Pierluigi Paganini

Jaroslaw Kaczynski, the leader of the Poland Law and Justice party, blames Russia for the recent cyberattack targeting top Polish politicians. Jaroslaw Kaczynski, the leader of the Poland Law and Justice party (PiS), blames Russia for the recent cyberattack that targeted top Polish politicians. Last week, Poland’s parliament had a closed-door session to discuss an unprecedented wave of cyberattacks […]

The post Poland: The leader of the PiS party blames Russia for the recent attack appeared first on Security Affairs.

Read More Poland: The leader of the PiS party blames Russia for the recent attack

Norway police secret service states said that China-linked APT31 group was behind the 2018 cyberattack on the government’s IT network. Norway’s Police Security Service (PST) said that the China-linked APT31 cyberespionage group was behind the attack that breached the government’s IT network in 2018. The attribution of the attack to the APT31 grouo is based […]

The post Norway blames China-linked APT31 for 2018 government hack appeared first on Security Affairs.

Read More Norway blames China-linked APT31 for 2018 government hack

A new bug in iPhone can permanently break users’ WiFi by disabling it, the issue could be triggered by simply connecting to a rogue hotspot. The researcher Carl Schou discovered a new bug in iPhone that can permanently break users’ WiFi by disabling it, the issue could be triggered by simply connecting to a rogue […]

The post This bug can permanently break iPhone WiFi connectivity appeared first on Security Affairs.

Read More This bug can permanently break iPhone WiFi connectivity

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. APWG: Phishing maintained near-record levels in the first quarter of 2021 BackdoorDiplomacy APT targets diplomats from Africa and […]

The post Security Affairs newsletter Round 319 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 319

North Korea-linked APT group Kimsuky allegedly breached South Korea’s atomic research agency KAERI by exploiting a VPN vulnerability. South Korean representatives declared on Friday that North Korea-linked APT group Kimsuky is believed to have breached the internal network of the South Korean Atomic Energy Research Institute (KAERI). The Korea Atomic Energy Research Institute (KAERI) in Daejeon, South Korea […]

The post North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI appeared first on Security Affairs.

Read More North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Experts attribute a series of cyber-espionage campaigns dating back to 2014, and focused on gathering military intelligence, to China-linked Unit 69010. Experts from Recorded Future’s Insikt Group linked a series of attacks, part of RedFoxtrot China-linked campaigns, to the PLA China-linked Unit 69010 The cyber-espionage campaigns dated back 2014 and focused on gathering military intelligence […]

The post RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec appeared first on Security Affairs.

Read More RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

This strange malware stops you from visiting pirate websites Sophos researchers uncovered a malware campaign that aims at blocking infected users’ from being able to visit a large number of piracy websites.  Sophos researchers uncovered a malware campaign that aims at blocking infected users’ from visiting a large number of websites dedicated to software piracy by modifying the HOSTS […]

The post Vigilante malware stops victims from visiting piracy websites appeared first on Security Affairs.

Read More Vigilante malware stops victims from visiting piracy websites

The supermarket chain Wegmans US Wegmans discloses a data breach, customers information was exposed on the Internet due to a misconfiguration issue. Wegmans Food Markets disclosed a data breach, the supermarket chain notified customers that some of their information was exposed as a result of the accidental availability online of two of its databases due […]

The post US supermarket chain Wegmans discloses data breach appeared first on Security Affairs.

Read More US supermarket chain Wegmans discloses data breach

Carnival Corp. said that the data breach it has suffered in March might have impacted its customers and employees. Carnival Corp. this week confirmed that the data breach that took place in March might have exposed personal information about customers and employees of Carnival Cruise Line, Holland America Line, and Princess Cruises. Carnival Corporation & plc […]

The post Cruise operator Carnival discloses a security breach appeared first on Security Affairs.

Read More Cruise operator Carnival discloses a security breach

An outage suffered by CDN, cybersecurity and cloud services provider Akamai was caused by an issue with its Prolexic DDoS attack protection service. CDN, cybersecurity and cloud services provider Akamai revealed that the recent outage suffered by the company was caused by a problem with its Prolexic DDoS attack protection service. The Prolexic Routed DDoS […]

The post Akamai outage was caused by an issue with its Prolexic DDoS protection service appeared first on Security Affairs.

Read More Akamai outage was caused by an issue with its Prolexic DDoS protection service

TA402 APT group (aka Molerats and GazaHackerTeam) is back after two-month of silence and is targeting governments in the Middle East. The TA402 APT group (aka Molerats and Gaza Cybergang) is back after a two-month of apparent inactivity, it is targeting government institutions in the Middle East and global government entities with interest in the region. MoleRATs is […]

The post The return of TA402 Molerats APT after a short pause appeared first on Security Affairs.

Read More The return of TA402 Molerats APT after a short pause

Researchers discovered an unprotected database belonging to CVS Health that was exposed online containing over a billion records. This week WebsitePlanet along with the researcher Jeremiah Fowler discovered an unsecured database, belonging to the US healthcare and pharmaceutical giant CVS Health, that was exposed online. The database was accessible to everyone without any type of authentication. “On […]

The post Over a billion records belonging to CVS Health exposed online appeared first on Security Affairs.

Read More Over a billion records belonging to CVS Health exposed online

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. Researchers from Kaspersky reported that Iran-linked threat actors, tracked as Ferocious Kitten, used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on […]

The post Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran appeared first on Security Affairs.

