Security Affairs

APRIL 14, 2023

Google released an emergency security update to address the first Chrome zero-day vulnerability (CVE-2023-2033) in 2023, the company is aware of attacks in the wild exploiting the issue. The vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11. “Type Confusion in V8.

Education 78

Education Media Engineering Hacking 78

SecureList

JANUARY 18, 2023

Last year, the cybersecurity of corporations and government agencies was more significant than ever before, and will become even more so in 2023. The trend for personal data leaks grew rapidly in 2022 and will continue into 2023. The number of posts in those blogs grew in 2022, both in open sources and on the dark web.

Media 106

Media Social Engineering Ransomware Hacking 106

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February 2023, the IT giant reported. Ahead of the U.S.

Accountability 85

Accountability Phishing Financial Services Surveillance 85

Security Affairs

APRIL 6, 2023

Ransomware gang Money Message claims to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). Ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International).

Hacking 73

Hacking Ransomware Manufacturing Education 73

Security Affairs

APRIL 3, 2023

.” The experts discovered that other apps were impacted by the misconfiguration issue, including Mag News, Central Notification Service (CNS), Contact Center, PoliCheck, Power Automate Blog, and COSMOS. 31, 2023 – Wiz Research reported the Bing issue to MSRC Jan. 31, 2023 – MSRC issues initial fix to Bing app Feb.

Accountability 74

Accountability Education Media Authentication 74

Krebs on Security

FEBRUARY 28, 2024

The profile also linked to Mr. Lee’s Twitter/X account , which features the same profile image. Doug then messaged the Mr. Lee account on Telegram, who said there was some kind of technology issue with the video platform, and that their IT people suggested using a different meeting link.

Malware 277

Malware Cryptocurrency Software Scams 277

SecureList

MAY 11, 2023

Although early 2023 saw a slight decline in the number of ransomware attacks, they were more sophisticated and better targeted. A few months after last year’s blog post came out, we stumbled across a new multi-platform ransomware family, which targeted both Linux and Windows. In 2022, Kaspersky solutions detected over 74.2M

Ransomware 120

Ransomware Malware Architecture Telecommunications 120

eSecurity Planet

NOVEMBER 6, 2023

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Software 110

Software Education Ransomware Firmware 110

Security Affairs

MAY 16, 2023

The experts demonstrated multiple attack vectors, including the exploitation of flaws in internet-exposed services, cloud account takeover, and the exploitation of flaws in the cloud infrastructure. affected by CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2587, CVE-2023-2588) Remote Management System (RMS): Versions prior to 4.14.0

Hacking 88

Hacking Internet Internet Manufacturing 88

Security Through Education

JANUARY 18, 2023

Perhaps we thought, who would want to hack a completely unknow person like me? What are some personal cybersecurity concerns for 2023? Business email compromise (BEC) attacks have been predicted to soar in 2023 according to Forbes Advisor. The truth is technology has grown at an exponential rate and so has cybercrime.

Cybersecurity 98

Cybersecurity Social Engineering Scams IoT 98

Krebs on Security

JUNE 27, 2023

Joseph James “PlugwalkJoe” O’Connor , a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter , has been sentenced to five years in a U.S. Not long after the Twitter hack, O’Connor was quoted in The New York Times denying any involvement. “I million.

Cryptocurrency 232

Cryptocurrency Accountability Mobile Hacking 232

Security Affairs

MAY 15, 2023

DRM Dashboard Ransomware Monitor released the first quarterly report for the year 2023 about the activities of ransomware groups globally. DRM Dashboard Ransomware Monitor, an independent platform of cybersecurity monitoring, is pleased to release the quarterly the DRM-Report for the first quarter of 2023.

Ransomware 73

Ransomware Cybercrime Cybersecurity Hacking 73

Security Affairs

APRIL 20, 2023

VMware fixed two severe flaws, tracked as CVE-2023-20864 and CVE-2023-20865, impacting the VMware Aria Operations for Logs product. The vulnerability CVE-2023-20864 (CVSSv3 base score of 9.8)

Education 86

Education Media Hacking Accountability 86

Google Security

MAY 10, 2023

In reality, they are frustrating to create, remember and are easily hacked. Last week, we announced you can use a passkey to log in to your Google Account on all major platforms. Learn more about how we’re protecting apps and developers in the What’s New in Google Play blog. But hackers can’t phish a password that doesn’t exist.

