Security Affairs

The chipmaker AMD published guidance for two new attacks against its SEV (Secure Encrypted Virtualization) protection technology. Chipmaker AMD has issued guidance for two attacks (CVE-2020-12967, CVE-2021-26311) that allow bypassing the SEV (Secure Encrypted Virtualization) technology implemented to prevent rogue operating systems on virtual machines. The chipmaker is aware of two research papers, respectively titled […]

The post Two flaws could allow bypassing AMD SEV protection system appeared first on Security Affairs.

Read More Two flaws could allow bypassing AMD SEV protection system

Hackers abuses Microsoft Build Engine (MSBuild) to filelessly deliver malware on targeted Windows systems, including RAT and password-stealer. Researchers from Anomali observed threat actors abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and RedLine Stealer password-stealing malware on targeted Windows systems. “Anomali Threat Research discovered a campaign in which threat actors used […]

The post MSBuild tool used to deliver RATs filelessly appeared first on Security Affairs.

Read More MSBuild tool used to deliver RATs filelessly

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. CISA MAR report provides technical details of FiveHands Ransomware SQL injection issue in Anti-Spam WordPress Plugin exposes User Data TsuNAME flaw exposes DNS servers to DDoS attacks City of Tulsa, […]

The post Security Affairs newsletter Round 314 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 314

Alleged Pakistan-Linked cyber espionage group, tracked as Transparent Tribe, targets Indian entities with a new Windows malware. Researchers from Cisco Talos warn that the Pakistan-linked APT group Transparent Tribe expanded its Windows malware arsenal. The group used the new malware dubbed ObliqueRAT in cyberespionage attacks against Indian targets. The Operation Transparent Tribe (Operation C-Major, APT36, and Mythic […]

The post Pakistan-linked Transparent Tribe APT expands its arsenal appeared first on Security Affairs.

Read More Pakistan-linked Transparent Tribe APT expands its arsenal

A joint operation of European law enforcement agencies and coordinated by Europol dismantled a criminal ring involved in investment fraud. A joint investigation of European law enforcement agencies supported by Europol and Eurojust dismantled a large criminal network involved in investment fraud and money laundering. The operation, led by Germany, involved authorities from Bulgaria, Israel, Latvia, […]

The post European police dismantle major online investment fraud ring that causes €30 Million in losses appeared first on Security Affairs.

Read More European police dismantle major online investment fraud ring that causes €30 Million in losses

XSS forum (previously known as DaMaGeLab) one of the most popular hacking forums, announced that it would ban the ads published by ransomware gangs. The popular hacking forum XSS forum, previously known as DaMaGeLab, announced that that it would ban the ads published by ransomware gangs. The forum is one the most important places of […]

The post Major hacking forums XSS and Exploit ban ads from ransomware gangs appeared first on Security Affairs.

Read More Major hacking forums XSS and Exploit ban ads from ransomware gangs

QNAP warns of an actively exploited Roon Server zero-day flaw and eCh0raix ransomware attacks on its NAS devices. QNAP warns customers of threat actors that are targeting its Network Attached Storage (NAS) devices with eCh0raix ransomware attacks and exploiting a Roon Server zero-day vulnerability. The Taiwanese vendor was informed of ongoing eCh0raix ransomware attacks that […]

The post QNAP warns of eCh0raix ransomware and Roon Server zero-day attacks appeared first on Security Affairs.

Read More QNAP warns of eCh0raix ransomware and Roon Server zero-day attacks

FingerprintJS experts devised a fingerprinting technique, named scheme flooding, that could allow identifying users across different desktop browsers, including the Tor Browser. FingerprintJS experts devised a new fingerprinting technique, named scheme flooding, that could allow identifying users while browsing websites using different desktop browsers, including the Tor Browser. The technique allows to profile users while […]

The post Scheme flooding fingerprint technique may deanonymize Tor users appeared first on Security Affairs.

Read More Scheme flooding fingerprint technique may deanonymize Tor users

The operators of the Darkside ransomware announced that they have lost control of their infrastructure and part of the funds the gang obtained from the victims. Darkside ransomware operators say they have lost control of their servers and funds resulting from their extortion activity, the funds were transferred to an unknown wallet. “The funds, which […]

The post Darkside gang lost control of their servers and funds appeared first on Security Affairs.

Read More Darkside gang lost control of their servers and funds

Magecart cybercrime gang is using favicon to hide malicious PHP web shells used to maintain remote access to inject JavaScript skimmers into online stores. Magecart hackers are distributing malicious PHP web shells hidden in website favicon to inject JavaScript e-skimmers into online stores and steal payment information. Researchers from Malwarebytes observed threat actors, likely Magecart […]

The post Magecart gang hides PHP-based web shells in favicons appeared first on Security Affairs.

Read More Magecart gang hides PHP-based web shells in favicons

Ireland’s Health Service Executive service shut down its IT systems after they were hit with a “significant ransomware attack.” Another major ransomware attack made the headlines, this time the victim is Ireland’s Health Service Executive that was forced to shut down its IT systems on Friday. After being targeted with a significant ransomware attack the Health Service […]

The post Ireland’s Health Service Executive hit by ransomware attack appeared first on Security Affairs.

