information security news

Which are the most common causes of a Data Breach and how to prevent It? How can organizations prevent it? Data breaches are highly damaging and equally embarrassing for businesses andconsumers. If you look at Verizon’s 2020 Data Breach Investigations Report, you canfind some of the most common causes of data breaches. However, you will also […]

The post Most Common Causes of Data Breach and How to Prevent It appeared first on Security Affairs.

Read More Most Common Causes of Data Breach and How to Prevent It

Experian API exposed credit scores of tens of millions of Americans due to a weakness with a partner website. Anyone was able to look up the credit score of tens of millions of Americans just by providing their name and mailing address. The issue was reported to KrebsOnSecurity by the independent security researcher Bill Demirkapi, […]

The post Experian API exposed credit scores of tens of millions of Americans appeared first on Security Affairs.

Read More Experian API exposed credit scores of tens of millions of Americans

The bold author of a new cryptocurrency stealer, dubbed WeSteal, is promising its customers a leading way to make money in 2021. A new cryptocurrency stealer dubbed WeSteal is available on the cybercrime underground, unlike other commodity cryptocurrency stealers, its author doesn’t masquerade its purpose and promises “the leading way to make money in 2021.” […]

The post WeSteal, a shameless commodity cryptocurrency stealer available for sale appeared first on Security Affairs.

Read More WeSteal, a shameless commodity cryptocurrency stealer available for sale

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. 10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely Hackers are targeting Soliton FileZen file-sharing servers A supply chain attack compromised the update mechanism of Passwordstate Password Manager Boffins […]

The post Security Affairs newsletter Round 312 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 312

A security duo has demonstrated how to hack a Tesla Model X’s and open the doors using a DJI Mavic 2 drone equipped with a WIFI dongle. The scenario is disconcerting, hackers could use a drone to fly on your Tesla Model X and open the doors, a couple of researchers demonstrated. The researchers Kunnamon, […]

The post Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle appeared first on Security Affairs.

Read More Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle

Swiss cloud hosting provider Swiss Cloud has suffered a ransomware attack that seriously impacted its server infrastructure. On April 27 the Swiss cloud hosting provider was hit by a ransomware attack that brought down the company’s server infrastructure. The company is currently working to restore operations from its backups with the help of experts from […]

The post Cloud hosting provider Swiss Cloud suffered a ransomware attack appeared first on Security Affairs.

Read More Cloud hosting provider Swiss Cloud suffered a ransomware attack

Taiwanese vendor QNAP is warning its customers of AgeLocker ransomware attacks on their NAS devices. Crooks behind the AgeLocker ransomware operation are targeting QNAP NAS devices, the Taiwanese vendor warns. The vendor doesn’t provide technical details of the attacks, it is not clear if the ransomware gang exploited know vulnerabilities. “The QNAP security team has […]

The post AgeLocker ransomware operation targets QNAP NAS devices appeared first on Security Affairs.

Read More AgeLocker ransomware operation targets QNAP NAS devices

The Internet Systems Consortium (ISC) released updates for the BIND DNS software to patch several denial-of-service (DoS) and potential RCE flaws. The Internet Systems Consortium (ISC) has released security updates for the BIND DNS software to address several vulnerabilities that can be exploited by attackers to trigger denial-of-service (DoS) conditions and potentially to remotely execute […]

The post Flaws in the BIND software expose DNS servers to attacks appeared first on Security Affairs.

Read More Flaws in the BIND software expose DNS servers to attacks

UNICC and Group-IB detected and took down a massive multistage scam campaign circulating online on April 7, World Health Day. Group-IB, a global threat hunting and adversary-centric cyber intelligence company that specializes in investigating hi-tech cybercrimes, and the United Nations International Computing Centre (UNICC), detected and took down a massive multistage scam campaign circulating online on April 7, World Health Day. […]

The post Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization appeared first on Security Affairs.

Read More Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization

Microsoft researchers are warning of major security vulnerabilities affecting OT and IoT devices and high-risks for businesses using them. Researchers from Microsoft’s Section 52 team recently uncovered several critical memory allocation flaws, collectively tracked as BadAlloc, affecting IoT and OT devices. The vulnerabilities could be exploited by attackers to bypass security controls to execute malicious […]

The post Microsoft warns of BadAlloc flaws in OT, IoT devices appeared first on Security Affairs.

