Harris Federation on Saturday, March 27. Harris Federation is a multi-academy trust of 50 primary and secondary academies in and around London […]

The post London-based academies Harris Federation hit by ransomware attack appeared first on Security Affairs.

Read More London-based academies Harris Federation hit by ransomware attack
by

Threat actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a backdoor into the source code. Unknown attackers hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a backdoor into the source code. On March 28, the attackers pushed two […]

The post Hackers breached the PHP ‘s Git Server and inserted a backdoor in the source code appeared first on Security Affairs.

Read More Hackers breached the PHP ‘s Git Server and inserted a backdoor in the source code
by

Researchers from Guardicore have spotted a new variant of the Purple Fox Windows malware that implements worm-like propagation capabilities. Researchers from Guardicore have discovered a new version of the Purple Fox Windows malware that implements worm-like propagation capabilities.Up until recently, Purple Fox’s operators infected machines by using exploit kits and phishing emails. Previous versions of […]

The post New Purple Fox version includes Rootkit and implements wormable propagation appeared first on Security Affairs.

Read More New Purple Fox version includes Rootkit and implements wormable propagation
by

A cyber attack has disrupted the Australian Channel Nine’s live broadcasts, the company was unable to transmit its Sunday morning news program. A cyber attack has hit the Australian Channel Nine’s live broadcasts causing the disruption of its operations. The broadcaster was unable to air its Sunday morning news program, which runs from 7:00 am to 1:00 […]

The post Hackers disrupted live broadcasts at Channel Nine. Is it a Russian retaliation? appeared first on Security Affairs.

Read More Hackers disrupted live broadcasts at Channel Nine. Is it a Russian retaliation?
by

Taiwanese manufacturer QNAP published an alert urging its customers to secure their devices after a growing number of users reported that their devices have been hit by brute-force attacks. This week the Taiwanese vendor QNAP has published an alert urging users to secure their devices after a growing number of users reported that their devices […]

The post QNAP urges users to take action to protect devices against Brute-Force attacks appeared first on Security Affairs.

Read More QNAP urges users to take action to protect devices against Brute-Force attacks
by

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. CISA releases CHIRP, a tool to detect SolarWinds malicious activity Microsoft Defender can now protect servers against ProxyLogon […]

The post Security Affairs newsletter Round 307 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 307
by

According to a proposed executive order of the Biden administration, software vendors would have to disclose breaches to U.S. government users. The Reuters agency revealed that an executive order proposed by the Biden administration will oblige software vendors to notify their federal government customers in case they will suffer a security breach. The executive order […]

The post US Gov Executive Order would oblige to disclose security breach impacting gov users appeared first on Security Affairs.

Read More US Gov Executive Order would oblige to disclose security breach impacting gov users
by

Clop ransomware operators now email victim’s customers and ask them to demand a ransom payment to protect their privacy to force victims into paying the ransom. Clop ransomware operators are switching to a new tactic to force victims into paying the ransom by emailing their customers and asking them to demand a ransom payment to […]

The post Clop Ransomware gang now contacts victims’ customers to force victims into pay a ransom appeared first on Security Affairs.

Read More Clop Ransomware gang now contacts victims’ customers to force victims into pay a ransom
by

Researchers spotted a sophisticated Android spyware that implements exfiltration capabilities and surveillance features, including recording audio and phone calls. Experts from security firm Zimperium have spotted a new sophisticated Android spyware that masquerades itself as a System Update application. The malware is able to collect system data, messages, images and take over the infected Android […]

The post Experts spotted a new advanced Android spyware posing as “System Update” appeared first on Security Affairs.

Read More Experts spotted a new advanced Android spyware posing as “System Update”
by

Apple has released new out-of-band updates for iOS, iPadOS, macOS and watchOS to address another zero‑day flaw, tracked CVE-2021-1879, actively exploited. Apple has released a new set of out-of-band patches for iOS, iPadOS, macOS and watchOS to address a critical zero-day vulnerability, tracked as CVE-2021-1879, that is being actively exploited in the wild. The vulnerability resides […]

The post Apple released out-of-band updates for a new Zero‑Day actively exploited appeared first on Security Affairs.