Read More Ireland’s Health Service Executive hit by ransomware attack

DarkSide demanded a $5 million ransom to Colonial Pipeline, which has quickly recovered operations, did it pay? The Colonial Pipeline facility in Pelham, Alabama, was hit by a cybersecurity attack on Friday and its operators were forced to shut down its systems. The pipeline allows carrying 2.5 million barrels of refined gasoline and jet fuel […]

The post Colonial Pipeline likely paid a $5M ransom to DarkSide appeared first on Security Affairs.

Read More Colonial Pipeline likely paid a $5M ransom to DarkSide

Rapid7 disclosed that unauthorized third-party had access to source code and customer data as result of Codecov supply chain attack. Cyber security vendor Rapid7 reveals it was impacted by the Codecov software supply chain attack, attackers had access to data for part of its customers and a small subset of its source code repositories for […]

The post Rapid7 says source code, credentials accessed as a Rresult of Codecov supply-chain attack appeared first on Security Affairs.

Read More Rapid7 says source code, credentials accessed as a Rresult of Codecov supply-chain attack

The recent Colonial Pipeline attack highlights the dangers that are facing Critical Infrastructure worldwide. The attack perpetrated by hackers on oil company Colonial Pipeline highlights the dangers that are facing Industrial Control Systems (ICS) and the need for change in the information security landscape, The attack took place on May 7th where hackers used ransomware […]

The post Security at Bay: Critical Infrastructure Under Attack appeared first on Security Affairs.

Read More Security at Bay: Critical Infrastructure Under Attack

President Joe Biden signed an ambitious executive order to dramatically improve the security of the US government networks. President Biden signed an executive order this week to improve the country’s defenses against cyberattacks, it is an important move that comes shortly after the recent wave of attacks, such as the SolarWinds supply chain attack and the […]

The post Biden signed executive order to improve the Nation’s Cybersecurity appeared first on Security Affairs.

Read More Biden signed executive order to improve the Nation’s Cybersecurity

FBI and DHS’s CISA have published a joint alert on DarkSide ransomware activity after the disruptive attack on Colonial Pipeline. FBI and DHS’s CISA have published a joint alert to warn of ransomware attacks conducted by the DarkSide group. The alert comes after the disruptive attack that hit Colonial Pipeline that caused chaos and disruption. […]

The post US CISA and FBI publish joint alert on DarkSide ransomware appeared first on Security Affairs.

Read More US CISA and FBI publish joint alert on DarkSide ransomware

After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to.  Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers. As per these regulations, organizations can be held responsible […]

The post How Companies Need to Treat User Data and Manage Their Partners appeared first on Security Affairs.

Read More How Companies Need to Treat User Data and Manage Their Partners

Security researcher discovered a series of flaws, collectively tracked as FragAttacks, that impact the WiFi devices sold for the past 24 years. Belgian security researcher Mathy Vanhoef disclosed the details of a multiple vulnerabilities, tracked as FragAttacks, that affect WiFi devices exposed them to remote attacks. Some the flaws discovered by the experts date back as […]

The post FragAttacks vulnerabilities expose all WiFi devices to hack appeared first on Security Affairs.

Read More FragAttacks vulnerabilities expose all WiFi devices to hack

Malware researchers from Cleafy warn of a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Europe. Malware experts from the Italian cybersecurity firm Cleafy have spotted a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Spain, Germany, Italy, Belgium, and the Netherlands. TeaBot malware appeared […]

The post TeaBot Android banking Trojan targets banks in Europe appeared first on Security Affairs.

Read More TeaBot Android banking Trojan targets banks in Europe

U.S. Intelligence agencies warn of weaknesses in 5G networks that could be exploited by crooks and nation-state actors for intelligence gathering. The U.S. National Security Agency (NSA), along with the DHS Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have analyzed the risks and vulnerabilities associated with […]

The post NSA and ODNI analyze potential risks to 5G networks appeared first on Security Affairs.

Read More NSA and ODNI analyze potential risks to 5G networks

Adobe confirmed that a zero-day vulnerability affecting Adobe Reader for Windows has been exploited in the wild in limited attacks. Adobe security updates for May 2021 address at least 43 CVEs in Experience Manager, InDesign, Illustrator, InCopy, Adobe Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop, Media Encoder, Medium, and Animate. Five of the […]

The post Hackers target Windows users exploiting a Zero-Day in Reader appeared first on Security Affairs.

Read More Hackers target Windows users exploiting a Zero-Day in Reader

Apple AirTag has been launched less than two weeks ago, but a security researcher already claims to have hacked them.  The Apple AirTag has been available for just a couple of weeks and hacking community is already working on it to demonstrate that how to compromise it. “The German security researcher Stack Smashing tweeted today (via The 8-bit) that […]

The post Researcher hacked Apple AirTag two weeks after its launch appeared first on Security Affairs.

Read More Researcher hacked Apple AirTag two weeks after its launch

Court documents revealed that the infamous XcodeGhost malware, which has been active since 2015, infected 128 million iOS users. Documents provided in a court case that sees Epic Games v. Apple Inc. revealed that the XcodeGhost malware impacted 128 million iOS users. Epic Games filed a lawsuit against Apple in a California court over its violation of terms of […]

The post Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015 appeared first on Security Affairs.