Read More Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

The securWizCase experts found a major breach that affected the popular online retailer Cosmolog Kozmetik.   WizCase’s security team, led by Ata Hakçıl, has found a major breach in popular online retailer Cosmolog Kozmetik’s database. This breach exposed users’ names, email addresses, physical addresses, phone numbers, order details, and more.  Hundreds of thousands of users were […]

The post Cosmolog Kozmetik Data Breach: Hundreds of Thousands of Customers impacted appeared first on Security Affairs.

Read More Cosmolog Kozmetik Data Breach: Hundreds of Thousands of Customers impacted

Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software. Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. “According to court documents and evidence introduced at trial, Oleg Koshkin, […]

The post Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet appeared first on Security Affairs.

Read More Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. An affiliate of the Darkside ransomware gang, tracked as UNC2465, has conducted a supply chain attack against a CCTV vendor, Mandiant researchers discovered. UNC2465 is considered one of the main affiliated of the […]

The post UNC2465 cybercrime group launched a supply chain attack on CCTV vendor appeared first on Security Affairs.

Read More UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

How AI is Transforming Data Governance? Consumers are becoming more aware of their rights, making data governance more relevant across organizations. Data governance is a set of standards, metrics, and processes that allow organizations to responsibly use consumer data. Organizations need to make sure that when they are processing an individual’s data, it must be […]

The post How AI is Transforming Data Governance in today’s World appeared first on Security Affairs.

Read More How AI is Transforming Data Governance in today’s World

Poland ‘s government announced that it was targeted by an ‘Unprecedented’ series of cyber attacks, hackers hit against institutions and individuals. Poland’s parliament had a closed-door session to discuss an unprecedented wave of cyber attacks that hit its institutions and individuals. Mateusz Morawiecki had to provide details about the attacks presenting secret documents related to […]

The post Poland institutions and individuals targeted by an unprecedented series of cyber attacks appeared first on Security Affairs.

Read More Poland institutions and individuals targeted by an unprecedented series of cyber attacks

Ukraine police arrested multiple individuals that are believed to be linked to the Clop ransomware gang as part of an international joint operation. Ukraine police arrested multiple individuals that are believed to be linked to the Clop ransomware gang as part of an international operation conducted by law enforcement from Ukraine, South Korea, and the […]

The post An international joint operation resulted in the arrest of Clop ransomware members appeared first on Security Affairs.

Read More An international joint operation resulted in the arrest of Clop ransomware members

A flaw in the Peloton Bike+ could be exploited by an attacker with initial physical access to gain root entry to the interactive tablet, taking complete control of the system. A vulnerability in the popular Peloton Bike+ could have allowed an attacker to gain complete control over the device, including the camera and microphone to […]

The post A flaw in Peloton Bike+ could allow hackers to control it appeared first on Security Affairs.

Read More A flaw in Peloton Bike+ could allow hackers to control it

A new variant of the Mirai botnet, tracked as Moobot, was spotted scanning the Internet for vulnerable Tenda routers. Researchers from AT&T Alien Lab have spotted a new variant of the Mirai botnet, tracked asu Moobot, which was scanning the Internet for the CVE-2020-10987 remote code-execution (RCE) issue in Tenda routers. The botnet was linked […]

The post Cyberium malware-hosting domain employed in multiple Mirai variants campaigns appeared first on Security Affairs.

Read More Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

Japanese multinational conglomerate Fujifilm announced that it has restored operations following the recent ransomware attack. On June 4, the Japanese multinational conglomerate Fujifilm announced that it was hit by a ransomware attack and shut down its network in response to the incident. Around two weeks later the Japanese giant announced that it has restored operations following […]

The post Fujifilm restores operations after recent ransomware attack appeared first on Security Affairs.

Read More Fujifilm restores operations after recent ransomware attack

The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. The news of the availability of the source […]

The post The source code of the Paradise Ransomware was leaked on XSS hacking forum appeared first on Security Affairs.

Read More The source code of the Paradise Ransomware was leaked on XSS hacking forum

Reality Winner, a former NSA contractor who leaked classified documents to the press in 2017, has been released from prison to home confinement. Reality Winner is a former NSA intelligence contractor who leaked a classified hacking report to the press in 2017. The FBI arrested Reality Leigh Winner on 3rd June for leaking classified information to […]

The post Former NSA contractor Reality Winner who leaked gov report will be released on November appeared first on Security Affairs.

Read More Former NSA contractor Reality Winner who leaked gov report will be released on November

Instagram has addressed a new flaw that allowed anyone to access private accounts viewing archived posts and stories without having to follow them. Researcher Mayur Fartade has found a vulnerability in Instagram that allowed anyone to access private accounts, viewing archived posts and stories without having to follow them. The expert reported the flaw to […]

The post Instagram flaw allowed to see private, archived Posts/Stories of users without following them appeared first on Security Affairs.

Read More Instagram flaw allowed to see private, archived Posts/Stories of users without following them

The MASQ tool could be used by attackers to emulate device fingerprints thus allowing them to bypass fraud protection controls The Resecurity® HUNTER unit has identified a new tool available for sale in the Dark Web called MASQ, enabling bad actors to emulate device fingerprints thus allowing them to bypass fraud protection controls, including authentication mechanisms. One of the […]

The post Wear your MASQ! New Device Fingerprint Spoofing Tool Available in Dark Web appeared first on Security Affairs.