Read More Microsoft warns of BadAlloc flaws in OT, IoT devices

A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package. The maintainers of the PHP Composer package have addressed a critical vulnerability, tracked as CVE-2021-29472, that could have allowed an attacker to execute arbitrary commands and establish a backdoor in every PHP package. Composer is the major […]

The post Command injection flaw in PHP Composer allowed supply-chain attacks appeared first on Security Affairs.

Read More Command injection flaw in PHP Composer allowed supply-chain attacks

Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks was hit by a ransomware attack. Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks, was hit by a cyberattack allegedly carried out by one of the most aggressive ransomware gangs, Darkside. The attack paralyzed the operations at 188 branches […]

The post An alleged ransomware attack hit the Italian Banca di Credito Cooperativo causing chaos appeared first on Security Affairs.

Read More An alleged ransomware attack hit the Italian Banca di Credito Cooperativo causing chaos

An information disclosure issue in Linux Kernel allows KASLR bypass could be potentially exploited in attacks in the wild. An information disclosure flaw in the Linux kernel, tracked as CVE-2020-28588, could allow attackers to bypass the Kernel Address Space Layout Randomization bypass (KASLR). The Kernel Address space layout randomization (KASLR) is a computer security technique designed to prevent […]

The post An issue in the Linux Kernel could allow the hack of your system appeared first on Security Affairs.

Read More An issue in the Linux Kernel could allow the hack of your system

Experts recently uncovered a Linux backdoor, dubbed RotaJakiro, that has flown under the radar for many years while harvest and exfiltrate sensitive information from the victims.  RotaJakiro is a Linux backdoor recently discovered by researchers at Qihoo 360’s Network Security Research Lab (360 Netlab). The malware remained undetected for years while threat actors were employing […]

The post RotaJakiro Linux backdoor has flown under the radar since 2018 appeared first on Security Affairs.

Read More RotaJakiro Linux backdoor has flown under the radar since 2018

China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last 2 years. The Naikon APT group is a China-linked cyber espionage group that has been active at least since 2010 and that remained under the radar since 2015 while targeting entities in Asia-Pacific (APAC) region.  Organizations targeted by the […]

The post Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs appeared first on Security Affairs.

Read More Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Google released updates for Chrome 90 that address a new serious issue, tracked as CVE-2021-21227, in the V8 JavaScript engine used by the web browser. Google has released security updates for Chrome 90 that address a new high severity vulnerability, tracked as CVE-2021-21227, that resides in the V8 JavaScript engine used by the web browser. […]

The post Google addresses a high severity flaw in V8 engine in Chrome appeared first on Security Affairs.

Read More Google addresses a high severity flaw in V8 engine in Chrome

UK rail network Merseyrail was hit by a cyberattack, ransomware operators breached the corporate email system to disclose the attack to employees and journalists. UK rail network Merseyrail, which operates rail services across Merseyside, announced it was a victim of a cyber attack. A ransomware gang has also compromised the email system of the organization to […]

The post UK rail network Merseyrail hit by ransomware gang appeared first on Security Affairs.

Read More UK rail network Merseyrail hit by ransomware gang

Misconfigured cloud-based databases continue to cause data breaches, millions of database servers are currently exposed across cloud providers. Fugue’s new State of Cloud Security 2020 report reveals that misconfigured cloud-based databases continue to pose a severe security risk to organizations. Cloud misconfiguration remains the top cause of data breaches in the cloud, and the ongoing COVID-19 […]

The post Cloud misconfiguration, a major risk for cloud security appeared first on Security Affairs.

Read More Cloud misconfiguration, a major risk for cloud security

The FBI has shared with Have I Been Pwned service 4 million email addresses collected by Emotet botnet and employed in malware campaigns. Last week, European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers infected with the infamous Emotet Windows malware. The authorities automatically wiped the infamous Emotet malware from infected systems […]

The post FBI shares with HIBP 4 million email addresses involved in Emotet attacks appeared first on Security Affairs.

Read More FBI shares with HIBP 4 million email addresses involved in Emotet attacks

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks. Experts from French national cyber-security agency ANSSI have spotted a new Ryuk ransomware variant that implements worm-like capabilities that allow within local networks. “On top of its usual functions, this version holds a new attribute […]

The post New Ryuk ransomware implements self-spreading capabilities appeared first on Security Affairs.

Read More New Ryuk ransomware implements self-spreading capabilities

Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack Microsoft has announced the availability of open-source CodeQL queries that the IT giant used during its investigation into the SolarWinds attack. In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a joint […]

The post Microsoft releases open-source CodeQL queries to assess Solorigate compromise appeared first on Security Affairs.

