Security Affairs

MARCH 9, 2024

Researchers warn that the critical vulnerability CVE-2024-21762 in Fortinet FortiOS could potentially impact 150,000 exposed devices. In February, Fortinet warned that the critical remote code execution vulnerability CVE-2024-21762 (CVSS score 9.6) in FortiOS SSL VPN was actively exploited in attacks in the wild.

Internet 142

Internet Internet VPN Engineering 142

Security Affairs

FEBRUARY 14, 2024

Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software. The vulnerability CVE-2024-24691 is an improper input validation bug that could be exploited by an attacker with network access to escalate privileges. ” reads the advisory.

Software 129

Software Authentication Mobile Hacking 129

Security Affairs

APRIL 6, 2024

Shadowserver researchers reported that roughly 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to the recently reported RCE flaw CVE-2024-21894. The flaw CVE-2024-21894 (CVSS score 8.2) is a heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x,

VPN 121

VPN Internet Internet Hacking 121

Security Affairs

APRIL 26, 2024

Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks targeting the critical severity vulnerability CVE-2024-4040. CVE-2024-4040 is a CrushFTP VFS sandbox escape vulnerability.

Internet 111

Internet Internet Software Hacking 111

Security Affairs

JANUARY 28, 2024

Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released. Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897 , have been made public.

Authentication 134

Authentication Internet Internet Hacking 134

Security Affairs

MAY 14, 2024

Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across various products including an actively exploited zero-day. CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability An attacker can exploit this vulnerability to gain SYSTEM privileges. ” reads the advisory.

Mobile 114

Mobile Hacking Information Security 114

Security Affairs

FEBRUARY 14, 2024

Microsoft Patch Tuesday security updates for February 2024 addressed 72 flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2024 resolved a total of 72 vulnerabilities, including two actively exploited zero-days.

Information Security 123

Information Security Internet Internet Ransomware 123

Security Affairs

JANUARY 22, 2024

Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking , CVE-2024-23222) The issue is actively exploited in the wild.

Hacking 128

Hacking Information Security 128

Security Affairs

MARCH 12, 2024

Microsoft Patch Tuesday security updates for March 2024 addressed 59 security vulnerabilities in its products, including RCE flaws. Microsoft released Patch Tuesday security updates for March 2023 that address 59 security vulnerabilities in its products. The company also fixed five additional Chromium flaws.

Internet 125

Internet Internet Authentication Hacking 125

Security Affairs

JANUARY 16, 2024

Google has released security updates to address the first Chrome zero-day vulnerability of the year that is actively being exploited in the wild. The high-serverity vulnerability, tracked as CVE-2024-0519 , is an out of bounds memory access in the Chrome JavaScript engine. The flaw was reported by Anonymous on January 11, 2024.

Engineering 127

Engineering Hacking Information Security 127

Security Affairs

DECEMBER 26, 2023

Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape Forecast. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 100 and government agencies worldwide, has compiled a comprehensive forecast outlining the imminent threats and novel security challenges anticipated in the upcoming year.

Cyber threats 127

Cyber threats Energy and Utilities Artificial Intelligence Cyber Attacks 127

Security Affairs

JANUARY 9, 2024

Microsoft Patch Tuesday security updates for January 2024 addressed a total of 49 flaws, including two critical vulnerabilities. The critical vulnerabilities are: CVE-2024-20700 – Windows Hyper-V Remote Code Execution Vulnerability. CVE-2024-20674 – Windows Kerberos Security Feature Bypass Vulnerability.

Authentication 122

Authentication Internet Internet Hacking 122

Security Affairs

MAY 15, 2024

An international law enforcement operation coordinated by the FBI led to the seizure of the notorious BreachForums hacking forum. BreachForums is a cybercrime forum used by threat actors to purchase, sell, and exchange stolen data, including credentials, and personal and financial information. In March 2023, U.S.

Hacking 123

Hacking Cybercrime Information Security 123

Security Affairs

FEBRUARY 20, 2024

Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The IT giant addressed the issue with the release of Patch Tuesday security updates for February 2024. Out of 97,000 servers, 28,500 have been verified to be vulnerable to CVE-2024-21410.

Authentication 132

Authentication Internet Internet Ransomware 132

Security Affairs

FEBRUARY 28, 2024

VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. Key Findings from the “Email Security in 2024” Report In an exhaustive review, VIPRE processed 7.2

Phishing 128

Phishing Identity Theft Scams Malware 128

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10.

Firmware 123

Firmware Authentication Engineering Hacking 123

Security Affairs

MAY 11, 2024

The threat actor IntelBroker announced on the cybercrime forum Breach the hack of the European law enforcement agency Europol. “In May 2024, Europol suffered a data breach and lead to the exposure of FOUO and classified data.” Thanks for reading, enjoy!” ” announced the hacker.

Hacking 113

Hacking Data breaches Cybercrime Cryptocurrency 113

Security Affairs

MAY 21, 2024

The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States. The gang published a series of documents as proof of the hack, including people’s ID cards, data sheets, payroll payment requesters and a picture of the folder exfiltrated from the victim’s systems.

Hacking 135

Hacking Ransomware Phishing Malware 135

Security Affairs

JANUARY 4, 2024

The X account of cybersecurity giant Mandiant was hacked, attackers used it to impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam.

Scams 121

Scams Cryptocurrency Accountability Hacking 121

Security Affairs

FEBRUARY 26, 2024

Recently the leak of a collection of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities. Recently someone has leaked on GitHub [ 1 , 2 ] a collection of files apparently stolen from the Chinese hacking firm, I-Soon.

