SecureList

JANUARY 18, 2023

The threat landscape is constantly updated through new malware and spyware, advanced phishing methods, and new social engineering techniques. Last year, the cybersecurity of corporations and government agencies was more significant than ever before, and will become even more so in 2023. These add up to 144 million annually.

Media 108

Media Social Engineering Ransomware Hacking 108

Security Affairs

MAY 26, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Fix it now!

Healthcare 97

Healthcare Spyware Data breaches Banking 97

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 84

Spyware Data breaches Hacking Ransomware 84

Security Affairs

SEPTEMBER 13, 2023

Mozilla rolled out security updates to address a critical zero-day vulnerability, tracked as CVE-2023-4863 , in Firefox and Thunderbird that has been actively exploited in the wild. The vulnerability CVE-2023-4863 was addressed with the release of Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1,

Spyware 118

Spyware Architecture Engineering Hacking 118

Security Affairs

SEPTEMBER 17, 2023

Financial Company Geolocating a Traveler via OSINT techniques Telegram Hit by a DDoS Attack: What Is the Cause Behind It?

Spyware 91

Spyware DDOS Cybercrime Ransomware 91

Security Affairs

APRIL 2, 2023

LockBit leaks data stolen from the South Korean National Tax Service Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin Cyber Police of Ukraine (..)

Spyware 83

Spyware Surveillance Artificial Intelligence Data breaches 83

Security Affairs

DECEMBER 28, 2023

Researchers from the Russian cybersecurity firm Kaspersky discovered that threat actors behind the Operation Triangulation exploited an undocumented hardware feature to target Apple iOS devices. The spyware is directly deployed in memory, but if the victim reboots the device the malware doesn’t persist.

Spyware 118

Spyware Firmware Mobile Malware 118

Security Affairs

JANUARY 21, 2024

Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMware zero-day since 2021 Ransomware attacks break records in 2023: the number of victims rose by 128% U.S.

Artificial Intelligence 94

Artificial Intelligence VPN Hacking Firewall 94

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 89

Spyware Surveillance Identity Theft DDOS 89

Security Affairs

JULY 15, 2023

Government agencies SonicWall urges organizations to fix critical flaws in GMS/Analytics products Citrix fixed a critical flaw in Secure Access Client for Ubuntu Cl0p hacker operating from Russia-Ukraine war front line – exclusive Fortinet fixed a critical flaw in FortiOS and FortiProxy Microsoft mitigated an attack by Chinese threat actor Storm-0558 (..)

Spyware 89

Spyware Hacking Data breaches Mobile 89

Security Affairs

DECEMBER 2, 2023

Researchers devised an attack technique to extract ChatGPT training data Fortune-telling website WeMystic exposes 13M+ user records Expert warns of Turtle macOS ransomware US govt sanctioned North Korea-linked APT Kimsuky Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022 Apple addressed 2 new (..)

Ransomware 93

Ransomware Hacking Spyware Cybercrime 93

Security Affairs

SEPTEMBER 3, 2023

This Is What Will Change When You Sign On Growing use of AI in cybersecurity reveals new possibilities Are Software Updates Useless Against Advanced Persistent Threats? Hacks QakBot, Quietly Removes Botnet Infections Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs Why is.US Being Used to Phish So Many of Us?

Social Engineering 103

Social Engineering Spyware Data breaches Surveillance 103

Security Affairs

APRIL 28, 2024

Hackers may have accessed thousands of accounts on the California state welfare platform Brokewell Android malware supports an extensive set of Device Takeover capabilities Experts warn of an ongoing malware campaign targeting WP-Automatic plugin Cryptocurrencies and cybercrime: A critical intermingling Kaiser Permanente data breach may have impacted (..)

Cybercrime 93

Cybercrime Spyware Data breaches Antivirus 93

Security Affairs

APRIL 8, 2023

The CVE-2023-26083 flaw in the Arm Mali GPU driver is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report. CISA orders federal agencies to fix this flaw by April 28, 2023.

Backups 79

Backups Spyware Ransomware Education 79

Security Affairs

JUNE 25, 2023

Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition appeared first on Security Affairs.