Read More Wear your MASQ! New Device Fingerprint Spoofing Tool Available in Dark Web

The REvil ransomware gang made the headlines again, the group hit the US nuclear weapons contractor Sol Oriens and stole the victim’s data. US nuclear weapons contractor Sol Oriens was hit by a cyberattack carried out by the REvil ransomware operators, which claims to have stolen data. Sol Orien provides consultant services to the National Nuclear […]

The post REvil ransomware gang hit US nuclear weapons contractor Sol Oriens appeared first on Security Affairs.

Read More REvil ransomware gang hit US nuclear weapons contractor Sol Oriens

Apple released an out-of-band iOS update for older iPhones and iPads and warned that threat actors are actively exploiting two flaws in WebKit. Apple released an out-of-band iOS update ( iOS 12.5.4 patch) for older iPhones and iPad, the IT giant also warned that some vulnerabilities affecting its WebKit may have been actively exploited. WebKit is a browser […]

The post Apple fixed 2 WebKit flaws exploited to target older iPhones appeared first on Security Affairs.

Read More Apple fixed 2 WebKit flaws exploited to target older iPhones

Microsoft spotted a series of attacks that use SEO poisoning to deliver a remote access trojan (RAT) used by threat actors to steal sensitive data. Microsoft is monitoring a wave of cyber attacks that leverages SEO poisoning to deliver a remote access trojan (RAT) to steal sensitive data from the infected systems The IT giant […]

The post SEO poisoning campaign aims at delivering RAT, Microsoft warns appeared first on Security Affairs.

Read More SEO poisoning campaign aims at delivering RAT, Microsoft warns

The member states of the G7 group have called on Russia and other states to dismantle operations of the ransomware gangs operating within their countries. G7 member states have called on Russia and other states to dismantle operations of ransomware gangs operating within their countries. The call to action follows the large number of ransomware […]

The post G7 calls on Russia to dismantle operations of ransomware gangs within its borders appeared first on Security Affairs.

Read More G7 calls on Russia to dismantle operations of ransomware gangs within its borders

A fire and cyberattack hit an electrical substation for the electricity provider Luma Energy, causing major blackouts across Puerto Rico. A large fire at the Luma’s Monacillo electrical substation in San Juan for Puerto Rico’s new electricity provider, Luma Energy, caused major blackouts across Puerto Rico on Thursday. Around nearly 800,000 residents went in in […]

The post Major blackouts across Puerto Rico. Are the DDoS and the fire linked? appeared first on Security Affairs.

Read More Major blackouts across Puerto Rico. Are the DDoS and the fire linked?

ESET researchers discovered an advanced persistent threat (APT) group, tracked as BackdoorDiplomacy, that is targeting diplomats across Africa and the Middle East.  ESET researchers spotted a new state-sponsored group, dubbed BackdoorDiplomacy, that was behind a series of cyberattacks against Ministries of Foreign Affairs aimed at numerous African countries, the Middle East, Europe, and Asia. The group […]

The post BackdoorDiplomacy APT targets diplomats from Africa and the Middle East appeared first on Security Affairs.

Read More BackdoorDiplomacy APT targets diplomats from Africa and the Middle East

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. The document revealed that phishing maintained record levels in the first quarter of 2021, the […]

The post APWG: Phishing maintained near-record levels in the first quarter of 2021 appeared first on Security Affairs.

Read More APWG: Phishing maintained near-record levels in the first quarter of 2021

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. REvil Ransomware spokesman releases an interview on recent attacks Chinese SharpPanda APT developed a new backdoor in the […]

The post Security Affairs newsletter Round 318 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 318

McDonald’s fast-food chain disclosed a data breach, hackers have stolen information belonging to customers and employees from the US, South Korea, and Taiwan. McDonald’s, the world’s largest restaurant chain by revenue, has disclosed a data breach that impacted customers and employees from the US, South Korea, and Taiwan. The hackers compromised the system of the […]

The post McDonald’s discloses data breach in US, Taiwan and South Korea appeared first on Security Affairs.

Read More McDonald’s discloses data breach in US, Taiwan and South Korea

Volkswagen America discloses a data breach at a third-party vendor that exposed the personal details of more than 3.3 million of its customers. Volkswagen America discloses a data breach suffered by a third-party vendor used by the car vendor for sales and marketing purposes. The security breach affected a subsidiary Audi and authorized dealers in […]

The post Volkswagen discloses data breach, 3.3 million customers impacted appeared first on Security Affairs.

Read More Volkswagen discloses data breach, 3.3 million customers impacted

An authentication bypass flaw in the polkit auth system service used on most Linux distros can allow to get a root shell. An authentication bypass vulnerability in the polkit auth system service, tracked as CVE-2021-3560, which is used on most Linux distros can allow an unprivileged attacker to get a root shell. “A flaw was found […]

The post CVE-2021-3560 flaw in polkit auth system service affects most of Linux distros appeared first on Security Affairs.

Read More CVE-2021-3560 flaw in polkit auth system service affects most of Linux distros

The Avaddon ransomware gang has shut down its operations and released the decryption keys to allow victims to recover their files for free. Good news for the victims of the Avaddon ransomware gang, the cybercrime group has shut down its operations and provided the decryption keys to BleepingComputer website. The group has also shut down […]

The post Avaddon ransomware gang shuts down their operations and releases decryption keys appeared first on Security Affairs.