Phishing 112

Phishing Passwords Accountability Media 112

Krebs on Security

JANUARY 26, 2024

government says Ermakov and the other actors behind the Medibank hack are believed to be linked to the Russia-backed cybercrime gang REvil. The December 2023 story here that outed Mr. Shefel as Rescator noted that Shefel recently changed his last name to “ Lenin ,” and had launched a service called Lenin[.]biz

Cybercrime 241

Cybercrime Ransomware Retail Insurance 241

Security Affairs

APRIL 9, 2023

The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. “Shevlyakov also attempted to acquire computer hacking tools.” hacking tools and electronics appeared first on Security Affairs. ” reads a press release published by DoJ.

Computers and Electronics 78

Computers and Electronics Hacking Penetration Testing Manufacturing 78

Security Affairs

MAY 12, 2023

Recently, VIPRE Security Group published their Email Security in 2023 report , where they shared insights on the development of email-based threats and how they can impact organizations. What Can We Expect in 2023? It’s not likely to stop there. QR code spoofing. 1 There will be more remote work-based attacks.

Phishing 84

Phishing Social Engineering Small Business B2B 84

Security Affairs

APRIL 15, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog : CVE-2023-20963 – Android Framework Privilege Escalation Vulnerability. The bulletin confirmed that “there are indications that CVE-2023-20963 may be under limited, targeted exploitation.”

Education 74

Education Accountability Media Cybersecurity 74

Malwarebytes

JUNE 29, 2023

Stalkerware-type app LetMeSpy says it has been hacked, with the attacker taking user data with it. From the message posted to the login screen on the LetMeSpy website: On June 21, 2023, a security incident occurred involving obtaining unauthorized access to the data of website users.

Spyware 88

Spyware Hacking Antivirus Passwords 88

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. . through 5.35.

Firewall 91

Firewall Firmware VPN Authentication 91

BH Consulting

DECEMBER 11, 2023

These practices can lead to account compromise, or enabling unauthorised users to access sensitive data and escalate privileges. Cloud security was also a theme in Microsoft’s ‘Cybersecurity Trends in Ireland 2023’ report. It’s the SANS Holiday Hack Challenge. Links we liked A fun new Yuletide game?

Surveillance 52

Surveillance Cybersecurity DDOS Data breaches 52

Security Affairs

APRIL 5, 2023

.” The researchers reported the issues to the United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), which assigned the following five CVEs: Use of Hard-coded Credentials CWE-798 ( CVE-2023–1748 , CVSS3.0: Authorization Bypass Through User-Controlled Key CWE-639 ( CVE-2023–1749 , CVSS3.0:

Manufacturing 86

Manufacturing Media Firewall Education 86

Security Affairs

APRIL 22, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog : CVE-2023-28432 (CVSS score – 7.5) – MinIO Information Disclosure Vulnerability. CVE-2023-27350 (CVSS score – 9.8) – PaperCut MF/NG Improper Access Control Vulnerability.

Education 85

Education Media Authentication Cybersecurity 85

Krebs on Security

MARCH 22, 2023

28, 2023, researchers at the Chinese security firm DarkNavy published a blog post purporting to show evidence that a major Chinese ecommerce company’s app was using this same three-exploit chain to read user data stored by other apps on the affected device, and to make its app nearly impossible to remove. .

Malware 272

Malware eCommerce Mobile Media 272

Security Affairs

APRIL 10, 2023

Cybersecurity vendor Sophos addressed three vulnerabilities in Sophos Web Appliance, including a critical flaw, tracked as CVE-2023-1671 (CVSS score of 9.8), that can lead to code execution. The CVE-2023-1671 flaw is a pre-auth command injection issue that resides in the warn-proceed handler, it affects appliances older than version 4.3.10.4.

