Security Affairs

NOVEMBER 18, 2024

In 2023, the carrier disclosed two data breaches , one in January and another in May. In May 2023, T-Mobile threat actors had access to the personal information of hundreds of customers starting in late February 2023. The security breach impacted a limited number of customers, only 836 individuals.

Mobile 111

Mobile Telecommunications Data breaches Hacking 111

Security Affairs

JANUARY 13, 2024

GitLab addressed two critical flaws impacting both the Community and Enterprise Edition, including a critical zero-click account hijacking vulnerability GitLab has released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. CVE-2023-4812 : Bypass CODEOWNERS approval removal.

Accountability 135

Accountability Passwords Hacking Information Security 135

Security Affairs

DECEMBER 23, 2023

The LockBit ransomware claims to have hacked accountancy firm Xeinadin threatens to leak the alleged stolen data. The LockBit ransomware claims responsibility for hacking the Xeinadin accountancy firm and threatens to disclose the alleged stolen data. Account balances. Client legal information. Client legal information.

Accountability 140

Accountability Ransomware Data breaches Hacking 140

Security Affairs

OCTOBER 4, 2023

Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software. The flaw CVE-2023-22515 is a privilege escalation vulnerability that affects Confluence Data Center and Server 8.0.0 and later.

Software 141

Software Accountability Authentication Internet 141

Security Affairs

DECEMBER 17, 2024

In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called HiatusRAT that infected over 100 edge networking devices globally. Starting in mid-June through August 2023, Black Lotus Labs observed multiple newly compiled versions of the HiatusRAT malware discovered in the wild.

Architecture 106

Architecture Internet Internet Malware 106

Security Affairs

OCTOBER 18, 2023

Researchers from Claroty’s Team82 discovered a vulnerability, tracked as CVE-2023-2729 (CVSS score 5.9), in Synology DiskStation Manager (DSM). Then they used the password to login to the admin account (after enabling it). The vendor addressed the vulnerability with the release of updates in June 2023. 64561 or above.”

Accountability 131

Accountability Passwords Hacking Internet 131

Security Affairs

APRIL 27, 2024

Threat actors accessed more than 19,000 online accounts on a California state platform for welfare programs. Threat actors breached over 19,000 online accounts on a California state platform dedicated to welfare programs. Your account may have been one of those accessed.” ” continues the notification.

Accountability 138

Accountability Passwords Data breaches Hacking 138

Security Affairs

JANUARY 1, 2024

These are the Top 2023 Security Affairs cybersecurity stories … enjoy it. RESEARCHER DISCOVERED A NEW LOCK SCREEN BYPASS BUG FOR ANDROID 14 AND 13 Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts.

Cybersecurity 132

Cybersecurity Spyware Data breaches Passwords 132

Security Affairs

OCTOBER 31, 2023

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. The attacker can then use that account to gain control of the affected system.”

Internet 138

Internet Internet Software Accountability 138

Security Affairs

FEBRUARY 3, 2024

A vulnerability impacting the decentralized social network Mastodon can be exploited by threat actors to impersonate and take over any account. A security flaw, tracked as CVE-2024-23832 (CVSS score 9.4), in the decentralized social network Mastodon can be exploited to impersonate and take over any account.

Accountability 136

Accountability Media Hacking Information Security 136

Security Affairs

NOVEMBER 21, 2024

Between September 2021 and April 2023, the hackers carried out phishing attacks to steal login credentials from employees of 12 companies and individuals. Victims included gaming, telecom, and cryptocurrency firms, with losses reaching millions in stolen cryptocurrency and data from hundreds of thousands of accounts.

Cybercrime 108

Cybercrime Identity Theft Cryptocurrency Phishing 108

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. In March 2023, Microsoft published guidance for investigating attacks exploiting the patched Outlook vulnerability tracked as CVE-2023-23397.

Accountability 127

Accountability Government Phishing Passwords 127

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST.