Read More Avaddon ransomware gang shuts down their operations and releases decryption keys

The current era, where all data is digital, the threats of fraud, breach and data sprawl are more of a reality than ever. In these times, organizations not only take a hit because of the breached data and cyber threats, but also are heavily fined under global privacy regulations. These privacy regulations are in place […]

The post CEO-Level Guide to Prevent Data Hacking Technologies & Incidents appeared first on Security Affairs.

Read More CEO-Level Guide to Prevent Data Hacking Technologies & Incidents

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Researchers from NordLocker have discovered an unsecured database containing 1.2-terabyte of stolen data. Threat actors used custom malware to steal data from 3.2 million Windows systems between 2018 and 2020. The database includes […]

The post Mysterious custom malware used to steal 1.2TB of data from million PCs appeared first on Security Affairs.

Read More Mysterious custom malware used to steal 1.2TB of data from million PCs

Qatari government-funded international Arabic news channel Al Jazeera announced to have blocked a series of disruptive cyberattacks aimed at its news publishing platform. Qatari government-funded international Arabic news channel Al Jazeera announced to have blocked this week a series of cyberattacks that attempted to disrupt and take over some components of its news publishing platform. […]

The post Al Jazeera detected and blocked disruptive cyberattacks appeared first on Security Affairs.

Read More Al Jazeera detected and blocked disruptive cyberattacks

The US Department of Justice seized the servers and domains of the popular cybercrime marketplace SlilPP. The US Department of Justice announced to have seized the infrastructure of SlilPP, a popular marketplace used by cybercriminals to buy and sell stolen login credentials. The seizure is the result of a multinational operation involving law enforcement agencies in the […]

The post DoJ announced to have shut down Slilpp marketplace in international operation appeared first on Security Affairs.

Read More DoJ announced to have shut down Slilpp marketplace in international operation

Threat hunting and adversarial cyber intelligence company Group-IB published a comprehensive analysis of fraud cases on a global scale. Group-IB,  a global threat hunting and adversarial cyber intelligence company specializing in the investigation and prevention of high-tech cybercrime, has published a comprehensive analysis of fraud cases on a global scale.  Group-IB,  a global threat hunting and adversarial […]

The post Global Scamdemic: Scams Become Number One Online Crime appeared first on Security Affairs.

Read More Global Scamdemic: Scams Become Number One Online Crime

President Joe Biden signed an ambitious executive order to dramatically improve the security of the US government networks. President Biden signed an executive order this week to improve the country’s defenses against cyberattacks, it is an important move that comes shortly after the recent wave of attacks, such as the SolarWinds supply chain attack and the […]

The post Biden signed executive order to improve the Nation’s Cybersecurity appeared first on Security Affairs.

Read More Biden signed executive order to improve the Nation’s Cybersecurity

FBI and DHS’s CISA have published a joint alert on DarkSide ransomware activity after the disruptive attack on Colonial Pipeline. FBI and DHS’s CISA have published a joint alert to warn of ransomware attacks conducted by the DarkSide group. The alert comes after the disruptive attack that hit Colonial Pipeline that caused chaos and disruption. […]

The post US CISA and FBI publish joint alert on DarkSide ransomware appeared first on Security Affairs.

Read More US CISA and FBI publish joint alert on DarkSide ransomware

After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to.  Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers. As per these regulations, organizations can be held responsible […]

The post How Companies Need to Treat User Data and Manage Their Partners appeared first on Security Affairs.

Read More How Companies Need to Treat User Data and Manage Their Partners

Security researcher discovered a series of flaws, collectively tracked as FragAttacks, that impact the WiFi devices sold for the past 24 years. Belgian security researcher Mathy Vanhoef disclosed the details of a multiple vulnerabilities, tracked as FragAttacks, that affect WiFi devices exposed them to remote attacks. Some the flaws discovered by the experts date back as […]

The post FragAttacks vulnerabilities expose all WiFi devices to hack appeared first on Security Affairs.

Read More FragAttacks vulnerabilities expose all WiFi devices to hack

Malware researchers from Cleafy warn of a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Europe. Malware experts from the Italian cybersecurity firm Cleafy have spotted a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Spain, Germany, Italy, Belgium, and the Netherlands. TeaBot malware appeared […]

The post TeaBot Android banking Trojan targets banks in Europe appeared first on Security Affairs.

Read More TeaBot Android banking Trojan targets banks in Europe

U.S. Intelligence agencies warn of weaknesses in 5G networks that could be exploited by crooks and nation-state actors for intelligence gathering. The U.S. National Security Agency (NSA), along with the DHS Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have analyzed the risks and vulnerabilities associated with […]

The post NSA and ODNI analyze potential risks to 5G networks appeared first on Security Affairs.

Read More NSA and ODNI analyze potential risks to 5G networks

Adobe confirmed that a zero-day vulnerability affecting Adobe Reader for Windows has been exploited in the wild in limited attacks. Adobe security updates for May 2021 address at least 43 CVEs in Experience Manager, InDesign, Illustrator, InCopy, Adobe Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop, Media Encoder, Medium, and Animate. Five of the […]

The post Hackers target Windows users exploiting a Zero-Day in Reader appeared first on Security Affairs.

