Security Affairs

OCTOBER 26, 2019

Experts warn of a remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. A remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. — BECHED (@ahack_ru) October 22, 2019. Pierluigi Paganini.

Hacking 72

Hacking Advertising Information Security 72

Security Affairs

AUGUST 22, 2023

Snatch gang claims the hack of the Department of Defence South Africa and added the military organization to its leak site. In October 2022, the Snatch ransomware group claimed to have hacked the French company HENSOLDT France. The Snatch ransomware group added the Department of Defence South Africa to its data leak site.

Hacking 94

Hacking Computers and Electronics Ransomware Risk 94

Security Affairs

MARCH 7, 2020

A new vulnerability, tracked as CVE-2019-0090 , affects all Intel chips that could allow attackers to bypass every hardware-enabled security technology. Security experts from Positive Technologies warn of a new vulnerability, tracked as CVE-2019-0090, that affects all Intel processors that were released in the past 5 years.

Firmware 129

Firmware Technology Advertising Authentication 129

Security Affairs

OCTOBER 31, 2022

The Snatch ransomware group claims to have hacked HENSOLDT France, a company specializing in military and defense electronics. The Snatch ransomware group claims to have hacked the French company HENSOLDT France. The group has published a sample of the stolen data (94 MB) as proof of the hack. Pierluigi Paganini.

Computers and Electronics 104

Computers and Electronics Hacking Ransomware Data breaches 104

Security Affairs

NOVEMBER 7, 2019

Bug hunters have earned a total of $195,000 for finding flaws in TVs, routers and smartphones on the first day of the Pwn2Own Tokyo 2019 contest. Pwn2Own is the annual hacking contest event organized by Trend Micro’s Zero Day Initiative (ZDI). The security duo exploited a JavaScript out-of-bounds read flaw in the built-in web browser.

Hacking 60

Hacking Advertising Firmware Information Security 60

Security Affairs

FEBRUARY 28, 2021

The New Zealand-based cryptocurrency exchange Cryptopia suffered a new cyber heist while it is in liquidation due to a 2019 security breach. In 2019, the New Zealand-based cryptocurrency exchange Cryptopia discloses a cyber attack that took place on January 14th. SecurityAffairs – hacking, Cryptopia). Pierluigi Paganini.

Cryptocurrency 108

Cryptocurrency Hacking Cyber Attacks Accountability 108

Security Affairs

JANUARY 27, 2020

Citrix has released security patches for the recently disclosed CVE-2019-19781 flaw, but the number of attacks on vulnerable systems is increasing. Last week, Citrix addressed the actively exploited CVE-2019-19781 flaw in Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances.

Advertising 91

Advertising Hacking Technology Information Security 91

Security Affairs

AUGUST 29, 2022

SecurityAffairs – hacking, Nitrokod ). The post Nitrokod crypto miner infected systems across 11 countries since 2019 appeared first on Security Affairs. Check Point shared Indicators of Compromise (IoCs) for this campaign. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Malware 94

Malware Software Internet Internet 94

Security Affairs

DECEMBER 23, 2019

Critical CVE-2019-19781 flaw in Citrix NetScaler ADC and Citrix NetScaler Gateway could be exploited to access company networks, 80,000 companies at risk worldwide. The CVE-2019-19781 vulnerability was discovered by Mikhail Klyuchnikov from Positive Technologies. SecurityAffairs – Citrix, CVE-2019-19781). Pierluigi Paganini.

Risk 97

Risk Technology Advertising Internet 97

Security Affairs

FEBRUARY 12, 2020

The FBI’s Internal Crime Complaint Center (IC3) released the FBI 2019 Internet Crime Report , a document that outlines cybercrime trends over the past year. Here we are to analyze the annual FBI 2019 Internet Crime Complaint Center (IC3) , one of the most interesting documents on the crime trends observed in the last 12 months.

Internet 111

Internet Internet Scams Cybercrime 111

Security Affairs

NOVEMBER 10, 2021

Around five million cyber attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China. Cyber security department director Chien Hung-wei told parliament representatives that government infrastructure faces “five million attacks and scans a day” . Pierluigi Paganini.

