Security Affairs

DECEMBER 4, 2020

VMware addressed CVE-2020-4006 zero-day flaw in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. VMware has finally released security updates to fix the CVE-2020-4006 zero-day flaw in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.

Passwords 116

Passwords Accountability Malware Hacking 116

Security Affairs

DECEMBER 1, 2020

The critical remote code execution (RCE) vulnerability CVE-2020-14882 in Oracle WebLogic is actively exploited by operators behind the DarkIRC botnet. Experts reported that the DarkIRC botnet is actively targeting thousands of exposed Oracle WebLogic servers in the attempt of exploiting the CVE-2020-14882. c25e6559668942[.]xyz.

Malware 101

Malware DDOS Hacking Cybercrime 101

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware 113

Firmware Passwords Accountability VPN 113

Security Affairs

MARCH 18, 2021

The FBI’s Internet Crime Complaint Center has released its annual report, the 2020 Internet Crime Report , which includes data from 791,790 complaints of suspected cybercrimes. Data that emerged from the report are worrisome, in 2020 the reported losses exceeded $4.2 ” reads 2020 Internet Crime Report. billion in losses.

Internet 109

Internet Internet Scams Identity Theft 109

Security Affairs

NOVEMBER 13, 2020

Netskope security researchers have spotted a new credential stealer dubbed TroubleGrabber that spreads via Discord attachments and uses Discord webhooks to transfer stolen data to its operators. The malware sends information back to the attacker via webhook as a chat message to his Discord server. ” continues the report.

Malware 111

Malware Passwords Hacking Accountability 111

Daniel Miessler

MAY 19, 2020

TOPIC: In this episode, Daniel takes a look at the 2020 Verizon Data Breach Investigations Report. Hacking, social, and malware have fallen the most. Errors are now as common as social attacks, and more common than malware attacks. The top malware type is Password Dumper, because it really is about getting those creds.

Data breaches 130

Data breaches Phishing Malware Hacking 130

Security Affairs

MAY 13, 2020

The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT , it has uploaded the malicious code to VirusTotal. ” reads the DHS CISA’s advisory.

Malware 119

Malware Advertising Government Cryptocurrency 119

Security Affairs

NOVEMBER 16, 2020

Researchers discovered an ElasticSearch database exposed online that contained data for over 100000 compromised Facebook accounts. Researchers at vpnMentor discovered an ElasticSearch database exposed online that contained an archive of over 100.000 compromised Facebook accounts. ” reads the analysis published vpnMentor.

Scams 112

Scams Accountability Hacking Passwords 112

Security Affairs

NOVEMBER 11, 2020

Mozilla and Google have already fixed the critical flaws in Firefox and Chrome exploited by bug bounty hunters at 2020 Tianfu Cup hacking contest. Mozilla and Google have already addressed the critical Firefox and Chrome vulnerabilities that were recently exploited by white hat hackers at the 2020 Tianfu Cup hacking contest.

Hacking 100

Hacking Government Accountability Cybersecurity 100

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking 117

Banking Cybercrime Malware Accountability 117

Security Affairs

NOVEMBER 1, 2020

A threat actor is offering for sale account databases containing an aggregate total of 34 million user records stolen from 17 companies. A data breach broker is selling account databases containing a total of 34 million user records stolen from 17 companies. SecurityAffairs – hacking, account databases). million (8.1

Data breaches 145

Data breaches Accountability Advertising Passwords 145

Security Affairs

OCTOBER 31, 2020

XSS vulnerabilities accounted for 18% of all flaws reported by bug hunters, these issues received a total of $4.2 XSS vulnerabilities can be exploited by threat actors for multiple malicious activities, including account takeover and data theft. ” reads The 4th Hacker-Powered Security Report. million / €33.4

Accountability 125

Accountability Advertising Architecture Hacking 125

Security Affairs

SEPTEMBER 18, 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic , it accounted for 46 percent of the total number of fake web pages. Downloaders , intended for the installation of additional malware,and backdoors , granting cybercriminals remote access to victims’ computers, also made it to top-3.

Phishing 104

Phishing Ransomware Spyware Banking 104

Security Affairs

JULY 25, 2020

CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. “This Alert also provides additional detection measures and mitigations for victim organizations to help recover from attacks resulting from CVE-2020-5902.

Advertising 109

Advertising Government Healthcare Education 109

Security Affairs

AUGUST 7, 2020

Google published its second Threat Analysis Group (TAG) report which reveals the company has taken down ten coordinated operations in Q2 2020. Google has published its second Threat Analysis Group (TAG) report , a bulletin that includes coordinated influence operation campaigns tracked in Q2 of 2020. Pierluigi Paganini.

Accountability 96

Accountability Advertising Media Government 96

Hot for Security

FEBRUARY 23, 2021

88 publicly traded companies in Japan compromised personal information last year, either because of a malware infection or misconfigured access protocols. Personal information on a total of 25.15 Computer viruses and unauthorized access accounted for about half of the total cases reported,” according to the Japan Times.

Accountability 111

Accountability Information Security Malware Data breaches 111

Security Affairs

MAY 1, 2023

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity. continues the report.