Passwords 138

Passwords Authentication Architecture Risk 138

Security Affairs

JANUARY 19, 2024

Ransomware groups claimed that they successfully targeted 4191 victims in 2023, Cybernews researchers report. of attacks in 2023), while summer was the most active for ransomware attacks (30.4%). The top 10 groups, based on the number of victims, collectively account for 59% of the total victims in 2023.

Ransomware 140

Ransomware Manufacturing Retail Insurance 140

Security Affairs

FEBRUARY 13, 2024

Maintainers behind the Ransomfeed platform have released Q3 Report 2023 including activities of 185 criminal groups operating worldwide. This report offers an exhaustive account of ransomware threats in the third quarter of 2023, spotlighting activities monitored by the OSINT Ransomfeed platform.

Ransomware 131

Ransomware Data collection Hacking Accountability 131

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Spyware 131

Spyware Surveillance Software Hacking 131

Security Affairs

MAY 24, 2024

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked as CVE-2024-4835 , that allows attackers to take over user accounts. The flaw can be exploited to hijack an account without any interaction.

Accountability 138

Accountability Passwords Hacking Cybersecurity 138

Security Affairs

APRIL 28, 2025

The experts noted that this campaign resembled another one the team monitored in December 2023, which sent fake security alerts to WordPress users. The emails warned of a supposed ‘Remote Code Execution (RCE)’ vulnerability, CVE-2023-45124, and urged users to install a fake patch allegedly from the WordPress team.

Phishing 88

Phishing Accountability DDOS Hacking 88

Security Affairs

NOVEMBER 29, 2023

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. On Thursday, October 19, Okta advised customers of a security incident.

Social Engineering 129

Social Engineering Authentication Accountability Engineering 129

Security Affairs

NOVEMBER 15, 2024

In August 2023 the married couple from New York pleaded guilty to money laundering charges in connection with the hack of the cryptocurrency stock exchange Bitfinex in 2016. The hackers stole 120,000 Bitcoin, and the Bitcoin value significantly dropped after the discovery of the security breach. Law enforcement also seized over $3.6

Cryptocurrency 104

Cryptocurrency Hacking Government Accountability 104

Security Affairs

OCTOBER 20, 2023

More than 40,000 Cisco IOS XE devices have been compromised in attacks exploiting recently disclosed critical vulnerability CVE-2023-20198. Whatever you were thinking about CVE-2023-20198 ( #Cisco IOS EX) it's 100x worst. The attacker can then use that account to gain control of the affected system.”

Hacking 134

Hacking Internet Internet Accountability 134

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. In 2023, OmniVision employed 2,200 people and had an annual revenue of $1.4 In 2023, the imaging sensors manufacturer was the victim of a Cactus ransomware attack. OmniVision Technologies Inc.

Data breaches 132

Data breaches Ransomware Manufacturing Encryption 132

Security Affairs

SEPTEMBER 18, 2023

Software development company Retool was the victim of a smishing attack that resulted in the compromise of 27 accounts of its cloud customers. Software development company Retool revealed that 27 accounts of its cloud customers were compromised as a result of an SMS-based social engineering attack.

Accountability 135

Accountability Social Engineering Authentication VPN 135

Security Affairs

JANUARY 14, 2025

Threat actors gained unauthorized access to network devices, created accounts, and modified configurations. In the next phase (starting Dec 4, 2024), attackers targeted SSL VPN access by creating super admin accounts or hijacking existing ones. They added new local accounts to VPN groups or directly to SSL VPN portals.

Firewall 80

Firewall VPN Accountability Firmware 80

SecureList

FEBRUARY 20, 2025

The number of high-severity incidents decreased by 34% compared to 2023. Human-driven targeted attacks accounted for 43% of high-severity incidents 74% more than in 2023 and 43% more than in 2022. Users are still the weakest link, making Security Awareness training an important focus for corporate information security planning.