Read More Hackers target Windows users exploiting a Zero-Day in Reader

Apple AirTag has been launched less than two weeks ago, but a security researcher already claims to have hacked them.  The Apple AirTag has been available for just a couple of weeks and hacking community is already working on it to demonstrate that how to compromise it. “The German security researcher Stack Smashing tweeted today (via The 8-bit) that […]

The post Researcher hacked Apple AirTag two weeks after its launch appeared first on Security Affairs.

Read More Researcher hacked Apple AirTag two weeks after its launch

Court documents revealed that the infamous XcodeGhost malware, which has been active since 2015, infected 128 million iOS users. Documents provided in a court case that sees Epic Games v. Apple Inc. revealed that the XcodeGhost malware impacted 128 million iOS users. Epic Games filed a lawsuit against Apple in a California court over its violation of terms of […]

The post Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015 appeared first on Security Affairs.

Read More Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015

Google has released a new open-source tool called cosign that could allow administrators to sign and verify the container images. Google has released a new open-source tool called cosign that allows to sign, verify container images, it was developed to make signatures invisible infrastructure. Cosign supports: Hardware and KMS signing Bring-your-own PKI Our free OIDC PKI […]

The post Google open sources cosign tool for verifying containers appeared first on Security Affairs.

Read More Google open sources cosign tool for verifying containers

The FBI and Australian Australian Cyber Security Centre (ACSC) warn of an ongoing Avaddon ransomware campaign targeting organizations worldwide. The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations worldwide in multiple industries, including government, finance, energy, manufacturing, and healthcare. The alert published […]

The post FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks appeared first on Security Affairs.

Read More FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks

The U.S. FBI confirmed that the attack against the Colonial Pipeline over the weekend was launched by the Darkside ransomware gang. The U.S. Federal Bureau of Investigation confirmed that the Colonial Pipeline was shut down due to a cyber attack carried out by the Darkside ransomware gang. “The FBI confirms that the Darkside ransomware is […]

The post FBI confirmed that Darkside ransomware gang hit Colonial Pipeline appeared first on Security Affairs.

Read More FBI confirmed that Darkside ransomware gang hit Colonial Pipeline

The city of Tulsa, Oklahoma, has been hit by a ransomware attack over the weekend that impacted its government’s network and shut down its websites. One of the biggest cities in the US  by population size, the City of Tulsa, was victim of a ransomware attack that affected its government’s network and forced the shutdown […]

The post City of Tulsa, is the last US city hit by ransomware attack appeared first on Security Affairs.

Read More City of Tulsa, is the last US city hit by ransomware attack

Since early 2020, bad actors have added Tor exit nodes to the Tor network to intercep traffic to cryptocurrency-related sites Starting from January 2020, a threat actor has been adding thousands of malicious exit relays to the Tor network to intercept traffic and carry out SSL stripping attacks on users while accessing mixing websites, The […]

The post Threat actors added thousands of Tor exit nodes to carry out SSL stripping attacks appeared first on Security Affairs.

Read More Threat actors added thousands of Tor exit nodes to carry out SSL stripping attacks

WhatsApp will not deactivate the accounts of users who don’t accept the new privacy policy update that requires sharing data with other companies owned by Facebook. WhatsApp on Friday announced that it will not deactivate accounts of users who don’t accept its new privacy policy that will be rolled out on May 15. The company will only […]

The post WhatsApp will not deactivate accounts for not accepting new privacy terms appeared first on Security Affairs.

Read More WhatsApp will not deactivate accounts for not accepting new privacy terms

U.S. CISA has published an analysis of the FiveHands ransomware, the same malware that was analyzed a few days ago by researchers from FireEye’s Mandiant experts. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the FiveHands ransomware that was recently detailed by FireEye’s Mandiant. At the end of April, researchers […]

The post CISA MAR report provides technical details of FiveHands Ransomware appeared first on Security Affairs.

Read More CISA MAR report provides technical details of FiveHands Ransomware

‘Spam protection, AntiSpam, FireWall by CleanTalk’ anti-spam WordPress plugin could expose user sensitive data to an unauthenticated attacker. A Time-Based Blind SQL Injection in ‘Spam protection, AntiSpam, FireWall by CleanTalk’ WordPress plugin, tracked as CVE-2021-24295, could be exploited by an unauthenticated attacker to access user data. The flaw could be exploited by an attack to […]

The post SQL injection issue in Anti-Spam WordPress Plugin exposes User Data appeared first on Security Affairs.

Read More SQL injection issue in Anti-Spam WordPress Plugin exposes User Data

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Cloud hosting provider Swiss Cloud suffered a ransomware attack Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle WeSteal, a shameless commodity cryptocurrency […]

The post Security Affairs newsletter Round 313 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 313

A flaw in some DNS resolvers, tracked as TsuNAME, can allow attackers to launch DDoS attacks against authoritative DNS servers. Researchers at SIDN Labs (the R&D team of the registry for .nl domains), InternetNZ (the registry for .nz domains), and the Information Science Institute at the University of Southern California has discovered a vulnerability, named […]

The post TsuNAME flaw exposes DNS servers to DDoS attacks appeared first on Security Affairs.

Read More TsuNAME flaw exposes DNS servers to DDoS attacks

A cyberattack forced the shutdown of one of the largest pipelines in the United States, the Colonial Pipeline facility in Pelham, Alabama. The Colonial Pipeline facility in Pelham, Alabama was hit by a cybersecurity attack, its operators were forced to shut down its systems. The pipeline allows carrying 2.5 million barrels of refined gasoline and […]

The post A cyberattack shutdown US Colonial Pipeline appeared first on Security Affairs.