Read More Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Data Breach: WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket. The server contained 55,000 court papers regarding over 15,000 legal cases, which affected hundreds of thousands of people. What’s Going On? Our online security team has uncovered a massive data breach originating from a misconfigured […]

The post Data Breach: Turkish legal advising company exposed over 15,000 clients appeared first on Security Affairs.

Read More Data Breach: Turkish legal advising company exposed over 15,000 clients

Hackers have broken into the biochemical systems of an Oxford University lab where researchers are working on the study of Covid-19. Hackers compromised the systems at one of the most advanced biology labs at the Oxford University that is involved in the research on the Covid-19 pandemic. The news was disclosed by Forbes and the […]

The post Hackers are selling access to Biochemical systems at Oxford University Lab appeared first on Security Affairs.

Read More Hackers are selling access to Biochemical systems at Oxford University Lab

Dutch Research Council (NWO) confirmed that the recent cyberattack that forced it to take its servers offline was caused by the DoppelPaymer ransomware gang. On February 14, Dutch Research Council (NWO) was hit by a cyber attack that compromised its network and impacted its operations. In response to the incident, the Dutch Research Council (NWO) […]

The post Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack appeared first on Security Affairs.

Read More Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack

The Chinese hacking group, tracked as TA413, used a malicious Firefox add-on in a cyberespionage campaign aimed at Tibetans. China-linked cyberespionage group TA413 targeted Tibetan organizations across the world using a malicious Firefox add-on, dubbed FriarFox, that allowed them to steal Gmail and Firefox browser data and deliver malware on infected systems. “We attribute this […]

The post China-linked TA413 group target Tibetan organizations appeared first on Security Affairs.

Read More China-linked TA413 group target Tibetan organizations

Cisco addressed over a dozen vulnerabilities in its products, including three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. Cisco released security updates to address over a dozen vulnerabilities affecting multiple products, including three critical flaws impacting its ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. The most severe vulnerability […]

The post Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS appeared first on Security Affairs.

Read More Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS

North Korea-linked Lazarus APT group has targeted the defense industry with the custom-backdoor dubbed ThreatNeedle since 2020. North Korea-linked Lazarus APT group has targeted the defense industry with the backdoor dubbed ThreatNeedle since early 2020. The state-sponsored hackers targeted organizations from more than a dozen countries. The experts discovered the custom backdoor while investigating an […]

The post North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor appeared first on Security Affairs.

Read More North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Google Project Zero team disclosed the details of a recently patched remote code execution vulnerability (CVE-2021-24093) in Windows Operating system. White hat hacker at Google Project Zero disclosed the details of a recently patched Windows vulnerability, tracked as CVE-2021-24093, that can be exploited for remote code execution in the context of the DirectWrite client. DirectWrite […]

The post Google discloses technical details of Windows CVE-2021-24093 RCE flaw appeared first on Security Affairs.

Read More Google discloses technical details of Windows CVE-2021-24093 RCE flaw

Ukraine ‘s government attributes a cyberattack on the government document management system to a Russia-linked APT group. The Ukraine ‘s government blames a Russia-linked APT group for an attack on a government document management system, the System of Electronic Interaction of Executive Bodies (SEI EB). According to Ukrainian officials, the hackers aimed at disseminating malicious […]

The post Ukraine: nation-state hackers hit government document management system appeared first on Security Affairs.

Read More Ukraine: nation-state hackers hit government document management system

Vietnam-linked APT32 group targeted Vietnamese human rights defenders (HRDs) between February 2018 and November 2020. Vietnam-linked APT32 (aka Ocean Lotus) group has conducted a cyberespionage campaign targeting Vietnamese human rights defenders (HRDs) and a nonprofit (NPO) human rights organization from Vietnam between February 2018 and November 2020. The threat actors used by spyware to take […]

The post APT32 state hackers target human rights defenders with spyware appeared first on Security Affairs.

Read More APT32 state hackers target human rights defenders with spyware

Hackers posted data stolen from manufacturer of business jets Bombardier on Clop ransomware leak site following alleged FTA hack. Hackers exploited vulnerabilities in Accellion FTA file-sharing legacy servers to steal data from the airplane maker Bombardier and leak data on the site operated by the Clop ransomware gang. The wave of attacks exploiting multiple zero-day […]

The post Airplane manufacturer Bombardier has disclosed a security breach, data leaked online appeared first on Security Affairs.