Government 124

Government Hacking Cyber Attacks Information Security 124

Security Affairs

MAY 28, 2020

National Security Agency (NSA) is warning that Russia-linked APT group tracked Sandworm Team has been exploiting a critical vulnerability (CVE-2019-10149) in the Exim mail transfer agent (MTA) software since at least August 2019. The CVE-2019-10149 flaw, aka “The Return of the WIZard,” affects versions 4.87

Software 100

Software System Administration Advertising Technology 100

Security Affairs

MARCH 2, 2024

In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. The legal action alleges that the Israeli surveillance firm tried to compromise approximately 1,400 individuals through WhatsApp hacking attempts. from April 29, 2018, to May 10, 2020).

Spyware 122

Spyware Surveillance Architecture Software 122

Security Affairs

APRIL 3, 2021

On April 3, a user has leaked the phone numbers and personal data of 533 million Facebook users in a hacking forum for free online. Bad news for Facebook, a user in a hacking forum has published the phone numbers and personal data of 533 million Facebook users. SecurityAffairs – hacking, data leak). Pierluigi Paganini.

Hacking 137

Hacking Accountability Passwords Data breaches 137

Security Affairs

FEBRUARY 7, 2021

According to a report published by the industrial cybersecurity firm Claroty that focuses on the second half of 2020, the number of flaws discovered in industrial control system (ICS) products in 2020 (893 flaws) was 24,72% higher compared to 2019. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Manufacturing 108

Manufacturing Risk Marketing Hacking 108

Security Affairs

DECEMBER 14, 2021

The DHS has launched a new bug bounty program dubbed ‘Hack DHS’ to discover security vulnerabilities in external DHS systems. As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” said Secretary Alejandro N. Mayorkas. “The

Hacking 104

Hacking Government Cybersecurity Technology 104

Security Affairs

AUGUST 26, 2019

that addresses the CVE-2019-8605 use-after-free vulnerability that allowed iPhone jailbreak. released in June has reintroduced a security flaw found by a Google Project Zero white hat hacker that was previously fixed in iOS 12.3. to the risk of a hack until the 12.4.1 SecurityAffairs – CVE-2019-8605 , hacking).

Advertising 82

Advertising Mobile Hacking Risk 82

Security Affairs

DECEMBER 16, 2019

Another year is ending and this is the right time to discover which are the worst passwords of 2019 by analyzing data leaked in various data breaches. Independent anonymous researchers, compiled and shared with security firm NordPass a list of 200 most popular passwords that were leaked in data breaches during 2019.

Passwords 85

Passwords Data breaches Password Management Advertising 85

Security Affairs

FEBRUARY 20, 2020

More than 400 flaws affecting industrial control systems (ICS) were disclosed in 2019, more than 100 were zero-day vulnerabilities. According to a report published by Dragos, the experts analyzed 438 ICS vulnerabilities that were reported in 212 security advisories, 26% of advisories is related to zero-day flaws. Pierluigi Paganini.

Advertising 108

Advertising VPN Engineering Hacking 108

Security Affairs

AUGUST 25, 2019

BadPackets experts observed on August 22 a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510.

VPN 97

VPN Advertising Hacking Government 97

Security Affairs

JANUARY 9, 2020

Mozilla has released security updates for Firefox browser that address a zero-day vulnerability (CVE-2019-17026) that has been exploited in targeted attacks. Mozilla has released security updates for Firefox browser that address a zero-day flaw (CVE-2019-17026) that has been exploited in targeted attacks.

Advertising 72

Advertising Engineering Internet Internet 72

Security Affairs

MARCH 20, 2021

Acer is the world’s 6th-largest PC vendor by unit sales as of January 2021, it has more than 7,000 employees (2019) and in 2019 declared 234.29 financial spreadsheets, bank documents and communications) as proof of the hack. Acer is currently investigating the security breach. SecurityAffairs – hacking, ransoware).

Ransomware 141

Ransomware Hacking Computers and Electronics Malware 141

Security Affairs

JUNE 15, 2021

The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. Pierluigi Paganini.

Ransomware 123

Ransomware Hacking Encryption Malware 123

Security Affairs

APRIL 8, 2024

In 2019 the company made the headlines for its 10M USD bug bounty program along with its unique “ Vulnerability Research Hub ” (VRH) online platform. The buyers claim to use the exploits to develop hacking tools used for this investigations. ” reads the announcement published by the company.

Hacking 107

Hacking Software Government Information Security 107

Security Affairs

DECEMBER 21, 2020

Tens of Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. Researchers from Citizen Lab reported that at least 36 Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones.