Read More A cyberattack shutdown US Colonial Pipeline

The UK and US cybersecurity agencies have published a report detailing techniques used by Russia-linked cyberespionage group known APT29 (aka Cozy Bear). Today, UK NCSC and CISA-FBI-NSA cybersecurity agencies published a joint security advisory that warns organizations to patch systems immediately to mitigate the risk of attacks conducted by Russia-linked SVR group (aka APT29, Cozy Bear, and The Dukes)). The […]

The post Russia-linked APT29 group changes TTPs following April advisories appeared first on Security Affairs.

Read More Russia-linked APT29 group changes TTPs following April advisories

CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors. Most organizations use databases to store sensitive information. This includes passwords, usernames, document scans, health records, bank account and credit card details, as well as other essential data, […]

The post 19 petabytes of data exposed across 29,000+ unprotected databases appeared first on Security Affairs.

Read More 19 petabytes of data exposed across 29,000+ unprotected databases

VMware has fixed a new critical RCE flaw in VMware vRealize Business for Cloud that was reported by sanctioned Russian firm Positive Technologies. VMware has addressed a critical remote code execution vulnerability, tracked as CVE-2021-21984, in VMware vRealize Business for Cloud. vRealize Business for Cloud is an automated cloud business management solution that allows customers to […]

The post VMware addresses critical RCE in vRealize Business for Cloud appeared first on Security Affairs.

Read More VMware addresses critical RCE in vRealize Business for Cloud

The Cuba Ransomware gang has partnered with the crooks behind the Hancitor malware in attacks aimed at corporate networks. The Hancitor downloader has been around for quite some time already. It is known since at least 2016 for dropping Pony and Vawtrak. As a loader, it has been used to download other malware families, such as Ficker […]

The post Connecting the Bots – Hancitor fuels Cuba Ransomware Operations appeared first on Security Affairs.

Read More Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

Experts spotted a new malware, dubbed Moriya rootkit, that targets Windows systems as part of cyberespionage campaign dubbed TunnelSnake. An unclassified threat actor employed a new stealthy malware, dubbed Moriya rootkit, to compromise Windows systems. Kaspersky experts who uncovered the threat speculate the attacks are likely part of an ongoing espionage campaign dubbed TunnelSnake that has been […]

The post Windows Moriya rootkit used in highly targeted attacks appeared first on Security Affairs.

Read More Windows Moriya rootkit used in highly targeted attacks

Experts spotted a new malware, dubbed Moriya rootkit, that targets Windows systems as part of cyberespionage campaign dubbed TunnelSnake. An unclassified threat actor employed a new stealthy malware, dubbed Moriya rootkit, to compromise Windows systems. Kaspersky experts who uncovered the threat speculate the attacks are likely part of an ongoing espionage campaign dubbed TunnelSnake that has been […]

The post Windows Moriya rootkit used in highly targeted attacks appeared first on Security Affairs.

Read More Windows Moriya rootkit used in highly targeted attacks

Chinese military unit PLA Unit 61419 is suspected to be involved in cyber-espionage campaigns against multiple antivirus companies. Researchers from cybersecurity firm Recorded Future’s Insikt Group have discovered six procurement documents from official People’s Liberation Army (PLA) military websites and other sources that demonstrate that PLA Unit 61419 has sought to purchase antivirus solutions from […]

The post Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage appeared first on Security Affairs.

Read More Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage

A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007. The malware QakBot, also known as Qbot, Pinkslipbot, and Quakbot is a banking trojan that has been made headlines since 2007. This piece of malware is focused on stealing banking credentials and victim’s secrets using […]

The post A taste of the latest release of QakBot appeared first on Security Affairs.

Read More A taste of the latest release of QakBot

Cisco fixed critical flaws in SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts, and executing commands as root. Cisco has addressed critical vulnerabilities affecting SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts and executing commands as root. Cisco SD-WAN vManage Software flaws (CVE-2021-1275, CVE-2021-1468, CVE-2021-1505, CVE-2021-1506, CVE-2021-1508) could […]

The post Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX software appeared first on Security Affairs.

Read More Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX software

Researchers found a critical vulnerability in HPE Edgeline Infrastructure Manager that could be exploited by a remote attacker to bypass authentication. Researchers from Tenable have disclosed a critical authentication bypass vulnerability in HPE Edgeline Infrastructure Manager (EIM), tracked as CVE-2021-29203, that could be exploited by attackers to compromise a customer’s cloud infrastructure. “A security vulnerability […]

The post Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager appeared first on Security Affairs.

Read More Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

A massive distributed denial of service (DDoS) attack shut down Belgiums’ government websites, internal networks were also impacted. A massive distributed denial of service (DDoS) attack hit most of the Belgium government’s IT network, according to the media the attack also knocked offline internal systems. People attempting to visit websites hosted on the Belnet network […]

The post A massive DDoS knocked offline Belgian government websites appeared first on Security Affairs.

Read More A massive DDoS knocked offline Belgian government websites

The maintainers of the Exim email server software addressed a collection of 21 issues, dubbed 21Nails, that can allow attackers to fully compromise mail servers. The maintainers of the Exim email server software have released security updates to address a collection of 21 vulnerabilities, dubbed 21Nails, that can be exploited by attackers to take over […]

The post Most of Exim email servers could be hacked by exploiting 21Nails flaws appeared first on Security Affairs.