Read More Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

VMware addressed a critical remote code execution flaw, tracked as CVE-2021-21972, in vCenter Server virtual infrastructure management platform. VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform, tracked as CVE-2021-21972, that could be exploited by attackers to potentially take control of affected systems. vCenter Server is the centralized […]

The post VMware addresses a critical RCE issue in vCenter Server appeared first on Security Affairs.

Read More VMware addresses a critical RCE issue in vCenter Server

Twitter removed dozens of accounts allegedly used by Russia-linked threat actors to disseminate disinformation and target western countries. Twitter has removed dozens of accounts used by Russia-linked threat actors that were used to disseminate disinformation and to target the European Union, the United States, and the NATO alliance. Experts believe the accounts were part of […]

The post Twitter removes 100 accounts linked to Russia disseminating disinformation appeared first on Security Affairs.

Read More Twitter removes 100 accounts linked to Russia disseminating disinformation

IBM has released security patches to address high- and medium-severity vulnerabilities impacting some of its enterprise solutions.  IBM has released security updates to address several high- and medium-severity flaws affecting some of its enterprise products, including IBM Java Runtime, IBM Planning Analytics Workspace, and IBM Kenexa LMS On Premise.  Two issues, tracked as CVE-2020-14782 and […]

The post IBM addressed flaws in Java Runtime, Planning Analytics Workspace, Kenexa LMS appeared first on Security Affairs.

Read More IBM addressed flaws in Java Runtime, Planning Analytics Workspace, Kenexa LMS

FireEye experts linked a series of attacks targeting Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. Security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. “Starting in mid-December 2020, malicious actors that Mandiant […]

The post FIN11 cybercrime group is behind recent wave of attacks on FTA servers appeared first on Security Affairs.

Read More FIN11 cybercrime group is behind recent wave of attacks on FTA servers

Ukraine ‘s government accused unnamed Russian traffic networks as the source of massive attacks on Ukrainian security and defense websites. Today Ukraine accused unnamed Russian internet networks of massive attacks that targeted Ukrainian security and defense websites. The Ukrainian officials did not provide details about the attacks either the damage they have caused. “It was […]

The post Ukraine sites suffered massive attacks launched from Russian networks appeared first on Security Affairs.

Read More Ukraine sites suffered massive attacks launched from Russian networks

The systems of Georgetown County have been hacked at the end of January, and the county staff is still working to rebuild its computer network. The systems of Georgetown County have been hit with a sophisticated cyber attack at the end of January, and the county staff is still working to recover from the incident. […]

The post Georgetown County has yet to recover from a sophisticated cyber attack appeared first on Security Affairs.

Read More Georgetown County has yet to recover from a sophisticated cyber attack

The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group. Check Point Research team discovered that China-linked APT31 group (aka Zirconium.) used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool years […]

The post NSA Equation Group tool was used by Chinese hackers years before it was leaked online appeared first on Security Affairs.

Read More NSA Equation Group tool was used by Chinese hackers years before it was leaked online

An attacker demonstrated this week that Clubhouse chats are not secure, he was able to siphon audio feeds from “multiple rooms” into its own website While the popularity of the audio chatroom app Clubhouse continues to increase experts are questioning the security and privacy level it offers to its users. Recently the company announced it […]

The post An attacker was able to siphon audio feeds from multiple Clubhouse rooms appeared first on Security Affairs.

Read More An attacker was able to siphon audio feeds from multiple Clubhouse rooms

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide. APOMacroSploit is a macro builder that was […]

The post Researchers uncovered a new Malware Builder dubbed APOMacroSploit appeared first on Security Affairs.

Read More Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Experts warn of threat actors using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Experts from BleepingComputer are warning of threat actors that are using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Bad actors publish posts with titles containing popular keywords to […]

The post Experts warn of threat actors abusing Google Alerts to deliver unwanted programs appeared first on Security Affairs.

Read More Experts warn of threat actors abusing Google Alerts to deliver unwanted programs

A white hat hacker has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. The bug bounty hunter Vishal Bharad has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. Bharad was searching for cross-site request forgery (CSRF), insecure direct object […]

The post Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com appeared first on Security Affairs.

Read More Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com

The Federal Bureau of Investigation (FBI) has issued a warning about the risks of telephony denial-of-service (TDoS) attacks on call centers. The United States’ Federal Bureau of Investigation (FBI) is warning of the consequences of telephony denial-of-service (TDoS) attacks on call centers, which in some cases could threaten people’s lives. TDoS attacks could render telephone systems unavailable […]

The post FBI warns of the consequences of telephony denial-of-service (TDoS) attacks appeared first on Security Affairs.

