hacking

Security researchers uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries.  Researchers from cybersecurity firm Cyjax uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries.  The phishing campaign has been ongoing since spring 2020 when the domains were first transferred to their current host. At […]

The post Large phishing campaign targets EMEA and APAC governments appeared first on Security Affairs.

Read More Large phishing campaign targets EMEA and APAC governments

Europol, along with Italian and Spanish police, dismantled a major crime organization linked to the Italian Mafia that focuses on online frauds. Europol, along with law enforcement agencies in Italy and Spain, has dismantled a major crime group linked to the Italian Mafia that was involved in online fraud, drug trafficking, money laundering, and property […]

The post Europol arrested 106 fraudsters, members of a major crime ring appeared first on Security Affairs.

Read More Europol arrested 106 fraudsters, members of a major crime ring

A Pakistani national has been sentenced to 12 years of prison in the US for his role in a hacking scheme against the telecom giant AT&T. The Pakistani national Muhammad Fahd (35) was sentenced to 12 years of prison in the United States for his primary role in a seven-year scheme to illegally unlock nearly […]

The post Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme appeared first on Security Affairs.

Read More Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry’s leading virtual private networks ExpressVPN, as part of a $936 million deal. Kape announced that the acquisition will more than double its overall customer base, from almost 3 million customers to more than […]

The post Why Edward Snowden is urging users to stop using ExpressVPN? appeared first on Security Affairs.

Read More Why Edward Snowden is urging users to stop using ExpressVPN?

US Government is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware operations to cash out ransom payments. The Biden administration is putting in place all the strategies to disrupt the operations of the ransomware gangs, and according to the Wall Street Journal, it is now planning to target the digital […]

The post The Biden administration plans to target exchanges supporting ransomware operations with sanctions appeared first on Security Affairs.

Read More The Biden administration plans to target exchanges supporting ransomware operations with sanctions

Security researchers from the Cisco Talos team uncovered a spear-phishing campaign targeting the aviation industry for two years avoiding detection. Security researchers from Cisco Talos uncovered a spear-phishing campaign targeting, dubbed Operation Layover, that targeted the aviation industry for two years without being detected. The experts believe that the threat actor behind this campaign is […]

The post Threat actor has been targeting the aviation industry since at least 2018 appeared first on Security Affairs.

Read More Threat actor has been targeting the aviation industry since at least 2018

A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and take over impacted devices. Researchers provided technical details about a recently addressed critical vulnerability, dubbed Seventh Inferno, in Netgear smart switches that could be exploited by an attacker to potentially execute malicious code and take […]

The post Expert discloses details and PoC code for Netgear Seventh Inferno bug appeared first on Security Affairs.

Read More Expert discloses details and PoC code for Netgear Seventh Inferno bug

Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system. Chipmaker AMD has addressed a medium severity issue in Platform Security Processor (PSP) chipset driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system. […]

The post CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data appeared first on Security Affairs.

Read More CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

The Mirai botnet starts exploiting the recently disclosed OMIGOD vulnerability to compromise vulnerable systems exposed online. Threat actors behind a Mirai botnet starts exploiting a critical Azure OMIGOD vulnerability, tracked as CVE-2021-38647, a few days after Microsoft disclosed them. Recently released September 2021 Patch Tuesday security updates have addressed four severe vulnerabilities, collectively tracked as OMIGOD, in the Open Management […]

The post Experts warn that Mirai Botnet starts exploiting OMIGOD flaw appeared first on Security Affairs.

Read More Experts warn that Mirai Botnet starts exploiting OMIGOD flaw

A spokesman for the authority running Germany’s September 26 general election confirmed that hackers briefly disrupted its website last month. Threat actors last month hit the website of the authority running Germany’s September 26 general election, reported AFP. According to a spokesman for the organization, the attack took place at the end of August and […]

The post German Election body hit by a cyber attack appeared first on Security Affairs.

Read More German Election body hit by a cyber attack

A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved in attacks aimed at WordPress installs and Linux systems.  The malware spread through attacks exploiting known vulnerabilities (i.e. CVE-2020-14882 […]

The post New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems appeared first on Security Affairs.

Read More New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines. Security researchers from Lumen’s Black Lotus Labs have discovered several malicious Linux binaries developed to target the Windows Subsystem for Linux (WSL). Windows Subsystem for Linux (WSL) is a compatibility layer for running Linux […]

The post A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection appeared first on Security Affairs.