Firewall 87

Firewall Education Media Hacking 87

Security Affairs

APRIL 30, 2023

ViperSoftX uses more sophisticated encryption and anti-analysis techniques Atomic macOS Stealer is advertised on Telegram for $1,000 per month CISA warns of a critical flaw affecting Illumina medical devices OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands Cisco discloses a bug in the Prime Collaboration Deployment (..)

Cybercrime 84

Cybercrime Malware Hacking Accountability 84

Krebs on Security

SEPTEMBER 30, 2023

According to a September 20, 2023 joint advisory from the FBI and the U.S. was also used to register an account at the online game stalker[.]so The above accounts, as well as the email address semen_7907@mail.ru , were all registered or accessed from the same Yekaterinburg Internet address mentioned previously: 31.192.175.63.

Ransomware 224

Ransomware Accountability Cybercrime Backups 224

Security Affairs

APRIL 5, 2023

HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers. HP is aware of a critical vulnerability, tracked as CVE-2023-1707 (CVSS v3.1 score 9.1), that affects tens of HP Enterprise LaserJet and HP LaserJet Managed Printers models.

Firmware 84

Firmware Education Media Hacking 84

Security Affairs

APRIL 21, 2023

The security breach was detected on March 17, 2003 and according to the company the intrusion begun on or about March 6, 2023. “On March 17, 2023, the ABA observed unusual activity on its network. The attackers may have gained access to the members’ credentials for a legacy member system that was decommissioned in 2018.

Data breaches 85

Data breaches Passwords Education Accountability 85

Security Affairs

APRIL 11, 2023

Microsoft has addressed a zero-day vulnerability, tracked as CVE-2023-28252 , in the Windows Common Log File System (CLFS), which is actively exploited in ransomware attacks. Microsoft fixed the issue with the release of Patch Tuesday security updates for April 2023.

Cybercrime 87

Cybercrime Ransomware Education Media 87

Krebs on Security

SEPTEMBER 5, 2023

Importantly, none appeared to have suffered the sorts of attacks that typically preface a high-dollar crypto heist, such as the compromise of one’s email and/or mobile phone accounts. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts. Then on Aug. But on Nov.

Cryptocurrency 351

Cryptocurrency Passwords Encryption Accountability 351

Security Affairs

APRIL 11, 2023

On April 7, 2023, Apple has released emergency security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-28205 and CVE-2023-28206, impacting iPhones, Macs, and iPads. The zero-day CVE-2023-28206 is an out-of-bounds write issue that resides in the IOSurfaceAccelerator. iPadOS 16.4.1,

Education 79

Education Media Hacking Cybersecurity 79

Security Affairs

APRIL 1, 2023

On March 29, 2023, The Lock Bit ransomware gang announced the hack of the South Korean National Tax Service. The group added the South Korean agency to its Tor leak site and announced the release of stolen data by April 1st, 2023 in case the ransom was not paid.

Identity Theft 82

Identity Theft Ransomware Scams Education 82

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. stole at least $800,000 from at least five victims between August 2022 and March 2023. 9, 2024, U.S. technology companies during the summer of 2022. According to an Aug.

Social Engineering 326

Social Engineering Mobile Cybercrime Passwords 326

BH Consulting

JUNE 13, 2023

Target the human, swipe the cash: Verizon DBIR 2023 highlights crime trends Manage the human risk and mind your money: those are two key takeaways from Verizon’s 2023 Data Breach Investigations Report. It said the criminals often take over victims’ accounts and empty them of funds.

Social Engineering 52

Social Engineering Data breaches Scams DDOS 52

Security Affairs

JANUARY 15, 2024

The researchers noticed that the number of Balada Injector infections has doubled compared with August 2023. Doctor Web has discovered a malicious Linux program that hacks websites based on a WordPress CMS. The Balada injector is a malware family that has been active since 2017. ” concludes the report.

Malware 105

Malware Hacking Accountability Information Security 105

Security Affairs

APRIL 27, 2023

Microsoft is attributing the recently reported attacks exploiting the CVE-2023-27350 and CVE-2023-27351 vulnerabilities in print management software PaperCut to deliver Clop ransomware to the threat actor tracked as Lace Tempest (overlaps with FIN11 and TA505).

Ransomware 78

Ransomware Education Media Malware 78