Read More FBI warns of the consequences of telephony denial-of-service (TDoS) attacks

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. PayPal addresses reflected XSS bug in user wallet currency converter The kingpin behind Jokers Stash retires with a […]

The post Security Affairs newsletter Round 302 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 302

The US is going to respond to the SolarWinds supply chain attack within weeks, national security adviser Jake Sullivan told CNN. The US will respond within weeks to the devastating SolarWinds supply cyber attack, national security adviser Jake Sullivan told CNN. “We are in the process now of working through, with the intelligence community and [President […]

The post The US Government is going to respond to the SolarWinds hack very soon appeared first on Security Affairs.

Read More The US Government is going to respond to the SolarWinds hack very soon

Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. SonicWall disclosed a security breach on January 22, it blamed sophisticated threat actors for the intrusion. On January, 29 […]

The post SonicWall releases second firmware updates for SMA 100 vulnerability appeared first on Security Affairs.

Read More SonicWall releases second firmware updates for SMA 100 vulnerability

Experts warn of new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. Malware researchers at Red Canary uncovered a new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. According to data shared by Malwarebytes, as […]

The post Silver Sparrow, a new malware infects Mac systems using Apple M1 chip appeared first on Security Affairs.

Read More Silver Sparrow, a new malware infects Mac systems using Apple M1 chip

MassLogger Windows credential stealer infamous is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. MassLogger Windows credential stealer is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. Cisco Talos experts uncovered attacks against users in Turkey, Latvia, and Italy, the […]

The post New Masslogger Trojan variant exfiltrates user credentials appeared first on Security Affairs.

Read More New Masslogger Trojan variant exfiltrates user credentials

Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are their next targets. The popular security researcher Patrick Wardle discovered one of the first malware designed to target latest generation of Apple devices using the company M1 chip. The discovery suggests threat actors are tailoring […]

The post Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning appeared first on Security Affairs.

Read More Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning

Hackers abuse Google Apps Script to steal credit cards, bypass CSP Attackers are abusing Google’s Apps Script business application development platform to steal payment card information from e-stores. Sansec researchers reported that threat actors are abusing Google’s Apps Script business application development platform to steal credit card data provided by customers of e-commerce websites. “Attackers use […]

The post Hackers steal credit card data abusing Google’s Apps Script appeared first on Security Affairs.

Read More Hackers steal credit card data abusing Google’s Apps Script

RIPE NCC has disclosed a failed credential stuffing attack against its infrastructure, it asking its members to enable 2FA for their accounts. RIPE NCC announced to have suffered a credential stuffing attack attempting to gain access to single sign-on (SSO) accounts. The RIPE NCC is a not-for-profit membership association, a Regional Internet Registry and the […]

The post Credential stuffing attack hit RIPE NCC: Members have to enable 2FA appeared first on Security Affairs.

Read More Credential stuffing attack hit RIPE NCC: Members have to enable 2FA

Microsoft announced that SolarWinds hackers could have had access to repositories containing some components used by Azure, Intune, and Exchange. Microsoft announced that the threat actors behind the SolarWinds supply chain attack could have had access to repositories containing the source code for a limited number of components used by Azure, Intune, and Exchange. In […]

The post SolarWinds hackers had access to components used by Azure, Intune, and Exchange appeared first on Security Affairs.

Read More SolarWinds hackers had access to components used by Azure, Intune, and Exchange

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. WatchDog is one of the largest and longest-lasting Monero cryptojacking operations uncovered by security experts, […]

The post WatchDog botnet targets Windows and Linux servers in cryptomining campaign appeared first on Security Affairs.

Read More WatchDog botnet targets Windows and Linux servers in cryptomining campaign

The OpenSSL Project addressed three vulnerabilities, including two denial-of-service (DoS) issues and a bug in the SSLv2 rollback protection. The OpenSSL Project released security patches to address three vulnerabilities, two denial-of-service (DoS) flaws, and an incorrect SSLv2 rollback protection issue. The fist vulnerability, tracked as CVE-2021-23841, is a NULL pointer dereference issue that can be […]

The post The OpenSSL Project addressed three vulnerabilities appeared first on Security Affairs.