Read More A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection

The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warn of state-sponsored attacks that are actively exploiting CVE-2021-40539 Zoho flaw. The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warn that nation-state APT groups are actively exploiting a critical vulnerability, tracked as CVE-2021-40539, in the Zoho ManageEngine ADSelfService Plus software. ManageEngine ADSelfService Plus […]

The post FBI, CISA, and CGCYBER warn of nation-state actors exploiting CVE-2021-40539 Zoho bug appeared first on Security Affairs.

Read More FBI, CISA, and CGCYBER warn of nation-state actors exploiting CVE-2021-40539 Zoho bug

Microsoft revealed that multiple threat actors are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444). Microsoft warns of multiple threat actors, including ransomware operators, that are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444) in attacks against organizations. The IT giant says that threat actors started targeting […]

The post Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug appeared first on Security Affairs.

Read More Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug

Researchers from Bitdefender released a free master decryptor for the REvil ransomware operation that allows past victims to recover their files for free. Good news for the victims of REvil ransomware gangs that were infected before the operations were temporarily halted on July 13th, Bitdefender released a free master decryptor that allows them to recover […]

The post Bitdefender released free REvil ransomware decryptor that works for past victims appeared first on Security Affairs.

Read More Bitdefender released free REvil ransomware decryptor that works for past victims

Anonymous claims to have hacked the controversial web hosting provider Epik, known for allowing far-right, neo-Nazi, and other extremist content. Anonymous hacktivist collective claims has claimed to have hacked the controversial web hosting provided Epik and stolen its data, including information of the clients of the company, as part of an operation codenamed EPIKFAIL. The hosting […]

The post Anonymous hacked the controversial, far-right web host Epik appeared first on Security Affairs.

Read More Anonymous hacked the controversial, far-right web host Epik

OMIGOD – Microsoft addressed four vulnerabilities in the Open Management Infrastructure (OMI) software agent that could expose Azure users to attacks. Recently released September 2021 Patch Tuesday security updates have addressed four severe vulnerabilities, collectively tracked as OMIGOD, in the Open Management Infrastructure (OMI) software agent that exposes Azure users to attack. Below is the list of the […]

The post OMIGOD vulnerabilities expose thousands of Azure users to hack appeared first on Security Affairs.

Read More OMIGOD vulnerabilities expose thousands of Azure users to hack

Three former NSA employees entered into a deferred prosecution agreement that restricts their future activities and employment and requires the payment of a penalty. Three former NSA employees (Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40) entered into a deferred prosecution agreement that restricts their future activities and employment. The trio has worked as hackers-for-hire […]

The post Three formers NSA employees fined for providing hacker-for-hire services to UAE firm appeared first on Security Affairs.

Read More Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has appointed Kiersten Todt as its new chief of staff. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced to have appointed Kiersten Todt as its new chief of staff, she will replace Acting Chief of Staff Kate Nichols. “The Cybersecurity and Infrastructure Security Agency (CISA) announced today Kiersten […]

The post US CISA appointed Kiersten Todt as new chief of staff appeared first on Security Affairs.

Read More US CISA appointed Kiersten Todt as new chief of staff

Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day flaw actively exploited in targeted attacks. Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day RCE actively exploited in targeted attacks aimed at Microsoft Office and Office 365 on Windows 10 computers. The flaw, tracked as CVE-2021-40444, resides in the MSHTML, […]

The post Microsoft Patch Tuesday fixes CVE-2021-40444 MSHTML zero-day appeared first on Security Affairs.

Read More Microsoft Patch Tuesday fixes CVE-2021-40444 MSHTML zero-day

Latvian vendor MikroTik revealed that recently discovered Mēris botnet is targeting devices that were compromised three years ago. Last week, the Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the resilience of the country to an […]

The post Mēris Bot infects MikroTik routers compromised in 2018 appeared first on Security Affairs.

Read More Mēris Bot infects MikroTik routers compromised in 2018

A high severity vulnerability, tracked as CVE-2021-3437, in HP OMEN laptop and desktop gaming computers exposes millions of systems to DoS and privilege escalation attacks. Millions of HP OMEN laptop and desktop gaming computers are exposed to multiple attacks by a high severity vulnerability tracked as CVE-2021-3437 that was discovered by SentinelLabs researchers. “Potential security vulnerabilities […]

The post Millions of HP OMEN gaming PCs impacted by CVE-2021-3437 driver flaw appeared first on Security Affairs.