Read More Most of Exim email servers could be hacked by exploiting 21Nails flaws

American multinational computer technology giant Dell addresses a 12-year-old driver flaw, tracked as CVE-2021-21551, impacting millions of computers. Hundreds of millions of Dell computers worldwide are affected by a 12-year-old vulnerability, tracked as CVE-2021-21551, that affects Dell DBUtil driver. The flaw affects version 2.3 of the Dell BIOS driver, it is one of a series of […]

The post Hundreds of millions Of Dell PCs affected by CVE-2021-21551 flaws appeared first on Security Affairs.

Read More Hundreds of millions Of Dell PCs affected by CVE-2021-21551 flaws

Iran-linked ATP group carried out a ransomware operation through a contracting company based in the country, Flashpoint researchers warn. Researchers from Flashpoint have uncovered a state-sponsored ransomware campaign conducted by Iran’s Islamic Revolutionary Guard Corps (IRGC) through an Iranian contracting company called “Emen Net Pasargard” (ENP) (aka “Imannet Pasargad,” “Iliant Gostar Iranian,” “Eeleyanet Gostar Iraniyan”). […]

The post Project Signal: a second Iranian State-Sponsored Ransomware Operation appeared first on Security Affairs.

Read More Project Signal: a second Iranian State-Sponsored Ransomware Operation

Apple has released security updates to patch three zero-days in the WebKit, the Apple’s browser engine, and fixed a zero-day exploited in the wild. Apple released security updates to address four zero-day vulnerabilities impacting WebKit, which is used by multiple products of the IT giant, including iPadOS, tvOS, and watchOS. The WebKit browser engine is […]

The post Apple addresses three zero-day flaws in its WebKit browser engine appeared first on Security Affairs.

Read More Apple addresses three zero-day flaws in its WebKit browser engine

Security researcher released technical details and a PoC code for a high-severity vulnerability in Microsoft Exchange Server reported by the NSA. A security expert released technical details and proof-of-concept exploit (PoC) code for the high-severity vulnerability CVE-2021-28482 in Microsoft Exchange that could be exploited by remote attackers to execute arbitrary code on vulnerable systems. April […]

The post Expert released PoC exploit for Microsoft Exchange flaw appeared first on Security Affairs.

Read More Expert released PoC exploit for Microsoft Exchange flaw

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. Pulse Secure has addressed a zero-day vulnerability (CVE-2021-22893) in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited by threat actors in attacks against defense firms […]

The post Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited appeared first on Security Affairs.

Read More Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Which are the most common causes of a Data Breach and how to prevent It? How can organizations prevent it? Data breaches are highly damaging and equally embarrassing for businesses andconsumers. If you look at Verizon’s 2020 Data Breach Investigations Report, you canfind some of the most common causes of data breaches. However, you will also […]

The post Most Common Causes of Data Breach and How to Prevent It appeared first on Security Affairs.

Read More Most Common Causes of Data Breach and How to Prevent It

Experian API exposed credit scores of tens of millions of Americans due to a weakness with a partner website. Anyone was able to look up the credit score of tens of millions of Americans just by providing their name and mailing address. The issue was reported to KrebsOnSecurity by the independent security researcher Bill Demirkapi, […]

The post Experian API exposed credit scores of tens of millions of Americans appeared first on Security Affairs.

Read More Experian API exposed credit scores of tens of millions of Americans

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2021. Threat Report Portugal Q1 2021: Phishing and malware by numbers. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is […]

The post Threat Report Portugal: Q1 2021 appeared first on Security Affairs.

Read More Threat Report Portugal: Q1 2021

The bold author of a new cryptocurrency stealer, dubbed WeSteal, is promising its customers a leading way to make money in 2021. A new cryptocurrency stealer dubbed WeSteal is available on the cybercrime underground, unlike other commodity cryptocurrency stealers, its author doesn’t masquerade its purpose and promises “the leading way to make money in 2021.” […]

The post WeSteal, a shameless commodity cryptocurrency stealer available for sale appeared first on Security Affairs.

Read More WeSteal, a shameless commodity cryptocurrency stealer available for sale

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. 10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely Hackers are targeting Soliton FileZen file-sharing servers A supply chain attack compromised the update mechanism of Passwordstate Password Manager Boffins […]

The post Security Affairs newsletter Round 312 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 312

A security duo has demonstrated how to hack a Tesla Model X’s and open the doors using a DJI Mavic 2 drone equipped with a WIFI dongle. The scenario is disconcerting, hackers could use a drone to fly on your Tesla Model X and open the doors, a couple of researchers demonstrated. The researchers Kunnamon, […]

The post Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle appeared first on Security Affairs.

Read More Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle

Swiss cloud hosting provider Swiss Cloud has suffered a ransomware attack that seriously impacted its server infrastructure. On April 27 the Swiss cloud hosting provider was hit by a ransomware attack that brought down the company’s server infrastructure. The company is currently working to restore operations from its backups with the help of experts from […]

The post Cloud hosting provider Swiss Cloud suffered a ransomware attack appeared first on Security Affairs.