Read More The OpenSSL Project addressed three vulnerabilities

The US DOJ charged three members of the North Korea-linked Lazarus Advanced Persistent Threat (APT) group. The U.S. Justice Department indicted three North Korean military intelligence officials, members of the Lazarus APT group, for their involvement in cyber-attacks, including the theft of $1.3 billion in money and crypto-currency from organizations around the globe. The indictment […]

The post US DoJ charges three members of the North Korea-linked Lazarus APT group appeared first on Security Affairs.

Read More US DoJ charges three members of the North Korea-linked Lazarus APT group

Malvertising gang ScamClub has exploited an unpatched zero-day vulnerability in WebKit-based browsers in a campaign aimed at realizing online gift card scams. The Malvertising gang ScamClub has abused an unpatched zero-day vulnerability in WebKit-based browsers to bypass security measures and redirect users from legitimate sites to websites hosting online gift card scams. The malvertising campaign […]

The post ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams appeared first on Security Affairs.

Read More ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams

French software firm Centreon announced this week that the recently disclosed supply chain attack did not impact its paid customers. The French security agency ANSSI recently warned of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates […]

The post Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software appeared first on Security Affairs.

Read More Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication. Although exists a strong adoption of technologies with the goal of protecting the final user such as plugins, tokens, e-tokens, two-factor-authentication mechanisms, CHIP, PIN […]

The post Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware appeared first on Security Affairs.

Read More Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Experts at Shielder disclosed a flaw in the Telegram app that could have exposed users’ secret messages, photos, and videos to remote attackers. Researchers at cyber security firm Shielder discovered a critical flaw affecting iOS, Android, and macOS versions of the instant messaging app Telegram. The experts discovered that sending a sticker to a Telegram user could […]

The post Telegram flaw could have allowed access to users secret chats appeared first on Security Affairs.

Read More Telegram flaw could have allowed access to users secret chats

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost. ngrok is a cross-platform application used to […]

The post Hackers abusing the Ngrok platform phishing attacks appeared first on Security Affairs.

Read More Hackers abusing the Ngrok platform phishing attacks

Multiple vulnerabilities in the popular file-sharing app SHAREit have yet, to be addressed, experts from Trend Micro warned. SHAREit is a popular file-sharing Android app with more than one billion downloads, experts from Trend Micro discovered multiple unpatched vulnerabilities in its code. The vulnerabilities impact the Android version of SHAREit, a mobile app that allows users […]

The post Popular SHAREit app is affected by severe flaws yet to be fixed appeared first on Security Affairs.

Read More Popular SHAREit app is affected by severe flaws yet to be fixed

Experts discovered a new Bluetooth overlay skimmer that interferes with the ability of the terminal to read chip-based cards, forcing the use of the stripe. The popular investigator Brian Krebs reported the discovery of a new Bluetooth overlay skimmer that interfered with the terminal’s ability to read chip-based cards, forcing the use of the magnetic […]

The post A new Bluetooth overlay skimmer block chip-based transactions appeared first on Security Affairs.

Read More A new Bluetooth overlay skimmer block chip-based transactions

VMware released security patches for a potentially serious vulnerability affecting the vSphere Replication product. VMware has recently released security patches to address a serious command injection vulnerability, tracked as CVE-2021-21976, in its vSphere Replication product. VMware vSphere Replication is an extension to VMware vCenter Server that provides hypervisor-based virtual machine replication and recovery. vSphere Replication […]

The post VMware fixes command injection issue in vSphere Replication appeared first on Security Affairs.

Read More VMware fixes command injection issue in vSphere Replication

French agency ANSSI attributes a series of attacks targeting Centreon servers to the Russia-linked Sandworm APT group. The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back […]

The post France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers appeared first on Security Affairs.

Read More France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack Microsoft’s analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers. Microsoft president Brad Smith provided further details about the investigation of the SolarWinds supply chain attack, the company’s analysis of […]

The post The malicious code in SolarWinds attack was the work of 1,000+ developers appeared first on Security Affairs.

Read More The malicious code in SolarWinds attack was the work of 1,000+ developers

An international operation conducted in Ukraine and France lead to the arrest of criminals believed to be affiliated with the Egregor RaaS. Some affiliated with the Egregor RaaS, not the main ransomware gang, have been arrested as a result of a joint operation conducted by law enforcement in Ukraine and France. Authorities did not reveal […]

The post French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine appeared first on Security Affairs.

Read More French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine

The administrators of the most popular carding marketplace on the dark web Joker’s Stash announced his retirement. Cybercriminal behind the most prominent carding marketplace on the dark web Joker’s Stash retires, he will shut down its servers and destroy the backups. According to Forbes, the man has amassed a billion dollars worth of Bitcoin with […]

The post The kingpin behind Joker’s Stash retires with a billionaire exit appeared first on Security Affairs.