Surveillance 79

Surveillance Malware Spyware Education 79

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Accountability 83

Accountability Hacking Financial Services Cybersecurity 83

Security Affairs

FEBRUARY 27, 2020

Lampion malware is the most critical malware affecting Portuguese users’ last three months. This malware appears to be on the rise at the end of February 2020, after a fresh update where its operators introduced a new obfuscation layer on the first stage of the threat. Nome do Servidor: Linux portaldasfinancas 4.4.0-116-generic

Malware 102

Malware Advertising Government Accountability 102

Security Affairs

MARCH 3, 2021

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account. Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could have allowed anyone to hijack users’ accounts without consent.

Accountability 114

Accountability Passwords Encryption Mobile 114

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams 243

Scams DDOS Cryptocurrency Accountability 243

Security Affairs

SEPTEMBER 27, 2021

The source code of Cerberus was released in September 2020 on underground hacking forums after its operators failed an auction. According to the experts, ERMAC is operated by threat actors behind the BlackRock mobile malware. On August 17, two forum members named “ermac” and “DukeEugene” started advertising the malware.

Banking 81

Banking Malware Mobile Encryption 81

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 million Windows systems between 2018 and 2020. The malware stole nearly 26 million login credentials holding 1.1

Malware 115

Malware Computers and Electronics Software Financial Services 115

Security Affairs

NOVEMBER 12, 2020

The popular children’s online playground Animal Jam has suffered a data breach that affected more than 46 million accounts. Animal Jam has suffered a data breach impacting 46 million accounts belonging to children and parents who signed up for the game. . records include the birth year the player entered at account creation 23.9M

Data breaches 123

Data breaches Accountability Passwords Encryption 123

Security Affairs

JANUARY 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. ” Once gained access to the network, crooks expand their network access, for example, escalating privileges of the compromised employees’ accounts. Pierluigi Paganini.

Accountability 103

Accountability VPN Social Engineering Phishing 103

Security Affairs

OCTOBER 6, 2019

Microsoft says that the Iran-linked cyber-espionage group tracked as Phosphorus (aka APT35 , Charming Kitten , Newscaster , and Ajax Security Team) a 2020 presidential campaign. “The targeted accounts are associated with a U.S. ” reads the analysis published by Microsoft. P residential campaign.

Accountability 76

Accountability Passwords Advertising Government 76

Security Affairs

FEBRUARY 13, 2021

Google revealed that Gmail users from the United States are the most targeted by email-based phishing and malware. billion email-based phishing and malware attacks against Gmail users to determine what are factors influence the risk of attack. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Phishing 86

Phishing Malware Accountability Risk 86

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 108

Ransomware Encryption Antivirus VPN 108

Security Affairs

APRIL 19, 2021

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips.

Malware 113

Malware Cryptocurrency Architecture Engineering 113

Krebs on Security

MARCH 1, 2022

27, a new Twitter account “ Contileaks ” posted links to an archive of chat messages taken from Conti’s private communications infrastructure, dating from January 29, 2021 to the present day. The Contileaks account did not respond to requests for comment. 22, 2020, the U.S. On Sunday, Feb. ” GAP #1.

Ransomware 271

Ransomware Healthcare Cybercrime Government 271

Security Affairs

JUNE 2, 2021

Feedback message data contained Account id, feedback rating given, and users’ email addresses. Player profile data included Player id; username; country; total money spent on the game; and even Facebook, Apple, and Google account data if the user linked either account with their game account. What Data Was Leaked?

Data breaches 109

Data breaches Accountability Mobile Phishing 109

Security Affairs

MAY 4, 2020

Microsoft warns of threat actors targeting organizations with malware-laced ISO and IMG files aimed at delivering a remote access trojan. Microsoft advanced machine learning threat detection models detected multiple malspam campaigns distributing malware-laced ISO. Pierluigi Paganini. SecurityAffairs – COVID-19, malspam).

Small Business 99

Small Business Malware Manufacturing Security Intelligence 99

Security Affairs

MARCH 23, 2020

The University of Utah Health disclosed a security breach, it has discovered malware on its systems and revealed unauthorized access to some employee email accounts. Attackers breached the organization with a phishing attack, the intrusion took place between January 7 and February 21, 2020. ” continues the alert.

Accountability 101

Accountability Advertising Malware Phishing 101

Security Affairs

APRIL 14, 2024

Australian Federal Police reported that an Australian man and a man based in the US will appear in court, following the international investigation that began in 2020. He explained to one buyer that the malware allowed access to another person’s computer without their knowledge. ” reported the DoJ. ” continues DoJ.

Computers and Electronics 111

Computers and Electronics Advertising Cryptocurrency Malware 111

Security Affairs

JULY 16, 2020

Researchers spotted a new Android banking trojan dubbed BlackRock malware that steals credentials and credit card data from hundreds of apps. Security experts from ThreatFabric have discovered a new Android banking trojan dubbed BlackRock that steals credentials and credit card data from a list of 337 apps.

Malware 91

Malware Banking Mobile Spyware 91

Security Affairs

AUGUST 3, 2020

As a precaution, we wanted to let you know that we recently became aware of a potential incident that may have affected the security of certain customer accounts. We are working with external security experts to investigate this matter.” Read more [link] — Have I Been Pwned (@haveibeenpwned) August 2, 2020.

Data breaches 102

Data breaches Accountability Passwords Advertising 102

Security Affairs

OCTOBER 4, 2020

Visa revealed that two unnamed North American hospitality merchants have been infected with some strains of point-of-sale (POS) malware. According to a security alert published last week, the attacks took place in May and June 2020, respectively. ” reads the VISA security alert.”In

Malware 141

Malware Advertising Accountability Hacking 141