Hacking 129

Hacking Surveillance Spyware Government 129

Security Affairs

APRIL 14, 2020

Quidd , an online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019. Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords.

Accountability 138

Accountability Hacking Data breaches Passwords 138

Security Affairs

DECEMBER 24, 2020

110330 CVE-2019-0708 05/14/2019 Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability (Blue. 50098 CVE-2016-0167 04/12/2016 Microsoft Windows Graphics Component Security Update (MS16-039) 7.8 If you want to receive the weekly Security Affairs Newsletter for free subscribe here. million out of 7.54

Hacking 113

Hacking Cyber Attacks Passwords Software 113

Security Affairs

JULY 18, 2019

which addresses the CVE-2019-6342 flaw that allows hackers to take control of Drupal 8 sites. Drupal developers informed users that version 8.7.4 is affected by a critical flaw, tracked as CVE-2019-6342, that could be exploited by attackers to take control of Drupal 8 websites. SecurityAffairs – CVE-2019-6342, hacking).

Advertising 81

Advertising Cryptocurrency Cyber Attacks Hacking 81

Security Affairs

MAY 23, 2019

Several security experts have developed PoC exploits for wormable Windows RDS flaw tracked as CVE-2019-0708 and dubbed BlueKeep. Experts have developed several proof-of-concept (PoC) exploits for the recently patched Windows Remote Desktop Services (RDS) vulnerability tracked as CVE-2019-0708 and dubbed BlueKeep.

Advertising 87

Advertising Malware Authentication Risk 87

Security Affairs

MAY 20, 2019

Experts discovered a privilege escalation vulnerability in the Linux Kernel, tracked as CVE-2019-11815, that affects the implementation of RDS over TCP. The vulnerability tracked as CVE-2019-11815 could lead to privilege escalation, it received a CVSS base score of 8.1. . SecurityAffairs – Linux, CVE-2019-11815).

Advertising 105

Advertising Cybersecurity Information Security Hacking 105

Security Affairs

AUGUST 19, 2021

The flaw was disclosed by Citrix in December 2019, the experts explained that it could be exploited by attackers to access company networks. The CVE-2019-19781 vulnerability was discovered by Mikhail Klyuchnikov from Positive Technologies. SecurityAffairs – hacking, Citrix). Follow me on Twitter: @securityaffairs and Facebook.

Hacking 114

Hacking Firewall Accountability Technology 114

Security Affairs

FEBRUARY 24, 2020

FireEye’s report revealed that the incident response division Mandiant observed more than 500 new malware families in 2019. million malware samples per day in 2019 and identified 1,268 malware families. SecurityAffairs – hacking, malware). According to the FireEye Mandiant M-Trends 2020 report , FireEye analyzed 1.1

Malware 87

Malware Cyber threats Telecommunications Advertising 87

Security Affairs

FEBRUARY 11, 2020

According to IBM, OT attacks increased by over 2000 percent in 2019, most of them involved the Echobot IoT malware. IBM’s 2020 X-Force Threat Intelligence Index report analyzes the threat landscape in 2019, the experts observed a spike in the number of OT attacks. “ OT attacks hit an all-time high. ” continues the report.

Advertising 93

Advertising Malware IoT Technology 93

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. According to current findings from the BSI , around twelve percent of them are so outdated that security updates are no longer offered for them.

Information Security 108

Information Security Internet Internet Healthcare 108

Security Affairs

SEPTEMBER 6, 2019

A security flaw in Exim mail servers could be exploited by local or remote attackers to execute arbitrary code with root privileges. The Exim development team has addressed a vulnerability in Exim mail server, tracked as CVE-2019-15846, that could be exploited by local and remote attackers to execute arbitrary code with root privileges.

Advertising 85

Advertising Malware Internet Internet 85

Security Affairs

SEPTEMBER 1, 2020

Iran-linked APT group Pioneer Kitten is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. Iran-linked APT group Pioneer Kitten, also known as Fox Kitten or Parisite, is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers.

Hacking 89

Hacking VPN Advertising Financial Services 89

Security Affairs

SEPTEMBER 2, 2022

Researchers discovered that the infrastructure used in Cisco hack was the same used to target a Workforce Management Solution firm. Researchers from cybersecurity firm eSentire discovered that the attack infrastructure used in recent Cisco hack was also used to attack a top Workforce Management corporation in in April 2022.

Hacking 98

Hacking VPN Ransomware Authentication 98