Read More Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015

Google has released a new open-source tool called cosign that could allow administrators to sign and verify the container images. Google has released a new open-source tool called cosign that allows to sign, verify container images, it was developed to make signatures invisible infrastructure. Cosign supports: Hardware and KMS signing Bring-your-own PKI Our free OIDC PKI […]

The post Google open sources cosign tool for verifying containers appeared first on Security Affairs.

Read More Google open sources cosign tool for verifying containers

The FBI and Australian Australian Cyber Security Centre (ACSC) warn of an ongoing Avaddon ransomware campaign targeting organizations worldwide. The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations worldwide in multiple industries, including government, finance, energy, manufacturing, and healthcare. The alert published […]

The post FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks appeared first on Security Affairs.

Read More FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks

The U.S. FBI confirmed that the attack against the Colonial Pipeline over the weekend was launched by the Darkside ransomware gang. The U.S. Federal Bureau of Investigation confirmed that the Colonial Pipeline was shut down due to a cyber attack carried out by the Darkside ransomware gang. “The FBI confirms that the Darkside ransomware is […]

The post FBI confirmed that Darkside ransomware gang hit Colonial Pipeline appeared first on Security Affairs.

Read More FBI confirmed that Darkside ransomware gang hit Colonial Pipeline

The city of Tulsa, Oklahoma, has been hit by a ransomware attack over the weekend that impacted its government’s network and shut down its websites. One of the biggest cities in the US  by population size, the City of Tulsa, was victim of a ransomware attack that affected its government’s network and forced the shutdown […]

The post City of Tulsa, is the last US city hit by ransomware attack appeared first on Security Affairs.

Read More City of Tulsa, is the last US city hit by ransomware attack

Since early 2020, bad actors have added Tor exit nodes to the Tor network to intercep traffic to cryptocurrency-related sites Starting from January 2020, a threat actor has been adding thousands of malicious exit relays to the Tor network to intercept traffic and carry out SSL stripping attacks on users while accessing mixing websites, The […]

The post Threat actors added thousands of Tor exit nodes to carry out SSL stripping attacks appeared first on Security Affairs.

Read More Threat actors added thousands of Tor exit nodes to carry out SSL stripping attacks

WhatsApp will not deactivate the accounts of users who don’t accept the new privacy policy update that requires sharing data with other companies owned by Facebook. WhatsApp on Friday announced that it will not deactivate accounts of users who don’t accept its new privacy policy that will be rolled out on May 15. The company will only […]

The post WhatsApp will not deactivate accounts for not accepting new privacy terms appeared first on Security Affairs.

Read More WhatsApp will not deactivate accounts for not accepting new privacy terms

U.S. CISA has published an analysis of the FiveHands ransomware, the same malware that was analyzed a few days ago by researchers from FireEye’s Mandiant experts. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the FiveHands ransomware that was recently detailed by FireEye’s Mandiant. At the end of April, researchers […]

The post CISA MAR report provides technical details of FiveHands Ransomware appeared first on Security Affairs.

Read More CISA MAR report provides technical details of FiveHands Ransomware

‘Spam protection, AntiSpam, FireWall by CleanTalk’ anti-spam WordPress plugin could expose user sensitive data to an unauthenticated attacker. A Time-Based Blind SQL Injection in ‘Spam protection, AntiSpam, FireWall by CleanTalk’ WordPress plugin, tracked as CVE-2021-24295, could be exploited by an unauthenticated attacker to access user data. The flaw could be exploited by an attack to […]

The post SQL injection issue in Anti-Spam WordPress Plugin exposes User Data appeared first on Security Affairs.

Read More SQL injection issue in Anti-Spam WordPress Plugin exposes User Data

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Cloud hosting provider Swiss Cloud suffered a ransomware attack Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle WeSteal, a shameless commodity cryptocurrency […]

The post Security Affairs newsletter Round 313 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 313

A flaw in some DNS resolvers, tracked as TsuNAME, can allow attackers to launch DDoS attacks against authoritative DNS servers. Researchers at SIDN Labs (the R&D team of the registry for .nl domains), InternetNZ (the registry for .nz domains), and the Information Science Institute at the University of Southern California has discovered a vulnerability, named […]

The post TsuNAME flaw exposes DNS servers to DDoS attacks appeared first on Security Affairs.

Read More TsuNAME flaw exposes DNS servers to DDoS attacks

A cyberattack forced the shutdown of one of the largest pipelines in the United States, the Colonial Pipeline facility in Pelham, Alabama. The Colonial Pipeline facility in Pelham, Alabama was hit by a cybersecurity attack, its operators were forced to shut down its systems. The pipeline allows carrying 2.5 million barrels of refined gasoline and […]

The post A cyberattack shutdown US Colonial Pipeline appeared first on Security Affairs.

Read More A cyberattack shutdown US Colonial Pipeline

The UK and US cybersecurity agencies have published a report detailing techniques used by Russia-linked cyberespionage group known APT29 (aka Cozy Bear). Today, UK NCSC and CISA-FBI-NSA cybersecurity agencies published a joint security advisory that warns organizations to patch systems immediately to mitigate the risk of attacks conducted by Russia-linked SVR group (aka APT29, Cozy Bear, and The Dukes)). The […]

The post Russia-linked APT29 group changes TTPs following April advisories appeared first on Security Affairs.

