Category Archives: Newsletter

Security Affairs newsletter Round 226

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs

Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog.

Once again thank you!

DealPly adware abuses reputation services to remain under the radar
Houston County Schools in Alabama delayed the school years opening due to a malware attack
Poshmark, the social commerce marketplace, discloses a data breach
Fraudster stole $870,000 from 2 US universities with spear-phishing mails
GermanWiper, a data-wiping malware that is targeting Germany
Hacking Radio Blasting Systems for Fun & Explosions
Machete cyber-espionage group targets Latin America military
StockX hacked, customers data offered for sale on the dark web
The US Gov is testing high-altitude balloons for surveillance
CafePress Data Breach exposes technical details of 23 Million users
Crooks turn victims into money mules via confidence/romance scams
Expert publicly disclosed a zero-day vulnerability in KDE
QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air
Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks
The Evolution of Aggah: From Roma225 to the RG Campaign
New Lord Exploit Kit appears in the threat landscape
OilRig APT group: the evolution of attack techniques over time
SWAPGS Attack – A new Spectre-V1 attack affects modern chips
The number of exploits in the Echobot botnet reached 59
American Insurance firm State Farm victim of credential stuffing attacks
Cisco addressed critical flaws in Cisco Small Business 220 Series Smart Switches
New strain of Clipsa malware launches brute-force attacks on WordPress sites
WhatsApp flaws allow the attackers to manipulate conversations
3Fun Dating App leaked members location and personal details
A Zero-Day in Steam client for Windows affects over 100 Million users
Apple announces major changes to its bug bounty program, including higher rewards
Emsisoft released a free decryptor for JSWorm 4.0
Android Apps containing Clicker Trojan installed on over 100M devices
City of Naples, Florida, lost $700K after a cyberattack
Varenyky Spambot Trojan targets French users in alleged sextortion campaign

Pierluigi Paganini

(SecurityAffairs – newsletter)

The post Security Affairs newsletter Round 226 appeared first on Security Affairs.

Security Affairs newsletter Round 224 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Kindle Edition

Paper Copy

newsletter Digging The Deep Web

Once again thank you!

Emsisoft releases a second decryptor in a few days, this time for ZeroFucks ransomware
Hackers breach 62 US colleges by allegedly exploiting Ellucian Banner Web flaw
Twitter account of Scotland Yard hacked and posted bizarre messages
WizzAir informed customers it forced a password reset on their accounts
BlackBerry Cylance addresses AI-based antivirus engine bypass
Hackers published a list of allegedly phished Discord login credentials
Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens
New APT34 campaign uses LinkedIn to deliver fresh malware
WSJ says Equifax to Pay $700 million settlement for 2017 breach
A new ProFTPD vulnerability exposes servers to hack
CERT-Bund warns of a critical vulnerability in VLC player
Comodo Antivirus is affected by several vulnerabilities
Czech public radio says Huawei Czech Unit secretly collected data
Experts spotted P2P worm spreading Crypto-Miners in the wild
China-Linked APT15 group is using a previously undocumented backdoor
Computers at Indiana County infected with a ransomware
Emsisoft releases the third decryptor in a few days, this time for LooCipher ransomware
Malvertising campaign exploits recently disclosed WordPress Plugin flaws
US authorities have sentenced to prison 3 Romanian men who hacked US servers
Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks
FTC fines Facebook $5B and obliges it to adopt a new privacy framework
German firms BASF, Siemens, Henkel hit by cyber attacks
New variant of Linux Botnet WatchBog adds BlueKeep scanner
Stock trading service Robinhood stored passwords in plaintext for some users
A flaw in LibreOffice could allow the hack of your PC
Imperva blocked the largest Layer 7 DDoS attack it has ever seen
Irish Silk Road admin sentenced to 78 months in federal prison
Johannesburg residents left in the dark after a ransomware attack at City Power
Hackers inject Magecart multi-gateway skimmer in fake Google domains
Marcus Hutchins sentenced to supervised release, no jail for the expert
More Ransom project has helped victims to save $108 million of ransom
No More Ransom project has helped victims to save $108 million of ransom

Pierluigi Paganini

(SecurityAffairs – newsletter)



The post Security Affairs newsletter Round 224 – News of the week appeared first on Security Affairs.