Social Engineering 101

Social Engineering Phishing Government Threat Detection 101

Security Affairs

JANUARY 3, 2025

Richmond University Medical Center has confirmed that a ransomware attack in May 2023 affected 670,000 individuals. New York’s Richmond University Medical Center confirmed a May 2023 ransomware attack impacted 674,033 individuals. In May 2023, RUMC suffered a ransomware attack that caused a multi-week disruption.

Data breaches 74

Data breaches Ransomware Insurance Healthcare 74

Krebs on Security

APRIL 27, 2023

Until being contacted by this reporter on Monday, the state of Vermont had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance program that exposed the applicant’s full name, Social Security number, address, phone number, email, and bank account number.

Banking 342

Banking Government Information Security Authentication 342

Security Affairs

OCTOBER 17, 2023

Threat actors exploited the recently disclosed zero-day flaw (CVE-2023-20198) in a large-scale hacking campaign on Cisco IOS XE devices. Threat actors have exploited the recently disclosed critical zero-day vulnerability ( CVE-2023-20198 ) to compromise thousands of Cisco IOS XE devices, security firm VulnCheck warns.

Internet 130

Internet Internet Hacking Accountability 130

SecureWorld News

NOVEMBER 14, 2024

Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data. As of the first three quarters of 2024, there were already 264 ransomware incidents affecting healthcare providers—nearly matching all of 2023's figures.

Healthcare 119

Healthcare Ransomware Identity Theft Data breaches 119

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. I have fixed your RIPE admin account security.

Internet 129

Internet Internet Accountability Passwords 129

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. and “Check bookmarks when you get account back.”

Accountability 134

Accountability Hacking Cryptocurrency Cybersecurity 134

Security Affairs

OCTOBER 11, 2024

OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and China-linked actors used ChatGPT for planning ICS attacks. These scripts sometimes leveraged publicly available pentesting tools and security services to programmatically find vulnerable infrastructure.” ” reads the OpenAI’s report.

Malware 134

Malware Social Engineering Engineering Hacking 134

Joseph Steinberg

JANUARY 4, 2023

The term Zero Trust refers to a concept, an approach to information security that dramatically deviates from the common approach of yesteryear; Zero Trust states that no request for service is trusted, even if it is issued by a device owned by the resource’s owner, and is made from an internal, private network belonging to the same party.

Architecture 361

Architecture Artificial Intelligence Encryption Cybersecurity 361

Security Affairs

JANUARY 16, 2025

The law firm Wolf Haldenstein disclosed a data breach that exposed the personal information of nearly 3.5 The law firm Wolf Haldenstein disclosed a 2023 data breach that exposed the personal information of nearly 3.5 “On December 13, 2023, Wolf Haldenstein detected suspicious activity in its network environment.

Data breaches 94

Data breaches Identity Theft Consumer Protection Data collection 94

Security Affairs

MAY 2, 2025

TikTok disagrees with the decision and plan to appeal in full, arguing that the decision ignores its 12B Project Clover data protections launched in 2023. “The decision fails to fully consider Project Clover, our 12 billion industry-leading data security initiative that includes some of the most stringent data protections anywhere.

Accountability 82

Accountability Hacking Risk Cybersecurity 82

Security Affairs

APRIL 29, 2024

Google announced that in 2023, they have prevented 2.28 This amazing result was possible thanks to the introduction of enhanced security features, policy updates, and advanced machine learning and app review processes. These efforts resulted in the ban of 333,000 accounts for confirmed malware and repeated severe policy breaches.

Accountability 121

Accountability Malware Hacking Risk 121

Security Affairs

OCTOBER 16, 2024

“All information related to the cybercriminal has already been handed over to the authorities. Among them, it was possible to identify tax registration, email addresses, registered domains, IP addresses, social media accounts, telephone number and city. The man used of the same email and phrases across social media and forums.

Data breaches 125

Data breaches Media Cybercrime Accountability 125