Read More Russia-linked APT29 group changes TTPs following April advisories

CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors. Most organizations use databases to store sensitive information. This includes passwords, usernames, document scans, health records, bank account and credit card details, as well as other essential data, […]

The post 19 petabytes of data exposed across 29,000+ unprotected databases appeared first on Security Affairs.

Read More 19 petabytes of data exposed across 29,000+ unprotected databases

VMware has fixed a new critical RCE flaw in VMware vRealize Business for Cloud that was reported by sanctioned Russian firm Positive Technologies. VMware has addressed a critical remote code execution vulnerability, tracked as CVE-2021-21984, in VMware vRealize Business for Cloud. vRealize Business for Cloud is an automated cloud business management solution that allows customers to […]

The post VMware addresses critical RCE in vRealize Business for Cloud appeared first on Security Affairs.

Read More VMware addresses critical RCE in vRealize Business for Cloud

The Cuba Ransomware gang has partnered with the crooks behind the Hancitor malware in attacks aimed at corporate networks. The Hancitor downloader has been around for quite some time already. It is known since at least 2016 for dropping Pony and Vawtrak. As a loader, it has been used to download other malware families, such as Ficker […]

The post Connecting the Bots – Hancitor fuels Cuba Ransomware Operations appeared first on Security Affairs.

Read More Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

Experts spotted a new malware, dubbed Moriya rootkit, that targets Windows systems as part of cyberespionage campaign dubbed TunnelSnake. An unclassified threat actor employed a new stealthy malware, dubbed Moriya rootkit, to compromise Windows systems. Kaspersky experts who uncovered the threat speculate the attacks are likely part of an ongoing espionage campaign dubbed TunnelSnake that has been […]

The post Windows Moriya rootkit used in highly targeted attacks appeared first on Security Affairs.

Read More Windows Moriya rootkit used in highly targeted attacks

Experts spotted a new malware, dubbed Moriya rootkit, that targets Windows systems as part of cyberespionage campaign dubbed TunnelSnake. An unclassified threat actor employed a new stealthy malware, dubbed Moriya rootkit, to compromise Windows systems. Kaspersky experts who uncovered the threat speculate the attacks are likely part of an ongoing espionage campaign dubbed TunnelSnake that has been […]

The post Windows Moriya rootkit used in highly targeted attacks appeared first on Security Affairs.

Read More Windows Moriya rootkit used in highly targeted attacks

Chinese military unit PLA Unit 61419 is suspected to be involved in cyber-espionage campaigns against multiple antivirus companies. Researchers from cybersecurity firm Recorded Future’s Insikt Group have discovered six procurement documents from official People’s Liberation Army (PLA) military websites and other sources that demonstrate that PLA Unit 61419 has sought to purchase antivirus solutions from […]

The post Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage appeared first on Security Affairs.

Read More Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage

A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007. The malware QakBot, also known as Qbot, Pinkslipbot, and Quakbot is a banking trojan that has been made headlines since 2007. This piece of malware is focused on stealing banking credentials and victim’s secrets using […]

The post A taste of the latest release of QakBot appeared first on Security Affairs.

Read More A taste of the latest release of QakBot

Cisco fixed critical flaws in SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts, and executing commands as root. Cisco has addressed critical vulnerabilities affecting SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts and executing commands as root. Cisco SD-WAN vManage Software flaws (CVE-2021-1275, CVE-2021-1468, CVE-2021-1505, CVE-2021-1506, CVE-2021-1508) could […]

The post Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX software appeared first on Security Affairs.

Read More Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX software

Researchers found a critical vulnerability in HPE Edgeline Infrastructure Manager that could be exploited by a remote attacker to bypass authentication. Researchers from Tenable have disclosed a critical authentication bypass vulnerability in HPE Edgeline Infrastructure Manager (EIM), tracked as CVE-2021-29203, that could be exploited by attackers to compromise a customer’s cloud infrastructure. “A security vulnerability […]

The post Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager appeared first on Security Affairs.

Read More Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

A massive distributed denial of service (DDoS) attack shut down Belgiums’ government websites, internal networks were also impacted. A massive distributed denial of service (DDoS) attack hit most of the Belgium government’s IT network, according to the media the attack also knocked offline internal systems. People attempting to visit websites hosted on the Belnet network […]

The post A massive DDoS knocked offline Belgian government websites appeared first on Security Affairs.

Read More A massive DDoS knocked offline Belgian government websites

The maintainers of the Exim email server software addressed a collection of 21 issues, dubbed 21Nails, that can allow attackers to fully compromise mail servers. The maintainers of the Exim email server software have released security updates to address a collection of 21 vulnerabilities, dubbed 21Nails, that can be exploited by attackers to take over […]

The post Most of Exim email servers could be hacked by exploiting 21Nails flaws appeared first on Security Affairs.

Read More Most of Exim email servers could be hacked by exploiting 21Nails flaws

American multinational computer technology giant Dell addresses a 12-year-old driver flaw, tracked as CVE-2021-21551, impacting millions of computers. Hundreds of millions of Dell computers worldwide are affected by a 12-year-old vulnerability, tracked as CVE-2021-21551, that affects Dell DBUtil driver. The flaw affects version 2.3 of the Dell BIOS driver, it is one of a series of […]

The post Hundreds of millions Of Dell PCs affected by CVE-2021-21551 flaws appeared first on Security Affairs.