Read More Apple released out-of-band updates for a new Zero‑Day actively exploited
by

Several members of the German Parliament (Bundestag) and other members of the state parliament were hit by a targeted attack allegedly launched by Russia-linked hackers. German newspaper Der Spiegel revealed that email accounts of multiple members of the German Parliament (Bundestag) were targeted with a spearphishing attack. The messages were sent by threat actors to […]

The post German Parliament Bundestag targeted again by Russia-linked hackers appeared first on Security Affairs.

Read More German Parliament Bundestag targeted again by Russia-linked hackers
by

Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020.  Accenture’s Cyber Investigation & Forensic Response (CIFR) and Cyber Threat Intelligence (ACTI) teams published an analysis of the latest campaign conducted by financially motivated threat group Hades which have been operating since at least December 2020.  Experts discovered that threat actors targeted […]

The post Hades ransomware gang targets big organizations in the US appeared first on Security Affairs.

Read More Hades ransomware gang targets big organizations in the US
by

Solarwinds released security updates that address multiple vulnerabilities, including two flaws that be exploited by attackers for remote code execution. Solarwinds has released a major security update to address multiple security vulnerabilities affecting the Orion Platform, the one that was involved in the Solarwinds supply chain attack. The software vendors released the Orion Platform version 2020.2.5 […]

The post Solarwinds Orion Platform updates fix two remote code execution issues appeared first on Security Affairs.

Read More Solarwinds Orion Platform updates fix two remote code execution issues
by

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. The Federal Bureau of Investigation (FBI) published an alert to warn that the Mamba ransomware is abusing the DiskCryptor open-source tool (aka HDDCryptor, HDD Cryptor) to encrypt entire drives. […]

The post FBI published a flash alert on Mamba Ransomware attacks appeared first on Security Affairs.

Read More FBI published a flash alert on Mamba Ransomware attacks
by

The OpenSSL Project addresses two high-severity vulnerabilities, including one related to verifying a certificate chain and one that can trigger a DoS condition. The OpenSSL Project this week released version 1.1.1k to address two high-severity vulnerabilities, respectively tracked as CVE-2021-3450 and CVE-2021-3449. The CVE-2021-3449 vulnerability could be exploited to trigger a DoS condition by sending a […]

The post OpenSSL Project released 1.1.1k version to fix two High-severity flaws appeared first on Security Affairs.

Read More OpenSSL Project released 1.1.1k version to fix two High-severity flaws
by

The CyberNews investigation team found 62,174 potentially vulnerable unpatched Microsoft Exchange Servers. A number of entities in the US and worldwide remain vulnerable to software bugs that were reported by Microsoft weeks ago. The CyberNews investigation team found 62,174 potentially vulnerable unpatched Microsoft Exchange Servers. The vulnerability is still being actively exploited, most famously by […]

The post 62,000 Microsoft Exchange Servers potentially left unpatched, weeks after software bugs were first uncovered appeared first on Security Affairs.

Read More 62,000 Microsoft Exchange Servers potentially left unpatched, weeks after software bugs were first uncovered
by

Threat actors are offering fake COVID-19 test results and vaccination certificates in blackmarkets and hacking forums on the Dark Web. While vaccination campaigns go ahead with different speeds in many countries multiple threat actors on the Dark Web started offering fake COVID-19 test results and vaccination certificates. Multiple research teams, including mine, are monitoring these […]

The post The surge of fake COVID-19 test results, vaccines and vaccination certificates on the Dark Web appeared first on Security Affairs.

Read More The surge of fake COVID-19 test results, vaccines and vaccination certificates on the Dark Web
by

Researchers discovered the availability in the DarK Web of 30M of records of Americans affected by the Astoria Company data breach Astoria Company LLC is a lead generation company that leverages on a network of websites to collect information on a person that may be looking for discounted car loans, different medical insurance, or even […]

The post 30 million Americans affected by the Astoria Company data breach appeared first on Security Affairs.

