Security Affairs

JANUARY 24, 2024

Researchers with cybersecurity firm Horizon3’s Attack Team published technical details of the recently disclosed vulnerability CVE-2024-0204 impacting Fortra GoAnywhere MFT. The security experts also published a proof-of-concept (PoC) exploit that allows the creation of new admin users on vulnerable instances exposed online.

Authentication 118

Authentication Hacking Engineering Encryption 118

Security Affairs

JANUARY 10, 2024

Threat actors hacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish the fake news on the Bitcoin ETF approval. Hackers hijacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish fake news on the Bitcoin ETF approval. ” Gensler wrote.

Accountability 112

Accountability Hacking Cryptocurrency Surveillance 112

Security Affairs

APRIL 28, 2024

The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker.

Firewall 111

Firewall Authentication Architecture Backups 111

Security Affairs

APRIL 29, 2024

The agency discovered the unauthorized access on February 26, 2024 and immediately took steps to secure the impacted infrastructure and launched an investigation with the help of third-party forensics experts. The organization discovered that the unauthorized access occurred between February 14 and February 26, 2024.

Data breaches 112

Data breaches Hacking Accountability Cybercrime 112

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. ” reads the advisory published by Okta. ” continues the advisory.

VPN 115

VPN Accountability Firewall Data breaches 115

Security Affairs

APRIL 15, 2024

The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attack. Then they used the access to download a set of MFA SMS message logs belonging to customers’ Duo accounts. date and time of the message, type of message, etc.).”

Data breaches 121

Data breaches Social Engineering Engineering Authentication 121

Security Affairs

APRIL 19, 2024

The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks. ” reads a post published by the organization on Medium.

Cyber Attacks 117

Cyber Attacks VPN Authentication Hacking 117

Security Affairs

MARCH 24, 2024

surfaces in the threat landscape Pokemon Company resets some users’ passwords Ukraine cyber police arrested crooks selling 100 million compromised accounts New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon? Players hacked during the matches of Apex Legends Global Series.

Malware 105

Malware Cybercrime Hacking Cyber threats 105

Security Affairs

MAY 7, 2024

MITRE published more details on the recent security breach, including a timeline of the attack and attribution evidence. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks. On January 4, 2024, the threat actors conducted a reconnaissance on NERVE environment.

Malware 100

Malware Hacking Accountability Authentication 100

Security Affairs

FEBRUARY 23, 2024

Tangerine suffered a data breach that exposed the personal information of roughly 230,000 individuals. The security breach occurred on Sunday 18 February 2024, but Tangerine management became aware of the incident on Tuesday 20 February 2024. Access to the affected legacy database has also been closed.”continues

Data breaches 99

Data breaches Telecommunications Banking Mobile 99

Security Affairs

MAY 1, 2024

The company discovered the security breach on March 10, 2024, the attack impacted some corporate systems. Panda Restaurant Group took immediate action to respond to the incident by securing its infrastructure and investigate the scope of the security breach with the help of third-party cybersecurity specialists.

Data breaches 118

Data breaches Identity Theft Hacking Accountability 118

Security Affairs

FEBRUARY 25, 2024

The attack is limited to my personal accounts, and has nothing to do with validation or operations of the Ronin chain. The attack is limited to my personal accounts, and has nothing to do with validation or operations of the Ronin chain. This has been a tough morning for me. Two of my addresses have been compromised. In April, the U.S.

Cryptocurrency 112

Cryptocurrency Accountability Media Hacking 112

Security Affairs

MAY 2, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2023-7028 (CVSS score: 10.0), is an account takeover via Password Reset. prior to 16.1.6, prior to 16.2.9,

Passwords 117

Passwords Accountability Hacking Risk 117

Security Affairs

FEBRUARY 1, 2024

For the first time since its establishment, CISA is ordering federal agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. The CISA’s emergency directive orders to disconnect all instances no later than 11:59PM on Friday February 2, 2024. x) and Policy Secure (9.x,

VPN 108

VPN Authentication Software Malware 108

Security Affairs

FEBRUARY 27, 2024

Multiple threat actors have started exploiting the recently disclosed vulnerabilities , tracked as CVE-2024-1709 (CVSS score of 10) and CVE-2024-1708 (CVSS score of 8.4), in the ConnectWise ScreenConnect software.

Ransomware 121

Ransomware Malware Software Authentication 121

Security Affairs

FEBRUARY 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a ConnectWise ScreenConnect vulnerability, tracked as CVE-2024-1709 , to its Known Exploited Vulnerabilities (KEV) catalog. CISA orders federal agencies to fix these vulnerabilities by February 29, 2024. The issues impact ScreenConnect 23.9.7 ” said Sophos.

Authentication 110

Authentication Cybersecurity Hacking Accountability 110

Security Affairs

APRIL 16, 2024

Cisco Talos researchers warn of large-scale credential brute-force attacks targeting multiple targets, including Virtual Private Network (VPN) services, web application authentication interfaces and SSH services since at least March 18, 2024.

VPN 127

VPN Firewall Authentication Hacking 127

Security Affairs

MAY 13, 2024

“It is important to note that our systems are secure. We already have robust security processes in place for any account access changes, which will require you to confirm your identity using either Biometrics or Two Factor Authentication.” ” continues the notice.