DDOS 87

DDOS Cybercrime Spyware Malware 87

Security Affairs

APRIL 18, 2023

A new report from Citizen Lab states that the Israeli surveillance firm NSO Group used at least three zero-click zero-day exploits to deliver its Pegasus spyware. “These indicator overlaps allow us to attribute the 2022 zero-click chains to NSO Group’s Pegasus spyware with high confidence. ” reads the report. and 14.4.2,

Spyware 85

Spyware Surveillance Education Risk 85

Security Affairs

NOVEMBER 5, 2023

Kinsing threat actors probed the Looney Tunables flaws in recent attacks ZDI discloses four zero-day flaws in Microsoft Exchange Okta customer support system breach impacted 134 customers Multiple WhatsApp mods spotted containing the CanesSpy Spyware Russian FSB arrested Russian hackers who supported Ukrainian cyber operations MuddyWater has been spotted (..)

Cyber Insurance 98

Cyber Insurance Cryptocurrency Internet Internet 98

Security Affairs

OCTOBER 1, 2023

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server Child abuse site taken down, organized child exploitation crime suspected – exclusive A still unpatched zero-day RCE impacts more than 3.5M

Artificial Intelligence 97

Artificial Intelligence Firmware Data breaches Hacking 97

Security Affairs

JUNE 17, 2023

Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9 Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9

Data breaches 86

Data breaches DDOS Backups Firewall 86

Security Affairs

JUNE 11, 2023

Gox exchange and operating BTC-e Japanese Pharmaceutical giant Eisai hit by a ransomware attack Clop ransomware gang was testing MOVEit Transfer bug since 2021 Stealth Soldier backdoor used is targeted espionage attacks in Libya Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue Experts detail a new Kimsuky (..)

Social Engineering 88

Social Engineering Data breaches Ransomware Cybercrime 88

Security Affairs

SEPTEMBER 10, 2023

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital North Korea-linked threat actors target cybersecurity experts with a zero-day Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks Nation-state actors (..)

DDOS 102

DDOS VPN Data breaches Cybercrime 102

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware 71

Spyware Ransomware Malware Data breaches 71

Security Affairs

MARCH 24, 2024

Cybersecurity US holds conference on military AI use with dozens of allies to determine ‘responsible’ use DFSA’s Cyber Risk Management Guidelines: A Blueprint for Cyber Resilience?

Malware 96

Malware Cybercrime Hacking Cyber threats 96

Security Affairs

SEPTEMBER 24, 2023

0-days exploited by commercial surveillance vendor in Egypt PREDATOR IN THE WIRES OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes Cybersecurity Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?

Cyber Attacks 81

Cyber Attacks Firewall Data breaches Telecommunications 81

Security Affairs

NOVEMBER 11, 2023

Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams How a ‘Refund Fraud’ Gang Stole $700,000 From Amazon Info from 5.6 Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams How a ‘Refund Fraud’ Gang Stole $700,000 From Amazon Info from 5.6

DDOS 102

DDOS Data breaches Ransomware Marketing 102

Security Affairs

JULY 23, 2023

Multiple DDoS botnets were observed targeting Zyxel devices CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices Experts believe North Korea behind JumpCloud supply chain attack Nice Suzuki, sport: shame dealer left your data up for grabs Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group ALPHV/BlackCat and (..)

DDOS 88

DDOS Hacking Spyware Surveillance 88

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 93

Data breaches Malware Mobile Spyware 93

Security Affairs

APRIL 4, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926 , to its Known Exploited Vulnerabilities Catalog. CISA orders federal agencies to fix this flaw by April 24, 2023. The CVE-2022-27926 flaw affects Zimbra Collaboration version 9.0.0,

Phishing 90

Phishing Spyware Government Passwords 90

Security Affairs

NOVEMBER 15, 2023

The data was first indexed by IoT devices on March 8th, 2023. Cybersecurity neglect endangers gamblers Failure to properly set authentication poses significant risks, as merely knowing the website’s domain is enough for an attacker to access user data. User security log.

Passwords 99

Passwords Identity Theft Social Engineering Spyware 99

Security Affairs

MAY 23, 2023

On March 2023, researchers from Kaspersky spotted a previously unknown APT group, tracked as Bad Magic (aka Red Stinger), that targeted organizations in the region of the Russo-Ukrainian conflict. The attackers were observed using PowerMagic and CommonMagic implants. ” We are in the final!

Malware 76

Malware Spyware Encryption Phishing 76