Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and its subsidiary Mandiant reported that in 2023 97 zero-day vulnerabilities were exploited in attacks, while in 2022 the actively exploited zero-day flaws were 62. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” continues the report.

Government 141

Government Surveillance Cybercrime Ransomware 141

Security Affairs

DECEMBER 4, 2022

. “The ability to gather piles of evidence on a potential crime from an automobile—sometimes more than can be obtained from a smartphone and often less well secured—is something that immigration and border cops have increasingly latched on to in 2022.” ” Forbes reports. ” continues Forbes.

Surveillance 111

Surveillance Technology Hacking Mobile 111

Security Affairs

SEPTEMBER 23, 2023

The Royal group began reconnaissance activity in April 2023, and the analysis of system log data dates the beginning of the surveillance operations on April 7, 2023. Royal was then able to traverse the internal City infrastructure during the surveillance period using legitimate 3rd party remote management tools.”

Ransomware 136

Ransomware Surveillance Healthcare Accountability 136

SecureList

NOVEMBER 14, 2022

But first, let’s examine how they fared with the predictions for 2022. What we predicted in 2022. Although 2022 did not feature any mobile intrusion story on the scale of the Pegasus scandal, a number of 0-days have still been exploited in the wild by threat actors. Mobile devices exposed to wide attacks. Source: Meta.

Firmware 129

Firmware Surveillance Mobile Telecommunications 129

Security Affairs

APRIL 2, 2022

Between February and March 2022, researchers from the FortiGuard Labs team observed Beastmode operators adding five new exploits in a few weeks, with three targeting some TOTOLINK routers. CVE-2022-26186 targets TOTOLINK N600R and A7100RU. CVE-2017-17215 targets Huawei HG532 routers. ” concludes the report.

DDOS 98

DDOS Firmware Surveillance IoT 98

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 98

Data breaches Malware Mobile Spyware 98

Security Affairs

MAY 9, 2022

Researchers warn of a remote access trojan called DCRat (aka DarkCrystal RAT) that is available for sale on Russian cybercrime forums. Cybersecurity researchers from BlackBerry are warning of a remote access trojan called DCRat (aka DarkCrystal RAT) that is available for sale on Russian cybercrime forums.

Cybercrime 100

Cybercrime Malware Surveillance DDOS 100

Security Affairs

FEBRUARY 13, 2022

to replace Chinese equipment Hackers breached a server of National Games of China days before the event Russian Gamaredon APT is targeting Ukraine since October Israeli surveillance firm QuaDream emerges from the dark Argo CD flaw could allow stealing sensitive data from Kubernetes Apps. US seizes $3.6 US seizes $3.6 Pierluigi Paganini.

Spyware 98

Spyware Ransomware Surveillance Hacking 98

Security Affairs

MARCH 26, 2023

NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites Pwn2Own Vancouver 2023 awarded $1,035,000 and a Tesla for 27 0-days CISA announced the Pre-Ransomware Notifications initiative China-linked hackers target telecommunication providers in the Middle East City of Toronto is one of the victims hacked by Clop gang using GoAnywhere (..)

Data breaches 98

Data breaches DDOS Backups Hacking 98

Security Affairs

JANUARY 16, 2022

US NCSC and DoS share best practices against surveillance tools Swiss army asks its personnel to use the Threema instant-messaging app Russian submarines threatening undersea cables, UK defence chief warns. Threat actors stole $18.7M

Surveillance 112

Surveillance Ransomware Hacking Malware 112

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware 98

Spyware Ransomware Malware Data breaches 98

Malwarebytes

MAY 10, 2022

On May 11, 2022, the EU will publicize a proposal for a law on mandatory chat control. This legislation will be presented tomorrow, May 11, 2022 and would also apply to communications services that are end-to-end (E2E) encrypted. It is also a step back when it comes to cybersecurity. False positives are a risk to keep in mind.

Encryption 100

Encryption Surveillance Artificial Intelligence Spyware 100

Security Affairs

JULY 24, 2022

is optimized to automatically bypass censorship A massive cyberattack hit Albania Watch out for the CVE-2022-30136 Windows NFS Remote Code Execution flaw Graff paid a $7.5M is optimized to automatically bypass censorship A massive cyberattack hit Albania Watch out for the CVE-2022-30136 Windows NFS Remote Code Execution flaw Graff paid a $7.5M

Spyware 109

Spyware Surveillance Insurance Malware 109

Security Affairs

MAY 14, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog. We are in the final !

Data breaches 98

Data breaches DDOS Ransomware Hacking 98

Security Affairs

JUNE 10, 2022

The attack impacted the municipal police, surveillance cameras and ZTL traffic control systems, the authorities confirmed that the problems can last for days. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Ransomware 137

Ransomware Data breaches Cyber Attacks Surveillance 137

Security Affairs

FEBRUARY 19, 2023

Twitter will allow using the SMS-based two-factor authentication (2FA) only to its Blue subscribers GoDaddy discloses a new data breach Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb German airport websites hit by DDos attacks once again Cisco fixed critical RCE bug in ClamAV Open-Source Antivirus engine CISA adds Cacti, Office, Windows (..)

DDOS 98

DDOS Data breaches Ransomware Hacking 98

Malwarebytes

SEPTEMBER 14, 2022

More than 1 billion suspicious messages and spam texts have been sent in the Philippines in 2022 so far. This is enough to have Senators calling for “tougher measures” on cybercrime. These messages run the usual range of phishing and fraudulent transaction attempts.