Read More The kingpin behind Joker’s Stash retires with a billionaire exit

PayPal has addressed a reflected cross-site scripting (XSS) vulnerability that affected the currency converter feature of user wallets.  PayPal has fixed a reflected cross-site scripting (XSS) vulnerability that was discovered in the currency converter feature of user wallets on February 19, 2020, close one year ago. The ‘reflected XSS and CSP bypass’ vulnerability was reported […]

The post PayPal addresses reflected XSS bug in user wallet currency converter appeared first on Security Affairs.

Read More PayPal addresses reflected XSS bug in user wallet currency converter

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. COMB breach: 3.2B email and password pairs leaked online Hacking Nespresso machines to have unlimited funds to purchase […]

The post Security Affairs newsletter Round 301 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 301

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. The FBI issues this week a Private Industry Notification (PIN) alert to warn companies about the risks of using out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. The alert comes […]

The post FBI’s alert warns about using Windows 7 and TeamViewer appeared first on Security Affairs.

Read More FBI’s alert warns about using Windows 7 and TeamViewer

Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may have a tool to access private Signal messages. The documents revealed that encrypted messages can be intercepted from […]

The post Court documents show FBI could use a tool to access private Signal messages on iPhones appeared first on Security Affairs.

Read More Court documents show FBI could use a tool to access private Signal messages on iPhones

Personal and Corporate data is now regularly targeted and traded by unscrupulous actors, protect it with a proactive Cyber Defense solution. If your enemy is secure at all points, be prepared for them. If they are in superior strength, evade them. If your opponent is temperamental, seek to irritate him. Pretend to be weak, that […]

The post The Importance of a Proactive Cyber Defense Solution To Protect Your Critical Data appeared first on Security Affairs.

Read More The Importance of a Proactive Cyber Defense Solution To Protect Your Critical Data

Google revealed that Gmail users from the United States are the most targeted by email-based phishing and malware. A joint five-month study conducted by Google with Stanford University researchers analyzed over 1.2 billion email-based phishing and malware attacks against Gmail users to determine what are factors influence the risk of attack. Experts discovered that malicious […]

The post Gmail users from US most targeted by email-based phishing and malware appeared first on Security Affairs.

Read More Gmail users from US most targeted by email-based phishing and malware

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system administrators was caught selling access to 4,887 user email accounts. The security incident was discovered […]

The post Yandex security team caught admin selling access to users’ inboxes appeared first on Security Affairs.

Read More Yandex security team caught admin selling access to users’ inboxes

Researchers at TIM’s Red Team Research discovered a zero-day vulnerability in IBM InfoSphere Information Server. Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered a new critical vulnerability in IBM InfoSphere Information Server. The flaw has not addressed by IBM, because the product version 8.5.0.0 is in End-of-life. Today, TIM’s Red Team Research led […]

The post TIM’s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM InfoSphere Information Server appeared first on Security Affairs.

Read More TIM’s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM InfoSphere Information Server

Researchers from Microsoft are warning that the number of monthly web shell attacks has doubled since last year. Microsoft reported that the number of monthly web shell attacks has almost doubled since last year, its experts observed an average of 140,000 of these software installs on servers on a monthly basis, while in 2020 they […]

The post Microsoft warns of the rise of web shell attacks appeared first on Security Affairs.

Read More Microsoft warns of the rise of web shell attacks

Security expert Dhiraj Mishra analyzed the popular instant messaging app Telegram and identified some failures in terms of handling the users’ data. Summary: While understanding the implementation of various security and privacy measures in Telegram, I identified that telegram fails again in terms of handling the users data. My initial study started with understanding how self-destructing […]

The post The “P” in Telegram stands for Privacy appeared first on Security Affairs.

Read More The “P” in Telegram stands for Privacy

The fresh release of the Latin American Lampion trojan was updated with a new C2 address. Lampion trojan disseminated in Portugal using COVID-19 template. In the last few days, a new release of the Latin American Lampion trojan was released in Portugal using a template related to COVID-19. This trojan has been distributed in Portugal […]

The post Lampion trojan disseminated in Portugal using COVID-19 template appeared first on Security Affairs.

