Security Affairs

OCTOBER 18, 2023

Researchers from Claroty’s Team82 discovered a vulnerability, tracked as CVE-2023-2729 (CVSS score 5.9), in Synology DiskStation Manager (DSM). Then they used the password to login to the admin account (after enabling it). The vendor addressed the vulnerability with the release of updates in June 2023. 64561 or above.”

Accountability 121

Accountability Passwords Hacking Internet 121

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST.

Passwords 114

Passwords Authentication Architecture Risk 114

Security Affairs

FEBRUARY 13, 2024

Maintainers behind the Ransomfeed platform have released Q3 Report 2023 including activities of 185 criminal groups operating worldwide. This report offers an exhaustive account of ransomware threats in the third quarter of 2023, spotlighting activities monitored by the OSINT Ransomfeed platform.

Ransomware 108

Ransomware Data collection Hacking Cybersecurity 108

Security Affairs

JANUARY 1, 2024

These are the Top 2023 Security Affairs cybersecurity stories … enjoy it. RESEARCHER DISCOVERED A NEW LOCK SCREEN BYPASS BUG FOR ANDROID 14 AND 13 Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts.

Cybersecurity 111

Cybersecurity Spyware Data breaches Passwords 111

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. In March 2023, Microsoft published guidance for investigating attacks exploiting the patched Outlook vulnerability tracked as CVE-2023-23397.

Accountability 107

Accountability Government Phishing Authentication 107

Security Affairs

FEBRUARY 3, 2024

A vulnerability impacting the decentralized social network Mastodon can be exploited by threat actors to impersonate and take over any account. A security flaw, tracked as CVE-2024-23832 (CVSS score 9.4), in the decentralized social network Mastodon can be exploited to impersonate and take over any account.

Accountability 108

Accountability Media Hacking Information Security 108

Security Affairs

JANUARY 19, 2024

Ransomware groups claimed that they successfully targeted 4191 victims in 2023, Cybernews researchers report. of attacks in 2023), while summer was the most active for ransomware attacks (30.4%). The top 10 groups, based on the number of victims, collectively account for 59% of the total victims in 2023.

Ransomware 123

Ransomware Manufacturing Retail Insurance 123

Security Affairs

OCTOBER 31, 2023

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. The attacker can then use that account to gain control of the affected system.”

Internet 126

Internet Internet Software Accountability 126

Security Affairs

OCTOBER 4, 2023

Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software. The flaw CVE-2023-22515 is a privilege escalation vulnerability that affects Confluence Data Center and Server 8.0.0 and later.

Software 122

Software Accountability Authentication Internet 122

Security Affairs

APRIL 29, 2024

Google announced that in 2023, they have prevented 2.28 This amazing result was possible thanks to the introduction of enhanced security features, policy updates, and advanced machine learning and app review processes. These efforts resulted in the ban of 333,000 accounts for confirmed malware and repeated severe policy breaches.

Accountability 100

Accountability Malware Hacking Risk 100

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Spyware 120

Spyware Surveillance Software Hacking 120

Security Affairs

MAY 25, 2024

The MITRE Corporation revealed that threat actors behind the December 2023 attacks created rogue virtual machines (VMs) within its environment. The MITRE Corporation has provided a new update about the December 2023 attack. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks.

Risk 97

Risk Accountability Cyber threats Hacking 97

Security Affairs

NOVEMBER 29, 2023

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. On Thursday, October 19, Okta advised customers of a security incident.

Social Engineering 109

Social Engineering Authentication Engineering Accountability 109

Security Affairs

OCTOBER 20, 2023

More than 40,000 Cisco IOS XE devices have been compromised in attacks exploiting recently disclosed critical vulnerability CVE-2023-20198. Whatever you were thinking about CVE-2023-20198 ( #Cisco IOS EX) it's 100x worst. The attacker can then use that account to gain control of the affected system.”

Hacking 121

Hacking Internet Internet Accountability 121

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. I have fixed your RIPE admin account security.