Read More Hundreds of millions Of Dell PCs affected by CVE-2021-21551 flaws

Iran-linked ATP group carried out a ransomware operation through a contracting company based in the country, Flashpoint researchers warn. Researchers from Flashpoint have uncovered a state-sponsored ransomware campaign conducted by Iran’s Islamic Revolutionary Guard Corps (IRGC) through an Iranian contracting company called “Emen Net Pasargard” (ENP) (aka “Imannet Pasargad,” “Iliant Gostar Iranian,” “Eeleyanet Gostar Iraniyan”). […]

The post Project Signal: a second Iranian State-Sponsored Ransomware Operation appeared first on Security Affairs.

Read More Project Signal: a second Iranian State-Sponsored Ransomware Operation

Apple has released security updates to patch three zero-days in the WebKit, the Apple’s browser engine, and fixed a zero-day exploited in the wild. Apple released security updates to address four zero-day vulnerabilities impacting WebKit, which is used by multiple products of the IT giant, including iPadOS, tvOS, and watchOS. The WebKit browser engine is […]

The post Apple addresses three zero-day flaws in its WebKit browser engine appeared first on Security Affairs.

Read More Apple addresses three zero-day flaws in its WebKit browser engine

Security researcher released technical details and a PoC code for a high-severity vulnerability in Microsoft Exchange Server reported by the NSA. A security expert released technical details and proof-of-concept exploit (PoC) code for the high-severity vulnerability CVE-2021-28482 in Microsoft Exchange that could be exploited by remote attackers to execute arbitrary code on vulnerable systems. April […]

The post Expert released PoC exploit for Microsoft Exchange flaw appeared first on Security Affairs.

Read More Expert released PoC exploit for Microsoft Exchange flaw

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. Pulse Secure has addressed a zero-day vulnerability (CVE-2021-22893) in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited by threat actors in attacks against defense firms […]

The post Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited appeared first on Security Affairs.

Read More Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Which are the most common causes of a Data Breach and how to prevent It? How can organizations prevent it? Data breaches are highly damaging and equally embarrassing for businesses andconsumers. If you look at Verizon’s 2020 Data Breach Investigations Report, you canfind some of the most common causes of data breaches. However, you will also […]

The post Most Common Causes of Data Breach and How to Prevent It appeared first on Security Affairs.

Read More Most Common Causes of Data Breach and How to Prevent It

Experian API exposed credit scores of tens of millions of Americans due to a weakness with a partner website. Anyone was able to look up the credit score of tens of millions of Americans just by providing their name and mailing address. The issue was reported to KrebsOnSecurity by the independent security researcher Bill Demirkapi, […]

The post Experian API exposed credit scores of tens of millions of Americans appeared first on Security Affairs.

Read More Experian API exposed credit scores of tens of millions of Americans

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks. Experts from French national cyber-security agency ANSSI have spotted a new Ryuk ransomware variant that implements worm-like capabilities that allow within local networks. “On top of its usual functions, this version holds a new attribute […]

The post New Ryuk ransomware implements self-spreading capabilities appeared first on Security Affairs.

Read More New Ryuk ransomware implements self-spreading capabilities

Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack Microsoft has announced the availability of open-source CodeQL queries that the IT giant used during its investigation into the SolarWinds attack. In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a joint […]

The post Microsoft releases open-source CodeQL queries to assess Solorigate compromise appeared first on Security Affairs.

Read More Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Data Breach: WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket. The server contained 55,000 court papers regarding over 15,000 legal cases, which affected hundreds of thousands of people. What’s Going On? Our online security team has uncovered a massive data breach originating from a misconfigured […]

The post Data Breach: Turkish legal advising company exposed over 15,000 clients appeared first on Security Affairs.

Read More Data Breach: Turkish legal advising company exposed over 15,000 clients

Hackers have broken into the biochemical systems of an Oxford University lab where researchers are working on the study of Covid-19. Hackers compromised the systems at one of the most advanced biology labs at the Oxford University that is involved in the research on the Covid-19 pandemic. The news was disclosed by Forbes and the […]

The post Hackers are selling access to Biochemical systems at Oxford University Lab appeared first on Security Affairs.

Read More Hackers are selling access to Biochemical systems at Oxford University Lab

Dutch Research Council (NWO) confirmed that the recent cyberattack that forced it to take its servers offline was caused by the DoppelPaymer ransomware gang. On February 14, Dutch Research Council (NWO) was hit by a cyber attack that compromised its network and impacted its operations. In response to the incident, the Dutch Research Council (NWO) […]

The post Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack appeared first on Security Affairs.

Read More Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack

The Chinese hacking group, tracked as TA413, used a malicious Firefox add-on in a cyberespionage campaign aimed at Tibetans. China-linked cyberespionage group TA413 targeted Tibetan organizations across the world using a malicious Firefox add-on, dubbed FriarFox, that allowed them to steal Gmail and Firefox browser data and deliver malware on infected systems. “We attribute this […]

The post China-linked TA413 group target Tibetan organizations appeared first on Security Affairs.