Data breaches 62

Data breaches Cyber Attacks Identity Theft Banking 62

Security Affairs

APRIL 9, 2024

“An error in the account handler lets an attacker skip the PIN verification entirely and create a privileged user profile.” . “WebOS runs a service on ports 3000/3001 (HTTP/HTTPS/WSS) which is used by the LG ThinkQ smartphone app to control the TV. ” reads the advisory. running on OLED55CXPUA webOS 6.3.3-442

Hacking 128

Hacking Internet Internet Authentication 128

Security Affairs

FEBRUARY 1, 2024

Once hijacked a SIM, the attacker can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones. ” reads the press release published by DoJ.

Cryptocurrency 113

Cryptocurrency Computers and Electronics Accountability Scams 113

Security Affairs

APRIL 14, 2024

Crooks manipulate GitHub’s search results to distribute malware BatBadBut flaw allowed an attacker to perform command injection on Windows Roku disclosed a new security breach impacting 576,000 accounts LastPass employee targeted via an audio deepfake call TA547 targets German organizations with Rhadamanthys malware CISA adds D-Link multiple (..)

Data breaches 109

Data breaches Social Engineering Malware Hacking 109

Security Affairs

JANUARY 28, 2024

Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center Participants earned more than $1.3M

Artificial Intelligence 101

Artificial Intelligence Hacking Malware Cyber Attacks 101

Security Affairs

JANUARY 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

VPN 113

VPN Cybercrime Ransomware Hacking 113

Security Affairs

JANUARY 31, 2024

Larsen pointed out that the hackers compromised his personal XRP accounts, while the @Ripple was not impacted. Yesterday, there was unauthorized access to a few of my personal XRP accounts (not @Ripple ) – we were quickly able to catch the problem and notify exchanges to freeze the affected addresses.

Hacking 111

Hacking Accountability Cryptocurrency Cybercrime 111

Thales Cloud Protection & Licensing

APRIL 29, 2024

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders madhav Tue, 04/30/2024 - 05:32 Trust is the currency of the digital economy. The Thales 2024 Trust Index report indicates that 87% of consumers expect vendors to respect their digital rights, which leads to trusted relationships. Like DORA, PCI DSS 4.0

Risk 71

Risk Manufacturing Digital transformation Cybersecurity 71

Security Affairs

FEBRUARY 4, 2024

Notably, per additional context acquired from the actor, the majority of exposed accounts on the Dark Web didn’t have 2FA enabled. Notably, the timestamps visible on the shared screenshots by the actor illustrate successful unauthorized access with sessions dated Feb 3, 2024 (post-incident disclosure).

Scams 130

Scams Passwords Phishing Accountability 130

Security Affairs

MARCH 30, 2024

In March 2024, more than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached forum, vx-underground researchers reported. No information is available to indicate whether it is a 3rd party compromise, or which 'division' this data is from. million former account holders.”

Data breaches 137

Data breaches Telecommunications Cybercrime Hacking 137

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 92

Spyware Data breaches Hacking Ransomware 92

Security Affairs

MARCH 17, 2024

France Travail data breach impacted 43 Million people Scranton School District in Pennsylvania suffered a ransomware attack Lazarus APT group returned to Tornado Cash to launder stolen funds Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case UK Defence Secretary jet hit by an electronic warfare attack in Poland Cisco (..)

Data breaches 111

Data breaches Computers and Electronics Cybercrime Ransomware 111

Security Affairs

APRIL 7, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 107

Data breaches Small Business Hacking Malware 107

Security Affairs

MARCH 1, 2024

The Five Eyes intelligence alliance issued a joint cybersecurity advisory warning of threat actors exploiting known vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. x and Ivanti Policy Secure. The second vulnerability, tracked as CVE-2024-21887 (CVSS score 9.1) x) and Ivanti Policy Secure.

Authentication 82

Authentication Cyber threats VPN Government 82

Security Boulevard

APRIL 29, 2024

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders madhav Tue, 04/30/2024 - 05:32 Trust is the currency of the digital economy. The Thales 2024 Trust Index report indicates that 87% of consumers expect vendors to respect their digital rights, which leads to trusted relationships. Like DORA, PCI DSS 4.0

Risk 72

Risk Manufacturing Cybersecurity Digital transformation 72

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. x and Ivanti Policy Secure. The second flaw, tracked as CVE-2024-21887 (CVSS score 9.1) is a command injection vulnerability in web components of Ivanti Connect Secure (9.x,

VPN 97

VPN Malware Authentication Small Business 97

Krebs on Security

MARCH 12, 2024

Last week, Apple pushed out an urgent software update to its flagship iOS platform, warning that there were at least two zero-day exploits for vulnerabilities being used in the wild (CVE-2024-23225 and CVE-2024-23296). The security updates are available in iOS 17.4 , iPadOS 17.4 , and iOS 16.7.6. CVE-2024-21435 is a CVSS 8.8

Authentication 235

Authentication Engineering Accountability Internet 235

Security Boulevard

JANUARY 18, 2024

So, let’s explore what 2024 and beyond has in store for all of us in the digital world. This demand leads to the development of cybersecurity predictions which must take into account underlying drivers of the attackers, defenders, and technology where the battles will play out. 2024 Cybersecurity Predictions 1. In 2024: 1.

Risk 115

Risk Cybersecurity CISO Technology 115

Security Affairs

JANUARY 22, 2024

“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” the researchers said. billion records – only 12% of the supermassive MOAB of 2024.

Identity Theft 131

Identity Theft Data breaches Accountability Phishing 131

Security Affairs

APRIL 4, 2024

. “While the investigation remains ongoing, the impacted personal information identified thus far varies by individual but may have included name, contact information (e.g., email address, phone number), date of birth, social security number, driver’s license or other government identification, financial details (e.g.,

Data breaches 104

Data breaches Identity Theft Insurance Banking 104