Internet 112

Internet Internet Accountability Passwords 112

Security Affairs

MARCH 29, 2023

OpenAI addressed multiple severe vulnerabilities in the popular chatbot ChatGPT that could have been exploited to take over accounts. OpenAI addressed multiple severe vulnerabilities in ChatGPT that could have allowed attackers to take over user accounts and view chat histories. Attack Flow: 1. Victims visit the legitimate link.

Accountability 88

Accountability Authentication Hacking Information Security 88

Security Affairs

MARCH 26, 2023

Microsoft is warning of cyber attacks exploiting a recently patched Outlook vulnerability tracked as CVE-2023-23397 (CVSS score: 9.8). Microsoft published guidance for investigating attacks exploiting recently patched Outlook vulnerability tracked as CVE-2023-23397. ” concludes the guidance.

Authentication 95

Authentication Accountability Cyber Attacks Hacking 95

Security Affairs

JULY 3, 2023

Collective Anonymous Sudan has been active since January 2023, it claims to target any country that is against Sudan. However, some security researchers believe that Anonymous Sudan is a sub-group of the Pro-Russian threat group Killnet. However, Anonymous Sudan has announced to have stolen credentials for 30 million customer accounts.

Accountability 91

Accountability DDOS Data breaches Hacking 91

Security Affairs

OCTOBER 17, 2023

Threat actors exploited the recently disclosed zero-day flaw (CVE-2023-20198) in a large-scale hacking campaign on Cisco IOS XE devices. Threat actors have exploited the recently disclosed critical zero-day vulnerability ( CVE-2023-20198 ) to compromise thousands of Cisco IOS XE devices, security firm VulnCheck warns.

Internet 116

Internet Internet Hacking Accountability 116

Security Affairs

MARCH 22, 2023

A tainted version of the legitimate ChatGPT extension for Chrome, designed to steal Facebook accounts, has thousands of downloads. Guardio ’s security team uncovered a new variant of a malicious Chat-GPT Chrome Extension that was already downloaded by thousands a day. Left: The “FakeGPT” Variant on Chrome Store.

Accountability 91

Accountability Encryption Hacking Cybercrime 91

Security Affairs

APRIL 25, 2023

VMware released security updates to address two zero-day vulnerabilities ( CVE-2023-20869, CVE-2023-20870 ) that were chained by the STAR Labs team during the Pwn2Own Vancouver 2023 hacking contest against Workstation and Fusion software hypervisors. They earned $80,000 and 8 Master of Pwn points.

Hacking 98

Hacking Education Software Media 98

Security Affairs

APRIL 12, 2023

SAP April 2023 security updates include a total of 24 notes, 19 of which are new vulnerabilities. CVE-2023-28765 : An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) – versions 420, 430, can exploit the issue to access to lcmbiar file and further decrypt the file.

Education 87

Education Media Authentication Passwords 87

Security Affairs

APRIL 19, 2023

Google rolled out emergency fixes to address another actively exploited high-severity zero-day flaw, tracked as CVE-2023-2136 , in its Chrome web browser. The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023.

Education 93

Education Media Engineering Hacking 93

Security Affairs

MAY 1, 2023

The IT giant also announced it has banned 173k developer accounts and prevented over $2 billion in fraudulent and abusive transactions. ” The company explained that in 2022, the App Security Improvements program helped developers to address approximately 500K security weaknesses affecting approximately 300K apps. .

Accountability 92

Accountability Education Media Hacking 92

Security Affairs

JANUARY 11, 2023

Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day. One of the flaws addressed this month, tracked as CVE-2023-21674 (CVSS score 8.8), is listed as being in the wild at the time of release. Another issue fixed by Microsoft is the CVE-2023-21549 (CVSS Score 8.8)

Internet 97

Internet Internet Backups Hacking 97

Security Affairs

APRIL 14, 2023

Google released an emergency security update to address the first Chrome zero-day vulnerability (CVE-2023-2033) in 2023, the company is aware of attacks in the wild exploiting the issue. The vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11. “Type Confusion in V8.