Read More Cloud hosting provider Swiss Cloud suffered a ransomware attack

Taiwanese vendor QNAP is warning its customers of AgeLocker ransomware attacks on their NAS devices. Crooks behind the AgeLocker ransomware operation are targeting QNAP NAS devices, the Taiwanese vendor warns. The vendor doesn’t provide technical details of the attacks, it is not clear if the ransomware gang exploited know vulnerabilities. “The QNAP security team has […]

The post AgeLocker ransomware operation targets QNAP NAS devices appeared first on Security Affairs.

Read More AgeLocker ransomware operation targets QNAP NAS devices

The Internet Systems Consortium (ISC) released updates for the BIND DNS software to patch several denial-of-service (DoS) and potential RCE flaws. The Internet Systems Consortium (ISC) has released security updates for the BIND DNS software to address several vulnerabilities that can be exploited by attackers to trigger denial-of-service (DoS) conditions and potentially to remotely execute […]

The post Flaws in the BIND software expose DNS servers to attacks appeared first on Security Affairs.

Read More Flaws in the BIND software expose DNS servers to attacks

China-linked APT group targets Russian nuclear sub designer with an undocumented backdoor A China-linked cyberespionage group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy. Cybereason researchers reported that a China-linked APT group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy. The state-sponsored hackers […]

The post China-linked APT uses a new backdoor in attacks at Russian defense contractor appeared first on Security Affairs.

Read More China-linked APT uses a new backdoor in attacks at Russian defense contractor

UNICC and Group-IB detected and took down a massive multistage scam campaign circulating online on April 7, World Health Day. Group-IB, a global threat hunting and adversary-centric cyber intelligence company that specializes in investigating hi-tech cybercrimes, and the United Nations International Computing Centre (UNICC), detected and took down a massive multistage scam campaign circulating online on April 7, World Health Day. […]

The post Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization appeared first on Security Affairs.

Read More Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization

Microsoft researchers are warning of major security vulnerabilities affecting OT and IoT devices and high-risks for businesses using them. Researchers from Microsoft’s Section 52 team recently uncovered several critical memory allocation flaws, collectively tracked as BadAlloc, affecting IoT and OT devices. The vulnerabilities could be exploited by attackers to bypass security controls to execute malicious […]

The post Microsoft warns of BadAlloc flaws in OT, IoT devices appeared first on Security Affairs.

Read More Microsoft warns of BadAlloc flaws in OT, IoT devices

A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package. The maintainers of the PHP Composer package have addressed a critical vulnerability, tracked as CVE-2021-29472, that could have allowed an attacker to execute arbitrary commands and establish a backdoor in every PHP package. Composer is the major […]

The post Command injection flaw in PHP Composer allowed supply-chain attacks appeared first on Security Affairs.

Read More Command injection flaw in PHP Composer allowed supply-chain attacks

Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks was hit by a ransomware attack. Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks, was hit by a cyberattack allegedly carried out by one of the most aggressive ransomware gangs, Darkside. The attack paralyzed the operations at 188 branches […]

The post An alleged ransomware attack hit the Italian Banca di Credito Cooperativo causing chaos appeared first on Security Affairs.

Read More An alleged ransomware attack hit the Italian Banca di Credito Cooperativo causing chaos

An information disclosure issue in Linux Kernel allows KASLR bypass could be potentially exploited in attacks in the wild. An information disclosure flaw in the Linux kernel, tracked as CVE-2020-28588, could allow attackers to bypass the Kernel Address Space Layout Randomization bypass (KASLR). The Kernel Address space layout randomization (KASLR) is a computer security technique designed to prevent […]

The post An issue in the Linux Kernel could allow the hack of your system appeared first on Security Affairs.

Read More An issue in the Linux Kernel could allow the hack of your system

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection […]

The post Purple Lambert, a new malware of CIA-linked Lambert APT group appeared first on Security Affairs.

Read More Purple Lambert, a new malware of CIA-linked Lambert APT group

Experts recently uncovered a Linux backdoor, dubbed RotaJakiro, that has flown under the radar for many years while harvest and exfiltrate sensitive information from the victims.  RotaJakiro is a Linux backdoor recently discovered by researchers at Qihoo 360’s Network Security Research Lab (360 Netlab). The malware remained undetected for years while threat actors were employing […]

The post RotaJakiro Linux backdoor has flown under the radar since 2018 appeared first on Security Affairs.

Read More RotaJakiro Linux backdoor has flown under the radar since 2018

China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last 2 years. The Naikon APT group is a China-linked cyber espionage group that has been active at least since 2010 and that remained under the radar since 2015 while targeting entities in Asia-Pacific (APAC) region.  Organizations targeted by the […]

The post Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs appeared first on Security Affairs.

Read More Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Google released updates for Chrome 90 that address a new serious issue, tracked as CVE-2021-21227, in the V8 JavaScript engine used by the web browser. Google has released security updates for Chrome 90 that address a new high severity vulnerability, tracked as CVE-2021-21227, that resides in the V8 JavaScript engine used by the web browser. […]

The post Google addresses a high severity flaw in V8 engine in Chrome appeared first on Security Affairs.

Read More Google addresses a high severity flaw in V8 engine in Chrome

UK rail network Merseyrail was hit by a cyberattack, ransomware operators breached the corporate email system to disclose the attack to employees and journalists. UK rail network Merseyrail, which operates rail services across Merseyside, announced it was a victim of a cyber attack. A ransomware gang has also compromised the email system of the organization to […]

The post UK rail network Merseyrail hit by ransomware gang appeared first on Security Affairs.

Read More UK rail network Merseyrail hit by ransomware gang