Security Affairs newsletter Round 223 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Kindle Edition

Paper Copy

newsletter Digging The Deep Web

Once again thank you!

For nearly a year, Brazilian users have been targeted with router attacks
NCSC report warns of DNS Hijacking Attacks
SAP Patch Day – July 2019 addresses a critical flaw in Diagnostics Agent
A flaw could have allowed hackers to take over any Instagram account in 10 minutes
Apple temporarily blocked Walkie-Talkie App on Apple Watch due to a flaw
Emsisoft released a free decryptor for the Ims00rry ransomware
Flaw in Ad Inserter WordPress plugin allows remote attackers to execute code
La Porte County finally opted to pay $130,000 Ransom
The npm installer for PureScript package has been compromised
A flaw in discontinued Iomega/Lenovo NAS devices exposed millions of files
DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape
iOS URL Scheme expose users to App-in-the-Middle attack
Media File Jacking allows manipulating media files users receive via Android WhatsApp and Telegram
Mysterious hackers steal data of over 70% of Bulgarians
Sprint revealed that hackers compromised some customer accounts via Samsung site
Anti-Debugging Techniques from a Complex Visual Basic Packer
Expert was awarded $10,000 for disclosing XSS flaw to Tesla
Turla APT group adds Topinambour Trojan to its arsenal
CVE-2019-6342 flaw allows hackers to fully compromise Drupal 8.7.4 websites
Experts detailed new StrongPity cyberespionage campaigns
Experts spotted a rare Linux Desktop spyware dubbed EvilGnome
Scraping the TOR for rare contents
The Problem With the Small Business Cybersecurity Assistance Act
Dutch police arrested the author of Dryad and Rubella Macro Builders
Israel surveillance firm NSO group can mine data from major social media
Poland and Lithuania fear that data collected via FaceApp could be misused
Slack resetting passwords for roughly 1% of its users
Former NSA contractor sentenced to 9 years for stealing classified data

Pierluigi Paganini

(SecurityAffairs – newsletter)

The post Security Affairs newsletter Round 223 – News of the week appeared first on Security Affairs.

Security Affairs newsletter Round 222 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Kindle Edition

Paper Copy

newsletter Digging The Deep Web

Once again thank you!

Croatia government agencies targeted with news SilentTrinity malware
Customers of 7-Eleven Japan lost $500,000 due to a flaw in the mobile app
Hackers compromised a Canonical GitHub account, Ubuntu source code was not impacted
Backdoor mechanism found in Ruby strong_password library
Cyberattack shuts down La Porte County government systems
Experts uncovered a new Magecart campaign that hacked over 960 stores
Hackers are poisoning the PGP SKS keyserver network poisoned
Spotting RATs: Delphi wrapper makes the analysis harder
UK ICO fines British Airways £183 Million under GDPR over 2018 security breach
A new Astaroth Trojan Campaign uncovered by Microsoft
Flaw in Zoom video conferencing software lets sites take over webcam on Mac
Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016
Maryland Department of Labor discloses a data breach
Prototype Pollution flaw discovered in all versions of Lodash Library
Adobe Patch Tuesday updates for July 2019 address only 5 minor flaws
Kali Linux is now available for Raspberry Pi 4
Microsoft released Patch Tuesday security updates for July 2019
Parents Guide for Safe YouTube and Internet Streaming for Kids
Severe vulnerabilities allow hacking older GE anesthesia machines
UK ICO proposes a $123 million fine for Marriott 2014 data breach
A new NAS Ransomware targets QNAP Devices
Agent Smith Android malware already infected 25 million devices
Intel addresses high severity flaw in Processor Diagnostic Tool
New FinFisher spyware used to spy on iOS and Android users in 20 countries
CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack
Exclusive, experts at Yoroi-Cybaze ZLab released a free decryptor for Loocipher Ransomware
Hackers stole $32 million from Bitpoint cryptocurrency exchange
New Miori botnet has a unique protocol for C2 communication
FTC approves a record $5 billion settlement with Facebook over Cambridge Analytica scandal
Magecart group infected over 17,000 domains via unprotected AWS S3 Buckets

Pierluigi Paganini

(SecurityAffairs – newsletter)

The post Security Affairs newsletter Round 222 – News of the week appeared first on Security Affairs.