Read More China-linked TA413 group target Tibetan organizations

Cisco addressed over a dozen vulnerabilities in its products, including three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. Cisco released security updates to address over a dozen vulnerabilities affecting multiple products, including three critical flaws impacting its ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. The most severe vulnerability […]

The post Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS appeared first on Security Affairs.

Read More Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS

North Korea-linked Lazarus APT group has targeted the defense industry with the custom-backdoor dubbed ThreatNeedle since 2020. North Korea-linked Lazarus APT group has targeted the defense industry with the backdoor dubbed ThreatNeedle since early 2020. The state-sponsored hackers targeted organizations from more than a dozen countries. The experts discovered the custom backdoor while investigating an […]

The post North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor appeared first on Security Affairs.

Read More North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Google Project Zero team disclosed the details of a recently patched remote code execution vulnerability (CVE-2021-24093) in Windows Operating system. White hat hacker at Google Project Zero disclosed the details of a recently patched Windows vulnerability, tracked as CVE-2021-24093, that can be exploited for remote code execution in the context of the DirectWrite client. DirectWrite […]

The post Google discloses technical details of Windows CVE-2021-24093 RCE flaw appeared first on Security Affairs.

Read More Google discloses technical details of Windows CVE-2021-24093 RCE flaw

Ukraine ‘s government attributes a cyberattack on the government document management system to a Russia-linked APT group. The Ukraine ‘s government blames a Russia-linked APT group for an attack on a government document management system, the System of Electronic Interaction of Executive Bodies (SEI EB). According to Ukrainian officials, the hackers aimed at disseminating malicious […]

The post Ukraine: nation-state hackers hit government document management system appeared first on Security Affairs.

Read More Ukraine: nation-state hackers hit government document management system

Vietnam-linked APT32 group targeted Vietnamese human rights defenders (HRDs) between February 2018 and November 2020. Vietnam-linked APT32 (aka Ocean Lotus) group has conducted a cyberespionage campaign targeting Vietnamese human rights defenders (HRDs) and a nonprofit (NPO) human rights organization from Vietnam between February 2018 and November 2020. The threat actors used by spyware to take […]

The post APT32 state hackers target human rights defenders with spyware appeared first on Security Affairs.

Read More APT32 state hackers target human rights defenders with spyware

Hackers posted data stolen from manufacturer of business jets Bombardier on Clop ransomware leak site following alleged FTA hack. Hackers exploited vulnerabilities in Accellion FTA file-sharing legacy servers to steal data from the airplane maker Bombardier and leak data on the site operated by the Clop ransomware gang. The wave of attacks exploiting multiple zero-day […]

The post Airplane manufacturer Bombardier has disclosed a security breach, data leaked online appeared first on Security Affairs.

Read More Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

VMware addressed a critical remote code execution flaw, tracked as CVE-2021-21972, in vCenter Server virtual infrastructure management platform. VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform, tracked as CVE-2021-21972, that could be exploited by attackers to potentially take control of affected systems. vCenter Server is the centralized […]

The post VMware addresses a critical RCE issue in vCenter Server appeared first on Security Affairs.

Read More VMware addresses a critical RCE issue in vCenter Server

Twitter removed dozens of accounts allegedly used by Russia-linked threat actors to disseminate disinformation and target western countries. Twitter has removed dozens of accounts used by Russia-linked threat actors that were used to disseminate disinformation and to target the European Union, the United States, and the NATO alliance. Experts believe the accounts were part of […]

The post Twitter removes 100 accounts linked to Russia disseminating disinformation appeared first on Security Affairs.

Read More Twitter removes 100 accounts linked to Russia disseminating disinformation

IBM has released security patches to address high- and medium-severity vulnerabilities impacting some of its enterprise solutions.  IBM has released security updates to address several high- and medium-severity flaws affecting some of its enterprise products, including IBM Java Runtime, IBM Planning Analytics Workspace, and IBM Kenexa LMS On Premise.  Two issues, tracked as CVE-2020-14782 and […]

The post IBM addressed flaws in Java Runtime, Planning Analytics Workspace, Kenexa LMS appeared first on Security Affairs.

Read More IBM addressed flaws in Java Runtime, Planning Analytics Workspace, Kenexa LMS

FireEye experts linked a series of attacks targeting Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. Security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. “Starting in mid-December 2020, malicious actors that Mandiant […]

The post FIN11 cybercrime group is behind recent wave of attacks on FTA servers appeared first on Security Affairs.

Read More FIN11 cybercrime group is behind recent wave of attacks on FTA servers

Ukraine ‘s government accused unnamed Russian traffic networks as the source of massive attacks on Ukrainian security and defense websites. Today Ukraine accused unnamed Russian internet networks of massive attacks that targeted Ukrainian security and defense websites. The Ukrainian officials did not provide details about the attacks either the damage they have caused. “It was […]

The post Ukraine sites suffered massive attacks launched from Russian networks appeared first on Security Affairs.

Read More Ukraine sites suffered massive attacks launched from Russian networks

The systems of Georgetown County have been hacked at the end of January, and the county staff is still working to rebuild its computer network. The systems of Georgetown County have been hit with a sophisticated cyber attack at the end of January, and the county staff is still working to recover from the incident. […]

The post Georgetown County has yet to recover from a sophisticated cyber attack appeared first on Security Affairs.