Hacking 122

Hacking Government Spyware Marketing 122

Security Affairs

JANUARY 24, 2024

Researchers with cybersecurity firm Horizon3’s Attack Team published technical details of the recently disclosed vulnerability CVE-2024-0204 impacting Fortra GoAnywhere MFT. The security experts also published a proof-of-concept (PoC) exploit that allows the creation of new admin users on vulnerable instances exposed online.

Authentication 124

Authentication Hacking Engineering Encryption 124

Security Affairs

DECEMBER 27, 2023

Elections are scheduled in several countries worldwide in 2024, with potential geopolitical implications. The 2024 European Union elections face threats from content generated through these platforms. Key events include the European Parliament elections in June, the U.S.

Artificial Intelligence 128

Artificial Intelligence Media Government Technology 128

Security Affairs

JANUARY 10, 2024

Cisco addressed a critical Unity Connection security flaw that can be exploited by an unauthenticated attacker to get root privileges. Cisco has addressed a critical flaw, tracked as CVE-2024-20272, in its Unity Connection that can be exploited by a remote, unauthenticated attacker to gain root privileges on vulnerable devices.

Authentication 127

Authentication Hacking Software Information Security 127

Security Affairs

APRIL 9, 2024

December 14, 2023: Vendor requests extension March 22, 2024: Patch release April 09, 2024: Public release of this report Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, smart TVs) running on LG43UM7000PLA webOS 5.5.0 – 04.50.51

Hacking 131

Hacking Internet Internet Authentication 131

Security Affairs

FEBRUARY 26, 2024

The popular hacker IntelBroker announced that it had hacked the Los Angeles International Airport by exploiting a flaw in one of its CRM systems. The security breach did not impact travelers. Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini ( SecurityAffairs – hacking, LA International Airport)

Hacking 127

Hacking Data breaches Cybercrime Information Security 127

Security Affairs

MAY 16, 2024

Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-4947, in the Chrome browser, it is the third zero-day exploited in attacks that was disclosed this week. The vulnerability CVE-2024-4947 is a type confusion that resides in V8 JavaScript engine.

Engineering 115

Engineering Hacking Information Security 115

Security Affairs

MAY 10, 2024

Google this week released security updates to address a zero-day flaw, tracked as CVE-2024-467, in Chrome browser. The flaw was reported by an anonymous researcher on May 7, 2024. “Google is aware that an exploit for CVE-2024-4671 exists in the wild.” ” reads the advisory published by Google. .

Engineering 121

Engineering Hacking Information Security 121

Security Affairs

MAY 14, 2024

Google has released emergency security updates to address a high-severity zero-day vulnerability vulnerability, tracked as CVE-2024-4761, in the Chrome browser. “CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous on 2024-05-09″ reads the advisory. 208 for Mac/Windows and 124.0.6367.207 for Linux.

Engineering 123

Engineering Hacking Information Security 123

Security Affairs

MARCH 13, 2024

Acer Philippines disclosed a data breach after employee data was leaked by a threat actor on a hacking forum. In our commitment to full transparency, we wish to inform you of a recent security incident involving a third-party vendor managing employee attendance data.

Data breaches 125

Data breaches Computers and Electronics Hacking Cybercrime 125

Security Affairs

MAY 24, 2024

Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in the Chrome browser. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-5274, in the Chrome browser, it is the eighth zero-day exploited in attacks disclosed this year.

Engineering 112

Engineering Hacking Risk Information Security 112

Security Affairs

APRIL 3, 2024

Google fixed another Chrome zero-day vulnerability exploited during the Pwn2Own hacking competition in March. Google has addressed another zero-day vulnerability in the Chrome browser, tracked as CVE-2024-3159, that was exploited during the Pwn2Own hacking competition in March, 2024.

Hacking 123

Hacking Engineering Network Security Information Security 123

Security Affairs

MAY 30, 2024

Early this week, the security firm warned of a surge in attacks aimed at VPN solutions. The vulnerability CVE-2024-1086 is a Linux kernel use-after-free issue that resides in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation. Impacted versions are R80.20.x, x, and R81.20.

VPN 119

VPN Firewall Hacking Risk 119

Security Affairs

NOVEMBER 14, 2023

Resecurity uncovered several episodes of attacks against nuclear operators – area of major concern for national security.

Ransomware 127

Ransomware Cyber threats Government Hacking 127

Security Affairs

MAY 17, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added [ 1 , 2 ] the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-4761 Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. CVE-2024-4761 June 6, 2024.

Engineering 116

Engineering Hacking Risk Cybersecurity 116

Security Affairs

JUNE 1, 2024

ShinyHunters, the current administrator of BreachForums , recently claimed the hack of Ticketmaster and offered for sale 1.3 On May 20, 2024, Live Nation Entertainment, Inc. On May 27, 2024, a criminal threat actor offered what it alleged to be Company user data for sale via the dark web.

Data breaches 116

Data breaches Hacking Accountability Risk 116

Security Affairs

MAY 28, 2024

Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution. Security researchers at Horizon3’s Attack Team released a proof-of-concept (PoC) exploit for a remote code execution issue, tracked as CVE-2024-23108 , in Fortinet’s SIEM solution.

Internet 124

Internet Internet Hacking Cybersecurity 124

Security Affairs

MAY 15, 2024

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-30284 Out-of-bounds Write ( CWE-787 ) Arbitrary code execution Critical 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-30310 Use After Free ( CWE-416 ) Arbitrary code execution Critical 7.8

Software 120

Software Hacking Information Security 120