Read More Millions of HP OMEN gaming PCs impacted by CVE-2021-3437 driver flaw

Google Chrome 93.0.4577.82 for Windows, Mac, and Linux that addressed eleven security issues, including two zero-days actively exploited. Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security issues, including two zero-days vulnerabilities actively exploited in the wild. This is the tenth zero-day vulnerability in Chrome fixed by Google that was exploited […]

The post Google addresses a new Chrome zero-day flaw actively exploited in the wild appeared first on Security Affairs.

Read More Google addresses a new Chrome zero-day flaw actively exploited in the wild

Researchers discovered Linux and Windows implementations of the Cobalt Strike Beacon developed by attackers that were actively used in attacks in the wild. Threat actors re-implemented from scratch unofficial Linux and Windows versions of the Cobalt Strike Beacon and are actively using them in attacks aimed at organizations worldwide.Cobalt Strike is a legitimate penetration testing tool designed as an attack […]

The post Vermilion Strike, a Linux implementation of Cobalt Strike Beacon used in attacks appeared first on Security Affairs.

Read More Vermilion Strike, a Linux implementation of Cobalt Strike Beacon used in attacks

Spook.js is a new side-channel attack on modern processors that can allow bypassing Site Isolation protections implemented in Google Chrome. Boffins devised a transient side-channel attack on modern processors, “Spook.js,” that can be abused by threat actors to bypass Site Isolation protections implemented in Google Chrome and Chromium browsers. The technique allows in some cases to steal sensitive […]

The post New Spook.Js attack allows to bypass Google Chrome Site Isolation protections appeared first on Security Affairs.

Read More New Spook.Js attack allows to bypass Google Chrome Site Isolation protections

Technology giant Olympus announced it was the victim of a ransomware attack and is currently investigating the extent of the incident. Olympus issued a statement to announce that its European, Middle East and Africa computer network was hit by a ransomware attack. “Upon detection of suspicious activity, we immediately mobilized a specialized response team including […]

The post BlackMatter ransomware gang hit Technology giant Olympus appeared first on Security Affairs.

Read More BlackMatter ransomware gang hit Technology giant Olympus

A new banking trojan dubbed maxtrilha (due to its encryption key) has been discovered in the last few days and targeting customers of European and South American banks. The new maxtrilha trojan is being disseminated and targeting several banks around the world. Criminals are constantly creating variants of popular banking trojans, keeping in mind the same modus operandi but […]

The post The new maxtrilha trojan is being disseminated and targeting several banks appeared first on Security Affairs.

Read More The new maxtrilha trojan is being disseminated and targeting several banks

The Department of Justice and Constitutional Development of South Africa was hit by a ransomware attack that crippled bail services. A ransomware attack hit the Department of Justice and Constitutional Development of South Africa, multiple services, including email and bail services have been impacted. The incident did not affect child maintenance payments for the month […]

The post Department of Justice and Constitutional Development of South Africa hit by a ransomware attack appeared first on Security Affairs.

Read More Department of Justice and Constitutional Development of South Africa hit by a ransomware attack

Recently we observed that part of the REvil ransomware infrastructure was up and running again, now we can confirm that they hit new victims. On September 7, the servers of the REvil ransomware gang were back online after around two months since their shutdown. The circumstance was immediately noted by many researchers, me too. The […]

The post Revil ransomware operators are targeting new victims appeared first on Security Affairs.

Read More Revil ransomware operators are targeting new victims

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Cisco released security patches for High-Severity flaws in IOS XR software New SOVA Android Banking trojan is […]

The post Security Affairs newsletter Round 331 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 331

Cisco fixed multiple high-severity flaws in the IOS XR software that can allow attackers to trigger a DoS condition, elevate privileges, overwrite/read arbitrary files. Cisco released security updates to address multiple high-severity vulnerabilities in the IOS XR software that can be exploited to conduct multiple malicious activities, such as rebooting devices and elevate privileges. The […]

The post Cisco released security patches for High-Severity flaws in IOS XR software appeared first on Security Affairs.

Read More Cisco released security patches for High-Severity flaws in IOS XR software

SOVA is a new Android banking trojan that targets banking applications, cryptocurrency wallets, and shopping apps from the U.S. and Spain. Researchers from cybersecurity firm ThreatFabric have spotted in the beginning of August a new Android banking trojan, dubbed SOVA, that targets banking applications, cryptocurrency wallets, and shopping apps from the U.S. and Spain. The […]

The post New SOVA Android Banking trojan is rapidly growing appeared first on Security Affairs.