Read More Georgetown County has yet to recover from a sophisticated cyber attack

The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group. Check Point Research team discovered that China-linked APT31 group (aka Zirconium.) used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool years […]

The post NSA Equation Group tool was used by Chinese hackers years before it was leaked online appeared first on Security Affairs.

Read More NSA Equation Group tool was used by Chinese hackers years before it was leaked online

An attacker demonstrated this week that Clubhouse chats are not secure, he was able to siphon audio feeds from “multiple rooms” into its own website While the popularity of the audio chatroom app Clubhouse continues to increase experts are questioning the security and privacy level it offers to its users. Recently the company announced it […]

The post An attacker was able to siphon audio feeds from multiple Clubhouse rooms appeared first on Security Affairs.

Read More An attacker was able to siphon audio feeds from multiple Clubhouse rooms

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide. APOMacroSploit is a macro builder that was […]

The post Researchers uncovered a new Malware Builder dubbed APOMacroSploit appeared first on Security Affairs.

Read More Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Experts warn of threat actors using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Experts from BleepingComputer are warning of threat actors that are using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Bad actors publish posts with titles containing popular keywords to […]

The post Experts warn of threat actors abusing Google Alerts to deliver unwanted programs appeared first on Security Affairs.

Read More Experts warn of threat actors abusing Google Alerts to deliver unwanted programs

A white hat hacker has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. The bug bounty hunter Vishal Bharad has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. Bharad was searching for cross-site request forgery (CSRF), insecure direct object […]

The post Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com appeared first on Security Affairs.

Read More Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com

The Federal Bureau of Investigation (FBI) has issued a warning about the risks of telephony denial-of-service (TDoS) attacks on call centers. The United States’ Federal Bureau of Investigation (FBI) is warning of the consequences of telephony denial-of-service (TDoS) attacks on call centers, which in some cases could threaten people’s lives. TDoS attacks could render telephone systems unavailable […]

The post FBI warns of the consequences of telephony denial-of-service (TDoS) attacks appeared first on Security Affairs.

Read More FBI warns of the consequences of telephony denial-of-service (TDoS) attacks

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. PayPal addresses reflected XSS bug in user wallet currency converter The kingpin behind Jokers Stash retires with a […]

The post Security Affairs newsletter Round 302 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 302

The US is going to respond to the SolarWinds supply chain attack within weeks, national security adviser Jake Sullivan told CNN. The US will respond within weeks to the devastating SolarWinds supply cyber attack, national security adviser Jake Sullivan told CNN. “We are in the process now of working through, with the intelligence community and [President […]

The post The US Government is going to respond to the SolarWinds hack very soon appeared first on Security Affairs.

Read More The US Government is going to respond to the SolarWinds hack very soon

Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. SonicWall disclosed a security breach on January 22, it blamed sophisticated threat actors for the intrusion. On January, 29 […]

The post SonicWall releases second firmware updates for SMA 100 vulnerability appeared first on Security Affairs.

Read More SonicWall releases second firmware updates for SMA 100 vulnerability

Experts warn of new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. Malware researchers at Red Canary uncovered a new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. According to data shared by Malwarebytes, as […]

The post Silver Sparrow, a new malware infects Mac systems using Apple M1 chip appeared first on Security Affairs.

Read More Silver Sparrow, a new malware infects Mac systems using Apple M1 chip

MassLogger Windows credential stealer infamous is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. MassLogger Windows credential stealer is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. Cisco Talos experts uncovered attacks against users in Turkey, Latvia, and Italy, the […]

The post New Masslogger Trojan variant exfiltrates user credentials appeared first on Security Affairs.

Read More New Masslogger Trojan variant exfiltrates user credentials

Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are their next targets. The popular security researcher Patrick Wardle discovered one of the first malware designed to target latest generation of Apple devices using the company M1 chip. The discovery suggests threat actors are tailoring […]

The post Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning appeared first on Security Affairs.

Read More Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning

Hackers abuse Google Apps Script to steal credit cards, bypass CSP Attackers are abusing Google’s Apps Script business application development platform to steal payment card information from e-stores. Sansec researchers reported that threat actors are abusing Google’s Apps Script business application development platform to steal credit card data provided by customers of e-commerce websites. “Attackers use […]

The post Hackers steal credit card data abusing Google’s Apps Script appeared first on Security Affairs.

Read More Hackers steal credit card data abusing Google’s Apps Script

RIPE NCC has disclosed a failed credential stuffing attack against its infrastructure, it asking its members to enable 2FA for their accounts. RIPE NCC announced to have suffered a credential stuffing attack attempting to gain access to single sign-on (SSO) accounts. The RIPE NCC is a not-for-profit membership association, a Regional Internet Registry and the […]

The post Credential stuffing attack hit RIPE NCC: Members have to enable 2FA appeared first on Security Affairs.

Read More Credential stuffing attack hit RIPE NCC: Members have to enable 2FA

Microsoft announced that SolarWinds hackers could have had access to repositories containing some components used by Azure, Intune, and Exchange. Microsoft announced that the threat actors behind the SolarWinds supply chain attack could have had access to repositories containing the source code for a limited number of components used by Azure, Intune, and Exchange. In […]

The post SolarWinds hackers had access to components used by Azure, Intune, and Exchange appeared first on Security Affairs.

