Security Affairs

APRIL 22, 2024

Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. The vulnerability CVE-2022-38028 was reported by the U.S.

Government 111

Government Education Phishing Malware 111

Security Affairs

DECEMBER 9, 2022

On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000. Another successful exploit in the SOHO SMASHUP category @ #P2OToronto #Pwn2Own pic.twitter.com/8Qty12wmU1 — Zero Day Initiative (@thezdi) December 9, 2022. Pierluigi Paganini.

Hacking 121

Hacking Mobile Information Security 121

Security Affairs

DECEMBER 13, 2022

VMware fixed three flaws in multiple products, including a virtual machine escape issue exploited at the GeekPwn 2022 hacking competition. VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked as CVE-2022-31705, that was exploited at the GeekPwn 2022 hacking competition.

Hacking 125

Hacking Authentication Information Security 125

Security Affairs

MAY 22, 2022

The Pwn2Own Vancouver 2022 hacking contest ended, Trend Micro and ZDI awarded a total of $1,155,000 for successful attempts! During the third day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working exploit against Microsoft Windows 11 OS. To nominate, please visit:?

Hacking 122

Hacking Cybersecurity Information Security 122

Security Boulevard

NOVEMBER 4, 2022

Our sincere thanks to BSidesPDX 2022 for publishing their outstanding conference videos on the organization's YouTube channel. The post BSidesPDX 2022 – Nate Norton’s ‘Live, Laugh, Lyrical Injection: Hacking Karaoke For Fun And Profit’ appeared first on Security Boulevard.

Hacking 69

Hacking Education Information Security Cybersecurity 69

Security Boulevard

OCTOBER 17, 2022

The post BSidesLV 2022 Lucky13 Hire Ground – Tom Eston’s ‘Management Hacking 101: Leading High Performance Teams’ appeared first on Security Boulevard. Our sincere thanks to BSidesLV for publishing their outstanding conference videos on the organization's YouTube channel.

Hacking 78

Hacking Education Information Security Cybersecurity 78

Security Affairs

FEBRUARY 27, 2023

Data allegedly stolen from the American gaming giant Activision in December security breach were leaked on a cybercrime forum. A threat actor leaked on the Breached hacking forum the data allegedly stolen from the gaming giant Activision in December 2022. Activision was breached December 4th, 2022.

Hacking 83

Hacking Cybercrime Social Engineering Data breaches 83

Security Affairs

DECEMBER 8, 2022

Pwn2Own Toronto 2022 Day Two – Participants demonstrated exploits for smart speaker, smartphone, printer, router, and NAS. On the first day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition participants earned $400,000 for 26 unique zero-day exploits. SecurityAffairs – hacking, Pwn2Own Toronto 2022 ).

Hacking 94

Hacking Mobile Information Security 94

Security Affairs

MAY 19, 2022

White hat hackers earned a total of $800,000 on the first day of the Pwn2Own Vancouver 2022, $450,000 for exploits targeting Microsoft Teams. Pwn2Own Vancouver 2022 hacking contest has begun, it is the 15th edition of this important event organized by Trend Micro’s Zero Day Initiative (ZDI). To nominate, please visit:?

Hacking 120

Hacking Cybersecurity Information Security 120

Security Affairs

DECEMBER 14, 2022

Microsoft released December 2022 Patch Tuesday security updates that fix 52 vulnerabilities across its products. Microsoft December 2022 Patch Tuesday security updates fixed two zero-day vulnerabilities; one of the new issues addressed this month is listed as publicly known at the time of release, and one is actively exploited.

Hacking 109

Hacking Information Security 109

Security Boulevard

NOVEMBER 16, 2022

Our sincere thanks to BSidesKC 2022 for publishing their outstanding conference videos on the organization's YouTube channel. The post BSidesKC 2022 – Vincent Matteo’s ‘I Know What You Did Last Summer… I’m Still Hacking Your Small Business’ appeared first on Security Boulevard.