Read More New SOVA Android Banking trojan is rapidly growing

Microsoft has fixed the Azurescape issue, a flaw in Azure Container Instances that allows to take over containers of other platform users. Microsoft has addressed a vulnerability in Azure Container Instances (ACI) called Azurescape that could have allowed a malicious container to take over containers belonging to other users. An attacker could exploit the vulnerability […]

The post Microsoft fixes Azurescape flaw in Azure Container Instances appeared first on Security Affairs.

Read More Microsoft fixes Azurescape flaw in Azure Container Instances

Security researchers from Broadcom’s Symantec linked a previously undocumented backdoor to the Chinese Grayfly operation. Experts from Broadcom’s Symantec linked a previously undocumented backdoor to the Chinese Grayfly operation. In late August, ESET researchers uncovered the SideWalk backdoor that was employed by the Chine cyberespionage group in an attack aimed at a computer retail company […]

The post Grayfly APT uses recently discovered Sidewalk backdoor appeared first on Security Affairs.

Read More Grayfly APT uses recently discovered Sidewalk backdoor

The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg. The United Nations on Thursday confirmed that its computer networks were hit by a cyberattack earlier this year. “We can confirm that unknown attackers were able to breach parts of the United […]

The post Experts confirmed that the networks of the United Nations were hacked earlier this year appeared first on Security Affairs.

Read More Experts confirmed that the networks of the United Nations were hacked earlier this year

A Canadian man, who helped North Korean threat actors to launder stolen funds, plead guilty to laundering tens of millions of dollars stolen in bank fraud schemes. A Canadian man who conspired to launder tens of millions of dollars stolen bank fraud schemes has been sentenced to 140 months in prison. The man is Ghaleb […]

The post International money launderer sentenced to more than 11 years appeared first on Security Affairs.

Read More International money launderer sentenced to more than 11 years

The massive DDoS attack that has been targeting the internet giant Yandex was powered b a completely new botnet tracked as Mēris. The Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the […]

The post A new botnet named Mēris is behind massive DDoS attack that hit Yandex appeared first on Security Affairs.

Read More A new botnet named Mēris is behind massive DDoS attack that hit Yandex

CyberNews researchers identified more than 2 million web servers worldwide still running on outdated and vulnerable versions of Microsoft Internet Information Services software. These legacy versions are no longer supported by Microsoft, which makes millions of web servers easy targets for threat actors and cybercriminals. Original post @ https://cybernews.com/security/millions-of-microsoft-web-servers-powered-by-vulnerable-legacy-software/ Boasting a market share of 12.4%, Microsoft […]

The post Millions of Microsoft web servers powered by vulnerable legacy software appeared first on Security Affairs.

Read More Millions of Microsoft web servers powered by vulnerable legacy software

The financially motivated TeamTNT hacking group expanded its arsenal with new tools used to target thousands of victims worldwide. Researchers from AT&T Alien Labs uncovered a new campaign, tracked as Chimaera, conducted by the TeamTNT group, aimed at organizations worldwide. Evidence collected by the experts suggests that the campaign began on July 25, 2021, threat actors […]

The post TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide appeared first on Security Affairs.

Read More TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

The Russian internet service provider Yandex is under a massive distributed denial-of-service (DDoS) attack that began last week. The Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the resilience of the country […]

The post Yandex is under the largest DDoS attack in the history of Runet appeared first on Security Affairs.

Read More Yandex is under the largest DDoS attack in the history of Runet

Zoho urges customers to address an authentication bypass vulnerability in its ManageEngine ADSelfService Plus that is actively exploited in the wild. Zoho has released a security patch to address an authentication bypass vulnerability, tracked as CVE-2021-40539, in its ManageEngine ADSelfService Plus. The company also warns the vulnerability is already exploited in attacks in the wild. […]

The post Zoho warns of zero-day authentication bypass flaw actively exploited appeared first on Security Affairs.

Read More Zoho warns of zero-day authentication bypass flaw actively exploited

A threat actor that goes online with the moniker ‘Sangkancil’ claims to have stolen the personal information of 7 million Israelis. A threat actor that goes online with the moniker ‘Sangkancil’ claims to have stolen the personal information of 7 million Israelis from the CITY4U website. The hacker is offering the data for sale, but […]

The post Personal information of 7 million Israelis available for sale appeared first on Security Affairs.

Read More Personal information of 7 million Israelis available for sale

Groove gang leaked online Fortinet credentials that could be used to breach networks of organizations using the compromised devices. The financially motivated threat actor Groove has leaked online compromised credentials belonging to many organizations. The ransomware group has been active since August 2021 and implement a double extortion model like other gangs. The threat actor leaked a […]

The post Groove gang leaks list of 500k credentials of compromised Fortinet appliances appeared first on Security Affairs.

Read More Groove gang leaks list of 500k credentials of compromised Fortinet appliances

Microsoft warns of a zero-day vulnerability in Internet Explorer that is actively exploited by threat actors using weaponized Office docs. Microsoft warns of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited by threat actors to hijack vulnerable Windows systems. Microsoft did not share info about the attacks either the nature of the […]

The post Microsoft warns of a zero-day in Internet Explorer that is actively exploited appeared first on Security Affairs.

Read More Microsoft warns of a zero-day in Internet Explorer that is actively exploited

Germany has protested to Russia over attempts to steal data from lawmakers and use them to spread disinformation ahead of the upcoming election. Germany has formally protested to Russia over a series of cyber attacks aimed at stealing data from lawmakers that could be used to arrange disinformation campaigns before the upcoming German election. The […]

The post Germany protests to Russia over attacks ahead of the upcoming election appeared first on Security Affairs.

Read More Germany protests to Russia over attacks ahead of the upcoming election

The leak site of the popular REvil ransomware gang is it is not clear if the group resumed operations or the FBI turned on its servers. Today the servers of the REvil ransomware gang were back online after around two months since their shutdown. The circumstance was immediately noted by many researchers, me too. The […]

The post REvil ransomware gang’s servers are mysteriously online again appeared first on Security Affairs.

Read More REvil ransomware gang’s servers are mysteriously online again

A researcher published the PoC exploit code for a Ghostscript zero-day vulnerability that could allow completely compromise a server. Security researcher Nguyen The Duc published on GitHub the proof-of-concept exploit code for a Ghostscript zero-day vulnerability. The vulnerability is a remote code execution (RCE) issue that could allow an attacker to completely compromise a server. Ghostscript […]

The post Researcher published PoC exploit for Ghostscript zero-day appeared first on Security Affairs.

Read More Researcher published PoC exploit for Ghostscript zero-day

The development team behind the Jenkins server disclose a security breach, threat actors deployed a cryptocurrency miner on one of its servers. The development team behind the Jenkins Project disclosed a security breach after threat actors compromised one of their internal servers and installed a cryptocurrency miner. Jenkins is the most popular open-source automation server, it is […]

The post A server of the Jenkins project hacked by exploiting a Confluence flaw appeared first on Security Affairs.

Read More A server of the Jenkins project hacked by exploiting a Confluence flaw

The Ragnar Locker ransomware operators threaten to leak stolen data if the victims attempt to contact law enforcement agencies. The Ragnar Locker ransomware gang is adopting a new technique to force victims to pay the ransom, the operators threaten to leak stolen data if the victims contact law enforcement agencies. The group announced its new […]

The post Ragnar Locker gang threatens to leak data if victim contacts law enforcement appeared first on Security Affairs.

Read More Ragnar Locker gang threatens to leak data if victim contacts law enforcement

Netgear has released security updates to address high-severity vulnerabilities affecting several of its smart switches used by businesses. Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. The company fixed three security flaws that affect 20 Netgear products, mostly smart switches. Technical details […]

The post Netgear addresses severe security flaws in 20 of its products appeared first on Security Affairs.

Read More Netgear addresses severe security flaws in 20 of its products

Security researcher ValdikSS found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores. A Russian security researcher that goes online with the name of ValdikSS has found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores The expert noticed that several push-button telephones contain unwanted […]

The post Malware found pre-installed in cheap push-button mobile phones sold in Russia appeared first on Security Affairs.

Read More Malware found pre-installed in cheap push-button mobile phones sold in Russia

The FBI Internet Crime Complaint Center (IC3) warns of a spike in sextortion attacks since the beginning of 2021 that caused $8M losses. The FBI Internet Crime Complaint Center (IC3) is warning of a significant increase in sextortion complaints since the beginning of 2021. In a sextortion attack, threat actors threaten to distribute the victims […]

The post FBI IC3 warns of a spike in sextortion attacks appeared first on Security Affairs.

Read More FBI IC3 warns of a spike in sextortion attacks

Pacific City Bank was hit by AVOS Locker Ransomware operators, the gang claims to have stolen sensitive file from the company and threatens to leak it. Pacific City Bank is an American community bank that focuses on the Korean-American community based in California and offers commercial banking services The bank was hit by AVOS Locker […]

The post Pacific City Bank hit by AVOS Locker Ransomware appeared first on Security Affairs.

Read More Pacific City Bank hit by AVOS Locker Ransomware

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. SEC warns of investment scams related to Hurricane Ida Apple will delay the rollout of new child […]

The post Security Affairs newsletter Round 330 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 330

A massive DDoS hit New Zealand ‘s third-largest internet operator isolating parts of the country from the Internet. A massive DDoS hit Vocus ISP, New Zealand ‘s third-largest internet operator, isolating parts of the country from the Internet. Vocus provides retail, wholesale and corporate telecommunications services across Australia and New Zealand. Vocus offers data network services […]

The post Major IPS in New Zealand hit by massive DDoS, Internet outages reported appeared first on Security Affairs.

Read More Major IPS in New Zealand hit by massive DDoS, Internet outages reported

The US Securities and Exchange Commission warns investors of potential investment scams that leverages Hurricane Ida as a bait. The US Securities and Exchange Commission (SEC)’s Office of Investor Education and Advocacy is warning investors of potential investment scams related to Hurricane Ida. Scammers will likely target individuals and organizations that are eligible to receive large payouts from insurance […]

The post SEC warns of investment scams related to Hurricane Ida appeared first on Security Affairs.

Read More SEC warns of investment scams related to Hurricane Ida

FIN7 cybercrime gang used weaponized Windows 11 Alpha-themed Word documents to drop malicious payloads, including a JavaScript backdoor. Anomali Threat Research experts have monitored recent spear-phishing attacks conducted by financially motivated threat actor FIN7. The messages used weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript backdoor, […]

The post FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads appeared first on Security Affairs.

Read More FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads

The complete source code for the Babuk ransomware is available for sale on a Russian-speaking hacking forum. A threat actor has leaked the source code for the Babuk ransomware on a Russian-speaking hacking forum. The Babuk Locker operators halted their operations at the end of April after the attack against the Washington, DC police department. Experts believe that […]

The post Source code for the Babuk is available on a hacking forum appeared first on Security Affairs.

Read More Source code for the Babuk is available on a hacking forum

USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the Labor Day weekend.  US Cyber Command (USCYBERCOM) has issued an alert to warn US organizations to address Atlassian Confluence CVE-2021-26084 vulnerability immediately, ahead of the Labor Day weekend. Government experts are aware of the ongoing […]

The post USCYBERCOM and CISA warn organizations to fix CVE-2021-26084 Confluence flaw appeared first on Security Affairs.

Read More USCYBERCOM and CISA warn organizations to fix CVE-2021-26084 Confluence flaw

The Conti ransomware operators are targeting Microsoft Exchange servers leveraging recently disclosed ProxyShell vulnerability exploits. The Conti ransomware gang is targeting Microsoft Exchange servers leveraging exploits with recently disclosed ProxyShell vulnerabilities. ProxyShell is the name of three vulnerabilities that could be chained by an unauthenticated remote attacker to gain code execution on Microsoft Exchange servers. […]

The post Conti ransomware gang targets Microsoft Exchange servers with ProxyShell exploits appeared first on Security Affairs.

Read More Conti ransomware gang targets Microsoft Exchange servers with ProxyShell exploits

FBI warns ransomware gangs are actively targeting organizations in the food and agriculture sector. The FBI Cyber Division issued a Private Industry Notification (PIN) to warn of ransomware attacks targeting the Food and Agriculture sector disrupting its operations, causing financial loss and negatively impacting the overall food supply chain. Small farms, large producers, processors and […]

The post FBI warns of ransomware attacks targeting the food and agriculture sector appeared first on Security Affairs.

Read More FBI warns of ransomware attacks targeting the food and agriculture sector

SolarWinds did not enable anti-exploit mitigation available since 2006 allowing threat actors to target SolarWinds Serv-U FTP software in July attacks. Software vendor SolarWinds did not enable ASLR anti-exploit mitigation that was available since the launch of Windows Vista in 2006, allowing the attackers to launch targeted attacks in July. Microsoft, which investigated the incidents, […]

The post Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation appeared first on Security Affairs.