Education 88

Education Media Engineering Hacking 88

SecureList

JANUARY 18, 2023

Last year, the cybersecurity of corporations and government agencies was more significant than ever before, and will become even more so in 2023. The trend for personal data leaks grew rapidly in 2022 and will continue into 2023. More personal data leaks; corporate email at risk. The number of fake reports grows along with that.

Media 114

Media Social Engineering Ransomware Hacking 114

Security Affairs

MAY 30, 2023

The adoption of 2FA aims at protecting maintainers’ account takeover as explained in the official announcement. ” reads the announcement. “Between now and the end of the year, PyPI will begin gating access to certain site functionality based on 2FA usage. .

Authentication 88

Authentication Accountability Hacking Malware 88

Security Affairs

MAY 21, 2024

The vendor responded to the vulnerability reports submitted between December 12, 2023, and January 23, 2024, with multiple delays and has fixed only four of the fifteen flaws. At this time, QNAP only addressed CVE-2023-50361, CVE-2023-50362, CVE-2023-50363, and CVE-2023-50364 with the release of a security update in April 2024.

Authentication 103

Authentication Accountability Social Engineering Engineering 103

Security Affairs

AUGUST 1, 2023

Researchers spotted a Python variant of the NodeStealer that was designed to take over Facebook business accounts and cryptocurrency wallets. The malicious code was designed to take over Facebook business accounts and steal funds from cryptocurrency wallets. ” reads the analysis published by Palo Alto Networks.

Accountability 92

Accountability Cryptocurrency Malware Phishing 92

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February 2023, the IT giant reported. Ahead of the U.S.

Accountability 93

Accountability Phishing Financial Services Surveillance 93

Security Affairs

MARCH 2, 2023

The popular data breach notification service HaveIBeenPwned reported that the hack took place in December and impacted 565k user accounts, it also added that 83% of the records were already in HIBP database. The breach likely exposed personal customer information like names, addresses, and email addresses. New breach: GunAuction[.]com

Accountability 86

Accountability Hacking Data breaches Passwords 86

Security Affairs

MAY 15, 2023

DRM Dashboard Ransomware Monitor released the first quarterly report for the year 2023 about the activities of ransomware groups globally. DRM Dashboard Ransomware Monitor, an independent platform of cybersecurity monitoring, is pleased to release the quarterly the DRM-Report for the first quarter of 2023.

Ransomware 82

Ransomware Cybercrime Cybersecurity Hacking 82

Security Affairs

APRIL 3, 2023

31, 2023 – Wiz Research reported the Bing issue to MSRC Jan. 31, 2023 – MSRC issues initial fix to Bing app Feb. 25, 2023 – Wiz Research reported the other vulnerable applications to MSRC Feb. 27, 2023 – MSRC starts issuing fixes for said applications Mar. 28, 2023 – MSRC awards Wiz Research with $40,000 bug bounty Mar.

Accountability 84

Accountability Education Media Authentication 84

Security Affairs

JUNE 22, 2023

The proof-of-concept (PoC) exploit code for high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure was published online. Cisco credited the researcher Filip Dragovic for reporting the CVE-2023-20178, the expert also released a PoC that triggers an arbitrary file delete with System privileges.

VPN 95

VPN Mobile Software Authentication 95

Security Affairs

AUGUST 24, 2023

The FBI warned that patches for a critical Barracuda ESG flaw CVE-2023-2868 are “ineffective” and patched appliances are still being hacked. The Federal Bureau of Investigation warned that security patches for critical vulnerability CVE-2023-2868 in Barracuda Email Security Gateway (ESG) are “ineffective.”

Hacking 83

Hacking Malware Phishing Network Security 83

Security Affairs

APRIL 9, 2024

“An error in the account handler lets an attacker skip the PIN verification entirely and create a privileged user profile.” running on OLED55A23LA Below is the disclosure timeline: November 01, 2023: Vendor disclosure November 15, 2023: Vendor confirms the vulnerabilities. ” reads the advisory.

Hacking 126

Hacking Internet Internet Authentication 126