Small Business 72

Small Business Hacking Education Information Security 72

Security Affairs

SEPTEMBER 16, 2022

— Uber Comms (@Uber_Comms) September 16, 2022. According to the New York Times , the threat actors hacked an employee’s Slack account and used it to inform internal personnel that the company had “suffered a data breach” and provided a list of allegedly hacked internal databases. “I

Hacking 131

Hacking Data breaches Engineering Information Security 131

Security Affairs

MAY 20, 2022

During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants demonstrated a working exploit for Microsoft Windows 11. During the second day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working exploit against Microsoft Windows 11 OS. Pierluigi Paganini.

Hacking 86

Hacking Cybersecurity Information Security 86

Security Boulevard

MAY 22, 2022

Our sincere thanks to BSides Prishtina for publishing their Presenter’s BSides Prishtina 2022 Information Security Conference videos on the organization’s’ YouTube channel.

Hacking 53

Hacking Information Security Education InfoSec 53

Security Affairs

OCTOBER 28, 2022

Apple released updates to backport the recently released security patches for CVE-2022-42827 zero-day to older iPhones and iPads. Apple has released new security updates to backport security patches released this week to address actively exploited CVE-2022-42827 in older iPhones and iPads, addressing an actively exploited zero-day bug.

Hacking 117

Hacking Information Security 117

Security Affairs

DECEMBER 29, 2022

NCC Group’s Fox-IT research team warns of thousands of Citrix ADC and Gateway endpoints remain vulnerable to two critical vulnerabilities, tracked as CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), that the company addressed in recent months. Citrix addressed the flaw on November 8, 2022. Pierluigi Paganini.

VPN 94

VPN Internet Internet Authentication 94

Security Affairs

DECEMBER 13, 2022

LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. On December 12, the California Department of Finance confirmed the security incident with a statement. “The intrusion was proactively identified through coordination with state and federal security partners.

Hacking 126

Hacking Ransomware Cybersecurity Technology 126

Security Affairs

MAY 26, 2022

Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. The virtualization giant recently warned that a threat actor can exploit the CVE-2022-22972 flaw (CVSSv3 base score of 9.8) using CVE-2022-22972. states VMware.

Authentication 138

Authentication Healthcare Education Cybersecurity 138

Security Affairs

OCTOBER 14, 2022

Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) Microsoft fixed it with the release of September 2022 Patch Tuesday security updates, the company also states it has been actively exploited in the wild. “An

Hacking 145

Hacking Information Security 145

Security Affairs

OCTOBER 18, 2022

Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. A proof-of-concept (PoC) exploit code for the CVE-2022-40684 flaw has been released online.

Authentication 132

Authentication Firewall Hacking Risk 132

Security Affairs

MARCH 5, 2022

Anonymous announced to have hacked more than 2,500 websites linked to the Russian and Belarusian governments, state-owned media outlets spreading disinformation, Russian private organizations, banks, hospitals, airports. FckPutin #FreeUkraine pic.twitter.com/NJZiLx5c0d — Anonymous TV (@YourAnonTV) March 3, 2022.

Hacking 144

Hacking Government Banking Media 144

Security Affairs

NOVEMBER 28, 2023

The Daixin Team group claims to have hacked the North Texas Municipal Water District (US) and threatened to leak the stolen data. In October 2022, CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S.

Hacking 118

Hacking VPN Ransomware Cybercrime 118

Security Affairs

NOVEMBER 27, 2023

Ukraine’s intelligence service announced the hack of the Russian Federal Air Transport Agency, ‘Rosaviatsia.’ ’ Ukraine’s intelligence service announced they have hacked Russia’s Federal Air Transport Agency, ‘Rosaviatsia.’ In the same period in 2022, 50 such incidents were recorded.

Hacking 108

Hacking Engineering Manufacturing Government 108

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware 125

Ransomware Encryption Malware Hacking 125

Security Affairs

MAY 26, 2022

Italy announced its National Cybersecurity Strategy for 2022/26, a crucial document to address cyber threats and increase the resilience of the country. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. SecurityAffairs – hacking, National Cybersecurity Strategy).