Media 83

Media Surveillance Cybercrime Accountability 83

Security Affairs

APRIL 16, 2023

Remcos is a legitimate remote monitoring and surveillance software developed by the company BreakingSecurity. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February 2023, the IT giant reported.

Accountability 98

Accountability Phishing Financial Services Surveillance 98

SecureList

NOVEMBER 14, 2023

In June, Microsoft published a report on a threat actor named Cadet Blizzard, responsible for WhisperGate and other wipers targeting Ukrainian government agencies early in 2022. To sum up, although we did not see the same volume as we had in 2022, clearly there were some significant attacks. Verdict: prediction fulfilled ✅ 8.

Hacking 141

Hacking Energy and Utilities Malware Media 141

SecureWorld News

DECEMBER 11, 2023

What Stoll was calling us to do is to take the threats of scams, misinformation campaigns, and cybercrime seriously. With some experts predicting that cybercrime is going to grow into a $10 trillion industry by 2025, how long can digital trust be taken for granted before we begin to lose faith in our digital services?

Technology 109

Technology Artificial Intelligence Cybercrime Government 109

SecureWorld News

AUGUST 8, 2022

Remcos, short for Remote Control and Surveillance, was leveraged by malicious cyber actors conducting mass phishing campaigns during the COVID-19 pandemic to steal personal data and credentials. Based on information from trusted third parties, TrickBot's infrastructure is still active in July 2022. Mitigations for top malware strains.

Malware 98

Malware Banking Penetration Testing Healthcare 98

BH Consulting

FEBRUARY 15, 2024

It also predicts that organised gangs will use cybercrime more, because it offers easy money for lower risk. Infosecurity Magazine noted that “the measures come after LastPass suffered multiple breaches in 2022”. Infosecurity Magazine picked up on the WEF warnings that synthetic content generated by AI will lead to more fraud.

Passwords 52

Passwords Surveillance Risk Data breaches 52

SecureList

NOVEMBER 17, 2021

Last year, we foresaw the APT and cybercrime worlds becoming more porous on an operational level. Here are the developments we think we could be seeing in 2022. This year, the use of surveillance software developed by private vendors has come under the spotlight, as discussed above. And now, we turn our attention to the future.

Mobile 145

Mobile Surveillance Ransomware Government 145

Krebs on Security

SEPTEMBER 30, 2024

A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, the government alleges. In December 2022, Troy Woody Jr. We know what E.Z.

Cryptocurrency 325

Cryptocurrency Government Internet Internet 325

SecureList

APRIL 27, 2022

This is our latest installment, focusing on activities that we observed during Q1 2022. In late February 2022, we identified two archives submitted from network addresses in Ukraine to an online multi-scanner service. They are designed to highlight the significant events and findings that we feel people should be aware of.

Malware 145

Malware Firmware Government Phishing 145

Krebs on Security

MARCH 22, 2023

In November 2022, researchers at Google’s Project Zero warned about active attacks on Samsung mobile phones which chained together three security vulnerabilities that Samsung patched in March 2021, and which would have allowed an app to add or read any files on the device.

Malware 329

Malware eCommerce Mobile Marketing 329

Security Affairs

SEPTEMBER 29, 2024

CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw International law enforcement operation dismantled criminal communication platform Ghost U.S.

Hacking 119

Hacking Antivirus Cybercrime Ransomware 119

Security Affairs

FEBRUARY 20, 2022

CISA compiled a list of free cybersecurity tools and services White House and UK Gov attribute DDoS attacks on Ukraine to Russia’s GRU UpdraftPlus WordPress plugin update forced for million sites Google Privacy Sandbox promises to protect user privacy online Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability CVE-2021-44731 (..)

Banking 98

Banking Spyware Ransomware Surveillance 98

SecureList

OCTOBER 17, 2023

This strategic shift signals its intent to intensify its surveillance capabilities and expand its range of targets. Russian-speaking activity Beginning in late 2022, a new and unknown APT group launched attacks against multiple entities in Russia.

Government 141

Government Malware Manufacturing VPN 141

eSecurity Planet

OCTOBER 21, 2022

Since 2008, antivirus and cybersecurity software testers AV-TEST have kept track of the number of newly-developed malware worldwide, totaling at nearly 1 billion as of September 2022. An August 2022 Statista report counted 2.8 billion malware attacks worldwide in the first half of 2022 alone.

Malware 75

Malware Adware Spyware Antivirus 75

eSecurity Planet

DECEMBER 19, 2023

Cybercrime will go to the next level: Cyberattackers will implement improved skills, “shift left” attacks, and shifting strategies to adjust to evolving cyberdefense. AI-Powered Cybercrime Despite the advancements in using AI to improve security, cybercriminals also have access to AI and LLMs.

Cybersecurity 140

Cybersecurity CISO Government Technology 140

Security Affairs

APRIL 2, 2023

LockBit leaks data stolen from the South Korean National Tax Service Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin Cyber Police of Ukraine (..)

Spyware 98

Spyware Surveillance Artificial Intelligence Data breaches 98

Security Affairs

MAY 25, 2025

Silent Ransom Group targeting law firms, the FBI warns Leader of Qakbot cybercrime network indicted in U.S. Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. local government networks U.S.

Data breaches 66

Data breaches Cybercrime Malware Ransomware 66

Krebs on Security

NOVEMBER 26, 2024

However, this person’s identity may not remain a secret for long: A careful review of Kiberphant0m’s daily chats across multiple cybercrime personas suggests they are a U.S. A surveillance photo of Connor Riley Moucka, a.k.a. Army soldier who is or was recently stationed in South Korea. “I’ll wait.

DDOS 319

DDOS Cybercrime Accountability Government 319