Read More 30 million Americans affected by the Astoria Company data breach
by

Ata Hakcil led the team of white hat hackers from WizCase in identifying a major data leak on online trading broker FBS’ websites. The data from FBS.com and FBS.eu comprised millions of confidential records including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more. Were such detailed personally identifiable information (PII) to […]

The post Billions of FBS Records Exposed in Online Trading Broker Data Leak appeared first on Security Affairs.

Read More Billions of FBS Records Exposed in Online Trading Broker Data Leak
by

Security experts reported that a second ransomware gang, named Black Kingdom, is targeting Microsoft Exchange servers. After the public disclosure of ProxyLogon vulnerabilities, multiple threat actors started targeting vulnerable Microsoft Exchange servers exposed online. The first ransomware gang exploiting the above issues in attacks in the wild was a group tracked as DearCry. Last crew […]

The post Black Kingdom ransomware is targeting Microsoft Exchange servers appeared first on Security Affairs.

Read More Black Kingdom ransomware is targeting Microsoft Exchange servers
by

Hackers have exposed personal and voter registration details of over 6.5 million Israeli voters, less than 24 hours before the election. A few hours before the election in Israel, hackers exposed the voter registration and personal details of millions of citizens. The source of the data seems to be the app Elector developed by the […]

The post A day before elections, hackers leaked details of millions of Israeli voters appeared first on Security Affairs.

Read More A day before elections, hackers leaked details of millions of Israeli voters
by

Hackers have exposed personal and voter registration details of over 6.5 million Israeli voters, less than 24 hours before the election. A few hours before the election in Israel, hackers exposed the voter registration and personal details of millions of citizens. The source of the data seems to be the app Elector developed by the […]

The post A day before elections, hackers leaked details of millions of Israeli voters appeared first on Security Affairs.

Read More A day before elections, hackers leaked details of millions of Israeli voters
by

Microsoft revealed that 92% of all on-premises Microsoft Exchange servers exposed online affected by the ProxyLogon vulnerabilities are now patched. On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues collectively tracked as ProxyLogon (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. At […]

The post 92% of worldwide Microsoft Exchange IPs are now patched or mitigated appeared first on Security Affairs.

Read More 92% of worldwide Microsoft Exchange IPs are now patched or mitigated
by

This week, IoT company Sierra Wireless disclosed a ransomware attack that hit its internal IT systems on March 20 and disrupted its production. Sierra Wireless is a Canadian multinational wireless communications equipment designer and manufacturer headquartered in Richmond, British Columbia, Canada. The company sells mobile computing and machine-to-machine (M2M) communications products that work over cellular […]

The post Sierra Wireless halted production at its manufacturing sites due to ransomware attack appeared first on Security Affairs.

Read More Sierra Wireless halted production at its manufacturing sites due to ransomware attack
by

Google addressed a zero-day vulnerability affecting Android devices that use Qualcomm chipsets which is actively exploited in the wild. Google has addressed a zero-day vulnerability, tracked as CVE-2020-11261, affecting Android devices that use Qualcomm chipsets. According to the IT giant, threat actors are actively exploiting the vulnerability in attacks in the wild. The CVE-2020-11261 flaw, is […]

The post Google fixes an Android vulnerability actively exploited in the wild appeared first on Security Affairs.

Read More Google fixes an Android vulnerability actively exploited in the wild
by

U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns of flaws in GE Power Management Devices that could allow an attacker to conduct multiple malicious activities on vulnerable systems. U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns of vulnerabilities in GE Power Management Devices that could be exploited by an attacker to conduct multiple malicious activities […]

The post CISA is warning of vulnerabilities in GE Power Management Devices appeared first on Security Affairs.

Read More CISA is warning of vulnerabilities in GE Power Management Devices
by

Oil and gas giant Royal Dutch Shell (Shell) discloses a data breach resulting from the compromise of its Accellion File Transfer Appliance (FTA) file sharing service. Energy giant Shell disclosed a data breach resulting from the compromise of an Accellion File Transfer Appliance (FTA) used by the company. Shell is an Anglo-Dutch multinational oil and […]

The post Energy giant Shell discloses data breach caused by Accellion FTA hack appeared first on Security Affairs.

Read More Energy giant Shell discloses data breach caused by Accellion FTA hack