Read More Lampion trojan disseminated in Portugal using COVID-19 template

An expert released a free decryption tool for the Avaddon ransomware, but operators quickly updated malware code to make it inefficient. The Spanish student Javier Yuste has released a free decryption tool for the Avaddon ransomware that can be used by the victims to recover their encrypted files for free. Yuste is a student at […]

The post Avaddon ransomware decryptor released, but operators quickly reacted appeared first on Security Affairs.

Read More Avaddon ransomware decryptor released, but operators quickly reacted

Lookout researchers provided details about two Android spyware families employed by an APT group tracked as Confucius. Researchers at mobile security firm Lookout have provided details about two recently discovered Android spyware families, dubbed Hornbill and SunBird, used by an APT group named Confucius. Confucius is a pro-India APT group that has been active since […]

The post Experts spotted two Android spyware used by Indian APT Confucius appeared first on Security Affairs.

Read More Experts spotted two Android spyware used by Indian APT Confucius

A total of eight criminals have been arrested on 9 February as a result of an international police operation into a series of SIM swapping attacks.  Eight men were arrested in England and Scotland as part of a year-long international investigation into a series of SIM swapping attacks targeting high-profile victims in the United States. […]

The post Law enforcement arrested 8 people that targeted celebrities with SIM swapping attacks appeared first on Security Affairs.

Read More Law enforcement arrested 8 people that targeted celebrities with SIM swapping attacks

SAP released seven new security notes on February 2021 Security Patch Day, including a Hot News note for a critical issue affecting SAP Commerce. SAP released seven new security notes on February 2021 Security Patch Day and updated six previously released notes. The new security notes include a Hot News note that addresses a critical vulnerability, tracked as CVE-2021-21477, […]

The post SAP addresses a critical flaw in SAP Commerce Product appeared first on Security Affairs.

Read More SAP addresses a critical flaw in SAP Commerce Product

Antivirus firm Emsisoft discloses a data breach, a third-party had access to a publicly exposed database containing technical logs. The anti-malware solutions provider Emsisoft disclosed last week a data breach. The company revealed that a third-party had accessed a publicly exposed database containing technical logs. The root cause of the incident was a misconfiguration of […]

The post Anti-malware firm Emsisoft accidentally exposes internal DB appeared first on Security Affairs.

Read More Anti-malware firm Emsisoft accidentally exposes internal DB

The gaming firm CD Projekt Red, which developed popular games like Cyberpunk 2077 and The Witcher, has disclosed a ransomware attack. The gaming firm CD Projekt Red, which developed popular games like Cyberpunk 2077 and The Witcher series, has suffered a ransomware attack. The company confirmed the security breach with a series of messages on […]

The post CD Projekt Red game maker discloses ransomware attack appeared first on Security Affairs.

Read More CD Projekt Red game maker discloses ransomware attack

Adobe released security patches for 50 flaws affecting six products, including a zero-day flaw in Reader that has been exploited in the wild. Adobe has released security updates that address 50 vulnerabilities affecting its Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver products. Adobe fixed 23 CVEs in Adobe Reader, 17 of which have been rated […]

The post Adobe fixes a buffer overflow issue in Reader which is exploited in the wild appeared first on Security Affairs.

Read More Adobe fixes a buffer overflow issue in Reader which is exploited in the wild

An international operation conducted by Ukraine’s police, along with the US and Australia peers, shut down the world’s largest phishing Service U-Admin. Last week, an international operation conducted by Ukraine’s police, along with the US and Australian authorities, lead to the shut down of the world’s phishing framework U-Admin. The National Police and its Main […]

The post Ukraine’s police arrested the author of the U-Admin phishing kit appeared first on Security Affairs.

Read More Ukraine’s police arrested the author of the U-Admin phishing kit

The development team behind the NextGen Gallery plugin has addressed two severe CSRF vulnerabilities that could have allowed site takeover. The developers behind the NextGen Gallery plugin have fixed two critical Cross-site request forgery (CSRF) vulnerabilities, their exploitation could lead to a site takeover, malicious redirects, spam injection, phishing, and other malicious activities. The NextGEN […]

The post Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs appeared first on Security Affairs.

Read More Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

Microsoft implements alerts for ‘nation-state activity’ in the Defender for Office 365 dashboard, to allow organizations to quickly respond. Since 2016, Microsoft has been alerting users of nation-state activity, now the IT giant added the same service to the Defender for Office 365 dashboard. The new security alert will notify companies when their employees are […]

The post Microsoft to notify Office 365 users of nation-state attacks appeared first on Security Affairs.

Read More Microsoft to notify Office 365 users of nation-state attacks