Read More SolarWinds hackers had access to components used by Azure, Intune, and Exchange

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. WatchDog is one of the largest and longest-lasting Monero cryptojacking operations uncovered by security experts, […]

The post WatchDog botnet targets Windows and Linux servers in cryptomining campaign appeared first on Security Affairs.

Read More WatchDog botnet targets Windows and Linux servers in cryptomining campaign

The OpenSSL Project addressed three vulnerabilities, including two denial-of-service (DoS) issues and a bug in the SSLv2 rollback protection. The OpenSSL Project released security patches to address three vulnerabilities, two denial-of-service (DoS) flaws, and an incorrect SSLv2 rollback protection issue. The fist vulnerability, tracked as CVE-2021-23841, is a NULL pointer dereference issue that can be […]

The post The OpenSSL Project addressed three vulnerabilities appeared first on Security Affairs.

Read More The OpenSSL Project addressed three vulnerabilities

The US DOJ charged three members of the North Korea-linked Lazarus Advanced Persistent Threat (APT) group. The U.S. Justice Department indicted three North Korean military intelligence officials, members of the Lazarus APT group, for their involvement in cyber-attacks, including the theft of $1.3 billion in money and crypto-currency from organizations around the globe. The indictment […]

The post US DoJ charges three members of the North Korea-linked Lazarus APT group appeared first on Security Affairs.

Read More US DoJ charges three members of the North Korea-linked Lazarus APT group

Malvertising gang ScamClub has exploited an unpatched zero-day vulnerability in WebKit-based browsers in a campaign aimed at realizing online gift card scams. The Malvertising gang ScamClub has abused an unpatched zero-day vulnerability in WebKit-based browsers to bypass security measures and redirect users from legitimate sites to websites hosting online gift card scams. The malvertising campaign […]

The post ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams appeared first on Security Affairs.

Read More ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams

French software firm Centreon announced this week that the recently disclosed supply chain attack did not impact its paid customers. The French security agency ANSSI recently warned of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates […]

The post Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software appeared first on Security Affairs.

Read More Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication. Although exists a strong adoption of technologies with the goal of protecting the final user such as plugins, tokens, e-tokens, two-factor-authentication mechanisms, CHIP, PIN […]

The post Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware appeared first on Security Affairs.

Read More Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Experts at Shielder disclosed a flaw in the Telegram app that could have exposed users’ secret messages, photos, and videos to remote attackers. Researchers at cyber security firm Shielder discovered a critical flaw affecting iOS, Android, and macOS versions of the instant messaging app Telegram. The experts discovered that sending a sticker to a Telegram user could […]

The post Telegram flaw could have allowed access to users secret chats appeared first on Security Affairs.

Read More Telegram flaw could have allowed access to users secret chats

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost. ngrok is a cross-platform application used to […]

The post Hackers abusing the Ngrok platform phishing attacks appeared first on Security Affairs.

Read More Hackers abusing the Ngrok platform phishing attacks

Multiple vulnerabilities in the popular file-sharing app SHAREit have yet, to be addressed, experts from Trend Micro warned. SHAREit is a popular file-sharing Android app with more than one billion downloads, experts from Trend Micro discovered multiple unpatched vulnerabilities in its code. The vulnerabilities impact the Android version of SHAREit, a mobile app that allows users […]

The post Popular SHAREit app is affected by severe flaws yet to be fixed appeared first on Security Affairs.

Read More Popular SHAREit app is affected by severe flaws yet to be fixed

Experts discovered a new Bluetooth overlay skimmer that interferes with the ability of the terminal to read chip-based cards, forcing the use of the stripe. The popular investigator Brian Krebs reported the discovery of a new Bluetooth overlay skimmer that interfered with the terminal’s ability to read chip-based cards, forcing the use of the magnetic […]

The post A new Bluetooth overlay skimmer block chip-based transactions appeared first on Security Affairs.

Read More A new Bluetooth overlay skimmer block chip-based transactions

VMware released security patches for a potentially serious vulnerability affecting the vSphere Replication product. VMware has recently released security patches to address a serious command injection vulnerability, tracked as CVE-2021-21976, in its vSphere Replication product. VMware vSphere Replication is an extension to VMware vCenter Server that provides hypervisor-based virtual machine replication and recovery. vSphere Replication […]

The post VMware fixes command injection issue in vSphere Replication appeared first on Security Affairs.

Read More VMware fixes command injection issue in vSphere Replication

French agency ANSSI attributes a series of attacks targeting Centreon servers to the Russia-linked Sandworm APT group. The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back […]

The post France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers appeared first on Security Affairs.

Read More France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack Microsoft’s analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers. Microsoft president Brad Smith provided further details about the investigation of the SolarWinds supply chain attack, the company’s analysis of […]

The post The malicious code in SolarWinds attack was the work of 1,000+ developers appeared first on Security Affairs.

Read More The malicious code in SolarWinds attack was the work of 1,000+ developers

An international operation conducted in Ukraine and France lead to the arrest of criminals believed to be affiliated with the Egregor RaaS. Some affiliated with the Egregor RaaS, not the main ransomware gang, have been arrested as a result of a joint operation conducted by law enforcement in Ukraine and France. Authorities did not reveal […]

The post French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine appeared first on Security Affairs.

Read More French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine