Security Affairs

FEBRUARY 20, 2024

Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The IT giant addressed the issue with the release of Patch Tuesday security updates for February 2024. Count of possibly vulnerable instances on 2024-02-17: 68.5K

Authentication 127

Authentication Internet Internet Ransomware 127

Security Affairs

JANUARY 9, 2024

Microsoft Patch Tuesday security updates for January 2024 addressed a total of 49 flaws, including two critical vulnerabilities. The critical vulnerabilities are: CVE-2024-20700 – Windows Hyper-V Remote Code Execution Vulnerability. CVE-2024-20674 – Windows Kerberos Security Feature Bypass Vulnerability.

Authentication 119

Authentication Internet Internet Hacking 119

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. I have fixed your RIPE admin account security.

Internet 115

Internet Internet Accountability Passwords 115

Security Affairs

APRIL 7, 2024

A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as , tracked as CVE-2024-3273 , that impacts multiple end-of-life D-Link Network Attached Storage (NAS) device models. This trick allows attackers to obtain bypass authentication. .”

Internet 135

Internet Internet DNS Hacking 135

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. “Around 45,000 Microsoft Exchange servers in Germany can currently be accessed from the Internet without restrictions. In February 2024, the U.S.

Information Security 115

Information Security Internet Internet Healthcare 115

Security Affairs

FEBRUARY 15, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the following two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-21412 Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability CVE-2024-21351 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability This week.

Internet 115

Internet Internet Information Security Hacking 115

BH Consulting

MARCH 21, 2024

Returning to the healthcare space, the Irish Pharmacy Union has a guide to avoiding ransomware, produced by BH Consulting’s information security consultant Brendan Mooney. MORE The FBI’s internet crime report shows email scams making way for crypto fraud. MORE Jane Frankland argues that making CISOs into heroes isn’t helpful.

Cyber threats 69

Cyber threats Ransomware Healthcare Risk 69

Security Affairs

MARCH 14, 2024

Researchers recently uncovered a DarkGate campaign in mid-January 2024, which exploited Microsoft zero-day vulnerability. Researchers at the Zero Day Initiative (ZDI) recently uncovered a DarkGate campaign in mid-January 2024, which exploited the Windows zero-day flaw CVE-2024-21412 using fake software installers.

Phishing 110

Phishing Malware Software Internet 110

Krebs on Security

DECEMBER 6, 2023

ICANN made the policy change in response to the General Data Protection Regulation (GDPR), a law enacted by the European Parliament that requires companies to gain affirmative consent for any personal information they collect on people within the European Union.

Phishing 226

Phishing Internet Internet Scams 226

Security Affairs

MARCH 28, 2024

Below are the most severe issues addressed by the company: CVE-2024-20311 (CVSS score 8.6) – A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software. CVE-2024-20259 (CVSS score 8.6) – A vulnerability in the DHCP snooping feature of Cisco IOS XE Software.

Software 119

Software Wireless DNS Internet 119

Security Affairs

FEBRUARY 5, 2024

The Ivanti SSRF vulnerability tracked as CVE-2024-21893 is actively exploited in attacks in the wild by multiple threat actors. The Ivanti Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2024-21893 , is currently being actively exploited in real-world attacks by various threat actors. x), Policy Secure (9.x,

Software 106

Software Authentication Internet Internet 106

Security Affairs

APRIL 9, 2024

.” The researchers pointed out that despite the vulnerable service is intended for LAN access only, querying Shodan they identified over 91,000 devices that expose the service to the Internet. Most of the Internet-facing devices are in South Korea, Hong Kong, the U.S., Sweden, and Finland. running on OLED55CXPUA webOS 6.3.3-442

Hacking 128

Hacking Internet Internet Authentication 128

Security Affairs

MAY 3, 2024

“Apart from the EdgeRouter devices, we also found compromised Raspberry Pi and other internet-facing devices in the botnet. This second botnet exhibits greater discretion and improved operational security, as the associated malware operates exclusively in memory, leaving no malicious files on the disk.

Phishing 102

Phishing Cryptocurrency Internet Internet 102

Security Affairs

FEBRUARY 9, 2024

Ivanti warns customers of a new authentication bypass vulnerability in its Connect Secure, Policy Secure, and ZTA gateway devices. “An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, x), Ivanti Policy Secure (9.x, x), Ivanti Policy Secure (9.x,

Authentication 106

Authentication Software Internet Internet 106

Security Affairs

JANUARY 3, 2024

The company launched an investigation into the incident with the help of the Korean National Police Agency and Korea Internet & Security Agency (KISA). Further information regarding the issue will be updated. We are actively investigating this issue.

Cryptocurrency 129

Cryptocurrency Internet Internet Cybercrime 129

Security Affairs

MAY 8, 2024

A critical Remote Code Execution vulnerability in the Tinyproxy service potentially impacted 50,000 Internet-Exposing hosts. The vulnerability impacts over 90,000 hosts that expose a Tinyproxy service on the internet. and Tinyproxy 1.10.0. The issue is tracked as CVE-2023-49606 and received a CVSS score of 9.8.

Internet 110

Internet Internet Authentication Passwords 110

Security Affairs

MARCH 8, 2024

The three flaws fixed are: CVE-2024-21899 : an improper authentication vulnerability could allow users to compromise the security of the system via a network. CVE-2024-21900 : an injection vulnerability could allow authenticated users to execute commands via a network. x QTS 5.1.3.2578 build 20231110 and later QTS 4.5.x

Authentication 123

Authentication Hacking Internet Internet 123

Security Affairs

MARCH 21, 2024

Threat actors without a valid TLS client certificate enrolled through EPMM cannot directly exploit this issue on the Internet.” The advisory provides details about the exploitation in the wild of Connect Secure and Policy Secure vulnerabilities CVE-2023-46805 , CVE-2024-21887 , and CVE-2024-21893.

Authentication 114

Authentication Internet Internet Hacking 114

Security Affairs

JANUARY 18, 2024

CVE-2024-0519 – Google Chromium V8 Out-of-Bounds Memory Access Vulnerability. This week Citrix warned customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, impacting Netscaler ADC and Gateway appliances.

Authentication 120

Authentication VPN Software Engineering 120

Security Affairs

MAY 7, 2024

MITRE published more details on the recent security breach, including a timeline of the attack and attribution evidence. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks. On January 4, 2024, the threat actors conducted a reconnaissance on NERVE environment.

Malware 100

Malware Hacking Accountability Authentication 100

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. ” reads the announcement published by NCSC.

Passwords 111

Passwords Manufacturing Telecommunications Cyber Attacks 111

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 92

Spyware Data breaches Hacking Ransomware 92

Security Affairs

MARCH 24, 2024

surfaces in the threat landscape Pokemon Company resets some users’ passwords Ukraine cyber police arrested crooks selling 100 million compromised accounts New AcidPour wiper targets Linux x86 devices.

Malware 105

Malware Cybercrime Hacking Cyber threats 105

Security Affairs

APRIL 1, 2024

Details here: [link] pic.twitter.com/jPzTZstIEL — OWASP® Foundation (@owasp) April 1, 2024 The OWASP (Open Web Application Security Project) Foundation is a nonprofit organization focused on improving the security of software. Nothing needs to be done if the information at risk is outdated. What do I need to do?

Data breaches 128

Data breaches Mobile Software Media 128

Malwarebytes

FEBRUARY 12, 2024

Today on the Lock and Code podcast … If your IT and security teams think malware is bad, wait until they learn about everything else. But not every organization has that at hand. What, then, are IT-constrained businesses to do? ThreatDown can help.

Malware 75

Malware Ransomware Antivirus Information Security 75

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN 113

VPN Cybercrime Ransomware Hacking 113

Security Affairs

FEBRUARY 4, 2024

pic.twitter.com/4Smx7S3POj — Lurie Children's (@LurieChildrens) February 2, 2024 “Lurie Children’s is actively responding to a cybersecurity matter. ” Lurie confirmed that the attack disrupted the hospital’s access to the internet, email, phone services, and the MyChat platform.

Cyber Attacks 120

Cyber Attacks Healthcare Internet Internet 120

Security Affairs

JANUARY 24, 2024

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028 , a zero-click account takeover flaw GitLab warned about earlier this month. We are sharing instances vulnerable to CVE-2023-7028 (Account Takeover via Password Reset without user interactions) – 5379 instances found worldwide (on 2024-01-23).

Accountability 133

Accountability Passwords Internet Internet 133

Security Affairs

MARCH 26, 2024

TheMoon variant discovered by the Black Lotus Labs team was observed targeting over 40,000 bots from 88 countries in January and February of 2024. The researchers believe that the malware connects the NTP to verify the infected device’s internet connection and confirm it is not operating within a sandbox environment.

IoT 126

IoT Cybercrime Internet Internet 126

Security Affairs

APRIL 16, 2024

The chipmaker has 14,000 employees as of 2024. Gb - NDA The group published a set of files as proof of the security breach and threatens leak all the stolen data if the victim will not pay the ransom. The chipmaker confirmed it became aware of the unauthorized access to certain Nexperia IT servers in March 2024. pst files - 1.5

Ransomware 115

Ransomware Manufacturing Hacking Insurance 115

The Last Watchdog

MAY 3, 2024

SAN FRANCISCO — On the eve of what promises to be a news-packed RSA Conference 2024 , opening here on Monday, Microsoft is putting its money where its mouth is. Initially, TC was about setting a security baseline within the fabric of software development during the internet’s formative years.

Software 100

Software Engineering Internet Internet 100

Security Affairs

APRIL 14, 2024

Crooks manipulate GitHub’s search results to distribute malware BatBadBut flaw allowed an attacker to perform command injection on Windows Roku disclosed a new security breach impacting 576,000 accounts LastPass employee targeted via an audio deepfake call TA547 targets German organizations with Rhadamanthys malware CISA adds D-Link multiple (..)

Data breaches 109

Data breaches Social Engineering Malware Hacking 109

Security Affairs

FEBRUARY 18, 2024

Cybersecurity firm ESET has addressed a high-severity elevation of privilege vulnerability in its Windows security solution. ESET addressed a high-severity vulnerability, tracked as CVE-2024-0353 (CVSS score 7.8), in its Windows products. and earlier ESET Endpoint Antivirus for Windows and Endpoint Security for Windows 10.1.2058.0,

Antivirus 137

Antivirus Internet Internet Cybersecurity 137

Security Affairs

MARCH 11, 2024

The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. A financially motivated threat actor named Magnet Goblin made the headlines for rapidly adopting and exploiting 1-day vulnerabilities, CheckPoint warned.

Malware 106

Malware VPN Encryption Hacking 106

Security Affairs

MARCH 30, 2024

In March 2024, more than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached forum, vx-underground researchers reported. No information is available to indicate whether it is a 3rd party compromise, or which 'division' this data is from.

Data breaches 137

Data breaches Telecommunications Cybercrime Hacking 137

Security Affairs

MARCH 2, 2024

US CISA, the FBI, and MS-ISAC issued a joint CSA to warn of attacks involving Phobos ransomware variants observed as recently as February 2024 US CISA, the FBI, and MS-ISAC issued a joint cyber security advisory (CSA) to warn of attacks involving Phobos ransomware variants such as Backmydata , Devos, Eight, Elking, and Faust.

Ransomware 128

Ransomware Backups Healthcare Firewall 128

SecureWorld News

MAY 7, 2024

According to a new joint cybersecurity alert , the hacktivists have been observed gaining remote access to small-scale industrial control systems used in water/wastewater, dams, energy, and food and agriculture by exploiting internet-exposed human-machine interfaces (HMIs) and using default or weak passwords.

Passwords 79

Passwords Manufacturing Technology Authentication 79