Read More Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation

The now-fixed CVE-2020-1910 vulnerability in WhatApp ‘s image filter feature could have exposed user data to remote attackers. A high-severity security vulnerability in WhatApp’s image filter feature, tracked as CVE-2020-1910, could have been exploited by attackers to read sensitive information from the app’s memory by simply sending a specially crafted image over the messaging app […]

The post WhatsApp CVE-2020-1910 bug could have led to user data exposure appeared first on Security Affairs.

Read More WhatsApp CVE-2020-1910 bug could have led to user data exposure

Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth, can be exploited by threat actors to execute arbitrary code and crash the devices via DoS […]

The post New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices appeared first on Security Affairs.

Read More New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Threat actors are actively exploiting a recently patched vulnerability in Atlassian’s Confluence enterprise collaboration product. Threat actors were spotted exploiting the CVE-2021-26084 vulnerability in Atlassian’s Confluence enterprise collaboration product a few days after it was patched by the vendor. Last week, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise […]

The post Attackers are attempting to exploit recently patched Atlassian Confluence CVE-2021-26084 RCE appeared first on Security Affairs.

Read More Attackers are attempting to exploit recently patched Atlassian Confluence CVE-2021-26084 RCE

Cyber Defense Magazine September 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with 161 pages of excellent content. Cyber Defense eMagazine for September 2021 Published monthly by Cyber Defense Magazine, this resource shares a wealth of information to help you stay one step ahead of the next cyber threat. In this Edition:  – […]

The post Cyber Defense Magazine – September 2021 has arrived. Enjoy it! appeared first on Security Affairs.

Read More Cyber Defense Magazine – September 2021 has arrived. Enjoy it!

The Mozi botnet continues to spread despite the arrest of its alleged author and experts believe that it will run for many other years.  Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware, it appeared on the threat landscape in late 2019. The Mozi botnet was spotted by security experts from 360 Netlab, at […]

The post Mozi infections will slightly decrease but it will stay alive for some time to come appeared first on Security Affairs.

Read More Mozi infections will slightly decrease but it will stay alive for some time to come

The U.S. Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. The U.S. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. The companies were not able to protect the confidential information of their customers. “The Securities […]

The post SEC announces sanctions against entities over email account hacking appeared first on Security Affairs.

Read More SEC announces sanctions against entities over email account hacking

The FBI and CISA issued a joint cybersecurity advisory to warn organizations to remain vigilant against ransomware attacks during weekends or holidays. The FBI and CISA warn organizations to keep high their defenses against ransomware attacks during weekends or holidays. The government agencies have observed an increase in ransomware attacks occurring on holidays and weekends, […]

The post Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA appeared first on Security Affairs.

Read More Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA

A bug unravels 3D printer security, cryptocurrency sites can’t stop getting hacked, and hear our special guest spill a cup of tea while inhabiting his wife’s knicker drawer.

All this and much more can be found in the latest edition of the award-winn…

Read More Smashing Security podcast #240: 3D printer hijacks, crypto fails, and a tech billionaire’s revenge

It’s a big one:

As first reported by Motherboard on Sunday, someone on the dark web claims to have obtained the data of 100 million from T-Mobile’s servers and is selling a portion of it on an underground forum for 6 bitcoin, about $280,000. The trove includes not only names, phone numbers, and physical addresses but also more sensitive data like social security numbers, driver’s license information, and IMEI numbers, unique identifiers tied to each mobile device. Motherboard confirmed that samples of the data “contained accurate information on T-Mobile customers.”…

Read More T-Mobile Data Breach

Microsoft warns of a malware-based campaign that targeted organizations in the aerospace and travel sectors in the past months. Microsoft researchers revealed that organizations in the aerospace and travel sectors have been targeted in the past months in a malware-based campaign. Threat actors conducted a spear-phishing campaign using messages that were specifically designed to be […]

The post Organizations in aerospace and travel sectors under attack, Microsoft warns appeared first on Security Affairs.

Read More Organizations in aerospace and travel sectors under attack, Microsoft warns

President Joe Biden signed an ambitious executive order to dramatically improve the security of the US government networks. President Biden signed an executive order this week to improve the country’s defenses against cyberattacks, it is an important move that comes shortly after the recent wave of attacks, such as the SolarWinds supply chain attack and the […]

The post Biden signed executive order to improve the Nation’s Cybersecurity appeared first on Security Affairs.

Read More Biden signed executive order to improve the Nation’s Cybersecurity

FBI and DHS’s CISA have published a joint alert on DarkSide ransomware activity after the disruptive attack on Colonial Pipeline. FBI and DHS’s CISA have published a joint alert to warn of ransomware attacks conducted by the DarkSide group. The alert comes after the disruptive attack that hit Colonial Pipeline that caused chaos and disruption. […]

The post US CISA and FBI publish joint alert on DarkSide ransomware appeared first on Security Affairs.