Cybersecurity 138

Cybersecurity Cyber threats Technology Government 138

Security Boulevard

NOVEMBER 6, 2022

Our sincere thanks to BSidesPDX 2022 for publishing their outstanding conference videos on the organization's YouTube channel. The post BSidesPDX 2022 – Ben Kendall’s ‘Breaking Into Infosec Or, How I Hacked My Way Out Of Poverty’ appeared first on Security Boulevard.

InfoSec 52

InfoSec Hacking Education Information Security 52

Security Affairs

DECEMBER 15, 2023

The Snatch ransomware group announced it had hacked the food giant Kraft Heinz, the company is investigating the claims. The Snatch ransomware group claims to have hacked Kraft Heinz in August and on December 14, it added the company to the list of victims on its leak site.

Hacking 111

Hacking Ransomware Computers and Electronics Marketing 111

Security Affairs

JUNE 5, 2022

Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center servers, have been released. 23 unique IPs so far.

VPN 124

VPN IoT Cybersecurity Engineering 124

Security Affairs

OCTOBER 18, 2022

Video messaging company Zoom fixed a high-severity vulnerability, tracked as CVE-2022-28762, in Zoom Client for Meetings for macOS. The issue, tracked as CVE-2022-28762, received a CVSS severity score of 7.3. ” The vulnerability was discovered by the company’s internal security team as part of a routine assessment.

Hacking 106

Hacking Information Security 106

Security Affairs

MARCH 11, 2022

Anonymous announced to have hacked the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media, also known as Roskomnadzor. OpRussia [link] — Anonymous TV (@YourAnonTV) March 10, 2022. com/wiki/Roskomnadzor — Anonymous TV (@YourAnonTV) March 10, 2022. ddosecrets[.]com/wiki/Roskomnadzor

Hacking 109

Hacking Media Authentication Technology 109

Security Affairs

JULY 4, 2022

Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild. ” Google added.

Engineering 107

Engineering Hacking Information Security 107

Security Affairs

DECEMBER 15, 2022

Microsoft revised the severity rate for the CVE-2022-37958 flaw which was addressed with Patch Tuesday security updates for September 2022. The CVE-2022-37958 was originally classified as an information disclosure vulnerability that impacts the SPNEGO Extended Negotiation ( NEGOEX ) security mechanism.

Authentication 99

Authentication Internet Internet Hacking 99

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. The security firm reported that this vulnerability is being used in attacks against a small set of specific organizations, primarily in South Asia. reads the advisory. GA, MR1, and MR1-1 v18.5

Firmware 89

Firmware Firewall Internet Internet 89

Security Affairs

JANUARY 23, 2024

The Black Basta ransomware gang claimed to have hacked the UK water utility Southern Water, a major player in the UK water industry. The gang published some screenshots as proof of the attack, including passports, ID cards, and personal information of some employees. The bad news is that Black Bast has fixed the issue.

Hacking 114

Hacking Encryption Ransomware Insurance 114

Security Affairs

MARCH 15, 2022

OpenSSL addressed a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, related to certificate parsing. OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778 , that affects the BN_mod_sqrt() function used when certificate parsing.

Hacking 129

Hacking Information Security 129

Security Affairs

JANUARY 2, 2023

These are the most-read cybersecurity articles that have been published by SecurtiyAffairs in 2022. 3 – Anonymous hacked the Russian Defense Ministry and is targeting Russian companies. Anonymous collective has hacked the Russian Defense Ministry and leaked the data of its employees in response to the Ukraine invasion.

Cybersecurity 72

Cybersecurity Firewall Banking Hacking 72

Security Affairs

MAY 1, 2023

In 2022, Google prevented 1.43 million policy-violating applications from being published on Google Play in 2022. ” The company explained that in 2022, the App Security Improvements program helped developers to address approximately 500K security weaknesses affecting approximately 300K apps.

Accountability 87

Accountability Education Media Hacking 87