Read More US CISA and FBI publish joint alert on DarkSide ransomware

After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to.  Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers. As per these regulations, organizations can be held responsible […]

The post How Companies Need to Treat User Data and Manage Their Partners appeared first on Security Affairs.

Read More How Companies Need to Treat User Data and Manage Their Partners

Security researcher discovered a series of flaws, collectively tracked as FragAttacks, that impact the WiFi devices sold for the past 24 years. Belgian security researcher Mathy Vanhoef disclosed the details of a multiple vulnerabilities, tracked as FragAttacks, that affect WiFi devices exposed them to remote attacks. Some the flaws discovered by the experts date back as […]

The post FragAttacks vulnerabilities expose all WiFi devices to hack appeared first on Security Affairs.

Read More FragAttacks vulnerabilities expose all WiFi devices to hack

Thousands of public-facing devices can be accessed anywhere in the world, from the US to Russia, from London to Johannesburg. Our research shows that large and small manufacturers are identifiable, with Aastra-Mitel topping the list. As with many inventions of the 20th century, the internet has drastically changed using the phone. Once a vital necessity […]

The post Maybe don’t call Saul? Over 30,000 VoIP devices identifiable worldwide, some with suspected vulnerabilities appeared first on Security Affairs.

Read More Maybe don’t call Saul? Over 30,000 VoIP devices identifiable worldwide, some with suspected vulnerabilities

Malware researchers from Cleafy warn of a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Europe. Malware experts from the Italian cybersecurity firm Cleafy have spotted a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Spain, Germany, Italy, Belgium, and the Netherlands. TeaBot malware appeared […]

The post TeaBot Android banking Trojan targets banks in Europe appeared first on Security Affairs.

Read More TeaBot Android banking Trojan targets banks in Europe

U.S. Intelligence agencies warn of weaknesses in 5G networks that could be exploited by crooks and nation-state actors for intelligence gathering. The U.S. National Security Agency (NSA), along with the DHS Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have analyzed the risks and vulnerabilities associated with […]

The post NSA and ODNI analyze potential risks to 5G networks appeared first on Security Affairs.

Read More NSA and ODNI analyze potential risks to 5G networks

Adobe confirmed that a zero-day vulnerability affecting Adobe Reader for Windows has been exploited in the wild in limited attacks. Adobe security updates for May 2021 address at least 43 CVEs in Experience Manager, InDesign, Illustrator, InCopy, Adobe Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop, Media Encoder, Medium, and Animate. Five of the […]

The post Hackers target Windows users exploiting a Zero-Day in Reader appeared first on Security Affairs.

Read More Hackers target Windows users exploiting a Zero-Day in Reader

Apple AirTag has been launched less than two weeks ago, but a security researcher already claims to have hacked them.  The Apple AirTag has been available for just a couple of weeks and hacking community is already working on it to demonstrate that how to compromise it. “The German security researcher Stack Smashing tweeted today (via The 8-bit) that […]

The post Researcher hacked Apple AirTag two weeks after its launch appeared first on Security Affairs.

Read More Researcher hacked Apple AirTag two weeks after its launch

Court documents revealed that the infamous XcodeGhost malware, which has been active since 2015, infected 128 million iOS users. Documents provided in a court case that sees Epic Games v. Apple Inc. revealed that the XcodeGhost malware impacted 128 million iOS users. Epic Games filed a lawsuit against Apple in a California court over its violation of terms of […]

The post Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015 appeared first on Security Affairs.

Read More Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015

Google has released a new open-source tool called cosign that could allow administrators to sign and verify the container images. Google has released a new open-source tool called cosign that allows to sign, verify container images, it was developed to make signatures invisible infrastructure. Cosign supports: Hardware and KMS signing Bring-your-own PKI Our free OIDC PKI […]

The post Google open sources cosign tool for verifying containers appeared first on Security Affairs.

Read More Google open sources cosign tool for verifying containers

The FBI and Australian Australian Cyber Security Centre (ACSC) warn of an ongoing Avaddon ransomware campaign targeting organizations worldwide. The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations worldwide in multiple industries, including government, finance, energy, manufacturing, and healthcare. The alert published […]

The post FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks appeared first on Security Affairs.

Read More FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks